|
Plagegeister aller Art und deren Bekämpfung: Feindliche Übernahme meines Emailkontos versendet SpamWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
08.05.2014, 09:54 | #1 |
| Feindliche Übernahme meines Emailkontos versendet Spam Hallo Trojaner-Board, vorab: ich bin selbstständig, nutze meinen Rechner beruflch (mit legaler sofware), habe aber keine IT-Abteilung. Als Einzelkämpfer muss ich jeden Handgriff seber machen. Deshalb die Bitte um die Ausnahmeregelung. Mein Email-Hoster für meine berufliche Emailadresse hat mir gemeldet, er hätte ungewöhnlich hohe Aktivität in meinem Emailkonto wahrgenommen und Spambeschwerden erhalten. Mein Email-Konto hat er gleich gesperrt (Katastrophe!). Ich wars natürlich nicht. Und ich habe Mail-Delivery-Failure zu fremden Adressen in meinem Spamordner gefunden. Details: Das gekaperte Emailkonto ist bei domainfaktory. Mein Emailclient ist googlemail Ich habe mehrere andere smtp-Konten, die ich per googlemail bediene. Nur das domainfactory-Postfach hat bisher Mißbrauch gemeldet. Vermutung: ein Trojaner hat meinen Zugang zu domainfactory verraten...wobei ich mich ja nie manuell dort einlogge, sondern das google per smtp/pop3 macht. Oder der Trojaner hat mein googlekennwort, was wahrscheinlicher ist. Jedenfalls muss der Trojaner weg, bevor ich alle Kennwörter ändere. Per AV Antivir habe ich einen möglichen trojaner gefunden, wobei der Hersteller der betroffenen Software-Datei per Supportanfrage sagt, das wäre eine Fehleinschätzung durch AV Antivir, die ich freigen sollte: C:\Visitor\Visitor\XING_Update_Visitor.exe [FUND] Ist das Trojanische Pferd TR/Dropper.Gen EU.finder hat 2 x Malware gefunden. ebenfalls TR/Dropper.gen und APPL/DomaIQ.Gen Noch habe ich nichts entfernt. Ich bitte um Hilfe. Hier die Loggs: EU-Finder Code:
ATTFilter Zeitstempel des letzten Updates: 08.05.2014 05:24:57 Konfigurationsprofil: sysscan.avp Plattform : Windows 7 Home Premium Windowsversion : (Service Pack 1) [6.1.7601] build.dat : 10.0.0.65 13423 Bytes 07.04.2014 08:37:00 Version der lokalen Installation: build.dat : 14.0.3.350 56624 Bytes 25.02.2014 11:41:00 Beginn des Suchlaufs: Donnerstag, 8. Mai 2014 07:25 8faa1778962ddabdb49c61b8474750e03d1943eac6421bb7f97418266b097cc6 [FUND] Ist das Trojanische Pferd TR/Dropper.Gen 9d6ea67de7188e73dcc90aca83024faa817d6203fe189fe2a92a7f4bd4012cec [FUND] Enthält Erkennungsmuster der Anwendung APPL/DomaIQ.Gen Ende des Suchlaufs: Donnerstag, 8. Mai 2014 10:11 Benötigte Zeit: 2:45:10 Stunde(n) Der Suchlauf wurde vollständig durchgeführt. 45910 Verzeichnisse wurden überprüft 1191484 Dateien wurden geprüft 2 Viren bzw. unerwünschte Programme wurden gefunden 0 Dateien wurden als verdächtig eingestuft 0 Dateien wurden gelöscht 0 Viren bzw. unerwünschte Programme wurden repariert 0 Dateien wurden in die Quarantäne verschoben 0 Dateien wurden umbenannt 0 Dateien konnten nicht durchsucht werden 1191482 Dateien ohne Befall 9107 Archive wurden durchsucht 2 Warnungen 0 Hinweise Code:
ATTFilter Avira Free Antivirus Erstellungsdatum der Reportdatei: Mittwoch, 7. Mai 2014 18:34 Das Programm läuft als uneingeschränkte Vollversion. Online-Dienste stehen zur Verfügung. Lizenznehmer : Avira Antivirus Free Seriennummer : 0000149996-AVHOE-0000001 Plattform : Windows 7 Home Premium Windowsversion : (Service Pack 1) [6.1.7601] Boot Modus : Normal gebootet Benutzername : SYSTEM Computername : BÜRO-PC-LEONOVO Versionsinformationen: BUILD.DAT : 14.0.3.350 56624 Bytes 25.02.2014 11:41:00 AVSCAN.EXE : 14.0.3.332 1058384 Bytes 22.04.2014 07:40:35 AVSCANRC.DLL : 14.0.2.180 62008 Bytes 22.04.2014 07:40:36 LUKE.DLL : 14.0.3.336 65616 Bytes 22.04.2014 07:40:55 AVSCPLR.DLL : 14.0.3.336 124496 Bytes 22.04.2014 07:40:36 AVREG.DLL : 14.0.3.336 250448 Bytes 22.04.2014 07:40:33 avlode.dll : 14.0.3.336 544848 Bytes 22.04.2014 07:40:32 avlode.rdf : 14.0.4.14 63648 Bytes 18.04.2014 13:53:38 VBASE000.VDF : 7.11.70.0 66736640 Bytes 04.04.2013 13:53:39 VBASE001.VDF : 7.11.74.226 2201600 Bytes 30.04.2013 13:53:39 VBASE002.VDF : 7.11.80.60 2751488 Bytes 28.05.2013 13:53:39 VBASE003.VDF : 7.11.85.214 2162688 Bytes 21.06.2013 13:53:40 VBASE004.VDF : 7.11.91.176 3903488 Bytes 23.07.2013 13:53:40 VBASE005.VDF : 7.11.98.186 6822912 Bytes 29.08.2013 13:53:40 VBASE006.VDF : 7.11.139.38 15708672 Bytes 27.03.2014 13:53:40 VBASE007.VDF : 7.11.145.136 2117120 Bytes 28.04.2014 14:40:30 VBASE008.VDF : 7.11.145.137 2048 Bytes 28.04.2014 14:40:30 VBASE009.VDF : 7.11.145.138 2048 Bytes 28.04.2014 14:40:30 VBASE010.VDF : 7.11.145.139 2048 Bytes 28.04.2014 14:40:30 VBASE011.VDF : 7.11.145.140 2048 Bytes 28.04.2014 14:40:30 VBASE012.VDF : 7.11.145.141 2048 Bytes 28.04.2014 14:40:30 VBASE013.VDF : 7.11.146.20 166912 Bytes 29.04.2014 07:25:52 VBASE014.VDF : 7.11.146.131 194048 Bytes 01.05.2014 08:06:23 VBASE015.VDF : 7.11.146.243 167936 Bytes 03.05.2014 06:36:16 VBASE016.VDF : 7.11.147.97 122368 Bytes 05.05.2014 12:35:52 VBASE017.VDF : 7.11.147.207 169472 Bytes 06.05.2014 08:05:40 VBASE018.VDF : 7.11.147.208 2048 Bytes 06.05.2014 08:05:40 VBASE019.VDF : 7.11.147.209 2048 Bytes 06.05.2014 08:05:40 VBASE020.VDF : 7.11.147.210 2048 Bytes 06.05.2014 08:05:40 VBASE021.VDF : 7.11.147.211 2048 Bytes 06.05.2014 08:05:40 VBASE022.VDF : 7.11.147.212 2048 Bytes 06.05.2014 08:05:40 VBASE023.VDF : 7.11.147.213 2048 Bytes 06.05.2014 08:05:40 VBASE024.VDF : 7.11.147.214 2048 Bytes 06.05.2014 08:05:40 VBASE025.VDF : 7.11.147.215 2048 Bytes 06.05.2014 08:05:41 VBASE026.VDF : 7.11.147.216 2048 Bytes 06.05.2014 08:05:41 VBASE027.VDF : 7.11.147.217 2048 Bytes 06.05.2014 08:05:41 VBASE028.VDF : 7.11.147.218 2048 Bytes 06.05.2014 08:05:41 VBASE029.VDF : 7.11.147.219 2048 Bytes 06.05.2014 08:05:41 VBASE030.VDF : 7.11.147.220 2048 Bytes 06.05.2014 08:05:41 VBASE031.VDF : 7.11.148.22 196608 Bytes 07.05.2014 14:05:30 Engineversion : 8.3.18.12 AEVDF.DLL : 8.3.0.4 118976 Bytes 18.04.2014 13:53:38 AESCRIPT.DLL : 8.1.4.200 528584 Bytes 18.04.2014 13:53:38 AESCN.DLL : 8.3.0.2 135360 Bytes 18.04.2014 13:53:38 AESBX.DLL : 8.2.20.18 1409224 Bytes 29.04.2014 13:25:28 AERDL.DLL : 8.2.0.138 704888 Bytes 18.04.2014 13:53:38 AEPACK.DLL : 8.4.0.22 778440 Bytes 29.04.2014 13:25:27 AEOFFICE.DLL : 8.3.0.4 205000 Bytes 18.04.2014 13:53:38 AEHEUR.DLL : 8.1.4.1044 6697160 Bytes 01.05.2014 09:10:06 AEHELP.DLL : 8.3.0.0 274808 Bytes 18.04.2014 13:53:38 AEGEN.DLL : 8.1.7.26 450752 Bytes 18.04.2014 13:53:38 AEEXP.DLL : 8.4.1.312 569544 Bytes 01.05.2014 09:10:06 AEEMU.DLL : 8.1.3.2 393587 Bytes 19.09.2012 13:42:55 AECORE.DLL : 8.3.0.6 241864 Bytes 18.04.2014 13:53:38 AEBB.DLL : 8.1.1.4 53619 Bytes 18.04.2014 13:53:38 AVWINLL.DLL : 14.0.3.252 23608 Bytes 22.04.2014 07:40:24 AVPREF.DLL : 14.0.3.252 48696 Bytes 22.04.2014 07:40:33 AVREP.DLL : 14.0.3.252 175672 Bytes 22.04.2014 07:40:33 AVARKT.DLL : 14.0.3.336 256080 Bytes 22.04.2014 07:40:27 AVEVTLOG.DLL : 14.0.3.336 165968 Bytes 22.04.2014 07:40:29 SQLITE3.DLL : 3.7.0.1 397088 Bytes 19.09.2012 17:17:40 AVSMTP.DLL : 14.0.3.252 60472 Bytes 22.04.2014 07:40:37 NETNT.DLL : 14.0.3.252 13368 Bytes 22.04.2014 07:40:55 RCIMAGE.DLL : 14.0.3.260 4979256 Bytes 22.04.2014 07:40:24 RCTEXT.DLL : 14.0.3.282 72760 Bytes 22.04.2014 07:40:24 Konfiguration für den aktuellen Suchlauf: Job Name..............................: Vollständige Systemprüfung Konfigurationsdatei...................: C:\Program Files (x86)\Avira\AntiVir Desktop\sysscan.avp Protokollierung.......................: standard Primäre Aktion........................: Interaktiv Sekundäre Aktion......................: Ignorieren Durchsuche Masterbootsektoren.........: ein Durchsuche Bootsektoren...............: ein Bootsektoren..........................: C:, D:, Durchsuche aktive Programme...........: ein Laufende Programme erweitert..........: ein Durchsuche Registrierung..............: ein Suche nach Rootkits...................: ein Integritätsprüfung von Systemdateien..: aus Prüfe alle Dateien....................: Alle Dateien Durchsuche Archive....................: ein Rekursionstiefe einschränken..........: 20 Archiv Smart Extensions...............: ein Makrovirenheuristik...................: ein Dateiheuristik........................: erweitert Abweichende Gefahrenkategorien........: +JOKE, Beginn des Suchlaufs: Mittwoch, 7. Mai 2014 18:34 Der Suchlauf über die Bootsektoren wird begonnen: Bootsektor 'HDD0(C:, D:)' [INFO] Es wurde kein Virus gefunden! Der Suchlauf nach versteckten Objekten wird begonnen. c:\windows\system32\7b296fb0-376b-497e-b012-9c450e1b7327-5p-0.c7483456-a289-439d-8115-601632d005a0 [HINWEIS] Die Datei ist nicht sichtbar. ***Hier folgen 2.475 Hinweise auf Datein aus system32 die als nicht sichtbar gemeldet werden. Braucht ihr die? Ich hätte das Logfile gern per Anhang gesendet, ber mit rund 500 KB zu groß*** Der Suchlauf über gestartete Prozesse wird begonnen: Durchsuche Prozess 'svchost.exe' - '60' Modul(e) wurden durchsucht Durchsuche Prozess 'nvvsvc.exe' - '21' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '43' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '100' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '110' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '91' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '172' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '87' Modul(e) wurden durchsucht Durchsuche Prozess 'spoolsv.exe' - '112' Modul(e) wurden durchsucht Durchsuche Prozess 'taskeng.exe' - '29' Modul(e) wurden durchsucht Durchsuche Prozess 'sched.exe' - '59' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '63' Modul(e) wurden durchsucht Durchsuche Prozess 'armsvc.exe' - '29' Modul(e) wurden durchsucht Durchsuche Prozess 'avguard.exe' - '108' Modul(e) wurden durchsucht Durchsuche Prozess 'AppleMobileDeviceService.exe' - '71' Modul(e) wurden durchsucht Durchsuche Prozess 'ApplicationUpdater.exe' - '61' Modul(e) wurden durchsucht Durchsuche Prozess 'mDNSResponder.exe' - '36' Modul(e) wurden durchsucht Durchsuche Prozess 'btwdins.exe' - '31' Modul(e) wurden durchsucht Durchsuche Prozess 'BuryLoggerSyncService.exe' - '31' Modul(e) wurden durchsucht Durchsuche Prozess 'nvvsvc.exe' - '43' Modul(e) wurden durchsucht Durchsuche Prozess 'ColorZillaStatsUpdater.exe' - '29' Modul(e) wurden durchsucht Durchsuche Prozess 'fbguard.exe' - '30' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '51' Modul(e) wurden durchsucht Durchsuche Prozess 'sqlservr.exe' - '66' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '24' Modul(e) wurden durchsucht Durchsuche Prozess 'daemonu.exe' - '54' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht Durchsuche Prozess 'taskhost.exe' - '73' Modul(e) wurden durchsucht Durchsuche Prozess 'Dwm.exe' - '40' Modul(e) wurden durchsucht Durchsuche Prozess 'SeaPort.EXE' - '55' Modul(e) wurden durchsucht Durchsuche Prozess 'sqlwriter.exe' - '34' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '40' Modul(e) wurden durchsucht Durchsuche Prozess 'RAVCpl64.exe' - '53' Modul(e) wurden durchsucht Durchsuche Prozess 'RAVBg64.exe' - '43' Modul(e) wurden durchsucht Durchsuche Prozess 'Apoint.exe' - '54' Modul(e) wurden durchsucht Durchsuche Prozess 'TeamViewer_Service.exe' - '93' Modul(e) wurden durchsucht Durchsuche Prozess 'OnekeyStudio.exe' - '51' Modul(e) wurden durchsucht Durchsuche Prozess 'utility.exe' - '52' Modul(e) wurden durchsucht Durchsuche Prozess 'Energy Management.exe' - '40' Modul(e) wurden durchsucht Durchsuche Prozess 'igfxtray.exe' - '32' Modul(e) wurden durchsucht Durchsuche Prozess 'hkcmd.exe' - '58' Modul(e) wurden durchsucht Durchsuche Prozess 'igfxpers.exe' - '50' Modul(e) wurden durchsucht Durchsuche Prozess 'ipoint.exe' - '74' Modul(e) wurden durchsucht Durchsuche Prozess 'Eraser.exe' - '133' Modul(e) wurden durchsucht Durchsuche Prozess 'OnekeySupport.exe' - '29' Modul(e) wurden durchsucht Durchsuche Prozess 'WDDMService.exe' - '39' Modul(e) wurden durchsucht Durchsuche Prozess 'iCloudServices.exe' - '82' Modul(e) wurden durchsucht Durchsuche Prozess 'ApplePhotoStreams.exe' - '128' Modul(e) wurden durchsucht Durchsuche Prozess 'AudibleDownloadHelper.exe' - '82' Modul(e) wurden durchsucht Durchsuche Prozess 'IAStorIcon.exe' - '60' Modul(e) wurden durchsucht Durchsuche Prozess 'MuteSync.exe' - '60' Modul(e) wurden durchsucht Durchsuche Prozess 'BTTray.exe' - '60' Modul(e) wurden durchsucht Durchsuche Prozess 'VM331_STI.EXE' - '49' Modul(e) wurden durchsucht Durchsuche Prozess 'YouCamTray.exe' - '44' Modul(e) wurden durchsucht Durchsuche Prozess 'HDWriterAutoStart.exe' - '40' Modul(e) wurden durchsucht Durchsuche Prozess 'hpqtra08.exe' - '112' Modul(e) wurden durchsucht Durchsuche Prozess 'WDDMStatus.exe' - '74' Modul(e) wurden durchsucht Durchsuche Prozess 'Dropbox.exe' - '107' Modul(e) wurden durchsucht Durchsuche Prozess 'hpwuschd2.exe' - '46' Modul(e) wurden durchsucht Durchsuche Prozess 'iTunesHelper.exe' - '83' Modul(e) wurden durchsucht Durchsuche Prozess 'jusched.exe' - '37' Modul(e) wurden durchsucht Durchsuche Prozess 'avgnt.exe' - '101' Modul(e) wurden durchsucht Durchsuche Prozess 'SDTray.exe' - '111' Modul(e) wurden durchsucht Durchsuche Prozess 'SearchSettings.exe' - '55' Modul(e) wurden durchsucht Durchsuche Prozess 'SearchSettings64.exe' - '29' Modul(e) wurden durchsucht Durchsuche Prozess 'soffice.exe' - '25' Modul(e) wurden durchsucht Durchsuche Prozess 'WLIDSVC.EXE' - '63' Modul(e) wurden durchsucht Durchsuche Prozess 'soffice.bin' - '101' Modul(e) wurden durchsucht Durchsuche Prozess 'WLIDSvcM.exe' - '18' Modul(e) wurden durchsucht Durchsuche Prozess 'APSDaemon.exe' - '89' Modul(e) wurden durchsucht Durchsuche Prozess 'SDWSCSvc.exe' - '49' Modul(e) wurden durchsucht Durchsuche Prozess 'avshadow.exe' - '29' Modul(e) wurden durchsucht Durchsuche Prozess 'Service.exe' - '82' Modul(e) wurden durchsucht Durchsuche Prozess 'SDFSSvc.exe' - '97' Modul(e) wurden durchsucht Durchsuche Prozess 'ApMsgFwd.exe' - '28' Modul(e) wurden durchsucht Durchsuche Prozess 'Apntex.exe' - '33' Modul(e) wurden durchsucht Durchsuche Prozess 'conhost.exe' - '28' Modul(e) wurden durchsucht Durchsuche Prozess 'iPodService.exe' - '34' Modul(e) wurden durchsucht Durchsuche Prozess 'SearchIndexer.exe' - '58' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '51' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '59' Modul(e) wurden durchsucht Durchsuche Prozess 'fbserver.exe' - '47' Modul(e) wurden durchsucht Durchsuche Prozess 'wmpnetwk.exe' - '92' Modul(e) wurden durchsucht Durchsuche Prozess 'hpqSTE08.exe' - '67' Modul(e) wurden durchsucht Durchsuche Prozess 'hpqbam08.exe' - '40' Modul(e) wurden durchsucht Durchsuche Prozess 'hpqgpc01.exe' - '67' Modul(e) wurden durchsucht Durchsuche Prozess 'IAStorDataMgrSvc.exe' - '54' Modul(e) wurden durchsucht Durchsuche Prozess 'wuauclt.exe' - '43' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '29' Modul(e) wurden durchsucht Durchsuche Prozess 'WDRulesEngine.exe' - '56' Modul(e) wurden durchsucht Durchsuche Prozess 'explorer.exe' - '214' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '38' Modul(e) wurden durchsucht Durchsuche Prozess 'taskhost.exe' - '34' Modul(e) wurden durchsucht Durchsuche Prozess 'avcenter.exe' - '124' Modul(e) wurden durchsucht Durchsuche Prozess 'avscan.exe' - '131' Modul(e) wurden durchsucht Durchsuche Prozess 'vssvc.exe' - '48' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '29' Modul(e) wurden durchsucht Durchsuche Prozess 'rundll32.exe' - '42' Modul(e) wurden durchsucht Durchsuche Prozess 'defrag.exe' - '26' Modul(e) wurden durchsucht Durchsuche Prozess 'conhost.exe' - '17' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht Durchsuche Prozess 'DllHost.exe' - '49' Modul(e) wurden durchsucht Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht Durchsuche Prozess 'wininit.exe' - '27' Modul(e) wurden durchsucht Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht Durchsuche Prozess 'services.exe' - '34' Modul(e) wurden durchsucht Durchsuche Prozess 'lsass.exe' - '78' Modul(e) wurden durchsucht Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht Durchsuche Prozess 'winlogon.exe' - '31' Modul(e) wurden durchsucht Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen: Die Registry wurde durchsucht ( '4628' Dateien ). Der Suchlauf über die ausgewählten Dateien wird begonnen: Beginne mit der Suche in 'C:\' C:\Visitor\Visitor\XING_Update_Visitor.exe [FUND] Ist das Trojanische Pferd TR/Dropper.Gen Beginne mit der Suche in 'D:\' <LENOVO> Beginne mit der Desinfektion: C:\Visitor\Visitor\XING_Update_Visitor.exe [FUND] Ist das Trojanische Pferd TR/Dropper.Gen [WARNUNG] Die Datei wurde ignoriert. Ende des Suchlaufs: Donnerstag, 8. Mai 2014 07:19 Benötigte Zeit: 4:34:35 Stunde(n) Der Suchlauf wurde vollständig durchgeführt. 45908 Verzeichnisse wurden überprüft 1215012 Dateien wurden geprüft 1 Viren bzw. unerwünschte Programme wurden gefunden 0 Dateien wurden als verdächtig eingestuft 0 Dateien wurden gelöscht 0 Viren bzw. unerwünschte Programme wurden repariert 0 Dateien wurden in die Quarantäne verschoben 0 Dateien wurden umbenannt 0 Dateien konnten nicht durchsucht werden 1215011 Dateien ohne Befall 11950 Archive wurden durchsucht 1 Warnungen 2475 Hinweise 1171081 Objekte wurden beim Rootkitscan durchsucht 2475 Versteckte Objekte wurden gefunden Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-05-2014 Ran by Peter (administrator) on BÜRO-PC-LEONOVO on 07-05-2014 16:29:20 Running from C:\Users\Peter\Downloads Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Spigot, Inc.) C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe (Bury GmbH & Co. KG) C:\Program Files (x86)\BURY Time Suite\BuryLoggerSyncService.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe () C:\Users\Peter\AppData\LocalLow\ColorZillaStats\IE\ColorZillaStatsUpdater.exe (Firebird Project) C:\Program Files (x86)\FirebirdSQL\bin\fbguard.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (Lenovo) C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe () C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe (WDC) C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Audible, Inc.) C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Lenovo) C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe (Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Vimicro) C:\Program Files (x86)\USB Camera\VM331_STI.EXE (CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe (Panasonic Corporation) C:\Program Files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe (Dropbox, Inc.) C:\Users\Peter\AppData\Roaming\Dropbox\bin\Dropbox.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Spigot, Inc.) C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot Inc) C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings64.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Microsoft Corporation) C:\Windows\splwow64.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Firebird Project) C:\Program Files (x86)\FirebirdSQL\bin\fbserver.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe (Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Western Digital ) C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [NvCplDaemon] => C:\windows\system32\NvCpl.dll [17412200 2010-04-07] (NVIDIA Corporation) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10151968 2010-04-20] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [908320 2010-04-20] (Realtek Semiconductor) HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [345896 2010-04-05] (Alps Electric Co., Ltd.) HKLM\...\Run: [OnekeyStudio] => C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe [776608 2009-12-19] (Lenovo) HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\utility.exe [4462496 2010-04-21] (Lenovo(beijing) Limited) HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [7069088 2010-04-21] (Lenovo (Beijing) Limited) HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2328944 2011-01-07] (Microsoft Corporation) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation) HKLM-x32\...\Run: [MuteSync] => C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe [336384 2009-12-28] (Lenovo) HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331_STI.EXE [536576 2010-01-15] (Vimicro) HKLM-x32\...\Run: [UCam_Menu] => c:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.) HKLM-x32\...\Run: [YouCam Mirror Tray icon] => c:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [171104 2010-03-03] (CyberLink Corp.) HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [218408 2008-12-04] (CyberLink Corp.) HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [288088 2009-11-11] (Microsoft Corporation) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-04-22] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [SearchSettings] => C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe [1401664 2014-04-25] (Spigot, Inc.) Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKU\.DEFAULT\...\RunOnce: [WLStart] - C:\Program Files (x86)\Windows Live\Installer\wlstart.exe [786760 2009-07-26] (Microsoft Corporation) HKU\S-1-5-21-4044840459-2837241131-3378573868-1000\...\Run: [FactoryTest] => C:\Windows\Test.bat HKU\S-1-5-21-4044840459-2837241131-3378573868-1000\...\Run: [Power2GoExpress] => C:\Program Files (x86)\Lenovo\Power2Go\Power2GoExpress.exe [2532648 2009-07-13] (Cyberlink) HKU\S-1-5-21-4044840459-2837241131-3378573868-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.) HKU\S-1-5-21-4044840459-2837241131-3378573868-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.) HKU\S-1-5-21-4044840459-2837241131-3378573868-1001\...\Run: [CyberGhost] => C:\Program Files\CyberGhost 5\CyberGhost.EXE [404080 2014-04-29] (CyberGhost S.R.L.) HKU\S-1-5-21-4044840459-2837241131-3378573868-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-21-4044840459-2837241131-3378573868-1001\...\MountPoints2: E - E:\AutoRun.exe HKU\S-1-5-21-4044840459-2837241131-3378573868-1001\...\MountPoints2: {1e37b383-182a-11e2-a5f2-c44619c4c5ad} - E:\start.exe HKU\S-1-5-21-4044840459-2837241131-3378573868-1001\...\MountPoints2: {23c4656f-9d79-11e0-9129-c44619c4c5ad} - "E:\WD SmartWare.exe" autoplay=true HKU\S-1-5-21-4044840459-2837241131-3378573868-1001\...\MountPoints2: {50398b4a-883a-11e0-afb5-c44619c4c5ad} - E:\AutoRun.exe HKU\S-1-5-21-4044840459-2837241131-3378573868-1001\...\MountPoints2: {50398b5f-883a-11e0-afb5-c44619c4c5ad} - E:\AutoRun.exe HKU\S-1-5-21-4044840459-2837241131-3378573868-1001\...\MountPoints2: {b27f154c-b63a-11e1-a087-c44619c4c5ad} - E:\AutoRun.exe HKU\S-1-5-21-4044840459-2837241131-3378573868-1001\...\MountPoints2: {b27f154f-b63a-11e1-a087-c44619c4c5ad} - E:\AutoRun.exe HKU\S-1-5-21-4044840459-2837241131-3378573868-1001\...\MountPoints2: {e7026f9f-4898-11e0-bf9c-c44619c4c5ad} - E:\AutoRun.exe HKU\S-1-5-21-4044840459-2837241131-3378573868-1001\...\MountPoints2: {e7026fa6-4898-11e0-bf9c-c44619c4c5ad} - E:\AutoRun.exe AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [95848 2010-04-07] (NVIDIA Corporation) AppInit_DLLs-x32: C:\windows\SysWOW64\nvinit.dll => C:\windows\SysWOW64\nvinit.dll [89704 2010-04-07] (NVIDIA Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk ShortcutTarget: Audible Download Manager.lnk -> C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HD Writer.lnk ShortcutTarget: HD Writer.lnk -> C:\Program Files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe (Panasonic Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WD Quick View.lnk ShortcutTarget: WD Quick View.lnk -> C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe (Western Digital Technologies, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\XiButler.lnk ShortcutTarget: XiButler.lnk -> C:\Program Files (x86)\XiButler24\XING 01.exe (Microsoft) Startup: C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Peter\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=109958&babsrc=HP_ss&mntrId=f043aa0200000000000000ffce0d75f5 HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ URLSearchHook: HKCU - pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\9.1\pdfforgeToolbarIE64.dll (Spigot, Inc.) URLSearchHook: HKCU - pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\9.1\pdfforgeToolbarIE.dll (Spigot, Inc.) URLSearchHook: HKCU - (No Name) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - No File SearchScopes: HKCU - DefaultScope {657BEA9F-0CB4-4440-8D16-6DFC3A68476E} URL = hxxp://www.google.de/search?q={searchTerms} SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=109958&babsrc=SP_ss&mntrId=f043aa0200000000000000ffce0d75f5 SearchScopes: HKCU - {657BEA9F-0CB4-4440-8D16-6DFC3A68476E} URL = hxxp://www.google.de/search?q={searchTerms} SearchScopes: HKCU - {95C90569-DAEF-4CC2-8C6E-788FB154F6B4} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms} BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll No File BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO-x32: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO) BHO-x32: ColorZillaStats - {59F7FE53-2860-44B1-968A-E54E3E949A07} - C:\Users\Peter\AppData\LocalLow\ColorZillaStats\IE\ColorZillaStats.dll (Alex Sirota) BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\9.1\pdfforgeToolbarIE.dll (Spigot, Inc.) BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) Toolbar: HKLM - pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\9.1\pdfforgeToolbarIE64.dll (Spigot, Inc.) Toolbar: HKLM-x32 - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) Toolbar: HKLM-x32 - Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.) Toolbar: HKLM-x32 - pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\9.1\pdfforgeToolbarIE.dll (Spigot, Inc.) Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File Toolbar: HKCU - No Name - {C95A4E8E-816D-4655-8C79-D736DA1ADB6D} - No File Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 217.0.43.177 FireFox: ======== FF ProfilePath: C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\tlvto6h5.default FF user.js: detected! => C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\tlvto6h5.default\user.js FF DefaultSearchEngine: Google Deutschland FF SelectedSearchEngine: Google Deutschland FF Homepage: hxxp://www.xxxx-xxxx-coaching.de/coaching/unternehmer-coaching/leitfragen/ FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3205366&SearchSource=2&q= FF NetworkProxy: "type", 4 FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll () FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Peter\AppData\Local\Citrix\Plugins\94\npappdetector.dll (Citrix Online) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF SearchPlugin: C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\tlvto6h5.default\searchplugins\google-deutschland.xml FF SearchPlugin: C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\tlvto6h5.default\searchplugins\s-amazon-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: iCloud Bookmarks - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\tlvto6h5.default\Extensions\firefoxdav@icloud.com [2013-12-29] FF Extension: ProxTube - Unblock YouTube - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\tlvto6h5.default\Extensions\ich@maltegoetz.de [2013-12-13] FF Extension: ColorZillaStats - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\tlvto6h5.default\Extensions\stats@colorzilla.com [2012-07-12] FF Extension: Google Toolbar for Firefox - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\tlvto6h5.default\Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2011-03-05] FF Extension: Page Zoom Button - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\tlvto6h5.default\Extensions\54c7d9671b9eccd9e5686a73df34ab60@button.codefisher.org.xpi [2011-05-02] FF Extension: anonymoX - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\tlvto6h5.default\Extensions\client@anonymox.net.xpi [2013-02-28] FF Extension: SEO Status PageRank/Alexa Toolbar - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\tlvto6h5.default\Extensions\seostatus@rubyweb.xpi [2011-12-15] FF Extension: NoScript - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\tlvto6h5.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-04-17] FF Extension: Easy Youtube Video Downloader Express - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\tlvto6h5.default\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2013-11-28] FF Extension: Address Bar Search - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\tlvto6h5.default\Extensions\{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9}.xpi [2013-10-28] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-03-31] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-03-31] FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-02-02] FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-02-02] ==================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-04-22] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-04-22] (Avira Operations GmbH & Co. KG) R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [907040 2010-05-10] (Broadcom Corporation.) R2 BuryLoggerSyncService; C:\Program Files (x86)\BURY Time Suite\BuryLoggerSyncService.exe [107520 2011-03-08] (Bury GmbH & Co. KG) R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64624 2014-04-29] (CyberGhost S.R.L) R2 ColorZillaStatsUpdater; C:\Users\Peter\AppData\LocalLow\ColorZillaStats\IE\ColorZillaStatsUpdater.exe [18432 2012-06-18] () R2 FirebirdGuardianBURYTIMESUITE; C:\Program Files (x86)\FirebirdSQL\bin\fbguard.exe [81920 2010-04-19] (Firebird Project) R3 FirebirdServerBURYTIMESUITE; C:\Program Files (x86)\FirebirdSQL\bin\fbserver.exe [2723840 2010-04-19] (Firebird Project) S3 IGRS; C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe [38152 2009-07-14] (Lenovo Group Limited) S3 Lenovo ReadyComm AppSvc; C:\Program Files\Lenovo\ReadyComm\AppSvc.exe [509192 2009-08-14] (Lenovo Group Limited) S3 Lenovo ReadyComm ConnSvc; C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe [579400 2009-09-22] (Lenovo Group Limited) R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57820696 2008-07-11] (Microsoft Corporation) S3 PS_MDP; C:\Program Files (x86)\Lenovo\ReadyComm\PS_MDP.dll [276296 2009-07-16] (Lenovo Group Limited) S2 ReadyComm.DirectRouter; C:\Program Files (x86)\Lenovo\ReadyComm\common\router.dll [103688 2009-07-14] (Lenovo Group Limited) R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.) S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.) S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [430616 2008-07-11] (Microsoft Corporation) R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe [317328 2011-08-01] (WDC) S2 WDFMEService; C:\Program Files\Western Digital\WD SmartWare\WDFME.exe [1978256 2011-08-01] (Western Digital ) R2 WDRulesService; C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe [1338256 2011-08-01] (Western Digital ) ==================== Drivers (Whitelisted) ==================== R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-04-22] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-04-22] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-04-22] (Avira Operations GmbH & Co. KG) S3 Bridge0; C:\Windows\System32\drivers\WDBridge.sys [79376 2009-07-16] (Lenovo) R1 OxFWLF; C:\windows\system32\drivers\OxFWLF.sys [24624 2011-09-07] (OEM) S3 pwdrvio; C:\windows\system32\pwdrvio.sys [19936 2011-05-06] () S3 pwdspio; C:\windows\system32\pwdspio.sys [13280 2011-05-06] () S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-01-20] (Anchorfree Inc.) R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [215040 2010-02-24] (Vimicro Corporation) R3 wdmirror; C:\Windows\System32\DRIVERS\WDMirror.sys [11280 2009-07-16] (Lenovo) U3 BcmSqlStartupSvc; U2 IviRegMgr; U2 RichVideo; S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X] S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-07 16:39 - 2014-05-07 16:39 - 00380416 _____ () C:\Users\Peter\Downloads\Gmer-19357.exe 2014-05-07 16:29 - 2014-05-07 16:41 - 00029854 _____ () C:\Users\Peter\Downloads\FRST.txt 2014-05-07 16:28 - 2014-05-07 16:29 - 00000000 ____D () C:\FRST 2014-05-07 16:27 - 2014-05-07 16:27 - 02063872 _____ (Farbar) C:\Users\Peter\Downloads\FRST64.exe 2014-05-07 16:25 - 2014-05-07 16:25 - 00000472 _____ () C:\Users\Peter\Downloads\defogger_disable.log 2014-05-07 16:25 - 2014-05-07 16:25 - 00000000 _____ () C:\Users\Peter\defogger_reenable 2014-05-07 16:22 - 2014-05-07 16:22 - 00050477 _____ () C:\Users\Peter\Downloads\Defogger.exe 2014-05-07 11:33 - 2014-05-07 11:25 - 02209056 _____ () C:\Users\Peter\Downloads\avira-eu-cleaner_de.exe 2014-05-07 11:32 - 2014-05-07 11:33 - 00001991 _____ () C:\Users\Peter\Desktop\Entfernen des Avira EU-Cleaners.lnk 2014-05-07 11:32 - 2014-05-07 11:33 - 00001935 _____ () C:\Users\Peter\Desktop\Avira EU-Cleaner.lnk 2014-05-05 08:38 - 2014-04-29 16:01 - 23547904 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2014-05-05 08:38 - 2014-04-29 15:40 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2014-05-05 08:38 - 2014-04-29 14:48 - 17384448 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2014-05-05 08:38 - 2014-04-29 14:34 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb 2014-05-01 11:15 - 2014-05-01 11:15 - 00000000 ____D () C:\Program Files (x86)\pdfforge Toolbar 2014-05-01 11:15 - 2014-05-01 11:15 - 00000000 ____D () C:\Program Files (x86)\Application Updater 2014-04-30 09:28 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll 2014-04-30 09:28 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2014-04-30 09:28 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll 2014-04-30 09:28 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll 2014-04-30 09:28 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2014-04-30 09:28 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2014-04-30 09:28 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2014-04-30 09:28 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2014-04-30 09:28 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe 2014-04-30 09:28 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe 2014-04-30 09:28 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll 2014-04-30 09:28 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe 2014-04-30 09:28 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2014-04-30 09:28 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll 2014-04-30 09:28 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2014-04-30 09:28 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll 2014-04-30 09:28 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll 2014-04-30 09:28 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll 2014-04-30 09:28 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll 2014-04-30 09:28 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll 2014-04-30 09:28 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll 2014-04-30 09:28 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2014-04-30 09:28 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll 2014-04-30 09:28 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll 2014-04-30 09:28 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll 2014-04-30 09:28 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll 2014-04-30 09:28 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe 2014-04-30 09:28 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll 2014-04-30 09:28 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll 2014-04-30 09:28 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2014-04-30 09:28 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-04-30 09:28 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2014-04-30 09:28 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll 2014-04-30 09:28 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll 2014-04-30 09:28 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2014-04-30 09:28 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2014-04-30 09:28 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl 2014-04-30 09:28 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2014-04-30 09:28 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2014-04-30 09:28 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2014-04-30 09:28 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll 2014-04-30 09:28 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll 2014-04-30 09:28 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2014-04-30 09:28 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2014-04-28 18:50 - 2014-04-28 18:50 - 00000880 _____ () C:\Users\Peter\AppData\Local\recently-used.xbel 2014-04-22 09:41 - 2014-04-22 09:40 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys 2014-04-22 09:41 - 2014-04-22 09:40 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys 2014-04-22 09:41 - 2014-04-22 09:40 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys 2014-04-22 09:41 - 2014-04-22 09:40 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avkmgr.sys 2014-04-21 11:17 - 2014-04-21 11:17 - 00000000 ____D () C:\windows\System32\Tasks\Safer-Networking 2014-04-21 11:16 - 2014-04-23 19:28 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-04-21 11:16 - 2014-04-21 11:17 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2 2014-04-21 11:16 - 2014-04-21 11:16 - 00001395 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk 2014-04-21 11:16 - 2014-04-21 11:16 - 00001383 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk 2014-04-21 11:16 - 2014-04-21 11:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 2014-04-21 11:16 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\windows\system32\sdnclean64.exe 2014-04-21 11:13 - 2014-04-21 11:14 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\Peter\Downloads\spybot-2.2.25.exe 2014-04-18 16:23 - 2014-04-18 16:23 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Avira 2014-04-18 15:49 - 2014-04-18 15:49 - 00002070 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk 2014-04-18 15:49 - 2014-04-18 15:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-04-18 15:49 - 2014-04-18 15:49 - 00000000 ____D () C:\ProgramData\Avira 2014-04-18 15:49 - 2014-04-18 15:49 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-04-18 14:21 - 2014-04-18 14:21 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\WinRAR 2014-04-18 12:03 - 2014-04-18 12:03 - 00000000 ____D () C:\Users\Peter\Downloads\JDownloader 2014-04-18 12:01 - 2014-04-18 12:02 - 31419822 _____ () C:\Users\Peter\Downloads\JDownloader.zip 2014-04-18 11:28 - 2014-04-18 11:27 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe 2014-04-18 11:27 - 2014-04-18 11:27 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe 2014-04-18 11:27 - 2014-04-18 11:27 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe 2014-04-18 11:27 - 2014-04-18 11:27 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll 2014-04-18 11:20 - 2014-04-18 11:20 - 00448920 _____ () C:\Users\Peter\Downloads\Java.exe 2014-04-17 12:05 - 2014-04-17 12:36 - 00000000 ____D () C:\Users\Peter\AppData\Local\CyberGhost 2014-04-17 12:03 - 2014-05-01 12:27 - 00000000 ____D () C:\Program Files\CyberGhost 5 2014-04-17 12:03 - 2014-04-17 12:04 - 00000000 ____D () C:\Program Files\TAP-Windows 2014-04-17 12:03 - 2014-04-17 12:03 - 00001728 _____ () C:\Users\Peter\Desktop\CyberGhost 5.lnk 2014-04-17 12:03 - 2014-04-17 12:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost 5 2014-04-17 11:59 - 2014-04-17 11:59 - 08566128 _____ (CyberGhost S.R.L. ) C:\Users\Peter\Downloads\CG_5.0.9.8chip.de.exe 2014-04-16 19:47 - 2014-04-16 19:48 - 00004253 _____ () C:\windows\SysWOW64\jupdate-1.7.0_55-b13.log 2014-04-16 16:59 - 2014-04-16 16:59 - 00001337 _____ () C:\Users\Public\Desktop\NAVIGON Fresh.lnk 2014-04-16 16:59 - 2014-04-16 16:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NAVIGON 2014-04-16 16:49 - 2014-04-16 16:50 - 24186616 _____ (GARMIN Würzburg GmbH) C:\Users\Peter\Downloads\NAVIGON_Fresh_setup.exe 2014-04-16 16:41 - 2014-04-16 16:41 - 14459337 _____ () C:\Users\Peter\Downloads\N70Update_ForMacUser_v203.zip 2014-04-16 15:04 - 2014-04-16 15:04 - 00000000 ____D () C:\Program Files (x86)\NAVIGON 2014-04-10 09:15 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll 2014-04-10 09:15 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll 2014-04-10 09:15 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll 2014-04-10 09:15 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll 2014-04-10 09:15 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll 2014-04-10 09:15 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll 2014-04-10 09:15 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll 2014-04-10 09:15 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe 2014-04-10 09:15 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll 2014-04-10 09:15 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe 2014-04-10 09:15 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe 2014-04-10 09:15 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msiscsi.sys 2014-04-10 09:15 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\windows\system32\Drivers\storport.sys 2014-04-10 09:15 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Diskdump.sys 2014-04-10 09:15 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\iologmsg.dll 2014-04-10 09:15 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\iologmsg.dll 2014-04-10 09:15 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys ==================== One Month Modified Files and Folders ======= 2014-05-07 16:41 - 2014-05-07 16:29 - 00029854 _____ () C:\Users\Peter\Downloads\FRST.txt 2014-05-07 16:39 - 2014-05-07 16:39 - 00380416 _____ () C:\Users\Peter\Downloads\Gmer-19357.exe 2014-05-07 16:36 - 2011-03-05 16:08 - 00000000 ____D () C:\Users\Peter\Documents\Allgemein 2014-05-07 16:29 - 2014-05-07 16:28 - 00000000 ____D () C:\FRST 2014-05-07 16:27 - 2014-05-07 16:27 - 02063872 _____ (Farbar) C:\Users\Peter\Downloads\FRST64.exe 2014-05-07 16:25 - 2014-05-07 16:25 - 00000472 _____ () C:\Users\Peter\Downloads\defogger_disable.log 2014-05-07 16:25 - 2014-05-07 16:25 - 00000000 _____ () C:\Users\Peter\defogger_reenable 2014-05-07 16:25 - 2011-03-04 14:47 - 00000000 ____D () C:\Users\Peter 2014-05-07 16:22 - 2014-05-07 16:22 - 00050477 _____ () C:\Users\Peter\Downloads\Defogger.exe 2014-05-07 16:08 - 2012-04-10 14:26 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job 2014-05-07 15:57 - 2009-07-14 06:45 - 00013632 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-05-07 15:57 - 2009-07-14 06:45 - 00013632 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-05-07 15:55 - 2012-06-15 11:04 - 00001108 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-05-07 15:48 - 2014-04-16 19:02 - 00000000 ____D () C:\Users\Peter\Downloads\Navigon14 2014-05-07 15:23 - 2014-03-31 12:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-05-07 13:59 - 2010-08-27 11:53 - 02049780 _____ () C:\windows\WindowsUpdate.log 2014-05-07 11:35 - 2010-08-27 19:35 - 00764994 _____ () C:\windows\system32\perfh007.dat 2014-05-07 11:35 - 2010-08-27 19:35 - 00174192 _____ () C:\windows\system32\perfc007.dat 2014-05-07 11:35 - 2009-07-14 07:13 - 01803954 _____ () C:\windows\system32\PerfStringBackup.INI 2014-05-07 11:33 - 2014-05-07 11:32 - 00001991 _____ () C:\Users\Peter\Desktop\Entfernen des Avira EU-Cleaners.lnk 2014-05-07 11:33 - 2014-05-07 11:32 - 00001935 _____ () C:\Users\Peter\Desktop\Avira EU-Cleaner.lnk 2014-05-07 11:32 - 2012-10-24 16:35 - 00035940 _____ () C:\windows\setupact.log 2014-05-07 11:25 - 2014-05-07 11:33 - 02209056 _____ () C:\Users\Peter\Downloads\avira-eu-cleaner_de.exe 2014-05-07 11:15 - 2013-10-17 17:06 - 00000000 ___RD () C:\Users\Peter\Dropbox 2014-05-07 11:15 - 2013-10-17 17:03 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Dropbox 2014-05-07 11:13 - 2012-06-15 11:04 - 00001104 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-05-07 11:12 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2014-05-05 21:11 - 2011-03-29 09:06 - 00000000 ____D () C:\Users\Peter\.freemind 2014-05-05 09:38 - 2012-09-06 11:40 - 00000000 ____D () C:\Users\Peter\Documents\Team_Kommunikation 2014-05-02 12:19 - 2011-03-05 16:10 - 00000000 ____D () C:\Users\Peter\Documents\Kunden 2014-05-01 16:29 - 2012-08-25 11:41 - 00012946 _____ () C:\Users\Peter\Documents\Rollierende Projektliste.xlsx 2014-05-01 16:28 - 2011-03-05 16:10 - 00000000 ____D () C:\Users\Peter\Documents\Steuern 2014-05-01 14:09 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\rescache 2014-05-01 12:27 - 2014-04-17 12:03 - 00000000 ____D () C:\Program Files\CyberGhost 5 2014-05-01 11:15 - 2014-05-01 11:15 - 00000000 ____D () C:\Program Files (x86)\pdfforge Toolbar 2014-05-01 11:15 - 2014-05-01 11:15 - 00000000 ____D () C:\Program Files (x86)\Application Updater 2014-04-30 18:05 - 2012-10-24 16:34 - 00358682 _____ () C:\windows\PFRO.log 2014-04-30 18:02 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\PolicyDefinitions 2014-04-30 16:13 - 2011-08-30 13:13 - 00000000 ____D () C:\XingCommunityBoy 2014-04-29 16:01 - 2014-05-05 08:38 - 23547904 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2014-04-29 15:40 - 2014-05-05 08:38 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2014-04-29 14:48 - 2014-05-05 08:38 - 17384448 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2014-04-29 14:34 - 2014-05-05 08:38 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb 2014-04-29 10:02 - 2013-10-17 17:06 - 00000979 _____ () C:\Users\Peter\Desktop\Dropbox.lnk 2014-04-29 10:02 - 2013-10-17 17:04 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-04-29 10:02 - 2011-03-04 14:48 - 00000000 ___RD () C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-04-29 09:26 - 2012-04-10 14:26 - 00692400 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe 2014-04-29 09:26 - 2012-04-10 14:26 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater 2014-04-29 09:26 - 2011-05-17 09:45 - 00070832 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-04-28 18:50 - 2014-04-28 18:50 - 00000880 _____ () C:\Users\Peter\AppData\Local\recently-used.xbel 2014-04-28 18:50 - 2013-09-20 16:04 - 00000000 ____D () C:\Users\Peter\AppData\Local\gtk-2.0 2014-04-28 18:50 - 2013-09-20 16:00 - 00000000 ____D () C:\Users\Peter\.gimp-2.8 2014-04-28 16:48 - 2012-03-05 12:00 - 00000000 ____D () C:\Users\Peter\Documents\Selbstmanagement 2014-04-23 19:28 - 2014-04-21 11:16 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-04-23 19:25 - 2011-03-04 20:36 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\vlc 2014-04-23 19:00 - 2011-03-09 19:02 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\dvdcss 2014-04-22 09:40 - 2014-04-22 09:41 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys 2014-04-22 09:40 - 2014-04-22 09:41 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys 2014-04-22 09:40 - 2014-04-22 09:41 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys 2014-04-22 09:40 - 2014-04-22 09:41 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avkmgr.sys 2014-04-21 11:17 - 2014-04-21 11:17 - 00000000 ____D () C:\windows\System32\Tasks\Safer-Networking 2014-04-21 11:17 - 2014-04-21 11:16 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2 2014-04-21 11:16 - 2014-04-21 11:16 - 00001395 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk 2014-04-21 11:16 - 2014-04-21 11:16 - 00001383 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk 2014-04-21 11:16 - 2014-04-21 11:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 2014-04-21 11:14 - 2014-04-21 11:13 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\Peter\Downloads\spybot-2.2.25.exe 2014-04-18 16:23 - 2014-04-18 16:23 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Avira 2014-04-18 15:49 - 2014-04-18 15:49 - 00002070 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk 2014-04-18 15:49 - 2014-04-18 15:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-04-18 15:49 - 2014-04-18 15:49 - 00000000 ____D () C:\ProgramData\Avira 2014-04-18 15:49 - 2014-04-18 15:49 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-04-18 14:21 - 2014-04-18 14:21 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\WinRAR 2014-04-18 12:03 - 2014-04-18 12:03 - 00000000 ____D () C:\Users\Peter\Downloads\JDownloader 2014-04-18 12:02 - 2014-04-18 12:01 - 31419822 _____ () C:\Users\Peter\Downloads\JDownloader.zip 2014-04-18 11:28 - 2013-11-04 10:01 - 00000000 ____D () C:\ProgramData\Oracle 2014-04-18 11:27 - 2014-04-18 11:28 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe 2014-04-18 11:27 - 2014-04-18 11:27 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe 2014-04-18 11:27 - 2014-04-18 11:27 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe 2014-04-18 11:27 - 2014-04-18 11:27 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll 2014-04-18 11:27 - 2011-03-29 09:04 - 00000000 ____D () C:\Program Files (x86)\Java 2014-04-18 11:22 - 2013-03-05 12:16 - 00921512 _____ (Oracle Corporation) C:\Users\Peter\Downloads\jxpiinstall.exe 2014-04-18 11:20 - 2014-04-18 11:20 - 00448920 _____ () C:\Users\Peter\Downloads\Java.exe 2014-04-17 12:36 - 2014-04-17 12:05 - 00000000 ____D () C:\Users\Peter\AppData\Local\CyberGhost 2014-04-17 12:04 - 2014-04-17 12:03 - 00000000 ____D () C:\Program Files\TAP-Windows 2014-04-17 12:03 - 2014-04-17 12:03 - 00001728 _____ () C:\Users\Peter\Desktop\CyberGhost 5.lnk 2014-04-17 12:03 - 2014-04-17 12:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost 5 2014-04-17 11:59 - 2014-04-17 11:59 - 08566128 _____ (CyberGhost S.R.L. ) C:\Users\Peter\Downloads\CG_5.0.9.8chip.de.exe 2014-04-17 09:03 - 2012-04-27 21:50 - 00000000 ____D () C:\ProgramData\boost_interprocess 2014-04-16 19:48 - 2014-04-16 19:47 - 00004253 _____ () C:\windows\SysWOW64\jupdate-1.7.0_55-b13.log 2014-04-16 16:59 - 2014-04-16 16:59 - 00001337 _____ () C:\Users\Public\Desktop\NAVIGON Fresh.lnk 2014-04-16 16:59 - 2014-04-16 16:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NAVIGON 2014-04-16 16:50 - 2014-04-16 16:49 - 24186616 _____ (GARMIN Würzburg GmbH) C:\Users\Peter\Downloads\NAVIGON_Fresh_setup.exe 2014-04-16 16:41 - 2014-04-16 16:41 - 14459337 _____ () C:\Users\Peter\Downloads\N70Update_ForMacUser_v203.zip 2014-04-16 15:04 - 2014-04-16 15:04 - 00000000 ____D () C:\Program Files (x86)\NAVIGON 2014-04-16 10:14 - 2011-03-05 20:32 - 00000000 ____D () C:\Users\Peter\AppData\Local\Adobe 2014-04-11 09:24 - 2011-05-11 09:15 - 00000000 ____D () C:\Users\Peter\Documents\Eigene Scans 2014-04-11 08:17 - 2011-03-04 16:01 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-04-11 08:15 - 2013-08-04 10:46 - 00000000 ____D () C:\windows\system32\MRT 2014-04-11 08:10 - 2011-03-15 10:21 - 90655440 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe Files to move or delete: ==================== C:\Users\Peter\VitalSmarts Timer.exe Some content of TEMP: ==================== C:\Users\Peter\AppData\Local\Temp\avgnt.exe C:\Users\Peter\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpffktx0.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-04-29 14:35 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-05-2014 Ran by Peter at 2014-05-07 16:46:24 Running from C:\Users\Peter\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} ==================== Installed Programs ====================== Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft) 2007 Microsoft Office system (HKLM-x32\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation) 64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden 6500_E709_eDocs (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden 6500_E709_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden 6500_E709n (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated) Adobe AIR (x32 Version: 3.2.0.2070 - Adobe Systems Incorporated) Hidden Adobe Connect Add-in (HKCU\...\Adobe Connect Add-in) (Version: - ) Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated) Adobe Reader X (10.1.9) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated) ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: Version 7.107.1611.204 - Alps Electric) Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.26 - Atheros Communications Inc.) Audible Download Manager (HKLM-x32\...\AudibleDownloadManager) (Version: 6.6.0.15 - Audible, Inc.) Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira) Babylon toolbar on IE (HKLM-x32\...\BabylonToolbar) (Version: - ) <==== ATTENTION BabylonObjectInstaller (HKLM-x32\...\{83AA2913-C123-4146-85BD-AD8F93971D39}) (Version: 2.0.0.3 - Babylon Ltd) <==== ATTENTION Bing Bar (HKLM-x32\...\{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}) (Version: 7.0.609.0 - Microsoft Corporation) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden BPDSoftware (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden BufferChm (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden BURY Time Suite 1.33 (HKLM-x32\...