|
Log-Analyse und Auswertung: Maleware Sammlung bei Kontrolle der installierten Software unter Windows/Programme entdeckt!Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
22.04.2014, 14:32 | #1 |
| Maleware Sammlung bei Kontrolle der installierten Software unter Windows/Programme entdeckt! Hallo ihr Lieben! Ich bräuchte wieder mal Eure Hilfe, ich bin wohl trotz ein paar Aktionen noch ganz schön verseucht. Begonnen hat alles damit, das ich ein paar Windows Update's nicht installieren konnte, und während ich mir das angeschaut habe (Problem noch immer nicht gelöst!), habe ich mir auch gleich die installierten Programme durch gesehen. Da entdeckte ich dann zu meinem Entsetzen so Tools wie: 'bundled software installer', 'Copy TransSuite', 'Plus-HD 3.8' und 'win dealist', sowie auch ein paar anscheinend ungefährliche Programme die aber auch keiner braucht. Ich hab mal alle dies Programme deinstalliert. Das einzige, das sich nicht deinstallieren ließ, war 'Plus-HD 3.8'. Danach habe ich eine aktuelle Malewarebytes Version und das Adware-Removal-Tool-v3.8 drüber laufen lassen. Mit meinem Norton 360 habe ich erst jetzt mal angefangen, der läuft noch. 'Plus-HD 3.8' ist nun auch aus der Programmliste verschwunden. Ich habe keine Logfiles von Adware-Removal-Tool-v3.8! Der fand eine Menge und hat auch repariert wozu ein Neustart benötigt wurde, doch ich hab wohl in meiner leichten Panik vergessen zu speichern. Nun möchte ich doch um professionelle Hilfe bitten, da der Rechner ja noch langsam und sicher nicht sauber ist. Habe alles laut Anweisung durchgeführt. Erwähnenswert ist noch, das ich über den Bootloader Grub boote, da ich auch eine Linux version installiert habe (Open Suse 12.3) neben Windows 7 64bit. Ich habe den PC-Namen durch XYZ, den Admin-Namen durch XXX, und den Benutzer-Namen durch YYY ersetzt. Sorry - das mit den Sternen sah ich erst später und dann wäre aber eine so genaue Zuordnung zum Konto nicht möglich. Malewarebytes geht nur als Anhang! |
22.04.2014, 14:36 | #2 |
| Maleware Sammlung bei Kontrolle der installierten Software unter Windows/Programme entdeckt! Sorry! Diese ging überhaupt nur gezippt durch!
__________________ |
22.04.2014, 14:42 | #3 |
| Maleware Sammlung bei Kontrolle der installierten Software unter Windows/Programme entdeckt! defogger - der schien mir gar nicht zu scannen, war sofort fertig und die Frage nach dem enabeln von den Emulatoren hab ich mit 'x' weg geklickt. :
__________________defogger disable: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1) Log created at 13:38 on 22/04/2014 (XXX) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- FRIST: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-04-2014 Ran by XXX (administrator) on XYZ on 22-04-2014 13:42:49 Running from S:\Downloads\Downloads Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE (Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\N360.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Somoto LTD) C:\Program Files (x86)\Movies Toolbar\SafetyNut\SafetyNutManager.exe (Somoto LTD) C:\Program Files (x86)\Movies Toolbar\SafetyNut\SafetyNutManager.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe () C:\Program Files (x86)\Hardcopy\hcdll2_ex_x64.exe () C:\Program Files (x86)\Hardcopy\hcdll2_ex_Win32.exe (SlimWare Utilities, Inc.) C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe (Samsung) C:\Program Files (x86)\SEC\Natural Color Pro\NCProTray.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe (Somoto LTD) C:\Program Files (x86)\Movies Toolbar\SafetyNut\safetynut.exe (Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\N360.exe (Panda Security) C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe (Opera Software) C:\Users\YYY\AppData\Local\Programs\Opera\20.0.1387.91\opera.exe () C:\Users\YYY\AppData\Local\Programs\Opera\20.0.1387.91\opera_crashreporter.exe (Opera Software) C:\Users\YYY\AppData\Local\Programs\Opera\20.0.1387.91\opera.exe (Opera Software) C:\Users\YYY\AppData\Local\Programs\Opera\20.0.1387.91\opera.exe (Opera Software) C:\Users\YYY\AppData\Local\Programs\Opera\20.0.1387.91\opera.exe (Opera Software) C:\Users\YYY\AppData\Local\Programs\Opera\20.0.1387.91\opera.exe (Opera Software) C:\Users\YYY\AppData\Local\Programs\Opera\20.0.1387.91\opera.exe (Opera Software) C:\Users\YYY\AppData\Local\Programs\Opera\20.0.1387.91\opera.exe (Opera Software) C:\Users\YYY\AppData\Local\Programs\Opera\20.0.1387.91\opera.exe (Opera Software) C:\Users\YYY\AppData\Local\Programs\Opera\20.0.1387.91\opera.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Corel) C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-10-18] (NVIDIA Corporation) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1063200 2013-10-18] (NVIDIA Corporation) HKLM-x32\...\Run: [MultiScreen] => C:\Program Files (x86)\MultiScreen\MultiScreen.exe [114688 2008-02-22] () HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.) HKLM-x32\...\Run: [Standby] => C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe [105632 2010-03-19] (Corel) HKLM-x32\...\Run: [ITSecMng] => C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [83336 2009-07-22] (TOSHIBA CORPORATION) HKU\S-1-5-21-4142471697-1489570089-1756012542-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [759496 2014-01-17] (Sandboxie Holdings, LLC) HKU\S-1-5-21-4142471697-1489570089-1756012542-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.) HKU\S-1-5-21-4142471697-1489570089-1756012542-1001\...\Run: [SDP] => C:\Users\XXX\AppData\Local\FilesFrog Update Checker\update_checker.exe /auto HKU\S-1-5-21-4142471697-1489570089-1756012542-1001\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [456768 2013-10-19] (BillP Studios) HKU\S-1-5-21-4142471697-1489570089-1756012542-1001\...\Run: [FileHippo.com] => [X] IFEO\bitguard.exe: [Debugger] tasklist.exe IFEO\bprotect.exe: [Debugger] tasklist.exe IFEO\bpsvc.exe: [Debugger] tasklist.exe IFEO\browsemngr.exe: [Debugger] tasklist.exe IFEO\browserdefender.exe: [Debugger] tasklist.exe IFEO\browsermngr.exe: [Debugger] tasklist.exe IFEO\browserprotect.exe: [Debugger] tasklist.exe IFEO\browsersafeguard.exe: [Debugger] tasklist.exe IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe IFEO\cltmngsvc.exe: [Debugger] tasklist.exe IFEO\delta babylon.exe: [Debugger] tasklist.exe IFEO\delta tb.exe: [Debugger] tasklist.exe IFEO\delta2.exe: [Debugger] tasklist.exe IFEO\deltainstaller.exe: [Debugger] tasklist.exe IFEO\deltasetup.exe: [Debugger] tasklist.exe IFEO\deltatb.exe: [Debugger] tasklist.exe IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe IFEO\dprotectsvc.exe: [Debugger] tasklist.exe IFEO\iminentsetup.exe: [Debugger] tasklist.exe IFEO\jumpflip: [Debugger] tasklist.exe IFEO\protectedsearch.exe: [Debugger] tasklist.exe IFEO\rjatydimofu.exe: [Debugger] tasklist.exe IFEO\searchinstaller.exe: [Debugger] tasklist.exe IFEO\searchprotection.exe: [Debugger] tasklist.exe IFEO\searchprotector.exe: [Debugger] tasklist.exe IFEO\searchsettings.exe: [Debugger] tasklist.exe IFEO\searchsettings64.exe: [Debugger] tasklist.exe IFEO\snapdo.exe: [Debugger] tasklist.exe IFEO\stinst32.exe: [Debugger] tasklist.exe IFEO\stinst64.exe: [Debugger] tasklist.exe IFEO\sweetimsetup.exe: [Debugger] tasklist.exe IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe IFEO\umbrella.exe: [Debugger] tasklist.exe IFEO\utiljumpflip.exe: [Debugger] tasklist.exe IFEO\volaro: [Debugger] tasklist.exe IFEO\vonteera: [Debugger] tasklist.exe IFEO\websteroids.exe: [Debugger] tasklist.exe IFEO\websteroidsservice.exe: [Debugger] tasklist.exe Startup: C:\Users\YYY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk ShortcutTarget: EvernoteClipper.lnk -> C:\Users\XXX\AppData\Local\Apps\Evernote\Evernote\EvernoteClipper.exe (No File) Startup: C:\Users\YYY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) HKLM\...\AppCertDlls: [x86] -> C:\Program Files (x86)\Movies Toolbar\SafetyNut\safetycrt.dll [490504 2014-04-10] () HKLM\...\AppCertDlls: [x64] -> C:\Program Files (x86)\Movies Toolbar\SafetyNut\x64\safetycrt.dll [665096 2014-04-10] () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x1D9CD232E24ACE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = URLSearchHook: HKLM-x32 - Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.) URLSearchHook: HKCU - Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.) StartMenuInternet: IEXPLORE.EXE - C:\program files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKLM - {52db1893-8a90-4192-aede-08e00b8f8473} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=105&systemid=473&v=a11465-127&apn_uid=0571122272934287&apn_dtid=BND101&o=APN10640&apn_ptnrs=AG1&q={searchTerms} BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine64\21.2.0.38\coIEPlg.dll (Symantec Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: DVDVideoSoft IE Extension - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.) BHO-x32: Wincore Mediabar - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll () BHO-x32: No Name - {2EECD738-5844-4a99-B4B6-146BF802613B} - No File BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation) BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: No Name - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - No File BHO-x32: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: DVDVideoSoft IE Extension - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.2.0.38\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM-x32 - No Name - {3444c3c5-6c56-4a16-a453-832b05bf6ea4} - No File Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File Toolbar: HKLM-x32 - Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.) Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) Toolbar: HKLM-x32 - No Name - {98889811-442D-49dd-99D7-DC866BE87DBC} - No File Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM-x32 - Wincore Mediabar - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll () Toolbar: HKCU - No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File Toolbar: HKCU - No Name - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Hosts: Hosts file not detected in the default directory Tcpip\Parameters: [DhcpNameServer] 195.34.133.21 212.186.211.21 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll () FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @canon.com/MycameraPlugin - C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.) FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @Nero.com/KM - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\Free Media Player\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\Free Media Player\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\XXX\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF HKLM-x32\...\Firefox\Extensions: [ocr@babylon.com] - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\ocr@babylon.com FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2013-12-06] FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\ FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\ [] FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ [] Chrome: ======= CHR HomePage: hxxp://www.google.com/ CHR RestoreOnStartup: "hxxp://www.google.com/" CHR Extension: (No Name) - C:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmlgoencnlndpglbocajlimaikjohmab [2013-10-14] CHR Extension: (Plus-HD-3.8) - C:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh [2013-10-25] CHR Extension: (No Name) - C:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\olakgnkoldmagdblaalodobkmeokmgjj [2013-07-10] CHR HKLM-x32\...\Chrome\Extension: [dhkplhfnhceodhffomolpfigojocbpcb] - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonChrome.crx [2013-07-10] CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\Exts\Chrome.crx [2014-03-26] ==================== Services (Whitelisted) ================= R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [103808 2008-01-22] () S3 iPod Service; C:\Program Files (x86)\iPod\bin\iPodService.exe [641352 2014-02-21] (Apple Inc.) R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\N360.exe [265040 2014-03-12] (Symantec Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15122208 2013-10-18] (NVIDIA Corporation) S3 OverwolfUpdaterService; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [18360 2013-10-23] (Overwolf Ltd) R2 SafetyNutManager; C:\Program Files (x86)\Movies Toolbar\SafetyNut\SafetyNutManager.exe [3544072 2014-04-10] (Somoto LTD) R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [187592 2014-01-17] (Sandboxie Holdings, LLC) S2 SetupARService; C:\Program Files (x86)\Realtek\Audio\SetupAfterRebootService.exe [24576 2014-04-22] (Realtek Semiconductor.) R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2412344 2014-01-28] (TuneUp Software) ==================== Drivers (Whitelisted) ==================== R3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31920 2013-06-01] (Wondershare) R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140409.001\BHDrvx64.sys [1525976 2014-03-19] (Symantec Corporation) R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1502000.026\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-12-05] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2014-02-14] (Symantec Corporation) R1 F06DEFF2-5B9C-490D-910F-35D3A9119622; C:\Program Files (x86)\Movies Toolbar\SafetyNut\x64\configmgrc1.cfg [36224 2014-04-10] (Somoto LTD) R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140421.001\IDSvia64.sys [525016 2014-03-26] (Symantec Corporation) S3 MagicTune; C:\Windows\SysWOW64\drivers\MTiCtwl.sys [13312 2006-08-28] () R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-22] (Malwarebytes Corporation) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] () R0 mv61xx; C:\Windows\System32\DRIVERS\mv61xx.sys [181040 2010-10-26] (Marvell Semiconductor, Inc.) R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140421.033\ENG64.SYS [126040 2014-03-29] (Symantec Corporation) R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140421.033\EX64.SYS [2099288 2014-03-29] (Symantec Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-09-28] (NVIDIA Corporation) R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [202600 2014-01-17] (Sandboxie Holdings, LLC) R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1502000.026\SRTSP64.SYS [875736 2014-02-13] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1502000.026\SRTSPX64.SYS [36952 2013-09-10] (Symantec Corporation) S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-04-22] () R0 SymDS; C:\Windows\System32\drivers\N360x64\1502000.026\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\N360x64\1502000.026\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-12-06] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\N360x64\1502000.026\Ironx64.SYS [264280 2013-09-27] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1502000.026\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation) R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [11880 2012-07-19] (TuneUp Software) R1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [90960 2013-03-15] (Windows (R) 2000 DDK provider) R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [633680 2013-03-15] (Paragon) R1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [390352 2013-03-15] (Paragon) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X] S1 NCPro; \SystemRoot\system32\drivers\MTictwl.sys [X] S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-22 13:40 - 2014-04-22 13:42 - 00000000 ____D () C:\FRST 2014-04-22 13:38 - 2014-04-22 13:38 - 00000000 _____ () C:\Users\XXX\defogger_reenable 2014-04-22 12:37 - 2014-04-22 13:31 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-22 12:37 - 2014-04-22 12:37 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-04-22 12:37 - 2014-04-22 12:37 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-04-22 12:37 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-22 12:37 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-22 12:36 - 2014-04-22 12:36 - 00290304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\subinacl.exe 2014-04-22 12:35 - 2014-04-22 12:42 - 00000000 ____D () C:\Program Files\Adware-Removal-Tool 2014-04-22 10:47 - 2014-04-22 10:47 - 00000000 ____D () C:\Intel 2014-04-22 10:22 - 2014-04-22 10:22 - 00001624 _____ () C:\Users\Public\Desktop\Logitech Webcam Software .lnk 2014-04-22 10:03 - 2014-04-22 10:03 - 00000000 ____D () C:\Users\XXX\Documents\My Received Files 2014-04-22 10:03 - 2014-04-22 10:03 - 00000000 ____D () C:\Users\XXX\AppData\Roaming\MusicNet 2014-04-22 10:03 - 2014-04-22 10:03 - 00000000 ____D () C:\Users\XXX\AppData\Local\iMesh 2014-04-22 10:02 - 2014-04-22 10:02 - 00000000 ____D () C:\NVIDIA 2014-04-22 09:52 - 2014-01-28 13:32 - 00038200 _____ (TuneUp Software) C:\Windows\system32\uxtuneup.dll 2014-04-22 09:52 - 2014-01-28 13:32 - 00030520 _____ (TuneUp Software) C:\Windows\SysWOW64\uxtuneup.dll 2014-04-22 09:52 - 2014-01-28 13:32 - 00026936 _____ (TuneUp Software) C:\Windows\system32\authuitu.dll 2014-04-22 09:52 - 2014-01-28 13:32 - 00022328 _____ (TuneUp Software) C:\Windows\SysWOW64\authuitu.dll 2014-04-22 09:21 - 2014-04-22 09:21 - 00000000 ____D () C:\Windows\de 2014-04-22 09:19 - 2014-04-22 09:19 - 00000000 ____D () C:\Program Files\Windows Live 2014-04-22 08:58 - 2014-04-22 08:58 - 00003757 _____ () C:\Users\YYY\Desktop\onlinehilfe.txt 2014-04-17 06:33 - 2014-04-17 06:33 - 00005311 _____ () C:\Users\YYY\Desktop\Nina 3.txt 2014-04-16 13:27 - 2014-03-06 12:21 - 23549440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-04-16 13:27 - 2014-03-06 11:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-04-16 13:27 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-04-16 13:27 - 2014-03-06 11:19 - 17387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-04-16 13:27 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-04-16 13:27 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-04-16 13:27 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-04-16 13:27 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-04-16 13:27 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-04-16 13:27 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-04-16 13:27 - 2014-03-06 10:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-04-16 13:27 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-04-16 13:27 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-04-16 13:27 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-04-16 13:27 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-04-16 13:27 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-04-16 13:27 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-04-16 13:27 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-04-16 13:27 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-04-16 13:27 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-04-16 13:27 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-04-16 13:27 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-04-16 13:27 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-04-16 13:27 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-04-16 13:27 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-04-16 13:27 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-04-16 13:27 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-04-16 13:27 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-04-16 13:27 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-04-16 13:27 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-04-16 13:27 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-04-16 13:27 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-04-16 13:27 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-04-16 13:27 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-04-16 13:27 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-04-16 13:27 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-04-16 13:27 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-04-16 13:27 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-04-16 13:27 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-04-16 13:27 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-04-16 13:27 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-04-16 13:27 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-04-16 