| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Werbefenster öffnen sich selbstständig in allen BrowsernWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
07.05.2014, 07:36
| #1 |
 |  Werbefenster öffnen sich selbstständig in allen Browsern Hallo, sobald ich meinen Explorer (zurzeit Google Chrome) benutze und nur einmal mit der Maus klicke öffnet sich ein neues Fenster mit jeglicher Werbung. Habe ein ähnliches Thread ("Alle Browser voll mit Werbung  ") gefunden, wo das selbe Problem beschrieben wurde. Dort war beschrieben, dass ich mal mit Farbar Recovery Scan Tool einen Scan durchführen sollte, dies habe ich schonmal getan.Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-05-2014
Ran by Chris (administrator) on CHRIS-HP on 07-05-2014 08:15:46
Running from C:\Users\Chris\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(McAfee, Inc.) C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Hewlett-Packard) C:\Windows\System32\hpservice.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AMD) C:\Windows\System32\atieclxx.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(SIEMENS AG) C:\Program Files\Common Files\Siemens\sws\almsrv\almsrv64x.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Siemens AG) C:\Program Files\Common Files\Siemens\AlmPanelPlugin\ALMPanelPlugin.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
() C:\ProgramData\DatacardService\DCService.exe
(Juniper Networks) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
(Hewlett-Packard Development Company, L.P) C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(SIEMENS AG) C:\Program Files\Common Files\Siemens\Automation\Simatic OAM\bin\s7oiehsx64.exe
(SIEMENS AG) C:\Program Files\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceService64x.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(SIEMENS AG) C:\Program Files\Common Files\Siemens\Automation\Simatic OAM\bin\s7epasrv64x.exe
(ArcSoft, Inc.) C:\Windows\system\uArcCapture.exe
(SIEMENS AG) C:\Program Files\Common Files\Siemens\Automation\Simatic OAM\bin\pniomgr.exe
() C:\Program Files\V-bates\ExtensionUpdaterService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(McAfee, Inc.) C:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpAgent.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Korg Inc.) C:\Windows\System32\InitJam.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
() C:\Windows\vsnpstd3.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
() C:\Windows\tsnpstd3.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe
() C:\Program Files (x86)\Re-markit\Re-markitfQLOWw.exe
(SIEMENS AG) C:\Windows\SysWOW64\pniopcac.exe
(SIEMENS AG) C:\Windows\SysWOW64\pniopcac.exe
(SIEMENS AG) C:\Windows\SysWOW64\pniopcac.exe
() C:\Program Files (x86)\Re-markit\Re-markitfQL161.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunes.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [HPPowerAssistant] => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [1691192 2010-06-19] (Hewlett-Packard Company)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2174760 2010-06-04] (Synaptics Incorporated)
HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-04-05] (Hewlett-Packard)
HKLM\...\Run: [JamInit] => C:\windows\system32\InitJam.exe [253008 2009-04-15] (Korg Inc.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [snpstd3] => C:\windows\vsnpstd3.exe [827392 2006-09-19] ()
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation)
HKLM-x32\...\Run: [File Sanitizer] => C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [11265536 2009-12-12] (Hewlett-Packard)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-08-05] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [DTRun] => c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe [518656 2009-11-19] (ArcSoft Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe [256056 2010-10-01] (Hewlett-Packard Company)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM-x32\...\Run: [SiemensAutomationFileStorage] => C:\Program Files (x86)\Siemens\Automation\Portal V11\\Bin\Siemens.Automation.ObjectFrame.FileStorage.Server.exe [856064 2011-11-22] (Siemens AG)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [162856 2013-07-22] (Geek Software GmbH)
HKLM-x32\...\Run: [tsnpstd3] => C:\windows\tsnpstd3.exe [262144 2006-07-07] ()
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-14] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-06] (Apple Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] - "c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe" Update [21720 2014-04-22] (Hewlett-Packard)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
Winlogon\Notify\DeviceNP-x32: DeviceNP.dll [X]
HKU\S-1-5-21-538565719-3422209620-1557115018-1002\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-06-17] (Hewlett-Packard Company)
HKU\S-1-5-21-538565719-3422209620-1557115018-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-538565719-3422209620-1557115018-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-09-14] (Apple Inc.)
HKU\S-1-5-21-538565719-3422209620-1557115018-1002\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-09-15] (Apple Inc.)
HKU\S-1-5-21-538565719-3422209620-1557115018-1002\...\MountPoints2: {cdca94ef-f67f-11e0-bec7-e02a82a1a3d8} - D:\AutoRun.exe
HKU\S-1-5-21-538565719-3422209620-1557115018-1002\...\MountPoints2: {cdca9500-f67f-11e0-bec7-e02a82a1a3d8} - D:\AutoRun.exe
Lsa: [Notification Packages] DPPassFilter scecli
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:14326
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.awesomehp.com/?type=hp&ts=1393075610&from=adks&uid=HitachiXHTS725050A9A364_101216PCK404GLG5MS5JX
HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1393075610&from=adks&uid=HitachiXHTS725050A9A364_101216PCK404GLG5MS5JX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.awesomehp.com/?type=hp&ts=1393075610&from=adks&uid=HitachiXHTS725050A9A364_101216PCK404GLG5MS5JX
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.awesomehp.com/?type=hp&ts=1393075610&from=adks&uid=HitachiXHTS725050A9A364_101216PCK404GLG5MS5JX
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1393075610&from=adks&uid=HitachiXHTS725050A9A364_101216PCK404GLG5MS5JX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1393075610&from=adks&uid=HitachiXHTS725050A9A364_101216PCK404GLG5MS5JX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.awesomehp.com/?type=hp&ts=1393075610&from=adks&uid=HitachiXHTS725050A9A364_101216PCK404GLG5MS5JX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.awesomehp.com/?type=hp&ts=1393075610&from=adks&uid=HitachiXHTS725050A9A364_101216PCK404GLG5MS5JX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1393075610&from=adks&uid=HitachiXHTS725050A9A364_101216PCK404GLG5MS5JX&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.awesomehp.com/?type=sc&ts=1393075610&from=adks&uid=HitachiXHTS725050A9A364_101216PCK404GLG5MS5JX
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1393075610&from=adks&uid=HitachiXHTS725050A9A364_101216PCK404GLG5MS5JX&q={searchTerms}
SearchScopes: HKLM - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1393075610&from=adks&uid=HitachiXHTS725050A9A364_101216PCK404GLG5MS5JX&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=102&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1393075610&from=adks&uid=HitachiXHTS725050A9A364_101216PCK404GLG5MS5JX&q={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1393075610&from=adks&uid=HitachiXHTS725050A9A364_101216PCK404GLG5MS5JX&q={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=102&sr=0&q={searchTerms}
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3323828&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPF77F99E8-AF03-4553-9896-3D874741D4F1&q={searchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3323828&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPF77F99E8-AF03-4553-9896-3D874741D4F1&q={searchTerms}&SSPV=
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1393075610&from=adks&uid=HitachiXHTS725050A9A364_101216PCK404GLG5MS5JX&q={searchTerms}
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=102&sr=0&q={searchTerms}
BHO: HQ-Video-Profession-1.3 - {11111111-1111-1111-1111-110511151178} - C:\Program Files (x86)\HQ-Video-Profession-1.3\HQ-Video-Profession-1.3-bho64.dll (HQ-Video)
BHO: V-bates - {21EAF666-26B3-4a3c-ABD0-CA2F5A326744} - C:\Program Files\V-bates\Extension64.dll ()
BHO: HP ProtectTools Security Manager Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: HQ-Video-Profession-1.3 - {11111111-1111-1111-1111-110511151178} - C:\Program Files (x86)\HQ-Video-Profession-1.3\HQ-Video-Profession-1.3-bho.dll (HQ-Video)
BHO-x32: V-bates - {21EAF666-26B3-4a3c-ABD0-CA2F5A326744} - C:\Program Files\V-bates\Extension32.dll ()
BHO-x32: File Sanitizer for HP ProtectTools - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
BHO-x32: HP ProtectTools Security Manager Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
BHO-x32: PodcastBHO Class - {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll (doubleTwist Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Avira Savings Advisor BHO - {A18A516C-AA41-46A9-92DB-60208917E442} - C:\Program Files (x86)\avira\Internet Explorer\avira32.dll ()
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @doubletwist.com/NPPodcast - C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll (doubleTwist Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\awesomehp.xml
FF HKLM\...\Firefox\Extensions: [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}] - C:\Program Files\V-bates\Firefox
FF Extension: V-bates - C:\Program Files\V-bates\Firefox [2014-02-15]
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\
FF Extension: DigitalPersona Extension - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ []
FF HKLM-x32\...\Firefox\Extensions: [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}] - C:\Program Files\V-bates\Firefox
FF Extension: V-bates - C:\Program Files\V-bates\Firefox [2014-02-15]
FF HKLM-x32\...\Firefox\Extensions: [quick_start@gmail.com] - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\u5faacrf.default\extensions\quick_start@gmail.com
FF HKCU\...\Firefox\Extensions: [{00894511-B737-5398-6E7A-13EBFFF11FE9}] - C:\Program Files (x86)\Re-markit\161.xpi
FF Extension: Re-markit - C:\Program Files (x86)\Re-markit\161.xpi [2014-04-30]
Chrome:
=======
CHR Extension: (Google Drive) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-28]
CHR Extension: (YouTube) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-28]
CHR Extension: (Google-Suche) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-28]
CHR Extension: (Google Wallet) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-28]
CHR Extension: (Google Mail) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-28]
CHR HKLM-x32\...\Chrome\Extension: [dhkplhfnhceodhffomolpfigojocbpcb] - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbar.crx [2014-04-28]
==================== Services (Whitelisted) =================
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 almservice; C:\Program Files\Common Files\Siemens\sws\almsrv\almsrv64x.exe [1543816 2011-12-11] (SIEMENS AG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-14] (Avira Operations GmbH & Co. KG)
R2 DCService.exe; C:\ProgramData\DatacardService\DCService.exe [229376 2010-08-19] ()
R3 DEBridge; c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [704512 2009-12-16] (McAfee, Inc.)
R2 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [462088 2009-11-25] (DigitalPersona, Inc.)
S3 FLCDLOCK; c:\Windows\SysWOW64\flcdlock.exe [362040 2009-11-18] (Hewlett-Packard Ltd)
R2 HP ProtectTools Service; c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [36864 2009-11-19] (Hewlett-Packard Development Company, L.P)
R2 HpFkCryptService; c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [281192 2009-12-16] (McAfee, Inc.)
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [280120 2010-10-01] (Hewlett-Packard Company)
R2 Re-markit; C:\Program Files (x86)\Re-markit\Re-markitfQL161.exe [142848 2014-04-30] ()
R2 s7oiehsx64; C:\Program Files\Common Files\Siemens\Automation\Simatic OAM\bin\s7oiehsx64.exe [139864 2012-01-30] (SIEMENS AG)
R2 S7TraceServiceX; C:\Program Files\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceService64x.exe [470104 2012-01-30] (SIEMENS AG)
R2 uArcCapture; C:\windows\system\uArcCapture.exe [506472 2009-12-04] (ArcSoft, Inc.)
R2 V-bates Updater; C:\Program Files\V-bates\ExtensionUpdaterService.exe [209408 2014-01-08] ()
==================== Drivers (Whitelisted) ====================
R3 ARCVCAM; C:\Windows\System32\DRIVERS\ArcSoftVCapture.sys [32640 2009-12-04] (ArcSoft, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-02-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-02-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-14] (Avira Operations GmbH & Co. KG)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [40760 2009-10-21] (Hewlett-Packard Development Company L.P.)
R3 dpmconv; C:\Windows\System32\DRIVERS\dpmconv.sys [259072 2011-04-19] (SIEMENS AG)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [256000 2010-08-31] (Huawei Technologies Co., Ltd.)
S3 JAMVOX_01; C:\Windows\System32\DRIVERS\JamWdm.sys [31824 2009-04-15] ()
S1 JAMVOX_AA; C:\Windows\System32\DRIVERS\JamDRV.sys [62544 2009-04-15] ()
R1 RsvLock; C:\Windows\System32\Drivers\RsvLock.sys [58184 2009-12-16] (McAfee, Inc.)
R1 RsvLock; C:\Windows\SysWow64\Drivers\RsvLock.sys [40088 2009-12-16] (McAfee, Inc.)
R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [89216 2009-12-22] (Realtek Semiconductor Corp.)
R3 s7odpx2x64; C:\Windows\System32\DRIVERS\s7odpx2x64.sys [71168 2012-01-17] (SIEMENS AG)
R3 s7oppinx64; C:\Windows\System32\DRIVERS\s7oppinx64.sys [107520 2012-01-17] (SIEMENS AG)
R3 s7oserix64; C:\Windows\System32\Drivers\s7oserix64.sys [121344 2011-05-06] (SIEMENS AG)
R3 s7osmcax64; C:\Windows\System32\DRIVERS\s7osmcax64.sys [195584 2011-09-29] (SIEMENS AG)
R3 s7osobux64; C:\Windows\System32\DRIVERS\s7osobux64.sys [152576 2011-05-06] (SIEMENS AG)
R3 s7otmcd64x; C:\Windows\System32\Drivers\s7otmcd64x.sys [199680 2011-05-06] (SIEMENS AG)
R3 s7otranx64; C:\Windows\System32\DRIVERS\s7otranx64.sys [260096 2012-01-17] (SIEMENS AG)
R3 s7otsadx64; C:\Windows\System32\DRIVERS\s7otsadx64.sys [192000 2011-09-29] (SIEMENS AG)
R2 s7ousbu64x; C:\Windows\System32\DRIVERS\s7ousbu64x.sys [196608 2012-01-17] (SIEMENS AG)
R2 s7sn2srtx; C:\Windows\System32\DRIVERS\s7sn2srtx.sys [83032 2011-06-16] (SIEMENS AG)
R0 SafeBoot; C:\Windows\System32\Drivers\SafeBoot.sys [56648 2009-12-16] ()
R0 SafeBoot; C:\Windows\SysWow64\Drivers\SafeBoot.sys [110520 2009-12-16] (McAfee, Inc.)
R0 SbAlg; C:\Windows\System32\Drivers\SbAlg.sys [60160 2009-06-04] (McAfee, Inc.)
R0 SbAlg; C:\Windows\SysWow64\Drivers\SbAlg.sys [51800 2009-12-16] (McAfee, Inc.)
R0 SbFsLock; C:\Windows\System32\Drivers\SbFsLock.sys [15688 2009-12-16] (McAfee, Inc.)
R0 SbFsLock; C:\Windows\SysWow64\Drivers\SbFsLock.sys [13256 2009-12-16] (McAfee, Inc.)
S3 SNPSTD3; C:\Windows\System32\DRIVERS\snpstd3.sys [10550272 2007-03-27] (Sonix Co. Ltd.)