\BURY Time Suite) (Version: 1.33 - Bury GmbH & Co. KG) calibre (HKLM-x32\...\{E25A469A-2E07-40F5-8B9E-C13B1358A431}) (Version: 1.16.0 - Kovid Goyal) CaptionViewer (HKLM-x32\...\CaptionViewer.875B232AD5397262F7F2ECC5D0505C84A908028B.1) (Version: v1 - UNKNOWN) CaptionViewer (x32 Version: 1 - UNKNOWN) Hidden CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.4.1.3099 - CDBurnerXP) Crucial Conversations Presentation (HKLM-x32\...\Crucial Conversations Presentation) (Version: 1.5.0.0 - VitalSmarts, LC) CyberGhost 5 (HKLM\...\CyberGhost VPN 5_is1) (Version: - CyberGhost S.R.L.) CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2626 - CyberLink Corp.) CyberLink YouCam (x32 Version: 3.0.2626 - CyberLink Corp.) Hidden Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden DeviceDiscovery (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden DocMgr (x32 Version: 140.0.65.000 - Ihr Firmenname) Hidden DocProc (x32 Version: 140.0.100.000 - Hewlett-Packard) Hidden Dropbox (HKCU\...\Dropbox) (Version: 2.6.31 - Dropbox, Inc.) Energy Management (HKLM-x32\...\{0CE226F3-EB27-4ECD-BBF5-F088716779FD}) (Version: 5.4.2.0 - Lenovo) Eraser 6.0.8.2273 (HKLM\...\{A7EEF79E-06B2-4382-9D2E-39DBA0F72D50}) (Version: 6.0.2273 - The Eraser Project) Fax (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden FileZilla Client 3.7.1 (HKLM-x32\...\FileZilla Client) (Version: 3.7.1 - FileZilla Project) Free YouTube to MP3 Converter version 3.12.25.223 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.25.223 - DVDVideoSoft Ltd.) FreeMind (HKLM-x32\...\B991B020-2968-11D8-AF23-444553540000_is1) (Version: 0.9.0_RC_10 - ) GIMP 2.8.6 (HKLM\...\GIMP-2_is1) (Version: 2.8.6 - The GIMP Team) Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden GoToMeeting 5.7.0.1172 (HKCU\...\GoToMeeting) (Version: 5.7.0.1172 - CitrixOnline) GPBaseService2 (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden GPL Ghostscript (HKLM\...\GPL Ghostscript 9.04) (Version: 9.04 - Artifex Software Inc.) GPL Ghostscript (HKLM\...\GPL Ghostscript 9.10) (Version: 9.10 - Artifex Software Inc.) HD Writer AE 4.0 (HKLM-x32\...\{DAC69A3A-89E6-4B70-B486-B974C2C95BE9}) (Version: 4.00.022.1031 - Panasonic Corporation) Hewlett-Packard ACLM.NET v1.1.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP) HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP) HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP) HP Officejet 6500 E709 Series (HKLM\...\{58D79E62-CFC8-4331-8469-3A1B16E1769C}) (Version: 14.0 - HP) HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP) HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP) HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP) HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.001 - Hewlett-Packard) HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden HPProductAssistant (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden HPSSupply (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.) Influencer Training Presentation (HKLM-x32\...\Influencer Training Presentation) (Version: 1.0.0.0 - VitalSmarts, LC) Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2119 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation) iSpring Free 6 (HKLM-x32\...\{08F14111-3EF5-4804-9C89-7969E535FC7B}) (Version: 6.0.0 - iSpring Solutions Inc.) iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.) Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle) Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle) Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden Kindle Previewer (HKCU\...\KindlePreviewer) (Version: 2.92 - Amazon) Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.2100 - Broadcom Corporation) Lenovo DirectShare (HKLM-x32\...\InstallShield_{B2164CCB-C002-4B80-8550-7535D80DF237}) (Version: 1.0.1.38 - ArcSoft) Lenovo DirectShare (x32 Version: 1.0.1.38 - ArcSoft) Hidden Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 2.10.0223.1 - Vimicro) Lenovo MuteSync (HKLM-x32\...\InstallShield_{C39EF9B4-0C4F-4D48-8665-8FD45BFF3961}) (Version: 1.0.0.3 - Lenovo) Lenovo MuteSync (x32 Version: 1.0.0.3 - Lenovo) Hidden Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.1230 - CyberLink Corp.) Lenovo OneKey Recovery (Version: 7.0.1230 - CyberLink Corp.) Hidden Lenovo ReadyComm 5 (HKLM-x32\...\{17542DBF-E17C-4562-BC4D-FA3EF3076C45}) (Version: 5.1.1.20 - Lenovo) Lenovo ReadyComm 5.0 Service (HKLM-x32\...\{76C66170-C538-4E77-B54D-48E136B5B533}) (Version: 5.0.0.1 - Lenovo Group Limited) Lenovo_Wireless_Driver (HKLM-x32\...\{28ABE740-47F3-441B-9437-852F6A64EFF8}) (Version: 1.02.01 - Lenovo) MarketResearch (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden MFC RunTime files (x32 Version: 1.0.0 - Extensoft) Hidden Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden Microsoft Default Manager (x32 Version: 2.1.55.0 - Microsoft Corporation) Hidden Microsoft IntelliPoint 8.0 (HKLM\...\{2BF35D84-6377-4F70-9F39-97CF67E67FFF}) (Version: 8.01.249.0 - Microsoft) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation) Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Professional Hybrid 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft SQL Server 2008 (64-bit) (HKLM\...\Microsoft SQL Server 10 Release) (Version: - Microsoft Corporation) Microsoft SQL Server 2008 (64-bit) (Version: - Microsoft Corporation) Hidden Microsoft SQL Server 2008 Browser (HKLM-x32\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.0.1600.22 - Microsoft Corporation) Microsoft SQL Server 2008 Common Files (Version: 10.0.1600.22 - Microsoft Corporation) Hidden Microsoft SQL Server 2008 Database Engine Services (Version: 10.0.1600.22 - Microsoft Corporation) Hidden Microsoft SQL Server 2008 Database Engine Shared (Version: 10.0.1600.22 - Microsoft Corporation) Hidden Microsoft SQL Server 2008 Native Client (HKLM\...\{C79A7EAB-9D6F-4072-8A6D-F8F54957CD93}) (Version: 10.0.1600.22 - Microsoft Corporation) Microsoft SQL Server 2008 RsFx Driver (Version: 10.0.1600.22 - Microsoft Corporation) Hidden Microsoft SQL Server 2008 Setup Support Files (English) (HKLM\...\{EB0A3BCB-B9DF-4906-B066-BDEC6E213B91}) (Version: 10.0.1600.22 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft SQL Server VSS Writer (HKLM\...\{0826F9E4-787E-481D-83E0-BC6A57B056D5}) (Version: 10.0.1600.22 - Microsoft Corporation) Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation) Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) MiniTool Partition Wizard Home Edition 6.0 (HKLM-x32\...\{067B277E-F94B-4F04-B380-BA967C00377C}_is1) (Version: - MiniTool Solution Ltd.) Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 11.300.05.13.40 - Huawei Technologies Co.,Ltd) Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla) MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MyTomTom 3.1.0.530 (HKLM-x32\...\MyTomTom) (Version: 3.1.0.530 - TomTom) NAVIGON Fresh 3.5.1 (HKLM-x32\...\NAVIGON Fresh) (Version: 3.5.1 - NAVIGON) Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden NewsLetter 1.5 (HKLM-x32\...\{E551E0A4-552F-4198-B59E-59F0BB784C90}_is1) (Version: - Ing. Schönberg Christian) Nur Deinstallierung der CopyTrans Suite möglich. (HKCU\...\CopyTrans Suite) (Version: 2.23 - WindSolutions) NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.59.37 - NVIDIA Corporation) NVIDIA Updatus (x32 Version: 1.0.3 - NVIDIA Corporation) Hidden OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP) Onekey Theater (HKLM-x32\...\{DFB19121-0609-49C1-92B1-546E5A940FE8}) (Version: 2.0.1.7 - Lenovo) OpenOffice.org 3.3 (HKLM-x32\...\{4286716B-1287-48E7-9078-3DC8248DBA96}) (Version: 3.3.9567 - OpenOffice.org) PDF Editor 3 (HKLM-x32\...\PDF Editor 3) (Version: - ) PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.0 - Frank Heindörfer, Philip Chinery) pdfforge Toolbar v9.1 (HKLM-x32\...\{E5E7189A-197A-4BC9-9548-083415C04E72}) (Version: 9.1 - Spigot, Inc.) <==== ATTENTION Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.4809d4 - CyberLink Corp.) ProductContext (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6093 - Realtek Semiconductor Corp.) Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30098 - Realtek Semiconductor Corp.) Scan (x32 Version: 140.0.167.000 - Hewlett-Packard) Hidden Screen Capturer (HKLM-x32\...\Screen Capturer) (Version: 1.0.4.42 - ScreenCapturer.com) SES Driver (HKLM\...\{D8CC254C-C671-4664-9A38-FA368D1E2C97}) (Version: 1.0.0 - Western Digital) Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP) Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.) SmartWebPrinting (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden SolutionCenter (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.) Sql Server Customer Experience Improvement Program (Version: 10.0.1600.22 - Microsoft Corporation) Hidden SQL2008_Runtimes (HKLM-x32\...\{AF5A145C-720D-4876-BCC9-372C79613884}) (Version: 1.0.0 - Triplog) Status (x32 Version: 140.0.256.000 - Hewlett-Packard) Hidden streamWriter (HKLM-x32\...\streamWriter_is1) (Version: - ) TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - ) TeamViewer 7 (HKLM-x32\...\TeamViewer 7) (Version: 7.0.14563 - TeamViewer) TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.) Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden TrayApp (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden Triplog Pro (HKLM-x32\...\{EA95570B-7768-44C1-9B96-282DDBBD6361}_is1) (Version: - Opus Group) Triplog Pro Maps Runtime Files 6.6 (HKLM-x32\...\{D76994E4-744D-4FE6-8006-1DB2B3CF13E4}) (Version: 1.0.0 - Triplog) TripLogMAPS D A CH (HKLM-x32\...\{33FDD3F3-4374-4BB3-998C-E3B1B6377869}_is1) (Version: - Opus Group) TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.0a - TrueCrypt Foundation) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_PROHYBRIDR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878297) 32-Bit Edition (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{9B1DEEA3-B4ED-49F0-9EF7-4A820EEEA7F1}) (Version: - Microsoft) Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft) Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft) Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft) Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft) Usenet.nl (HKLM-x32\...\Usenet.nl_is1) (Version: - ) Visitor 1.5 (HKLM-x32\...\{ABDA87DF-E9A5-4C5A-BE5C-63593915945D}_is1) (Version: - Ing. Schönberg Christian) Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.) VitalSmarts AIR Platform Presentation (HKLM-x32\...\com.vitalsmarts.flex.PresentationPlatformAIR.841C9457F1F64C88E9A92D419C90318F8D3FB2B3.1) (Version: 1.00 - VitalSmarts) VitalSmarts AIR Platform Presentation (x32 Version: 1.00 - VitalSmarts) Hidden VitalSmarts Instructional Platform (HKLM-x32\...\VitalSmarts Instructional Platform) (Version: 1.0.0.0 - VitalSmarts, LC) VitalSmarts Timer (HKLM-x32\...\VitalSmarts Timer) (Version: 1.0.0.0 - VitalSmarts, LC) VLC media player 2.0.5 (HKLM-x32\...\VLC media player) (Version: 2.0.5 - VideoLAN) WD SmartWare (HKLM\...\{23B47A34-0517-48DA-8B76-015DA8546893}) (Version: 1.5.1 - Western Digital) WebReg (x32 Version: 140.0.213.017 - Hewlett-Packard) Hidden Windows Driver Package - Broadcom (BTHUSB) Bluetooth (04/08/2010 6.3.5.430) (HKLM\...\DE7217D2A8B057F15EC6E52329FDAB84231521E8) (Version: 04/08/2010 6.3.5.430 - Broadcom) Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom) Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM (01/19/2011 1.0.0009.0) (HKLM\...\4CA7CFBB29889F25ACB3DF6E3A42BAE29EB43B20) (Version: 01/19/2011 1.0.0009.0 - Western Digital Technologies) Windows Live Call (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden Windows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation) Windows Live Essentials (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden Windows Live Fotogalerie (x32 Version: 14.0.8081.709 - Microsoft Corporation) Hidden Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation) Windows Live Mail (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden Windows Live Messenger (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden Windows Live Movie Maker (x32 Version: 14.0.8091.0730 - Microsoft Corporation) Hidden Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation) Windows Live Toolbar (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden Windows Live Writer (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation) Windows-Treiberpaket - FTDI CDM Driver Package (02/17/2009 2.04.16) (HKLM\...\2DC0AA065FA83047D7ECD51C7000C1620D79A4C5) (Version: 02/17/2009 2.04.16 - FTDI) Windows-Treiberpaket - FTDI CDM Driver Package (02/17/2009 2.04.16) (HKLM\...\51A4D522DD31538335EF5736F0E7F588C70BCB12) (Version: 02/17/2009 2.04.16 - FTDI) Windows-Treiberpaket - FTDI CDM Driver Package (10/22/2009 2.06.00) (HKLM\...\3134FEF0E1D959EC0CC2E458C94B7057B2AC0CC9) (Version: 10/22/2009 2.06.00 - FTDI) Windows-Treiberpaket - FTDI CDM Driver Package (10/22/2009 2.06.00) (HKLM\...\88EB56038379B8B7DCFB4D2448A60F52E064B265) (Version: 10/22/2009 2.06.00 - FTDI) Windows-Treiberpaket - Lenovo (ACPIVPC) System (10/19/2009 5.4.0.1) (HKLM\...\0A4175B489A1B4A6E07E11B063A6263480C51D71) (Version: 10/19/2009 5.4.0.1 - Lenovo) Wise Disk Cleaner 7.67 (HKLM-x32\...\Wise Disk Cleaner_is1) (Version: - WiseCleaner.com, Inc.) Wise Registry Cleaner 7.52 (HKLM-x32\...\Wise Registry Cleaner_is1) (Version: - WiseCleaner.com, Inc.) Xaldon WebSpider2 (HKLM-x32\...\WebSpider2) (Version: - ) XiButler 1.0 (HKLM-x32\...\XiButler_0) (Version: 1.0 - Ing. SCHOENBERG Christian) Xing - Community Boy 1.5 (HKLM-x32\...\{877BE40D-C03D-4E82-9E2A-140484459122}_is1) (Version: - Ing. Schönberg Christian) XnView 1.98.2 (HKLM-x32\...\XnView_is1) (Version: 1.98.2 - Gougelet Pierre-e) ==================== Restore Points ========================= 17-04-2014 10:04:05 Gerätetreiber-Paketinstallation: TAP-Windows Provider V9 Netzwerkadapter 18-04-2014 09:24:03 Removed Java 7 Update 55 18-04-2014 09:26:27 Installed Java 7 Update 55 25-04-2014 12:42:05 Geplanter Prüfpunkt 30-04-2014 07:25:36 Windows Update 05-05-2014 06:36:37 Windows Update ==================== Hosts content: ========================== 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {1C69169B-9EBC-4B96-AF87-7D0789C7099D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-06-15] (Google Inc.) Task: {7A01FA0D-CEA3-4649-9E83-FD9537EB45B4} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {98E39443-CDD5-4907-A870-379EB523F3D8} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe Task: {9B9C8455-A7FA-4526-BDFC-7B9DEE621C83} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-01-07] (Microsoft Corporation) Task: {A744E9B0-A9F4-42A8-9459-BA21C5C158D7} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe Task: {C05203E0-7914-4FB0-852F-731DAA5E547E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-06-15] (Google Inc.) Task: {C589CF64-BFD3-44EA-BFA0-73BAF793B9BE} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: {CC8C3502-6D69-4FD2-B331-C97DB50A853B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe Task: {D95C780A-4AD6-4E34-B205-591CC294C94C} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-29] (Adobe Systems Incorporated) Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2011-03-04 15:32 - 2005-03-12 01:07 - 00087040 _____ () C:\windows\System32\pdfcmnnt.dll 2012-06-18 17:27 - 2012-06-18 17:27 - 00018432 _____ () C:\Users\Peter\AppData\LocalLow\ColorZillaStats\IE\ColorZillaStatsUpdater.exe 2010-08-27 12:40 - 2009-12-19 04:52 - 00201120 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect64.dll 2010-08-27 12:40 - 2009-12-19 04:53 - 00156576 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll64.dll 2010-08-27 12:44 - 2009-07-15 17:55 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll 2010-08-27 12:44 - 2009-07-15 17:55 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll 2010-08-27 12:40 - 2009-12-19 04:52 - 00100256 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe 2010-01-02 16:42 - 2010-01-02 16:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll 2010-11-02 09:33 - 2010-11-02 09:33 - 01083392 _____ () C:\Program Files\Western Digital\WD SmartWare\System.Data.SQLite.dll 2014-04-18 15:49 - 2012-09-19 19:17 - 00397088 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll 2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-02-06 01:52 - 2014-02-06 01:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2010-08-27 12:40 - 2009-12-19 04:50 - 00161696 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll 2010-08-27 12:40 - 2009-12-19 04:51 - 00133024 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll32.dll 2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll 2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll 2014-05-07 11:14 - 2014-05-07 11:14 - 00041984 _____ () c:\users\peter\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpffktx0.dll 2013-10-19 01:55 - 2013-10-19 01:55 - 25100288 _____ () C:\Users\Peter\AppData\Roaming\Dropbox\bin\libcef.dll 2014-04-21 11:16 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl 2014-04-21 11:16 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl 2011-01-17 17:19 - 2012-02-09 14:47 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll 2013-07-10 18:07 - 2013-07-10 18:07 - 00756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL 2014-04-21 11:16 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll 2014-04-21 11:16 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl 2014-04-21 11:16 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll 2014-02-13 12:14 - 2014-02-13 12:14 - 00170496 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\a49f11fc4544aadc51c504f0ee3c1028\IsdiInterop.ni.dll 2010-08-27 12:02 - 2010-03-03 22:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll 2014-03-31 12:26 - 2014-03-31 12:26 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service" ==================== EXE Association (whitelisted) ============= ==================== Disabled items from MSCONFIG ============== ==================== Faulty Device Manager Devices ============= Name: Broadcom BCM2070 Bluetooth 2.1+EDR USB Device Description: Broadcom BCM2070 Bluetooth 2.1+EDR USB Device Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974} Manufacturer: Broadcom Service: BTHUSB Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Officejet 6500 E709n Description: Officejet 6500 E709n Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318} Manufacturer: HP Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: HP Color LaserJet 2600n Description: HP Color LaserJet 2600n Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: HP LaserJet P2055dn Description: HP LaserJet P2055dn Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: HP LaserJet P2055dn Description: HP LaserJet P2055dn Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: hp color LaserJet 4650 Description: hp color LaserJet 4650 Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (05/07/2014 11:35:14 AM) (Source: Application Error) (User: ) (EventID: 1000) Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4 Name des fehlerhaften Moduls: SHELL32.dll, Version: 6.1.7601.18222, Zeitstempel: 0x51f1ddfa Ausnahmecode: 0xc000041d Fehleroffset: 0x000000000005055a ID des fehlerhaften Prozesses: 0x2c4 Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0 Pfad der fehlerhaften Anwendung: Explorer.EXE1 Pfad des fehlerhaften Moduls: Explorer.EXE2 Berichtskennung: Explorer.EXE3 Error: (05/07/2014 11:35:09 AM) (Source: Application Error) (User: ) (EventID: 1000) Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4 Name des fehlerhaften Moduls: SHELL32.dll, Version: 6.1.7601.18222, Zeitstempel: 0x51f1ddfa Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000005055a ID des fehlerhaften Prozesses: 0x2c4 Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0 Pfad der fehlerhaften Anwendung: Explorer.EXE1 Pfad des fehlerhaften Moduls: Explorer.EXE2 Berichtskennung: Explorer.EXE3 Error: (05/07/2014 11:34:45 AM) (Source: Application Error) (User: ) (EventID: 1000) Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4 Name des fehlerhaften Moduls: SHELL32.dll, Version: 6.1.7601.18222, Zeitstempel: 0x51f1ddfa Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000005055a ID des fehlerhaften Prozesses: 0x1328 Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0 Pfad der fehlerhaften Anwendung: Explorer.EXE1 Pfad des fehlerhaften Moduls: Explorer.EXE2 Berichtskennung: Explorer.EXE3 Error: (05/07/2014 11:34:01 AM) (Source: Application Error) (User: ) (EventID: 1000) Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4 Name des fehlerhaften Moduls: SHELL32.dll, Version: 6.1.7601.18222, Zeitstempel: 0x51f1ddfa Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000005055a ID des fehlerhaften Prozesses: 0x998 Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0 Pfad der fehlerhaften Anwendung: Explorer.EXE1 Pfad des fehlerhaften Moduls: Explorer.EXE2 Berichtskennung: Explorer.EXE3 Error: (05/07/2014 10:28:29 AM) (Source: Bonjour Service) (User: ) (EventID: 100) Description: Task Scheduling Error: m->NextScheduledSPRetry 6724 Error: (05/07/2014 10:28:29 AM) (Source: Bonjour Service) (User: ) (EventID: 100) Description: Task Scheduling Error: m->NextScheduledEvent 6724 Error: (05/07/2014 10:28:29 AM) (Source: Bonjour Service) (User: ) (EventID: 100) Description: Task Scheduling Error: Continuously busy for more than a second Error: (05/07/2014 10:28:28 AM) (Source: Bonjour Service) (User: ) (EventID: 100) Description: Task Scheduling Error: m->NextScheduledSPRetry 5678 Error: (05/07/2014 10:28:28 AM) (Source: Bonjour Service) (User: ) (EventID: 100) Description: Task Scheduling Error: m->NextScheduledEvent 5678 Error: (05/07/2014 10:28:28 AM) (Source: Bonjour Service) (User: ) (EventID: 100) Description: Task Scheduling Error: Continuously busy for more than a second System errors: ============= Error: (05/07/2014 11:18:12 AM) (Source: Service Control Manager) (User: ) (EventID: 7000) Description: Der Dienst "ReadyComm.DirectRouter" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (05/07/2014 11:14:13 AM) (Source: Service Control Manager) (User: ) (EventID: 7001) Description: Der Dienst "WDFMEService" ist vom Dienst "WDRulesService" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1053 Error: (05/07/2014 11:14:12 AM) (Source: Service Control Manager) (User: ) (EventID: 7000) Description: Der Dienst "Spybot-S&D 2 Updating Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (05/07/2014 11:14:12 AM) (Source: Service Control Manager) (User: ) (EventID: 7009) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Updating Service erreicht. Error: (05/07/2014 11:13:54 AM) (Source: DCOM) (User: NT-AUTORITÄT) (EventID: 10016) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (05/07/2014 11:13:41 AM) (Source: Service Control Manager) (User: ) (EventID: 7000) Description: Der Dienst "WDRulesService" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (05/07/2014 11:13:41 AM) (Source: Service Control Manager) (User: ) (EventID: 7009) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst WDRulesService erreicht. Error: (05/07/2014 11:13:00 AM) (Source: Service Control Manager) (User: ) (EventID: 7000) Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (05/07/2014 11:13:00 AM) (Source: Service Control Manager) (User: ) (EventID: 7009) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht. Error: (05/07/2014 11:10:58 AM) (Source: DCOM) (User: ) (EventID: 10010) Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF} Microsoft Office Sessions: ========================= Error: (03/27/2014 04:58:58 PM) (Source: Microsoft Office 12 Sessions) (User: ) (EventID: 7001) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 542386 seconds with 35160 seconds of active time. This session ended with a crash. Error: (08/23/2013 11:05:36 AM) (Source: Microsoft Office 12 Sessions) (User: ) (EventID: 7001) Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 152564 seconds with 7440 seconds of active time. This session ended with a crash. Error: (07/09/2012 03:31:19 PM) (Source: Microsoft Office 12 Sessions) (User: ) (EventID: 7001) Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 427100 seconds with 8880 seconds of active time. This session ended with a crash. CodeIntegrity Errors: =================================== Date: 2013-11-29 09:20:31.389 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-07-19 10:03:43.401 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-07-19 10:01:33.177 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-07-19 09:59:45.149 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-07-16 10:07:32.113 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-07-16 08:15:42.961 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-07-16 08:05:00.979 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-06-13 22:03:21.378 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-06-13 22:02:21.095 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-06-11 22:04:41.468 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Percentage of memory in use: 64% Total physical RAM: 3892.43 MB Available physical RAM: 1372.29 MB Total Pagefile: 7783.03 MB Available Pagefile: 4772.5 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:420.33 GB) (Free:204.75 GB) NTFS Drive d: (LENOVO) (Fixed) (Total:30.48 GB) (Free:29.48 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 4BF6A0C1) Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=420 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=30 GB) - (Type=OF Extended) Partition 4: (Not Active) - (Size=15 GB) - (Type=12) ==================== End Of Log ============================ Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1) Log created at 16:25 on 07/05/2014 (Peter) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- Danke vorab für eure Hilfe Peter
__________________ Peter Windows 8.1 64 bit Firefox (immer neueste Version) Av Antivir |
08.05.2014, 10:33 | #2 |
/// the machine /// TB-Ausbilder | Feindliche Übernahme meines Emailkontos versendet Spam hi,
__________________Revo Uninstaller - Download - Filepony Damit alles deinstallieren was Du in der Additional.txt findest mit dem Zusatz <== ATTENTION Mit Revo auch Moderat die Reste entfernen lassen. Scan mit Combofix
__________________ |
08.05.2014, 12:15 | #3 |
| Feindliche Übernahme meines Emailkontos versendet Spam OK, alles so gemacht.