13:27 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-04-16 13:27 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-04-16 13:27 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-04-16 13:27 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-04-16 13:27 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-04-16 13:27 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-04-16 05:54 - 2014-04-16 06:06 - 00001537 _____ () C:\Users\YYY\Desktop\Bösterreich.txt 2014-04-16 04:35 - 2014-04-16 04:35 - 00010088 _____ () C:\Users\YYY\Desktop\Schicksal.txt 2014-04-15 07:01 - 2014-04-15 07:01 - 00003541 _____ () C:\Users\YYY\Desktop\Nina Lösung 2.txt 2014-04-15 05:52 - 2014-04-15 05:52 - 00008402 _____ () C:\Users\YYY\Desktop\Nina Lösungsvorschlag.txt 2014-04-14 18:18 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2014-04-14 18:18 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2014-04-14 18:18 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2014-04-14 18:18 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2014-04-14 18:18 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2014-04-14 18:18 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2014-04-14 18:18 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2014-04-14 18:18 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2014-04-14 18:18 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2014-04-14 18:18 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2014-04-14 18:18 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2014-04-14 18:18 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys 2014-04-08 01:11 - 2014-04-08 01:28 - 00007516 _____ () C:\Users\YYY\Desktop\Beuteschema.txt 2014-04-07 09:19 - 2014-04-07 09:19 - 00003411 _____ () C:\Users\YYY\Desktop\Wissenschaft.txt 2014-03-31 21:34 - 2014-03-31 21:35 - 00000000 ____D () C:\Users\XXX\Desktop\2014_03_31 2014-03-31 21:34 - 2014-03-31 21:34 - 00322248 _____ (Microsoft Corporation) C:\Windows\WLXPGSS.SCR 2014-03-31 21:25 - 2014-03-31 21:25 - 00000000 ____D () C:\ProgramData\SSScanAppDataDir 2014-03-31 21:25 - 2014-03-31 21:25 - 00000000 ____D () C:\ProgramData\MSScanAppDataDir 2014-03-30 19:56 - 2014-03-30 19:56 - 00000000 ____D () C:\Windows\System32\Tasks\Norton 360 ==================== One Month Modified Files and Folders ======= 2014-04-22 13:42 - 2014-04-22 13:40 - 00000000 ____D () C:\FRST 2014-04-22 13:42 - 2014-02-06 00:36 - 00000000 ____D () C:\ProgramData\SafetyNut 2014-04-22 13:38 - 2014-04-22 13:38 - 00000000 _____ () C:\Users\XXX\defogger_reenable 2014-04-22 13:38 - 2013-05-07 07:15 - 00000000 ____D () C:\Users\XXX 2014-04-22 13:36 - 2009-07-14 06:45 - 00015344 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-22 13:36 - 2009-07-14 06:45 - 00015344 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-22 13:31 - 2014-04-22 12:37 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-22 13:30 - 2013-07-10 03:06 - 00016152 _____ () C:\Windows\system32\Drivers\SWDUMon.sys 2014-04-22 13:30 - 2013-07-10 03:06 - 00002868 _____ () C:\Windows\System32\Tasks\SlimDrivers Startup 2014-04-22 13:30 - 2013-07-10 03:06 - 00000426 _____ () C:\Windows\Tasks\SlimDrivers Startup.job 2014-04-22 13:28 - 2013-10-12 04:21 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-04-22 13:27 - 2013-10-31 02:04 - 00065536 _____ () C:\Windows\system32\Ikeext.etl 2014-04-22 13:27 - 2013-08-03 14:31 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-04-22 13:27 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-22 13:27 - 2009-07-14 06:51 - 00071172 _____ () C:\Windows\setupact.log 2014-04-22 13:15 - 2013-05-07 07:15 - 01056201 _____ () C:\Windows\WindowsUpdate.log 2014-04-22 12:55 - 2013-10-12 04:21 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-04-22 12:45 - 2013-05-07 18:09 - 01615454 _____ () C:\Windows\PFRO.log 2014-04-22 12:43 - 2013-07-10 03:07 - 00000000 ____D () C:\Users\XXX\AppData\Roaming\stickies 2014-04-22 12:42 - 2014-04-22 12:35 - 00000000 ____D () C:\Program Files\Adware-Removal-Tool 2014-04-22 12:41 - 2013-07-10 07:48 - 00000000 ____D () C:\Program Files (x86)\FileHippo.com 2014-04-22 12:40 - 2013-07-17 09:56 - 00001973 _____ () C:\Users\XXX\Desktop\Update Checker.lnk 2014-04-22 12:40 - 2013-07-10 07:48 - 00002003 _____ () C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update Checker.lnk 2014-04-22 12:37 - 2014-04-22 12:37 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-04-22 12:37 - 2014-04-22 12:37 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-04-22 12:37 - 2013-07-17 10:07 - 00000000 ____D () C:\Users\XXX\AppData\Roaming\Malwarebytes 2014-04-22 12:37 - 2013-07-17 10:07 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-22 12:36 - 2014-04-22 12:36 - 00290304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\subinacl.exe 2014-04-22 12:26 - 2013-10-09 09:21 - 00000000 ____D () C:\Program Files (x86)\eBookConverter 2014-04-22 12:21 - 2013-07-17 10:00 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster 2014-04-22 12:15 - 2013-05-07 15:58 - 00000000 ____D () C:\Program Files (x86)\K-Meleon 2014-04-22 12:09 - 2013-07-31 00:55 - 00000000 ____D () C:\Users\XXX\AppData\Roaming\BabSolution 2014-04-22 12:08 - 2014-03-08 13:03 - 00000968 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4142471697-1489570089-1756012542-1004UA.job 2014-04-22 12:08 - 2014-03-08 13:03 - 00000946 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4142471697-1489570089-1756012542-1004Core.job 2014-04-22 12:08 - 2013-07-10 00:57 - 00000000 ____D () C:\Program Files (x86)\Comodo 2014-04-22 12:00 - 2013-07-16 07:54 - 00000000 ____D () C:\Windows\pss 2014-04-22 12:00 - 2013-05-07 07:16 - 00000000 ___RD () C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-04-22 11:58 - 2013-11-07 10:18 - 00000000 ____D () C:\Users\XXX\AppData\Local\Overwolf 2014-04-22 11:57 - 2013-11-07 10:19 - 00000000 ____D () C:\Program Files (x86)\Overwolf 2014-04-22 11:02 - 2014-03-12 02:57 - 00000960 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4142471697-1489570089-1756012542-1001UA.job 2014-04-22 10:47 - 2014-04-22 10:47 - 00000000 ____D () C:\Intel 2014-04-22 10:23 - 2013-05-07 22:14 - 00009583 _____ () C:\Windows\LDPINST.LOG 2014-04-22 10:23 - 2013-05-07 14:51 - 00013523 _____ () C:\Windows\system32\lvcoinst.log 2014-04-22 10:23 - 2013-05-07 14:51 - 00000000 ____D () C:\Program Files\Common Files\logishrd 2014-04-22 10:22 - 2014-04-22 10:22 - 00001624 _____ () C:\Users\Public\Desktop\Logitech Webcam Software .lnk 2014-04-22 10:20 - 2013-07-10 07:49 - 00002616 _____ () C:\Windows\Sandboxie.ini 2014-04-22 10:15 - 2013-05-07 21:43 - 00000000 ____D () C:\Users\XXX\AppData\Local\CrashDumps 2014-04-22 10:04 - 2013-05-07 07:20 - 00000000 ____D () C:\Program Files\NVIDIA Corporation 2014-04-22 10:04 - 2013-05-07 07:20 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation 2014-04-22 10:03 - 2014-04-22 10:03 - 00000000 ____D () C:\Users\XXX\Documents\My Received Files 2014-04-22 10:03 - 2014-04-22 10:03 - 00000000 ____D () C:\Users\XXX\AppData\Roaming\MusicNet 2014-04-22 10:03 - 2014-04-22 10:03 - 00000000 ____D () C:\Users\XXX\AppData\Local\iMesh 2014-04-22 10:02 - 2014-04-22 10:02 - 00000000 ____D () C:\NVIDIA 2014-04-22 09:52 - 2013-07-06 02:38 - 00000000 ____D () C:\Program Files (x86)\TuneUp Utilities 2013 2014-04-22 09:36 - 2013-05-07 07:21 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-04-22 09:32 - 2013-07-11 00:41 - 00000000 ____D () C:\Users\YYY\AppData\Roaming\stickies 2014-04-22 09:21 - 2014-04-22 09:21 - 00000000 ____D () C:\Windows\de 2014-04-22 09:19 - 2014-04-22 09:19 - 00000000 ____D () C:\Program Files\Windows Live 2014-04-22 09:19 - 2013-07-05 22:46 - 00000000 ____D () C:\Program Files (x86)\Windows Live 2014-04-22 09:15 - 2013-06-07 05:38 - 00198445 _____ () C:\Windows\DirectX.log 2014-04-22 08:58 - 2014-04-22 08:58 - 00003757 _____ () C:\Users\YYY\Desktop\onlinehilfe.txt 2014-04-22 04:51 - 2013-07-11 00:45 - 00000000 ____D () C:\Users\YYY\AppData\Roaming\Skype 2014-04-22 04:00 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing 2014-04-22 02:02 - 2014-03-12 02:57 - 00000938 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4142471697-1489570089-1756012542-1001Core.job 2014-04-21 23:59 - 2013-10-17 03:18 - 00000000 ____D () C:\Users\YYY\AppData\Roaming\DC++ 2014-04-21 23:59 - 2013-10-17 03:18 - 00000000 ____D () C:\Users\YYY\AppData\Local\DC++ 2014-04-21 22:53 - 2013-10-08 20:10 - 00000000 ____D () C:\Users\YYY\AppData\Roaming\vlc 2014-04-18 01:52 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-04-17 06:33 - 2014-04-17 06:33 - 00005311 _____ () C:\Users\YYY\Desktop\Nina 3.txt 2014-04-16 17:16 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\th-TH 2014-04-16 17:16 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\th-TH 2014-04-16 17:16 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-04-16 06:06 - 2014-04-16 05:54 - 00001537 _____ () C:\Users\YYY\Desktop\Bösterreich.txt 2014-04-16 04:35 - 2014-04-16 04:35 - 00010088 _____ () C:\Users\YYY\Desktop\Schicksal.txt 2014-04-15 07:01 - 2014-04-15 07:01 - 00003541 _____ () C:\Users\YYY\Desktop\Nina Lösung 2.txt 2014-04-15 05:52 - 2014-04-15 05:52 - 00008402 _____ () C:\Users\YYY\Desktop\Nina Lösungsvorschlag.txt 2014-04-14 22:49 - 2013-10-12 04:21 - 00000000 ____D () C:\Program Files (x86)\Google 2014-04-14 18:25 - 2013-05-07 22:21 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-04-14 18:24 - 2013-07-10 01:10 - 00000000 ____D () C:\Windows\system32\MRT 2014-04-14 18:22 - 2013-05-07 14:00 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-04-14 18:19 - 2013-08-03 14:31 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-04-14 18:19 - 2013-05-07 07:21 - 00000000 ____D () C:\Users\XXX\AppData\Local\Adobe 2014-04-14 18:18 - 2013-08-03 14:31 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-04-14 18:18 - 2013-08-03 14:31 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-04-14 17:30 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-04-14 17:23 - 2013-09-12 15:33 - 00716518 _____ () C:\Windows\system32\perfh019.dat 2014-04-14 17:23 - 2013-09-12 15:33 - 00150824 _____ () C:\Windows\system32\perfc019.dat 2014-04-14 17:23 - 2013-09-12 07:21 - 00737634 _____ () C:\Windows\system32\perfh00C.dat 2014-04-14 17:23 - 2013-09-12 07:21 - 00149562 _____ () C:\Windows\system32\perfc00C.dat 2014-04-14 17:23 - 2013-09-12 07:13 - 00735416 _____ () C:\Windows\system32\perfh013.dat 2014-04-14 17:23 - 2013-09-12 07:13 - 00153084 _____ () C:\Windows\system32\perfc013.dat 2014-04-14 17:23 - 2013-09-12 07:05 - 00737374 _____ () C:\Windows\system32\perfh00A.dat 2014-04-14 17:23 - 2013-09-12 07:05 - 00158456 _____ () C:\Windows\system32\perfc00A.dat 2014-04-14 17:23 - 2013-09-12 06:56 - 00731964 _____ () C:\Windows\system32\perfh010.dat 2014-04-14 17:23 - 2013-09-12 06:56 - 00146828 _____ () C:\Windows\system32\perfc010.dat 2014-04-14 17:23 - 2009-07-14 19:58 - 00699416 _____ () C:\Windows\system32\perfh007.dat 2014-04-14 17:23 - 2009-07-14 19:58 - 00149556 _____ () C:\Windows\system32\perfc007.dat 2014-04-14 17:23 - 2009-07-14 07:13 - 06037862 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-08 01:28 - 2014-04-08 01:11 - 00007516 _____ () C:\Users\YYY\Desktop\Beuteschema.txt 2014-04-07 09:19 - 2014-04-07 09:19 - 00003411 _____ () C:\Users\YYY\Desktop\Wissenschaft.txt 2014-04-07 07:58 - 2013-05-07 21:57 - 00000000 ____D () C:\ProgramData\CanonIJPLM 2014-04-03 09:51 - 2014-04-22 12:37 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-03 09:51 - 2014-04-22 12:37 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-03 09:50 - 2013-07-17 10:07 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-03-31 21:35 - 2014-03-31 21:34 - 00000000 ____D () C:\Users\XXX\Desktop\2014_03_31 2014-03-31 21:34 - 2014-03-31 21:34 - 00322248 _____ (Microsoft Corporation) C:\Windows\WLXPGSS.SCR 2014-03-31 21:32 - 2013-07-31 21:32 - 00000000 ____D () C:\ProgramData\CanonIJ 2014-03-31 21:25 - 2014-03-31 21:25 - 00000000 ____D () C:\ProgramData\SSScanAppDataDir 2014-03-31 21:25 - 2014-03-31 21:25 - 00000000 ____D () C:\ProgramData\MSScanAppDataDir 2014-03-31 12:44 - 2013-10-12 04:21 - 00004120 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-03-31 12:44 - 2013-10-12 04:21 - 00003868 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-03-30 19:56 - 2014-03-30 19:56 - 00000000 ____D () C:\Windows\System32\Tasks\Norton 360 2014-03-30 19:50 - 2013-12-06 08:08 - 00003206 _____ () C:\Windows\System32\Tasks\Norton WSC Integration 2014-03-30 19:50 - 2013-12-06 08:08 - 00002319 _____ () C:\Users\Public\Desktop\Norton 360.lnk 2014-03-30 19:50 - 2013-12-06 08:07 - 00000000 ____D () C:\Windows\system32\Drivers\N360x64 2014-03-26 18:03 - 2013-08-01 08:50 - 00000000 ____D () C:\Users\YYY\AppData\Local\CrashDumps ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-04-19 00:06 ==================== End Of Log ============================ Code:
ATTFilter FRIST Addition: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-04-2014 Ran by XXX at 2014-04-22 13:43:04 Running from S:\Downloads\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Norton 360 (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB} AS: Norton 360 (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Norton 360 (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0} ==================== Installed Programs ====================== 3Planesoft Screensaver Manager 1.4 (HKLM-x32\...\3Planesoft Screensaver Manager_is1) (Version: 1.4 - 3Planesoft) 7-Zip 9.25 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0925-000001000000}) (Version: 9.25.00.0 - Igor Pavlov) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.8.0.1430 - Adobe Systems Incorporated) Adobe AIR (x32 Version: 3.8.0.1430 - Adobe Systems Incorporated) Hidden Adobe Digital Editions 3.0 (HKLM-x32\...\Adobe Digital Editions 3.0) (Version: 3.0 - Adobe Systems Incorporated) Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated) Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.182 - Adobe Systems Incorporated) Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated) Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Autumn Forest 3D Screensaver and Animated Wallpaper 1.0 (HKLM-x32\...\Autumn Forest 3D Screensaver and Animated Wallpaper_is1) (Version: 1.0 - 3Planesoft) AVS Media Player 4.2.2.104 (HKLM-x32\...\AVS Media Player_is1) (Version: 4.2.2.104 - Online Media Technologies Ltd.) AVS Video Converter 8 (HKLM-x32\...\AVS4YOU Video Converter 7_is1) (Version: 8.4.2.541 - Online Media Technologies Ltd.) Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v7.00.05 - TOSHIBA CORPORATION) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) calibre (HKLM-x32\...\{DF011CCA-4998-4A71-B593-4283924F99A0}) (Version: 1.25.0 - Kovid Goyal) CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.3.6.0 - Canon Inc.) CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\CANON iMAGE GATEWAY Task) (Version: 1.7.2.11 - Canon Inc.) Canon Internet Library for ZoomBrowser EX (HKLM-x32\...\Canon Internet Library for ZoomBrowser EX) (Version: 1.6.3.9 - Canon Inc.) Canon MOV Decoder (HKLM-x32\...\Canon MOV Decoder) (Version: 1.5.0.7 - Canon Inc.) Canon MOV Encoder (HKLM-x32\...\Canon MOV Encoder) (Version: 1.3.0.3 - Canon Inc.) Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.4.0.8 - Canon Inc.) Canon MP Navigator EX 2.0 (HKLM-x32\...\MP Navigator EX 2.0) (Version: - ) Canon MP540 series Benutzerregistrierung (HKLM-x32\...\Canon MP540 series Benutzerregistrierung) (Version: - ) Canon MP540 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP540_series) (Version: - ) Canon Utilities CameraWindow (HKLM-x32\...\CameraWindowLauncher) (Version: 7.4.0.7 - Canon Inc.) Canon Utilities CameraWindow DC 8 (HKLM-x32\...\CameraWindowDC8) (Version: 8.1.0.11 - Canon Inc.) Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - ) Canon Utilities Movie Uploader for YouTube (HKLM-x32\...\MovieUploaderForYouTube) (Version: 1.0.0.11 - Canon Inc.) Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - ) Canon Utilities MyCamera (HKLM-x32\...\MyCamera) (Version: 7.3.0.5 - Canon Inc.) Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.) Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version: - ) Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.5.0.14 - Canon Inc.) Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.3.0.4 - Canon Inc.) ContentHD (x32 Version: 1.00.0002 - Corel Corporation) Hidden Contents (x32 Version: 1.6.1.137 - Corel Corporation) Hidden Corel PaintShop Photo Pro X3 (HKLM-x32\...\_{D1AEB5DB-04FA-489D-94EF-8600898B93EE}) (Version: 1.6.1.137 - Corel Corporation) Corel PaintShop Photo Pro X3 (x32 Version: 1.00.0000 - Corel Corporation) Hidden D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DC++ 0.831 (HKLM-x32\...\DC++) (Version: 0.831 - Jacek Sieka) DeviceIO (x32 Version: 1.6.1.137 - Corel Corporation) Hidden Dolphins 3D Screensaver and Animated Wallpaper 1.0 (HKLM-x32\...\Dolphins 3D Screensaver and Animated Wallpaper_is1) (Version: 1.0 - 3Planesoft) Dropbox (HKCU\...\Dropbox) (Version: 2.0.26 - Dropbox, Inc.) Earth 3D Screensaver and Animated Wallpaper 2.0 (HKLM-x32\...\Earth 3D Screensaver and Animated Wallpaper_is1) (Version: 2.0 - 3Planesoft) erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden EVEREST Home Edition v2.20 (HKLM-x32\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc) Evernote v. 5.0.3 (HKLM-x32\...\{32D39568-3B77-11E3-88CE-00163E98E7D0}) (Version: 5.0.3.1614 - Evernote Corp.) Facebook Video Calling 2.0.0.447 (HKLM-x32\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited) FileHippo.com Update Checker (HKLM-x32\...\FileHippo.com) (Version: - ) Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Fractal eXtreme 64-bit (HKLM\...\{50FCA33D-BB55-4F81-B578-B07940D8ABD4}) (Version: 2.2.0 - Cygnus Software) Free Media Player 2.0.7 (HKLM-x32\...\Free Media Player) (Version: 2.0.7 - Somoto Ltd.) <==== ATTENTION Free Studio version 2013 (HKLM-x32\...\Free Studio_is1) (Version: 6.1.12.925 - DVDVideoSoft Ltd.) Free Video Converter V 3.2 (HKLM-x32\...\Free Video Converter_is1) (Version: 3.2.0.0 - Koyote Soft) Free YouTube Download version 3.2.29.303 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.29.303 - DVDVideoSoft Ltd.) Free YouTube to MP3 Converter version 3.12.29.304 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.29.304 - DVDVideoSoft Ltd.) FreeLanguageTranslator2 (HKLM-x32\...\{8AA462CC-7F29-4F51-9D7F-68ED38658E92}) (Version: 2.02 - Decebal Mihailescu) Futuristic City 3D Screensaver and Animated Wallpaper 1.1 (HKLM-x32\...\Futuristic City 3D Screensaver and Animated Wallpaper_is1) (Version: 1.1 - 3Planesoft) GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden Google Books Downloader version 2.3 (HKLM-x32\...\{216729B6-014A-F413-814F-F17F74FBA113}_is1) (Version: 2.3 - GBOOKSDOWNLOADER.COM) Google Drive (HKLM-x32\...\{E87022D3-C8C9-4C76-8E27-BC7F18F9B8FB}) (Version: 1.14.6059.644 - Google, Inc.) Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden Grand Canyon 3D Screensaver and Animated Wallpaper 1.0 (HKLM-x32\...\Grand Canyon 3D Screensaver and Animated Wallpaper_is1) (Version: 1.0 - 3Planesoft) Halloween 3D Screensaver 1.1 (HKLM-x32\...\Halloween 3D Screensaver_is1) (Version: 1.1 - 3Planesoft) Hardcopy (HKLM-x32\...\Hardcopy) (Version: 2013.06.27 - www.hardcopy.de) Haunted House 3D Screensaver and Animated Wallpaper 2.0 (HKLM-x32\...\Haunted House 3D Screensaver and Animated Wallpaper_is1) (Version: 2.0 - 3Planesoft) ICA (x32 Version: 1.6.1.137 - Corel Corporation) Hidden iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.) iMesh (HKLM-x32\...\iMesh) (Version: 11.0.0.122124 - iMesh Inc.) <==== ATTENTION iMesh (x32 Version: 11.0.0.122124 - iMesh Inc.) Hidden <==== ATTENTION Inkjet Printer/Scanner Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: - ) Intel(R) Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation) IPM_PSP_Pro (x32 Version: 1.00.0000 - Corel Corporation) Hidden iPod for Windows 2005-10-12 (HKLM-x32\...