R2 SNTIE; C:\Windows\System32\DRIVERS\sntie.sys [179288 2011-10-11] (SIEMENS AG)
R3 vsnl2ada; C:\Windows\System32\DRIVERS\vsnl2ada.sys [120832 2011-04-19] (SIEMENS AG)
S3 nmwcd; system32\drivers\ccdcmbx64.sys [X]
S3 nmwcdc; system32\drivers\ccdcmbox64.sys [X]
S3 STHDA; system32\DRIVERS\stwrt64.sys [X]
S3 upperdev; system32\DRIVERS\usbser_lowerfltx64.sys [X]
U2 wuaserv;
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-07 07:58 - 2014-05-07 08:00 - 00042982 _____ () C:\Users\Chris\Downloads\Addition.txt
2014-05-07 07:57 - 2014-05-07 08:15 - 00029045 _____ () C:\Users\Chris\Downloads\FRST.txt
2014-05-07 07:56 - 2014-05-07 08:15 - 00000000 ____D () C:\FRST
2014-05-07 07:55 - 2014-05-07 07:56 - 02063872 _____ (Farbar) C:\Users\Chris\Downloads\FRST64.exe
2014-05-07 07:47 - 2014-05-07 07:47 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte
2014-05-07 07:15 - 2014-05-07 07:15 - 00611320 _____ () C:\Users\Chris\Downloads\Player Setup.exe
2014-05-07 07:08 - 2014-05-07 07:08 - 00001532 _____ () C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2014-05-06 12:16 - 2014-05-06 12:38 - 34014392 _____ (DVDVideoSoft Ltd. ) C:\Users\Chris\Downloads\FreeYouTubeToMP3Converter34430.exe
2014-05-05 12:23 - 2014-05-05 12:35 - 32346240 _____ (DVDVideoSoft Ltd. ) C:\Users\Chris\Downloads\FreeYouTubeDownload-3.2.33.424.exe
2014-05-05 12:18 - 2014-05-05 12:18 - 00001477 _____ () C:\Users\Public\Desktop\Free MP4 Video Converter.lnk
2014-05-05 11:48 - 2014-05-05 12:01 - 32121120 _____ (DVDVideoSoft Ltd. ) C:\Users\Chris\Downloads\FreeMP4VideoConverter_v5.0.39.430.exe
2014-05-04 20:22 - 2014-05-04 20:22 - 00499184 _____ () C:\Users\Chris\Downloads\Java.exe
2014-04-30 14:55 - 2014-04-30 14:55 - 00000000 __SHD () C:\Users\Chris\AppData\Local\EmieUserList
2014-04-30 14:55 - 2014-04-30 14:55 - 00000000 __SHD () C:\Users\Chris\AppData\Local\EmieSiteList
2014-04-30 14:53 - 2014-05-06 15:40 - 00000386 _____ () C:\windows\Tasks\Re-markit Update.job
2014-04-30 14:52 - 2014-04-30 14:52 - 00002964 _____ () C:\windows\System32\Tasks\Re-markit_wd
2014-04-30 14:51 - 2014-04-30 14:53 - 00000000 ____D () C:\Program Files (x86)\Re-markit
2014-04-29 06:46 - 2014-03-06 12:21 - 23549440 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-04-29 06:46 - 2014-03-06 11:32 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-04-29 06:46 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-04-29 06:46 - 2014-03-06 11:19 - 17387008 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-04-29 06:46 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-04-29 06:46 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-04-29 06:46 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-04-29 06:46 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-04-29 06:46 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-04-29 06:46 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-04-29 06:46 - 2014-03-06 10:32 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-04-29 06:46 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-04-29 06:46 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-04-29 06:46 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-04-29 06:46 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-04-29 06:46 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-04-29 06:46 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-04-29 06:46 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-04-29 06:46 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-04-29 06:46 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-04-29 06:46 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-04-29 06:46 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-04-29 06:46 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-04-29 06:46 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-04-29 06:46 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-04-29 06:46 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-04-29 06:46 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-04-29 06:46 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-04-29 06:46 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-04-29 06:46 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-04-29 06:46 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-04-29 06:46 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-04-29 06:46 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-04-29 06:46 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-04-29 06:46 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-29 06:46 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-04-29 06:46 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-04-29 06:46 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-04-29 06:46 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-04-29 06:46 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-04-29 06:46 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-04-29 06:46 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-04-29 06:46 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-04-29 06:46 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-04-29 06:46 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-04-29 06:46 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-04-29 06:46 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-04-29 06:46 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-04-28 21:16 - 2014-05-07 07:52 - 00001108 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-28 21:16 - 2014-05-07 07:15 - 00001104 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-28 21:16 - 2014-05-02 12:15 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-28 21:16 - 2014-04-29 06:47 - 00004104 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-04-28 21:16 - 2014-04-29 06:47 - 00003852 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-04-28 21:16 - 2014-04-28 21:16 - 00000000 ____D () C:\Users\Chris\AppData\Local\Google
2014-04-28 21:16 - 2014-04-28 21:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-04-28 21:16 - 2014-04-28 21:16 - 00000000 ____D () C:\Program Files (x86)\Google
2014-04-28 20:55 - 2014-04-28 21:12 - 38317592 _____ (Google Inc.) C:\Users\Chris\Downloads\ChromeStandaloneSetup_34.0.1847.116.exe
2014-04-28 19:11 - 2014-04-28 19:11 - 00000000 ____D () C:\Users\Chris\Desktop\Neuer Ordner
2014-04-28 12:44 - 2014-04-28 19:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-12 22:31 - 2014-04-12 22:31 - 00000000 ____D () C:\Users\Chris\Documents\ArcSoft
2014-04-10 13:49 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msiscsi.sys
2014-04-10 13:49 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\windows\system32\Drivers\storport.sys
2014-04-10 13:49 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Diskdump.sys
2014-04-10 13:49 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\iologmsg.dll
2014-04-10 13:49 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\iologmsg.dll
2014-04-10 11:33 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2014-04-10 11:33 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2014-04-10 11:33 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2014-04-10 11:33 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2014-04-10 11:33 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2014-04-10 11:33 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2014-04-10 11:33 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2014-04-10 11:33 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2014-04-10 11:33 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2014-04-10 11:33 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2014-04-10 11:33 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2014-04-10 11:33 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys
==================== One Month Modified Files and Folders =======
2014-05-07 08:15 - 2014-05-07 07:57 - 00029045 _____ () C:\Users\Chris\Downloads\FRST.txt
2014-05-07 08:15 - 2014-05-07 07:56 - 00000000 ____D () C:\FRST
2014-05-07 08:00 - 2014-05-07 07:58 - 00042982 _____ () C:\Users\Chris\Downloads\Addition.txt
2014-05-07 07:58 - 2011-01-08 11:28 - 01415741 _____ () C:\windows\WindowsUpdate.log
2014-05-07 07:56 - 2014-05-07 07:55 - 02063872 _____ (Farbar) C:\Users\Chris\Downloads\FRST64.exe
2014-05-07 07:52 - 2014-04-28 21:16 - 00001108 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-07 07:51 - 2009-07-14 06:51 - 00302817 _____ () C:\windows\setupact.log
2014-05-07 07:50 - 2009-07-14 06:45 - 00019760 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-07 07:50 - 2009-07-14 06:45 - 00019760 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-07 07:47 - 2014-05-07 07:47 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte
2014-05-07 07:15 - 2014-05-07 07:15 - 00611320 _____ () C:\Users\Chris\Downloads\Player Setup.exe
2014-05-07 07:15 - 2014-04-28 21:16 - 00001104 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-07 07:12 - 2014-02-25 10:25 - 00003140 _____ () C:\windows\Tasks\HQ-Video-Profession-1.3-chromeinstaller.job
2014-05-07 07:10 - 2010-12-07 14:06 - 00700134 _____ () C:\windows\system32\perfh007.dat
2014-05-07 07:10 - 2010-12-07 14:06 - 00149984 _____ () C:\windows\system32\perfc007.dat
2014-05-07 07:10 - 2009-07-14 07:13 - 01622236 _____ () C:\windows\system32\PerfStringBackup.INI
2014-05-07 07:08 - 2014-05-07 07:08 - 00001532 _____ () C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2014-05-07 07:08 - 2012-11-08 22:32 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2014-05-07 07:08 - 2011-08-05 18:32 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\DVDVideoSoft
2014-05-07 07:08 - 2011-01-24 20:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-05-07 07:07 - 2014-02-25 10:26 - 00001580 _____ () C:\windows\Tasks\HQ-Video-Profession-1.3-updater.job
2014-05-07 07:07 - 2014-02-25 10:26 - 00001536 _____ () C:\windows\Tasks\HQ-Video-Profession-1.3-codedownloader.job
2014-05-07 07:07 - 2014-02-25 10:26 - 00001434 _____ () C:\windows\Tasks\HQ-Video-Profession-1.3-enabler.job
2014-05-07 07:07 - 2014-02-25 10:25 - 00002662 _____ () C:\windows\Tasks\HQ-Video-Profession-1.3-firefoxinstaller.job
2014-05-06 15:40 - 2014-04-30 14:53 - 00000386 _____ () C:\windows\Tasks\Re-markit Update.job
2014-05-06 15:40 - 2014-02-25 10:16 - 00000376 _____ () C:\windows\Tasks\Re-markit_wd.job
2014-05-06 12:38 - 2014-05-06 12:16 - 34014392 _____ (DVDVideoSoft Ltd. ) C:\Users\Chris\Downloads\FreeYouTubeToMP3Converter34430.exe
2014-05-06 12:14 - 2011-01-24 20:34 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\DVDVideoSoftIEHelpers
2014-05-05 12:57 - 2011-05-19 18:05 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Skype
2014-05-05 12:35 - 2014-05-05 12:23 - 32346240 _____ (DVDVideoSoft Ltd. ) C:\Users\Chris\Downloads\FreeYouTubeDownload-3.2.33.424.exe
2014-05-05 12:18 - 2014-05-05 12:18 - 00001477 _____ () C:\Users\Public\Desktop\Free MP4 Video Converter.lnk
2014-05-05 12:01 - 2014-05-05 11:48 - 32121120 _____ (DVDVideoSoft Ltd. ) C:\Users\Chris\Downloads\FreeMP4VideoConverter_v5.0.39.430.exe
2014-05-05 11:47 - 2011-01-23 19:32 - 00000052 _____ () C:\windows\SysWOW64\DOErrors.log
2014-05-05 11:46 - 2011-10-30 19:50 - 00000000 _____ () C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-05-05 11:24 - 2014-02-25 10:25 - 00000000 ____D () C:\Program Files (x86)\HQ-Video-Profession-1.3
2014-05-04 20:22 - 2014-05-04 20:22 - 00499184 _____ () C:\Users\Chris\Downloads\Java.exe
2014-05-04 20:07 - 2014-03-13 19:55 - 00003186 _____ () C:\windows\System32\Tasks\HPCeeScheduleForChris
2014-05-04 20:07 - 2014-03-13 19:55 - 00000332 _____ () C:\windows\Tasks\HPCeeScheduleForChris.job
2014-05-02 17:49 - 2010-12-07 14:05 - 00000000 ____D () C:\ProgramData\HPQLOG
2014-05-02 17:48 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-05-02 12:15 - 2014-04-28 21:16 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-30 15:06 - 2011-01-26 20:37 - 00000000 ____D () C:\Users\Chris\AppData\Local\CrashDumps
2014-04-30 14:55 - 2014-04-30 14:55 - 00000000 __SHD () C:\Users\Chris\AppData\Local\EmieUserList
2014-04-30 14:55 - 2014-04-30 14:55 - 00000000 __SHD () C:\Users\Chris\AppData\Local\EmieSiteList
2014-04-30 14:53 - 2014-04-30 14:51 - 00000000 ____D () C:\Program Files (x86)\Re-markit
2014-04-30 14:53 - 2014-02-25 10:16 - 00003034 _____ () C:\windows\System32\Tasks\Re-markit Update
2014-04-30 14:52 - 2014-04-30 14:52 - 00002964 _____ () C:\windows\System32\Tasks\Re-markit_wd
2014-04-30 14:51 - 2014-02-25 10:16 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-04-29 07:59 - 2011-01-22 01:27 - 00443788 _____ () C:\windows\PFRO.log
2014-04-29 07:58 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-04-29 06:47 - 2014-04-28 21:16 - 00004104 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-04-29 06:47 - 2014-04-28 21:16 - 00003852 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-04-28 21:16 - 2014-04-28 21:16 - 00000000 ____D () C:\Users\Chris\AppData\Local\Google
2014-04-28 21:16 - 2014-04-28 21:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-04-28 21:16 - 2014-04-28 21:16 - 00000000 ____D () C:\Program Files (x86)\Google
2014-04-28 21:12 - 2014-04-28 20:55 - 38317592 _____ (Google Inc.) C:\Users\Chris\Downloads\ChromeStandaloneSetup_34.0.1847.116.exe
2014-04-28 20:23 - 2013-03-06 19:03 - 01232896 ___SH () C:\Users\Chris\Desktop\Thumbs.db
2014-04-28 20:07 - 2013-11-27 16:22 - 00017390 _____ () C:\windows\IE11_main.log
2014-04-28 19:11 - 2014-04-28 19:11 - 00000000 ____D () C:\Users\Chris\Desktop\Neuer Ordner
2014-04-28 19:11 - 2014-04-28 12:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-28 19:11 - 2011-01-21 18:20 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Mozilla
2014-04-12 22:31 - 2014-04-12 22:31 - 00000000 ____D () C:\Users\Chris\Documents\ArcSoft
2014-04-11 08:22 - 2011-02-02 17:24 - 00000000 ____D () C:\ProgramData\Microsoft Help
Files to move or delete:
====================
C:\Users\Public\AlexaNSISPlugin.8992.dll
Some content of TEMP:
====================
C:\Users\Chris\AppData\Local\Temp\0a50e25a83046228c11dcaa7eeed09bb.exe
C:\Users\Chris\AppData\Local\Temp\2dcd1d63cb45e6613582211c3d5f4b23.exe
C:\Users\Chris\AppData\Local\Temp\7z.dll
C:\Users\Chris\AppData\Local\Temp\7z.exe
C:\Users\Chris\AppData\Local\Temp\adks_awesomehp.exe
C:\Users\Chris\AppData\Local\Temp\AtpTimerInfo.dll
C:\Users\Chris\AppData\Local\Temp\avgnt.exe
C:\Users\Chris\AppData\Local\Temp\BackupSetup.exe
C:\Users\Chris\AppData\Local\Temp\cvppgr8x.dll
C:\Users\Chris\AppData\Local\Temp\CWPCUNLR.dll
C:\Users\Chris\AppData\Local\Temp\dlLogic.exe
C:\Users\Chris\AppData\Local\Temp\dltr.exe
C:\Users\Chris\AppData\Local\Temp\dtkill.exe
C:\Users\Chris\AppData\Local\Temp\EnhanceTronicSetup_20131220.exe
C:\Users\Chris\AppData\Local\Temp\Executor.exe
C:\Users\Chris\AppData\Local\Temp\Extract.exe
C:\Users\Chris\AppData\Local\Temp\GCVerifier.dll
C:\Users\Chris\AppData\Local\Temp\HPHelpUpdater.exe
C:\Users\Chris\AppData\Local\Temp\HPQSi.exe
C:\Users\Chris\AppData\Local\Temp\installhelper.dll
C:\Users\Chris\AppData\Local\Temp\Install_Nokia_Ovi_Suite.exe
C:\Users\Chris\AppData\Local\Temp\j5ftrtpz.oft.exe
C:\Users\Chris\AppData\Local\Temp\killtask.exe
C:\Users\Chris\AppData\Local\Temp\MyBabylonTB.exe
C:\Users\Chris\AppData\Local\Temp\neoNCSetup64.exe
C:\Users\Chris\AppData\Local\Temp\NEventMessages.dll
C:\Users\Chris\AppData\Local\Temp\nsb947A.exe
C:\Users\Chris\AppData\Local\Temp\nsg58DE.exe
C:\Users\Chris\AppData\Local\Temp\nsl5B6E.exe
C:\Users\Chris\AppData\Local\Temp\nsl91AB.exe
C:\Users\Chris\AppData\Local\Temp\nssB819.tmp.exe
C:\Users\Chris\AppData\Local\Temp\nsuCA16.exe
C:\Users\Chris\AppData\Local\Temp\Resource.exe
C:\Users\Chris\AppData\Local\Temp\SetupAdmin.exe
C:\Users\Chris\AppData\Local\Temp\SetupDataMngr_jZip.exe
C:\Users\Chris\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Chris\AppData\Local\Temp\SP49020.exe
C:\Users\Chris\AppData\Local\Temp\SP50370.exe
C:\Users\Chris\AppData\Local\Temp\sp50843.exe.exe
C:\Users\Chris\AppData\Local\Temp\SP50877.exe
C:\Users\Chris\AppData\Local\Temp\SP51626.exe
C:\Users\Chris\AppData\Local\Temp\sp52110.exe.exe
C:\Users\Chris\AppData\Local\Temp\sp54373.exe
C:\Users\Chris\AppData\Local\Temp\sp54620.exe
C:\Users\Chris\AppData\Local\Temp\SP57752.exe
C:\Users\Chris\AppData\Local\Temp\sp58915.exe
C:\Users\Chris\AppData\Local\Temp\SPSetup.exe
C:\Users\Chris\AppData\Local\Temp\spstub.exe
C:\Users\Chris\AppData\Local\Temp\SRAssetsHelper.dll
C:\Users\Chris\AppData\Local\Temp\ubkojco2.dll
C:\Users\Chris\AppData\Local\Temp\uninstall.exe
C:\Users\Chris\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Chris\AppData\Local\Temp\UninstallHPTCA.exe
C:\Users\Chris\AppData\Local\Temp\verifier.exe
C:\Users\Chris\AppData\Local\Temp\_ReMarkit_up.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-04-29 12:14
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-05-2014
Ran by Chris at 2014-05-07 08:16:06
Running from C:\Users\Chris\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.7.700.202 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{21FC2093-6E43-460B-B9B0-5F5AA35BBB0F}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft TotalMedia (HKLM-x32\...\ArcSoft TotalMedia) (Version: 1.0.23.26 - ArcSoft)
ArcSoft TotalMedia (x32 Version: 1.0.43.25 - ArcSoft) Hidden
ArcSoft Webcam Sharing Manager (HKLM-x32\...\{190A7D93-3823-439C-91B9-ADCE3EC2A6A2}) (Version: 1.0.0.26 - ArcSoft)
ATI Catalyst Install Manager (HKLM\...\{E534C3AC-6D49-4EAC-8993-C1F0FF545B67}) (Version: 3.0.778.0 - ATI Technologies, Inc.)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Avira Savings Advisor (HKLM-x32\...\{A18A516C-AA41-46A9-92DB-60208917E442}) (Version: 1.5.14 - Avira) <==== ATTENTION
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 2070 Bluetooth 3.0 (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.5600 - Broadcom Corporation)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.60.350.6 - Broadcom Corporation)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0805.358.5180 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0805.358.5180 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2010.0805.358.5180 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2010.0805.0357.5180 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2010.0805.0357.5180 - ATI) Hidden
CCC Help Czech (x32 Version: 2010.0805.0357.5180 - ATI) Hidden
CCC Help Danish (x32 Version: 2010.0805.0357.5180 - ATI) Hidden
CCC Help Dutch (x32 Version: 2010.0805.0357.5180 - ATI) Hidden
CCC Help English (x32 Version: 2010.0805.0357.5180 - ATI) Hidden
CCC Help Finnish (x32 Version: 2010.0805.0357.5180 - ATI) Hidden
CCC Help French (x32 Version: 2010.0805.0357.5180 - ATI) Hidden
CCC Help German (x32 Version: 2010.0805.0357.5180 - ATI) Hidden
CCC Help Greek (x32 Version: 2010.0805.0357.5180 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2010.0805.0357.5180 - ATI) Hidden
CCC Help Italian (x32 Version: 2010.0805.0357.5180 - ATI) Hidden
CCC Help Japanese (x32 Version: 2010.0805.0357.5180 - ATI) Hidden
CCC Help Korean (x32 Version: 2010.0805.0357.5180 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2010.0805.0357.5180 - ATI) Hidden
CCC Help Polish (x32 Version: 2010.0805.0357.5180 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2010.0805.0357.5180 - ATI) Hidden
CCC Help Russian (x32 Version: 2010.0805.0357.5180 - ATI) Hidden
CCC Help Spanish (x32 Version: 2010.0805.0357.5180 - ATI) Hidden
CCC Help Swedish (x32 Version: 2010.0805.0357.5180 - ATI) Hidden
CCC Help Thai (x32 Version: 2010.0805.0357.5180 - ATI) Hidden
CCC Help Turkish (x32 Version: 2010.0805.0357.5180 - ATI) Hidden
ccc-core-static (x32 Version: 2010.0805.358.5180 - ATI) Hidden
ccc-utility64 (Version: 2010.0805.358.5180 - ATI) Hidden
Compatibility Check Tool TIA - TIACOMPCHECK Single SetupPackage V11.0 + SP1 (x32 Version: 11.00.0100 - Siemens AG) Hidden
Corel Home Office - CS Templates (x32 Version: 5.8 - 公司名称) Hidden
Corel Home Office - CT Templates (x32 Version: 5.8 - 您的公司名稱) Hidden
Corel Home Office - IPM (x32 Version: 5.8 - Corel Corporation) Hidden
Corel Home Office - JP Templates (x32 Version: 5.8 - 会社名) Hidden
Corel Home Office - KR Templates (x32 Version: 5.8 - 회사명) Hidden
Corel Home Office - Launcher (x32 Version: 5.8 - Corel Corporation) Hidden
Corel Home Office - Templates RU (x32 Version: 5.8 - Название организации) Hidden
Corel Home Office - Templates1 (x32 Version: 5.8 - Your Company Name) Hidden
Corel Home Office (HKLM-x32\...\_{36C95AD3-D330-4BAA-884A-9F3EFD15A5EA}) (Version: 5.0.90.675 - Corel Corporation)
Corel Home Office (x32 Version: 5.8 - Corel Corporation) Hidden
Device Access Manager for HP ProtectTools (HKLM\...\{55B52830-024A-443E-AF61-61E1E71AFA1B}) (Version: 5.0.1.5 - Hewlett-Packard)
doubleTwist (HKLM-x32\...\doubleTwist) (Version: 3.1.0.9758 - doubleTwist Corporation)
Drive Encryption for HP ProtectTools (HKLM-x32\...\Drive Encryption) (Version: 5.0.4.0 - Hewlett-Packard)
Drive Encryption for HP ProtectTools (Version: 5.0.4.0 - Hewlett-Packard) Hidden
Druckerdeinstallation für EPSON BX310FN Series (HKLM\...\EPSON BX310FN Series) (Version: - SEIKO EPSON Corporation)
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )
Face Recognition for HP ProtectTools (HKLM\...\{E793990C-90BE-4B69-AC29-BF5E8FD4ED54}) (Version: 2.02.4007 - Hewlett-Packard)
ffdshow [rev 2527] [2008-12-19] (HKLM-x32\...\ffdshow_is1) (Version: 1.0 - )
File Sanitizer For HP ProtectTools (HKLM-x32\...\{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}) (Version: 5.0.1.2 - Hewlett-Packard)
Free MP4 Video Converter version 5.0.39.430 (HKLM-x32\...\Free MP4 Video Converter_is1) (Version: 5.0.39.430 - DVDVideoSoft Ltd.)