__________________Hier das log... Code:
ATTFilter ComboFix 14-05-07.03 - Peter 08.05.2.014 12:23:07.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3892.2044 [GMT 2:00] ausgeführt von:: c:\users\Peter\Desktop\ComboFix.exe AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859} SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4} SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Peter\AppData\Roaming\Microsoft\Windows\Templates\install_flashplayer11x64_mssd_aih_de.exe c:\users\Peter\g2mdlhlpx.exe c:\windows\s.bat . . ((((((((((((((((((((((((((((((((((((((( Treiber/Dienste ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_OxFWLF . . ((((((((((((((((((((((( Dateien erstellt von 2014-04-08 bis 2014-05-08 )))))))))))))))))))))))))))))) . . 2014-05-08 10:33 . 2014-05-08 10:33 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-05-08 10:33 . 2014-05-08 10:33 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2014-05-08 09:44 . 2014-05-08 09:44 -------- d-----w- c:\program files (x86)\VS Revo Group 2014-05-08 05:21 . 2014-05-08 05:21 -------- d-s---w- c:\windows\system32\CompatTel 2014-05-07 14:28 . 2014-05-07 15:15 -------- d-----w- C:\FRST 2014-05-07 08:13 . 2014-04-14 02:24 465408 ----a-w- c:\windows\system32\aepdu.dll 2014-05-07 08:13 . 2014-04-14 02:19 424448 ----a-w- c:\windows\system32\aeinv.dll 2014-05-05 06:38 . 2014-04-29 14:01 23547904 ----a-w- c:\windows\system32\mshtml.dll 2014-05-05 06:38 . 2014-04-29 13:40 2724864 ----a-w- c:\windows\system32\mshtml.tlb 2014-05-05 06:38 . 2014-04-29 12:34 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb 2014-05-01 09:15 . 2014-05-01 09:15 -------- d-----w- c:\program files (x86)\Common Files\Spigot 2014-04-30 07:29 . 2014-03-06 06:00 359936 ----a-w- c:\program files\Internet Explorer\IEShims.dll 2014-04-22 07:41 . 2014-04-22 07:40 84720 ----a-w- c:\windows\system32\drivers\avnetflt.sys 2014-04-22 07:41 . 2014-04-22 07:40 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys 2014-04-22 07:41 . 2014-04-22 07:40 131576 ----a-w- c:\windows\system32\drivers\avipbb.sys 2014-04-22 07:41 . 2014-04-22 07:40 108440 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2014-04-21 09:16 . 2013-09-20 08:49 21040 ----a-w- c:\windows\system32\sdnclean64.exe 2014-04-21 09:16 . 2014-04-23 17:28 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2014-04-21 09:16 . 2014-04-21 09:17 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2 2014-04-18 14:23 . 2014-04-18 14:23 -------- d-----w- c:\users\Peter\AppData\Roaming\Avira 2014-04-18 13:49 . 2014-04-18 13:49 -------- d-----w- c:\programdata\Avira 2014-04-18 13:49 . 2014-04-18 13:49 -------- d-----w- c:\program files (x86)\Avira 2014-04-18 09:28 . 2014-04-18 09:28 -------- d-----w- c:\program files (x86)\Common Files\Java 2014-04-18 09:27 . 2014-04-18 09:27 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2014-04-17 15:09 . 2014-04-17 15:33 -------- d-----w- c:\users\Peter\AppData\Roaming\UseNeXT 2014-04-17 10:05 . 2014-04-17 10:36 -------- d-----w- c:\users\Peter\AppData\Local\CyberGhost 2014-04-17 10:03 . 2014-04-17 10:04 -------- d-----w- c:\program files\TAP-Windows 2014-04-17 10:03 . 2014-05-01 10:27 -------- d-----w- c:\program files\CyberGhost 5 2014-04-17 06:16 . 2014-03-20 06:52 10521840 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2200CBCE-E2DE-4AA2-9898-7D81744A8078}\mpengine.dll 2014-04-16 13:04 . 2014-04-16 13:04 -------- d-----w- c:\program files (x86)\NAVIGON . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-04-29 07:26 . 2012-04-10 12:26 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2014-04-29 07:26 . 2011-05-17 07:45 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2014-04-11 06:10 . 2011-03-15 08:21 90655440 ----a-w- c:\windows\system32\MRT.exe 2014-03-31 07:35 . 2011-03-05 12:21 270496 ------w- c:\windows\system32\MpSigStub.exe 2014-03-04 09:17 . 2014-04-10 07:15 44032 ----a-w- c:\windows\apppatch\acwow64.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{59F7FE53-2860-44B1-968A-E54E3E949A07}] 2012-06-18 15:27 269824 ----a-w- c:\users\Peter\AppData\LocalLow\ColorZillaStats\IE\ColorZillaStats.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 131248 ----a-w- c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 131248 ----a-w- c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 131248 ----a-w- c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-11-20 59720] "ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-11-20 59720] "CyberGhost"="c:\program files\CyberGhost 5\CyberGhost.EXE" [2014-04-29 404080] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-03 284696] "MuteSync"="c:\progra~2\Lenovo\LENOVO~1\MuteSync.exe" [2009-12-28 336384] "331BigDog"="c:\program files (x86)\USB Camera\VM331_STI.EXE" [2010-01-15 536576] "UCam_Menu"="c:\program files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504] "YouCam Mirror Tray icon"="c:\program files (x86)\Lenovo\YouCam\YouCamTray.exe" [2010-03-02 171104] "UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408] "Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-05 43848] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-01-17 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-02-21 152392] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336] "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-04-22 689744] "SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "WLStart"="c:\program files (x86)\Windows Live\Installer\wlstart.exe" [2009-07-26 786760] . c:\users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Peter\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-4-18 33604728] OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Audible Download Manager.lnk - c:\program files (x86)\Audible\Bin\AudibleDownloadHelper.exe /Startup [2011-3-14 2125472] Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2010-5-10 1083680] HD Writer.lnk - c:\program files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe [2013-2-1 292736] HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2010-5-28 276328] WD Quick View.lnk - c:\program files\Western Digital\WD SmartWare\WDDMStatus.exe [2011-8-1 4221840] XiButler.lnk - c:\program files (x86)\XiButler24\XING 01.exe [2011-8-15 1523200] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;c:\windows\System32\IgrsSvcs.exe;c:\windows\SYSNATIVE\IgrsSvcs.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x] R3 Bridge0;Bridge0;c:\windows\system32\drivers\WDBridge.sys;c:\windows\SYSNATIVE\drivers\WDBridge.sys [x] R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys;c:\windows\SYSNATIVE\drivers\btusbflt.sys [x] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 IGRS;IGRS;c:\program files (x86)\Lenovo\ReadyComm\common\IGRS.exe;c:\program files (x86)\Lenovo\ReadyComm\common\IGRS.exe [x] R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x] R3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;c:\program files\Lenovo\ReadyComm\AppSvc.exe;c:\program files\Lenovo\ReadyComm\AppSvc.exe [x] R3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;c:\program files\Lenovo\ReadyComm\ConnSvc.exe;c:\program files\Lenovo\ReadyComm\ConnSvc.exe [x] R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x] R3 PS_MDP;ReadyComm Presentation Space Helper Service;c:\windows\System32\IgrsSvcs.exe;c:\windows\SYSNATIVE\IgrsSvcs.exe [x] R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys;c:\windows\SYSNATIVE\pwdrvio.sys [x] R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys;c:\windows\SYSNATIVE\pwdspio.sys [x] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x] R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys;c:\windows\SYSNATIVE\DRIVERS\Rts516xIR.sys [x] R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x] R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x] R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x] R4 RsFx0102;RsFx0102 Driver;c:\windows\system32\DRIVERS\RsFx0102.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0102.sys [x] R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x] S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys;c:\windows\SYSNATIVE\DRIVERS\LhdX64.sys [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x] S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x] S2 BuryLoggerSyncService;BuryLoggerSyncService;c:\program files (x86)\BURY Time Suite\BuryLoggerSyncService.exe;c:\program files (x86)\BURY Time Suite\BuryLoggerSyncService.exe [x] S2 CGVPNCliService;CyberGhost VPN 5 Client Service;c:\program files\CyberGhost 5\Service.exe;c:\program files\CyberGhost 5\Service.exe [x] S2 ColorZillaStatsUpdater;ColorZillaStats Updater;c:\users\Peter\AppData\LocalLow\ColorZillaStats\IE\ColorZillaStatsUpdater.exe;c:\users\Peter\AppData\LocalLow\ColorZillaStats\IE\ColorZillaStatsUpdater.exe [x] S2 FirebirdGuardianBURYTIMESUITE;Firebird Guardian - BURYTIMESUITE;c:\program files (x86)\FirebirdSQL\bin\fbguard.exe;c:\program files (x86)\FirebirdSQL\bin\fbguard.exe [x] S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x] S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x] S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x] S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x] S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [x] S2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WDDMService.exe;c:\program files\Western Digital\WD SmartWare\WDDMService.exe [x] S2 WDFMEService;WDFMEService;c:\program files\Western Digital\WD SmartWare\WDFME.exe;c:\program files\Western Digital\WD SmartWare\WDFME.exe [x] S2 WDRulesService;WDRulesService;c:\program files\Western Digital\WD SmartWare\WDRulesEngine.exe;c:\program files\Western Digital\WD SmartWare\WDRulesEngine.exe [x] S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys;c:\windows\SYSNATIVE\DRIVERS\AcpiVpc.sys [x] S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x] S3 FirebirdServerBURYTIMESUITE;Firebird Server - BURYTIMESUITE;c:\program files (x86)\FirebirdSQL\bin\fbserver.exe;c:\program files (x86)\FirebirdSQL\bin\fbserver.exe [x] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x] S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x] S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x] S3 vm331avs;Digital Camera 1;c:\windows\system32\Drivers\vm331avs.sys;c:\windows\SYSNATIVE\Drivers\vm331avs.sys [x] S3 wdmirror;wdmirror;c:\windows\system32\DRIVERS\WDMirror.sys;c:\windows\SYSNATIVE\DRIVERS\WDMirror.sys [x] . . --- Andere Dienste/Treiber im Speicher --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] IgrsSvcs REG_MULTI_SZ ReadyComm.DirectRouter PS_MDP <NO NAME> REG_SZ hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Inhalt des "geplante Tasks" Ordners . 2014-05-08 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 07:26] . 2014-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-15 09:04] . 2014-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-15 09:04] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 164016 ----a-w- c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 164016 ----a-w- c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 164016 ----a-w- c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 164016 ----a-w- c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-07 17412200] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-20 10151968] "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-04-20 908320] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2010-04-05 345896] "OnekeyStudio"="c:\program files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe" [2009-12-19 776608] "EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\utility.exe" [2010-04-21 4462496] "Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2010-04-21 7069088] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-01-07 2328944] "Eraser"="c:\progra~1\Eraser\Eraser.exe" [2010-11-04 980368] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=c:\windows\System32\nvinitx.dll . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://search.babylon.com/?affID=109958&babsrc=HP_ss&mntrId=f043aa0200000000000000ffce0d75f5 uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: Bild an &Bluetooth-Gerät senden... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: Seite an &Bluetooth-Gerät senden... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 217.0.43.177 FF - ProfilePath - c:\users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\tlvto6h5.default\ FF - prefs.js: browser.search.selectedEngine - Google Deutschland FF - prefs.js: browser.startup.homepage - hxxp://www.*****.de/coaching/unternehmer-coaching/leitfragen/ FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3205366&SearchSource=2&q= FF - prefs.js: network.proxy.type - 4 FF - ExtSQL: !HIDDEN! 2012-02-02 18:25; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109958 FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.id - f043aa0200000000000000ffce0d75f5 FF - user.js: extensions.BabylonToolbar_i.hardId - f043aa0200000000000000ffce0d75f5 FF - user.js: extensions.BabylonToolbar_i.instlDay - 15533 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1713:17 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - base FF - user.js: extensions.BabylonToolbar_i.instlRef - sst . - - - - Entfernte verwaiste Registrierungseinträge - - - - . Toolbar-Locked - (no file) Notify-SDWinLogon - SDWinLogon.dll SafeBoot-mcmscsvc SafeBoot-MCODS HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll Toolbar-Locked - (no file) . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Weitere laufende Prozesse ------------------------ . c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE . ************************************************************************** . Zeit der Fertigstellung: 2014-05-08 12:59:21 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2014-05-08 10:59 . Vor Suchlauf: 14 Verzeichnis(se), 235.375.853.568 Bytes frei Nach Suchlauf: 19 Verzeichnis(se), 240.897.310.720 Bytes frei . - - End Of File - - 0C9AE3865D872EB2DEDD17FC4783E03B
__________________ |
09.05.2014, 10:04 | #4 |
/// the machine /// TB-Ausbilder | Feindliche Übernahme meines Emailkontos versendet Spam Downloade Dir bitte Malwarebytes Anti-Malware
Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
09.05.2014, 13:12 | #5 |
| Feindliche Übernahme meines Emailkontos versendet Spam Soooo... auch diese Schritte habe ich alle erledigt. Frage: auf irgendeiner anderen Seite begegnete mir der Tipp, die TRojaner verstecken sich so gut, man müsste von einer bootable CD aus danach suchen, sonst findet man die nicht. Was ist da dran? Ansonszten her die logs: malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 09.05.2014 Suchlauf-Zeit: 12:34:42 Logdatei: mbam20140509.txt Administrator: Ja Version: 2.00.1.1004 Malware Datenbank: v2014.05.09.05 Rootkit Datenbank: v2014.03.27.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Chameleon: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Peter Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 312626 Verstrichene Zeit: 49 Min, 22 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Shuriken: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 2 PUP.Optional.PriceGong.A, HKU\S-1-5-21-4044840459-2837241131-3378573868-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\PriceGong, Löschen bei Neustart, [cf31c43cc53b46ba0bee89035ba76c94], PUP.Optional.Softonic.A, HKU\S-1-5-21-4044840459-2837241131-3378573868-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, Löschen bei Neustart, [26daf907758bb14f5d9a2957be4428d8], Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 1 PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings, In Quarantäne, [e61ac04025db50b06534e294c2400cf4], Dateien: 33 PUP.Optional.BundleInstaller.A, C:\Users\Peter\Downloads\Java.exe, In Quarantäne, [f0108b75ab5590705570430023de18e8], PUP.Optional.Babylon.A, C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\tlvto6h5.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.aflt", "babsst");), Ersetzt,[669a49b716ea0af6e93aa6c64cb82cd4] PUP.Optional.Babylon.A, C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\tlvto6h5.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.babExt", "");), Ersetzt,[b14fea16fa06a25eca592844c93ba858] PUP.Optional.Babylon.A, C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\tlvto6h5.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.babTrack", "affID=109958");), Ersetzt,[b44cf10f59a7ba46ad76fb711ce8d42c] PUP.Optional.Babylon.A, C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\tlvto6h5.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.hardId", "f043aa0200000000000000ffce0d75f5");), Ersetzt,[cb3523dd39c7778960c398d414f012ee] PUP.Optional.Babylon.A, C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\tlvto6h5.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.id", "f043aa0200000000000000ffce0d75f5");), Ersetzt,[a65abc44bb452bd50b183f2d45bf2cd4] PUP.Optional.Babylon.A, C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\tlvto6h5.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.instlDay", "15533");), Ersetzt,[45bb808006fa659ba182dd8f8a7aab55] PUP.Optional.Babylon.A, C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\tlvto6h5.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.instlRef", "sst");), Ersetzt,[0ef201ff42be44bcc1621b51a65ed927] PUP.Optional.Babylon.A, C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\tlvto6h5.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");), Ersetzt,[47b9738dd52bbd4344dff07c6d97db25] PUP.Optional.Babylon.A, C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\tlvto6h5.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");), Ersetzt,[2ed2728e7a86bf4181a2006c8a7a6a96] PUP.Optional.Babylon.A, C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\tlvto6h5.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.smplGrp", "none");), Ersetzt,[23dd679936caed130221274521e3f30d] PUP.Optional.Babylon.A, C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\tlvto6h5.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.srcExt", "ss");), Ersetzt,[926e5da3db25f40c7ba8c3a9c4408878] PUP.Optional.Babylon.A, C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\tlvto6h5.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.tlbrId", "base");), Ersetzt,[aa566e9270905ba5e83bd29a020212ee] PUP.Optional.Babylon.A, C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\tlvto6h5.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");), Ersetzt,[f30d0000f10f35cb44df2b4140c48e72] PUP.Optional.Babylon.A, C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\tlvto6h5.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1713:17:11");), Ersetzt,[ab55b749b44c3bc58a992b4130d4817f] PUP.Optional.Babylon.A, C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\tlvto6h5.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");), Ersetzt,[27d9ed13d729d22ec16282ea53b1fd03] PUP.Optional.Conduit.A, C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\tlvto6h5.default\prefs.js, Gut: (), Schlecht: (user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3205366&SearchSource=2&q=");), Ersetzt,[ed13ae52738d40c0571ce8848f756f91] PUP.Optional.Conduit.A, C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\tlvto6h5.default\prefs.js, Gut: (), Schlecht: (user_pref("ct1561552.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3205366&SearchSource=2&q=");), Ersetzt,[3ec2ee12a45c946ccbbe7eeea460768a] PUP.Optional.Babylon.A, C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\tlvto6h5.default\user.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.babTrack", "affID=109958");), Ersetzt,[b050d62a34cc56aae8b5fe6d55afff01] PUP.Optional.Babylon.A, C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\tlvto6h5.default\user.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.babExt", "");), Ersetzt,[a45c20e0cc34a9578e0f3f2cf50ff010] PUP.Optional.Babylon.A, C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\tlvto6h5.default\user.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.srcExt", "ss");), Ersetzt,[857be51be11fca36dfbe016af80c2cd4] PUP.Optional.Babylon.A, C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\tlvto6h5.default\user.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.id", "f043aa0200000000000000ffce0d75f5");), Ersetzt,[bd43f40c41bfe917603de4876b999d63] PUP.Optional.Babylon.A, C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\tlvto6h5.default\user.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.hardId", "f043aa0200000000000000ffce0d75f5");), Ersetzt,[14eccf31699731cf5f3e5b10d232ae52] PUP.Optional.Babylon.A, C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\tlvto6h5.default\user.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.instlDay", "15533");), Ersetzt,[d729768a5ea25da306973e2d1ce83dc3] PUP.Optional.Babylon.A, C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\tlvto6h5.default\user.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");), Ersetzt,[ea1628d823dd07f9603de28923e14fb1] PUP.Optional.Babylon.A, C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\tlvto6h5.default\user.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");), Ersetzt,[0bf5d52b3ac66e92abf2b4b77a8a7987] PUP.Optional.Babylon.A, C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\tlvto6h5.default\user.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1713:17:11");), Ersetzt,[7d83bf414ab634cc4855ff6cdc2851af] PUP.Optional.Babylon.A, C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\tlvto6h5.default\user.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");), Ersetzt,[04fc946c669af60aa3fa3536bc48cd33] PUP.Optional.Babylon.A, C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\tlvto6h5.default\user.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");), Ersetzt,[619ffd03738de11f019c581381836d93] PUP.Optional.Babylon.A, C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\tlvto6h5.default\user.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.aflt", "babsst");), Ersetzt,[0af69d6332ce4bb5435a0e5d55af669a] PUP.Optional.Babylon.A, C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\tlvto6h5.default\user.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.smplGrp", "none");), Ersetzt,[2ed2976908f8b749960782e9cb39817f] PUP.Optional.Babylon.A, C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\tlvto6h5.default\user.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.tlbrId", "base");), Ersetzt,[52aed729a95788785a43a2c9af5517e9] PUP.Optional.Babylon.A, C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\tlvto6h5.default\user.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.instlRef", "sst");), Ersetzt,[d32d8878ff016f9109948ae1c83cb050] Physische Sektoren: 0 (No malicious items detected) (end) Code:
ATTFilter # AdwCleaner v3.207 - Bericht erstellt am 09/05/2014 um 13:13:45 # Aktualisiert 05/05/2014 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzername : Peter - BÜRO-PC-LEONOVO # Gestartet von : C:\Users\Peter\Downloads\adwcleaner.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\ProgramData\Babylon Ordner Gelöscht : C:\Program Files (x86)\Conduit Ordner Gelöscht : C:\Program Files (x86)\Common Files\Spigot Ordner Gelöscht : C:\windows\SysWOW64\hotspot shield Ordner Gelöscht : C:\Users\Peter\AppData\Local\Conduit Ordner Gelöscht : C:\Users\Peter\AppData\LocalLow\Conduit Ordner Gelöscht : C:\Users\Peter\AppData\LocalLow\PriceGong Ordner Gelöscht : C:\Users\Peter\AppData\Roaming\Babylon Ordner Gelöscht : C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\tlvto6h5.default\ConduitCommon Ordner Gelöscht : C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\tlvto6h5.default\Extensions\firefoxdav@icloud.com Datei Gelöscht : C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\tlvto6h5.default\user.js ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitUninstaller_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitUninstaller_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT1561552 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_presto-web-fx_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_presto-web-fx_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{50F7F0BE-31BA-4145-BD8B-6B0DECFED804} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} Schlüssel Gelöscht : HKCU\Software\anchorfree Schlüssel Gelöscht : HKCU\Software\Microsoft\Babylon Schlüssel Gelöscht : HKCU\Software\Softonic Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Search Settings Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar Schlüssel Gelöscht : HKLM\Software\Babylon Schlüssel Gelöscht : HKLM\Software\Conduit ***** [ Browser ] ***** -\\ Internet Explorer v11.0.9600.17041 Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] -\\ Mozilla Firefox v29.0 (de) [ Datei : C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\tlvto6h5.default\prefs.js ] Zeile gelöscht : user_pref("CT3205366.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...] Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3205366/CT3205366", "\"f12d477e4f245c799057de9af9fe6f152\""); Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1626660/1619842/US", "\"0\""); Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3205366", "\"1333530257\""); Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "G9mW7heT/8xIX1frcduu0A=="); Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "2E1/v7EfCEDbv3VaBQMELg=="); Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "UgzXjW7BIkfdx+x39Ruv3w=="); Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "4BgM4MhF/sOgPsDNmIs3Yw=="); Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"8076e3ce381dcd1:0\""); Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13.0.6", "\"0e0a4327275cd1:0\""); Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3205366", "\"c912886ea3ba021d3a9ef2d6ad700899\""); Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"bff3ac31ad0752d7dc4e864dcf0aa474\""); Zeile gelöscht : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Peter\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\tlvto6h5.default\\conduitCommon\\modules\\3.13.0.6"); Zeile gelöscht : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.13.0.6"); Zeile gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p="); Zeile gelöscht : user_pref("CommunityToolbar.ToolbarsList", "ct1561552"); Zeile gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "ct1561552"); Zeile gelöscht : user_pref("CommunityToolbar.ToolbarsList4", "ct1561552"); Zeile gelöscht : user_pref("CommunityToolbar.globalUserId", "55d13a7f-4949-44fd-92bd-3e4be63b13c8"); Zeile gelöscht : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true); Zeile gelöscht : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true); Zeile gelöscht : user_pref("CommunityToolbar.keywordURLSelectedCTID", "ct1561552"); Zeile gelöscht : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Wed Aug 29 2012 14:25:01 GMT+0200"); Zeile gelöscht : user_pref("CommunityToolbar.notifications.alertEnabled", true); Zeile gelöscht : user_pref("CommunityToolbar.notifications.alertInfoInterval", 60); Zeile gelöscht : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com"); Zeile gelöscht : user_pref("CommunityToolbar.notifications.locale", "en"); Zeile gelöscht : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440); Zeile gelöscht : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Thu Aug 30 2012 14:55:11 GMT+0200"); Zeile gelöscht : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611"); Zeile gelöscht : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20); Zeile gelöscht : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com"); Zeile gelöscht : user_pref("CommunityToolbar.notifications.showTrayIcon", false); Zeile gelöscht : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300); Zeile gelöscht : user_pref("CommunityToolbar.notifications.userId", "5d4db1ee-aa43-455d-8bf4-f507812be6e1"); Zeile gelöscht : user_pref("CommunityToolbar.originalHomepage", "hxxp://www.haufe.de/personal/hr-management/"); Zeile gelöscht : user_pref("CommunityToolbar.originalSearchEngine", "Yahoo"); Zeile gelöscht : user_pref("CommunityToolbar.permanenceEngine", false); Zeile gelöscht : user_pref("ct1561552..clientLogIsEnabled", false); Zeile gelöscht : user_pref("ct1561552..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent"); Zeile gelöscht : user_pref("ct1561552..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation"); Zeile gelöscht : user_pref("ct1561552.ALLOW_SHOWING_HIDDEN_TOOLBAR", false); Zeile gelöscht : user_pref("ct1561552.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Zeile gelöscht : user_pref("ct1561552.BrowserCompStateIsOpen_129780038557793947", true); Zeile gelöscht : user_pref("ct1561552.BrowserCompStateIsOpen_1382961167613998992", true); Zeile gelöscht : user_pref("ct1561552.BrowserCompStateIsOpen_1564963227431608580", true); Zeile gelöscht : user_pref("ct1561552.BrowserCompStateIsOpen_4734731461415702547", true); Zeile gelöscht : user_pref("ct1561552.BrowserCompStateIsOpen_5152784160951809936", true); Zeile gelöscht : user_pref("ct1561552.BrowserCompStateIsOpen_9093662421650421648", true); Zeile gelöscht : user_pref("ct1561552.CT1561552.AppTrackingLastCheckTime", "Thu Aug 16 2012 16:03:13 GMT+0200"); Zeile gelöscht : user_pref("ct1561552.CT1561552.DialogsAlignMode", "LTR"); Zeile gelöscht : user_pref("ct1561552.CT1561552.GroupingInvalidateCache", false); Zeile gelöscht : user_pref("ct1561552.CT1561552.GroupingLastCheckTime", "0"); Zeile gelöscht : user_pref("ct1561552.CT1561552.GroupingLastServerUpdateTime", "0"); Zeile gelöscht : user_pref("ct1561552.CT1561552.InvalidateCache", false); Zeile gelöscht : user_pref("ct1561552.CT1561552.LanguagePackLastCheckTime", "Wed Aug 29 2012 14:24:58 GMT+0200"); Zeile gelöscht : user_pref("ct1561552.CT1561552.Locale", "en"); Zeile gelöscht : user_pref("ct1561552.CT1561552.RadioLastCheckTime", "0"); Zeile gelöscht : user_pref("ct1561552.CT1561552.RadioLastUpdateIPServer", "0"); Zeile gelöscht : user_pref("ct1561552.CT1561552.RadioLastUpdateServer", "0"); Zeile gelöscht : user_pref("ct1561552.CT1561552.SearchEngine", "Web%20Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT3205366&octid=EB_ORIGINAL_CTID&SearchSource=1"); Zeile gelöscht : user_pref("ct1561552.CT1561552.SearchInNewTabLastCheckTime", "Thu Aug 30 2012 14:55:11 GMT+0200"); Zeile gelöscht : user_pref("ct1561552.CT1561552.SettingsLastCheckTime", "Thu Aug 30 2012 10:05:13 GMT+0200"); Zeile gelöscht : user_pref("ct1561552.CT1561552.SettingsLastUpdate", "1346236828"); Zeile gelöscht : user_pref("ct1561552.CT1561552.ThirdPartyComponentsLastCheck", "Sat Aug 25 2012 13:25:39 GMT+0200"); Zeile gelöscht : user_pref("ct1561552.CT1561552.ThirdPartyComponentsLastUpdate", "1331805997"); Zeile gelöscht : user_pref("ct1561552.CT1561552.components.129780038559043949", false); Zeile gelöscht : user_pref("ct1561552.CT1561552.components.129780038559825200", false); Zeile gelöscht : user_pref("ct1561552.CT1561552.components.129780038562168958", false); Zeile gelöscht : user_pref("ct1561552.CT1561552.components.129780038562950209", false); Zeile gelöscht : user_pref("ct1561552.CT1561552.components.129780038564043965", false); Zeile gelöscht : user_pref("ct1561552.CT1561552.components.1382961167613998992", false); Zeile gelöscht : user_pref("ct1561552.CT1561552.components.4734731461415702547", false); Zeile gelöscht : user_pref("ct1561552.CT1561552.components.5152784160951809936", false); Zeile gelöscht : user_pref("ct1561552.CT1561552.components.9093662421650421648", false); Zeile gelöscht : user_pref("ct1561552.CT1561552.globalFirstTimeInfoLastCheckTime", "Fri Aug 24 2012 10:04:52 GMT+0200"); Zeile gelöscht : user_pref("ct1561552.CT1561552.toolbarAppMetaDataLastCheckTime", "Thu Aug 30 2012 14:55:12 GMT+0200"); Zeile gelöscht : user_pref("ct1561552.CT1561552.toolbarContextMenuLastCheckTime", "Tue Aug 21 2012 09:46:00 GMT+0200"); Zeile gelöscht : user_pref("ct1561552.CTID", "CT1561552"); Zeile gelöscht : user_pref("ct1561552.CommunitiesChangesLastCheckTime", "0"); Zeile gelöscht : user_pref("ct1561552.CurrentServerDate", "30-8-2012"); Zeile gelöscht : user_pref("ct1561552.DSInstall", false); Zeile gelöscht : user_pref("ct1561552.DialogsAlignMode", "LTR"); Zeile gelöscht : user_pref("ct1561552.DialogsGetterLastCheckTime", "Wed Aug 29 2012 14:24:58 GMT+0200"); Zeile gelöscht : user_pref("ct1561552.DownloadReferralCookieData", ""); Zeile gelöscht : user_pref("ct1561552.FirstServerDate", "15-6-2012"); Zeile gelöscht : user_pref("ct1561552.FirstTime", true); Zeile gelöscht : user_pref("ct1561552.FirstTimeFF3", true); Zeile gelöscht : user_pref("ct1561552.FirstTimeHiddenVer", true); Zeile gelöscht : user_pref("ct1561552.FixPageNotFoundErrors", false); Zeile gelöscht : user_pref("ct1561552.GroupingServerCheckInterval", 1440); Zeile gelöscht : user_pref("ct1561552.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Zeile gelöscht : user_pref("ct1561552.HPInstall", false); Zeile gelöscht : user_pref("ct1561552.HasUserGlobalKeys", true); Zeile gelöscht : user_pref("ct1561552.Initialize", true); Zeile gelöscht : user_pref("ct1561552.InitializeCommonPrefs", true); Zeile gelöscht : user_pref("ct1561552.InstallationAndCookieDataSentCount", 3); Zeile gelöscht : user_pref("ct1561552.InstallationType", "Unknown"); Zeile gelöscht : user_pref("ct1561552.InstalledDate", "Fri Jun 15 2012 10:02:53 GMT+0200"); Zeile gelöscht : user_pref("ct1561552.InvalidateCache", false); Zeile gelöscht : user_pref("ct1561552.IsAlertDBUpdated", true); Zeile gelöscht : user_pref("ct1561552.IsGrouping", false); Zeile gelöscht : user_pref("ct1561552.IsInitSetupIni", true); Zeile gelöscht : user_pref("ct1561552.IsMulticommunity", false); Zeile gelöscht : user_pref("ct1561552.IsOpenThankYouPage", false); Zeile gelöscht : user_pref("ct1561552.IsOpenUninstallPage", true); Zeile gelöscht : user_pref("ct1561552.LanguagePackLastCheckTime", "Fri Jun 15 2012 10:02:57 GMT+0200"); Zeile gelöscht : user_pref("ct1561552.LanguagePackReloadIntervalMM", 1440); Zeile gelöscht : user_pref("ct1561552.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx"); Zeile gelöscht : user_pref("ct1561552.LastLogin_3.13.0.6", "Thu Aug 30 2012 10:05:13 GMT+0200"); Zeile gelöscht : user_pref("ct1561552.LatestVersion", "3.13.0.6"); Zeile gelöscht : user_pref("ct1561552.Locale", "en"); Zeile gelöscht : user_pref("ct1561552.MCDetectTooltipHeight", "83"); Zeile gelöscht : user_pref("ct1561552.MCDetectTooltipShow", false); Zeile gelöscht : user_pref("ct1561552.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Zeile gelöscht : user_pref("ct1561552.MCDetectTooltipWidth", "295"); Zeile gelöscht : user_pref("ct1561552.MyStuffEnabledAtInstallation", true); Zeile gelöscht : user_pref("ct1561552.OriginalFirstVersion", "3.13.0.6"); Zeile gelöscht : user_pref("ct1561552.RadioIsPodcast", false); Zeile gelöscht : user_pref("ct1561552.RadioLastCheckTime", "Fri Jun 15 2012 10:02:57 GMT+0200"); Zeile gelöscht : user_pref("ct1561552.RadioLastUpdateIPServer", "0"); Zeile gelöscht : user_pref("ct1561552.RadioMediaID", "9962"); Zeile gelöscht : user_pref("ct1561552.RadioMediaType", "Media Player"); Zeile gelöscht : user_pref("ct1561552.RadioMenuSelectedID", "EBRadioMenu_ct15615529962"); Zeile gelöscht : user_pref("ct1561552.RadioShrinkedFromSetup", false); Zeile gelöscht : user_pref("ct1561552.RadioStationName", "California%20Rock"); Zeile gelöscht : user_pref("ct1561552.RadioStationURL", "hxxp://feedlive.net/california.asx"); Zeile gelöscht : user_pref("ct1561552.SHRINK_TOOLBAR", 1); Zeile gelöscht : user_pref("ct1561552.SearchBoxWidth", 150); Zeile gelöscht : user_pref("ct1561552.SearchCaption", "Hotspot Shield Customized Web Search"); Zeile gelöscht : user_pref("ct1561552.SearchFromAddressBarIsInit", true); Zeile gelöscht : user_pref("ct1561552.SearchInNewTabEnabled", true); Zeile gelöscht : user_pref("ct1561552.SearchInNewTabIntervalMM", 1440); Zeile gelöscht : user_pref("ct1561552.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID"); Zeile gelöscht : user_pref("ct1561552.SendProtectorDataViaLogin", true); Zeile gelöscht : user_pref("ct1561552.ServiceMapLastCheckTime", "Wed Aug 29 2012 14:24:58 GMT+0200"); Zeile gelöscht : user_pref("ct1561552.SettingsLastCheckTime", "Fri Jun 15 2012 10:02:50 GMT+0200"); Zeile gelöscht : user_pref("ct1561552.SettingsLastUpdate", "1339666861"); Zeile gelöscht : user_pref("ct1561552.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3205366&SearchSource=13"); Zeile gelöscht : user_pref("ct1561552.ThirdPartyComponentsInterval", 504); Zeile gelöscht : user_pref("ct1561552.ThirdPartyComponentsLastCheck", "Fri Jun 15 2012 10:02:50 GMT+0200"); Zeile gelöscht : user_pref("ct1561552.ThirdPartyComponentsLastUpdate", "1331805997"); Zeile gelöscht : user_pref("ct1561552.ToolbarShrinkedFromSetup", false); Zeile gelöscht : user_pref("ct1561552.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3205366"); Zeile gelöscht : user_pref("ct1561552.UserID", "UN14696151794157335"); Zeile gelöscht : user_pref("ct1561552.ValidationData_Search", 2); Zeile gelöscht : user_pref("ct1561552.ValidationData_Toolbar", 2); Zeile gelöscht : user_pref("ct1561552.alertChannelId", "1626660"); Zeile gelöscht : user_pref("ct1561552.approveUntrustedApps", false); Zeile gelöscht : user_pref("ct1561552.backendstorage.cbcountry_001", "5553"); Zeile gelöscht : user_pref("ct1561552.backendstorage.cbfirsttime", "467269204A756E20313520323031322031303A30333A303420474D542B30323030"); Zeile gelöscht : user_pref("ct1561552.backendstorage.gk_hsselite_notif_sent", "73656E74"); Zeile gelöscht : user_pref("ct1561552.backendstorage.installationdate0.2690270998198123", "31333339373437333831383236"); Zeile gelöscht : user_pref("ct1561552.backendstorage.printitgreenstatus", "74727565"); Zeile gelöscht : user_pref("ct1561552.backendstorage.shoppingapp.gk.exipres", "576564204A756E20323020323031322031303A30333A303120474D542B30323030"); Zeile gelöscht : user_pref("ct1561552.backendstorage.shoppingapp.gk.geolocation", "756E6974656420737461746573"); Zeile gelöscht : user_pref("ct1561552.backendstorage.toolbarappheartbeat", "7B22223A313333393734373338313831397D"); Zeile gelöscht : user_pref("ct1561552.backendstorage.toolbarnotificationheartbeat", "7B2274797065223A22686561727462656174222C2274696D65223A313333393734373434303031372C2275726C223A22687474703A2F2F727373327365617263682E[...] Zeile gelöscht : user_pref("ct1561552.backendstorage.toolbarnotificationqueue", "5B5D"); Zeile gelöscht : user_pref("ct1561552.backendstorage.toolbarnotificationsettings", "7B2273656E644E6F74696669636174696F6E73223A7B22616C6C223A747275652C2261707073223A7B22302E32363930323730393938313938313233223A7B2273686[...] Zeile gelöscht : user_pref("ct1561552.backendstorage.toolbarnotificationuserid", "3339393539333331343435"); Zeile gelöscht : user_pref("ct1561552.backendstorage.twitter_v1.8.0_twitter_app_open_t_f", "66616C7365"); Zeile gelöscht : user_pref("ct1561552.backendstorage.url_history0001", "68747470733A2F2F7777772E676F6F676C652E636F6D3A3A3A636C69636B68616E646C65723A3A3A313333393735343734313739302C2C2C68747470733A2F2F7777772E676F6F676[...] Zeile gelöscht : user_pref("ct1561552.components.1000080", true); Zeile gelöscht : user_pref("ct1561552.components.1000082", false); Zeile gelöscht : user_pref("ct1561552.components.129780038561387703", false); Zeile gelöscht : user_pref("ct1561552.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...] Zeile gelöscht : user_pref("ct1561552.globalFirstTimeInfoLastCheckTime", "Fri Jun 15 2012 10:02:53 GMT+0200"); Zeile gelöscht : user_pref("ct1561552.homepageProtectorEnableByLogin", true); Zeile gelöscht : user_pref("ct1561552.initDone", true); Zeile gelöscht : user_pref("ct1561552.isAppTrackingManagerOn", false); Zeile gelöscht : user_pref("ct1561552.isFirstRadioInstallation", false); Zeile gelöscht : user_pref("ct1561552.myStuffEnabled", true); Zeile gelöscht : user_pref("ct1561552.myStuffPublihserMinWidth", 400); Zeile gelöscht : user_pref("ct1561552.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"); Zeile gelöscht : user_pref("ct1561552.myStuffServiceIntervalMM", 1440); Zeile gelöscht : user_pref("ct1561552.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT"); Zeile gelöscht : user_pref("ct1561552.navigateToUrlOnSearch", false); Zeile gelöscht : user_pref("ct1561552.oldAppsList", "129780038556075195,129780038557793946,111,129780038557793947,129780038558575198,129780038559043949,129780038559825200,129780038560293951,1000082,129780038561387703,[...] Zeile gelöscht : user_pref("ct1561552.revertSettingsEnabled", true); Zeile gelöscht : user_pref("ct1561552.searchProtectorDialogDelayInSec", 10); Zeile gelöscht : user_pref("ct1561552.searchProtectorEnableByLogin", true); Zeile gelöscht : user_pref("ct1561552.testingCtid", "CT3205366"); Zeile gelöscht : user_pref("ct1561552.toolbarAppMetaDataLastCheckTime", "Fri Jun 15 2012 10:02:53 GMT+0200"); Zeile gelöscht : user_pref("ct1561552.toolbarContextMenuLastCheckTime", "Fri Jun 15 2012 10:02:58 GMT+0200"); Zeile gelöscht : user_pref("ct1561552.usagesFlag", 2); -\\ Google Chrome v34.0.1847.131 [ Datei : C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [23290 octets] - [09/05/2014 12:57:41] AdwCleaner[S0].txt - [22764 octets] - [09/05/2014 13:13:45] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [22825 octets] ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.4 (04.06.2014:1) OS: Windows 7 Home Premium x64 Ran by Peter on 09.05.2014 at 13:31:31,16 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess" ~~~ FireFox Successfully deleted: [File] C:\user.js Successfully deleted the following from C:\Users\Peter\AppData\Roaming\mozilla\firefox\profiles\tlvto6h5.default\prefs.js user_pref("google.toolbar.button_option.cached.gtbSearchBlogs", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\" id=\"gtbSearchBlogs\" t user_pref("google.toolbar.button_option.cached.gtbSearchPhotos", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\" id=\"gtbSearchPhotos\" user_pref("google.toolbar.button_option.cached.gtbSearchScholar", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\" id=\"gtbSearchScholar user_pref("google.toolbar.button_option.cached.gtbstoolbar-google-com_CTK0Y7F4MTG6NKYH03WT-xml", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.o user_pref("google.toolbar.button_option.cached.gtbstoolbar-google-com_J66T77NJDBMW4FEUU7FA-xml", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.o user_pref("google.toolbar.search-icon", "data:image/x-icon;base64,AAABAAEAEBAAAAEAIABoBAAAFgAAACgAAAAQAAAAIAAAAAEAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7PT7/3zF6/9Ptu//RbHx/ Emptied folder: C:\Users\Peter\AppData\Roaming\mozilla\firefox\profiles\tlvto6h5.default\minidumps [172 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 09.05.2014 at 13:43:29,90 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-05-2014 01 Ran by Peter (administrator) on BÜRO-PC-LEONOVO on 09-05-2014 13:46:51 Running from C:\Users\Peter\Downloads Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe (Bury GmbH & Co. KG) C:\Program Files (x86)\BURY Time Suite\BuryLoggerSyncService.exe () C:\Users\Peter\AppData\LocalLow\ColorZillaStats\IE\ColorZillaStatsUpdater.exe (Firebird Project) C:\Program Files (x86)\FirebirdSQL\bin\fbguard.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe (Lenovo) C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe (Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe (The Eraser Project) C:\Program Files\Eraser\Eraser.exe () C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Audible, Inc.) C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Lenovo) C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe (Vimicro) C:\Program Files (x86)\USB Camera\VM331_STI.EXE (Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe (Panasonic Corporation) C:\Program Files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Dropbox, Inc.) C:\Users\Peter\AppData\Roaming\Dropbox\bin\Dropbox.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (WDC) C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe (Western Digital ) C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Western Digital ) C:\Program Files\Western Digital\WD SmartWare\WDFME.exe (CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Firebird Project) C:\Program Files (x86)\FirebirdSQL\bin\fbserver.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe (Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [NvCplDaemon] => C:\windows\system32\NvCpl.dll [17412200 2010-04-07] (NVIDIA Corporation) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10151968 2010-04-20] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [908320 2010-04-20] (Realtek Semiconductor) HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [345896 2010-04-05] (Alps Electric Co., Ltd.) HKLM\...\Run: [OnekeyStudio] => C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe [776608 2009-12-19] (Lenovo) HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\utility.exe [4462496 2010-04-21] (Lenovo(beijing) Limited) HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [7069088 2010-04-21] (Lenovo (Beijing) Limited) HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2328944 2011-01-07] (Microsoft Corporation) HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [980368 2010-11-04] (The Eraser Project) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation) HKLM-x32\...\Run: [MuteSync] => C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe [336384 2009-12-28] (Lenovo) HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331_STI.EXE [536576 2010-01-15] (Vimicro) HKLM-x32\...\Run: [UCam_Menu] => c:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.) HKLM-x32\...\Run: [YouCam Mirror Tray icon] => c:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [171104 2010-03-03] (CyberLink Corp.) HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [218408 2008-12-04] (CyberLink Corp.) HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [288088 2009-11-11] (Microsoft Corporation) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-04-22] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.) Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKU\.DEFAULT\...\RunOnce: [WLStart] - C:\Program Files (x86)\Windows Live\Installer\wlstart.exe [786760 2009-07-26] (Microsoft Corporation) HKU\S-1-5-21-4044840459-2837241131-3378573868-1000\...\Run: [FactoryTest] => C:\Windows\Test.bat HKU\S-1-5-21-4044840459-2837241131-3378573868-1000\...\Run: [Power2GoExpress] => C:\Program Files (x86)\Lenovo\Power2Go\Power2GoExpress.exe [2532648 2009-07-13] (Cyberlink) HKU\S-1-5-21-4044840459-2837241131-3378573868-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.) HKU\S-1-5-21-4044840459-2837241131-3378573868-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.) HKU\S-1-5-21-4044840459-2837241131-3378573868-1001\...\Run: [CyberGhost] => C:\Program Files\CyberGhost 5\CyberGhost.EXE [404080 2014-04-29] (CyberGhost S.R.L.) HKU\S-1-5-21-4044840459-2837241131-3378573868-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [95848 2010-04-07] (NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [89704 2010-04-07] (NVIDIA Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk ShortcutTarget: Audible Download Manager.lnk -> C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HD Writer.lnk ShortcutTarget: HD Writer.lnk -> C:\Program Files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe (Panasonic Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WD Quick View.lnk ShortcutTarget: WD Quick View.lnk -> C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe (Western Digital Technologies, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\XiButler.lnk ShortcutTarget: XiButler.lnk -> C:\Program Files (x86)\XiButler24\XING 01.exe (Microsoft) Startup: C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Peter\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKCU - {657BEA9F-0CB4-4440-8D16-6DFC3A68476E} URL = hxxp://www.google.de/search?q={searchTerms} SearchScopes: HKCU - {95C90569-DAEF-4CC2-8C6E-788FB154F6B4} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms} BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO-x32: ColorZillaStats - {59F7FE53-2860-44B1-968A-E54E3E949A07} - C:\Users\Peter\AppData\LocalLow\ColorZillaStats\IE\ColorZillaStats.dll (Alex Sirota) BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) Toolbar: HKLM-x32 - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 217.0.43.177 FireFox: ======== FF ProfilePath: C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\tlvto6h5.default FF DefaultSearchEngine: Google Deutschland FF SelectedSearchEngine: Google Deutschland FF Homepage: hxxp://www.