\InstallShield_{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A}) (Version: 4.3.0 - Apple Computer, Inc.) iPod for Windows 2005-10-12 (x32 Version: 4.3.0 - Apple Computer, Inc.) Hidden iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.) Java 7 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.400 - Oracle) Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Logitech Webcam-Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.) LWS Facebook (x32 Version: 13.50.854.0 - Logitech) Hidden LWS Gallery (x32 Version: 13.51.827.0 - Logitech) Hidden LWS Help_main (x32 Version: 13.51.828.0 - Logitech) Hidden LWS Launcher (x32 Version: 13.51.828.0 - Logitech) Hidden LWS Motion Detection (x32 Version: 13.51.815.0 - Logitech) Hidden LWS Pictures And Video (x32 Version: 13.51.815.0 - Logitech) Hidden LWS Twitter (x32 Version: 13.30.1346.0 - Logitech) Hidden LWS Webcam Software (x32 Version: 13.51.815.0 - Logitech) Hidden LWS WLM Plugin (x32 Version: 1.30.1201.0 - Logitech) Hidden LWS YouTube Plugin (x32 Version: 13.31.1038.0 - Logitech) Hidden Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation) marvell 61xx (HKLM-x32\...\mv61xxDriver) (Version: 1.2.0.7700 - Marvell) Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (ESN) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (español) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (FRA) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Français) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1036) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (ITA) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Italiano) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1040) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Nederlands) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1043) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (NLD) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (RUS) (Version: 4.5.50938 - Корпорация Майкрософт) Hidden Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Русский) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1049) (Version: 4.5.50938 - Корпорация Майкрософт) Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation) Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) MLE (x32 Version: 1.0.0.23 - Corel Corporation) Hidden Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden MultiScreen (HKLM-x32\...\{E36E864B-BFB6-440A-9A23-2B0BEDE59A92}) (Version: 1.00.0000 - Samsung Electronics Ltd.) Natural Color Pro (HKLM-x32\...\{FC2C7405-BC58-4E11-8F51-29671BEAC06B}) (Version: 1.00.0005 - ) Nero 11 (HKLM-x32\...\{EB475D31-14C0-4DC3-8E0A-8AE1711399B3}) (Version: 11.0.10100 - Nero AG) Nero Abstract Themes (x32 Version: 12.0.11500 - Nero AG) Hidden Nero Audio Pack 1 (x32 Version: 11.0.11500.110.0 - Nero AG) Hidden Nero BackItUp 11 (x32 Version: 6.2.18400.2.100 - Nero AG) Hidden Nero BackItUp 11 Help (CHM) (x32 Version: 11.0.10400 - Nero AG) Hidden Nero Backup Drivers (HKLM\...\{D600D357-5CB9-4DE9-8FD4-14E208BD1970}) (Version: 12.0.4000 - Nero AG) Nero Blu-ray Player (x32 Version: 12.0.20030 - Nero AG) Hidden Nero Burning ROM 11 (x32 Version: 11.2.10300.0.0 - Nero AG) Hidden Nero Burning ROM 11 Help (CHM) (x32 Version: 11.0.10300 - Nero AG) Hidden Nero Cliparts (x32 Version: 12.0.11500 - Nero AG) Hidden Nero ControlCenter (x32 Version: 11.0.15600 - Nero AG) Hidden Nero ControlCenter Help (CHM) (x32 Version: 12.0.12000 - Nero AG) Hidden Nero Core Components (x32 Version: 11.0.21800 - Nero AG) Hidden Nero CoverDesigner 11 (x32 Version: 6.0.11000.13.100 - Nero AG) Hidden Nero CoverDesigner 11 Help (CHM) (x32 Version: 11.0.10300 - Nero AG) Hidden Nero Disc Menus 1 (x32 Version: 12.0.11500 - Nero AG) Hidden Nero Disc Menus 2 (x32 Version: 12.0.11500 - Nero AG) Hidden Nero Disc Menus 3 (x32 Version: 12.0.11500 - Nero AG) Hidden Nero Disc Menus Basic (x32 Version: 12.0.11500 - Nero AG) Hidden Nero Effects Basic (x32 Version: 12.0.11500 - Nero AG) Hidden Nero Express 11 (x32 Version: 11.2.10300.0.0 - Nero AG) Hidden Nero Express 11 Help (CHM) (x32 Version: 11.0.10300 - Nero AG) Hidden Nero Holiday and Sports Themes (x32 Version: 12.0.11500 - Nero AG) Hidden Nero Image Samples (x32 Version: 12.0.11500 - Nero AG) Hidden Nero Kwik Media (x32 Version: 1.18.20100 - Nero AG) Hidden Nero Kwik Media Help (CHM) (x32 Version: 12.0.12000 - Nero AG) Hidden Nero Kwik Themes Basic (x32 Version: 12.0.11500 - Nero AG) Hidden Nero PiP Effects Basic (x32 Version: 12.0.11500 - Nero AG) Hidden Nero Prerequisite Installer 1.0 (HKLM-x32\...\{011E92F1-AF76-4983-8707-79F8F1956439}) (Version: 11.0.11500 - Nero AG) Nero Recode 11 (x32 Version: 5.2.11300.0.0 - Nero AG) Hidden Nero Recode 11 Help (CHM) (x32 Version: 11.0.10500 - Nero AG) Hidden Nero RescueAgent 11 (x32 Version: 4.0.10600.10.100 - Nero AG) Hidden Nero RescueAgent 11 Help (CHM) (x32 Version: 11.0.10400 - Nero AG) Hidden Nero SharedVideoCodecs (x32 Version: 1.0.12100.2.0 - Nero AG) Hidden Nero SoundTrax 11 (x32 Version: 5.0.10700.6.100 - Nero AG) Hidden Nero SoundTrax 11 Help (CHM) (x32 Version: 11.0.10400 - Nero AG) Hidden Nero Update (x32 Version: 11.0.11800.31.0 - Nero AG) Hidden Nero Video 11 (x32 Version: 8.2.16000.4.100 - Nero AG) Hidden Nero Video 11 Help (CHM) (x32 Version: 11.0.10300 - Nero AG) Hidden Nero Video Samples (x32 Version: 12.0.11500 - Nero AG) Hidden Nero WaveEditor 11 (x32 Version: 6.2.11300.0.100 - Nero AG) Hidden Nero WaveEditor 11 Help (CHM) (x32 Version: 11.0.10400 - Nero AG) Hidden nero.prerequisites.msi (x32 Version: 11.0.20010 - Nero AG) Hidden Norton 360 (HKLM-x32\...\N360) (Version: 21.2.0.38 - Symantec Corporation) NVIDIA 3D Vision Controller-Treiber 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 331.65 - NVIDIA Corporation) NVIDIA GeForce Experience 1.7 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.7 - NVIDIA Corporation) NVIDIA Grafiktreiber 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.141.953 - NVIDIA Corporation) Hidden NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden NVIDIA PhysX (x32 Version: 9.13.0725 - NVIDIA Corporation) Hidden NVIDIA PhysX-Systemsoftware 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation) NVIDIA ShadowPlay 9.3.16 (Version: 9.3.16 - NVIDIA Corporation) Hidden NVIDIA Systemsteuerung 331.65 (Version: 331.65 - NVIDIA Corporation) Hidden NVIDIA Update 9.3.16 (Version: 9.3.16 - NVIDIA Corporation) Hidden NVIDIA Virtual Audio 1.2.9 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.9 - NVIDIA Corporation) Opera Stable 20.0.1387.91 (HKLM-x32\...\Opera 20.0.1387.91) (Version: 20.0.1387.91 - Opera Software ASA) Overwolf (HKLM-x32\...\{FB83467F-D8EB-43E6-8B3D-860B045C1C52}) (Version: 0.51.325 - Overwolf) Panda USB Vaccine 1.0.1.4 (HKLM-x32\...\{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1) (Version: - Panda Security) Paragon Backup & Recovery™ 2013 Free (HKLM-x32\...\{C268B5E1-A5DA-11DF-A289-005056C00008}) (Version: 90.00.0003 - Paragon Software) PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.212.0 - Tracker Software Products Ltd) Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden PSPH10Pro (x32 Version: 1.00.0000 - Corel Corporation) Hidden PSPPContent (x32 Version: 1.00.0000 - Corel Corporation) Hidden PSPPRO_DCRAW (x32 Version: 13.0.0 - Corel Corporation) Hidden PureHD (x32 Version: 1.6.1.137 - Corel Corporation) Hidden QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.) Sandboxie 4.08 (64-bit) (HKLM\...\Sandboxie) (Version: 4.08 - Sandboxie Holdings, LLC) Sandy Beach 3D Screensaver and Animated Wallpaper 1.0 (HKLM-x32\...\Sandy Beach 3D Screensaver and Animated Wallpaper_is1) (Version: 1.0 - 3Planesoft) Setup (x32 Version: 1.6.1.137 - Corel Corporation) Hidden Share (x32 Version: 1.6.1.137 - Corel Corporation) Hidden Share64 (Version: 1.6.1.137 - Corel Corporation) Hidden SHIELD Streaming (Version: 1.6.34 - NVIDIA Corporation) Hidden Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.) SlimDrivers (HKLM-x32\...\{A5457401-D56A-43F2-9524-78E54A7FC07A}) (Version: 2.2.32705 - SlimWare Utilities, Inc.) Starry Night 3D Screensaver and Animated Wallpaper 1.0 (HKLM-x32\...\Starry Night 3D Screensaver and Animated Wallpaper_is1) (Version: 1.0 - 3Planesoft) Stellar Phoenix Windows Data Recovery - Home (HKLM-x32\...\Stellar Phoenix Windows Data Recovery - Home_is1) (Version: 5.0.0.2 - Stellar Information Systems Ltd) Stellar Phoenix Windows Data Recovery V4.1 (HKLM-x32\...\Stellar Phoenix Windows Data Recovery_is1) (Version: - Stellar Information Systems Ltd) Stickies 7.1e (HKLM-x32\...\ZhornStickies) (Version: - Zhorn Software) TuneUp Utilities 2013 (HKLM-x32\...\TuneUp Utilities 2013) (Version: 13.0.4000.260 - TuneUp Software) TuneUp Utilities 2013 (x32 Version: 13.0.4000.260 - TuneUp Software) Hidden TuneUp Utilities Language Pack (de-DE) (x32 Version: 13.0.4000.260 - TuneUp Software) Hidden TuneWiki WebPlayer (HKLM-x32\...\TuneWikiWebPlayer) (Version: 1.1.0.010 - TuneWiki) <==== ATTENTION Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft) Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft) Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft) Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft) VIO (x32 Version: 1.6.1.137 - Corel Corporation) Hidden VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: - Elaborate Bytes) VirtualDJ Home FREE (HKLM-x32\...\{A6AC699F-8315-40CA-8F70-E917494978AB}) (Version: 7.4 - Atomix Productions) VLC media player 2.1.0 (HKLM-x32\...\VLC media player) (Version: 2.1.0 - VideoLAN) Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.1.0.0 - Azureus Software, Inc.) Vuze Remote Toolbar for IE (HKLM-x32\...\IECT2504091) (Version: 6.16.2.2 - Vuze Remote) <==== ATTENTION Welcome App (Start-up experience) (x32 Version: 11.0.23500.0.0 - Nero AG) Hidden Wincore MediaBar (HKLM-x32\...\Wincore MediaBar) (Version: 3.0.0.122080 - iMesh Inc.) <==== ATTENTION Windows Live Communications Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) Windows Live Essentials (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live Mail (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live MIME IFilter (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live UX Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live Writer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live Writer Resources (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden WinPatrol (HKLM\...