|
Plagegeister aller Art und deren Bekämpfung: download protect 2.2.0 sicher entfernenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
11.05.2014, 14:05 | #1 |
| download protect 2.2.0 sicher entfernen habe mir diese "malware" eingefangen. wie wird man diese wieder los? hier mein malbyte [spoiler] Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 11.05.2014 Scan Time: 14:42:40 Logfile: malware bytes.txt Administrator: Yes Version: 2.00.1.1004 Malware Database: v2014.04.20.03 Rootkit Database: v2014.03.27.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Chameleon: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: xy Scan Type: Threat Scan Result: Completed Objects Scanned: 260069 Time Elapsed: 13 min, 10 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Shuriken: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) [/spoiler] geh mal davon aus dass ihr hier nichts rauslesen könnt oder? was braucht ihr noch dazu? |
11.05.2014, 14:06 | #2 |
| download protect 2.2.0 sicher entfernenHallo und willkommen an Board, radogoal Mein Name ist Machiavelli und werde bei Deinem Malware Problemen behilflich sein. Falls Du Dich im abgesicherten Modus befindest, würde ich Dir raten, alle Anweisungen von mir auszudrucken, um besseren Überblick auf die Gesamtsituation zu bekommen. Ich bin hier im Malwareteam und daher ist es mir möglich, Dir zu helfen. Damit eine Bereinigung ermöglicht werden kann, musst Du ein paar Regeln/Tipps beachten:
Schaun wir mal das ganze mit OTL an. Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop.
Code:
ATTFilter netsvcs BASESERVICES %SYSTEMDRIVE%\*.exe /md5start services.* explorer.exe winlogon.exe Userinit.exe svchost.exe qmgr.dll mpsvc.dll winsock.* rpcss.dll /md5stop dir "%systemdrive%\*" /S /A:L /C CREATERESTOREPOINT
|
11.05.2014, 14:31 | #3 |
| download protect 2.2.0 sicher entfernen OTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 11.05.2014 15:14:52 - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\xy\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.16518) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,49 Gb Total Physical Memory | 2,27 Gb Available Physical Memory | 64,96% Memory free 6,98 Gb Paging File | 5,39 Gb Available in Paging File | 77,23% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 210,06 Gb Total Space | 108,52 Gb Free Space | 51,66% Space Free | Partition Type: NTFS Drive D: | 721,35 Gb Total Space | 383,40 Gb Free Space | 53,15% Space Free | Partition Type: NTFS Computer Name: XY-PC | User Name: xy | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found -- PRC - [2014.05.11 15:10:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\xy\Downloads\OTL.exe PRC - [2014.04.18 20:50:52 | 033,604,728 | ---- | M] (Dropbox, Inc.) -- C:\Users\xy\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2014.03.07 12:29:32 | 000,012,800 | ---- | M] () -- C:\ProgramData\dlprotect.exe PRC - [2014.02.20 15:58:03 | 000,440,400 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2014.02.20 15:57:57 | 000,689,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2014.02.20 15:57:57 | 000,440,400 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2014.02.18 18:48:35 | 000,467,000 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\program files (x86)\avira\antivir desktop\ipmGui.exe PRC - [2014.02.06 23:29:56 | 000,189,480 | ---- | M] (Geek Software GmbH) -- C:\Program Files (x86)\PDF24\pdf24.exe PRC - [2014.02.05 10:48:32 | 004,915,040 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe PRC - [2013.05.23 15:17:00 | 001,106,288 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe PRC - [2013.05.23 15:16:56 | 000,311,152 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe PRC - [2013.05.23 15:16:52 | 001,561,968 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe PRC - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2009.05.06 18:53:50 | 001,220,608 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe ========== Modules (No Company Name) ========== MOD - [2014.05.11 14:57:42 | 000,041,984 | ---- | M] () -- c:\users\xy\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpj6f1fu.dll MOD - [2014.03.07 12:29:32 | 000,012,800 | ---- | M] () -- C:\ProgramData\dlprotect.exe MOD - [2014.02.23 11:50:17 | 018,813,440 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\a4b45c44490c75bc2fb22780e7ef087d\PresentationFramework.ni.dll MOD - [2014.02.23 11:50:13 | 000,223,232 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\f4354d6580fbb745c0c8acba382a7b84\System.ServiceProcess.ni.dll MOD - [2014.02.23 11:50:11 | 001,889,792 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\3fe705796c6a41d4889d9001d1c56af8\System.Xaml.ni.dll MOD - [2014.02.23 11:50:09 | 000,802,816 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\966f64a25064fe74936295dc06ec586e\System.Runtime.Remoting.ni.dll MOD - [2014.02.23 11:50:04 | 011,025,920 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74542efbeb46445949a39026c501132\PresentationCore.ni.dll MOD - [2014.02.23 11:49:59 | 006,990,336 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dce99d8de14d8a015313db98c72552ee\System.Core.ni.dll MOD - [2014.02.23 11:49:58 | 007,662,080 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bada32953bb6b16a53d653eae23d78dc\System.Xml.ni.dll MOD - [2014.02.23 11:49:57 | 003,950,080 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\acf97bfe2a931d4a47253b26b7218991\WindowsBase.ni.dll MOD - [2014.02.23 11:49:54 | 000,976,384 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bbc48ec4245e502ae19b0601d3799c9e\System.Configuration.ni.dll MOD - [2014.02.23 11:49:53 | 010,060,800 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll MOD - [2014.02.23 11:49:47 | 016,953,856 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll MOD - [2014.01.03 05:42:50 | 003,610,624 | ---- | M] () -- C:\Users\xy\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll MOD - [2013.10.19 01:55:02 | 025,100,288 | ---- | M] () -- C:\Users\xy\AppData\Roaming\Dropbox\bin\libcef.dll ========== Services (SafeList) ========== SRV:64bit: - [2014.03.07 12:29:31 | 000,118,784 | -H-- | M] () [Auto | Running] -- C:\Windows\SysNative\mswsockd.exe -- (ntoskrol) SRV:64bit: - [2014.02.06 12:48:45 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService) SRV:64bit: - [2013.12.06 22:52:10 | 000,239,616 | -H-- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2013.12.06 17:06:06 | 000,344,064 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV:64bit: - [2008.05.08 01:29:38 | 000,122,880 | -H-- | M] (CrypKey (Canada) Ltd.) [Auto | Running] -- C:\Windows\SysNative\Crypserv.exe -- (Crypkey License) SRV - [2014.05.04 07:56:09 | 000,257,712 | -H-- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2014.02.25 23:57:46 | 000,568,512 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2014.02.20 15:58:03 | 000,440,400 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2014.02.20 15:57:57 | 000,440,400 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2014.02.05 10:48:32 | 004,915,040 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe -- (TeamViewer9) SRV - [2014.01.16 18:03:40 | 000,064,112 | ---- | M] (CyberGhost S.R.L) [Auto | Running] -- C:\Programme\CyberGhost 5\Service.exe -- (CGVPNCliService) SRV - [2014.01.16 02:42:12 | 000,289,256 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\3.8.141\McCHSvc.exe -- (McComponentHostService) SRV - [2013.09.11 22:21:54 | 000,105,144 | -H-- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013.04.18 11:06:42 | 000,737,616 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2012.07.17 16:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.05.06 18:53:50 | 001,220,608 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs) SRV - [2008.08.07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) ========== Driver Services (SafeList) ========== DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard) DRV:64bit: - [2014.03.18 02:24:02 | 000,451,480 | -H-- | M] (Check Point Software Technologies Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant) DRV:64bit: - [2014.01.22 08:52:10 | 000,206,080 | -H-- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) DRV:64bit: - [2014.01.22 08:52:10 | 000,108,800 | -H-- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) DRV:64bit: - [2013.12.24 23:33:22 | 000,489,568 | -H-- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF) DRV:64bit: - [2013.12.24 23:33:20 | 007,717,984 | -H-- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1) DRV:64bit: - [2013.12.18 18:40:12 | 000,131,576 | -H-- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2013.12.18 18:40:12 | 000,108,440 | -H-- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2013.12.06 23:52:14 | 013,207,552 | -H-- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2013.12.06 22:21:44 | 000,626,176 | -H-- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2013.11.26 07:27:26 | 000,028,600 | -H-- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2013.09.24 16:53:50 | 000,094,208 | -H-- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2013.08.22 14:40:24 | 000,040,664 | -H-- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901) DRV:64bit: - [2013.08.19 20:30:57 | 000,047,240 | -H-- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tbhsd.sys -- (tbhsd) DRV:64bit: - [2012.10.17 14:53:46 | 000,026,112 | -H-- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd) DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.09.29 11:30:34 | 000,646,248 | -H-- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | -H-- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | -H-- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.12.15 17:06:46 | 000,047,232 | RH-- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2010.11.20 05:33:36 | 000,078,720 | -H-- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 01:37:44 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.02.18 09:18:24 | 000,046,136 | -H-- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | -H-- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | -H-- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | -H-- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | -H-- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2008.03.17 19:12:26 | 000,028,664 | -H-- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Ckldrv.sys -- (NetworkX) DRV - [2013.09.20 00:05:02 | 000,059,648 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2.0) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-918124617-738689493-455985151-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com IE - HKU\S-1-5-21-918124617-738689493-455985151-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\S-1-5-21-918124617-738689493-455985151-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-918124617-738689493-455985151-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-918124617-738689493-455985151-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-918124617-738689493-455985151-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2D 55 81 69 3C 5D CE 01 [binary data] IE - HKU\S-1-5-21-918124617-738689493-455985151-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com IE - HKU\S-1-5-21-918124617-738689493-455985151-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com IE - HKU\S-1-5-21-918124617-738689493-455985151-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-918124617-738689493-455985151-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd1202&cd=2XzuyEtN2Y1L1QzutDtDtDyEyD0F0BtB0F0C0A0Fzy0A0E0FtN0D0Tzu0SyBtCyEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1989247540&ir= IE - HKU\S-1-5-21-918124617-738689493-455985151-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7BEBB09598-CE49-44A2-8D8F-DAE7F08CB84F%7D:2.2.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0.1 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3522.0110: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{EBB09598-CE49-44A2-8D8F-DAE7F08CB84F}: C:\Windows\Installer\{B16D8C33-92D4-47C7-A449-C55B0B3356E2}\{EBB09598-CE49-44A2-8D8F-DAE7F08CB84F}.xpi [2014.05.11 14:04:40 | 000,796,223 | -H-- | M] () FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014.05.03 06:27:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xy\AppData\Roaming\mozilla\Extensions [2014.05.11 14:04:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xy\AppData\Roaming\mozilla\Firefox\Profiles\68zaqfqh.default-1399808736961\extensions [2014.05.10 03:35:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2014.05.10 03:35:58 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2014.05.11 14:04:40 | 000,796,223 | -H-- | M] () (No name found) -- C:\WINDOWS\INSTALLER\{B16D8C33-92D4-47C7-A449-C55B0B3356E2}\{EBB09598-CE49-44A2-8D8F-DAE7F08CB84F}.XPI ========== Chrome ========== CHR - homepage: hxxp://www.google.com CHR - Extension: No name found = C:\Users\xy\AppData\Local\Google\Chrome\User Data\default\extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\ CHR - Extension: No name found = C:\Users\xy\AppData\Local\Google\Chrome\User Data\default\extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\ CHR - Extension: No name found = C:\Users\xy\AppData\Local\Google\Chrome\User Data\default\extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: No name found = C:\Users\xy\AppData\Local\Google\Chrome\User Data\default\extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | -H-- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Programme\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Programme\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.) O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKU\S-1-5-21-918124617-738689493-455985151-1000\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found. O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Download Protect] C:\ProgramData\dlprotect.exe () O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-918124617-738689493-455985151-1000..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) O4 - HKU\S-1-5-21-918124617-738689493-455985151-1000..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung) O4 - HKU\S-1-5-21-918124617-738689493-455985151-1000..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O4 - HKU\.DEFAULT..\RunOnce: [SpUninstallDeleteDir] rmdir /s /q "\SearchProtect" File not found O4 - HKU\S-1-5-18..