Free YouTube Download 3 version 3.0.11.727 (HKLM-x32\...\Free YouTube Download 3_is1) (Version: - DVDVideoSoft Limited.)
Free YouTube Download version 3.2.33.424 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.33.424 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.34.430 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.34.430 - DVDVideoSoft Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{67C090D6-109A-47D7-8DED-4160C4D96F32}) (Version: 4.0.4.1 - Hewlett-Packard)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Documentation (HKLM-x32\...\{D21160A2-8B5F-409C-99C8-03582F5324B7}) (Version: 1.7.0.0 - Hewlett-Packard)
HP ESU for Microsoft Windows 7 (HKLM-x32\...\{F5F16745-6FCB-4134-83F9-2688ACFF5DC9}) (Version: 1.1.8.1 - Hewlett-Packard Company)
HP HotKey Support (HKLM\...\{014C6C60-4916-48F7-916E-E8048E12E9F1}) (Version: 4.0.3.1 - Hewlett-Packard Company)
HP Power Assistant (HKLM\...\{32C278B2-BC1F-4018-8FB4-2012A40D9FC1}) (Version: 1.0.9.0 - Hewlett-Packard Company)
HP Power Data (HKLM\...\{F2177395-FD90-44B0-AFB8-2E0566855E5C}) (Version: 1.0.31.182 - Hewlett-Packard)
HP ProtectTools Security Manager (HKLM\...\HPProtectTools) (Version: 5.03.637 - Hewlett-Packard)
HP ProtectTools Security Manager (Version: 5.03.637 - Hewlett-Packard) Hidden
HP QuickLook (HKLM\...\{E6BEE2A9-04CF-42FF-B95B-BB70FAD2DC3E}) (Version: 3.3.1.2 - Hewlett-Packard Company)
HP QuickWeb (HKLM-x32\...\{7861911B-4270-498A-8F7A-FCF0570F487D}) (Version: 1.0.1.63 - DeviceVM, Inc.)
HP Setup (HKLM-x32\...\{E7C34ED4-BBB6-4C57-9FBD-B29CA5878051}) (Version: 8.5.4371.3505 - Hewlett-Packard Company)
HP SoftPaq Download Manager (HKLM-x32\...\{2DA697D7-FED3-4DE2-A174-92A2A12F9688}) (Version: 3.0.5.0 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{E05DB9F9-C8E7-45F2-BE9E-76D4C447CE9B}) (Version: 4.0.39.1 - Hewlett-Packard Company)
HP Software Setup (HKLM-x32\...\{04801E42-B1A6-4C52-9F3D-CADB5A050433}) (Version: 7.0.1.9 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP Webcam Driver (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.1.7600.0024 - Realtek Semiconductor Corp.)
HP Wireless Assistant (HKLM\...\{EC720706-3F19-4B7F-BDDD-E31D9B3921D2}) (Version: 4.0.6.0 - Hewlett-Packard)
HQ-Video-Profession-1.3 (HKLM-x32\...\HQ-Video-Profession-1.3) (Version: 1.34.2.13 - HQ-Video) <==== ATTENTION
iCloud (HKLM\...\{EAFB2AD8-D92B-464C-8D97-B9CB94703C4A}) (Version: 3.0.2.163 - Apple Inc.)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.01.01.1007 - Intel Corporation)
iTunes (HKLM\...\{96B53CA8-5ABB-49D8-96F1-F6C0D73A76C6}) (Version: 11.1.4.62 - Apple Inc.)
Juniper Networks Network Connect 7.0.0 (HKLM-x32\...\Juniper Network Connect 7.0.0) (Version: 7.0.0.18107 - Juniper Networks)
Juniper Networks Setup Client (HKCU\...\Juniper_Setup_Client) (Version: 2.2.5.9755 - Juniper Networks)
Juniper Networks Setup Client Activex Control (HKLM-x32\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks)
jZip (HKLM-x32\...\jZip) (Version: - Bandoo Media Inc.) <==== ATTENTION
LightScribe System Software (HKLM-x32\...\{82EF29B1-9B60-4142-A155-0599216DD053}) (Version: 1.18.6.1 - LightScribe)
LOGO!Soft Comfort V6.1 (HKLM-x32\...\LOGO!Soft Comfort V6.1) (Version: 6.1.0.0 - Siemens AG)
LOGO!Soft Comfort V7.0 (Demo) (HKLM-x32\...\LOGO!Soft Comfort V7.0 (Demo)) (Version: 7.0.0.0 - Siemens AG)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SOAP Toolkit 3.0 (HKLM-x32\...\{BCB4C18A-ACA6-4383-8688-E19933A705DD}) (Version: 3.0.1325.4 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.0 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.0 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NCM GPRS 64 (Version: 01.01.0000 - Siemens AG) Hidden
Network Print Monitor for Windows 2000/XP/2003 (HKLM-x32\...\Network Print Monitor) (Version: - )
OFT2 Grafcet Version 2.0.9.2 (HKLM-x32\...\Omegon Fluid Technology Grafcet_is1) (Version: - Omegon Teachware)
PC Connectivity Solution (HKLM-x32\...\{499B65FF-C8A9-478C-BD83-3E25714D72C9}) (Version: 9.38.0.0 - Nokia)
PDF24 Creator 5.7.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.214.2 - Tracker Software Products Ltd)
Pre-Boot Security for HP ProtectTools (Version: 5.0.7.1 - Hewlett-Packard) Hidden
Privacy Manager for HP ProtectTools (HKLM\...\{04255D34-6C6D-4F63-A218-EE8FD2D13AF0}) (Version: 5.10.796 - Hewlett-Packard)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 1.12.0011 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30109 - Realtek Semiconductor Corp.)
Re-markit (HKLM-x32\...\0CBE6C26-3AF7-4A9D-98E5-B8354D25C83E) (Version: - Re-markit-software) <==== ATTENTION
SEE Electrical Building School V2 (HKLM-x32\...\{57689281-9E59-44AC-95FD-86D2897A36FF}) (Version: 2.20.3340 - IGE+XAO)
SEE Electrical Schulversion V4R1 (HKLM-x32\...\SEE Electrical Schulversion V4R1) (Version: - )
SEE Electrical Schulversion V5R1 (HKLM-x32\...\SEE Electrical Schulversion V5R1) (Version: - )
Siemens Totally Integrated Automation Portal V11 (HKLM-x32\...\Siemens Installer Assistant - TIAP11) (Version: V11 - Siemens AG)
Siemens Automation License Manager (Version: 05.01.0103 - Siemens AG) Hidden
Siemens Automation License Manager V5.1 + SP1 + Upd3 (HKLM\...\{4EA2F07F-BD6B-4765-B7C1-53674EED70F6}LicenseManager) (Version: 05.01.0103 - Siemens AG)
Silicon Laboratories CP210x USB to UART Bridge (Driver Removal) (HKLM-x32\...\SLABCOMM&10C4&EA60) (Version: - )
Silicon Laboratories CP210x VCP Drivers for Windows 2000/XP/2003 Server/Vista (HKLM-x32\...\{6D57B359-CCBA-4D1C-9FEB-966A2C392DD2}) (Version: 4.40 - Silicon Laboratories, Inc.)
SIMATIC Device Drivers (Version: 01.00.0300 - Siemens AG) Hidden
SIMATIC Device Drivers WoW (x32 Version: 20.00.0300 - Siemens AG) Hidden
SIMATIC Event Database (x32 Version: 05.05.0100 - Siemens AG) Hidden
SIMATIC HMI License Manager Panel Plugin (x64) (Version: 11.00.0100 - Siemens AG) Hidden
SIMATIC HMI Symbol Library (x32 Version: 11.00.0200 - Siemens AG) Hidden
SIMATIC NCM FWL 64 (Version: 05.05.0100 - Siemens AG) Hidden
SIMATIC PLCSIM 64 (Version: 01.00.0001 - Siemens AG) Hidden
SIMATIC Prosave (x32 Version: 09.00.0300 - Siemens AG) Hidden
SIMATIC Prosave V9.0 incl. SP3 (HKLM-x32\...\{AE533A06-4655-41E8-88BB-48293AAF1FA0}Prosave) (Version: 09.00.0300 - Siemens AG)
SIMATIC S7-PLCSIM (x32 Version: 5.4.0502 - Siemens AG) Hidden
SIMATIC S7-PLCSIM V5.4 + SP5 + Upd2 (HKLM-x32\...\{1CBF27F6-24A4-488D-940A-678F1C691C49}PLCSim) (Version: 5.4.0502 - Siemens AG)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.24.0 - Synaptics Incorporated)
Theft Recovery (HKLM-x32\...\InstallShield_{33C9F24B-1D92-4632-A915-81E3BB1D5D6B}) (Version: 5.1.0.18 - Hewlett-Packard)
Theft Recovery (x32 Version: 5.1.0.18 - Hewlett-Packard) Hidden
TIA Portal Single SetupPackage - Hardware Support Base Package 0 V11.0 (x32 Version: 11.00.0000 - Siemens AG) Hidden
TIA Portal Single SetupPackage - Hardware Support Base Package 02 V11.0 (x32 Version: 11.00.0000 - Siemens AG) Hidden
TIA Portal Single SetupPackage - Hardware Support Base Package 03 V11.0 (x32 Version: 11.00.0000 - Siemens AG) Hidden
TIA Portal Single SetupPackage - Hardware Support Base Package WCF-01 V11.0 (x32 Version: 11.00.0000 - Siemens AG) Hidden
TIA Portal Single SetupPackage - HWConfig Single SetupPackage V11.0 SP2 UPD2 (x32 Version: 11.00.0200 - Siemens AG) Hidden
TIA Portal Single SetupPackage - STEP 7 Single SetupPackage V11.0 SP2 UPD2 (x32 Version: 11.00.0200 - Siemens AG) Hidden
TIA Portal Single SetupPackage - Support Base Package TO-01 V11.0 (x32 Version: 11.00.0000 - Siemens AG) Hidden
TIA Portal Single SetupPackage - Support Base Package TO-02 V11.0 (x32 Version: 11.00.0000 - Siemens AG) Hidden
TIA Portal Single SetupPackage - TIA ESTOUR V11.0 + SP2 (x32 Version: 11.00.0200 - Siemens AG) Hidden
TIA Portal Single SetupPackage - WinCC Single SetupPackage V11.0 SP2 UPD2 (x32 Version: 11.00.0200 - Siemens AG) Hidden
TIA Portal Single SetupPackage - WINCCBASUCL V11.0 + SP11 (x32 Version: 11.00.1100 - Siemens AG) Hidden
Totally Integrated Automation Portal V11 - TIA Portal Single SetupPackage V11.0 + SP2 (x32 Version: 11.00.0200 - Siemens AG) Hidden
TotalMedia Suite update (x32 Version: 1.0.0.1 - ArcSoft) Hidden
TrekStor Mobile (HKLM-x32\...\TrekStor Mobile) (Version: 16.001.06.01.789 - Huawei Technologies Co.,Ltd)
Uninstall 1.0.0.1 (HKLM-x32\...\Uninstall_is1) (Version: - )
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878297) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{9B1DEEA3-B4ED-49F0-9EF7-4A820EEEA7F1}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
USB PC Camera Plus (HKLM-x32\...\{ECD03DA7-5952-406A-8156-5F0C93618D1F}) (Version: 5.17.0.000 - Sonix)
Validity Fingerprint Driver (HKLM\...\{516DA517-73A0-40F8-8CD9-E5ED4EC383E5}) (Version: 4.0.10.0 - Validity Sensors, Inc.)
V-bates 2.0.0.438 (HKLM\...\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}_is1) (Version: 2.0.0.438 - Southstarco) <==== ATTENTION
VC User 71 RTL X86 --- (x32 Version: 1.0 - redistributed from Microsoft Corporation merge modules) Hidden
WinCC Runtime Advanced Simulator (x32 Version: 11.00.0100 - Siemens AG) Hidden
Windows 7 Default Setting (HKLM-x32\...\{5BF8E079-D6E2-4323-B794-75152371122A}) (Version: 1.0.1.6 - Hewlett-Packard Company)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
==================== Restore Points =========================
06-03-2014 18:02:41 Windows Update
13-03-2014 21:09:53 HPSF Applying updates
13-03-2014 21:10:16 HPSF Applying updates
15-03-2014 09:03:04 Windows Update
24-03-2014 15:35:20 Geplanter Prüfpunkt
06-04-2014 08:06:16 Geplanter Prüfpunkt
07-04-2014 20:32:37 HPSF Applying updates
07-04-2014 20:32:41 HPSF Applying updates
11-04-2014 06:17:43 Windows Update
22-04-2014 09:56:20 HPSF Applying updates
22-04-2014 09:56:21 HPSF Applying updates
29-04-2014 04:44:26 Windows Update
==================== Hosts content: ==========================
2009-07-14 04:34 - 2011-10-11 20:58 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {047B40A5-A0C5-4FF6-BB98-AF129ED6D2B2} - System32\Tasks\HQ-Video-Profession-1.3-chromeinstaller => C:\Program Files (x86)\HQ-Video-Profession-1.3\HQ-Video-Profession-1.3-chromeinstaller.exe [2014-02-25] (HQ-Video) <==== ATTENTION
Task: {41E6B786-D8ED-4C7D-AA5E-F771A14F34E1} - System32\Tasks\HQ-Video-Profession-1.3-enabler => C:\Program Files (x86)\HQ-Video-Profession-1.3\HQ-Video-Profession-1.3-enabler.exe <==== ATTENTION
Task: {4871D7ED-E699-4BA8-B134-ED5B6F21F909} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-28] (Google Inc.)
Task: {4ED7FD75-1B5B-498B-95FA-52955668D34C} - System32\Tasks\Re-markit_wd => C:\Program Files (x86)\Re-markit\Re-markitfQLOWw.exe [2014-04-30] () <==== ATTENTION
Task: {68BF7296-1DDC-4935-B35D-1172328CF57B} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {721EB5BD-E2E0-4E3A-80A2-B609CBC7CA72} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-28] (Google Inc.)