\{4BB7A109-FDB5-45E3-9DB9-ECB2EA7B80EE}) (Version: 28.9.2013.1 - BillP Studios) WinPatrol (HKLM\...\{84481A87-2316-4923-8FAB-3BA8CA29323D}) (Version: 29.0.2013 - BillP Studios) Wisdom-soft AutoScreenRecorder 3.1 Free (HKLM-x32\...\Wisdom-soft AutoScreenRecorder 3.1 Free) (Version: - Wisdom Software Inc.) XMedia Recode Version 3.1.7.3 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.1.7.3 - XMedia Recode) ==================== Restore Points ========================= 24-02-2014 07:05:09 Geplanter Prüfpunkt 24-02-2014 17:52:00 Windows Live Essentials 24-02-2014 17:53:34 DirectX wurde installiert 24-02-2014 17:54:20 DirectX wurde installiert 24-02-2014 17:54:52 DirectX wurde installiert 24-02-2014 17:56:21 WLSetup 25-02-2014 22:10:17 Installed calibre 26-02-2014 09:31:10 Uniblue SpeedUpMyPC installation 06-03-2014 14:46:56 Geplanter Prüfpunkt 12-03-2014 01:17:43 Uniblue SpeedUpMyPC installation 12-03-2014 06:05:11 Windows Update 12-03-2014 09:49:26 Windows Update 13-03-2014 04:06:20 Windows Update 30-03-2014 21:05:42 Geplanter Prüfpunkt 07-04-2014 17:26:50 Geplanter Prüfpunkt 14-04-2014 16:20:21 Windows Update 16-04-2014 11:02:05 Windows Update 16-04-2014 11:22:08 Windows Update 16-04-2014 20:40:28 Windows Update 21-04-2014 21:47:28 Windows Update 22-04-2014 07:12:04 Windows Update 22-04-2014 07:12:43 Windows Live Essentials 22-04-2014 07:14:48 DirectX wurde installiert 22-04-2014 07:15:27 DirectX wurde installiert 22-04-2014 07:16:54 DirectX wurde installiert 22-04-2014 07:18:32 WLSetup 22-04-2014 07:42:43 SlimDrivers Installing Drivers 22-04-2014 07:48:01 Windows Update 22-04-2014 08:14:06 Windows Update 22-04-2014 08:26:34 DCInstallRestorePoint 22-04-2014 08:41:55 SlimDrivers Installing Drivers 22-04-2014 08:43:27 Windows Update 22-04-2014 08:49:17 SlimDrivers Installing Drivers 22-04-2014 09:05:34 Windows Update 22-04-2014 09:32:21 Windows Update 22-04-2014 10:02:27 Windows Update 22-04-2014 10:06:02 Windows Update 22-04-2014 10:06:58 Windows Update 22-04-2014 10:11:26 Removed Grabilla 22-04-2014 10:14:07 Joe wird entfernt 22-04-2014 10:22:38 Removed WinDealist 22-04-2014 10:26:27 Removed EPubsoft DRM Removal 7.1.3. ==================== Scheduled Tasks (whitelisted) ============= Task: {03B99D40-7AFA-4968-88BB-8A7EA700E72C} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe Task: {061D291F-A979-40CB-8DB6-C7206603EAA0} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\SymErr.exe [2014-01-30] (Symantec Corporation) Task: {09F12D6D-1436-43D1-97F1-DAF4A9FF9975} - System32\Tasks\XXX Nero LIVEBackup Merge 6 0 => C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBCore.exe [2012-01-13] (Nero AG) Task: {0BDE2934-8E7F-4230-B371-598B3E33C587} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4142471697-1489570089-1756012542-1001Core => C:\Users\XXX\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-03-12] (Facebook Inc.) Task: {0D051EF4-8EAC-472C-BFB8-5218395E75D2} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4142471697-1489570089-1756012542-1004Core => C:\Users\YYY\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-03-08] (Facebook Inc.) Task: {11961A27-C3AC-4E1B-A836-646BD9A01D25} - System32\Tasks\XXX Nero LIVEBackup 6 0 => C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBCore.exe [2012-01-13] (Nero AG) Task: {1A3BD680-8AA5-4D27-A8D7-1F1912C17053} - System32\Tasks\{13FB3090-ADDB-4890-85B1-9D761963B54B} => C:\Program Files (x86)\Stellar Phoenix Windows Data Recovery\spwdrgaa.exe [2010-04-19] (Stellar Information System Ltd.) Task: {1C56ABE4-0560-42C9-AA87-AD2726F1AC74} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4142471697-1489570089-1756012542-1001UA => C:\Users\XXX\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-03-12] (Facebook Inc.) Task: {278D9796-EEA6-4534-89B8-219CD3070448} - System32\Tasks\{A51DF6A1-2FFC-4562-825E-87031537D27A} => C:\Program Files (x86)\Stellar Phoenix Windows Data Recovery\spwdrgaa.exe [2010-04-19] (Stellar Information System Ltd.) Task: {27B4BAD3-6D02-4D44-B8DD-7311CC4227BD} - System32\Tasks\XXX NBAgent 6 0 => C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe [2012-01-13] (Nero AG) Task: {28F2E8FD-EF64-4BC0-AEC7-B5C5E60F47BD} - System32\Tasks\SlimDrivers Startup => C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe [2013-09-24] (SlimWare Utilities, Inc.) Task: {2DEA40EE-FD32-4E72-90EE-19E929E2B99E} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.5.0.67\SymErr.exe Task: {2FEC216B-85C0-4956-9BEC-A3B6DF9BBCD4} - System32\Tasks\hcdll2_ex_x64 => C:\Program Files (x86)\Hardcopy\hcdll2_ex_x64.exe [2012-11-08] () Task: {3090F742-5596-43C3-AC49-472E853CEA6E} - System32\Tasks\XXX => C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBCore.exe [2012-01-13] (Nero AG) Task: {30D71957-DB56-4F7E-B0EB-CEE6DF0624C9} - System32\Tasks\YYY3 => C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBCore.exe [2012-01-13] (Nero AG) Task: {334C9FD6-DC96-49C3-9141-22203A9DFD78} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files (x86)\Desk 365\desk365.exe <==== ATTENTION Task: {35E3BF21-D48C-41AF-8F5A-A54AA131D45E} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\WSCStub.exe [2014-03-12] (Symantec Corporation) Task: {3AD8995C-8302-4D7C-907F-5B2F5EC681B6} - System32\Tasks\YYY => C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBCore.exe [2012-01-13] (Nero AG) Task: {619FDB8D-831F-4259-A4E2-FFBE0A078C44} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2013\OneClick.exe [2014-01-28] (TuneUp Software) Task: {622A1A1A-C87E-4B45-8B0C-9AF4B6CD2096} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation) Task: {65F37ECF-570B-40BD-969F-9CE49440303D} - System32\Tasks\YYY2 => C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBCore.exe [2012-01-13] (Nero AG) Task: {672C6EFE-AC8C-4E14-9B07-E50258131E42} - System32\Tasks\FileHippo.com-Online-Aktualisierungsprogramm => C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe Task: {6A7A8837-D207-4439-B436-B89E664E893C} - System32\Tasks\YYY4 => C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBCore.exe [2012-01-13] (Nero AG) Task: {70BF8FF9-C2AD-4A35-9838-A70967BDC01D} - System32\Tasks\hcdll2_ex_Win32 => C:\Program Files (x86)\Hardcopy\hcdll2_ex_Win32.exe [2012-11-08] () Task: {7529099F-2DB9-4707-B4FC-4D68DDDE77B3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-14] (Adobe Systems Incorporated) Task: {779F2FB2-3599-4A34-927E-AB0CD7C6F556} - System32\Tasks\PandaUSBVaccine => C:\Program Files (x86)\Panda USB Vaccine\RunInteractiveWin.exe [2009-09-23] () Task: {7A856582-F88C-44D9-8219-D97DBC047D58} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {7F04DFC8-2A9C-4B74-84DF-463E95AB61E1} - System32\Tasks\Games\UpdateCheck_S-1-5-21-4142471697-1489570089-1756012542-1001 Task: {801D4F48-CD72-4AA4-A546-7788A30C5214} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: {ADA1D230-67CD-4FD6-A233-04F7BE258972} - System32\Tasks\{954C44F4-AE69-48D9-BF93-92026E5DF43D} => C:\Program Files (x86)\Stellar Phoenix Windows Data Recovery\spwdrgaa.exe [2010-04-19] (Stellar Information System Ltd.) Task: {B49E3DF7-1C75-48EE-9C27-4A50690AFACA} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4142471697-1489570089-1756012542-1004UA => C:\Users\YYY\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-03-08] (Facebook Inc.) Task: {BD605C58-F72C-4828-B5DA-2DA1E3EDA4A1} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated) Task: {BFCD0A47-CB73-42D7-AB3A-7BE910B48DCA} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\SymErr.exe [2014-01-30] (Symantec Corporation) Task: {CEDF91BD-E55A-43C5-BCE5-D297372C469F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-12] (Google Inc.) Task: {D3919FC4-D570-4127-9836-78A250CAEEA4} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe Task: {DA99FD9C-8560-4B79-9362-0DA0055E58D4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-12] (Google Inc.) Task: {DE33DD1A-CE39-4A58-97BE-ABECF861726A} - System32\Tasks\{C5E0EEB2-B4A5-4040-B809-F3A1EFAF9738} => C:\Program Files (x86)\Stellar Phoenix Windows Data Recovery\spwdrgaa.exe [2010-04-19] (Stellar Information System Ltd.) Task: {E67385D6-FE11-4443-9B71-0AD6AD26D2E1} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.5.0.67\SymErr.exe Task: {F014EA0E-F9E6-4F03-8CA7-6473E00CC235} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2013-11-20] (Apple Inc.) Task: {F5E8D703-5B6C-42B3-86E7-25794C6B1A49} - System32\Tasks\RunAsStdUser Task => C:\Program Files (x86)\Moo0\ConnectionWatcher 1.55\ConnectionWatcher.exe <==== ATTENTION Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4142471697-1489570089-1756012542-1001Core.job => C:\Users\XXX\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4142471697-1489570089-1756012542-1001UA.job => C:\Users\XXX\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4142471697-1489570089-1756012542-1004Core.job => C:\Users\YYY\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4142471697-1489570089-1756012542-1004UA.job => C:\Users\YYY\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\SlimDrivers Startup.job => C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe ==================== Loaded Modules (whitelisted) ============= 2013-10-06 17:26 - 2014-04-10 11:56 - 00665096 _____ () C:\Program Files (x86)\Movies Toolbar\SafetyNut\x64\safetycrt.dll 2013-05-07 21:57 - 2008-01-22 10:35 - 00103808 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE 2013-07-10 02:51 - 2012-11-08 08:38 - 00044608 _____ () C:\Program Files (x86)\Hardcopy\hcdll2_ex_x64.exe 2013-07-10 02:51 - 2012-11-08 08:39 - 00037440 _____ () C:\Program Files (x86)\Hardcopy\hcdll2_ex_Win32.exe 2010-03-18 22:17 - 2010-03-18 22:17 - 00124560 _____ () C:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\PSPContextMenu64.dll 2014-01-28 13:34 - 2014-01-28 13:34 - 00741176 _____ () C:\Program Files (x86)\TuneUp Utilities 2013\avgrepliba.dll 2014-04-16 13:05 - 2014-04-02 13:19 - 01380704 _____ () C:\Users\YYY\AppData\Local\Programs\Opera\20.0.1387.91\opera_crashreporter.exe 2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2013-10-06 17:26 - 2014-04-10 11:56 - 00490504 _____ () C:\Program Files (x86)\Movies Toolbar\SafetyNut\safetycrt.dll 2013-10-06 17:26 - 2014-04-10 11:56 - 00020488 _____ () C:\Program Files (x86)\Movies Toolbar\SafetyNut\safetyldr.dll 2013-07-10 02:51 - 2012-07-05 15:56 - 00052800 _____ () C:\Program Files (x86)\Hardcopy\hardcopy_05.dll 2014-04-16 13:05 - 2014-04-02 13:19 - 00895328 _____ () C:\Users\YYY\AppData\Local\Programs\Opera\20.0.1387.91\ffmpegsumo.