\RunOnce: [SpUninstallDeleteDir] rmdir /s /q "\SearchProtect" File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\xy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\xy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\SearchScopes present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKU\S-1-5-21-918124617-738689493-455985151-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{94FAA4C5-3B3C-4229-B168-76B8CA05270F}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B322F991-7096-4BA5-AA59-F02F01608B7A}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Programme\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Programme\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2014.02.07 21:49:58 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2014.02.08 19:18:51 | 000,000,000 | ---D | M] - C:\AutoRuns -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (sdnclean64.exe) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2014.05.11 13:33:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Atheros [2014.05.11 06:12:01 | 000,000,000 | ---D | C] -- C:\Users\xy\Desktop\Alte Firefox-Daten [2014.05.10 18:34:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft [2014.05.10 04:11:22 | 000,536,576 | -H-- | C] (SQLite Development Team) -- C:\Windows\SysWow64\sqlite3.dll [2014.05.10 03:35:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2014.05.09 05:48:56 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump [2014.05.04 07:56:05 | 017,931,952 | -H-- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe [2014.05.04 07:39:00 | 000,000,000 | ---D | C] -- C:\Users\xy\Documents\StreamingStar [2014.05.03 15:11:47 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Roaming\DropboxMaster [2014.05.03 10:57:53 | 000,000,000 | ---D | C] -- C:\Users\xy\Documents\MAGIX_MusicEditor [2014.05.03 09:39:54 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\CrashDumps [2014.05.03 06:27:09 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Roaming\Mozilla [2014.05.02 12:23:17 | 000,000,000 | ---D | C] -- C:\Users\xy\Documents\MAGIX_Foto_Manager_9 [2014.05.02 06:17:39 | 000,000,000 | ---D | C] -- C:\ProgramData\MotionStudios [2014.05.02 03:00:49 | 000,000,000 | ---D | C] -- C:\MotionStudios [2014.05.01 07:58:33 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\MAGIX_AG [2014.04.20 09:09:34 | 000,000,000 | ---D | C] -- C:\Users\xy\Documents\Epubsoft [2014.04.20 09:09:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Epubsoft [2014.04.20 09:09:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPUBSOFT [2014.04.20 09:09:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EPUBSOFT [2014.04.20 08:59:25 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Roaming\ePUBeedrmremoval [2014.04.20 08:59:25 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Roaming\decrypt [2014.04.20 08:59:25 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Roaming\.ePUBeedrmremoval [2014.04.20 08:59:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ePUBee [2014.04.19 11:42:50 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\calibre-cache [2014.04.19 11:15:01 | 000,000,000 | ---D | C] -- C:\Users\xy\Documents\My Kindle Content [2014.04.19 11:14:41 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon [2014.04.19 11:14:41 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\Amazon [2014.04.19 11:14:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amazon [2014.04.18 06:31:19 | 000,083,096 | -H-- | C] (Sygate Technologies, Inc.) -- C:\Windows\SysWow64\SSSensor.dll [2014.04.18 06:31:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sygate Personal Firewall [2014.04.18 06:31:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sygate [2014.04.17 20:28:49 | 007,717,984 | -H-- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kl1.sys [2014.04.17 20:28:47 | 000,489,568 | -H-- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klif.sys [2014.04.17 20:28:47 | 000,090,208 | -H-- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klflt.sys [2014.04.17 20:28:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point [2014.04.17 04:41:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CheckPoint [2014.04.17 04:39:46 | 000,119,512 | -H-- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys [2014.04.17 04:39:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware [2014.04.17 04:39:33 | 000,088,280 | -H-- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys [2014.04.17 04:39:33 | 000,063,192 | -H-- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys [2014.04.17 04:39:33 | 000,025,816 | -H-- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2014.04.17 04:39:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ Malwarebytes Anti-Malware [2014.04.12 12:26:19 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Roaming\TechSmith [2014.04.12 12:26:00 | 000,000,000 | ---D | C] -- C:\Users\xy\Documents\Camtasia Studio [2014.04.12 12:22:00 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\Ashampoo Movie Studio [2014.04.12 11:57:42 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Roaming\MOVAVI [2014.04.12 11:57:42 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\Movavi [2014.04.12 11:37:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith [2014.04.12 11:37:40 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1995-08.com.techsmith [2014.04.12 11:37:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2014.04.12 11:37:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\TechSmith Shared [2014.04.12 11:37:20 | 000,000,000 | ---D | C] -- C:\ProgramData\TechSmith [2014.04.12 11:37:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TechSmith [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2014.05.11 15:05:03 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2014.05.11 15:05:03 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2014.05.11 14:56:56 | 000,001,098 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2014.05.11 14:56:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2014.05.11 14:56:30 | 2811,244,544 | -HS- | M] () -- C:\hiberfil.sys [2014.05.11 14:46:00 | 000,001,102 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2014.05.11 14:29:16 | 000,119,512 | -H-- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys [2014.05.11 14:04:41 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2014.05.11 13:56:00 | 000,000,884 | -H-- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2014.05.11 09:52:56 | 001,629,276 | -H-- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2014.05.11 09:52:56 | 000,702,926 | -H-- | M] () -- C:\Windows\SysNative\perfh007.dat [2014.05.11 09:52:56 | 000,657,158 | -H-- | M] () -- C:\Windows\SysNative\perfh009.dat [2014.05.11 09:52:56 | 000,150,566 | -H-- | M] () -- C:\Windows\SysNative\perfc007.dat [2014.05.11 09:52:56 | 000,122,970 | -H-- | M] () -- C:\Windows\SysNative\perfc009.dat [2014.05.11 07:03:06 | 000,002,081 | ---- | M] () -- C:\Users\xy\Desktop\Everest Home Edition - CHIP Downloader.lnk [2014.05.10 18:34:44 | 000,001,432 | ---- | M] () -- C:\Users\Public\Desktop\Free YouTube Download.lnk [2014.05.10 18:34:44 | 000,001,235 | ---- | M] () -- C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk [2014.05.10 16:33:36 | 000,000,034 | -H-- | M] () -- C:\Windows\cdplayer.ini [2014.05.10 04:25:30 | 000,000,944 | ---- | M] () -- C:\Users\xy\Desktop\adwcleaner_3.2.0.7 - Verknüpfung.lnk [2014.05.09 17:20:17 | 000,001,945 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk [2014.05.04 07:56:09 | 000,692,400 | -H-- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2014.05.04 07:56:08 | 000,070,832 | -H-- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2014.05.04 07:56:05 | 017,931,952 | -H-- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe [2014.05.04 07:08:45 | 000,000,684 | ---- | M] () -- C:\Users\xy\Desktop\MediathekView - neu.lnk [2014.05.04 07:06:32 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2014.05.04 07:06:32 | 000,001,930 | ---- | M] () -- C:\Users\Public\Desktop\Canon Easy-PhotoPrint EX.lnk [2014.05.04 07:06:31 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2014.05.03 15:12:02 | 000,001,008 | ---- | M] () -- C:\Users\xy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014.05.03 15:11:30 | 000,000,970 | ---- | M] () -- C:\Users\xy\Desktop\Dropbox.lnk [2014.05.03 10:12:31 | 000,011,264 | ---- | M] () -- C:\Users\xy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2014.05.03 06:27:04 | 000,001,143 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2014.05.02 15:27:06 | 000,512,808 | -H-- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2014.05.02 12:18:47 | 000,001,212 | ---- | M] () -- C:\Users\Public\Desktop\MAGIX Fotos auf CD & DVD 9 deluxe.lnk [2014.05.02 10:24:55 | 000,008,476 | ---- | M] () -- C:\Users\xy\AppData\Local\recently-used.xbel [2014.04.19 11:42:28 | 000,000,960 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk [2014.04.19 11:14:41 | 000,001,990 | ---- | M] () -- C:\Users\xy\Desktop\Kindle.lnk [2014.04.17 20:29:46 | 000,000,132 | -H-- | M] () -- C:\Windows\SysNative\drivers\vsconfig.xml [2014.04.17 04:39:35 | 000,001,098 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2014.04.12 12:21:45 | 000,001,240 | ---- | M] () -- C:\Users\Public\Desktop\Ashampoo Movie Studio.lnk [2014.04.12 11:57:42 | 000,005,053 | ---- | M] () -- C:\ProgramData\hwjqxkkr.zva [2014.04.12 11:42:20 | 000,004,509 | ---- | M] () -- C:\Users\xy\AppData\Roaming\CamStudio.cfg [2014.04.12 11:42:20 | 000,000,408 | ---- | M] () -- C:\Users\xy\AppData\Roaming\CamShapes.ini [2014.04.12 11:42:20 | 000,000,408 | ---- | M] () -- C:\Users\xy\AppData\Roaming\CamLayout.ini [2014.04.12 11:42:20 | 000,000,096 | ---- | M] () -- C:\Users\xy\AppData\Roaming\Camdata.ini [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2014.05.11 07:03:06 | 000,002,081 | ---- | C] () -- C:\Users\xy\Desktop\Everest Home Edition - CHIP Downloader.lnk [2014.05.10 18:34:44 | 000,001,432 | ---- | C] () -- C:\Users\Public\Desktop\Free YouTube Download.lnk [2014.05.10 18:34:44 | 000,001,235 | ---- | C] () -- C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk [2014.05.10 04:25:29 | 000,000,944 | ---- | C] () -- C:\Users\xy\Desktop\adwcleaner_3.2.0.7 - Verknüpfung.lnk [2014.05.04 07:08:45 | 000,000,684 | ---- | C] () -- C:\Users\xy\Desktop\MediathekView - neu.lnk [2014.05.04 07:03:20 | 000,000,884 | -H-- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2014.05.03 06:27:04 | 000,001,143 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2014.05.03 06:27:03 | 000,001,155 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2014.05.02 12:18:47 | 000,001,212 | ---- | C] () -- C:\Users\Public\Desktop\MAGIX Fotos auf CD & DVD 9 deluxe.lnk [2014.05.02 10:24:55 | 000,008,476 | ---- | C] () -- C:\Users\xy\AppData\Local\recently-used.xbel [2014.04.27 11:54:36 | 000,000,034 | -H-- | C] () -- C:\Windows\cdplayer.ini [2014.04.19 11:14:41 | 000,001,990 | ---- | C] () -- C:\Users\xy\Desktop\Kindle.lnk [2014.04.17 20:28:54 | 000,000,132 | -H-- | C] () -- C:\Windows\SysNative\drivers\vsconfig.xml [2014.04.17 04:39:35 | 000,001,098 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2014.04.12 12:21:45 | 000,001,240 | ---- | C] () -- C:\Users\Public\Desktop\Ashampoo Movie Studio.lnk [2014.04.12 11:57:42 | 000,005,053 | ---- | C] () -- C:\ProgramData\hwjqxkkr.zva [2014.03.26 20:44:20 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2014.03.22 15:08:02 | 000,000,042 | ---- | C] () -- C:\Users\xy\AppData\Roaming\WB.CFG [2014.03.19 13:14:21 | 000,011,264 | ---- | C] () -- C:\Users\xy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2014.03.07 12:29:32 | 000,012,800 | ---- | C] () -- C:\ProgramData\dlprotect.exe [2014.02.09 14:49:30 | 000,000,701 | ---- | C] () -- C:\Users\xy\AppData\Roaming\pdfsound.dll [2014.02.09 14:49:30 | 000,000,053 | ---- | C] () -- C:\Users\xy\AppData\Roaming\setting.ini [2014.02.09 14:49:30 | 000,000,043 | ---- | C] () -- C:\Users\xy\AppData\Roaming\setup_pdfrotator.ini [2014.02.09 14:49:30 | 000,000,043 | ---- | C] () -- C:\Users\xy\AppData\Roaming\setup_pdfcombine.ini [2014.02.09 14:49:30 | 000,000,030 | ---- | C] () -- C:\Users\xy\AppData\Roaming\setup.ini [2014.02.09 14:49:30 | 000,000,014 | ---- | C] () -- C:\Users\xy\AppData\Roaming\options.ini [2014.02.09 14:49:30 | 000,000,003 | ---- | C] () -- C:\Users\xy\AppData\Roaming\options_pdfrotator.ini [2014.02.09 14:49:30 | 000,000,003 | ---- | C] () -- C:\Users\xy\AppData\Roaming\options_pdfcombine.ini [2014.01.18 20:25:57 | 000,000,000 | -H-- | C] () -- C:\Windows\geo.ini [2013.12.15 11:19:23 | 000,338,944 | -H-- | C] () -- C:\Windows\SysWow64\Lffpx7.dll [2013.12.15 11:19:23 | 000,122,880 | -H-- | C] () -- C:\Windows\SysWow64\Lfkodak.dll [2013.12.15 11:19:23 | 000,088,576 | -H-- | C] () -- C:\Windows\SysWow64\Lffpx90n.dll [2013.12.06 23:38:38 | 000,995,342 | -H-- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe [2013.12.06 23:38:38 | 000,798,734 | -H-- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe [2013.12.06 17:44:26 | 000,038,912 | -H-- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2013.11.10 16:22:58 | 000,000,256 | -H-- | C] () -- C:\Windows\_delis32.ini [2013.11.09 15:25:48 | 000,004,509 | ---- | C] () -- C:\Users\xy\AppData\Roaming\CamStudio.cfg [2013.10.06 15:12:01 | 000,178,176 | -H-- | C] () -- C:\Windows\SysWow64\StellarProfile.dll [2013.10.06 11:08:27 | 000,000,004 | -H-- | C] () -- C:\Windows\vx86036.dat [2013.10.06 11:08:05 | 000,000,140 | -H-- | C] () -- C:\Windows\Crypkey.ini [2013.10.06 11:07:59 | 000,027,648 | RH-- | C] () -- C:\Windows\Setup_ck.exe [2013.10.06 11:07:59 | 000,018,432 | -H-- | C] () -- C:\Windows\Setup_ck.dll [2013.10.06 11:07:59 | 000,011,776 | -H-- | C] () -- C:\Windows\Ckrfresh.exe [2013.09.28 09:55:35 | 000,000,408 | ---- | C] () -- C:\Users\xy\AppData\Roaming\CamShapes.ini [2013.09.28 09:55:35 | 000,000,408 | ---- | C] () -- C:\Users\xy\AppData\Roaming\CamLayout.ini [2013.09.28 09:55:35 | 000,000,096 | ---- | C] () -- C:\Users\xy\AppData\Roaming\Camdata.ini [2013.06.07 21:08:30 | 000,000,234 | -H-- | C] () -- C:\Windows\wininit.ini [2013.06.02 19:08:27 | 000,007,256 | -H-- | C] () -- C:\Windows\mgxoschk.ini [2013.05.31 20:52:26 | 001,602,556 | -H-- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.05.30 17:12:58 | 000,120,200 | -H-- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll [2013.05.30 16:14:22 | 000,000,400 | -H-- | C] () -- C:\Windows\ODBC.INI [2013.05.30 15:47:53 | 000,000,000 | -H-- | C] () -- C:\Windows\ativpsrm.bin [2013.05.22 20:43:52 | 000,030,568 | -H-- | C] () -- C:\Windows\MusiccityDownload.exe [2013.05.22 20:43:48 | 000,974,848 | -H-- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2013.05.22 20:43:48 | 000,081,920 | -H-- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2013.05.22 20:43:48 | 000,065,536 | -H-- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2013.05.22 20:43:48 | 000,057,344 | -H-- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2012.12.19 21:52:22 | 000,204,952 | -H-- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.12.19 21:52:22 | 000,157,144 | -H-- | C] () -- C:\Windows\SysWow64\ativvsva.dat ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.07.26 04:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.07.26 03:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 04:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Custom Scans ========== ========== Base Services ========== SRV:64bit: - [2009.07.14 03:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc) SRV:64bit: - [2013.02.27 07:47:10 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo) SRV:64bit: - [2009.07.14 03:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG) SRV:64bit: - [2010.11.20 05:27:24 | 000,849,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS) SRV:64bit: - [2010.11.20 05:25:46 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE) SRV:64bit: - [2013.09.25 03:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso) SRV:64bit: - [2009.07.14 03:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem) SRV - [2009.07.14 03:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem) SRV:64bit: - [2012.07.05 00:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser) SRV:64bit: - [2013.07.09 07:46:20 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc) SRV - [2013.07.09 06:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc) SRV:64bit: - [2010.11.20 05:27:26 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch) SRV:64bit: - [2010.11.20 05:26:06 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp) SRV - [2010.11.20 04:18:32 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp) SRV:64bit: - [2011.03.03 08:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache) SRV:64bit: - [2009.07.14 03:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost) SRV:64bit: - [2009.07.14 03:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\hidserv.dll -- (hidserv) SRV - [2009.07.14 03:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv) SRV:64bit: - [2009.07.14 03:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess) SRV:64bit: - [2010.11.20 05:26:40 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent) No service found with a name of MsMpSvc No service found with a name of NisSrv SRV:64bit: - [2009.07.14 03:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\swprv.dll -- (swprv) SRV:64bit: - [2009.07.14 03:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS) SRV:64bit: - [2009.07.14 03:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman) SRV:64bit: - [2009.07.14 03:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm) SRV - [2009.07.14 03:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm) SRV:64bit: - [2012.10.03 19:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc) SRV:64bit: - [2009.07.14 03:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi) SRV:64bit: - [2011.05.24 13:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay) SRV:64bit: - [2012.02.11 08:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler) SRV:64bit: - [2013.09.25 03:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage) No service found with a name of EMDMgmt SRV:64bit: - [2009.07.14 03:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto) SRV:64bit: - [2010.11.20 05:27:26 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan) SRV:64bit: - [2010.11.20 05:27:26 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs) SRV:64bit: - [2010.11.20 05:27:26 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon) SRV:64bit: - [2013.09.25 03:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs) SRV:64bit: - [2009.07.14 03:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc) SRV:64bit: - [2010.11.20 05:27:28 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer) SRV:64bit: - [2010.11.20 05:27:26 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection) SRV - [2010.11.20 04:21:20 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection) No service found with a name of slsvc SRV:64bit: - [2010.11.20 05:27:26 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule) SRV:64bit: - [2010.11.20 05:27:28 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv) SRV - [2010.11.20 04:21:30 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv) SRV:64bit: - [2009.07.14 03:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes) SRV:64bit: - [2012.05.01 07:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc) SRV:64bit: - [2010.11.20 05:25:28 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS) SRV:64bit: - [2010.11.20 05:25:44 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv) SRV:64bit: - [2010.11.20 05:25:44 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder) SRV:64bit: - [2010.11.20 05:27:26 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC) No service found with a name of WinDefend SRV:64bit: - [2010.11.20 05:27:30 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog) SRV:64bit: - [2010.11.20 05:27:00 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc) SRV:64bit: - [2010.11.20 05:27:30 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc) SRV:64bit: - [2010.11.20 05:25:00 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver) SRV - [2010.11.20 04:17:24 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver) SRV:64bit: - [2009.07.14 03:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt) SRV:64bit: - [2012.06.03 00:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv) SRV:64bit: - [2010.11.20 05:26:08 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc) SRV:64bit: - [2009.07.14 03:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc) SRV:64bit: - [2010.11.20 05:27:30 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation) < %SYSTEMDRIVE%\*.exe > < MD5 for: EXPLORER.EXE > [2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe [2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe [2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.20 04:17:10 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2010.11.20 05:24:46 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe [2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe < MD5 for: MPSVC.DLL > [2013.05.27 07:26:41 | 001,011,712 | ---- | M] (Microsoft Corporation) MD5=7B6CD2C784B13D63481B6BF49605C026 -- C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.22341_none_b648c5e888076cca\MpSvc.dll [2013.05.27 07:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) MD5=7CBB1D4D13DC62D7F529D87151FD3CD3 -- C:\Program Files\Windows Defender\MpSvc.dll [2013.05.27 07:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) MD5=7CBB1D4D13DC62D7F529D87151FD3CD3 -- C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.18170_none_b59db7296f030a55\MpSvc.dll [2013.05.27 07:56:38 | 001,011,712 | ---- | M] (Microsoft Corporation) MD5=93B9D9FABBED612F71527E52E1D1EE93 -- C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.21531_none_b46d38ce8ad8e4ed\MpSvc.dll [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) MD5=CF318F60A84F15AF352439465A8D05F4 -- C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_b3b1a27171e01f6c\MpSvc.dll [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) MD5=CF318F60A84F15AF352439465A8D05F4 -- C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_b5e2b6396ecea306\MpSvc.dll [2013.05.27 07:25:24 | 001,011,712 | ---- | M] (Microsoft Corporation) MD5=F7DE0DDAC48EEE6DD48A9EB33F6E672D -- C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.17316_none_b3fe3b6771a68ecd\MpSvc.dll < MD5 for: QMGR.DLL > [2010.11.20 05:27:24 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\SysNative\qmgr.dll [2010.11.20 05:27:24 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_81b6ca5c101195cd\qmgr.dll [2009.07.14 03:41:53 | 000,848,384 | ---- | M] (Microsoft Corporation) MD5=7F0C323FE3DA28AA4AA1BDA3F575707F -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7600.16385_none_7f85b69413231233\qmgr.dll < MD5 for: RPCSS.DLL > [2010.11.20 05:27:26 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\Windows\SysNative\rpcss.dll [2010.11.20 05:27:26 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll [2009.07.14 03:41:53 | 000,509,440 | ---- | M] (Microsoft Corporation) MD5=7266972E86890E2B30C0C322E906B027 -- C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll < MD5 for: SERVICES > [2009.06.10 23:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services < MD5 for: SERVICES.ASFX > [2012.09.23 20:43:44 | 000,002,677 | ---- | M] () MD5=22FEEF662B7E813F8547E1446EBC706B -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Locale\de_DE\Services\Services.asfx < MD5 for: SERVICES.CFG > [2012.09.23 20:43:36 | 000,603,848 | RH-- | M] () MD5=81B120EAEE296F0E54F66C16C5A21367 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA71301B744BA0000000010\11.0.0\services.cfg [2013.05.11 12:37:26 | 000,558,990 | ---- | M] () MD5=FE8FB005031C2574E990DAC1F9F5ACF8 -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Services\Services.cfg < MD5 for: SERVICES.DAT > [2013.04.22 05:04:55 | 000,001,720 | ---- | M] () MD5=43C1700D78D89F0B1F6FA88FD132BE1A -- C:\JRT\services.dat < MD5 for: SERVICES.EXE > [2009.07.14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe [2009.07.14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe < MD5 for: SERVICES.EXE.MUI > [2009.07.14 19:58:12 | 000,019,456 | ---- | M] (Microsoft Corporation) MD5=F0E13F46C1944FCE489C9A18372C3ED8 -- C:\Windows\SysNative\de-DE\services.exe.mui [2009.07.14 19:58:12 | 000,019,456 | ---- | M] (Microsoft Corporation) MD5=F0E13F46C1944FCE489C9A18372C3ED8 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_de-de_1d0162c550c828a3\services.exe.mui < MD5 for: SERVICES.LNK > [2009.07.14 06:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk [2009.07.14 06:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk < MD5 for: SERVICES.MOF > [2009.06.10 22:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof [2009.06.10 22:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof < MD5 for: SERVICES.MSC > [2009.06.10 22:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc [2009.06.10 23:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc [2009.06.10 22:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc [2009.06.10 23:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc [2009.07.14 19:58:11 | 000,092,744 | ---- | M] () MD5=7FC1BD72E9D0E622638C4620E33FAD47 -- C:\Windows\SysNative\de-DE\services.msc [2009.07.14 19:58:12 | 000,092,744 | ---- | M] () MD5=7FC1BD72E9D0E622638C4620E33FAD47 -- C:\Windows\SysWOW64\de-DE\services.msc [2009.07.14 19:58:11 | 000,092,744 | ---- | M] () MD5=7FC1BD72E9D0E622638C4620E33FAD47 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_de-de_574332b12731c296\services.msc [2009.07.14 19:58:12 | 000,092,744 | ---- | M] () MD5=7FC1BD72E9D0E622638C4620E33FAD47 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_de-de_fb24972d6ed45160\services.msc < MD5 for: SERVICES.PTXML > [2009.07.13 22:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml [2009.07.13 22:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml < MD5 for: SVCHOST.EXE > [2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe [2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe [2014.04.03 09:49:02 | 000,742,200 | ---- | M] (MalwareBytes) MD5=96820649733BFB2B0499C371904B7B40 -- C:\Program Files (x86)\ Malwarebytes Anti-Malware \Chameleon\Windows\svchost.exe [2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe [2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe < MD5 for: USERINIT.EXE > [2010.11.20 04:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 04:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 05:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 05:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 05:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 05:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2014.04.03 09:49:02 | 000,742,200 | ---- | M] (MalwareBytes) MD5=96820649733BFB2B0499C371904B7B40 -- C:\Program Files (x86)\ Malwarebytes Anti-Malware \Chameleon\Windows\winlogon.exe [2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < dir "%systemdrive%\*" /S /A:L /C > Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: AE4A-9AEF Verzeichnis von C:\ 14.07.2009 07:08 <VERBINDUNG> Documents and Settings [C:\Users] 30.05.2013 15:39 <VERBINDUNG> Dokumente und Einstellungen [C:\Users] 30.05.2013 15:39 <VERBINDUNG> Programme [C:\Program Files] 0 Datei(en), 0 Bytes Verzeichnis von C:\Program Files 30.05.2013 15:39 <VERBINDUNG> Gemeinsame Dateien [C:\Program Files\Common Files] 0 Datei(en), 0 Bytes Verzeichnis von C:\Program Files\Windows NT 30.05.2013 15:39 <VERBINDUNG> Zubeh”r [C:\Program Files\Windows NT\Accessories] 0 Datei(en), 0 Bytes Verzeichnis von C:\ProgramData 30.05.2013 15:39 <VERBINDUNG> Anwendungsdaten [C:\ProgramData] 14.07.2009 07:08 <VERBINDUNG> Application Data [C:\ProgramData] 14.07.2009 07:08 <VERBINDUNG> Desktop [C:\Users\Public\Desktop] 14.07.2009 07:08 <VERBINDUNG> Documents [C:\Users\Public\Documents] 30.05.2013 15:39 <VERBINDUNG> Dokumente [C:\Users\Public\Documents] 30.05.2013 15:39 <VERBINDUNG> Favoriten [C:\Users\Public\Favorites] 14.07.2009 07:08 <VERBINDUNG> Favorites [C:\Users\Public\Favorites] 14.07.2009 07:08 <VERBINDUNG> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu] 30.05.2013 15:39 <VERBINDUNG> Startmen [C:\ProgramData\Microsoft\Windows\Start Menu] 14.07.2009 07:08 <VERBINDUNG> Templates [C:\ProgramData\Microsoft\Windows\Templates] 30.05.2013 15:39 <VERBINDUNG> Vorlagen [C:\ProgramData\Microsoft\Windows\Templates] 0 Datei(en), 0 Bytes Verzeichnis von C:\ProgramData\Microsoft\Windows\Start Menu 30.05.2013 15:39 <VERBINDUNG> Programme [C:\ProgramData\Microsoft\Windows\Start Menu\Programs] 0 Datei(en), 0 Bytes Verzeichnis von C:\Users 14.07.2009 07:08 <SYMLINKD> All Users [C:\ProgramData] 14.07.2009 07:08 <VERBINDUNG> Default User [C:\Users\Default] 0 Datei(en), 0 Bytes Verzeichnis von C:\Users\All Users 30.05.2013 15:39 <VERBINDUNG> Anwendungsdaten [C:\ProgramData] 14.07.2009 07:08 <VERBINDUNG> Application Data [C:\ProgramData] 14.07.2009 07:08 <VERBINDUNG> Desktop [C:\Users\Public\Desktop] 14.07.2009 07:08 <VERBINDUNG> Documents [C:\Users\Public\Documents] 30.05.2013 15:39 <VERBINDUNG> Dokumente [C:\Users\Public\Documents] 30.05.2013 15:39 <VERBINDUNG> Favoriten [C:\Users\Public\Favorites] 14.07.2009 07:08 <VERBINDUNG> Favorites [C:\Users\Public\Favorites] 14.07.2009 07:08 <VERBINDUNG> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu] 30.05.2013 15:39 <VERBINDUNG> Startmen [C:\ProgramData\Microsoft\Windows\Start Menu] 14.07.2009 07:08 <VERBINDUNG> Templates [C:\ProgramData\Microsoft\Windows\Templates] 30.05.2013 15:39 <VERBINDUNG> Vorlagen [C:\ProgramData\Microsoft\Windows\Templates] 0 Datei(en), 0 Bytes Verzeichnis von C:\Users\All Users\Microsoft\Windows\Start Menu 30.05.2013 15:39 <VERBINDUNG> Programme [C:\ProgramData\Microsoft\Windows\Start Menu\Programs] 0 Datei(en), 0 Bytes Verzeichnis von C:\Users\Default 30.05.2013 15:39 <VERBINDUNG> Anwendungsdaten [C:\Users\Default\AppData\Roaming] 14.07.2009 07:08 <VERBINDUNG> Application Data [C:\Users\Default\AppData\Roaming] 14.07.2009 07:08 <VERBINDUNG> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies] 30.05.2013 15:39 <VERBINDUNG> Druckumgebung [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts] 30.05.2013 15:39 <VERBINDUNG> Eigene Dateien [C:\Users\Default\Documents] 14.07.2009 07:08 <VERBINDUNG> Local Settings [C:\Users\Default\AppData\Local] 30.05.2013 15:39 <VERBINDUNG> Lokale Einstellungen [C:\Users\Default\AppData\Local] 