Task: {857EBC26-8836-4CAE-A272-C89EB8838CE6} - System32\Tasks\{B601E01F-1259-447D-8EC8-95D0CA090B8D} => Firefox.exe hxxp://ui.skype.com/ui/0/5.3.0.120/en/abandoninstall?page=tsChrome&installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:offered-installed;madedefault
Task: {A2CDE9D4-7CA2-4DE2-ADA3-B6F555F8852B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {A6B2CF5B-F239-4407-B50C-D4831B8E9953} - System32\Tasks\HPCeeScheduleForChris => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {B91F4F61-ECA3-471B-8317-580E0390720C} - System32\Tasks\HQ-Video-Profession-1.3-firefoxinstaller => C:\Program Files (x86)\HQ-Video-Profession-1.3\HQ-Video-Profession-1.3-firefoxinstaller.exe [2014-02-25] (HQ-Video) <==== ATTENTION
Task: {BBC3D1A7-E66C-4610-8E85-8455DA034FBC} - System32\Tasks\HQ-Video-Profession-1.3-codedownloader => C:\Program Files (x86)\HQ-Video-Profession-1.3\HQ-Video-Profession-1.3-codedownloader.exe [2014-02-25] (HQ-Video) <==== ATTENTION
Task: {CABAE5E4-EDFF-453F-A55D-FA258589502C} - System32\Tasks\HQ-Video-Profession-1.3-updater => C:\Program Files (x86)\HQ-Video-Profession-1.3\HQ-Video-Profession-1.3-updater.exe [2014-02-25] (HQ-Video) <==== ATTENTION
Task: {D4855862-ADF2-438D-B682-222DD7CF2189} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {EB881AE1-726C-425E-9623-8BEA3B3D6C93} - System32\Tasks\Re-markit Update => C:\Program Files (x86)\Re-markit\Re-markitfQL.exe [2014-04-30] () <==== ATTENTION
Task: {ECE80DA2-7C77-401A-A0A0-929B815BA8D2} - System32\Tasks\aviraSWU => Cscript.exe "C:\Program Files (x86)\avira\Internet Explorer\swu.vbs"
Task: {F6D24017-9868-457D-9BF3-5A1457DF1B3D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company)
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\HPCeeScheduleForChris.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\windows\Tasks\HQ-Video-Profession-1.3-chromeinstaller.job => C:\Program Files (x86)\HQ-Video-Profession-1.3\HQ-Video-Profession-1.3-chromeinstaller.exe <==== ATTENTION
Task: C:\windows\Tasks\HQ-Video-Profession-1.3-codedownloader.job => C:\Program Files (x86)\HQ-Video-Profession-1.3\HQ-Video-Profession-1.3-codedownloader.exe <==== ATTENTION
Task: C:\windows\Tasks\HQ-Video-Profession-1.3-enabler.job => C:\Program Files (x86)\HQ-Video-Profession-1.3\HQ-Video-Profession-1.3-enabler.exe <==== ATTENTION
Task: C:\windows\Tasks\HQ-Video-Profession-1.3-firefoxinstaller.job => C:\Program Files (x86)\HQ-Video-Profession-1.3\HQ-Video-Profession-1.3-firefoxinstaller.exe <==== ATTENTION
Task: C:\windows\Tasks\HQ-Video-Profession-1.3-updater.job => C:\Program Files (x86)\HQ-Video-Profession-1.3\HQ-Video-Profession-1.3-updater.exe <==== ATTENTION
Task: C:\windows\Tasks\Re-markit Update.job => C:\Program Files (x86)\Re-markit\Re-markitfQL.exe <==== ATTENTION
Task: C:\windows\Tasks\Re-markit_wd.job => C:\Program Files (x86)\Re-markit\Re-markitfQLOWw.exe <==== ATTENTION
==================== Loaded Modules (whitelisted) =============
2010-02-11 23:50 - 2010-02-11 23:50 - 00746256 _____ () C:\windows\system32\SUPSDK.dll
2009-11-23 19:24 - 2009-11-23 19:24 - 01412608 ____R () C:\windows\system32\LIBEAY32.dll
2009-10-29 03:57 - 2009-10-29 03:57 - 00100864 _____ () c:\Program Files\Hewlett-Packard\Pre-Boot Security for HP ProtectTools\BIOSDomainPlugin.dll
2011-03-10 01:43 - 2011-03-10 01:43 - 00774144 _____ () C:\Program Files\Common Files\Siemens\SWS\PlugIns\SCP\Scpwin64.dll
2010-08-19 10:52 - 2010-08-19 10:52 - 00229376 _____ () C:\ProgramData\DatacardService\DCService.exe
2011-12-14 12:18 - 2011-12-14 12:18 - 00824320 _____ () C:\Program Files\Common Files\Siemens\Automation\Simatic OAM\bin\sn_regbase.dll
2014-02-15 12:08 - 2014-01-08 16:24 - 00209408 _____ () C:\Program Files\V-bates\ExtensionUpdaterService.exe
2010-06-19 02:25 - 2010-06-19 02:25 - 00052280 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\HardwareAccess.dll
2010-06-19 02:25 - 2010-06-19 02:25 - 00267832 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\HPCommon.XmlSerializers.dll
2010-06-19 02:25 - 2010-06-19 02:25 - 00055864 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\Graphs.dll
2006-09-19 10:07 - 2006-09-19 10:07 - 00827392 _____ () C:\Windows\vsnpstd3.exe
2014-02-22 15:41 - 2006-07-07 16:04 - 00262144 _____ () C:\Windows\tsnpstd3.exe
2010-06-22 03:54 - 2010-06-22 03:54 - 00098304 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-08-05 13:57 - 2010-08-05 13:57 - 00270336 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2010-04-05 21:12 - 2010-04-05 21:12 - 00267832 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPCommon.XmlSerializers.dll
2010-04-05 21:11 - 2010-04-05 21:11 - 00030264 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll
2010-04-05 21:12 - 2010-04-05 21:12 - 00052280 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll
2014-04-30 14:51 - 2014-04-30 14:51 - 00077312 _____ () C:\Program Files (x86)\Re-markit\Re-markitfQLOWw.exe
2014-04-30 14:51 - 2014-04-30 14:51 - 00142848 _____ () C:\Program Files (x86)\Re-markit\Re-markitfQL161.exe
2014-02-25 18:02 - 2014-02-14 12:00 - 00394808 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2009-06-17 21:40 - 2009-06-17 21:40 - 02121728 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
2009-06-17 21:40 - 2009-06-17 21:40 - 07745536 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
2009-06-17 21:40 - 2009-06-17 21:40 - 00135168 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2014-02-15 14:27 - 2014-02-15 14:27 - 00170496 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\bfd5296be62268bc7a31a424f0d1ad5f\IsdiInterop.ni.dll
2010-12-07 14:00 - 2010-03-04 06:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2011-12-14 12:18 - 2011-12-14 12:18 - 00749568 _____ () C:\windows\SysWOW64\sn_regbase.dll
2014-04-30 14:51 - 2014-04-30 14:51 - 00133120 _____ () C:\Program Files (x86)\Re-markit\Re-markitfQL161.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 00237384 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2014-05-02 12:15 - 2014-04-24 02:33 - 00065352 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\chrome_elf.dll
2014-05-02 12:15 - 2014-04-24 02:33 - 00674632 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\libglesv2.dll
2014-05-02 12:15 - 2014-04-24 02:33 - 00093000 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\libegl.dll
2014-05-02 12:15 - 2014-04-24 02:33 - 04081480 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll
2014-05-02 12:15 - 2014-04-24 02:33 - 00390472 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll
2014-05-02 12:15 - 2014-04-24 02:33 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ffmpegsumo.dll
2014-05-02 12:15 - 2014-04-24 02:33 - 13692232 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (05/07/2014 07:06:58 AM) (Source: Bonjour Service) (User: ) (EventID: 100)
Description: Task Scheduling Error: m->NextScheduledSPRetry 53575689
Error: (05/07/2014 07:06:58 AM) (Source: Bonjour Service) (User: ) (EventID: 100)
Description: Task Scheduling Error: m->NextScheduledEvent 53575689
Error: (05/07/2014 07:06:58 AM) (Source: Bonjour Service) (User: ) (EventID: 100)
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (05/06/2014 04:14:08 PM) (Source: Bonjour Service) (User: ) (EventID: 100)
Description: Task Scheduling Error: m->NextScheduledSPRetry 6131
Error: (05/06/2014 04:14:08 PM) (Source: Bonjour Service) (User: ) (EventID: 100)
Description: Task Scheduling Error: m->NextScheduledEvent 6131
Error: (05/06/2014 04:14:08 PM) (Source: Bonjour Service) (User: ) (EventID: 100)
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (05/06/2014 04:14:07 PM) (Source: Bonjour Service) (User: ) (EventID: 100)
Description: Task Scheduling Error: m->NextScheduledSPRetry 5117
Error: (05/06/2014 04:14:07 PM) (Source: Bonjour Service) (User: ) (EventID: 100)
Description: Task Scheduling Error: m->NextScheduledEvent 5117
Error: (05/06/2014 04:14:07 PM) (Source: Bonjour Service) (User: ) (EventID: 100)
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (05/06/2014 04:14:06 PM) (Source: Bonjour Service) (User: ) (EventID: 100)
Description: Task Scheduling Error: m->NextScheduledSPRetry 4088
System errors:
=============
Error: (05/02/2014 06:49:44 PM) (Source: WMPNetworkSvc) (User: ) (EventID: 14365)
Description: 0x80004004-1
Error: (05/02/2014 05:49:04 PM) (Source: Service Control Manager) (User: ) (EventID: 7026)
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
JAMVOX_AA
Error: (05/02/2014 05:47:55 PM) (Source: EventLog) (User: ) (EventID: 6008)
Description: Das System wurde zuvor am 02.05.2014 um 12:19:33 unerwartet heruntergefahren.
Error: (04/30/2014 02:55:23 PM) (Source: Service Control Manager) (User: ) (EventID: 7022)
Description: Der Dienst "Google Update-Dienst (gupdate)" wurde nicht richtig gestartet.
Error: (04/30/2014 02:51:16 PM) (Source: Service Control Manager) (User: ) (EventID: 7026)
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
JAMVOX_AA
Error: (04/29/2014 11:43:37 AM) (Source: NetBT) (User: ) (EventID: 4311)
Description: Es ist ein Initialisierungsfehler aufgetreten, da der Treiber nicht erstellt werden konnte.
Verwenden Sie die Zeichenfolge "6431500765E0", um die Schnittstelle zu identifizieren, die nicht initialisiert werden
konnte. Sie stellt die MAC-Adresse der Schnittstelle mit dem Initialisierungsfehler oder die
GUID (Globally Unique Interface Identifier) dar, wenn NetBT keine Zuordnung
von der GUID zur MAC-Adresse herstellen konnte. Wenn weder die MAC-Adresse noch die GUID verfügbar
waren, dann stellt die Zeichenfolge einen Clustergerätenamen dar.
Error: (04/29/2014 11:43:37 AM) (Source: NetBT) (User: ) (EventID: 4311)
Description: Es ist ein Initialisierungsfehler aufgetreten, da der Treiber nicht erstellt werden konnte.
Verwenden Sie die Zeichenfolge "6431500765E0", um die Schnittstelle zu identifizieren, die nicht initialisiert werden
konnte. Sie stellt die MAC-Adresse der Schnittstelle mit dem Initialisierungsfehler oder die
GUID (Globally Unique Interface Identifier) dar, wenn NetBT keine Zuordnung
von der GUID zur MAC-Adresse herstellen konnte. Wenn weder die MAC-Adresse noch die GUID verfügbar
waren, dann stellt die Zeichenfolge einen Clustergerätenamen dar.
Error: (04/29/2014 08:00:48 AM) (Source: Service Control Manager) (User: ) (EventID: 7026)
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
JAMVOX_AA
Error: (04/29/2014 07:58:21 AM) (Source: DCOM) (User: ) (EventID: 10010)
Description: {51FA2736-5DEE-11D4-98E8-006008BF430C}
Error: (04/28/2014 07:23:07 PM) (Source: bowser) (User: ) (EventID: 8003)
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "BENNO-PC",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{BC1A1A27-F9ED-4D6C-985A-7FACB0397CAC}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Microsoft Office Sessions:
=========================
Error: (03/11/2013 08:38:29 PM) (Source: Microsoft Office 12 Sessions) (User: ) (EventID: 7001)
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 60 seconds with 0 seconds of active time. This session ended with a crash.
Error: (03/11/2013 08:38:11 PM) (Source: Microsoft Office 12 Sessions) (User: ) (EventID: 7001)
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 42 seconds with 0 seconds of active time. This session ended with a crash.
==================== Memory info ===========================
Percentage of memory in use: 65%
Total physical RAM: 3951.43 MB
Available physical RAM: 1371.19 MB
Total Pagefile: 7901.04 MB
Available Pagefile: 3754.71 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:448.47 GB) (Free:198.29 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.48 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: EC9CDE1C)
Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=448 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2 GB) - (Type=0C)
==================== End Of Log ============================
Hoffe mir kann da jemand genauso weiterhelfen!  Vielen dank schonmal Gruß Chris |
|
07.05.2014, 07:39
| #2 |
| /// the machine /// TB-Ausbilder    | Werbefenster öffnen sich selbstständig in allen Browsern hi,
__________________Revo Uninstaller - Download - Filepony Damit alles deinstallieren was Du in der Additional.txt findest mit dem Zusatz <== ATTENTION Mit Revo auch Moderat die Reste entfernen lassen. Scan mit Combofix
__________________ |
|
07.05.2014, 10:47
| #3 | |
| | Werbefenster öffnen sich selbstständig in allen Browsern Okay,
__________________habe den Revo Uninstaller heruntergeladen. Bin auf dem ganzen Gebiet nicht so wirklich der Profi, Zitat:
Danke schonmal! Habe es doch verstanden. Habe allerdings ein Programm nicht deinstalliert bekommen, dies finde ich in der Liste auch gar nicht?! Code:
ATTFilter V-bates 2.0.0.438 (HKLM\...\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}_is1) (Version: 2.0.0.438 - Southstarco) <==== ATTENTION
Danke |
|
08.05.2014, 07:40
| #4 |
| /// the machine /// TB-Ausbilder | Werbefenster öffnen sich selbstständig in allen Browsern Versuch es normal über Windows zu deinstallieren. Geht es dort auch nicht, ignorieren und weiter mit der Anleitung
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
09.05.2014, 05:10
| #5 |
| | Werbefenster öffnen sich selbstständig in allen Browsern So Combofix ist nun drübergelaufen! Hier einmal die txt. Code:
ATTFilter ComboFix 14-05-07.03 - Chris 08.05.2014 13:02:58.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3951.1870 [GMT 2:00]
ausgeführt von:: c:\users\Chris\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
c:\program files (x86)\INSTALL.LOG
c:\programdata\52167B2056.sys
C:\Thumbs.db
c:\users\Chris\AppData\Local\lollipop
c:\users\Public\AlexaNSISPlugin.8992.dll
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_DCService.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-04-08 bis 2014-05-08 ))))))))))))))))))))))))))))))
.
.
2014-05-08 11:18 . 2014-05-08 11:18 -------- d-----w- c:\users\Gast\AppData\Local\temp
2014-05-08 11:18 . 2014-05-08 11:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-05-08 10:21 . 2014-04-29 14:01 23547904 ----a-w- c:\windows\system32\mshtml.dll
2014-05-08 10:21 . 2014-04-29 13:40 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-08 10:21 . 2014-04-29 12:34 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-05-08 10:21 . 2014-05-08 10:21 -------- d-s---w- c:\windows\system32\CompatTel
2014-05-07 12:17 . 2014-04-17 03:31 10651704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C1570925-CB20-4F74-8854-52CFBF9DA42E}\mpengine.dll
2014-05-07 06:47 . 2014-05-07 06:47 -------- d-----w- c:\program files (x86)\VS Revo Group
2014-05-07 05:56 . 2014-05-07 06:17 -------- d-----w- C:\FRST
2014-05-06 08:52 . 2014-04-14 02:24 465408 ----a-w- c:\windows\system32\aepdu.dll
2014-05-06 08:52 . 2014-04-14 02:19 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-04-30 12:55 . 2014-04-30 12:55 -------- d-sh--w- c:\users\Chris\AppData\Local\EmieUserList
2014-04-30 12:55 . 2014-04-30 12:55 -------- d-sh--w- c:\users\Chris\AppData\Local\EmieSiteList
2014-04-28 19:16 . 2014-04-28 19:16 -------- d-----w- c:\program files (x86)\Google
2014-04-28 19:16 . 2014-04-28 19:16 -------- d-----w- c:\users\Chris\AppData\Local\Google
2014-04-10 11:49 . 2014-02-04 02:35 190912 ----a-w- c:\windows\system32\drivers\storport.sys
2014-04-10 11:49 . 2014-02-04 02:35 274880 ----a-w- c:\windows\system32\drivers\msiscsi.sys
2014-04-10 11:49 . 2014-02-04 02:35 27584 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2014-04-10 11:49 . 2014-02-04 02:28 2048 ----a-w- c:\windows\system32\iologmsg.dll
2014-04-10 11:49 . 2014-02-04 02:00 2048 ----a-w- c:\windows\SysWow64\iologmsg.dll
2014-04-10 09:33 . 2014-03-04 09:44 362496 ----a-w- c:\windows\system32\wow64win.dll
2014-04-10 09:33 . 2014-03-04 09:44 243712 ----a-w- c:\windows\system32\wow64.dll
2014-04-10 09:33 . 2014-03-04 09:44 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2014-04-10 09:33 . 2014-03-04 09:44 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2014-04-10 09:33 . 2014-03-04 09:44 1163264 ----a-w- c:\windows\system32\kernel32.dll
2014-04-10 09:33 . 2014-03-04 09:17 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2014-04-10 09:33 . 2014-03-04 09:16 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2014-04-10 09:33 . 2014-03-04 09:16 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2014-04-10 09:33 . 2014-03-04 08:09 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2014-04-10 09:33 . 2014-03-04 08:09 2048 ----a-w- c:\windows\SysWow64\user.exe
2014-04-10 09:33 . 2014-01-24 02:37 1684928 ----a-w- c:\windows\system32\drivers\ntfs.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-31 07:35 . 2011-03-24 17:06 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-03-04 09:17 . 2014-04-10 09:33 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-11-14 20584608]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-09-14 59720]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-09-15 59720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"File Sanitizer"="c:\program files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2009-12-12 11265536]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-05 98304]
"DTRun"="c:\program files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe" [2009-11-19 518656]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"QLBController"="c:\program files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe" [2010-10-01 256056]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-05 43848]
"SiemensAutomationFileStorage"="c:\program files (x86)\Siemens\Automation\Portal V11\\Bin\Siemens.Automation.ObjectFrame.FileStorage.Server.exe" [2011-11-21 856064]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2013-07-22 162856]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2006-07-07 262144]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-02-06 152392]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-6-9 1128224]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2009-11-17 22:39 75320 ----a-w- c:\windows\System32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
.