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 AlternateDataStreams: C:\ProgramData\TEMP:A76E9BDB AlternateDataStreams: C:\ProgramData\TEMP:FCA8C9CD ==================== Safe Mode (whitelisted) =================== ==================== Disabled items from MSCONFIG ============== MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk => C:\Windows\pss\Bluetooth Manager.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Stickies.lnk => C:\Windows\pss\Stickies.lnk.CommonStartup MSCONFIG\startupfolder: C:^Users^XXX^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup MSCONFIG\startupfolder: C:^Users^XXX^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Produktregistrierung.lnk => C:\Windows\pss\Logitech . Produktregistrierung.lnk.Startup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\XXX\AppData\Local\Akamai\netsession_win.exe" MSCONFIG\startupreg: Babylon Client => C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe -AutoStart MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon MSCONFIG\startupreg: CanonSolutionMenu => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon MSCONFIG\startupreg: Corel File Shell Monitor => C:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\CorelIOMonitor.exe MSCONFIG\startupreg: Corel Photo Downloader => "C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup MSCONFIG\startupreg: Facebook Update => "C:\Users\XXX\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver MSCONFIG\startupreg: IAAnotif => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe MSCONFIG\startupreg: LWS => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide MSCONFIG\startupreg: NBAgent => "C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart MSCONFIG\startupreg: Overwolf => C:\Program Files (x86)\Overwolf\Overwolf.exe -silent MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun MSCONFIG\startupreg: VirtualCloneDrive => "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s ==================== Faulty Device Manager Devices ============= Name: Realtek High Definition Audio Description: Realtek High Definition Audio Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318} Manufacturer: Realtek Service: IntcAzAudAddService Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39) Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver. Name: Display Description: Display Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (04/22/2014 01:28:05 PM) (Source: SetupARService) (User: ) Description: Der Dienst kann nicht gestartet werden. System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt. bei SetupAfterRebootService.SetupARService.OnStart(String[] args) bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state) Error: (04/22/2014 01:18:19 PM) (Source: Application Hang) (User: ) Description: Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 650 Startzeit: 01cf5e1b2599a29f Endzeit: 59 Anwendungspfad: C:\Windows\Explorer.EXE Berichts-ID: be9444b3-ca0f-11e3-8ed1-0023542a1ee4 Error: (04/22/2014 01:08:38 PM) (Source: SetupARService) (User: ) Description: Der Dienst kann nicht gestartet werden. System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt. bei SetupAfterRebootService.SetupARService.OnStart(String[] args) bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state) Error: (04/22/2014 00:46:49 PM) (Source: SetupARService) (User: ) Description: Der Dienst kann nicht gestartet werden. System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt. bei SetupAfterRebootService.SetupARService.OnStart(String[] args) bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state) Error: (04/22/2014 00:46:39 PM) (Source: NvStreamSvc) (User: ) Description: NvStreamSvcNvVAD initialization failed [6] Error: (04/22/2014 00:46:39 PM) (Source: NvStreamSvc) (User: ) Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0] Error: (04/22/2014 11:53:10 AM) (Source: SetupARService) (User: ) Description: Der Dienst kann nicht gestartet werden. System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt. bei SetupAfterRebootService.SetupARService.OnStart(String[] args) bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state) Error: (04/22/2014 11:49:44 AM) (Source: SetupARService) (User: ) Description: Der Dienst kann nicht gestartet werden. System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt. bei SetupAfterRebootService.SetupARService.OnStart(String[] args) bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state) Error: (04/22/2014 11:25:29 AM) (Source: SetupARService) (User: ) Description: Der Dienst kann nicht gestartet werden. System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt. bei SetupAfterRebootService.SetupARService.OnStart(String[] args) bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state) Error: (04/22/2014 10:59:46 AM) (Source: SetupARService) (User: ) Description: Der Dienst kann nicht gestartet werden. System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt. bei SetupAfterRebootService.SetupARService.OnStart(String[] args) bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state) System errors: ============= Error: (04/22/2014 01:30:07 PM) (Source: WMPNetworkSvc) (User: ) Description: WMPNetworkSvc0x80070422 Error: (04/22/2014 01:28:52 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058 Error: (04/22/2014 01:28:15 PM) (Source: Service Control Manager) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: NCPro Error: (04/22/2014 01:28:02 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Windows-Bilderfassung (WIA)" ist vom Dienst "Shellhardwareerkennung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058 Error: (04/22/2014 01:27:46 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT-AUTORITÄT) Description: Fehler beim Lesen der Datei für lokale Hosts. Error: (04/22/2014 01:26:10 PM) (Source: Application Popup) (User: ) Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\MTictwl.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten. Error: (04/22/2014 01:27:10 PM) (Source: EventLog) (User: ) Description: Das System wurde zuvor am 22.04.2014 um 13:24:11 unerwartet heruntergefahren. Error: (04/22/2014 01:12:30 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (04/22/2014 01:12:30 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Google Update-Dienst (gupdate) erreicht. Error: (04/22/2014 01:10:19 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058 Microsoft Office Sessions: ========================= Error: (12/20/2013 07:08:48 AM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 37 seconds with 0 seconds of active time. This session ended with a crash. CodeIntegrity Errors: =================================== Date: 2013-07-16 00:55:50.813 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Users\GROESF~1\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-07-16 00:55:50.759 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Users\GROESF~1\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-07-16 00:55:49.315 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-07-16 00:55:49.261 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-07-15 21:21:16.130 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-07-15 21:21:16.068 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. ==================== Memory info =========================== Percentage of memory in use: 24% Total physical RAM: 8191.05 MB Available physical RAM: 6167.46 MB Total Pagefile: 16380.29 MB Available Pagefile: 14339.73 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive b: (Volume) (Fixed) (Total:202.09 GB) (Free:201.99 GB) NTFS Drive c: () (Fixed) (Total:263.67 GB) (Free:89.98 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive s: () (Fixed) (Total:1397.26 GB) (Free:407.97 GB) NTFS Drive x: (Volume) (Fixed) (Total:596.17 GB) (Free:596.06 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 6E8C3AE2) Partition 1: (Not Active) - (Size=2 GB) - (Type=82) Partition 2: (Not Active) - (Size=20 GB) - (Type=83) Partition 3: (Not Active) - (Size=444 GB) - (Type=83) ======================================================== Disk: 1 (Size: 466 GB) (Disk ID: 337808E9) Partition 1: (Not Active) - (Size=264 GB) - (Type=07 NTFS) Partition 2: (Active) - (Size=202 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: 24FEDD83) Partition 1: (Not Active) - (Size=596 GB) - (Type=07 NTFS) Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2014-04-22 13:57:00 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD5000AAKS-00A7B0 rev.01.03B01 465,76GB Running: Gmer-19357.exe; Driver: C:\Users\GROESF~1\AppData\Local\Temp\uwdoraoc.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80003601000 45 bytes [00, 00, 16, 02, 4E, 74, 66, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff8000360102f 10 bytes [00, 01, 00, 06, 00, 00, 00, ...] ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1724] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000755a1465 2 bytes [5A, 75] .