****.de/coaching/unternehmer-coaching/leitfragen/ FF NetworkProxy: "type", 4 FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll () FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll (Adobe Systems, Inc.) FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Peter\AppData\Local\Citrix\Plugins\94\npappdetector.dll (Citrix Online) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF SearchPlugin: C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\tlvto6h5.default\searchplugins\google-deutschland.xml FF SearchPlugin: C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\tlvto6h5.default\searchplugins\s-amazon-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: ProxTube - Unblock YouTube - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\tlvto6h5.default\Extensions\ich@maltegoetz.de [2013-12-13] FF Extension: ColorZillaStats - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\tlvto6h5.default\Extensions\stats@colorzilla.com [2012-07-12] FF Extension: Google Toolbar for Firefox - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\tlvto6h5.default\Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2011-03-05] FF Extension: Page Zoom Button - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\tlvto6h5.default\Extensions\54c7d9671b9eccd9e5686a73df34ab60@button.codefisher.org.xpi [2011-05-02] FF Extension: anonymoX - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\tlvto6h5.default\Extensions\client@anonymox.net.xpi [2013-02-28] FF Extension: SEO Status PageRank/Alexa Toolbar - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\tlvto6h5.default\Extensions\seostatus@rubyweb.xpi [2011-12-15] FF Extension: NoScript - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\tlvto6h5.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-04-17] FF Extension: Easy Youtube Video Downloader Express - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\tlvto6h5.default\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2013-11-28] FF Extension: Address Bar Search - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\tlvto6h5.default\Extensions\{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9}.xpi [2013-10-28] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-05-07] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-05-07] FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-02-02] FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-02-02] Chrome: ======= CHR HomePage: CHR Extension: (Google Docs) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-08] CHR Extension: (Google Drive) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-08] CHR Extension: (YouTube) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-08] CHR Extension: (ColorZillaStats) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgfambohdeocadlemmdceabhlgccijal [2014-05-08] CHR Extension: (Google-Suche) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-08] CHR Extension: (Google Wallet) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-08] CHR Extension: (Google Mail) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-08] CHR HKLM-x32\...\Chrome\Extension: [cgfambohdeocadlemmdceabhlgccijal] - C:\Users\Peter\AppData\LocalLow\ColorZillaStats\CHROME\ColorZillaStats.crx [2012-06-18] ==================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-04-22] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-04-22] (Avira Operations GmbH & Co. KG) R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [907040 2010-05-10] (Broadcom Corporation.) R2 BuryLoggerSyncService; C:\Program Files (x86)\BURY Time Suite\BuryLoggerSyncService.exe [107520 2011-03-08] (Bury GmbH & Co. KG) R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64624 2014-04-29] (CyberGhost S.R.L) R2 ColorZillaStatsUpdater; C:\Users\Peter\AppData\LocalLow\ColorZillaStats\IE\ColorZillaStatsUpdater.exe [18432 2012-06-18] () R2 FirebirdGuardianBURYTIMESUITE; C:\Program Files (x86)\FirebirdSQL\bin\fbguard.exe [81920 2010-04-19] (Firebird Project) R3 FirebirdServerBURYTIMESUITE; C:\Program Files (x86)\FirebirdSQL\bin\fbserver.exe [2723840 2010-04-19] (Firebird Project) S3 IGRS; C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe [38152 2009-07-14] (Lenovo Group Limited) S3 Lenovo ReadyComm AppSvc; C:\Program Files\Lenovo\ReadyComm\AppSvc.exe [509192 2009-08-14] (Lenovo Group Limited) S3 Lenovo ReadyComm ConnSvc; C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe [579400 2009-09-22] (Lenovo Group Limited) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation) S2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57820696 2008-07-11] (Microsoft Corporation) S3 PS_MDP; C:\Program Files (x86)\Lenovo\ReadyComm\PS_MDP.dll [276296 2009-07-16] (Lenovo Group Limited) S2 ReadyComm.DirectRouter; C:\Program Files (x86)\Lenovo\ReadyComm\common\router.dll [103688 2009-07-14] (Lenovo Group Limited) R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.) S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.) S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [430616 2008-07-11] (Microsoft Corporation) R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe [317328 2011-08-01] (WDC) R2 WDFMEService; C:\Program Files\Western Digital\WD SmartWare\WDFME.exe [1978256 2011-08-01] (Western Digital ) R2 WDRulesService; C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe [1338256 2011-08-01] (Western Digital ) ==================== Drivers (Whitelisted) ==================== U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-04-22] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-04-22] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-04-22] (Avira Operations GmbH & Co. KG) S3 Bridge0; C:\Windows\System32\drivers\WDBridge.sys [79376 2009-07-16] (Lenovo) R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation) R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [119512 2014-05-09] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation) S3 pwdrvio; C:\windows\system32\pwdrvio.sys [19936 2011-05-06] () S3 pwdspio; C:\windows\system32\pwdspio.sys [13280 2011-05-06] () S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-01-20] (Anchorfree Inc.) R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [215040 2010-02-24] (Vimicro Corporation) R3 wdmirror; C:\Windows\System32\DRIVERS\WDMirror.sys [11280 2009-07-16] (Lenovo) U3 BcmSqlStartupSvc; S3 catchme; \??\C:\ComboFix\catchme.sys [X] U2 IviRegMgr; U2 RichVideo; S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X] S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-09 13:46 - 2014-05-09 13:46 - 00000000 ____D () C:\Users\Peter\Downloads\FRST-OlderVersion 2014-05-09 13:43 - 2014-05-09 13:43 - 00002056 _____ () C:\Users\Peter\Desktop\JRT.txt 2014-05-09 13:31 - 2014-05-09 13:31 - 00000000 ____D () C:\windows\ERUNT 2014-05-09 13:27 - 2014-05-09 13:27 - 01016261 _____ (Thisisu) C:\Users\Peter\Downloads\JRT.exe 2014-05-09 12:58 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\SysWOW64\sqlite3.dll 2014-05-09 12:57 - 2014-05-09 13:14 - 00000000 ____D () C:\AdwCleaner 2014-05-09 12:57 - 2014-05-09 12:57 - 01316991 _____ () C:\Users\Peter\Downloads\adwcleaner.exe 2014-05-09 11:41 - 2014-05-09 13:23 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-09 11:41 - 2014-05-09 11:41 - 00001066 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-05-09 11:41 - 2014-05-09 11:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-05-09 11:41 - 2014-05-09 11:41 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-09 11:41 - 2014-05-09 11:41 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-05-09 11:41 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys 2014-05-09 11:41 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys 2014-05-09 11:41 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys 2014-05-09 11:37 - 2014-05-09 11:37 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Peter\Downloads\mbam-setup-2.0.1.1004.exe 2014-05-09 10:27 - 2014-05-09 10:42 - 634931984 _____ (Avira GmbH) C:\Users\Peter\Downloads\rescue-system.exe 2014-05-08 16:52 - 2014-05-08 16:52 - 00002211 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-05-08 16:52 - 2014-05-08 16:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-05-08 16:11 - 2014-05-08 16:11 - 00000000 ____D () C:\windows\SysWOW64\Adobe 2014-05-08 12:59 - 2014-05-08 12:59 - 00028237 _____ () C:\ComboFix.txt 2014-05-08 12:20 - 2011-06-26 08:45 - 00256000 _____ () C:\windows\PEV.exe 2014-05-08 12:20 - 2010-11-07 19:20 - 00208896 _____ () C:\windows\MBR.exe 2014-05-08 12:20 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe 2014-05-08 12:20 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe 2014-05-08 12:20 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe 2014-05-08 12:20 - 2000-08-31 02:00 - 00098816 _____ () C:\windows\sed.exe 2014-05-08 12:20 - 2000-08-31 02:00 - 00080412 _____ () C:\windows\grep.exe 2014-05-08 12:20 - 2000-08-31 02:00 - 00068096 _____ () C:\windows\zip.exe 2014-05-08 12:19 - 2014-05-09 12:38 - 00000000 ____D () C:\windows\erdnt 2014-05-08 12:19 - 2014-05-08 12:59 - 00000000 ____D () C:\Qoobox 2014-05-08 12:16 - 2014-05-08 12:16 - 05200039 ____R (Swearware) C:\Users\Peter\Desktop\ComboFix.exe 2014-05-08 11:44 - 2014-05-08 11:44 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Peter\Downloads\revosetup95.exe 2014-05-08 11:44 - 2014-05-08 11:44 - 00001268 _____ () C:\Users\Peter\Desktop\Revo Uninstaller.lnk 2014-05-08 11:44 - 2014-05-08 11:44 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-05-08 07:21 - 2014-05-08 07:21 - 00000000 ___SD () C:\windows\system32\CompatTel 2014-05-07 16:46 - 2014-05-07 17:15 - 00046580 _____ () C:\Users\Peter\Downloads\Addition.txt 2014-05-07 16:39 - 2014-05-07 16:39 - 00380416 _____ () C:\Users\Peter\Downloads\Gmer-19357.exe 2014-05-07 16:29 - 2014-05-09 13:46 - 00027826 _____ () C:\Users\Peter\Downloads\FRST.txt 2014-05-07 16:28 - 2014-05-09 13:46 - 00000000 ____D () C:\FRST 2014-05-07 16:27 - 2014-05-09 13:46 - 02064384 _____ (Farbar) C:\Users\Peter\Downloads\FRST64.exe 2014-05-07 16:25 - 2014-05-07 16:25 - 00000472 _____ () C:\Users\Peter\Downloads\defogger_disable.log 2014-05-07 16:25 - 2014-05-07 16:25 - 00000000 _____ () C:\Users\Peter\defogger_reenable 2014-05-07 16:22 - 2014-05-07 16:22 - 00050477 _____ () C:\Users\Peter\Downloads\Defogger.exe 2014-05-07 15:23 - 2014-05-07 15:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-05-07 11:33 - 2014-05-07 11:25 - 02209056 _____ () C:\Users\Peter\Downloads\avira-eu-cleaner_de.exe 2014-05-07 11:32 - 2014-05-07 11:33 - 00001991 _____ () C:\Users\Peter\Desktop\Entfernen des Avira EU-Cleaners.lnk 2014-05-07 11:32 - 2014-05-07 11:33 - 00001935 _____ () C:\Users\Peter\Desktop\Avira EU-Cleaner.lnk 2014-05-07 10:13 - 2014-04-14 04:24 - 00465408 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll 2014-05-07 10:13 - 2014-04-14 04:19 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll 2014-05-05 08:38 - 2014-04-29 16:01 - 23547904 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2014-05-05 08:38 - 2014-04-29 15:40 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2014-05-05 08:38 - 2014-04-29 14:48 - 17384448 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2014-05-05 08:38 - 2014-04-29 14:34 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb 2014-04-30 09:28 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll 2014-04-30 09:28 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2014-04-30 09:28 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll 2014-04-30 09:28 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll 2014-04-30 09:28 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2014-04-30 09:28 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2014-04-30 09:28 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2014-04-30 09:28 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2014-04-30 09:28 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe 2014-04-30 09:28 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe 2014-04-30 09:28 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll 2014-04-30 09:28 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe 2014-04-30 09:28 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2014-04-30 09:28 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll 2014-04-30 09:28 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2014-04-30 09:28 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll 2014-04-30 09:28 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll 2014-04-30 09:28 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll 2014-04-30 09:28 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll 2014-04-30 09:28 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll 2014-04-30 09:28 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll 2014-04-30 09:28 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2014-04-30 09:28 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll 2014-04-30 09:28 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll 2014-04-30 09:28 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll 2014-04-30 09:28 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll 2014-04-30 09:28 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe 2014-04-30 09:28 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll 2014-04-30 09:28 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll 2014-04-30 09:28 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2014-04-30 09:28 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-04-30 09:28 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2014-04-30 09:28 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll 2014-04-30 09:28 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll 2014-04-30 09:28 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2014-04-30 09:28 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2014-04-30 09:28 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl 2014-04-30 09:28 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2014-04-30 09:28 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2014-04-30 09:28 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2014-04-30 09:28 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll 2014-04-30 09:28 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll 2014-04-30 09:28 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2014-04-30 09:28 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2014-04-28 18:50 - 2014-04-28 18:50 - 00000880 _____ () C:\Users\Peter\AppData\Local\recently-used.xbel 2014-04-22 09:41 - 2014-04-22 09:40 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys 2014-04-22 09:41 - 2014-04-22 09:40 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys 2014-04-22 09:41 - 2014-04-22 09:40 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys 2014-04-22 09:41 - 2014-04-22 09:40 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avkmgr.sys 2014-04-21 11:17 - 2014-04-21 11:17 - 00000000 ____D () C:\windows\System32\Tasks\Safer-Networking 2014-04-21 11:16 - 2014-04-23 19:28 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-04-21 11:16 - 2014-04-21 11:17 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2 2014-04-21 11:16 - 2014-04-21 11:16 - 00001395 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk 2014-04-21 11:16 - 2014-04-21 11:16 - 00001383 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk 2014-04-21 11:16 - 2014-04-21 11:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 2014-04-21 11:16 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\windows\system32\sdnclean64.exe 2014-04-21 11:13 - 2014-04-21 11:14 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\Peter\Downloads\spybot-2.2.25.exe 2014-04-18 16:23 - 2014-04-18 16:23 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Avira 2014-04-18 15:49 - 2014-04-18 15:49 - 00002070 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk 2014-04-18 15:49 - 2014-04-18 15:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-04-18 15:49 - 2014-04-18 15:49 - 00000000 ____D () C:\ProgramData\Avira 2014-04-18 15:49 - 2014-04-18 15:49 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-04-18 11:28 - 2014-04-18 11:27 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe 2014-04-18 11:27 - 2014-04-18 11:27 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe 2014-04-18 11:27 - 2014-04-18 11:27 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe 2014-04-18 11:27 - 2014-04-18 11:27 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll 2014-04-17 12:05 - 2014-04-17 12:36 - 00000000 ____D () C:\Users\Peter\AppData\Local\CyberGhost 2014-04-17 12:03 - 2014-05-01 12:27 - 00000000 ____D () C:\Program Files\CyberGhost 5 2014-04-17 12:03 - 2014-04-17 12:04 - 00000000 ____D () C:\Program Files\TAP-Windows 2014-04-17 12:03 - 2014-04-17 12:03 - 00001728 _____ () C:\Users\Peter\Desktop\CyberGhost 5.lnk 2014-04-17 12:03 - 2014-04-17 12:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost 5 2014-04-17 11:59 - 2014-04-17 11:59 - 08566128 _____ (CyberGhost S.R.L. ) C:\Users\Peter\Downloads\CG_5.0.9.8chip.de.exe 2014-04-16 19:47 - 2014-04-16 19:48 - 00004253 _____ () C:\windows\SysWOW64\jupdate-1.7.0_55-b13.log 2014-04-16 16:59 - 2014-04-16 16:59 - 00001337 _____ () C:\Users\Public\Desktop\NAVIGON Fresh.lnk 2014-04-16 16:59 - 2014-04-16 16:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NAVIGON 2014-04-16 16:49 - 2014-04-16 16:50 - 24186616 _____ (GARMIN Würzburg GmbH) C:\Users\Peter\Downloads\NAVIGON_Fresh_setup.exe 2014-04-16 16:41 - 2014-04-16 16:41 - 14459337 _____ () C:\Users\Peter\Downloads\N70Update_ForMacUser_v203.zip 2014-04-16 15:04 - 2014-04-16 15:04 - 00000000 ____D () C:\Program Files (x86)\NAVIGON 2014-04-10 09:15 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll 2014-04-10 09:15 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll 2014-04-10 09:15 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll 2014-04-10 09:15 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll 2014-04-10 09:15 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll 2014-04-10 09:15 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll 2014-04-10 09:15 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll 2014-04-10 09:15 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe 2014-04-10 09:15 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll 2014-04-10 09:15 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe 2014-04-10 09:15 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe 2014-04-10 09:15 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msiscsi.sys 2014-04-10 09:15 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\windows\system32\Drivers\storport.sys 2014-04-10 09:15 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Diskdump.sys 2014-04-10 09:15 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\iologmsg.dll 2014-04-10 09:15 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\iologmsg.dll 2014-04-10 09:15 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys ==================== One Month Modified Files and Folders ======= 2014-05-09 13:47 - 2014-05-07 16:29 - 00027826 _____ () C:\Users\Peter\Downloads\FRST.txt 2014-05-09 13:46 - 2014-05-09 13:46 - 00000000 ____D () C:\Users\Peter\Downloads\FRST-OlderVersion 2014-05-09 13:46 - 2014-05-07 16:28 - 00000000 ____D () C:\FRST 2014-05-09 13:46 - 2014-05-07 16:27 - 02064384 _____ (Farbar) C:\Users\Peter\Downloads\FRST64.exe 2014-05-09 13:43 - 2014-05-09 13:43 - 00002056 _____ () C:\Users\Peter\Desktop\JRT.txt 2014-05-09 13:31 - 2014-05-09 13:31 - 00000000 ____D () C:\windows\ERUNT 2014-05-09 13:29 - 2009-07-14 06:45 - 00013632 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-05-09 13:29 - 2009-07-14 06:45 - 00013632 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-05-09 13:27 - 2014-05-09 13:27 - 01016261 _____ (Thisisu) C:\Users\Peter\Downloads\JRT.exe 2014-05-09 13:27 - 2012-06-15 11:04 - 00001108 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-05-09 13:27 - 2010-08-27 11:53 - 01074545 _____ () C:\windows\WindowsUpdate.log 2014-05-09 13:23 - 2014-05-09 11:41 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-09 13:18 - 2013-10-17 17:06 - 00000000 ___RD () C:\Users\Peter\Dropbox 2014-05-09 13:18 - 2013-10-17 17:03 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Dropbox 2014-05-09 13:16 - 2012-06-15 11:04 - 00001104 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-05-09 13:15 - 2012-10-24 16:35 - 00036108 _____ () C:\windows\setupact.log 2014-05-09 13:15 - 2012-10-24 16:34 - 00362690 _____ () C:\windows\PFRO.log 2014-05-09 13:15 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2014-05-09 13:14 - 2014-05-09 12:57 - 00000000 ____D () C:\AdwCleaner 2014-05-09 13:08 - 2012-04-10 14:26 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job 2014-05-09 12:57 - 2014-05-09 12:57 - 01316991 _____ () C:\Users\Peter\Downloads\adwcleaner.exe 2014-05-09 12:38 - 2014-05-08 12:19 - 00000000 ____D () C:\windows\erdnt 2014-05-09 11:41 - 2014-05-09 11:41 - 00001066 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-05-09 11:41 - 2014-05-09 11:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-05-09 11:41 - 2014-05-09 11:41 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-09 11:41 - 2014-05-09 11:41 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-05-09 11:37 - 2014-05-09 11:37 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Peter\Downloads\mbam-setup-2.0.1.1004.exe 2014-05-09 10:42 - 2014-05-09 10:27 - 634931984 _____ (Avira GmbH) C:\Users\Peter\Downloads\rescue-system.exe 2014-05-08 16:52 - 2014-05-08 16:52 - 00002211 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-05-08 16:52 - 2014-05-08 16:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-05-08 16:52 - 2012-06-15 11:04 - 00000000 ____D () C:\Program Files (x86)\Google 2014-05-08 16:52 - 2011-03-05 21:39 - 00000000 ____D () C:\Users\Peter\AppData\Local\Google 2014-05-08 16:11 - 2014-05-08 16:11 - 00000000 ____D () C:\windows\SysWOW64\Adobe 2014-05-08 14:09 - 2010-08-27 19:35 - 00764994 _____ () C:\windows\system32\perfh007.dat 2014-05-08 14:09 - 2010-08-27 19:35 - 00174192 _____ () C:\windows\system32\perfc007.dat 2014-05-08 14:09 - 2009-07-14 07:13 - 01803954 _____ () C:\windows\system32\PerfStringBackup.INI 2014-05-08 13:59 - 2011-05-11 09:15 - 00000000 ____D () C:\Users\Peter\Documents\Eigene Scans 2014-05-08 12:59 - 2014-05-08 12:59 - 00028237 _____ () C:\ComboFix.txt 2014-05-08 12:59 - 2014-05-08 12:19 - 00000000 ____D () C:\Qoobox 2014-05-08 12:59 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default 2014-05-08 12:51 - 2009-07-14 04:34 - 00000215 _____ () C:\windows\system.ini 2014-05-08 12:45 - 2012-04-27 21:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-05-08 12:32 - 2011-03-04 14:47 - 00000000 ____D () C:\Users\Peter 2014-05-08 12:16 - 2014-05-08 12:16 - 05200039 ____R (Swearware) C:\Users\Peter\Desktop\ComboFix.exe 2014-05-08 12:10 - 2012-03-18 13:52 - 00000000 ____D () C:\Program Files (x86)\TomTom International B.V 2014-05-08 12:08 - 2011-03-04 15:46 - 00000000 ____D () C:\Program Files (x86)\PDF Editor 3 2014-05-08 12:06 - 2012-03-18 13:52 - 00000000 ____D () C:\Users\Peter\AppData\Local\TomTom 2014-05-08 12:03 - 2014-02-25 12:09 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\DVDVideoSoft 2014-05-08 11:44 - 2014-05-08 11:44 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Peter\Downloads\revosetup95.exe 2014-05-08 11:44 - 2014-05-08 11:44 - 00001268 _____ () C:\Users\Peter\Desktop\Revo Uninstaller.lnk 2014-05-08 11:44 - 2014-05-08 11:44 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-05-08 11:22 - 2011-08-30 13:13 - 00000000 ____D () C:\XingCommunityBoy 2014-05-08 07:22 - 2012-06-15 11:04 - 00004104 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-05-08 07:22 - 2012-06-15 11:04 - 00003852 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-05-08 07:21 - 2014-05-08 07:21 - 00000000 ___SD () C:\windows\system32\CompatTel 2014-05-07 17:15 - 2014-05-07 16:46 - 00046580 _____ () C:\Users\Peter\Downloads\Addition.txt 2014-05-07 16:39 - 2014-05-07 16:39 - 00380416 _____ () C:\Users\Peter\Downloads\Gmer-19357.exe 2014-05-07 16:36 - 2011-03-05 16:08 - 00000000 ____D () C:\Users\Peter\Documents\Allgemein 2014-05-07 16:25 - 2014-05-07 16:25 - 00000472 _____ () C:\Users\Peter\Downloads\defogger_disable.log 2014-05-07 16:25 - 2014-05-07 16:25 - 00000000 _____ () C:\Users\Peter\defogger_reenable 2014-05-07 16:22 - 2014-05-07 16:22 - 00050477 _____ () C:\Users\Peter\Downloads\Defogger.exe 