R1 JAMVOX_AA;Service for JamVOX Controller driver;c:\windows\system32\DRIVERS\JamDRV.sys;c:\windows\SYSNATIVE\DRIVERS\JamDRV.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [x]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe;c:\windows\SYSNATIVE\vcsFPService.exe [x]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv64.sys;c:\windows\SYSNATIVE\DRIVERS\DAMDrv64.sys [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\SysWOW64\flcdlock.exe;c:\windows\SysWOW64\flcdlock.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 JAMVOX_01;Service for JamVOX Audio driver;c:\windows\system32\DRIVERS\JamWdm.sys;c:\windows\SYSNATIVE\DRIVERS\JamWdm.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S1 RsvLock;RsvLock; [x]
S2 almservice;Automation License Manager Service;c:\program files\Common Files\Siemens\sws\almsrv\almsrv64x.exe;c:\program files\Common Files\Siemens\sws\almsrv\almsrv64x.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 HP ProtectTools Service;HP ProtectTools Service;c:\program files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe;c:\program files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [x]
S2 HPDayStarterService;HP DayStarter Service;c:\program files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe;c:\program files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [x]
S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [x]
S2 hpHotkeyMonitor;HP Hotkey Monitor;c:\program files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe;c:\program files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys;c:\windows\SYSNATIVE\drivers\iPodDrv.sys [x]
S2 s7oiehsx64;SIMATIC IEPG Help Service;c:\program files\Common Files\Siemens\Automation\Simatic OAM\bin\s7oiehsx64.exe;c:\program files\Common Files\Siemens\Automation\Simatic OAM\bin\s7oiehsx64.exe [x]
S2 s7ousbu64x;SIMATIC USB Service;c:\windows\system32\DRIVERS\s7ousbu64x.sys;c:\windows\SYSNATIVE\DRIVERS\s7ousbu64x.sys [x]
S2 s7sn2srtx;PROFINET IO RT-Protocol V2.0;c:\windows\system32\DRIVERS\s7sn2srtx.sys;c:\windows\SYSNATIVE\DRIVERS\s7sn2srtx.sys [x]
S2 S7TraceServiceX;S7TraceServiceX;c:\program files\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceService64x.exe;c:\program files\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceService64x.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 uArcCapture;ArcCapture;c:\windows\system\uArcCapture.exe;c:\windows\system\uArcCapture.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;c:\windows\system32\DRIVERS\ArcSoftVCapture.sys;c:\windows\SYSNATIVE\DRIVERS\ArcSoftVCapture.sys [x]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 DEBridge;DEBridge;c:\program files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe;c:\program files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [x]
S3 dpmconv;SIMATIC NET DP Driver;c:\windows\system32\DRIVERS\dpmconv.sys;c:\windows\SYSNATIVE\DRIVERS\dpmconv.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 rtsuvc;HP Webcam [2 MP Fixed];c:\windows\system32\DRIVERS\rtsuvc.sys;c:\windows\SYSNATIVE\DRIVERS\rtsuvc.sys [x]
S3 s7odpx2x64;SIMATIC Knotentaufe;c:\windows\system32\DRIVERS\s7odpx2x64.sys;c:\windows\SYSNATIVE\DRIVERS\s7odpx2x64.sys [x]
S3 s7oppinx64;SIMATIC PPI Transport;c:\windows\system32\DRIVERS\s7oppinx64.sys;c:\windows\SYSNATIVE\DRIVERS\s7oppinx64.sys [x]
S3 s7oserix64;Siemens PC Serial Cable;c:\windows\system32\Drivers\s7oserix64.sys;c:\windows\SYSNATIVE\Drivers\s7oserix64.sys [x]
S3 s7osmcax64;SIMATIC PC Adapter RS232;c:\windows\system32\DRIVERS\s7osmcax64.sys;c:\windows\SYSNATIVE\DRIVERS\s7osmcax64.sys [x]
S3 s7osobux64;SIMATIC SoftBus;c:\windows\system32\DRIVERS\s7osobux64.sys;c:\windows\SYSNATIVE\DRIVERS\s7osobux64.sys [x]
S3 s7otmcd64x;SIMATIC Memory Cards;c:\windows\system32\Drivers\s7otmcd64x.sys;c:\windows\SYSNATIVE\Drivers\s7otmcd64x.sys [x]
S3 s7otranx64;SIMATIC Transport;c:\windows\system32\DRIVERS\s7otranx64.sys;c:\windows\SYSNATIVE\DRIVERS\s7otranx64.sys [x]
S3 s7otsadx64;SIMATIC TS Adapter RS232;c:\windows\system32\DRIVERS\s7otsadx64.sys;c:\windows\SYSNATIVE\DRIVERS\s7otsadx64.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 vsnl2ada;SIMATIC NET FDL Driver;c:\windows\system32\DRIVERS\vsnl2ada.sys;c:\windows\SYSNATIVE\DRIVERS\vsnl2ada.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 20:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-30 13:19 1078088 ----a-w- c:\program files (x86)\Google\Chrome\Application\34.0.1847.131\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-04-28 19:16]
.
2014-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-04-28 19:16]
.
2014-05-04 c:\windows\Tasks\HPCeeScheduleForChris.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPPowerAssistant"="c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe" [2010-06-19 1691192]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-04-05 8192]
"JamInit"="InitJam.exe" [2009-04-15 253008]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://google.de/
uLocal Page = c:\windows\system32\blank.htm
mDefault_Search_URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1393075610&from=adks&uid=HitachiXHTS725050A9A364_101216PCK404GLG5MS5JX&q={searchTerms}
mDefault_Page_URL = hxxp://www.awesomehp.com/?type=hp&ts=1393075610&from=adks&uid=HitachiXHTS725050A9A364_101216PCK404GLG5MS5JX
mStart Page = hxxp://www.awesomehp.com/?type=hp&ts=1393075610&from=adks&uid=HitachiXHTS725050A9A364_101216PCK404GLG5MS5JX
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1393075610&from=adks&uid=HitachiXHTS725050A9A364_101216PCK404GLG5MS5JX&q={searchTerms}
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Free YouTube Download - c:\users\Chris\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-10 - (no file)
BHO-{11111111-1111-1111-1111-110511151178} - c:\program files (x86)\HQ-Video-Profession-1.3\HQ-Video-Profession-1.3-bho64.dll
Toolbar-10 - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SysTrayApp - c:\program files\IDT\WDM\sttray64.exe
AddRemove-SLABCOMM&10C4&EA60 - c:\windows\system32\Silabs\DriverUninstaller.exe VCP CP210x Cardinal\SLABCOMM&10C4&EA60
AddRemove-Uninstall_is1 - c:\program files (x86)\Common Files\DVDVideoSoft\unins000.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Juniper Networks\Common Files\dsNcService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\SysWOW64\pniopcac.exe
c:\windows\SysWOW64\pniopcac.exe
c:\windows\SysWOW64\pniopcac.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-05-08 13:38:05 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2014-05-08 11:37
.
Vor Suchlauf: 14 Verzeichnis(se), 215.519.752.192 Bytes frei
Nach Suchlauf: 24 Verzeichnis(se), 216.732.708.864 Bytes frei
.
- - End Of File - - E8987641E4A6920A989EF83857430B8D
|
|
09.05.2014, 16:18
| #6 |
| /// the machine /// TB-Ausbilder | Werbefenster öffnen sich selbstständig in allen Browsern Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> Werbefenster öffnen sich selbstständig in allen Browsern |
|
12.05.2014, 18:53
| #7 |
| | Werbefenster öffnen sich selbstständig in allen Browsern Malwarebytes Anti-Malware : Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Protection, 12.05.2014 15:22:00, SYSTEM, CHRIS-HP, Protection, Malware Protection, Starting, Protection, 12.05.2014 15:22:00, SYSTEM, CHRIS-HP, Protection, Malware Protection, Started, Protection, 12.05.2014 15:22:00, SYSTEM, CHRIS-HP, Protection, Malicious Website Protection, Starting, Update, 12.05.2014 15:22:12, SYSTEM, CHRIS-HP, Manual, Rootkit Database, 2014.2.20.1, 2014.3.27.1, Protection, 12.05.2014 15:22:40, SYSTEM, CHRIS-HP, Protection, Malicious Website Protection, Started, Update, 12.05.2014 15:25:05, SYSTEM, CHRIS-HP, Manual, Malware Database, 2014.3.4.9, 2014.5.12.2, Protection, 12.05.2014 15:25:07, SYSTEM, CHRIS-HP, Protection, Refresh, Starting, Protection, 12.05.2014 15:25:07, SYSTEM, CHRIS-HP, Protection, Malicious Website Protection, Stopping, Protection, 12.05.2014 15:25:07, SYSTEM, CHRIS-HP, Protection, Malicious Website Protection, Stopped, Protection, 12.05.2014 15:25:10, SYSTEM, CHRIS-HP, Protection, Refresh, Success, Protection, 12.05.2014 15:25:10, SYSTEM, CHRIS-HP, Protection, Malicious Website Protection, Starting, Protection, 12.05.2014 15:25:10, SYSTEM, CHRIS-HP, Protection, Malicious Website Protection, Started, Protection, 12.05.2014 15:44:26, SYSTEM, CHRIS-HP, Protection, Malware Protection, Starting, Protection, 12.05.2014 15:44:26, SYSTEM, CHRIS-HP, Protection, Malware Protection, Started, Protection, 12.05.2014 15:44:26, SYSTEM, CHRIS-HP, Protection, Malicious Website Protection, Starting, Protection, 12.05.2014 15:46:28, SYSTEM, CHRIS-HP, Protection, Malicious Website Protection, Started, (end) AdwCleaner: Code:
ATTFilter # AdwCleaner v3.208 - Bericht erstellt am 12/05/2014 um 19:16:33
# Aktualisiert 11/05/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Chris - CHRIS-HP
# Gestartet von : C:\Users\Chris\Desktop\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\Program Files (x86)\ICQ6Toolbar
Ordner Gelöscht : C:\Program Files (x86)\Optimizer Pro
Ordner Gelöscht : C:\windows\SysWOW64\SearchProtect
Ordner Gelöscht : C:\Users\Chris\AppData\LocalLow\BabylonToolbar
Ordner Gelöscht : C:\Users\Chris\AppData\LocalLow\DataMngr
Ordner Gelöscht : C:\Users\Chris\AppData\LocalLow\searchquband
Ordner Gelöscht : C:\Users\Chris\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Chris\Documents\Optimizer Pro
Ordner Gelöscht : C:\Users\Gast\AppData\LocalLow\DataMngr
Ordner Gelöscht : C:\Users\Gast\AppData\LocalLow\searchquband
Ordner Gelöscht : C:\Users\Gast\AppData\LocalLow\Searchqutoolbar
***** [ Verknüpfungen ] *****
Verknüpfung Desinfiziert : C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Verknüpfung Desinfiziert : C:\Users\Chris\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BabylonToolbarsrv_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BabylonToolbarsrv_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\jZip_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\jZip_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_virtual-dj_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_virtual-dj_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\distromatic
Schlüssel Gelöscht : HKCU\Software\installedbrowserextensions
Schlüssel Gelöscht : HKCU\Software\lollipop
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\searchqutoolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\Software\DeviceVM
Schlüssel Gelöscht : HKLM\Software\ICQ\ICQToolbar
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\DeviceVM
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17041
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
-\\ Mozilla Firefox v
-\\ Google Chrome v34.0.1847.131
[ Datei : C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht [Search Provider] : hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=102&sr=0&q={searchTerms}
Gelöscht [Search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3323828&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPF77F99E8-AF03-4553-9896-3D874741D4F1&q={searchTerms}&SSPV=
Gelöscht [Search Provider] : hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
Gelöscht [Search Provider] : hxxp://www.awesomehp.com/web/?type=ds&ts=1393075610&from=adks&uid=HitachiXHTS725050A9A364_101216PCK404GLG5MS5JX&q={searchTerms}
*************************
AdwCleaner[R0].txt - [7565 octets] - [12/05/2014 15:54:14]
AdwCleaner[S0].txt - [6282 octets] - [12/05/2014 19:16:33]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6342 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Chris on 12.05.2014 at 19:21:28,87
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12.05.2014 at 19:29:09,38
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-05-2014 01 Ran by Chris (administrator) on CHRIS-HP on 12-05-2014 19:52:05 Running from C:\Users\Chris\Downloads Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe (McAfee, Inc.) C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (AMD) C:\Windows\System32\atiesrxx.exe (Hewlett-Packard) C:\Windows\System32\hpservice.exe (AMD) C:\Windows\System32\atieclxx.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe (SIEMENS AG) C:\Program Files\Common Files\Siemens\sws\almsrv\almsrv64x.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Siemens AG) C:\Program Files\Common Files\Siemens\AlmPanelPlugin\ALMPanelPlugin.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Juniper Networks) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe (SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE (SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE (Hewlett-Packard Development Company, L.P) C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (SIEMENS AG) C:\Program Files\Common Files\Siemens\Automation\Simatic OAM\bin\s7oiehsx64.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (SIEMENS AG) C:\Program Files\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceService64x.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Korg Inc.) C:\Windows\System32\InitJam.exe (SIEMENS AG) C:\Program Files\Common Files\Siemens\Automation\Simatic OAM\bin\s7epasrv64x.exe (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe () C:\Windows\vsnpstd3.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (SIEMENS AG) C:\Program Files\Common Files\Siemens\Automation\Simatic OAM\bin\pniomgr.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (SIEMENS AG) C:\Windows\SysWOW64\pniopcac.exe (SIEMENS AG) C:\Windows\SysWOW64\pniopcac.exe (SIEMENS AG) C:\Windows\SysWOW64\pniopcac.exe (ArcSoft, Inc.) C:\Windows\system\uArcCapture.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe () C:\Windows\tsnpstd3.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (McAfee, Inc.) C:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [HPPowerAssistant] => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [1691192 2010-06-19] (Hewlett-Packard Company) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2174760 2010-06-04] (Synaptics Incorporated) HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-04-05] (Hewlett-Packard) HKLM\...\Run: [JamInit] => C:\windows\system32\InitJam.exe [253008 2009-04-15] (Korg Inc.) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation) HKLM\...\Run: [snpstd3] => C:\windows\vsnpstd3.exe [827392 2006-09-19] () HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation) HKLM-x32\...\Run: [File Sanitizer] => C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [11265536 2009-12-12] (Hewlett-Packard) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-08-05] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [DTRun] => c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe [518656 2009-11-19] (ArcSoft Inc.) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe [256056 2010-10-01] (Hewlett-Packard Company) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.) HKLM-x32\...\Run: [SiemensAutomationFileStorage] => C:\Program Files (x86)\Siemens\Automation\Portal V11\\Bin\Siemens.Automation.ObjectFrame.FileStorage.Server.exe [856064 2011-11-22] (Siemens AG) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [162856 2013-07-22] (Geek Software GmbH) HKLM-x32\...\Run: [tsnpstd3] => C:\windows\tsnpstd3.exe [262144 2006-07-07] () HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-06] (Apple Inc.) Winlogon\Notify\DeviceNP-x32: DeviceNP.dll [X] HKU\S-1-5-21-538565719-3422209620-1557115018-1002\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-06-17] (Hewlett-Packard Company) HKU\S-1-5-21-538565719-3422209620-1557115018-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.) HKU\S-1-5-21-538565719-3422209620-1557115018-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-09-14] (Apple Inc.) HKU\S-1-5-21-538565719-3422209620-1557115018-1002\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-09-15] (Apple Inc.) Lsa: [Notification Packages] DPPassFilter scecli Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: HP ProtectTools Security Manager Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard) BHO-x32: File Sanitizer for HP ProtectTools - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard) BHO-x32: HP ProtectTools Security Manager Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.) BHO-x32: PodcastBHO Class - {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll (doubleTwist Corporation) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll () FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @doubletwist.com/NPPodcast - C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll (doubleTwist Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ FF Extension: DigitalPersona Extension - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [] Chrome: ======= CHR HomePage: CHR Extension: (Google Drive) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-28] CHR Extension: (YouTube) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-28] CHR Extension: (Google-Suche) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-28] CHR Extension: (Google Wallet) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-28] CHR Extension: (Google Mail) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-28] ==================== Services (Whitelisted) ================= S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) R2 almservice; C:\Program Files\Common Files\Siemens\sws\almsrv\almsrv64x.exe [1543816 2011-12-11] (SIEMENS AG) R3 DEBridge; c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [704512 2009-12-16] (McAfee, Inc.) R2 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [462088 2009-11-25] (DigitalPersona, Inc.) S3 FLCDLOCK; c:\Windows\SysWOW64\flcdlock.exe [362040 2009-11-18] (Hewlett-Packard Ltd) R2 HP ProtectTools Service; c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [36864 2009-11-19] (Hewlett-Packard Development Company, L.P) R2 HpFkCryptService; c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [281192 2009-12-16] (McAfee, Inc.) R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [280120 2010-10-01] (Hewlett-Packard Company) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation) R2 s7oiehsx64; C:\Program Files\Common