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1724] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000755a14bb 2 bytes [5A, 75] .text ... * 2 .text C:\Program Files (x86)\Movies Toolbar\SafetyNut\SafetyNutManager.exe[1964] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000755a1465 2 bytes [5A, 75] .text C:\Program Files (x86)\Movies Toolbar\SafetyNut\SafetyNutManager.exe[1964] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000755a14bb 2 bytes [5A, 75] .text ... * 2 .text C:\Program Files (x86)\Movies Toolbar\SafetyNut\SafetyNutManager.exe[1436] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000755a1465 2 bytes [5A, 75] .text C:\Program Files (x86)\Movies Toolbar\SafetyNut\SafetyNutManager.exe[1436] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000755a14bb 2 bytes [5A, 75] .text ... * 2 .text S:\Downloads\Downloads\Gmer-19357.exe[4132] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077a0fcb0 5 bytes JMP 000000010026091c .text S:\Downloads\Downloads\Gmer-19357.exe[4132] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077a0fe14 5 bytes JMP 0000000100260048 .text S:\Downloads\Downloads\Gmer-19357.exe[4132] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077a0fea8 5 bytes JMP 00000001002602ee .text S:\Downloads\Downloads\Gmer-19357.exe[4132] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077a10004 5 bytes JMP 00000001002604b2 .text S:\Downloads\Downloads\Gmer-19357.exe[4132] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077a10038 5 bytes JMP 00000001002609fe .text S:\Downloads\Downloads\Gmer-19357.exe[4132] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077a10068 5 bytes JMP 0000000100260ae0 .text S:\Downloads\Downloads\Gmer-19357.exe[4132] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077a10084 5 bytes JMP 0000000100020050 .text S:\Downloads\Downloads\Gmer-19357.exe[4132] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077a1079c 5 bytes JMP 000000010026012a .text S:\Downloads\Downloads\Gmer-19357.exe[4132] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077a1088c 5 bytes JMP 0000000100260758 .text S:\Downloads\Downloads\Gmer-19357.exe[4132] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077a108a4 5 bytes JMP 0000000100260676 .text S:\Downloads\Downloads\Gmer-19357.exe[4132] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077a10df4 5 bytes JMP 00000001002603d0 .text S:\Downloads\Downloads\Gmer-19357.exe[4132] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077a11920 5 bytes JMP 0000000100260594 .text S:\Downloads\Downloads\Gmer-19357.exe[4132] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077a11be4 5 bytes JMP 000000010026083a .text S:\Downloads\Downloads\Gmer-19357.exe[4132] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077a11d70 5 bytes JMP 000000010026020c .text S:\Downloads\Downloads\Gmer-19357.exe[4132] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000076ab524f 7 bytes JMP 0000000100260f52 .text S:\Downloads\Downloads\Gmer-19357.exe[4132] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000076ab53d0 7 bytes JMP 0000000100270210 .text S:\Downloads\Downloads\Gmer-19357.exe[4132] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000076ab5677 1 byte JMP 0000000100270048 .text S:\Downloads\Downloads\Gmer-19357.exe[4132] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000076ab5679 5 bytes {JMP 0xffffffff897ba9d1} .text S:\Downloads\Downloads\Gmer-19357.exe[4132] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000076ab589a 7 bytes JMP 0000000100260ca6 .text S:\Downloads\Downloads\Gmer-19357.exe[4132] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000076ab5a1d 7 bytes JMP 00000001002703d8 .text S:\Downloads\Downloads\Gmer-19357.exe[4132] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000076ab5c9b 7 bytes JMP 000000010027012c .text S:\Downloads\Downloads\Gmer-19357.exe[4132] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000076ab5d87 7 bytes JMP 00000001002702f4 .text S:\Downloads\Downloads\Gmer-19357.exe[4132] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000076ab7240 7 bytes JMP 0000000100260e6e .text S:\Downloads\Downloads\Gmer-19357.exe[4132] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000076c21492 7 bytes JMP 00000001002704bc ---- Threads - GMER 2.1 ---- Thread C:\Windows\SysWOW64\ntdll.dll [1784:1788] 00000000002d1c94 Thread C:\Windows\SysWOW64\ntdll.dll [1784:1808] 000000007067e767 Thread C:\Windows\SysWOW64\ntdll.dll [1784:3764] 0000000073f922e8 Thread C:\Windows\SysWOW64\ntdll.dll [1784:3768] 0000000073f922e8 Thread C:\Windows\SysWOW64\ntdll.dll [1784:3772] 0000000073f922e8 Thread C:\Windows\SysWOW64\ntdll.dll [1784:4064] 000000006fbf3189 Thread C:\Windows\SysWOW64\ntdll.dll [1784:4068] 000000006e5b8f59 Thread C:\Windows\SysWOW64\ntdll.dll [1784:488] 000000006e534b0d Thread C:\Windows\SysWOW64\ntdll.dll [1784:2332] 000000006cff1854 Thread C:\Windows\SysWOW64\ntdll.dll [3952:3956] 00000000002d1c94 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations ?????e??Microsoft Trusted Audio Drivers?????v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|RPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|Name=@FirewallAPI.dll,-30781|Desc=@FirewallAPI.dll,-30784|EmbedCtxt=@FirewallAPI.dll,-30752|???????&???????????????????????????????????????????????????????????t???y??????????? ???????a?????.dl???????????????????????????????\??????ca??C:\Windows\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll?boo??????disk.inf??????r??????y??????????????????????????????????????????Microsoft Monitor-Klassenfunktionstreiber-Dienst?????&??????????????????????????????Terminal-Ger?tetreiber??????WFP Lightweight Filter??????wvmbus.inf_amd64_neutral_f6b968c04185b840???v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\Vuze\Azureus.exe|Name=Azureus / Vuze|?ac?????????????????????????????l?????????????N???? ??????????????????&???????G??????????????????????volume.inf_amd64_neutral_1b1a512d99c5b72c???machine.inf Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001bdc0f4752 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001bdc0f4752 (not active ControlSet) Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\Gro\x00afesFlausch\Desktop\ComboFix.exe 1 Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\Gro\x00afesFlausch\Desktop\uninstall.exe.exe 1 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk1\DR1 unknown MBR code ---- EOF - GMER 2.1 ---- Code:
ATTFilter Scan-Informationen: Version der Virendefinitionen: 2014.04.21.033 Sequ.-ID der Virendefinitionen: 153226 Scanstatistiken: Scanstart: Lokal: 22.04.2014 14:37 UTC: 22.04.2014 12:37 Scanzeit: 492 Sekunden Scanziele: Oft infizierte Bereiche Zähler: Gescannte Elemente insgesamt: 10.469 – Dateien und Laufwerke: 3.344 – Registrierungseinträge: 1.365 – Prozesse und Elemente beim Start: 5.039 – Netzwerk- und Browser-Elemente: 709 – Sonstiges: 4 – Vertrauenswürdige Dateien: 1.075 – Übersprungene Dateien: 0 Erkannte Sicherheitsrisiken insgesamt: 3 Behobene Elemente insgesamt: 3 Elemente insgesamt, die Aufmerksamkeit erfordern: 0 Behobene Bedrohungen: 3 Tracking Cookies Typ: Anomalie Risiko: Gering (Gering Verbergen, Gering Entfernen, Gering Leistung, Gering Datenschutz) Kategorien: Tracking Cookies Status: Vollst. behoben ----------- 3 Tracking Cookies Cookie:XXX@liveperson.net/ - Gelöscht Cookie:XXX@partypoker.com/ - Gelöscht - Gelöscht Nicht behobene Bedrohungen: Keine nicht behobenen Risiken Liebe Grüße und vielen lieben Dank im Voraus, Laschmunzel |
28.04.2014, 07:04 | #4 |
/// the machine /// TB-Ausbilder | Maleware Sammlung bei Kontrolle der installierten Software unter Windows/Programme entdeckt! hi, Revo Uninstaller - Download - Filepony Damit alles deinstallieren was Du in der Additional.txt findest mit dem Zusatz <== ATTENTION Mit Revo auch Moderat die Reste entfernen lassen. Downloade Dir bitte Malwarebytes Anti-Malware
Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
12.05.2014, 04:03 | #5 |
| Maleware Sammlung bei Kontrolle der installierten Software unter Windows/Programme entdeckt! Hallo Schrauber! Bitte entschuldige, mein spätes reagieren - ich war krank! Ich druck mir das aus und werd alles durchführen und melde mich dann! Liebe Grüße! |
12.05.2014, 16:27 | #6 |
/// the machine /// TB-Ausbilder | Maleware Sammlung bei Kontrolle der installierten Software unter Windows/Programme entdeckt! ok
__________________ --> Maleware Sammlung bei Kontrolle der installierten Software unter Windows/Programme entdeckt! |
14.05.2014, 20:13 | #7 |
| Maleware Sammlung bei Kontrolle der installierten Software unter Windows/Programme entdeckt! Hallo schrauber! Hatte vorher was geschrieben, wo ich mich geirrt hab, weil etwas überlesen - daher ist dieser Beitrag jetzt bearbeitet - da du online warst, weiß ich nicht, ob du es gelesen hast. Jedenfalls: Ich bin dran! Lg PS: Und erleichtert. Dachte schon, ich bin komplett verseucht hier... Geändert von Laschmunzel (14.05.2014 um 20:27 Uhr) |
15.05.2014, 19:25 | #8 |
/// the machine /// TB-Ausbilder | Maleware Sammlung bei Kontrolle der installierten Software unter Windows/Programme entdeckt! alles klar
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
17.05.2014, 15:39 | #9 |
| Maleware Sammlung bei Kontrolle der installierten Software unter Windows/Programme entdeckt! Hallo schrauber! Also zur Info - ich habe entschieden neu aufzusetzen, da ich mich schon hinten und vorne nicht mehr raus sehe - es sit auch ein wenig kompliziert mit meinen 6 Festplatten und backup's und den vielen Scans die ich gemacht habe. Desk365 z.b. kann ich net finden - das Programm aber schon - und das ist eine alte Geschichte bei mir, wenn du dir nämlich meine alten Treads anschaust! Außerdem ist da ja noch der Spywarehunter - und den kann ich auch net finden... Ugs... Ich glaub auch ich bin schneller und es ist besser für den PC wenn ich ihn mal wieder frisch mache. Hatte ich eh schon lang net mehr! Ich würd mich aber freuen, wenn du nach dem Aufsetzen einen Blick drauf wirfst um festzustellen ob eh nix in den Boot-Sektoren sitzt. Wäre das ok? Dann bitte poste mir einfach nur, welche Logfiles und was du dazu brauchen würdest. Bitte nicht böse sein, aber das System ist einfach auch schon total unsauber wie ich in den Windows Dateien sehe, und ich hätte das gerne bereinigt. Oder meinst du, das wäre nicht gut? Lg, Laschmunzel |
18.05.2014, 12:32 | #10 |
/// the machine /// TB-Ausbilder | Maleware Sammlung bei Kontrolle der installierten Software unter Windows/Programme entdeckt! Neuaufsetzen ist immer ne gute Idee, dann is definitiv alles sauber und frisch. Poste einfach im Anschluss mal frische FRST Logs
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu Maleware Sammlung bei Kontrolle der installierten Software unter Windows/Programme entdeckt! |
aktuelle, bootloader, gefährliche, gen, grub, langsam, linux, logfiles, maleware, neustart, norton, norton 360, panik, problem, programme, rechner, software, speicher, suse, tools, update, version, windows, windows 7, windows update |