2014-05-07 15:23 - 2014-05-07 15:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-05-07 11:33 - 2014-05-07 11:32 - 00001991 _____ () C:\Users\Peter\Desktop\Entfernen des Avira EU-Cleaners.lnk 2014-05-07 11:33 - 2014-05-07 11:32 - 00001935 _____ () C:\Users\Peter\Desktop\Avira EU-Cleaner.lnk 2014-05-07 11:25 - 2014-05-07 11:33 - 02209056 _____ () C:\Users\Peter\Downloads\avira-eu-cleaner_de.exe 2014-05-05 21:11 - 2011-03-29 09:06 - 00000000 ____D () C:\Users\Peter\.freemind 2014-05-05 09:38 - 2012-09-06 11:40 - 00000000 ____D () C:\Users\Peter\Documents\**** 2014-05-02 12:19 - 2011-03-05 16:10 - 00000000 ____D () C:\Users\Peter\Documents\Kunden 2014-05-01 16:29 - 2012-08-25 11:41 - 00012946 _____ () C:\Users\Peter\Documents\Rollierende Projektliste.xlsx 2014-05-01 16:28 - 2011-03-05 16:10 - 00000000 ____D () C:\Users\Peter\Documents\Steuern 2014-05-01 14:09 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\rescache 2014-05-01 12:27 - 2014-04-17 12:03 - 00000000 ____D () C:\Program Files\CyberGhost 5 2014-04-30 18:02 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\PolicyDefinitions 2014-04-29 16:01 - 2014-05-05 08:38 - 23547904 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2014-04-29 15:40 - 2014-05-05 08:38 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2014-04-29 14:48 - 2014-05-05 08:38 - 17384448 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2014-04-29 14:34 - 2014-05-05 08:38 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb 2014-04-29 10:02 - 2013-10-17 17:06 - 00000979 _____ () C:\Users\Peter\Desktop\Dropbox.lnk 2014-04-29 10:02 - 2013-10-17 17:04 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-04-29 10:02 - 2011-03-04 14:48 - 00000000 ___RD () C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-04-29 09:26 - 2012-04-10 14:26 - 00692400 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe 2014-04-29 09:26 - 2012-04-10 14:26 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater 2014-04-29 09:26 - 2011-05-17 09:45 - 00070832 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-04-28 18:50 - 2014-04-28 18:50 - 00000880 _____ () C:\Users\Peter\AppData\Local\recently-used.xbel 2014-04-28 18:50 - 2013-09-20 16:04 - 00000000 ____D () C:\Users\Peter\AppData\Local\gtk-2.0 2014-04-28 18:50 - 2013-09-20 16:00 - 00000000 ____D () C:\Users\Peter\.gimp-2.8 2014-04-28 16:48 - 2012-03-05 12:00 - 00000000 ____D () C:\Users\Peter\Documents\Selbstmanagement 2014-04-23 19:28 - 2014-04-21 11:16 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-04-23 19:25 - 2011-03-04 20:36 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\vlc 2014-04-23 19:00 - 2011-03-09 19:02 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\dvdcss 2014-04-22 09:40 - 2014-04-22 09:41 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys 2014-04-22 09:40 - 2014-04-22 09:41 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys 2014-04-22 09:40 - 2014-04-22 09:41 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys 2014-04-22 09:40 - 2014-04-22 09:41 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avkmgr.sys 2014-04-21 11:17 - 2014-04-21 11:17 - 00000000 ____D () C:\windows\System32\Tasks\Safer-Networking 2014-04-21 11:17 - 2014-04-21 11:16 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2 2014-04-21 11:16 - 2014-04-21 11:16 - 00001395 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk 2014-04-21 11:16 - 2014-04-21 11:16 - 00001383 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk 2014-04-21 11:16 - 2014-04-21 11:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 2014-04-21 11:14 - 2014-04-21 11:13 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\Peter\Downloads\spybot-2.2.25.exe 2014-04-18 16:23 - 2014-04-18 16:23 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Avira 2014-04-18 15:49 - 2014-04-18 15:49 - 00002070 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk 2014-04-18 15:49 - 2014-04-18 15:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-04-18 15:49 - 2014-04-18 15:49 - 00000000 ____D () C:\ProgramData\Avira 2014-04-18 15:49 - 2014-04-18 15:49 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-04-18 11:28 - 2013-11-04 10:01 - 00000000 ____D () C:\ProgramData\Oracle 2014-04-18 11:27 - 2014-04-18 11:28 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe 2014-04-18 11:27 - 2014-04-18 11:27 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe 2014-04-18 11:27 - 2014-04-18 11:27 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe 2014-04-18 11:27 - 2014-04-18 11:27 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll 2014-04-18 11:27 - 2011-03-29 09:04 - 00000000 ____D () C:\Program Files (x86)\Java 2014-04-18 11:22 - 2013-03-05 12:16 - 00921512 _____ (Oracle Corporation) C:\Users\Peter\Downloads\jxpiinstall.exe 2014-04-17 12:36 - 2014-04-17 12:05 - 00000000 ____D () C:\Users\Peter\AppData\Local\CyberGhost 2014-04-17 12:04 - 2014-04-17 12:03 - 00000000 ____D () C:\Program Files\TAP-Windows 2014-04-17 12:03 - 2014-04-17 12:03 - 00001728 _____ () C:\Users\Peter\Desktop\CyberGhost 5.lnk 2014-04-17 12:03 - 2014-04-17 12:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost 5 2014-04-17 11:59 - 2014-04-17 11:59 - 08566128 _____ (CyberGhost S.R.L. ) C:\Users\Peter\Downloads\CG_5.0.9.8chip.de.exe 2014-04-16 19:48 - 2014-04-16 19:47 - 00004253 _____ () C:\windows\SysWOW64\jupdate-1.7.0_55-b13.log 2014-04-16 16:59 - 2014-04-16 16:59 - 00001337 _____ () C:\Users\Public\Desktop\NAVIGON Fresh.lnk 2014-04-16 16:59 - 2014-04-16 16:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NAVIGON 2014-04-16 16:50 - 2014-04-16 16:49 - 24186616 _____ (GARMIN Würzburg GmbH) C:\Users\Peter\Downloads\NAVIGON_Fresh_setup.exe 2014-04-16 16:41 - 2014-04-16 16:41 - 14459337 _____ () C:\Users\Peter\Downloads\N70Update_ForMacUser_v203.zip 2014-04-16 15:04 - 2014-04-16 15:04 - 00000000 ____D () C:\Program Files (x86)\NAVIGON 2014-04-16 10:14 - 2011-03-05 20:32 - 00000000 ____D () C:\Users\Peter\AppData\Local\Adobe 2014-04-14 04:24 - 2014-05-07 10:13 - 00465408 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll 2014-04-14 04:19 - 2014-05-07 10:13 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll 2014-04-11 08:17 - 2011-03-04 16:01 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-04-11 08:15 - 2013-08-04 10:46 - 00000000 ____D () C:\windows\system32\MRT 2014-04-11 08:10 - 2011-03-15 10:21 - 90655440 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe Files to move or delete: ==================== C:\Users\Peter\VitalSmarts Timer.exe Some content of TEMP: ==================== C:\Users\Peter\AppData\Local\Temp\avgnt.exe C:\Users\Peter\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjh_tix.dll C:\Users\Peter\AppData\Local\Temp\Quarantine.exe C:\Users\Peter\AppData\Local\Temp\Shockwave_Installer_FF.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-05-09 12:27 ==================== End Of Log ============================ herzlichen Dank bis hierher...
__________________ Peter Windows 8.1 64 bit Firefox (immer neueste Version) Av Antivir |
10.05.2014, 11:04 | #6 |
/// the machine /// TB-Ausbilder | Feindliche Übernahme meines Emailkontos versendet SpamESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ --> Feindliche Übernahme meines Emailkontos versendet Spam |
12.05.2014, 16:34 | #7 |
| Feindliche Übernahme meines Emailkontos versendet Spam OK, auch diese Schritte ausgeführt. Wobei: securityCheck hat nichts geliefert. Das dos-Fenster zum starten kam zwar, aber nach dem Start habe ich nichts mehr davon gesehen. Eine checkup.text habe ich nirgends gefunden. Zur Frage: "noch Probleme?" Antwort: "schwer zu sagen. Ich hatte ja selbst nichts von einem Trojaner bemerkt. nur mein Email-Hoster." Haben "wir" denn was gefunden? Die Meldungen von Avira waren ja irgendwo mit "harmlos" beschriftet. Was ist mit dem Hinweis: "Trojaner verstecken sich so gut, da muss man mit einer bootable CD suchen...(Avira auf ubuntu-basius von CD aus starten)"? Wie auch immer, hier die letzten logs: eset Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok esets_scanner_update returned -1 esets_gle=1 # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=b67690dfb07d9d45b5fce7ca559dd78b # engine=18210 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2014-05-10 07:37:18 # local_time=2014-05-10 09:37:18 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1799 16775165 100 96 12394 265173928 5150 0 # compatibility_mode=5893 16776574 100 94 1921659 151380488 0 0 # scanned=229059 # found=0 # cleaned=0 # scan_time=10488 frst: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-05-2014 01 Ran by Peter (administrator) on BÜRO-PC-LEONOVO on 12-05-2014 17:15:15 Running from C:\Users\Peter\Downloads Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe (Bury GmbH & Co. KG) C:\Program Files (x86)\BURY Time Suite\BuryLoggerSyncService.exe () C:\Users\Peter\AppData\LocalLow\ColorZillaStats\IE\ColorZillaStatsUpdater.exe (Firebird Project) C:\Program Files (x86)\FirebirdSQL\bin\fbguard.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe (Lenovo) C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe (Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe (The Eraser Project) C:\Program Files\Eraser\Eraser.exe () C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Audible, Inc.) C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Lenovo) C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe (Vimicro) C:\Program Files (x86)\USB Camera\VM331_STI.EXE (Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe (Panasonic Corporation) C:\Program Files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Dropbox, Inc.) C:\Users\Peter\AppData\Roaming\Dropbox\bin\Dropbox.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (WDC) C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe (Western Digital ) C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Western Digital ) C:\Program Files\Western Digital\WD SmartWare\WDFME.exe (CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Firebird Project) C:\Program Files (x86)\FirebirdSQL\bin\fbserver.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe (Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE (Microsoft Corporation) C:\Windows\splwow64.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe (TrueCrypt Foundation) C:\Program Files\TrueCrypt\TrueCrypt.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [NvCplDaemon] => C:\windows\system32\NvCpl.dll [17412200 2010-04-07] (NVIDIA Corporation) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10151968 2010-04-20] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [908320 2010-04-20] (Realtek Semiconductor) HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [345896 2010-04-05] (Alps Electric Co., Ltd.) HKLM\...\Run: [OnekeyStudio] => C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe [776608 2009-12-19] (Lenovo) HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\utility.exe [4462496 2010-04-21] (Lenovo(beijing) Limited) HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [7069088 2010-04-21] (Lenovo (Beijing) Limited) HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2328944 2011-01-07] (Microsoft Corporation) HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [980368 2010-11-04] (The Eraser Project) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation) HKLM-x32\...\Run: [MuteSync] => C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe [336384 2009-12-28] (Lenovo) HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331_STI.EXE [536576 2010-01-15] (Vimicro) HKLM-x32\...\Run: [UCam_Menu] => c:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.) HKLM-x32\...\Run: [YouCam Mirror Tray icon] => c:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [171104 2010-03-03] (CyberLink Corp.) HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [218408 2008-12-04] (CyberLink Corp.) HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [288088 2009-11-11] (Microsoft Corporation) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-04-22] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.) Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKU\.DEFAULT\...\RunOnce: [WLStart] - C:\Program Files (x86)\Windows Live\Installer\wlstart.exe [786760 2009-07-26] (Microsoft Corporation) HKU\S-1-5-21-4044840459-2837241131-3378573868-1000\...\Run: [FactoryTest] => C:\Windows\Test.bat HKU\S-1-5-21-4044840459-2837241131-3378573868-1000\...\Run: [Power2GoExpress] => C:\Program Files (x86)\Lenovo\Power2Go\Power2GoExpress.exe [2532648 2009-07-13] (Cyberlink) HKU\S-1-5-21-4044840459-2837241131-3378573868-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [FactoryTest] => C:\Windows\Test.bat HKU\S-1-5-21-4044840459-2837241131-3378573868-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Power2GoExpress] => C:\Program Files (x86)\Lenovo\Power2Go\Power2GoExpress.exe [2532648 2009-07-13] (Cyberlink) HKU\S-1-5-21-4044840459-2837241131-3378573868-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [FactoryTest] => C:\Windows\Test.bat HKU\S-1-5-21-4044840459-2837241131-3378573868-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [Power2GoExpress] => C:\Program Files (x86)\Lenovo\Power2Go\Power2GoExpress.exe [2532648 2009-07-13] (Cyberlink) HKU\S-1-5-21-4044840459-2837241131-3378573868-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [FactoryTest] => C:\Windows\Test.bat HKU\S-1-5-21-4044840459-2837241131-3378573868-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [Power2GoExpress] => C:\Program Files (x86)\Lenovo\Power2Go\Power2GoExpress.exe [2532648 2009-07-13] (Cyberlink) HKU\S-1-5-21-4044840459-2837241131-3378573868-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.) HKU\S-1-5-21-4044840459-2837241131-3378573868-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.) HKU\S-1-5-21-4044840459-2837241131-3378573868-1001\...\Run: [CyberGhost] => C:\Program Files\CyberGhost 5\CyberGhost.EXE [404080 2014-04-29] (CyberGhost S.R.L.) HKU\S-1-5-21-4044840459-2837241131-3378573868-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-21-4044840459-2837241131-3378573868-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.) HKU\S-1-5-21-4044840459-2837241131-3378573868-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.) HKU\S-1-5-21-4044840459-2837241131-3378573868-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CyberGhost] => C:\Program Files\CyberGhost 5\CyberGhost.EXE [404080 2014-04-29] (CyberGhost S.R.L.) HKU\S-1-5-21-4044840459-2837241131-3378573868-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [95848 2010-04-07] (NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [89704 2010-04-07] (NVIDIA Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk ShortcutTarget: Audible Download Manager.lnk -> C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HD Writer.lnk ShortcutTarget: HD Writer.lnk -> C:\Program Files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe (Panasonic Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WD Quick View.lnk ShortcutTarget: WD Quick View.lnk -> C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe (Western Digital Technologies, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\XiButler.lnk ShortcutTarget: XiButler.lnk -> C:\Program Files (x86)\XiButler24\XING 01.exe (Microsoft) Startup: C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Peter\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKCU - {657BEA9F-0CB4-4440-8D16-6DFC3A68476E} URL = hxxp://www.google.de/search?q={searchTerms} SearchScopes: HKCU - {95C90569-DAEF-4CC2-8C6E-788FB154F6B4} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms} BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO-x32: ColorZillaStats - {59F7FE53-2860-44B1-968A-E54E3E949A07} - C:\Users\Peter\AppData\LocalLow\ColorZillaStats\IE\ColorZillaStats.dll (Alex Sirota) BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) Toolbar: HKLM-x32 - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 217.0.43.177 FireFox: ======== FF ProfilePath: C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\tlvto6h5.default FF DefaultSearchEngine: Google Deutschland FF SelectedSearchEngine: Google Deutschland FF Homepage: hxxp://www.xxxx.de/coaching/unternehmer-coaching/leitfragen/ FF NetworkProxy: "type", 4 FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll () FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll (Adobe Systems, Inc.) FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Peter\AppData\Local\Citrix\Plugins\94\npappdetector.dll (Citrix Online) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF SearchPlugin: C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\tlvto6h5.default\searchplugins\google-deutschland.xml FF SearchPlugin: C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\tlvto6h5.default\searchplugins\s-amazon-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: ProxTube - Unblock YouTube - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\tlvto6h5.default\Extensions\ich@maltegoetz.de [2013-12-13] FF Extension: ColorZillaStats - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\tlvto6h5.default\Extensions\stats@colorzilla.com [2012-07-12] FF Extension: Google Toolbar for Firefox - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\tlvto6h5.default\Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2011-03-05] FF Extension: Page Zoom Button - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\tlvto6h5.default\Extensions\54c7d9671b9eccd9e5686a73df34ab60@button.codefisher.org.xpi [2011-05-02] FF Extension: anonymoX - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\tlvto6h5.default\Extensions\client@anonymox.net.xpi [2013-02-28] FF Extension: SEO Status PageRank/Alexa Toolbar - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\tlvto6h5.default\Extensions\seostatus@rubyweb.xpi [2011-12-15] FF Extension: NoScript - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\tlvto6h5.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-04-17] FF Extension: Easy Youtube Video Downloader Express - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\tlvto6h5.default\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2013-11-28] FF Extension: Address Bar Search - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\tlvto6h5.default\Extensions\{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9}.xpi [2013-10-28] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-05-07] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-05-07] FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-02-02] FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-02-02] Chrome: ======= CHR HomePage: CHR Extension: (Google Docs) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-08] CHR Extension: (Google Drive) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-08] CHR Extension: (YouTube) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-08] CHR Extension: (ColorZillaStats) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgfambohdeocadlemmdceabhlgccijal [2014-05-08] CHR Extension: (Google-Suche) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-08] CHR Extension: (Google Wallet) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-08] CHR Extension: (Google Mail) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-08] CHR HKLM-x32\...\Chrome\Extension: [cgfambohdeocadlemmdceabhlgccijal] - C:\Users\Peter\AppData\LocalLow\ColorZillaStats\CHROME\ColorZillaStats.crx [2012-06-18] ==================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-04-22] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-04-22] (Avira Operations GmbH & Co. KG) R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [907040 2010-05-10] (Broadcom Corporation.) R2 BuryLoggerSyncService; C:\Program Files (x86)\BURY Time Suite\BuryLoggerSyncService.exe [107520 2011-03-08] (Bury GmbH & Co. KG) R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64624 2014-04-29] (CyberGhost S.R.L) R2 ColorZillaStatsUpdater; C:\Users\Peter\AppData\LocalLow\ColorZillaStats\IE\ColorZillaStatsUpdater.exe [18432 2012-06-18] () R2 FirebirdGuardianBURYTIMESUITE; C:\Program Files (x86)\FirebirdSQL\bin\fbguard.exe [81920 2010-04-19] (Firebird Project) R3 FirebirdServerBURYTIMESUITE; C:\Program Files (x86)\FirebirdSQL\bin\fbserver.exe [2723840 2010-04-19] (Firebird Project) S3 IGRS; C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe [38152 2009-07-14] (Lenovo Group Limited) S3 Lenovo ReadyComm AppSvc; C:\Program Files\Lenovo\ReadyComm\AppSvc.exe [509192 2009-08-14] (Lenovo Group Limited) S3 Lenovo ReadyComm ConnSvc; C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe [579400 2009-09-22] (Lenovo Group Limited) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation) S2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57820696 2008-07-11] (Microsoft Corporation) S3 PS_MDP; C:\Program Files (x86)\Lenovo\ReadyComm\PS_MDP.dll [276296 2009-07-16] (Lenovo Group Limited) S2 ReadyComm.DirectRouter; C:\Program Files (x86)\Lenovo\ReadyComm\common\router.dll [103688 2009-07-14] (Lenovo Group Limited) R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.) S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.) S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [430616 2008-07-11] (Microsoft Corporation) R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe [317328 2011-08-01] (WDC) R2 WDFMEService; C:\Program Files\Western Digital\WD SmartWare\WDFME.exe [1978256 2011-08-01] (Western Digital ) R2 WDRulesService; C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe [1338256 2011-08-01] (Western Digital ) ==================== Drivers (Whitelisted) ==================== U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-04-22] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-04-22] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-04-22] (Avira Operations GmbH & Co. KG) S3 Bridge0; C:\Windows\System32\drivers\WDBridge.sys [79376 2009-07-16] (Lenovo) R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-05-12] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation) S3 pwdrvio; C:\windows\system32\pwdrvio.sys [19936 2011-05-06] () S3 pwdspio; C:\windows\system32\pwdspio.sys [13280 2011-05-06] () S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-01-20] (Anchorfree Inc.) R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [215040 2010-02-24] (Vimicro Corporation) R3 wdmirror; C:\Windows\System32\DRIVERS\WDMirror.sys [11280 2009-07-16] (Lenovo) U3 BcmSqlStartupSvc; S3 catchme; \??