Files\Siemens\Automation\Simatic OAM\bin\s7oiehsx64.exe [139864 2012-01-30] (SIEMENS AG) R2 S7TraceServiceX; C:\Program Files\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceService64x.exe [470104 2012-01-30] (SIEMENS AG) R2 uArcCapture; C:\windows\system\uArcCapture.exe [506472 2009-12-04] (ArcSoft, Inc.) ==================== Drivers (Whitelisted) ==================== U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R3 ARCVCAM; C:\Windows\System32\DRIVERS\ArcSoftVCapture.sys [32640 2009-12-04] (ArcSoft, Inc.) S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [40760 2009-10-21] (Hewlett-Packard Development Company L.P.) R3 dpmconv; C:\Windows\System32\DRIVERS\dpmconv.sys [259072 2011-04-19] (SIEMENS AG) S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [256000 2010-08-31] (Huawei Technologies Co., Ltd.) S3 JAMVOX_01; C:\Windows\System32\DRIVERS\JamWdm.sys [31824 2009-04-15] () S1 JAMVOX_AA; C:\Windows\System32\DRIVERS\JamDRV.sys [62544 2009-04-15] () R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-05-12] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation) R1 RsvLock; C:\Windows\System32\Drivers\RsvLock.sys [58184 2009-12-16] (McAfee, Inc.) R1 RsvLock; C:\Windows\SysWow64\Drivers\RsvLock.sys [40088 2009-12-16] (McAfee, Inc.) R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [89216 2009-12-22] (Realtek Semiconductor Corp.) R3 s7odpx2x64; C:\Windows\System32\DRIVERS\s7odpx2x64.sys [71168 2012-01-17] (SIEMENS AG) R3 s7oppinx64; C:\Windows\System32\DRIVERS\s7oppinx64.sys [107520 2012-01-17] (SIEMENS AG) R3 s7oserix64; C:\Windows\System32\Drivers\s7oserix64.sys [121344 2011-05-06] (SIEMENS AG) R3 s7osmcax64; C:\Windows\System32\DRIVERS\s7osmcax64.sys [195584 2011-09-29] (SIEMENS AG) R3 s7osobux64; C:\Windows\System32\DRIVERS\s7osobux64.sys [152576 2011-05-06] (SIEMENS AG) R3 s7otmcd64x; C:\Windows\System32\Drivers\s7otmcd64x.sys [199680 2011-05-06] (SIEMENS AG) R3 s7otranx64; C:\Windows\System32\DRIVERS\s7otranx64.sys [260096 2012-01-17] (SIEMENS AG) R3 s7otsadx64; C:\Windows\System32\DRIVERS\s7otsadx64.sys [192000 2011-09-29] (SIEMENS AG) R2 s7ousbu64x; C:\Windows\System32\DRIVERS\s7ousbu64x.sys [196608 2012-01-17] (SIEMENS AG) R2 s7sn2srtx; C:\Windows\System32\DRIVERS\s7sn2srtx.sys [83032 2011-06-16] (SIEMENS AG) R0 SafeBoot; C:\Windows\System32\Drivers\SafeBoot.sys [56648 2009-12-16] () R0 SafeBoot; C:\Windows\SysWow64\Drivers\SafeBoot.sys [110520 2009-12-16] (McAfee, Inc.) R0 SbAlg; C:\Windows\System32\Drivers\SbAlg.sys [60160 2009-06-04] (McAfee, Inc.) R0 SbAlg; C:\Windows\SysWow64\Drivers\SbAlg.sys [51800 2009-12-16] (McAfee, Inc.) R0 SbFsLock; C:\Windows\System32\Drivers\SbFsLock.sys [15688 2009-12-16] (McAfee, Inc.) R0 SbFsLock; C:\Windows\SysWow64\Drivers\SbFsLock.sys [13256 2009-12-16] (McAfee, Inc.) S3 SNPSTD3; C:\Windows\System32\DRIVERS\snpstd3.sys [10550272 2007-03-27] (Sonix Co. Ltd.) R2 SNTIE; C:\Windows\System32\DRIVERS\sntie.sys [179288 2011-10-11] (SIEMENS AG) R3 vsnl2ada; C:\Windows\System32\DRIVERS\vsnl2ada.sys [120832 2011-04-19] (SIEMENS AG) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 nmwcd; system32\drivers\ccdcmbx64.sys [X] S3 nmwcdc; system32\drivers\ccdcmbox64.sys [X] S3 STHDA; system32\DRIVERS\stwrt64.sys [X] S3 upperdev; system32\DRIVERS\usbser_lowerfltx64.sys [X] U2 wuaserv; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-12 19:51 - 2014-05-12 19:51 - 00000000 ____D () C:\Users\Chris\Downloads\FRST-OlderVersion 2014-05-12 19:29 - 2014-05-12 19:29 - 00000695 _____ () C:\Users\Chris\Desktop\JRT.txt 2014-05-12 19:21 - 2014-05-12 19:21 - 00000000 ____D () C:\windows\ERUNT 2014-05-12 19:20 - 2014-05-12 19:21 - 01016261 _____ (Thisisu) C:\Users\Chris\Desktop\JRT.exe 2014-05-12 19:19 - 2014-05-12 19:19 - 00006434 _____ () C:\Users\Chris\Desktop\AdwCleaner[S0].txt 2014-05-12 15:54 - 2014-05-12 19:16 - 00000000 ____D () C:\AdwCleaner 2014-05-12 15:54 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\SysWOW64\sqlite3.dll 2014-05-12 15:52 - 2014-05-12 15:53 - 01325827 _____ () C:\Users\Chris\Desktop\adwcleaner.exe 2014-05-12 15:49 - 2014-05-12 15:49 - 00001642 _____ () C:\Users\Chris\Desktop\mbam.txt 2014-05-12 15:21 - 2014-05-12 19:20 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-12 15:21 - 2014-05-12 15:21 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-05-12 15:21 - 2014-05-12 15:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-05-12 15:21 - 2014-05-12 15:21 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-12 15:21 - 2014-05-12 15:21 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-05-12 15:21 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys 2014-05-12 15:21 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys 2014-05-12 15:21 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys 2014-05-12 15:10 - 2014-05-12 15:16 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Chris\Desktop\mbam-setup-2.0.1.1004.exe 2014-05-12 15:04 - 2014-05-12 15:04 - 00003284 _____ () C:\windows\System32\Tasks\{2D6FB43B-3571-411F-AF75-EDDBCB35F900} 2014-05-08 13:38 - 2014-05-08 13:38 - 00026049 _____ () C:\ComboFix.txt 2014-05-08 13:00 - 2014-05-08 13:38 - 00000000 ____D () C:\Qoobox 2014-05-08 13:00 - 2014-05-08 13:34 - 00000000 ____D () C:\windows\erdnt 2014-05-08 13:00 - 2011-06-26 08:45 - 00256000 _____ () C:\windows\PEV.exe 2014-05-08 13:00 - 2010-11-07 19:20 - 00208896 _____ () C:\windows\MBR.exe 2014-05-08 13:00 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe 2014-05-08 13:00 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe 2014-05-08 13:00 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe 2014-05-08 13:00 - 2000-08-31 02:00 - 00098816 _____ () C:\windows\sed.exe 2014-05-08 13:00 - 2000-08-31 02:00 - 00080412 _____ () C:\windows\grep.exe 2014-05-08 13:00 - 2000-08-31 02:00 - 00068096 _____ () C:\windows\zip.exe 2014-05-08 12:58 - 2014-05-08 13:00 - 05200039 ____R (Swearware) C:\Users\Chris\Desktop\ComboFix.exe 2014-05-08 12:21 - 2014-05-08 12:21 - 00000000 ___SD () C:\windows\system32\CompatTel 2014-05-08 12:21 - 2014-04-29 16:01 - 23547904 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2014-05-08 12:21 - 2014-04-29 15:40 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2014-05-08 12:21 - 2014-04-29 14:48 - 17384448 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2014-05-08 12:21 - 2014-04-29 14:34 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb 2014-05-07 08:47 - 2014-05-07 08:48 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Chris\Downloads\revosetup95 (1).exe 2014-05-07 08:47 - 2014-05-07 08:47 - 00001264 _____ () C:\Users\Chris\Desktop\Revo Uninstaller.lnk 2014-05-07 08:47 - 2014-05-07 08:47 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-05-07 08:46 - 2014-05-07 08:47 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Chris\Downloads\revosetup95.exe 2014-05-07 07:58 - 2014-05-07 08:17 - 00042984 _____ () C:\Users\Chris\Downloads\Addition.txt 2014-05-07 07:57 - 2014-05-12 19:52 - 00021403 _____ () C:\Users\Chris\Downloads\FRST.txt 2014-05-07 07:56 - 2014-05-12 19:52 - 00000000 ____D () C:\FRST 2014-05-07 07:55 - 2014-05-12 19:51 - 02066944 _____ (Farbar) C:\Users\Chris\Downloads\FRST64.exe 2014-05-07 07:47 - 2014-05-07 07:47 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte 2014-05-07 07:08 - 2014-05-07 07:08 - 00001532 _____ () C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk 2014-05-06 12:16 - 2014-05-06 12:38 - 34014392 _____ (DVDVideoSoft Ltd. ) C:\Users\Chris\Downloads\FreeYouTubeToMP3Converter34430.exe 2014-05-06 10:52 - 2014-04-14 04:24 - 00465408 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll 2014-05-06 10:52 - 2014-04-14 04:19 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll 2014-05-05 12:23 - 2014-05-05 12:35 - 32346240 _____ (DVDVideoSoft Ltd. ) C:\Users\Chris\Downloads\FreeYouTubeDownload-3.2.33.424.exe 2014-05-05 12:18 - 2014-05-05 12:18 - 00001477 _____ () C:\Users\Public\Desktop\Free MP4 Video Converter.lnk 2014-05-05 11:48 - 2014-05-05 12:01 - 32121120 _____ (DVDVideoSoft Ltd. ) C:\Users\Chris\Downloads\FreeMP4VideoConverter_v5.0.39.430.exe 2014-04-30 14:55 - 2014-04-30 14:55 - 00000000 __SHD () C:\Users\Chris\AppData\Local\EmieUserList 2014-04-30 14:55 - 2014-04-30 14:55 - 00000000 __SHD () C:\Users\Chris\AppData\Local\EmieSiteList 2014-04-29 06:46 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll 2014-04-29 06:46 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2014-04-29 06:46 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll 2014-04-29 06:46 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll 2014-04-29 06:46 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2014-04-29 06:46 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2014-04-29 06:46 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2014-04-29 06:46 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2014-04-29 06:46 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe 2014-04-29 06:46 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe 2014-04-29 06:46 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll 2014-04-29 06:46 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe 2014-04-29 06:46 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2014-04-29 06:46 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll 2014-04-29 06:46 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2014-04-29 06:46 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll 2014-04-29 06:46 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll 2014-04-29 06:46 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll 2014-04-29 06:46 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll 2014-04-29 06:46 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll 2014-04-29 06:46 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll 2014-04-29 06:46 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2014-04-29 06:46 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll 2014-04-29 06:46 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll 2014-04-29 06:46 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll 2014-04-29 06:46 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll 2014-04-29 06:46 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe 2014-04-29 06:46 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll 2014-04-29 06:46 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll 2014-04-29 06:46 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2014-04-29 06:46 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-04-29 06:46 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2014-04-29 06:46 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll 2014-04-29 06:46 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll 2014-04-29 06:46 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2014-04-29 06:46 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2014-04-29 06:46 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl 2014-04-29 06:46 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2014-04-29 06:46 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2014-04-29 06:46 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2014-04-29 06:46 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll 2014-04-29 06:46 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll 2014-04-29 06:46 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2014-04-29 06:46 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2014-04-28 21:16 - 2014-05-12 19:28 - 00001108 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-04-28 21:16 - 2014-05-12 19:18 - 00001104 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-04-28 21:16 - 2014-05-08 12:22 - 00004104 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-04-28 21:16 - 2014-05-08 12:22 - 00003852 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-04-28 21:16 - 2014-05-02 12:15 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-04-28 21:16 - 2014-04-28 21:16 - 00000000 ____D () C:\Users\Chris\AppData\Local\Google 2014-04-28 21:16 - 2014-04-28 21:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-04-28 21:16 - 2014-04-28 21:16 - 00000000 ____D () C:\Program Files (x86)\Google 2014-04-28 20:55 - 2014-04-28 21:12 - 38317592 _____ (Google Inc.) C:\Users\Chris\Downloads\ChromeStandaloneSetup_34.0.1847.116.exe 2014-04-28 19:11 - 2014-04-28 19:11 - 00000000 ____D () C:\Users\Chris\Desktop\Neuer Ordner 2014-04-28 12:44 - 2014-04-28 19:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-04-12 22:31 - 2014-04-12 22:31 - 00000000 ____D () C:\Users\Chris\Documents\ArcSoft ==================== One Month Modified Files and Folders ======= 2014-05-12 19:52 - 2014-05-07 07:57 - 00021403 _____ () C:\Users\Chris\Downloads\FRST.txt 2014-05-12 19:52 - 2014-05-07 07:56 - 00000000 ____D () C:\FRST 2014-05-12 19:51 - 2014-05-12 19:51 - 00000000 ____D () C:\Users\Chris\Downloads\FRST-OlderVersion 2014-05-12 19:51 - 2014-05-07 07:55 - 02066944 _____ (Farbar) C:\Users\Chris\Downloads\FRST64.exe 2014-05-12 19:29 - 2014-05-12 19:29 - 00000695 _____ () C:\Users\Chris\Desktop\JRT.txt 2014-05-12 19:28 - 2014-04-28 21:16 - 00001108 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-05-12 19:25 - 2009-07-14 06:45 - 00019760 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-05-12 19:25 - 2009-07-14 06:45 - 00019760 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-05-12 19:24 - 2010-12-07 14:06 - 00700134 _____ () C:\windows\system32\perfh007.dat 2014-05-12 19:24 - 2010-12-07 14:06 - 00149984 _____ () C:\windows\system32\perfc007.dat 2014-05-12 19:24 - 2009-07-14 07:13 - 01622236 _____ () C:\windows\system32\PerfStringBackup.INI 2014-05-12 19:21 - 2014-05-12 19:21 - 00000000 ____D () C:\windows\ERUNT 2014-05-12 19:21 - 2014-05-12 19:20 - 01016261 _____ (Thisisu) C:\Users\Chris\Desktop\JRT.exe 2014-05-12 19:20 - 2014-05-12 15:21 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-12 19:20 - 2010-12-07 14:05 - 00000000 ____D () C:\ProgramData\HPQLOG 2014-05-12 19:19 - 2014-05-12 19:19 - 00006434 _____ () C:\Users\Chris\Desktop\AdwCleaner[S0].txt 2014-05-12 19:18 - 2014-04-28 21:16 - 00001104 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-05-12 19:18 - 2011-05-19 18:05 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Skype 2014-05-12 19:17 - 2011-01-22 01:27 - 00452180 _____ () C:\windows\PFRO.log 2014-05-12 19:17 - 2011-01-08 11:28 - 01770257 _____ () C:\windows\WindowsUpdate.log 2014-05-12 19:17 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2014-05-12 19:17 - 2009-07-14 06:51 - 00302985 _____ () C:\windows\setupact.log 2014-05-12 19:16 - 2014-05-12 15:54 - 00000000 ____D () C:\AdwCleaner 2014-05-12 19:16 - 2011-01-21 17:42 - 00000989 _____ () C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-05-12 15:53 - 2014-05-12 15:52 - 01325827 _____ () C:\Users\Chris\Desktop\adwcleaner.exe 2014-05-12 15:49 - 2014-05-12 15:49 - 00001642 _____ () C:\Users\Chris\Desktop\mbam.txt 2014-05-12 15:43 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\Resources 2014-05-12 15:21 - 2014-05-12 15:21 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-05-12 15:21 - 2014-05-12 15:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-05-12 15:21 - 2014-05-12 15:21 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-12 15:21 - 2014-05-12 15:21 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-05-12 15:16 - 2014-05-12 15:10 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Chris\Desktop\mbam-setup-2.0.1.1004.exe 2014-05-12 15:04 - 2014-05-12 15:04 - 00003284 _____ () C:\windows\System32\Tasks\{2D6FB43B-3571-411F-AF75-EDDBCB35F900} 2014-05-08 20:07 - 2014-03-13 19:55 - 00003186 _____ () C:\windows\System32\Tasks\HPCeeScheduleForChris 2014-05-08 20:07 - 2014-03-13 19:55 - 00000332 _____ () C:\windows\Tasks\HPCeeScheduleForChris.job 2014-05-08 13:38 - 2014-05-08 13:38 - 00026049 _____ () C:\ComboFix.txt 2014-05-08 13:38 - 2014-05-08 13:00 - 00000000 ____D () C:\Qoobox 2014-05-08 13:38 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default 2014-05-08 13:34 - 2014-05-08 13:00 - 00000000 ____D () C:\windows\erdnt 2014-05-08 13:24 - 2009-07-14 04:34 - 00000215 _____ () C:\windows\system.ini 2014-05-08 13:21 - 2014-02-25 18:02 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-05-08 13:21 - 2009-07-14 04:34 - 23330816 _____ () C:\windows\system32\config\SYSTEM.bak 2014-05-08 13:21 - 2009-07-14 04:34 - 100925440 _____ () C:\windows\system32\config\SOFTWARE.bak 2014-05-08 13:21 - 2009-07-14 04:34 - 01048576 _____ () C:\windows\system32\config\DEFAULT.bak 2014-05-08 13:21 - 2009-07-14 04:34 - 00262144 _____ () C:\windows\system32\config\SECURITY.bak 2014-05-08 13:21 - 2009-07-14 04:34 - 00262144 _____ () C:\windows\system32\config\SAM.bak 2014-05-08 13:00 - 2014-05-08 12:58 - 05200039 ____R (Swearware) C:\Users\Chris\Desktop\ComboFix.exe 2014-05-08 12:22 - 2014-04-28 21:16 - 00004104 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-05-08 12:22 - 2014-04-28 21:16 - 00003852 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-05-08 12:21 - 2014-05-08 12:21 - 00000000 ___SD () C:\windows\system32\CompatTel 2014-05-07 11:44 - 2014-02-25 10:16 - 00000306 __RSH () C:\ProgramData\ntuser.pol 2014-05-07 09:58 - 2011-01-22 01:29 - 00000000 ____D () C:\windows\rescache 2014-05-07 08:48 - 2014-05-07 08:47 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Chris\Downloads\revosetup95 (1).exe 2014-05-07 08:47 - 2014-05-07 08:47 - 00001264 _____ () C:\Users\Chris\Desktop\Revo Uninstaller.lnk 2014-05-07 08:47 - 2014-05-07 08:47 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-05-07 08:47 - 2014-05-07 08:46 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Chris\Downloads\revosetup95.exe 2014-05-07 08:17 - 2014-05-07 07:58 - 00042984 _____ () C:\Users\Chris\Downloads\Addition.txt 2014-05-07 07:47 - 2014-05-07 07:47 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte 2014-05-07 07:08 - 2014-05-07 07:08 - 00001532 _____ () C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk 2014-05-07 07:08 - 2012-11-08 22:32 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft 2014-05-07 07:08 - 2011-08-05 18:32 