\C:\ComboFix\catchme.sys [X] U2 IviRegMgr; U2 RichVideo; S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X] S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-12 14:03 - 2014-05-12 15:12 - 00855379 _____ () C:\Users\Peter\Downloads\SecurityCheck.exe 2014-05-10 18:24 - 2014-05-10 18:24 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-05-10 18:23 - 2014-05-10 18:24 - 02347384 _____ (ESET) C:\Users\Peter\Downloads\esetsmartinstaller_deu.exe 2014-05-09 13:46 - 2014-05-12 17:15 - 00000000 ____D () C:\Users\Peter\Downloads\FRST-OlderVersion 2014-05-09 13:43 - 2014-05-09 13:43 - 00002056 _____ () C:\Users\Peter\Desktop\JRT.txt 2014-05-09 13:31 - 2014-05-09 13:31 - 00000000 ____D () C:\windows\ERUNT 2014-05-09 13:27 - 2014-05-09 13:27 - 01016261 _____ (Thisisu) C:\Users\Peter\Downloads\JRT.exe 2014-05-09 12:58 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\SysWOW64\sqlite3.dll 2014-05-09 12:57 - 2014-05-09 13:14 - 00000000 ____D () C:\AdwCleaner 2014-05-09 12:57 - 2014-05-09 12:57 - 01316991 _____ () C:\Users\Peter\Downloads\adwcleaner.exe 2014-05-09 11:41 - 2014-05-12 16:34 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-09 11:41 - 2014-05-09 11:41 - 00001066 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-05-09 11:41 - 2014-05-09 11:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-05-09 11:41 - 2014-05-09 11:41 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-09 11:41 - 2014-05-09 11:41 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-05-09 11:41 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys 2014-05-09 11:41 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys 2014-05-09 11:41 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys 2014-05-09 11:37 - 2014-05-09 11:37 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Peter\Downloads\mbam-setup-2.0.1.1004.exe 2014-05-09 10:27 - 2014-05-09 10:42 - 634931984 _____ (Avira GmbH) C:\Users\Peter\Downloads\rescue-system.exe 2014-05-08 16:52 - 2014-05-08 16:52 - 00002211 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-05-08 16:52 - 2014-05-08 16:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-05-08 16:11 - 2014-05-08 16:11 - 00000000 ____D () C:\windows\SysWOW64\Adobe 2014-05-08 12:59 - 2014-05-08 12:59 - 00028237 _____ () C:\ComboFix.txt 2014-05-08 12:20 - 2011-06-26 08:45 - 00256000 _____ () C:\windows\PEV.exe 2014-05-08 12:20 - 2010-11-07 19:20 - 00208896 _____ () C:\windows\MBR.exe 2014-05-08 12:20 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe 2014-05-08 12:20 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe 2014-05-08 12:20 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe 2014-05-08 12:20 - 2000-08-31 02:00 - 00098816 _____ () C:\windows\sed.exe 2014-05-08 12:20 - 2000-08-31 02:00 - 00080412 _____ () C:\windows\grep.exe 2014-05-08 12:20 - 2000-08-31 02:00 - 00068096 _____ () C:\windows\zip.exe 2014-05-08 12:19 - 2014-05-09 12:38 - 00000000 ____D () C:\windows\erdnt 2014-05-08 12:19 - 2014-05-08 12:59 - 00000000 ____D () C:\Qoobox 2014-05-08 12:16 - 2014-05-08 12:16 - 05200039 ____R (Swearware) C:\Users\Peter\Desktop\ComboFix.exe 2014-05-08 11:44 - 2014-05-08 11:44 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Peter\Downloads\revosetup95.exe 2014-05-08 11:44 - 2014-05-08 11:44 - 00001268 _____ () C:\Users\Peter\Desktop\Revo Uninstaller.lnk 2014-05-08 11:44 - 2014-05-08 11:44 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-05-08 07:21 - 2014-05-08 07:21 - 00000000 ___SD () C:\windows\system32\CompatTel 2014-05-07 16:46 - 2014-05-07 17:15 - 00046580 _____ () C:\Users\Peter\Downloads\Addition.txt 2014-05-07 16:39 - 2014-05-07 16:39 - 00380416 _____ () C:\Users\Peter\Downloads\Gmer-19357.exe 2014-05-07 16:29 - 2014-05-12 17:15 - 00030439 _____ () C:\Users\Peter\Downloads\FRST.txt 2014-05-07 16:28 - 2014-05-12 17:15 - 00000000 ____D () C:\FRST 2014-05-07 16:27 - 2014-05-12 17:15 - 02066944 _____ (Farbar) C:\Users\Peter\Downloads\FRST64.exe 2014-05-07 16:25 - 2014-05-07 16:25 - 00000472 _____ () C:\Users\Peter\Downloads\defogger_disable.log 2014-05-07 16:25 - 2014-05-07 16:25 - 00000000 _____ () C:\Users\Peter\defogger_reenable 2014-05-07 16:22 - 2014-05-07 16:22 - 00050477 _____ () C:\Users\Peter\Downloads\Defogger.exe 2014-05-07 15:23 - 2014-05-10 18:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-05-07 11:33 - 2014-05-07 11:25 - 02209056 _____ () C:\Users\Peter\Downloads\avira-eu-cleaner_de.exe 2014-05-07 11:32 - 2014-05-07 11:33 - 00001991 _____ () C:\Users\Peter\Desktop\Entfernen des Avira EU-Cleaners.lnk 2014-05-07 11:32 - 2014-05-07 11:33 - 00001935 _____ () C:\Users\Peter\Desktop\Avira EU-Cleaner.lnk 2014-05-07 10:13 - 2014-04-14 04:24 - 00465408 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll 2014-05-07 10:13 - 2014-04-14 04:19 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll 2014-05-05 08:38 - 2014-04-29 16:01 - 23547904 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2014-05-05 08:38 - 2014-04-29 15:40 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2014-05-05 08:38 - 2014-04-29 14:48 - 17384448 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2014-05-05 08:38 - 2014-04-29 14:34 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb 2014-04-30 09:28 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll 2014-04-30 09:28 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2014-04-30 09:28 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll 2014-04-30 09:28 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll 2014-04-30 09:28 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2014-04-30 09:28 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2014-04-30 09:28 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2014-04-30 09:28 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2014-04-30 09:28 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe 2014-04-30 09:28 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe 2014-04-30 09:28 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll 2014-04-30 09:28 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe 2014-04-30 09:28 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2014-04-30 09:28 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll 2014-04-30 09:28 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2014-04-30 09:28 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll 2014-04-30 09:28 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll 2014-04-30 09:28 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll 2014-04-30 09:28 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll 2014-04-30 09:28 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll 2014-04-30 09:28 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll 2014-04-30 09:28 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2014-04-30 09:28 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll 2014-04-30 09:28 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll 2014-04-30 09:28 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll 2014-04-30 09:28 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll 2014-04-30 09:28 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe 2014-04-30 09:28 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll 2014-04-30 09:28 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll 2014-04-30 09:28 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2014-04-30 09:28 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-04-30 09:28 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2014-04-30 09:28 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll 2014-04-30 09:28 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll 2014-04-30 09:28 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2014-04-30 09:28 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2014-04-30 09:28 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl 2014-04-30 09:28 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2014-04-30 09:28 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2014-04-30 09:28 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2014-04-30 09:28 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll 2014-04-30 09:28 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll 2014-04-30 09:28 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2014-04-30 09:28 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2014-04-28 18:50 - 2014-04-28 18:50 - 00000880 _____ () C:\Users\Peter\AppData\Local\recently-used.xbel 2014-04-22 09:41 - 2014-04-22 09:40 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys 2014-04-22 09:41 - 2014-04-22 09:40 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys 2014-04-22 09:41 - 2014-04-22 09:40 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys 2014-04-22 09:41 - 2014-04-22 09:40 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avkmgr.sys 2014-04-21 11:17 - 2014-04-21 11:17 - 00000000 ____D () C:\windows\System32\Tasks\Safer-Networking 2014-04-21 11:16 - 2014-04-23 19:28 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-04-21 11:16 - 2014-04-21 11:17 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2 2014-04-21 11:16 - 2014-04-21 11:16 - 00001395 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk 2014-04-21 11:16 - 2014-04-21 11:16 - 00001383 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk 2014-04-21 11:16 - 2014-04-21 11:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 2014-04-21 11:16 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\windows\system32\sdnclean64.exe 2014-04-21 11:13 - 2014-04-21 11:14 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\Peter\Downloads\spybot-2.2.25.exe 2014-04-18 16:23 - 2014-04-18 16:23 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Avira 2014-04-18 15:49 - 2014-04-18 15:49 - 00002070 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk 2014-04-18 15:49 - 2014-04-18 15:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-04-18 15:49 - 2014-04-18 15:49 - 00000000 ____D () C:\ProgramData\Avira 2014-04-18 15:49 - 2014-04-18 15:49 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-04-18 11:28 - 2014-04-18 11:27 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe 2014-04-18 11:27 - 2014-04-18 11:27 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe 2014-04-18 11:27 - 2014-04-18 11:27 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe 2014-04-18 11:27 - 2014-04-18 11:27 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll 2014-04-17 12:05 - 2014-04-17 12:36 - 00000000 ____D () C:\Users\Peter\AppData\Local\CyberGhost 2014-04-17 12:03 - 2014-05-01 12:27 - 00000000 ____D () C:\Program Files\CyberGhost 5 2014-04-17 12:03 - 2014-04-17 12:04 - 00000000 ____D () C:\Program Files\TAP-Windows 2014-04-17 12:03 - 2014-04-17 12:03 - 00001728 _____ () C:\Users\Peter\Desktop\CyberGhost 5.lnk 2014-04-17 12:03 - 2014-04-17 12:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost 5 2014-04-17 11:59 - 2014-04-17 11:59 - 08566128 _____ (CyberGhost S.R.L. ) C:\Users\Peter\Downloads\CG_5.0.9.8chip.de.exe 2014-04-16 19:47 - 2014-04-16 19:48 - 00004253 _____ () C:\windows\SysWOW64\jupdate-1.7.0_55-b13.log 2014-04-16 16:59 - 2014-04-16 16:59 - 00001337 _____ () C:\Users\Public\Desktop\NAVIGON Fresh.lnk 2014-04-16 16:59 - 2014-04-16 16:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NAVIGON 2014-04-16 16:49 - 2014-04-16 16:50 - 24186616 _____ (GARMIN Würzburg GmbH) C:\Users\Peter\Downloads\NAVIGON_Fresh_setup.exe 2014-04-16 16:41 - 2014-04-16 16:41 - 14459337 _____ () C:\Users\Peter\Downloads\N70Update_ForMacUser_v203.zip 2014-04-16 15:04 - 2014-04-16 15:04 - 00000000 ____D () C:\Program Files (x86)\NAVIGON ==================== One Month Modified Files and Folders ======= 2014-05-12 17:16 - 2014-05-07 16:29 - 00030439 _____ () C:\Users\Peter\Downloads\FRST.txt 2014-05-12 17:15 - 2014-05-09 13:46 - 00000000 ____D () C:\Users\Peter\Downloads\FRST-OlderVersion 2014-05-12 17:15 - 2014-05-07 16:28 - 00000000 ____D () C:\FRST 2014-05-12 17:15 - 2014-05-07 16:27 - 02066944 _____ (Farbar) C:\Users\Peter\Downloads\FRST64.exe 2014-05-12 17:08 - 2012-04-10 14:26 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job 2014-05-12 16:38 - 2011-03-05 16:08 - 00000000 ____D () C:\Users\Peter\Documents\Allgemein 2014-05-12 16:34 - 2014-05-09 11:41 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-12 16:27 - 2012-06-15 11:04 - 00001108 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-05-12 15:35 - 2011-05-11 09:15 - 00000000 ____D () C:\Users\Peter\Documents\Eigene Scans 2014-05-12 15:12 - 2014-05-12 14:03 - 00855379 _____ () C:\Users\Peter\Downloads\SecurityCheck.exe 2014-05-12 12:07 - 2010-08-27 11:53 - 01140248 _____ () C:\windows\WindowsUpdate.log 2014-05-12 08:22 - 2012-06-15 11:04 - 00001104 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-05-11 07:13 - 2010-08-27 19:35 - 00764994 _____ () C:\windows\system32\perfh007.dat 2014-05-11 07:13 - 2010-08-27 19:35 - 00174192 _____ () C:\windows\system32\perfc007.dat 2014-05-11 07:13 - 2009-07-14 07:13 - 01803954 _____ () C:\windows\system32\PerfStringBackup.INI 2014-05-10 18:28 - 2011-03-29 09:06 - 00000000 ____D () C:\Users\Peter\.freemind 2014-05-10 18:24 - 2014-05-10 18:24 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-05-10 18:24 - 2014-05-10 18:23 - 02347384 _____ (ESET) C:\Users\Peter\Downloads\esetsmartinstaller_deu.exe 2014-05-10 18:16 - 2014-05-07 15:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-05-09 13:43 - 2014-05-09 13:43 - 00002056 _____ () C:\Users\Peter\Desktop\JRT.txt 2014-05-09 13:31 - 2014-05-09 13:31 - 00000000 ____D () C:\windows\ERUNT 2014-05-09 13:29 - 2009-07-14 06:45 - 00013632 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-05-09 13:29 - 2009-07-14 06:45 - 00013632 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-05-09 13:27 - 2014-05-09 13:27 - 01016261 _____ (Thisisu) C:\Users\Peter\Downloads\JRT.exe 2014-05-09 13:18 - 2013-10-17 17:06 - 00000000 ___RD () C:\Users\Peter\Dropbox 2014-05-09 13:18 - 2013-10-17 17:03 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Dropbox 2014-05-09 13:15 - 2012-10-24 16:35 - 00036108 _____ () C:\windows\setupact.log 2014-05-09 13:15 - 2012-10-24 16:34 - 00362690 _____ () C:\windows\PFRO.log 2014-05-09 13:15 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2014-05-09 13:14 - 2014-05-09 12:57 - 00000000 ____D () C:\AdwCleaner 2014-05-09 12:57 - 2014-05-09 12:57 - 01316991 _____ () C:\Users\Peter\Downloads\adwcleaner.exe 2014-05-09 12:38 - 2014-05-08 12:19 - 00000000 ____D () C:\windows\erdnt 2014-05-09 11:41 - 2014-05-09 11:41 - 00001066 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-05-09 11:41 - 2014-05-09 11:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-05-09 11:41 - 2014-05-09 11:41 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-09 11:41 - 2014-05-09 11:41 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-05-09 11:37 - 2014-05-09 11:37 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Peter\Downloads\mbam-setup-2.0.1.1004.exe 2014-05-09 10:42 - 2014-05-09 10:27 - 634931984 _____ (Avira GmbH) C:\Users\Peter\Downloads\rescue-system.exe 2014-05-08 16:52 - 2014-05-08 16:52 - 00002211 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-05-08 16:52 - 2014-05-08 16:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-05-08 16:52 - 2012-06-15 11:04 - 00000000 ____D () C:\Program Files (x86)\Google 2014-05-08 16:52 - 2011-03-05 21:39 - 00000000 ____D () C:\Users\Peter\AppData\Local\Google 2014-05-08 16:11 - 2014-05-08 16:11 - 00000000 ____D () C:\windows\SysWOW64\Adobe 2014-05-08 12:59 - 2014-05-08 12:59 - 00028237 _____ () C:\ComboFix.txt 2014-05-08 12:59 - 2014-05-08 12:19 - 00000000 ____D () C:\Qoobox 2014-05-08 12:59 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default 2014-05-08 12:51 - 2009-07-14 04:34 - 00000215 _____ () C:\windows\system.ini 2014-05-08 12:45 - 2012-04-27 21:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-05-08 12:32 - 2011-03-04 14:47 - 00000000 ____D () C:\Users\Peter 2014-05-08 12:16 - 2014-05-08 12:16 - 05200039 ____R (Swearware) C:\Users\Peter\Desktop\ComboFix.exe 2014-05-08 12:10 - 2012-03-18 13:52 - 00000000 ____D () C:\Program Files (x86)\TomTom International B.V 2014-05-08 12:08 - 2011-03-04 15:46 - 00000000 ____D () C:\Program Files (x86)\PDF Editor 3 2014-05-08 12:06 - 2012-03-18 13:52 - 00000000 ____D () C:\Users\Peter\AppData\Local\TomTom 2014-05-08 12:03 - 2014-02-25 12:09 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\DVDVideoSoft 2014-05-08 11:44 - 2014-05-08 11:44 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Peter\Downloads\revosetup95.exe 2014-05-08 11:44 - 2014-05-08 11:44 - 00001268 _____ () C:\Users\Peter\Desktop\Revo Uninstaller.lnk 2014-05-08 11:44 - 2014-05-08 11:44 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-05-08 11:22 - 2011-08-30 13:13 - 00000000 ____D () C:\XingCommunityBoy 2014-05-08 07:22 - 2012-06-15 11:04 - 00004104 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-05-08 07:22 - 2012-06-15 11:04 - 00003852 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-05-08 07:21 - 2014-05-08 07:21 - 00000000 ___SD () C:\windows\system32\CompatTel 2014-05-07 17:15 - 2014-05-07 16:46 - 00046580 _____ () C:\Users\Peter\Downloads\Addition.txt 2014-05-07 16:39 - 2014-05-07 16:39 - 00380416 _____ () C:\Users\Peter\Downloads\Gmer-19357.exe 2014-05-07 16:25 - 2014-05-07 16:25 - 00000472 _____ () C:\Users\Peter\Downloads\defogger_disable.log 2014-05-07 16:25 - 2014-05-07 16:25 - 00000000 _____ () C:\Users\Peter\defogger_reenable 2014-05-07 16:22 - 2014-05-07 16:22 - 00050477 _____ () C:\Users\Peter\Downloads\Defogger.exe 2014-05-07 11:33 - 2014-05-07 11:32 - 00001991 _____ () C:\Users\Peter\Desktop\Entfernen des Avira EU-Cleaners.lnk 2014-05-07 11:33 - 2014-05-07 11:32 - 00001935 _____ () C:\Users\Peter\Desktop\Avira EU-Cleaner.lnk 2014-05-07 11:25 - 2014-05-07 11:33 - 02209056 _____ () C:\Users\Peter\Downloads\avira-eu-cleaner_de.exe 2014-05-05 09:38 - 2012-09-06 11:40 - 00000000 ____D () C:\Users\Peter\Documents\PR_Team_Kommunikation 2014-05-02 12:19 - 2011-03-05 16:10 - 00000000 ____D () C:\Users\Peter\Documents\Kunden 2014-05-01 16:29 - 2012-08-25 11:41 - 00012946 _____ () C:\Users\Peter\Documents\Rollierende Projektliste.xlsx 2014-05-01 16:28 - 2011-03-05 16:10 - 00000000 ____D () C:\Users\Peter\Documents\Steuern 2014-05-01 14:09 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\rescache 2014-05-01 12:27 - 2014-04-17 12:03 - 00000000 ____D () C:\Program Files\CyberGhost 5 2014-04-30 18:02 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\PolicyDefinitions 2014-04-29 16:01 - 2014-05-05 08:38 - 23547904 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2014-04-29 15:40 - 2014-05-05 08:38 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2014-04-29 14:48 - 2014-05-05 08:38 - 17384448 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2014-04-29 14:34 - 2014-05-05 08:38 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb 2014-04-29 10:02 - 2013-10-17 17:06 - 00000979 _____ () C:\Users\Peter\Desktop\Dropbox.lnk 2014-04-29 10:02 - 2013-10-17 17:04 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-04-29 10:02 - 2011-03-04 14:48 - 00000000 ___RD () C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-04-29 09:26 - 2012-04-10 14:26 - 00692400 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe 2014-04-29 09:26 - 2012-04-10 14:26 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater 2014-04-29 09:26 - 2011-05-17 09:45 - 00070832 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-04-28 18:50 - 2014-04-28 18:50 - 00000880 _____ () C:\Users\Peter\AppData\Local\recently-used.xbel 2014-04-28 18:50 - 2013-09-20 16:04 - 00000000 ____D () C:\Users\Peter\AppData\Local\gtk-2.0 2014-04-28 18:50 - 2013-09-20 16:00 - 00000000 ____D () C:\Users\Peter\.gimp-2.8 2014-04-28 16:48 - 2012-03-05 12:00 - 00000000 ____D () C:\Users\Peter\Documents\Selbstmanagement 2014-04-23 19:28 - 2014-04-21 11:16 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-04-23 19:25 - 2011-03-04 20:36 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\vlc 2014-04-23 19:00 - 2011-03-09 19:02 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\dvdcss 2014-04-22 09:40 - 2014-04-22 09:41 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys 2014-04-22 09:40 - 2014-04-22 09:41 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys 2014-04-22 09:40 - 2014-04-22 09:41 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys 2014-04-22 09:40 - 2014-04-22 09:41 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avkmgr.sys 2014-04-21 11:17 - 2014-04-21 11:17 - 00000000 ____D () C:\windows\System32\Tasks\Safer-Networking 2014-04-21 11:17 - 2014-04-21 11:16 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2 2014-04-21 11:16 - 2014-04-21 11:16 - 00001395 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk 2014-04-21 11:16 - 2014-04-21 11:16 - 00001383 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk 2014-04-21 11:16 - 2014-04-21 11:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 2014-04-21 11:14 - 2014-04-21 11:13 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\Peter\Downloads\spybot-2.2.25.exe 2014-04-18 16:23 - 2014-04-18 16:23 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Avira 2014-04-18 15:49 - 2014-04-18 15:49 - 00002070 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk 2014-04-18 15:49 - 2014-04-18 15:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-04-18 15:49 - 2014-04-18 15:49 - 00000000 ____D () C:\ProgramData\Avira 2014-04-18 15:49 - 2014-04-18 15:49 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-04-18 11:28 - 2013-11-04 10:01 - 00000000 ____D () C:\ProgramData\Oracle 2014-04-18 11:27 - 2014-04-18 11:28 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe 2014-04-18 11:27 - 2014-04-18 11:27 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe 2014-04-18 11:27 - 2014-04-18 11:27 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe 2014-04-18 11:27 - 2014-04-18 11:27 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll 2014-04-18 11:27 - 2011-03-29 09:04 - 00000000 ____D () C:\Program Files (x86)\Java 2014-04-18 11:22 - 2013-03-05 12:16 - 00921512 _____ (Oracle Corporation) C:\Users\Peter\Downloads\jxpiinstall.exe 2014-04-17 12:36 - 2014-04-17 12:05 - 00000000 ____D () C:\Users\Peter\AppData\Local\CyberGhost 2014-04-17 12:04 - 2014-04-17 12:03 - 00000000 ____D () C:\Program Files\TAP-Windows 2014-04-17 12:03 - 2014-04-17 12:03 - 00001728 _____ () C:\Users\Peter\Desktop\CyberGhost 5.lnk 2014-04-17 12:03 - 2014-04-17 12:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost 5 2014-04-17 11:59 - 2014-04-17 11:59 - 08566128 _____ (CyberGhost S.R.L. ) C:\Users\Peter\Downloads\CG_5.0.9.8chip.de.exe 2014-04-16 19:48 - 2014-04-16 19:47 - 00004253 _____ () C:\windows\SysWOW64\jupdate-1.7.0_55-b13.log 2014-04-16 16:59 - 2014-04-16 16:59 - 00001337 _____ () C:\Users\Public\Desktop\NAVIGON Fresh.lnk 2014-04-16 16:59 - 2014-04-16 16:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NAVIGON 2014-04-16 16:50 - 2014-04-16 16:49 - 24186616 _____ (GARMIN Würzburg GmbH) C:\Users\Peter\Downloads\NAVIGON_Fresh_setup.exe 2014-04-16 16:41 - 2014-04-16 16:41 - 14459337 _____ () C:\Users\Peter\Downloads\N70Update_ForMacUser_v203.zip 2014-04-16 15:04 - 2014-04-16 15:04 - 00000000 ____D () C:\Program Files (x86)\NAVIGON 2014-04-16 10:14 - 2011-03-05 20:32 - 00000000 ____D () C:\Users\Peter\AppData\Local\Adobe 2014-04-14 04:24 - 2014-05-07 10:13 - 00465408 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll 2014-04-14 04:19 - 2014-05-07 10:13 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll Files to move or delete: ==================== C:\Users\Peter\VitalSmarts Timer.exe Some content of TEMP: ==================== C:\Users\Peter\AppData\Local\Temp\avgnt.exe C:\Users\Peter\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjh_tix.dll C:\Users\Peter\AppData\Local\Temp\Quarantine.exe C:\Users\Peter\AppData\Local\Temp\Shockwave_Installer_FF.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-05-09 12:27 ==================== End Of Log ============================ Ist jetzt alles sicher und sauber? Herzlichen Dank Peter
__________________ Peter Windows 8.1 64 bit Firefox (immer neueste Version) Av Antivir |
13.05.2014, 12:28 | #8 | |
/// the machine /// TB-Ausbilder | Feindliche Übernahme meines Emailkontos versendet SpamZitat:
Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
13.05.2014, 12:54 | #9 |
| Feindliche Übernahme meines Emailkontos versendet Spam Der Hinweis mit der bootable avira-cd stammt von hier: hxxp://answers.microsoft.com/de-de/windows/forum/windows_7-ecoms/kann-keine-mails-mehr-senden-angeblich-wird-mein/bb3d6986-af99-4fa3-afd8-02b57e76de32 Ich hatte mal gegoogelt, wie es sein kann dass jemand mein Email-Postfavch kapert, obwohl ich so gut wie nie das Passwort manuell eingegeben habe. Danke für die abschließenden Tipps, dann gehe ich jetzt mal ans aufräumen. LG
__________________ Peter Windows 8.1 64 bit Firefox (immer neueste Version) Av Antivir |
14.05.2014, 11:37 | #10 |
/// the machine /// TB-Ausbilder | Feindliche Übernahme meines Emailkontos versendet Spam Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
14.05.2014, 12:11 | #11 |
| Feindliche Übernahme meines Emailkontos versendet Spam Kleiner Tipp noch! Ihr habt so gut nachvollziehbare Beschreibungen, was zu tun ist. Hierzu noch eine Ergänzung: Bei mir lief ja der securityCheck nicht. => Einmal Neustart machen, dann geht der SecurityCheck einwandfrei. LG
__________________ Peter Windows 8.1 64 bit Firefox (immer neueste Version) Av Antivir |
15.05.2014, 07:33 | #12 |
/// the machine /// TB-Ausbilder | Feindliche Übernahme meines Emailkontos versendet Spam ok
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu Feindliche Übernahme meines Emailkontos versendet Spam |
appl/domaiq.gen, association, bingbar, bonjour, converter, cyberghost, desktop, dllhost.exe, downloader, dvdvideosoft ltd., emailkonto, flash player, hdd0(c:, homepage, hotspot, kunde, launch, malware, officejet, pup.optional.babylon.a, pup.optional.bundleinstaller.a, pup.optional.conduit.a, pup.optional.pricegong.a, pup.optional.softonic.a, pup.optional.spigot.a, realtek, refresh, registry, rojaner gefunden, safer networking, svchost.exe, tr/dropper.gen, trojaner, vista, windows, wuauclt.exe |