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\DVDVideoSoft 2014-05-07 07:08 - 2011-01-24 20:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft 2014-05-06 12:38 - 2014-05-06 12:16 - 34014392 _____ (DVDVideoSoft Ltd. ) C:\Users\Chris\Downloads\FreeYouTubeToMP3Converter34430.exe 2014-05-05 12:35 - 2014-05-05 12:23 - 32346240 _____ (DVDVideoSoft Ltd. ) C:\Users\Chris\Downloads\FreeYouTubeDownload-3.2.33.424.exe 2014-05-05 12:18 - 2014-05-05 12:18 - 00001477 _____ () C:\Users\Public\Desktop\Free MP4 Video Converter.lnk 2014-05-05 12:01 - 2014-05-05 11:48 - 32121120 _____ (DVDVideoSoft Ltd. ) C:\Users\Chris\Downloads\FreeMP4VideoConverter_v5.0.39.430.exe 2014-05-05 11:47 - 2011-01-23 19:32 - 00000052 _____ () C:\windows\SysWOW64\DOErrors.log 2014-05-05 11:46 - 2011-10-30 19:50 - 00000000 _____ () C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt 2014-05-02 12:15 - 2014-04-28 21:16 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-04-30 15:06 - 2011-01-26 20:37 - 00000000 ____D () C:\Users\Chris\AppData\Local\CrashDumps 2014-04-30 14:55 - 2014-04-30 14:55 - 00000000 __SHD () C:\Users\Chris\AppData\Local\EmieUserList 2014-04-30 14:55 - 2014-04-30 14:55 - 00000000 __SHD () C:\Users\Chris\AppData\Local\EmieSiteList 2014-04-29 16:01 - 2014-05-08 12:21 - 23547904 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2014-04-29 15:40 - 2014-05-08 12:21 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2014-04-29 14:48 - 2014-05-08 12:21 - 17384448 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2014-04-29 14:34 - 2014-05-08 12:21 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb 2014-04-29 07:58 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\PolicyDefinitions 2014-04-28 21:16 - 2014-04-28 21:16 - 00000000 ____D () C:\Users\Chris\AppData\Local\Google 2014-04-28 21:16 - 2014-04-28 21:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-04-28 21:16 - 2014-04-28 21:16 - 00000000 ____D () C:\Program Files (x86)\Google 2014-04-28 21:12 - 2014-04-28 20:55 - 38317592 _____ (Google Inc.) C:\Users\Chris\Downloads\ChromeStandaloneSetup_34.0.1847.116.exe 2014-04-28 20:23 - 2013-03-06 19:03 - 01232896 ___SH () C:\Users\Chris\Desktop\Thumbs.db 2014-04-28 20:07 - 2013-11-27 16:22 - 00017390 _____ () C:\windows\IE11_main.log 2014-04-28 19:11 - 2014-04-28 19:11 - 00000000 ____D () C:\Users\Chris\Desktop\Neuer Ordner 2014-04-28 19:11 - 2014-04-28 12:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-04-28 19:11 - 2011-01-21 18:20 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Mozilla 2014-04-14 04:24 - 2014-05-06 10:52 - 00465408 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll 2014-04-14 04:19 - 2014-05-06 10:52 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll 2014-04-12 22:31 - 2014-04-12 22:31 - 00000000 ____D () C:\Users\Chris\Documents\ArcSoft Some content of TEMP: ==================== C:\Users\Chris\AppData\Local\Temp\Quarantine.exe |
|
13.05.2014, 15:22
| #8 |
| /// the machine /// TB-Ausbilder | Werbefenster öffnen sich selbstständig in allen BrowsernESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
15.05.2014, 19:28
| #9 |
| | Werbefenster öffnen sich selbstständig in allen Browsern So einmal alles : Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ec465302a1d0cf42a42da47e6bce8bb0
# engine=18276
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-05-15 05:49:38
# local_time=2014-05-15 07:49:38 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 105529 151806028 0 0
# scanned=265317
# found=14
# cleaned=8
# scan_time=4478
sh=3DAE542BD4F0368B19B4047C0838D3F4FC4DA090 ft=1 fh=9b1350829aeb80db vn="Variante von Win32/Distromatic.B evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\distro-abb-fix[1]"
sh=E4333469F3070D049E4FDA053756B96B9F59569B ft=1 fh=5e9b3d881266bb41 vn="Win32/Distromatic evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\distro-search-protect-fix-2[1]"
sh=63981687FFC14608CDAE65C7EFEA1B24ACAF1DF4 ft=1 fh=c82ffca9f6717ccb vn="Variante von Win32/Distromatic.B evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\distro-search-protect-fix-3[1]"
sh=29E421AB9476F9D2E23DAC7CFDE8DD9EE9D0768A ft=1 fh=d53e88ba43d6b8ab vn="Win32/Distromatic.B evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\distro-search-protect-fix-4[1]"
sh=F4BBB551315DBE49911663D85F079AFE8B5F8F51 ft=1 fh=96414ff33da39282 vn="Variante von Win32/Toolbar.BitCocktail.B evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\update[1]"
sh=F4BBB551315DBE49911663D85F079AFE8B5F8F51 ft=1 fh=96414ff33da39282 vn="Variante von Win32/Toolbar.BitCocktail.B evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\update[2]"
sh=7800581A9599622F64C310DF897FD72BDF27155C ft=1 fh=04a3fa8adc261380 vn="Variante von Win32/DomaIQ.BB evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\00\00000000"
sh=8F5C4B49415DD1D33CA87A417BFC6306883CF7F0 ft=1 fh=fe26d910a0aa5728 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Chris\Downloads\PDF XChange Viewer - CHIP-Downloader.exe"
sh=3DAE542BD4F0368B19B4047C0838D3F4FC4DA090 ft=1 fh=9b1350829aeb80db vn="Variante von Win32/Distromatic.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\distro-abb-fix[1]"
sh=E4333469F3070D049E4FDA053756B96B9F59569B ft=1 fh=5e9b3d881266bb41 vn="Win32/Distromatic evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\distro-search-protect-fix-2[1]"
sh=63981687FFC14608CDAE65C7EFEA1B24ACAF1DF4 ft=1 fh=c82ffca9f6717ccb vn="Variante von Win32/Distromatic.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\distro-search-protect-fix-3[1]"
sh=29E421AB9476F9D2E23DAC7CFDE8DD9EE9D0768A ft=1 fh=d53e88ba43d6b8ab vn="Win32/Distromatic.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\distro-search-protect-fix-4[1]"
sh=F4BBB551315DBE49911663D85F079AFE8B5F8F51 ft=1 fh=96414ff33da39282 vn="Variante von Win32/Toolbar.BitCocktail.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\update[1]"
sh=F4BBB551315DBE49911663D85F079AFE8B5F8F51 ft=1 fh=96414ff33da39282 vn="Variante von Win32/Toolbar.BitCocktail.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\update[2]"
Code:
ATTFilter Results of screen317's Security Check version 0.99.82 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Adobe Flash Player 11.7.700.202 Flash Player out of Date! Google Chrome 34.0.1847.116 Google Chrome 34.0.1847.131 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-05-2014 01 Ran by Chris (administrator) on CHRIS-HP on 15-05-2014 20:23:41 Running from C:\Users\Chris\Downloads Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe (McAfee, Inc.) C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (AMD) C:\Windows\System32\atiesrxx.exe (Hewlett-Packard) C:\Windows\System32\hpservice.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (AMD) C:\Windows\System32\atieclxx.exe (DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe (SIEMENS AG) C:\Program Files\Common Files\Siemens\sws\almsrv\almsrv64x.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Siemens AG) C:\Program Files\Common Files\Siemens\AlmPanelPlugin\ALMPanelPlugin.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Juniper Networks) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe (SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE (SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE (Hewlett-Packard Development Company, L.P) C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (SIEMENS AG) C:\Program Files\Common Files\Siemens\Automation\Simatic OAM\bin\s7oiehsx64.exe (SIEMENS AG) C:\Program Files\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceService64x.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (SIEMENS AG) C:\Program Files\Common Files\Siemens\Automation\Simatic OAM\bin\s7epasrv64x.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (ArcSoft, Inc.) C:\Windows\system\uArcCapture.exe (SIEMENS AG) C:\Program Files\Common Files\Siemens\Automation\Simatic OAM\bin\pniomgr.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (McAfee, Inc.) C:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Korg Inc.) C:\Windows\System32\InitJam.exe (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe () C:\Windows\vsnpstd3.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe () C:\Windows\tsnpstd3.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe (SIEMENS AG) C:\Windows\SysWOW64\pniopcac.exe (SIEMENS AG) C:\Windows\SysWOW64\pniopcac.exe (SIEMENS AG) C:\Windows\SysWOW64\pniopcac.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunes.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtITunesPlugIn.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [HPPowerAssistant] => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [1691192 2010-06-19] (Hewlett-Packard Company) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2174760 2010-06-04] (Synaptics Incorporated) HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-04-05] (Hewlett-Packard) HKLM\...\Run: [JamInit] => C:\windows\system32\InitJam.exe [253008 2009-04-15] (Korg Inc.) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation) HKLM\...\Run: [snpstd3] => C:\windows\vsnpstd3.exe [827392 2006-09-19] () HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation) HKLM-x32\...\Run: [File Sanitizer] => C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [11265536 2009-12-12] (Hewlett-Packard) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-08-05] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [DTRun] => c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe [518656 2009-11-19] (ArcSoft Inc.) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe [256056 2010-10-01] (Hewlett-Packard Company) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.) HKLM-x32\...\Run: [SiemensAutomationFileStorage] => C:\Program Files (x86)\Siemens\Automation\Portal V11\\Bin\Siemens.Automation.ObjectFrame.FileStorage.Server.exe [856064 2011-11-22] (Siemens AG) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [162856 2013-07-22] (Geek Software GmbH) HKLM-x32\...\Run: [tsnpstd3] => C:\windows\tsnpstd3.exe [262144 2006-07-07] () HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-06] (Apple Inc.) Winlogon\Notify\DeviceNP-x32: DeviceNP.dll [X] HKU\S-1-5-21-538565719-3422209620-1557115018-1002\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-06-17] (Hewlett-Packard Company) HKU\S-1-5-21-538565719-3422209620-1557115018-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.) HKU\S-1-5-21-538565719-3422209620-1557115018-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-09-14] (Apple Inc.) HKU\S-1-5-21-538565719-3422209620-1557115018-1002\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-09-15] (Apple Inc.) Lsa: [Notification Packages] DPPassFilter scecli Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: HP ProtectTools Security Manager Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard) BHO-x32: File Sanitizer for HP ProtectTools - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard) BHO-x32: HP ProtectTools Security Manager Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.) BHO-x32: PodcastBHO Class - {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll (doubleTwist Corporation) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll () FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @doubletwist.com/NPPodcast - C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll (doubleTwist Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ FF Extension: DigitalPersona Extension - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [] Chrome: ======= CHR HomePage: CHR Extension: (Google Drive) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-28] CHR Extension: (YouTube) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-28] CHR Extension: (Google-Suche) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-28] CHR Extension: (Google Wallet) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-28] CHR Extension: (Google Mail) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-28] ==================== Services (Whitelisted) ================= S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) R2 almservice; C:\Program Files\Common Files\Siemens\sws\almsrv\almsrv64x.exe [1543816 2011-12-11] (SIEMENS AG) R3 DEBridge; c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [704512 2009-12-16] (McAfee, Inc.) R2 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [462088 2009-11-25] (DigitalPersona, Inc.) S3 FLCDLOCK; c:\Windows\SysWOW64\flcdlock.exe [362040 2009-11-18] (Hewlett-Packard Ltd) R2 HP ProtectTools Service; c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [36864 2009-11-19] (Hewlett-Packard Development Company, L.P) R2 HpFkCryptService; c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [281192 2009-12-16] (McAfee, Inc.) R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [280120 2010-10-01] (Hewlett-Packard Company) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation) R2 s7oiehsx64; C:\Program Files\Common Files\Siemens\Automation\Simatic OAM\bin\s7oiehsx64.exe [139864 2012-01-30] (SIEMENS AG) R2 S7TraceServiceX; C:\Program Files\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceService64x.exe [470104 2012-01-30] (SIEMENS AG) R2 uArcCapture; C:\windows\system\uArcCapture.exe [506472 2009-12-04] (ArcSoft, Inc.) ==================== Drivers (Whitelisted) ==================== U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R3 ARCVCAM; C:\Windows\System32\DRIVERS\ArcSoftVCapture.sys [32640 2009-12-04] (ArcSoft, Inc.) S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [40760 2009-10-21] (Hewlett-Packard Development Company L.P.) R3 dpmconv; C:\Windows\System32\DRIVERS\dpmconv.sys [259072 2011-04-19] (SIEMENS AG) S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [256000 2010-08-31] (Huawei Technologies Co., Ltd.) S3 JAMVOX_01; C:\Windows\System32\DRIVERS\JamWdm.sys [31824 2009-04-15] () S1 JAMVOX_AA; C:\Windows\System32\DRIVERS\JamDRV.sys [62544 2009-04-15] () R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-05-15] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation) R1 RsvLock; C:\Windows\System32\Drivers\RsvLock.sys [58184 2009-12-16] (McAfee, Inc.) R1 RsvLock; C:\Windows\SysWow64\Drivers\RsvLock.sys [40088 2009-12-16] (McAfee, Inc.) R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [89216 2009-12-22] (Realtek Semiconductor Corp.) R3 s7odpx2x64; C:\Windows\System32\DRIVERS\s7odpx2x64.sys [71168 2012-01-17] (SIEMENS AG) R3 s7oppinx64; C:\Windows\System32\DRIVERS\s7oppinx64.sys [107520 2012-01-17] (SIEMENS AG) R3 s7oserix64; C:\Windows\System32\Drivers\s7oserix64.sys [121344 2011-05-06] (SIEMENS AG) R3 s7osmcax64; C:\Windows\System32\DRIVERS\s7osmcax64.sys [195584 2011-09-29] (SIEMENS AG) R3 s7osobux64; C:\Windows\System32\DRIVERS\s7osobux64.sys [152576 2011-05-06] (SIEMENS AG) R3 s7otmcd64x; C:\Windows\System32\Drivers\s7otmcd64x.sys [199680 2011-05-06] (SIEMENS AG) R3 s7otranx64; C:\Windows\System32\DRIVERS\s7otranx64.sys [260096 2012-01-17] (SIEMENS AG) R3 s7otsadx64; C:\Windows\System32\DRIVERS\s7otsadx64.sys [192000 2011-09-29] (SIEMENS AG) R2 s7ousbu64x; C:\Windows\System32\DRIVERS\s7ousbu64x.sys [196608 2012-01-17] (SIEMENS AG) R2 s7sn2srtx; C:\Windows\System32\DRIVERS\s7sn2srtx.sys [83032 2011-06-16] (SIEMENS AG) R0 SafeBoot; C:\Windows\System32\Drivers\SafeBoot.sys [56648 2009-12-16] () R0 SafeBoot; C:\Windows\SysWow64\Drivers\SafeBoot.sys [110520 2009-12-16] (McAfee, Inc.) R0 SbAlg; C:\Windows\System32\Drivers\SbAlg.sys [60160 2009-06-04] (McAfee, Inc.) R0 SbAlg; C:\Windows\SysWow64\Drivers\SbAlg.sys [51800 2009-12-16] (McAfee, Inc.) R0 SbFsLock; C:\Windows\System32\Drivers\SbFsLock.sys [15688 2009-12-16] (McAfee, Inc.) R0 SbFsLock; C:\Windows\SysWow64\Drivers\SbFsLock.sys [13256 2009-12-16] (McAfee, Inc.) S3 SNPSTD3; C:\Windows\System32\DRIVERS\snpstd3.sys [10550272 2007-03-27] (Sonix Co. Ltd.) R2 SNTIE; C:\Windows\System32\DRIVERS\sntie.sys [179288 2011-10-11] (SIEMENS AG) R3 vsnl2ada; C:\Windows\System32\DRIVERS\vsnl2ada.sys [120832 2011-04-19] (SIEMENS AG) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 nmwcd; system32\drivers\ccdcmbx64.sys [X] S3 nmwcdc; system32\drivers\ccdcmbox64.sys [X] S3 STHDA; system32\DRIVERS\stwrt64.sys [X] S3 upperdev; system32\DRIVERS\usbser_lowerfltx64.sys [X] U2 wuaserv; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-15 20:19 - 2014-05-15 20:20 - 00855379 _____ () C:\Users\Chris\Desktop\SecurityCheck.exe 2014-05-15 12:46 - 2014-05-15 12:46 - 00765144 _____ () C:\windows\Minidump\051514-19359-01.dmp 2014-05-12 19:51 - 2014-05-12 19:51 - 00000000 ____D () C:\Users\Chris\Downloads\FRST-OlderVersion 2014-05-12 19:29 - 2014-05-12 19:29 - 00000695 _____ () C:\Users\Chris\Desktop\JRT.txt 2014-05-12 19:21 - 2014-05-12 19:21 - 00000000 ____D () C:\windows\ERUNT 2014-05-12 19:20 - 2014-05-12 19:21 - 01016261 _____ (Thisisu) C:\Users\Chris\Desktop\JRT.exe 2014-05-12 19:19 - 2014-05-12 19:19 - 00006434 _____ () C:\Users\Chris\Desktop\AdwCleaner[S0].txt 2014-05-12 15:54 - 2014-05-12 19:16 - 00000000 ____D () C:\AdwCleaner 2014-05-12 15:54 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\SysWOW64\sqlite3.dll 2014-05-12 15:52 - 2014-05-12 15:53 - 01325827 _____ () C:\Users\Chris\Desktop\adwcleaner.exe 2014-05-12 15:49 - 2014-05-12 15:49 - 00001642 _____ () C:\Users\Chris\Desktop\mbam.txt 2014-05-12 15:21 - 2014-05-15 18:03 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-12 15:21 - 2014-05-12 15:21 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-05-12 15:21 - 2014-05-12 15:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-05-12 15:21 - 2014-05-12 15:21 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-12 15:21 - 2014-05-12 15:21 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-05-12 15:21 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys 2014-05-12 15:21 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys 2014-05-12 15:21 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys 2014-05-12 15:10 - 2014-05-12 15:16 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Chris\Desktop\mbam-setup-2.0.1.1004.exe 2014-05-12 15:04 - 2014-05-12 15:04 - 00003284 _____ () C:\windows\System32\Tasks\{2D6FB43B-3571-411F-AF75-EDDBCB35F900} 2014-05-08 13:38 - 2014-05-08 13:38 - 00026049 _____ () C:\ComboFix.txt 2014-05-08 13:00 - 2014-05-08 13:38 - 00000000 ____D () C:\Qoobox 2014-05-08 13:00 - 2014-05-08 13:34 - 00000000 ____D () C:\windows\erdnt 2014-05-08 13:00 - 2011-06-26 08:45 - 00256000 _____ () C:\windows\PEV.exe 2014-05-08 13:00 - 2010-11-07 19:20 - 00208896 _____ () C:\windows\MBR.exe 2014-05-08 13:00 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe 2014-05-08 13:00 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe 2014-05-08 13:00 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe 2014-05-08 13:00 - 2000-08-31 02:00 - 00098816 _____ () C:\windows\sed.exe 2014-05-08 13:00 - 2000-08-31 02:00 - 00080412 _____ () C:\windows\grep.exe 2014-05-08 13:00 - 2000-08-31 02:00 - 00068096 _____ () C:\windows\zip.exe 2014-05-08 12:58 - 2014-05-08 13:00 - 05200039 ____R (Swearware) C:\Users\Chris\Desktop\ComboFix.exe 2014-05-08 12:21 - 2014-05-08 12:21 - 00000000 ___SD () C:\windows\system32\CompatTel 2014-05-08 12:21 - 2014-04-29 16:01 - 23547904 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2014-05-08 12:21 - 2014-04-29 15:40 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2014-05-08 12:21 - 2014-04-29 14:48 - 17384448 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2014-05-08 12:21 - 2014-04-29 14:34 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb 2014-05-07 08:47 - 2014-05-07 08:48 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Chris\Downloads\revosetup95 (1).exe 2014-05-07 08:47 - 2014-05-07 08:47 - 00001264 _____ () C:\Users\Chris\Desktop\Revo Uninstaller.lnk 2014-05-07 08:47 - 2014-05-07 08:47 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-05-07 08:46 - 2014-05-07 08:47 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Chris\Downloads\revosetup95.exe 2014-05-07 07:58 - 2014-05-07 08:17 - 00042984 _____ () C:\Users\Chris\Downloads\Addition.txt 2014-05-07 07:57 - 2014-05-15 20:23 - 00021748 _____ () C:\Users\Chris\Downloads\FRST.txt 2014-05-07 07:56 - 2014-05-15 20:23 - 00000000 ____D () C:\FRST 2014-05-07 07:55 - 2014-05-12 19:51 - 02066944 _____ (Farbar) C:\Users\Chris\Downloads\FRST64.exe 2014-05-07 07:47 - 2014-05-07 07:47 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte 2014-05-07 07:08 - 2014-05-07 07:08 - 00001532 _____ () C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk 2014-05-06 12:16 - 2014-05-06 12:38 - 34014392 _____ (DVDVideoSoft Ltd. ) C:\Users\Chris\Downloads\FreeYouTubeToMP3Converter34430.exe 2014-05-06 10:52 - 2014-04-14 04:24 - 00465408 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll 2014-05-06 10:52 - 2014-04-14 04:19 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll 2014-05-05 12:23 - 2014-05-05 12:35 - 32346240 _____ (DVDVideoSoft Ltd. ) C:\Users\Chris\Downloads\FreeYouTubeDownload-3.2.33.424.exe 2014-05-05 12:18 - 2014-05-05 12:18 - 00001477 _____ () C:\Users\Public\Desktop\Free MP4 Video Converter.lnk 2014-05-05 11:48 - 2014-05-05 12:01 - 32121120 _____ (DVDVideoSoft Ltd. ) C:\Users\Chris\Downloads\FreeMP4VideoConverter_v5.0.39.430.exe 2014-04-30 14:55 - 2014-04-30 14:55 - 00000000 __SHD () C:\Users\Chris\AppData\Local\EmieUserList 2014-04-30 14:55 - 2014-04-30 14:55 - 00000000 __SHD () C:\Users\Chris\AppData\Local\EmieSiteList 2014-04-29 06:46 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll 2014-04-29 06:46 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2014-04-29 06:46 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll 2014-04-29 06:46 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll 2014-04-29 06:46 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2014-04-29 06:46 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2014-04-29 06:46 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2014-04-29 06:46 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2014-04-29 06:46 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe 2014-04-29 06:46 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe 2014-04-29 06:46 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll 2014-04-29 06:46 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe 2014-04-29 06:46 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2014-04-29 06:46 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll 2014-04-29 06:46 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2014-04-29 06:46 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll 2014-04-29 06:46 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll 2014-04-29 06:46 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll 2014-04-29 06:46 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll 2014-04-29 06:46 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll 2014-04-29 06:46 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll 2014-04-29 06:46 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2014-04-29 06:46 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll 2014-04-29 06:46 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll 2014-04-29 06:46 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll 2014-04-29 06:46 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll 2014-04-29 06:46 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe 2014-04-29 06:46 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll 2014-04-29 06:46 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll 2014-04-29 06:46 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2014-04-29 06:46 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-04-29 06:46 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2014-04-29 06:46 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll 2014-04-29 06:46 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll 2014-04-29 06:46 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2014-04-29 06:46 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2014-04-29 06:46 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl 2014-04-29 06:46 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2014-04-29 06:46 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2014-04-29 06:46 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2014-04-29 06:46 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll 2014-04-29 06:46 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll 2014-04-29 06:46 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2014-04-29 06:46 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2014-04-28 21:16 - 2014-05-15 19:27 - 00001108 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-04-28 21:16 - 2014-05-15 12:46 - 00001104 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-04-28 21:16 - 2014-05-08 12:22 - 00004104 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-04-28 21:16 - 2014-05-08 12:22 - 00003852 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-04-28 21:16 - 2014-05-02 12:15 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-04-28 21:16 - 2014-04-28 21:16 - 00000000 ____D () C:\Users\Chris\AppData\Local\Google 2014-04-28 21:16 - 2014-04-28 21:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-04-28 21:16 - 2014-04-28 21:16 - 00000000 ____D () C:\Program Files (x86)\Google 2014-04-28 20:55 - 2014-04-28 21:12 - 38317592 _____ (Google Inc.) C:\Users\Chris\Downloads\ChromeStandaloneSetup_34.0.1847.116.exe 2014-04-28 19:11 - 2014-04-28 19:11 - 00000000 ____D () C:\Users\Chris\Desktop\Neuer Ordner 2014-04-28 12:44 - 2014-04-28 19:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox ==================== One Month Modified Files and Folders ======= 2014-05-15 20:23 - 2014-05-07 07:57 - 00021748 _____ () C:\Users\Chris\Downloads\FRST.txt 2014-05-15 20:23 - 2014-05-07 07:56 - 00000000 ____D () C:\FRST 2014-05-15 20:20 - 2014-05-15 20:19 - 00855379 _____ () C:\Users\Chris\Desktop\SecurityCheck.exe 2014-05-15 19:27 - 2014-04-28 21:16 - 00001108 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-05-15 18:54 - 2011-01-08 11:28 - 01950755 _____ () C:\windows\WindowsUpdate.log 2014-05-15 18:06 - 2010-12-07 14:06 - 00700134 _____ () C:\windows\system32\perfh007.dat 2014-05-15 18:06 - 2010-12-07 14:06 - 00149984 _____ () C:\windows\system32\perfc007.dat 2014-05-15 18:06 - 2009-07-14 07:13 - 01622236 _____ () C:\windows\system32\PerfStringBackup.INI 2014-05-15 18:03 - 2014-05-12 15:21 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-15 12:54 - 2011-02-02 17:24 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-05-15 12:54 - 2009-07-14 06:45 - 00019760 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-05-15 12:54 - 2009-07-14 06:45 - 00019760 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-05-15 12:48 - 2010-12-07 14:05 - 00000000 ____D () C:\ProgramData\HPQLOG 2014-05-15 12:46 - 2014-05-15 12:46 - 00765144 _____ () C:\windows\Minidump\051514-19359-01.dmp 2014-05-15 12:46 - 2014-04-28 21:16 - 00001104 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-05-15 12:46 - 2011-07-27 15:02 - 564609626 _____ () C:\windows\MEMORY.DMP 2014-05-15 12:46 - 2011-07-27 15:02 - 00000000 ____D () C:\windows\Minidump 2014-05-15 12:46 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2014-05-15 12:46 - 2009-07-14 06:51 - 00303153 _____ () C:\windows\setupact.log 2014-05-14 14:26 - 2011-05-19 18:05 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Skype 2014-05-12 20:07 - 2014-03-13 19:55 - 00003186 _____ () C:\windows\System32\Tasks\HPCeeScheduleForChris 2014-05-12 20:07 - 2014-03-13 19:55 - 00000332 _____ () C:\windows\Tasks\HPCeeScheduleForChris.job 2014-05-12 19:51 - 2014-05-12 19:51 - 00000000 ____D () C:\Users\Chris\Downloads\FRST-OlderVersion 2014-05-12 19:51 - 2014-05-07 07:55 - 02066944 _____ (Farbar) C:\Users\Chris\Downloads\FRST64.exe 2014-05-12 19:29 - 2014-05-12 19:29 - 00000695 _____ () C:\Users\Chris\Desktop\JRT.txt 2014-05-12 19:21 - 2014-05-12 19:21 - 00000000 ____D () C:\windows\ERUNT 2014-05-12 19:21 - 2014-05-12 19:20 - 01016261 _____ (Thisisu) C:\Users\Chris\Desktop\JRT.exe 2014-05-12 19:19 - 2014-05-12 19:19 - 00006434 _____ () C:\Users\Chris\Desktop\AdwCleaner[S0].txt 2014-05-12 19:17 - 2011-01-22 01:27 - 00452180 _____ () C:\windows\PFRO.log 2014-05-12 19:16 - 2014-05-12 15:54 - 00000000 ____D () C:\AdwCleaner 2014-05-12 19:16 - 2011-01-21 18:53 - 00000000 ____D () C:\ProgramData\ICQ 2014-05-12 19:16 - 2011-01-21 17:42 - 00000989 _____ () C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-05-12 15:53 - 2014-05-12 15:52 - 01325827 _____ () C:\Users\Chris\Desktop\adwcleaner.exe 2014-05-12 15:49 - 2014-05-12 15:49 - 00001642 _____ () C:\Users\Chris\Desktop\mbam.txt 2014-05-12 15:43 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\Resources 2014-05-12 15:21 - 2014-05-12 15:21 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-05-12 15:21 - 2014-05-12 15:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-05-12 15:21 - 2014-05-12 15:21 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-12 15:21 - 2014-05-12 15:21 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-05-12 15:16 - 2014-05-12 15:10 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Chris\Desktop\mbam-setup-2.0.1.1004.exe 2014-05-12 15:04 - 2014-05-12 15:04 - 00003284 _____ () C:\windows\System32\Tasks\{2D6FB43B-3571-411F-AF75-EDDBCB35F900} 2014-05-08 13:38 - 2014-05-08 13:38 - 00026049 _____ () C:\ComboFix.txt 2014-05-08 13:38 - 2014-05-08 13:00 - 00000000 ____D () C:\Qoobox 2014-05-08 13:38 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default 2014-05-08 13:34 - 2014-05-08 13:00 - 00000000 ____D () C:\windows\erdnt 2014-05-08 13:24 - 2009-07-14 04:34 - 00000215 _____ () C:\windows\system.ini 2014-05-08 13:21 - 2014-02-25 18:02 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-05-08 13:21 - 2009-07-14 04:34 - 23330816 _____ () C:\windows\system32\config\SYSTEM.bak 2014-05-08 13:21 - 2009-07-14 04:34 - 100925440 _____ () C:\windows\system32\config\SOFTWARE.bak 2014-05-08 13:21 - 2009-07-14 04:34 - 01048576 _____ () C:\windows\system32\config\DEFAULT.bak 2014-05-08 13:21 - 2009-07-14 04:34 - 00262144 _____ () C:\windows\system32\config\SECURITY.bak 2014-05-08 13:21 - 2009-07-14 04:34 - 00262144 _____ () C:\windows\system32\config\SAM.bak 2014-05-08 13:00 - 2014-05-08 12:58 - 05200039 ____R (Swearware) C:\Users\Chris\Desktop\ComboFix.exe 2014-05-08 12:22 - 2014-04-28 21:16 - 00004104 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-05-08 12:22 - 2014-04-28 21:16 - 00003852 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-05-08 12:21 - 2014-05-08 12:21 - 00000000 ___SD () C:\windows\system32\CompatTel 2014-05-07 11:44 - 2014-02-25 10:16 - 00000306 __RSH () C:\ProgramData\ntuser.pol 2014-05-07 09:58 - 2011-01-22 01:29 - 00000000 ____D () C:\windows\rescache 2014-05-07 08:48 - 2014-05-07 08:47 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Chris\Downloads\revosetup95 (1).exe 2014-05-07 08:47 - 2014-05-07 08:47 - 00001264 _____ () C:\Users\Chris\Desktop\Revo Uninstaller.lnk 2014-05-07 08:47 - 2014-05-07 08:47 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-05-07 08:47 - 2014-05-07 08:46 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Chris\Downloads\revosetup95.exe 2014-05-07 08:17 - 2014-05-07 07:58 - 00042984 _____ () C:\Users\Chris\Downloads\Addition.txt 2014-05-07 07:47 - 2014-05-07 07:47 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte 2014-05-07 07:08 - 2014-05-07 07:08 - 00001532 _____ () C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk 2014-05-07 07:08 - 2012-11-08 22:32 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft 2014-05-07 07:08 - 2011-08-05 18:32 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\DVDVideoSoft 2014-05-07 07:08 - 2011-01-24 20:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft 2014-05-06 12:38 - 2014-05-06 12:16 - 34014392 _____ (DVDVideoSoft Ltd. ) C:\Users\Chris\Downloads\FreeYouTubeToMP3Converter34430.exe 2014-05-05 12:35 - 2014-05-05 12:23 - 32346240 _____ (DVDVideoSoft Ltd. ) C:\Users\Chris\Downloads\FreeYouTubeDownload-3.2.33.424.exe 2014-05-05 12:18 - 2014-05-05 12:18 - 00001477 _____ () C:\Users\Public\Desktop\Free MP4 Video Converter.lnk 2014-05-05 12:01 - 2014-05-05 11:48 - 32121120 _____ (DVDVideoSoft Ltd. ) C:\Users\Chris\Downloads\FreeMP4VideoConverter_v5.0.39.430.exe 2014-05-05 11:47 - 2011-01-23 19:32 - 00000052 _____ () C:\windows\SysWOW64\DOErrors.log 2014-05-05 11:46 - 2011-10-30 19:50 - 00000000 _____ () C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt 2014-05-02 12:15 - 2014-04-28 21:16 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-04-30 15:06 - 2011-01-26 20:37 - 00000000 ____D () C:\Users\Chris\AppData\Local\CrashDumps 2014-04-30 14:55 - 2014-04-30 14:55 - 00000000 __SHD () C:\Users\Chris\AppData\Local\EmieUserList 2014-04-30 14:55 - 2014-04-30 14:55 - 00000000 __SHD () C:\Users\Chris\AppData\Local\EmieSiteList 2014-04-29 16:01 - 2014-05-08 12:21 - 23547904 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2014-04-29 15:40 - 2014-05-08 12:21 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2014-04-29 14:48 - 2014-05-08 12:21 - 17384448 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2014-04-29 14:34 - 2014-05-08 12:21 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb 2014-04-29 07:58 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\PolicyDefinitions 2014-04-28 21:16 - 2014-04-28 21:16 - 00000000 ____D () C:\Users\Chris\AppData\Local\Google 2014-04-28 21:16 - 2014-04-28 21:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-04-28 21:16 - 2014-04-28 21:16 - 00000000 ____D () C:\Program Files (x86)\Google 2014-04-28 21:12 - 2014-04-28 20:55 - 38317592 _____ (Google Inc.) C:\Users\Chris\Downloads\ChromeStandaloneSetup_34.0.1847.116.exe 2014-04-28 20:23 - 2013-03-06 19:03 - 01232896 ___SH () C:\Users\Chris\Desktop\Thumbs.db 2014-04-28 20:07 - 2013-11-27 16:22 - 00017390 _____ () C:\windows\IE11_main.log 2014-04-28 19:11 - 2014-04-28 19:11 - 00000000 ____D () C:\Users\Chris\Desktop\Neuer Ordner 2014-04-28 19:11 - 2014-04-28 12:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-04-28 19:11 - 2011-01-21 18:20 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Mozilla Some content of TEMP: ==================== C:\Users\Chris\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-05-09 07:16 ==================== End Of Log ============================ --- --- --- Sieht sehr gut aus ! denke der scheiß ist weg !Vielen vielen dank ! Kannst du mir eventuell ein gutes Antivierenprogramm empfehlen? Kostenlos?  LG |
|
16.05.2014, 11:55
| #10 |
| /// the machine /// TB-Ausbilder | Werbefenster öffnen sich selbstständig in allen Browsern Flash updaten. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop. Schließe nun alle offenen Programme und trenne Dich von dem Internet. Doppelklick auf die TFC.exe und drücke auf Start. Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen. Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
18.05.2014, 18:44
| #11 |
| | Werbefenster öffnen sich selbstständig in allen Browsern Das mit der Fixlist öffnet Frst nicht was kann ich tun ?:-/ |
|
19.05.2014, 11:57
| #12 | |
| /// the machine /// TB-Ausbilder | Werbefenster öffnen sich selbstständig in allen BrowsernZitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
21.05.2014, 09:37
| #13 |
| | Werbefenster öffnen sich selbstständig in allen Browsern Alles an Werbung ist weg Allerdings habe ich den Delfix rüberlaufen lassen, und nun ist das letzte FRST log weg:-/ ist das schlimm ?:-/ Vielen lieben dank ! Hast mir sehr geholfen und danke für die zahlreichen Tipps !MfG Chris |
|
22.05.2014, 08:38
| #14 |
| /// the machine /// TB-Ausbilder | Werbefenster öffnen sich selbstständig in allen Browsern Neee, passt Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Werbefenster öffnen sich selbstständig in allen Browsern |
| antivir, association, avira, avira savings advisor, awesomehp, awesomehp entfernen, bonjour, branding, desktop, dvdvideosoft ltd., email, flash player, google, iexplore.exe, maus, mozilla, mp3, problem, quick_start, registry, scan, software, svchost.exe, tracker, vista, werbefenster, win32/distromatic.b, win32/domaiq.bb, win32/downloadsponsor.a, win32/toolbar.bitcocktail.b |
WARNUNG an die MITLESER: 
Linear-Darstellung