14.07.2009 07:08 <VERBINDUNG> My Documents [C:\Users\Default\Documents] 14.07.2009 07:08 <VERBINDUNG> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts] 30.05.2013 15:39 <VERBINDUNG> Netzwerkumgebung [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts] 14.07.2009 07:08 <VERBINDUNG> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts] 14.07.2009 07:08 <VERBINDUNG> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent] 14.07.2009 07:08 <VERBINDUNG> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo] 14.07.2009 07:08 <VERBINDUNG> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu] 30.05.2013 15:39 <VERBINDUNG> Startmen [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu] 14.07.2009 07:08 <VERBINDUNG> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates] 30.05.2013 15:39 <VERBINDUNG> Vorlagen [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates] 0 Datei(en), 0 Bytes Verzeichnis von C:\Users\Default\AppData\Local 30.05.2013 15:39 <VERBINDUNG> Anwendungsdaten [C:\Users\Default\AppData\Local] 14.07.2009 07:08 <VERBINDUNG> Application Data [C:\Users\Default\AppData\Local] 14.07.2009 07:08 <VERBINDUNG> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History] 14.07.2009 07:08 <VERBINDUNG> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files] 30.05.2013 15:39 <VERBINDUNG> Verlauf [C:\Users\Default\AppData\Local\Microsoft\Windows\History] 0 Datei(en), 0 Bytes Verzeichnis von C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu 30.05.2013 15:39 <VERBINDUNG> Programme [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs] 0 Datei(en), 0 Bytes Verzeichnis von C:\Users\Default\Documents 30.05.2013 15:39 <VERBINDUNG> Eigene Bilder [C:\Users\Default\Pictures] 30.05.2013 15:39 <VERBINDUNG> Eigene Musik [C:\Users\Default\Music] 30.05.2013 15:39 <VERBINDUNG> Eigene Videos [C:\Users\Default\Videos] 14.07.2009 07:08 <VERBINDUNG> My Music [C:\Users\Default\Music] 14.07.2009 07:08 <VERBINDUNG> My Pictures [C:\Users\Default\Pictures] 14.07.2009 07:08 <VERBINDUNG> My Videos [C:\Users\Default\Videos] 0 Datei(en), 0 Bytes Verzeichnis von C:\Users\Public\Documents 30.05.2013 15:39 <VERBINDUNG> Eigene Bilder [C:\Users\Public\Pictures] 30.05.2013 15:39 <VERBINDUNG> Eigene Musik [C:\Users\Public\Music] 30.05.2013 15:39 <VERBINDUNG> Eigene Videos [C:\Users\Public\Videos] 14.07.2009 07:08 <VERBINDUNG> My Music [C:\Users\Public\Music] 14.07.2009 07:08 <VERBINDUNG> My Pictures [C:\Users\Public\Pictures] 14.07.2009 07:08 <VERBINDUNG> My Videos [C:\Users\Public\Videos] 0 Datei(en), 0 Bytes Verzeichnis von C:\Users\xy 30.05.2013 15:39 <VERBINDUNG> Anwendungsdaten [C:\Users\xy\AppData\Roaming] 30.05.2013 15:39 <VERBINDUNG> Cookies [C:\Users\xy\AppData\Roaming\Microsoft\Windows\Cookies] 30.05.2013 15:39 <VERBINDUNG> Druckumgebung [C:\Users\xy\AppData\Roaming\Microsoft\Windows\Printer Shortcuts] 30.05.2013 15:39 <VERBINDUNG> Eigene Dateien [C:\Users\xy\Documents] 30.05.2013 15:39 <VERBINDUNG> Lokale Einstellungen [C:\Users\xy\AppData\Local] 30.05.2013 15:39 <VERBINDUNG> Netzwerkumgebung [C:\Users\xy\AppData\Roaming\Microsoft\Windows\Network Shortcuts] 30.05.2013 15:39 <VERBINDUNG> Recent [C:\Users\xy\AppData\Roaming\Microsoft\Windows\Recent] 30.05.2013 15:39 <VERBINDUNG> SendTo [C:\Users\xy\AppData\Roaming\Microsoft\Windows\SendTo] 30.05.2013 15:39 <VERBINDUNG> Startmen [C:\Users\xy\AppData\Roaming\Microsoft\Windows\Start Menu] 30.05.2013 15:39 <VERBINDUNG> Vorlagen [C:\Users\xy\AppData\Roaming\Microsoft\Windows\Templates] 0 Datei(en), 0 Bytes Verzeichnis von C:\Users\xy\AppData\Local 30.05.2013 15:39 <VERBINDUNG> Anwendungsdaten [C:\Users\xy\AppData\Local] 30.05.2013 15:39 <VERBINDUNG> Temporary Internet Files [C:\Users\xy\AppData\Local\Microsoft\Windows\Temporary Internet Files] 30.05.2013 15:39 <VERBINDUNG> Verlauf [C:\Users\xy\AppData\Local\Microsoft\Windows\History] 0 Datei(en), 0 Bytes Verzeichnis von C:\Users\xy\AppData\Roaming\Microsoft\Windows\Start Menu 30.05.2013 15:39 <VERBINDUNG> Programme [C:\Users\xy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs] 0 Datei(en), 0 Bytes Verzeichnis von C:\Users\xy\Documents 30.05.2013 15:39 <VERBINDUNG> Eigene Bilder [C:\Users\xy\Pictures] 30.05.2013 15:39 <VERBINDUNG> Eigene Musik [C:\Users\xy\Music] 30.05.2013 15:39 <VERBINDUNG> Eigene Videos [C:\Users\xy\Videos] 0 Datei(en), 0 Bytes Anzahl der angezeigten Dateien: 0 Datei(en), 0 Bytes 83 Verzeichnis(se), 116.330.930.176 Bytes frei < > ========== Files - Unicode (All) ========== [2013.11.10 09:25:41 | 103,387,443 | -H-- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\焃 [2013.11.10 09:25:41 | 103,387,443 | -H-- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\焃 [2013.11.09 12:41:58 | 103,378,319 | -H-- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\Х [2013.11.09 06:42:02 | 103,378,319 | -H-- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\Х [2013.10.26 05:54:22 | 103,054,676 | -H-- | M] ()(C:\Windows\SysWow64\???¦) -- C:\Windows\SysWow64\Ⳋꝙ¦ [2013.10.26 05:54:22 | 103,054,676 | -H-- | C] ()(C:\Windows\SysWow64\???¦) -- C:\Windows\SysWow64\Ⳋꝙ¦ [2013.10.04 14:40:56 | 099,209,434 | -H-- | M] ()(C:\Windows\SysWow64\???K) -- C:\Windows\SysWow64\❒휜K [2013.10.04 14:40:56 | 099,209,434 | -H-- | C] ()(C:\Windows\SysWow64\???K) -- C:\Windows\SysWow64\❒휜K ========== Alternate Data Streams ========== @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:BF31A799 @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:373E1720 < End of report > wie bekommt man den extra txt? |
11.05.2014, 14:46 | #4 | ||
| download protect 2.2.0 sicher entfernen Hey. Zitat:
Zitat:
Wenn Du alles so wie auf dem Bild beschrieben eingestellt hast, befindet sich im C:\Users\xy\Downloads Ordner die Extras.txt. Wenn nicht, folge bitte diesen Anweisungen: Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden) |
11.05.2014, 15:09 | #5 |
| download protect 2.2.0 sicher entfernen OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 11.05.2014 15:52:16 - Run 5 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\xy\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.16518) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,49 Gb Total Physical Memory | 1,77 Gb Available Physical Memory | 50,66% Memory free 6,98 Gb Paging File | 4,89 Gb Available in Paging File | 70,08% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 210,06 Gb Total Space | 108,34 Gb Free Space | 51,57% Space Free | Partition Type: NTFS Drive D: | 721,35 Gb Total Space | 383,40 Gb Free Space | 53,15% Space Free | Partition Type: NTFS Computer Name: XY-PC | User Name: xy | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = OperaStable] -- Reg Error: Key error. File not found .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = OperaStable] -- Reg Error: Key error. File not found [HKEY_USERS\S-1-5-21-918124617-738689493-455985151-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htafile [open] -- "%1" %* htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- Reg Error: Key error. Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htafile [open] -- "%1" %* htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- Reg Error: Key error. Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{1BE3B06F-C524-4FCC-825C-1778A57B00F2}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | "{1EBAD0E1-130E-4CC9-AA97-532FCC107951}" = lport=445 | protocol=6 | dir=in | app=system | "{2274AC10-F5C1-4B36-911F-DAA1FAAA2678}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{22DA4856-5970-416D-8B8A-4F82C2AF1114}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{277F5CEC-1113-425D-878E-F0EDE0D4CA3C}" = lport=137 | protocol=17 | dir=in | app=system | "{2C3F83EC-C8E5-4B43-9636-9984534A4480}" = lport=138 | protocol=17 | dir=in | app=system | "{38F41324-3045-4314-81C8-1740EA0E1F6C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{54E5A7A6-5D1F-4E65-9E3E-5D3267253FB4}" = rport=137 | protocol=17 | dir=out | app=system | "{5B4ECFEF-8750-4791-9B40-911356FE091B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{72C08780-FC90-4319-B1CA-836F98B73061}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{9DBA3907-2169-4751-930D-71056ABE0820}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{AA204EA5-D8FA-4E95-9221-C7B84010A90D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{AD5D712B-AC7E-4D9F-BE30-C4914F3E51FE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{B2DC5720-7CE2-4C04-BBFC-FECEDB6CB390}" = rport=139 | protocol=6 | dir=out | app=system | "{CE1D5D40-DCA9-4026-8773-1A8D7FE7C3CB}" = lport=139 | protocol=6 | dir=in | app=system | "{D5504C27-5DD6-4FB0-B88B-FCE1FA6BECD7}" = rport=138 | protocol=17 | dir=out | app=system | "{D68BA98F-E224-4056-B322-7AD19E76045F}" = rport=445 | protocol=6 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{02A70DF9-3BF7-4726-91EE-2E71B312E152}" = protocol=17 | dir=in | app=c:\users\xy\appdata\roaming\dropbox\bin\dropbox.exe | "{1D58F6DA-C69C-4C3B-A100-A3120347463E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{211B27F6-BEA7-4FA5-B891-B99E1B688DEB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{2929AF89-5E00-4E93-897C-B160618A7090}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{2B8F9EF3-A677-4668-97C1-790620B6BEE4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{330128B8-7491-44C8-929E-315CC7407D06}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\thief\binaries\win64\shipping-thiefgame.exe | "{6A303E4B-DBEB-4DFA-A39B-C85F6E5A807D}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | "{8A1803CE-C13E-4F6B-937E-3CF7E424831D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{8B61D164-905E-4D08-9062-AF413CF13400}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{8F4CBBBF-ABF3-4984-BD98-E5EEF5D2BD4C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{9D8F268D-E4A7-47B2-A959-F1B7A4BD5356}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\thief\binaries\win64\shipping-thiefgame.exe | "{A4281308-5D6B-4522-B93E-0DF5B61F897A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{AE16F437-73D1-4B4C-BFF4-67FE92DA0793}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{B1FCF0A5-C200-42E2-B123-F65CF1CAC177}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe | "{C23D7666-C3D6-4BDF-A3D9-3BD45D73972B}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{C7AAC43B-3DAC-4CB1-8633-729FB6E35571}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe | "{D58E5287-CAFC-4896-9503-92A5E187EA62}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{E8FC61DD-1AA2-4D34-B39E-8BD712CE5CEE}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe | "{E9FCDBA5-5B98-4743-97A1-63931BABCF3C}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe | "{ED3B9EFB-4068-461D-94C9-694830DF3148}" = protocol=6 | dir=in | app=c:\users\xy\appdata\roaming\dropbox\bin\dropbox.exe | "{FC73799B-3C56-4E6D-8D9F-774D47BD89F7}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series" = Canon MG5300 series MP Drivers "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition) "{26A24AE4-039D-4CA4-87B4-2F86417040FF}" = Java 7 Update 40 (64-bit) "{308051DA-0048-7A07-FE8B-9B6EC119A9E8}" = AMD Catalyst Install Manager "{44AAA767-F540-F091-4571-ADCBC10B0C92}" = AMD Fuel "{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2 "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{64A3A4F4-B792-11D6-A78A-00B0D0170400}" = Java SE Development Kit 7 Update 40 (64-bit) "{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64 "{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1 "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{833F5E6D-6E01-11D1-978E-6DFBCEF72570}" = AMD Steady Video Plug-In "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031" = Microsoft .NET Framework 4.5.1 (Deutsch) "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 "{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64 "{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{AEF57B06-B494-8180-AFC7-05EFB1DB2B64}" = ccc-utility64 "{B2B47795-9ABC-37C1-0633-68B1B7104543}" = AMD Drag and Drop Transcoding "{BD1BCEF8-5CD6-D8ED-7D36-31C2172076EA}" = AMD Media Foundation Decoders "{C513739C-5F16-37B5-9ACF-99925FF1C1F3}" = Microsoft .NET Framework 4.5.1 (DEU) "{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64 "{ED273D26-E354-1A5B-A0D0-CB5258D43BD2}" = AMD Wireless Display v3.0 "{FCC4426F-0296-D30D-729C-E76C8E7252C7}" = AMD Accelerated Video Transcoding "62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F" = Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) "CCleaner" = CCleaner "CyberGhost VPN 5_is1" = CyberGhost 5 "GIMP-2_is1" = GIMP 2.8.6 "McAfee Security Scan" = McAfee Security Scan Plus "TAP-Windows" = TAP-Windows 9.9.2 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01C239A9-D570-4220-B143-3F39FD8A21CB}" = ZoneAlarm Antivirus "{046B79EE-7ED3-37A4-621A-FE297EF484C2}" = CCC Help Greek "{10CB5DDD-38E1-2EB2-F62C-C1948A99943E}" = AMD Catalyst Control Center "{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0 "{1194740D-0DB8-A508-31BA-E722597B4516}" = Catalyst Control Center Graphics Previews Common "{15134cb0-b767-4960-a911-f2d16ae54797}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 "{1FB16E3B-3AFB-46CB-6E83-2F5A0CF4ED16}" = Catalyst Control Center Localization All "{22154f09-719a-4619-bb71-5b3356999fbf}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 "{26A24AE4-039D-4CA4-87B4-2F83217004F0}" = Java(TM) 7 Update 4 "{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 45 "{2E3A81FB-7952-F8CB-9AD5-50544E2F4838}" = CCC Help Czech "{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 "{30A0234C-E0BD-41A1-A9A8-F16B8DC9F50E}" = ZoneAlarm Firewall "{4172E797-CE12-AC47-05B7-0E48BDB33E75}" = CCC Help Russian "{4260CAAE-D108-4223-A1C5-96B67062FE86}" = Windows Live Installer "{4428AEE6-FA5E-2913-8D12-B410E85E11AA}" = CCC Help Spanish "{48C84341-E4F7-42EC-BED5-7A5CAA3291F5}" = calibre "{49617AB8-5A31-44A7-95A6-BE6CE251A6F1}" = Ultimate EPubsoft DRM Removal 8.5.5 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}" = Google Earth Plug-in "{4FF1533E-FF2C-A04A-25DD-A8AEC6FA106B}" = CCC Help Chinese Standard "{56018684-241C-4D81-A4F6-CED1B5292C49}" = Fotogalerie "{59307833-CB98-4440-B644-0CD352F61907}" = Windows Live PIMT Platform "{6071CB80-DABC-B10D-F244-7F410FB3B150}" = CCC Help Polish "{6343B6BA-F97F-B336-9ED8-FFD43776E84D}" = CCC Help Finnish "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}" = PC Connectivity Solution "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "{7D6DDE45-FE2F-4D11-A7E7-BC2C2910536C}" = USB/DVD-Downloadtool für Windows 7 "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{7F95A744-78DA-4AED-A8F0-A0AF330B8411}_is1" = Video to Video "{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 6.3.2 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83ABE916-759A-49BE-BCEB-91F237E01502}" = Movie Maker "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{8C22A294-DBBA-445F-B55C-E26817CCFE69}" = Movie Maker "{8D3A11D0-D925-FA0F-43F3-242E49975CD2}" = CCC Help Danish "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110 "{8EF39A9F-6A57-9706-86A5-9312D9ED8016}" = CCC Help Portuguese "{8F66BFDE-B213-48E2-93EF-7151277A2916}" = Windows Live SOXE Definitions "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{91B33C97-54B3-9CEB-E911-246EDA9BDC9A}_is1" = Ashampoo Movie Studio v.1.0.13 "{91B33C97-91F8-FFB3-581B-BC952C901685}_is1" = Ashampoo Burning Studio FREE v.1.12.0 "{92352C97-C657-DB89-5F3A-E8C3789D9C89}" = CCC Help Chinese Traditional "{94532CD5-C66D-49E3-9131-5FB04D7647A1}" = Windows Live UX Platform "{95545E55-3309-1929-FF41-2908A9706742}" = CCC Help Turkish "{983FA94A-A7DD-40B1-B7F9-F45D2B4FD1DE}" = Windows Live Photo Common "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9CA5F712-9CAA-B3CB-02D3-7134DFC8801E}" = CCC Help French "{9DE9A189-5710-4C8F-8A4A-3F3D4BBFB9AE}" = Windows Live UX Platform Language Pack "{A128A816-FD3F-990E-DD80-E1735BD718AE}" = CCC Help Italian "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9FFEC6C-9C44-4597-8E23-EDD78BF5D0B2}" = Windows Live Communications Platform "{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time Lib Setup "{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86 "{AF37F9DE-0726-439E-BC10-43D9195394D0}" = Firebird SQL Server - MAGIX Edition "{AFC9ECA9-6A4E-1370-98F3-002B63B5AF8E}" = CCC Help Thai "{B88F2045-CF9A-996C-1670-6F7D65F1D18A}" = CCC Help Norwegian "{BE7CD87D-9B09-408B-97D4-37F27C2734C2}" = Windows Live Essentials "{BED96D0C-7743-3CE3-F7DF-A0A4475FBF2F}" = CCC Help Hungarian "{C87DF7BB-4F5C-4BBE-B041-A59FFF4A1D07}" = Windows Live SOXE "{CA5671C3-41A6-4156-87BA-3BC94E960E80}" = Photo Common "{CB79256B-C0E0-40C6-8EB7-BDD796203581}" = Catalyst Control Center - Branding "{D9C4202E-6D51-4B06-A8F1-22316E654BCA}" = Universal Adb Driver "{DF7DC45D-8A3C-490C-A70F-8C6A6189EDF9}" = Photo Gallery "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E297492A-E114-CAE0-502E-5F36C386DD30}" = CCC Help Dutch "{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86 "{E6533A85-ED92-F897-2B68-58AC3BD87F94}" = CCC Help English "{EBAC163A-588E-1E5A-3CE8-826E9A449244}" = CCC Help Korean "{ED65BD75-CEF3-C0C2-9E9C-FA567484FF60}" = CCC Help Japanese "{EEB34D84-92A1-7BE3-6DB7-ABD1C4912D6B}" = Catalyst Control Center InstallProxy "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F1289D68-1C48-930F-51CF-577BDB371252}" = CCC Help Swedish "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F34D9A5F-484A-4E31-A9D3-908CB265B289}" = Sygate Personal Firewall "{F3F340A5-64EC-AEEC-4BDF-DC537D390BF5}" = CCC Help German "{F5C9BE9A-04C3-4A72-8CD0-BB67C722D608}" = Camtasia Studio 8 "{F82C6574-AD88-4B40-A432-970BC77F1BD2}" = DesignPro 5 "{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1" = StreamTransport version: 1.1.0.1 "{FD9019FD-DB14-4A8F-AE19-8F62F5AFE9F4}" = ZoneAlarm Security "{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 "Adobe Flash Player ActiveX" = Adobe Flash Player 13 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin "Amazon Kindle" = Amazon Kindle "Audiograbber" = Audiograbber 1.83 SE "Avira AntiVir Desktop" = Avira Free Antivirus "CDex" = CDex - Open Source Digital Audio CD Extractor "DarkLoader_is1" = DarkLoader 4.3 "DVD Decrypter" = DVD Decrypter (Remove Only) "DVD Flick_is1" = DVD Flick 1.3.0.7 "DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch (DeCSS-frei) "Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX "ENTERPRISE" = Microsoft Office Enterprise 2007 "FILEminimizer Pictures_is1" = FILEminimizer Pictures "FormatFactory" = FormatFactory 3.1.1 "Free Video Dub_is1" = Free Video Dub version 2.0.21.822 "Free Videos To DVD_is1" = Free Videos To DVD V 4.0.0 "Free YouTube Download_is1" = Free YouTube Download version 3.2.33.424 "Freemake Video Converter_is1" = Freemake Video Converter Version 4.1.3 "GarrettLoader_is1" = GarrettLoader 1.41 "HOFER Bestellsoftware" = HOFER Bestellsoftware 4.12.1 "ImgBurn" = ImgBurn "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "InstallShield_{F82C6574-AD88-4B40-A432-970BC77F1BD2}" = DesignPro 5 "lavfilters_is1" = LAV Filters 0.55.3 "MAGIX 3D Maker D" = MAGIX 3D Maker (embeded) "MAGIX Foto Manager 9 D" = MAGIX Foto Manager 9 "MAGIX Fotos auf CD & DVD 9 deluxe D" = MAGIX Fotos auf CD & DVD 9 deluxe 9.0.0.18 (D) "MAGIX Online Druck Service D" = MAGIX Online Druck Service "MAGIX Screenshare D" = MAGIX Screenshare "MAGIX Speed burnR D" = MAGIX Speed burnR "MAGIX Xtreme Foto Designer 6 D" = MAGIX Xtreme Foto Designer 6 "Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware Version 2.0.1.1004 "MediaNavigation.CDLabelPrint" = CD-LabelPrint "Mozilla Firefox 29.0.1 (x86 de)" = Mozilla Firefox 29.0.1 (x86 de) "MP Navigator EX 5.0" = Canon MP Navigator EX 5.0 "PDFZilla_is1" = PDFZilla V3.0.6 "Revo Uninstaller" = Revo Uninstaller 1.95 "Shockwave" = Shockwave "Steam" = Steam "Steam App 239160" = Thief "Stellar Phoenix Outlook PST Repair_is1" = Stellar Phoenix Outlook PST Repair "TeamViewer 9" = TeamViewer 9 "Thief - The Dark Project" = Thief - The Dark Project (Remove Only) "Thief 2 - The Metal Age" = Thief 2 - The Metal Age (Remove Only) "Thief22DeinstallKey" = Dark Project 2 "VLC media player" = VLC media player 2.0.8 "WinLiveSuite" = Windows Live Essentials ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-918124617-738689493-455985151-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 10.05.2014 12:30:16 | Computer Name = xy-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Uninstall.exe_unknown, Version: 1.2.26.326, Zeitstempel: 0x5332d01c Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x73616c63 ID des fehlerhaften Prozesses: 0x1190 Startzeit der fehlerhaften Anwendung: 0x01cf6c6d0927e39c Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\Uninstall.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: 5db01b6f-d860-11e3-8a12-00045fb2fcaf Error - 10.05.2014 16:26:03 | Computer Name = xy-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: mswsockd.exe, Version: 0.0.0.0, Zeitstempel: 0x529d12e8 Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7c92c Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000171ff2 ID des fehlerhaften Prozesses: 0x8a8 Startzeit der fehlerhaften Anwendung: 0x01cf6c6ea4d7a70a Pfad der fehlerhaften Anwendung: C:\Windows\system32\mswsockd.exe Pfad des fehlerhaften Moduls: C:\Windows\system32\ole32.dll Berichtskennung: 4e3232a6-d881-11e3-a063-c3edff1fcaab Error - 11.05.2014 01:02:20 | Computer Name = xy-PC | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "D:\Downloads\SoftonicDownloader_fuer_vasco-da-gama-8-hd-professional.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error - 11.05.2014 05:52:09 | Computer Name = xy-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: mswsockd.exe, Version: 0.0.0.0, Zeitstempel: 0x529d12e8 Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7c92c Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000000d89e ID des fehlerhaften Prozesses: 0x630 Startzeit der fehlerhaften Anwendung: 0x01cf6ce0cc346fdc Pfad der fehlerhaften Anwendung: C:\Windows\system32\mswsockd.exe Pfad des fehlerhaften Moduls: C:\Windows\system32\ole32.dll Berichtskennung: ea815113-d8f1-11e3-909a-00045fb2fcaf Error - 11.05.2014 09:12:52 | Computer Name = xy-PC | Source = Application Hang | ID = 1002 Description = Programm OTL.exe, Version 3.2.69.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 122c Startzeit: 01cf6d1a7862c275 Endzeit: 10 Anwendungspfad: C:\Users\xy\Downloads\OTL.exe Berichts-ID: e67eda51-d90d-11e3-9008-00045fb2fcaf Error - 11.05.2014 09:51:40 | Computer Name = xy-PC | Source = Application Hang | ID = 1002 Description = Programm OTL.exe, Version 3.2.69.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: f94 Startzeit: 01cf6d1fc4e4bdac Endzeit: 16 Anwendungspfad: C:\Users\xy\Desktop\OTL.exe Berichts-ID: [ OSession Events ] Error - 30.05.2013 11:53:02 | Computer Name = xy-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 21 seconds with 0 seconds of active time. This session ended with a crash. Error - 13.02.2014 10:38:20 | Computer Name = xy-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1601 seconds with 840 seconds of active time. This session ended with a crash. [ System Events ] Error - 11.05.2014 01:07:35 | Computer Name = xy-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Lavalys EVEREST Kernel Driver" wurde aufgrund folgenden Fehlers nicht gestartet: %%577 Error - 11.05.2014 03:43:44 | Computer Name = xy-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Lavalys EVEREST Kernel Driver" wurde aufgrund folgenden Fehlers nicht gestartet: %%577 Error - 11.05.2014 03:43:44 | Computer Name = xy-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Lavalys EVEREST Kernel Driver" wurde aufgrund folgenden Fehlers nicht gestartet: %%577 Error - 11.05.2014 03:46:15 | Computer Name = xy-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Lavalys EVEREST Kernel Driver" wurde aufgrund folgenden Fehlers nicht gestartet: %%577 Error - 11.05.2014 03:46:16 | Computer Name = xy-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Lavalys EVEREST Kernel Driver" wurde aufgrund folgenden Fehlers nicht gestartet: %%577 Error - 11.05.2014 05:52:14 | Computer Name = xy-PC | Source = Service Control Manager | ID = 7034 Description = Dienst "pciide Access und" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 11.05.2014 07:27:35 | Computer Name = xy-PC | Source = DCOM | ID = 10010 Description = Error - 11.05.2014 07:29:53 | Computer Name = xy-PC | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst CyberGhost VPN 5 Client Service erreicht. Error - 11.05.2014 07:29:53 | Computer Name = xy-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "CyberGhost VPN 5 Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 11.05.2014 08:56:32 | Computer Name = xy-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?11.?05.?2014 um 14:55:52 unerwartet heruntergefahren. < End of report > |
11.05.2014, 15:10 | #6 |
| download protect 2.2.0 sicher entfernen OTL Logfile: Code:
ATTFilter OTL logfile created on: 11.05.2014 15:52:16 - Run 5 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\xy\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.16518) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,49 Gb Total Physical Memory | 1,77 Gb Available Physical Memory | 50,66% Memory free 6,98 Gb Paging File | 4,89 Gb Available in Paging File | 70,08% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 210,06 Gb Total Space | 108,34 Gb Free Space | 51,57% Space Free | Partition Type: NTFS Drive D: | 721,35 Gb Total Space | 383,40 Gb Free Space | 53,15% Space Free | Partition Type: NTFS Computer Name: XY-PC | User Name: xy | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found -- PRC - [2014.05.11 15:10:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\xy\Desktop\OTL.exe PRC - [2014.05.10 03:35:58 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2014.05.04 07:56:08 | 001,864,368 | -H-- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe PRC - [2014.04.18 20:50:52 | 033,604,728 | ---- | M] (Dropbox, Inc.) -- C:\Users\xy\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2014.03.07 12:29:32 | 000,012,800 | ---- | M] () -- C:\ProgramData\dlprotect.exe PRC - [2014.02.20 15:58:03 | 000,440,400 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2014.02.20 15:57:57 | 000,689,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2014.02.20 15:57:57 | 000,440,400 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2014.02.18 18:48:35 | 000,467,000 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\program files (x86)\avira\antivir desktop\ipmGui.exe PRC - [2014.02.06 23:29:56 | 000,189,480 | ---- | M] (Geek Software GmbH) -- C:\Program Files (x86)\PDF24\pdf24.exe PRC - [2014.02.05 10:48:32 | 004,915,040 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe PRC - [2013.05.23 15:17:00 | 001,106,288 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe PRC - [2013.05.23 15:16:56 | 000,311,152 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe PRC - [2013.05.23 15:16:52 | 001,561,968 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe PRC - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2009.05.06 18:53:50 | 001,220,608 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe ========== Modules (No Company Name) ========== MOD - [2014.05.11 14:57:42 | 000,041,984 | ---- | M] () -- c:\users\xy\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpj6f1fu.dll MOD - [2014.05.10 03:35:58 | 003,839,088 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2014.05.04 07:56:08 | 016,351,920 | -H-- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll MOD - [2014.03.07 12:29:32 | 000,012,800 | ---- | M] () -- C:\ProgramData\dlprotect.exe MOD - [2014.02.23 11:50:17 | 018,813,440 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\a4b45c44490c75bc2fb22780e7ef087d\PresentationFramework.ni.dll MOD - [2014.02.23 11:50:13 | 000,223,232 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\f4354d6580fbb745c0c8acba382a7b84\System.ServiceProcess.ni.dll MOD - [2014.02.23 11:50:11 | 001,889,792 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\3fe705796c6a41d4889d9001d1c56af8\System.Xaml.ni.dll MOD - [2014.02.23 11:50:09 | 000,802,816 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\966f64a25064fe74936295dc06ec586e\System.Runtime.Remoting.ni.dll MOD - [2014.02.23 11:50:04 | 011,025,920 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74542efbeb46445949a39026c501132\PresentationCore.ni.dll MOD - [2014.02.23 11:49:59 | 006,990,336 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dce99d8de14d8a015313db98c72552ee\System.Core.ni.dll MOD - [2014.02.23 11:49:58 | 007,662,080 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bada32953bb6b16a53d653eae23d78dc\System.Xml.ni.dll MOD - [2014.02.23 11:49:57 | 003,950,080 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\acf97bfe2a931d4a47253b26b7218991\WindowsBase.ni.dll MOD - [2014.02.23 11:49:54 | 000,976,384 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bbc48ec4245e502ae19b0601d3799c9e\System.Configuration.ni.dll MOD - [2014.02.23 11:49:53 | 010,060,800 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll MOD - [2014.02.23 11:49:47 | 016,953,856 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll MOD - [2014.01.03 05:42:50 | 003,610,624 | ---- | M] () -- C:\Users\xy\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll MOD - [2013.10.19 01:55:02 | 025,100,288 | ---- | M] () -- C:\Users\xy\AppData\Roaming\Dropbox\bin\libcef.dll ========== Services (SafeList) ========== SRV:64bit: - [2014.03.07 12:29:31 | 000,118,784 | -H-- | M] () [Auto | Running] -- C:\Windows\SysNative\mswsockd.exe -- (ntoskrol) SRV:64bit: - [2014.02.06 12:48:45 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService) SRV:64bit: - [2013.12.06 22:52:10 | 000,239,616 | -H-- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2013.12.06 17:06:06 | 000,344,064 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV:64bit: - [2008.05.08 01:29:38 | 000,122,880 | -H-- | M] (CrypKey (Canada) Ltd.) [Auto | Running] -- C:\Windows\SysNative\Crypserv.exe -- (Crypkey License) SRV - [2014.05.04 07:56:09 | 000,257,712 | -H-- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2014.02.25 23:57:46 | 000,568,512 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2014.02.20 15:58:03 | 000,440,400 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2014.02.20 15:57:57 | 000,440,400 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2014.02.05 10:48:32 | 004,915,040 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe -- (TeamViewer9) SRV - [2014.01.16 18:03:40 | 000,064,112 | ---- | M] (CyberGhost S.R.L) [Auto | Running] -- C:\Programme\CyberGhost 5\Service.exe -- (CGVPNCliService) SRV - [2014.01.16 02:42:12 | 000,289,256 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\3.8.141\McCHSvc.exe -- (McComponentHostService) SRV - [2013.09.11 22:21:54 | 000,105,144 | -H-- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013.04.18 11:06:42 | 000,737,616 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2012.07.17 16:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.05.06 18:53:50 | 001,220,608 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs) SRV - [2008.08.07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) ========== Driver Services (SafeList) ========== DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard) DRV:64bit: - [2014.03.18 02:24:02 | 000,451,480 | -H-- | M] (Check Point Software Technologies Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant) DRV:64bit: - [2014.01.22 08:52:10 | 000,206,080 | -H-- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) DRV:64bit: - [2014.01.22 08:52:10 | 000,108,800 | -H-- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) DRV:64bit: - [2013.12.24 23:33:22 | 000,489,568 | -H-- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF) DRV:64bit: - [2013.12.24 23:33:20 | 007,717,984 | -H-- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1) DRV:64bit: - [2013.12.18 18:40:12 | 000,131,576 | -H-- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2013.12.18 18:40:12 | 000,108,440 | -H-- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2013.12.06 23:52:14 | 013,207,552 | -H-- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2013.12.06 22:21:44 | 000,626,176 | -H-- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2013.11.26 07:27:26 | 000,028,600 | -H-- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2013.09.24 16:53:50 | 000,094,208 | -H-- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2013.08.22 14:40:24 | 000,040,664 | -H-- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901) DRV:64bit: - [2013.08.19 20:30:57 | 000,047,240 | -H-- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tbhsd.sys -- (tbhsd) DRV:64bit: - [2012.10.17 14:53:46 | 000,026,112 | -H-- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd) DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.09.29 11:30:34 | 000,646,248 | -H-- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | -H-- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | -H-- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.12.15 17:06:46 | 000,047,232 | RH-- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2010.11.20 05:33:36 | 000,078,720 | -H-- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 01:37:44 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.02.18 09:18:24 | 000,046,136 | -H-- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | -H-- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | -H-- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | -H-- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | -H-- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2008.03.17 19:12:26 | 000,028,664 | -H-- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Ckldrv.sys -- (NetworkX) DRV - [2013.09.20 00:05:02 | 000,059,648 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2.0) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-918124617-738689493-455985151-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com IE - HKU\S-1-5-21-918124617-738689493-455985151-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\S-1-5-21-918124617-738689493-455985151-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-918124617-738689493-455985151-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-918124617-738689493-455985151-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-918124617-738689493-455985151-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2D 55 81 69 3C 5D CE 01 [binary data] IE - HKU\S-1-5-21-918124617-738689493-455985151-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com IE - HKU\S-1-5-21-918124617-738689493-455985151-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com IE - HKU\S-1-5-21-918124617-738689493-455985151-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-918124617-738689493-455985151-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd1202&cd=2XzuyEtN2Y1L1QzutDtDtDyEyD0F0BtB0F0C0A0Fzy0A0E0FtN0D0Tzu0SyBtCyEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1989247540&ir= IE - HKU\S-1-5-21-918124617-738689493-455985151-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.upc.at/" FF - prefs.js..extensions.enabledAddons: %7BEBB09598-CE49-44A2-8D8F-DAE7F08CB84F%7D:2.2.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0.1 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3522.0110: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{EBB09598-CE49-44A2-8D8F-DAE7F08CB84F}: C:\Windows\Installer\{B16D8C33-92D4-47C7-A449-C55B0B3356E2}\{EBB09598-CE49-44A2-8D8F-DAE7F08CB84F}.xpi [2014.05.11 14:04:40 | 000,796,223 | -H-- | M] () FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014.05.03 06:27:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xy\AppData\Roaming\mozilla\Extensions [2014.05.11 14:04:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xy\AppData\Roaming\mozilla\Firefox\Profiles\68zaqfqh.default-1399808736961\extensions [2014.05.10 03:35:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2014.05.10 03:35:58 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2014.05.11 14:04:40 | 000,796,223 | -H-- | M] () (No name found) -- C:\WINDOWS\INSTALLER\{B16D8C33-92D4-47C7-A449-C55B0B3356E2}\{EBB09598-CE49-44A2-8D8F-DAE7F08CB84F}.XPI ========== Chrome ========== CHR - homepage: hxxp://www.google.com CHR - Extension: No name found = C:\Users\xy\AppData\Local\Google\Chrome\User Data\default\extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\ CHR - Extension: No name found = C:\Users\xy\AppData\Local\Google\Chrome\User Data\default\extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\ CHR - Extension: No name found = C:\Users\xy\AppData\Local\Google\Chrome\User Data\default\extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: No name found = C:\Users\xy\AppData\Local\Google\Chrome\User Data\default\extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | -H-- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Programme\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Programme\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.) O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKU\S-1-5-21-918124617-738689493-455985151-1000\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found. O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Download Protect] C:\ProgramData\dlprotect.exe () O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-918124617-738689493-455985151-1000..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) O4 - HKU\S-1-5-21-918124617-738689493-455985151-1000..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung) O4 - HKU\S-1-5-21-918124617-738689493-455985151-1000..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O4 - HKU\.DEFAULT..\RunOnce: [SpUninstallDeleteDir] rmdir /s /q "\SearchProtect" File not found O4 - HKU\S-1-5-18..\RunOnce: [SpUninstallDeleteDir] rmdir /s /q "\SearchProtect" File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\xy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\xy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\SearchScopes present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKU\S-1-5-21-918124617-738689493-455985151-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{94FAA4C5-3B3C-4229-B168-76B8CA05270F}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B322F991-7096-4BA5-AA59-F02F01608B7A}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Programme\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Programme\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2014.02.07 21:49:58 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2014.02.08 19:18:51 | 000,000,000 | ---D | M] - C:\AutoRuns -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (sdnclean64.exe) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2014.05.11 15:10:22 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\xy\Desktop\OTL.exe [2014.05.11 13:33:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Atheros [2014.05.11 06:12:01 | 000,000,000 | ---D | C] -- C:\Users\xy\Desktop\Alte Firefox-Daten [2014.05.10 18:34:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft [2014.05.10 04:11:22 | 000,536,576 | -H-- | C] (SQLite Development Team) -- C:\Windows\SysWow64\sqlite3.dll [2014.05.10 03:35:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2014.05.09 05:48:56 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump [2014.05.04 07:56:05 | 017,931,952 | -H-- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe [2014.05.04 07:39:00 | 000,000,000 | ---D | C] -- C:\Users\xy\Documents\StreamingStar [2014.05.03 15:11:47 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Roaming\DropboxMaster [2014.05.03 10:57:53 | 000,000,000 | ---D | C] -- C:\Users\xy\Documents\MAGIX_MusicEditor [2014.05.03 09:39:54 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\CrashDumps [2014.05.03 06:27:09 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Roaming\Mozilla [2014.05.02 12:23:17 | 000,000,000 | ---D | C] -- C:\Users\xy\Documents\MAGIX_Foto_Manager_9 [2014.05.02 06:17:39 | 000,000,000 | ---D | C] -- C:\ProgramData\MotionStudios [2014.05.02 03:00:49 | 000,000,000 | ---D | C] -- C:\MotionStudios [2014.05.01 07:58:33 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\MAGIX_AG [2014.04.20 09:09:34 | 000,000,000 | ---D | C] -- C:\Users\xy\Documents\Epubsoft [2014.04.20 09:09:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Epubsoft [2014.04.20 09:09:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPUBSOFT [2014.04.20 09:09:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EPUBSOFT [2014.04.20 08:59:25 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Roaming\ePUBeedrmremoval [2014.04.20 08:59:25 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Roaming\decrypt [2014.04.20 08:59:25 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Roaming\.ePUBeedrmremoval [2014.04.20 08:59:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ePUBee [2014.04.19 11:42:50 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\calibre-cache [2014.04.19 11:15:01 | 000,000,000 | ---D | C] -- C:\Users\xy\Documents\My Kindle Content [2014.04.19 11:14:41 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon [2014.04.19 11:14:41 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\Amazon [2014.04.19 11:14:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amazon [2014.04.18 06:31:19 | 000,083,096 | -H-- | C] (Sygate Technologies, Inc.) -- C:\Windows\SysWow64\SSSensor.dll [2014.04.18 06:31:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sygate Personal Firewall [2014.04.18 06:31:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sygate [2014.04.17 20:28:49 | 007,717,984 | -H-- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kl1.sys [2014.04.17 20:28:47 | 000,489,568 | -H-- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klif.sys [2014.04.17 20:28:47 | 000,090,208 | -H-- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klflt.sys [2014.04.17 20:28:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point [2014.04.17 04:41:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CheckPoint [2014.04.17 04:39:46 | 000,119,512 | -H-- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys [2014.04.17 04:39:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware [2014.04.17 04:39:33 | 000,088,280 | -H-- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys [2014.04.17 04:39:33 | 000,063,192 | -H-- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys [2014.04.17 04:39:33 | 000,025,816 | -H-- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2014.04.17 04:39:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ Malwarebytes Anti-Malware [2014.04.12 12:26:19 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Roaming\TechSmith [2014.04.12 12:26:00 | 000,000,000 | ---D | C] -- C:\Users\xy\Documents\Camtasia Studio [2014.04.12 12:22:00 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\Ashampoo Movie Studio [2014.04.12 11:57:42 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Roaming\MOVAVI [2014.04.12 11:57:42 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\Movavi [2014.04.12 11:37:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith [2014.04.12 11:37:40 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1995-08.com.techsmith [2014.04.12 11:37:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2014.04.12 11:37:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\TechSmith Shared [2014.04.12 11:37:20 | 000,000,000 | ---D | C] -- C:\ProgramData\TechSmith [2014.04.12 11:37:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TechSmith [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2014.05.11 15:47:02 | 000,001,102 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2014.05.11 15:46:04 | 000,001,098 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2014.05.11 15:10:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\xy\Desktop\OTL.exe [2014.05.11 15:05:03 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2014.05.11 15:05:03 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2014.05.11 14:56:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2014.05.11 14:56:30 | 2811,244,544 | -HS- | M] () -- C:\hiberfil.sys [2014.05.11 14:29:16 | 000,119,512 | -H-- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys [2014.05.11 14:04:41 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2014.05.11 13:56:00 | 000,000,884 | -H-- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2014.05.11 09:52:56 | 001,629,276 | -H-- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2014.05.11 09:52:56 | 000,702,926 | -H-- | M] () -- C:\Windows\SysNative\perfh007.dat [2014.05.11 09:52:56 | 000,657,158 | -H-- | M] () -- C:\Windows\SysNative\perfh009.dat [2014.05.11 09:52:56 | 000,150,566 | -H-- | M] () -- C:\Windows\SysNative\perfc007.dat [2014.05.11 09:52:56 | 000,122,970 | -H-- | M] () -- C:\Windows\SysNative\perfc009.dat [2014.05.11 07:03:06 | 000,002,081 | ---- | M] () -- C:\Users\xy\Desktop\Everest Home Edition - CHIP Downloader.lnk [2014.05.10 18:34:44 | 000,001,432 | ---- | M] () -- C:\Users\Public\Desktop\Free YouTube Download.lnk [2014.05.10 18:34:44 | 000,001,235 | ---- | M] () -- C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk [2014.05.10 16:33:36 | 000,000,034 | -H-- | M] () -- C:\Windows\cdplayer.ini [2014.05.10 04:25:30 | 000,000,944 | ---- | M] () -- C:\Users\xy\Desktop\adwcleaner_3.2.0.7 - Verknüpfung.lnk [2014.05.09 17:20:17 | 000,001,945 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk [2014.05.04 07:56:09 | 000,692,400 | -H-- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2014.05.04 07:56:08 | 000,070,832 | -H-- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2014.05.04 07:56:05 | 017,931,952 | -H-- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe [2014.05.04 07:08:45 | 000,000,684 | ---- | M] () -- C:\Users\xy\Desktop\MediathekView - neu.lnk [2014.05.04 07:06:32 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2014.05.04 07:06:32 | 000,001,930 | ---- | M] () -- C:\Users\Public\Desktop\Canon Easy-PhotoPrint EX.lnk [2014.05.04 07:06:31 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2014.05.03 15:12:02 | 000,001,008 | ---- | M] () -- C:\Users\xy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014.05.03 15:11:30 | 000,000,970 | ---- | M] () -- C:\Users\xy\Desktop\Dropbox.lnk [2014.05.03 10:12:31 | 000,011,264 | ---- | M] () -- C:\Users\xy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2014.05.03 06:27:04 | 000,001,143 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2014.05.02 15:27:06 | 000,512,808 | -H-- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2014.05.02 12:18:47 | 000,001,212 | ---- | M] () -- C:\Users\Public\Desktop\MAGIX Fotos auf CD & DVD 9 deluxe.lnk [2014.05.02 10:24:55 | 000,008,476 | ---- | M] () -- C:\Users\xy\AppData\Local\recently-used.xbel [2014.04.19 11:42:28 | 000,000,960 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk [2014.04.19 11:14:41 | 000,001,990 | ---- | M] () -- C:\Users\xy\Desktop\Kindle.lnk [2014.04.17 20:29:46 | 000,000,132 | -H-- | M] () -- C:\Windows\SysNative\drivers\vsconfig.xml [2014.04.17 04:39:35 | 000,001,098 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2014.04.12 12:21:45 | 000,001,240 | ---- | M] () -- C:\Users\Public\Desktop\Ashampoo Movie Studio.lnk [2014.04.12 11:57:42 | 000,005,053 | ---- | M] () -- C:\ProgramData\hwjqxkkr.zva [2014.04.12 11:42:20 | 000,004,509 | ---- | M] () -- C:\Users\xy\AppData\Roaming\CamStudio.cfg [2014.04.12 11:42:20 | 000,000,408 | ---- | M] () -- C:\Users\xy\AppData\Roaming\CamShapes.ini [2014.04.12 11:42:20 | 000,000,408 | ---- | M] () -- C:\Users\xy\AppData\Roaming\CamLayout.ini [2014.04.12 11:42:20 | 000,000,096 | ---- | M] () -- C:\Users\xy\AppData\Roaming\Camdata.ini [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2014.05.11 07:03:06 | 000,002,081 | ---- | C] () -- C:\Users\xy\Desktop\Everest Home Edition - CHIP Downloader.lnk [2014.05.10 18:34:44 | 000,001,432 | ---- | C] () -- C:\Users\Public\Desktop\Free YouTube Download.lnk [2014.05.10 18:34:44 | 000,001,235 | ---- | C] () -- C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk [2014.05.10 04:25:29 | 000,000,944 | ---- | C] () -- C:\Users\xy\Desktop\adwcleaner_3.2.0.7 - Verknüpfung.lnk [2014.05.04 07:08:45 | 000,000,684 | ---- | C] () -- C:\Users\xy\Desktop\MediathekView - neu.lnk [2014.05.04 07:03:20 | 000,000,884 | -H-- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2014.05.03 06:27:04 | 000,001,143 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2014.05.03 06:27:03 | 000,001,155 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2014.05.02 12:18:47 | 000,001,212 | ---- | C] () -- C:\Users\Public\Desktop\MAGIX Fotos auf CD & DVD 9 deluxe.lnk [2014.05.02 10:24:55 | 000,008,476 | ---- | C] () -- C:\Users\xy\AppData\Local\recently-used.xbel [2014.04.27 11:54:36 | 000,000,034 | -H-- | C] () -- C:\Windows\cdplayer.ini [2014.04.19 11:14:41 | 000,001,990 | ---- | C] () -- C:\Users\xy\Desktop\Kindle.lnk [2014.04.17 20:28:54 | 000,000,132 | -H-- | C] () -- C:\Windows\SysNative\drivers\vsconfig.xml [2014.04.17 04:39:35 | 000,001,098 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2014.04.12 12:21:45 | 000,001,240 | ---- | C] () -- C:\Users\Public\Desktop\Ashampoo Movie Studio.lnk [2014.04.12 11:57:42 | 000,005,053 | ---- | C] () -- C:\ProgramData\hwjqxkkr.zva [2014.03.26 20:44:20 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2014.03.22 15:08:02 | 000,000,042 | ---- | C] () -- C:\Users\xy\AppData\Roaming\WB.CFG [2014.03.19 13:14:21 | 000,011,264 | ---- | C] () -- C:\Users\xy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2014.03.07 12:29:32 | 000,012,800 | ---- | C] () -- C:\ProgramData\dlprotect.exe [2014.02.09 14:49:30 | 000,000,701 | ---- | C] () -- C:\Users\xy\AppData\Roaming\pdfsound.dll [2014.02.09 14:49:30 | 000,000,053 | ---- | C] () -- C:\Users\xy\AppData\Roaming\setting.ini [2014.02.09 14:49:30 | 000,000,043 | ---- | C] () -- C:\Users\xy\AppData\Roaming\setup_pdfrotator.ini [2014.02.09 14:49:30 | 000,000,043 | ---- | C] () -- C:\Users\xy\AppData\Roaming\setup_pdfcombine.ini [2014.02.09 14:49:30 | 000,000,030 | ---- | C] () -- C:\Users\xy\AppData\Roaming\setup.ini [2014.02.09 14:49:30 | 000,000,014 | ---- | C] () -- C:\Users\xy\AppData\Roaming\options.ini [2014.02.09 14:49:30 | 000,000,003 | ---- | C] () -- C:\Users\xy\AppData\Roaming\options_pdfrotator.ini [2014.02.09 14:49:30 | 000,000,003 | ---- | C] () -- C:\Users\xy\AppData\Roaming\options_pdfcombine.ini [2014.01.18 20:25:57 | 000,000,000 | -H-- | C] () -- C:\Windows\geo.ini [2013.12.15 11:19:23 | 000,338,944 | -H-- | C] () -- C:\Windows\SysWow64\Lffpx7.dll [2013.12.15 11:19:23 | 000,122,880 | -H-- | C] () -- C:\Windows\SysWow64\Lfkodak.dll [2013.12.15 11:19:23 | 000,088,576 | -H-- | C] () -- C:\Windows\SysWow64\Lffpx90n.dll [2013.12.06 23:38:38 | 000,995,342 | -H-- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe [2013.12.06 23:38:38 | 000,798,734 | -H-- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe [2013.12.06 17:44:26 | 000,038,912 | -H-- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2013.11.10 16:22:58 | 000,000,256 | -H-- | C] () -- C:\Windows\_delis32.ini [2013.11.09 15:25:48 | 000,004,509 | ---- | C] () -- C:\Users\xy\AppData\Roaming\CamStudio.cfg [2013.10.06 15:12:01 | 000,178,176 | -H-- | C] () -- C:\Windows\SysWow64\StellarProfile.dll [2013.10.06 11:08:27 | 000,000,004 | -H-- | C] () -- C:\Windows\vx86036.dat [2013.10.06 11:08:05 | 000,000,140 | -H-- | C] () -- C:\Windows\Crypkey.ini [2013.10.06 11:07:59 | 000,027,648 | RH-- | C] () -- C:\Windows\Setup_ck.exe [2013.10.06 11:07:59 | 000,018,432 | -H-- | C] () -- C:\Windows\Setup_ck.dll [2013.10.06 11:07:59 | 000,011,776 | -H-- | C] () -- C:\Windows\Ckrfresh.exe [2013.09.28 09:55:35 | 000,000,408 | ---- | C] () -- C:\Users\xy\AppData\Roaming\CamShapes.ini [2013.09.28 09:55:35 | 000,000,408 | ---- | C] () -- C:\Users\xy\AppData\Roaming\CamLayout.ini [2013.09.28 09:55:35 | 000,000,096 | ---- | C] () -- C:\Users\xy\AppData\Roaming\Camdata.ini [2013.06.07 21:08:30 | 000,000,234 | -H-- | C] () -- C:\Windows\wininit.ini [2013.06.02 19:08:27 | 000,007,256 | -H-- | C] () -- C:\Windows\mgxoschk.ini [2013.05.31 20:52:26 | 001,602,556 | -H-- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.05.30 17:12:58 | 000,120,200 | -H-- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll [2013.05.30 16:14:22 | 000,000,400 | -H-- | C] () -- C:\Windows\ODBC.INI [2013.05.30 15:47:53 | 000,000,000 | -H-- | C] () -- C:\Windows\ativpsrm.bin [2013.05.22 20:43:52 | 000,030,568 | -H-- | C] () -- C:\Windows\MusiccityDownload.exe [2013.05.22 20:43:48 | 000,974,848 | -H-- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2013.05.22 20:43:48 | 000,081,920 | -H-- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2013.05.22 20:43:48 | 000,065,536 | -H-- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2013.05.22 20:43:48 | 000,057,344 | -H-- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2012.12.19 21:52:22 | 000,204,952 | -H-- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.12.19 21:52:22 | 000,157,144 | -H-- | C] () -- C:\Windows\SysWow64\ativvsva.dat ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.07.26 04:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.07.26 03:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 04:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Custom Scans ========== ========== Base Services ========== SRV:64bit: - [2009.07.14 03:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc) SRV:64bit: - [2013.02.27 07:47:10 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo) SRV:64bit: - [2009.07.14 03:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG) SRV:64bit: - [2010.11.20 05:27:24 | 000,849,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS) SRV:64bit: - [2010.11.20 05:25:46 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE) SRV:64bit: - [2013.09.25 03:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso) SRV:64bit: - [2009.07.14 03:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem) SRV - [2009.07.14 03:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem) SRV:64bit: - [2012.07.05 00:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser) SRV:64bit: - [2013.07.09 07:46:20 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc) SRV - [2013.07.09 06:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc) SRV:64bit: - [2010.11.20 05:27:26 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch) SRV:64bit: - [2010.11.20 05:26:06 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp) SRV - [2010.11.20 04:18:32 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp) SRV:64bit: - [2011.03.03 08:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache) SRV:64bit: - [2009.07.14 03:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost) SRV:64bit: - [2009.07.14 03:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\hidserv.dll -- (hidserv) SRV - [2009.07.14 03:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv) SRV:64bit: - [2009.07.14 03:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess) SRV:64bit: - [2010.11.20 05:26:40 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent) No service found with a name of MsMpSvc No service found with a name of NisSrv SRV:64bit: - [2009.07.14 03:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\swprv.dll -- (swprv) SRV:64bit: - [2009.07.14 03:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS) SRV:64bit: - [2009.07.14 03:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman) SRV:64bit: - [2009.07.14 03:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm) SRV - [2009.07.14 03:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm) SRV:64bit: - [2012.10.03 19:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc) SRV:64bit: - [2009.07.14 03:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi) SRV:64bit: - [2011.05.24 13:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay) SRV:64bit: - [2012.02.11 08:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler) SRV:64bit: - [2013.09.25 03:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage) No service found with a name of EMDMgmt SRV:64bit: - [2009.07.14 03:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto) SRV:64bit: - [2010.11.20 05:27:26 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan) SRV:64bit: - [2010.11.20 05:27:26 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs) SRV:64bit: - [2010.11.20 05:27:26 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon) SRV:64bit: - [2013.09.25 03:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs) SRV:64bit: - [2009.07.14 03:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc) SRV:64bit: - [2010.11.20 05:27:28 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer) SRV:64bit: - [2010.11.20 05:27:26 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection) SRV - [2010.11.20 04:21:20 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection) No service found with a name of slsvc SRV:64bit: - [2010.11.20 05:27:26 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule) SRV:64bit: - [2010.11.20 05:27:28 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv) SRV - [2010.11.20 04:21:30 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv) SRV:64bit: - [2009.07.14 03:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes) SRV:64bit: - [2012.05.01 07:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc) SRV:64bit: - [2010.11.20 05:25:28 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS) SRV:64bit: - [2010.11.20 05:25:44 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv) SRV:64bit: - [2010.11.20 05:25:44 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder) SRV:64bit: - [2010.11.20 05:27:26 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC) No service found with a name of WinDefend SRV:64bit: - [2010.11.20 05:27:30 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog) SRV:64bit: - [2010.11.20 05:27:00 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc) SRV:64bit: - [2010.11.20 05:27:30 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc) SRV:64bit: - [2010.11.20 05:25:00 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver) SRV - [2010.11.20 04:17:24 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver) SRV:64bit: - [2009.07.14 03:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt) SRV:64bit: - [2012.06.03 00:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv) SRV:64bit: - [2010.11.20 05:26:08 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc) SRV:64bit: - [2009.07.14 03:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc) SRV:64bit: - [2010.11.20 05:27:30 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation) < %SYSTEMDRIVE%\*.exe > < MD5 for: EXPLORER.EXE > [2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe [2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe [2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.20 04:17:10 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2010.11.20 05:24:46 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe [2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe < MD5 for: MPSVC.DLL > [2013.05.27 07:26:41 | 001,011,712 | ---- | M] (Microsoft Corporation) MD5=7B6CD2C784B13D63481B6BF49605C026 -- C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.22341_none_b648c5e888076cca\MpSvc.dll [2013.05.27 07:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) MD5=7CBB1D4D13DC62D7F529D87151FD3CD3 -- C:\Program Files\Windows Defender\MpSvc.dll [2013.05.27 07:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) MD5=7CBB1D4D13DC62D7F529D87151FD3CD3 -- C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.18170_none_b59db7296f030a55\MpSvc.dll [2013.05.27 07:56:38 | 001,011,712 | ---- | M] (Microsoft Corporation) MD5=93B9D9FABBED612F71527E52E1D1EE93 -- C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.21531_none_b46d38ce8ad8e4ed\MpSvc.dll [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) MD5=CF318F60A84F15AF352439465A8D05F4 -- C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_b3b1a27171e01f6c\MpSvc.dll [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) MD5=CF318F60A84F15AF352439465A8D05F4 -- C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_b5e2b6396ecea306\MpSvc.dll [2013.05.27 07:25:24 | 001,011,712 | ---- | M] (Microsoft Corporation) MD5=F7DE0DDAC48EEE6DD48A9EB33F6E672D -- C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.17316_none_b3fe3b6771a68ecd\MpSvc.dll < MD5 for: QMGR.DLL > [2010.11.20 05:27:24 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\SysNative\qmgr.dll [2010.11.20 05:27:24 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_81b6ca5c101195cd\qmgr.dll [2009.07.14 03:41:53 | 000,848,384 | ---- | M] (Microsoft Corporation) MD5=7F0C323FE3DA28AA4AA1BDA3F575707F -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7600.16385_none_7f85b69413231233\qmgr.dll < MD5 for: RPCSS.DLL > [2010.11.20 05:27:26 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\Windows\SysNative\rpcss.dll [2010.11.20 05:27:26 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll [2009.07.14 03:41:53 | 000,509,440 | ---- | M] (Microsoft Corporation) MD5=7266972E86890E2B30C0C322E906B027 -- C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll < MD5 for: SERVICES > [2009.06.10 23:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services < MD5 for: SERVICES.ASFX > [2012.09.23 20:43:44 | 000,002,677 | ---- | M] () MD5=22FEEF662B7E813F8547E1446EBC706B -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Locale\de_DE\Services\Services.asfx < MD5 for: SERVICES.CFG > [2012.09.23 20:43:36 | 000,603,848 | RH-- | M] () MD5=81B120EAEE296F0E54F66C16C5A21367 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA71301B744BA0000000010\11.0.0\services.cfg [2013.05.11 12:37:26 | 000,558,990 | ---- | M] () MD5=FE8FB005031C2574E990DAC1F9F5ACF8 -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Services\Services.cfg < MD5 for: SERVICES.DAT > [2013.04.22 05:04:55 | 000,001,720 | ---- | M] () MD5=43C1700D78D89F0B1F6FA88FD132BE1A -- C:\JRT\services.dat < MD5 for: SERVICES.EXE > [2009.07.14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe [2009.07.14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe < MD5 for: SERVICES.EXE.MUI > [2009.07.14 19:58:12 | 000,019,456 | ---- | M] (Microsoft Corporation) MD5=F0E13F46C1944FCE489C9A18372C3ED8 -- C:\Windows\SysNative\de-DE\services.exe.mui [2009.07.14 19:58:12 | 000,019,456 | ---- | M] (Microsoft Corporation) MD5=F0E13F46C1944FCE489C9A18372C3ED8 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_de-de_1d0162c550c828a3\services.exe.mui < MD5 for: SERVICES.LNK > [2009.07.14 06:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk [2009.07.14 06:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk < MD5 for: SERVICES.MOF > [2009.06.10 22:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof [2009.06.10 22:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof < MD5 for: SERVICES.MSC > [2009.06.10 22:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc [2009.06.10 23:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc [2009.06.10 22:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc [2009.06.10 23:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc [2009.07.14 19:58:11 | 000,092,744 | ---- | M] () MD5=7FC1BD72E9D0E622638C4620E33FAD47 -- C:\Windows\SysNative\de-DE\services.msc [2009.07.14 19:58:12 | 000,092,744 | ---- | M] () MD5=7FC1BD72E9D0E622638C4620E33FAD47 -- C:\Windows\SysWOW64\de-DE\services.msc [2009.07.14 19:58:11 | 000,092,744 | ---- | M] () MD5=7FC1BD72E9D0E622638C4620E33FAD47 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_de-de_574332b12731c296\services.msc [2009.07.14 19:58:12 | 000,092,744 | ---- | M] () MD5=7FC1BD72E9D0E622638C4620E33FAD47 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_de-de_fb24972d6ed45160\services.msc < MD5 for: SERVICES.PTXML > [2009.07.13 22:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml [2009.07.13 22:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml < MD5 for: SVCHOST.EXE > [2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe [2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe [2014.04.03 09:49:02 | 000,742,200 | ---- | M] (MalwareBytes) MD5=96820649733BFB2B0499C371904B7B40 -- C:\Program Files (x86)\ Malwarebytes Anti-Malware \Chameleon\Windows\svchost.exe [2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe [2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe < MD5 for: USERINIT.EXE > [2010.11.20 04:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 04:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 05:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 05:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 05:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 05:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2014.04.03 09:49:02 | 000,742,200 | ---- | M] (MalwareBytes) MD5=96820649733BFB2B0499C371904B7B40 -- C:\Program Files (x86)\ Malwarebytes Anti-Malware \Chameleon\Windows\winlogon.exe [2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < dir "%systemdrive%\*" /S /A:L /C > Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: AE4A-9AEF Verzeichnis von C:\ 14.07.2009 07:08 <VERBINDUNG> Documents and Settings [C:\Users] 30.05.2013 15:39 <VERBINDUNG> Dokumente und Einstellungen [C:\Users] 30.05.2013 15:39 <VERBINDUNG> Programme [C:\Program Files] 0 Datei(en), 0 Bytes Verzeichnis von C:\Program Files 30.05.2013 15:39 <VERBINDUNG> Gemeinsame Dateien [C:\Program Files\Common Files] 0 Datei(en), 0 Bytes Verzeichnis von C:\Program Files\Windows NT 30.05.2013 15:39 <VERBINDUNG> Zubeh”r [C:\Program Files\Windows NT\Accessories] 0 Datei(en), 0 Bytes Verzeichnis von C:\ProgramData 30.05.2013 15:39 <VERBINDUNG> Anwendungsdaten [C:\ProgramData] 14.07.2009 07:08 <VERBINDUNG> Application Data [C:\ProgramData] 14.07.2009 07:08 <VERBINDUNG> Desktop [C:\Users\Public\Desktop] 14.07.2009 07:08 <VERBINDUNG> Documents [C:\Users\Public\Documents] 30.05.2013 15:39 <VERBINDUNG> Dokumente [C:\Users\Public\Documents] 30.05.2013 15:39 <VERBINDUNG> Favoriten [C:\Users\Public\Favorites] 14.07.2009 07:08 <VERBINDUNG> Favorites [C:\Users\Public\Favorites] 14.07.2009 07:08 <VERBINDUNG> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu] 30.05.2013 15:39 <VERBINDUNG> Startmen [C:\ProgramData\Microsoft\Windows\Start Menu] 14.07.2009 07:08 <VERBINDUNG> Templates [C:\ProgramData\Microsoft\Windows\Templates] 30.05.2013 15:39 <VERBINDUNG> Vorlagen [C:\ProgramData\Microsoft\Windows\Templates] 0 Datei(en), 0 Bytes Verzeichnis von C:\ProgramData\Microsoft\Windows\Start Menu 30.05.2013 15:39 <VERBINDUNG> Programme [C:\ProgramData\Microsoft\Windows\Start Menu\Programs] 0 Datei(en), 0 Bytes Verzeichnis von C:\Users 14.07.2009 07:08 <SYMLINKD> All Users [C:\ProgramData] 14.07.2009 07:08 <VERBINDUNG> Default User [C:\Users\Default] 0 Datei(en), 0 Bytes Verzeichnis von C:\Users\All Users 30.05.2013 15:39 <VERBINDUNG> Anwendungsdaten [C:\ProgramData] 14.07.2009 07:08 <VERBINDUNG> Application Data [C:\ProgramData] 14.07.2009 07:08 <VERBINDUNG> Desktop [C:\Users\Public\Desktop] 14.07.2009 07:08 <VERBINDUNG> Documents [C:\Users\Public\Documents] 30.05.2013 15:39 <VERBINDUNG> Dokumente [C:\Users\Public\Documents] 30.05.2013 15:39 <VERBINDUNG> Favoriten [C:\Users\Public\Favorites] 14.07.2009 07:08 <VERBINDUNG> Favorites [C:\Users\Public\Favorites] 14.07.2009 07:08 <VERBINDUNG> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu] 30.05.2013 15:39 <VERBINDUNG> Startmen [C:\ProgramData\Microsoft\Windows\Start Menu] 14.07.2009 07:08 <VERBINDUNG> Templates [C:\ProgramData\Microsoft\Windows\Templates] 30.05.2013 15:39 <VERBINDUNG> Vorlagen [C:\ProgramData\Microsoft\Windows\Templates] 0 Datei(en), 0 Bytes Verzeichnis von C:\Users\All Users\Microsoft\Windows\Start Menu 30.05.2013 15:39 <VERBINDUNG> Programme [C:\ProgramData\Microsoft\Windows\Start Menu\Programs] 0 Datei(en), 0 Bytes Verzeichnis von C:\Users\Default 30.05.2013 15:39 <VERBINDUNG> Anwendungsdaten [C:\Users\Default\AppData\Roaming] 14.07.2009 07:08 <VERBINDUNG> Application Data [C:\Users\Default\AppData\Roaming] 14.07.2009 07:08 <VERBINDUNG> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies] 30.05.2013 15:39 <VERBINDUNG> Druckumgebung [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts] 30.05.2013 15:39 <VERBINDUNG> Eigene Dateien [C:\Users\Default\Documents] 14.07.2009 07:08 <VERBINDUNG> Local Settings [C:\Users\Default\AppData\Local] 30.05.2013 15:39 <VERBINDUNG> Lokale Einstellungen [C:\Users\Default\AppData\Local] 14.07.2009 07:08 <VERBINDUNG> My Documents [C:\Users\Default\Documents] 14.07.2009 07:08 <VERBINDUNG> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts] 30.05.2013 15:39 <VERBINDUNG> Netzwerkumgebung [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts] 14.07.2009 07:08 <VERBINDUNG> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts] 14.07.2009 07:08 <VERBINDUNG> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent] 14.07.2009 07:08 <VERBINDUNG> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo] 14.07.2009 07:08 <VERBINDUNG> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu] 30.05.2013 15:39 <VERBINDUNG> Startmen [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu] 14.07.2009 07:08 <VERBINDUNG> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates] 30.05.2013 15:39 <VERBINDUNG> Vorlagen [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates] 0 Datei(en), 0 Bytes Verzeichnis von C:\Users\Default\AppData\Local 30.05.2013 15:39 <VERBINDUNG> Anwendungsdaten [C:\Users\Default\AppData\Local] 14.07.2009 07:08 <VERBINDUNG> Application Data [C:\Users\Default\AppData\Local] 14.07.2009 07:08 <VERBINDUNG> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History] 14.07.2009 07:08 <VERBINDUNG> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files] 30.05.2013 15:39 <VERBINDUNG> Verlauf [C:\Users\Default\AppData\Local\Microsoft\Windows\History] 0 Datei(en), 0 Bytes Verzeichnis von C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu 30.05.2013 15:39 <VERBINDUNG> Programme [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs] 0 Datei(en), 0 Bytes Verzeichnis von C:\Users\Default\Documents 30.05.2013 15:39 <VERBINDUNG> Eigene Bilder [C:\Users\Default\Pictures] 30.05.2013 15:39 <VERBINDUNG> Eigene Musik [C:\Users\Default\Music] 30.05.2013 15:39 <VERBINDUNG> Eigene Videos [C:\Users\Default\Videos] 14.07.2009 07:08 <VERBINDUNG> My Music [C:\Users\Default\Music] 14.07.2009 07:08 <VERBINDUNG> My Pictures [C:\Users\Default\Pictures] 14.07.2009 07:08 <VERBINDUNG> My Videos [C:\Users\Default\Videos] 0 Datei(en), 0 Bytes Verzeichnis von C:\Users\Public\Documents 30.05.2013 15:39 <VERBINDUNG> Eigene Bilder [C:\Users\Public\Pictures] 30.05.2013 15:39 <VERBINDUNG> Eigene Musik [C:\Users\Public\Music] 30.05.2013 15:39 <VERBINDUNG> Eigene Videos [C:\Users\Public\Videos] 14.07.2009 07:08 <VERBINDUNG> My Music [C:\Users\Public\Music] 14.07.2009 07:08 <VERBINDUNG> My Pictures [C:\Users\Public\Pictures] 14.07.2009 07:08 <VERBINDUNG> My Videos [C:\Users\Public\Videos] 0 Datei(en), 0 Bytes Verzeichnis von C:\Users\xy 30.05.2013 15:39 <VERBINDUNG> Anwendungsdaten [C:\Users\xy\AppData\Roaming] 30.05.2013 15:39 <VERBINDUNG> Cookies [C:\Users\xy\AppData\Roaming\Microsoft\Windows\Cookies] 30.05.2013 15:39 <VERBINDUNG> Druckumgebung [C:\Users\xy\AppData\Roaming\Microsoft\Windows\Printer Shortcuts] 30.05.2013 15:39 <VERBINDUNG> Eigene Dateien [C:\Users\xy\Documents] 30.05.2013 15:39 <VERBINDUNG> Lokale Einstellungen [C:\Users\xy\AppData\Local] 30.05.2013 15:39 <VERBINDUNG> Netzwerkumgebung [C:\Users\xy\AppData\Roaming\Microsoft\Windows\Network Shortcuts] 30.05.2013 15:39 <VERBINDUNG> Recent [C:\Users\xy\AppData\Roaming\Microsoft\Windows\Recent] 30.05.2013 15:39 <VERBINDUNG> SendTo [C:\Users\xy\AppData\Roaming\Microsoft\Windows\SendTo] 30.05.2013 15:39 <VERBINDUNG> Startmen [C:\Users\xy\AppData\Roaming\Microsoft\Windows\Start Menu] 30.05.2013 15:39 <VERBINDUNG> Vorlagen [C:\Users\xy\AppData\Roaming\Microsoft\Windows\Templates] 0 Datei(en), 0 Bytes Verzeichnis von C:\Users\xy\AppData\Local 30.05.2013 15:39 <VERBINDUNG> Anwendungsdaten [C:\Users\xy\AppData\Local] 30.05.2013 15:39 <VERBINDUNG> Temporary Internet Files [C:\Users\xy\AppData\Local\Microsoft\Windows\Temporary Internet Files] 30.05.2013 15:39 <VERBINDUNG> Verlauf [C:\Users\xy\AppData\Local\Microsoft\Windows\History] 0 Datei(en), 0 Bytes Verzeichnis von C:\Users\xy\AppData\Roaming\Microsoft\Windows\Start Menu 30.05.2013 15:39 <VERBINDUNG> Programme [C:\Users\xy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs] 0 Datei(en), 0 Bytes Verzeichnis von C:\Users\xy\Documents 30.05.2013 15:39 <VERBINDUNG> Eigene Bilder [C:\Users\xy\Pictures] 30.05.2013 15:39 <VERBINDUNG> Eigene Musik [C:\Users\xy\Music] 30.05.2013 15:39 <VERBINDUNG> Eigene Videos [C:\Users\xy\Videos] 0 Datei(en), 0 Bytes Anzahl der angezeigten Dateien: 0 Datei(en), 0 Bytes 83 Verzeichnis(se), 116.017.721.344 Bytes frei < > ========== Files - Unicode (All) ========== [2013.11.10 09:25:41 | 103,387,443 | -H-- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\焃Š [2013.11.10 09:25:41 | 103,387,443 | -H-- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\焃Š [2013.11.09 12:41:58 | 103,378,319 | -H-- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\ХŒ [2013.11.09 06:42:02 | 103,378,319 | -H-- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\ХŒ [2013.10.26 05:54:22 | 103,054,676 | -H-- | M] ()(C:\Windows\SysWow64\???¦) -- C:\Windows\SysWow64\Ⳋꝙ¦ [2013.10.26 05:54:22 | 103,054,676 | -H-- | C] ()(C:\Windows\SysWow64\???¦) -- C:\Windows\SysWow64\Ⳋꝙ¦ [2013.10.04 14:40:56 | 099,209,434 | -H-- | M] ()(C:\Windows\SysWow64\???K) -- C:\Windows\SysWow64\❒휜K [2013.10.04 14:40:56 | 099,209,434 | -H-- | C] ()(C:\Windows\SysWow64\???K) -- C:\Windows\SysWow64\❒휜K ========== Alternate Data Streams ========== @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:BF31A799 @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:373E1720 < End of report > |
11.05.2014, 15:37 | #7 |
| download protect 2.2.0 sicher entfernen Hallo, ja, auf Deinem System befindet sich Malware. Schritt 1: SideBar Advice Ich sehe, dass auf Deinem PC SideBar aktiv ist. Zurzeit besteht in diesem Programm eine Sicherheitslücke, deshalb würde ich Dir raten, es vorrübergehend zu deaktivieren. Mehr Informationen zu diesem Thema kannst Du hier: http://technet.microsoft.com/en-us/s...visory/2719662 finden. Wie man SideBar deaktiviert:
Schritt 2: Uninstalls Bitte deinstalliere folgende Programme:
Schritt 3: OTL Fix
Code:
ATTFilter :Commands [CREATERESTOREPOINT] :OTL SRV:64bit: - [2014.03.07 12:29:31 | 000,118,784 | -H-- | M] () [Auto | Running] -- C:\Windows\SysNative\mswsockd.exe -- (ntoskrol) DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard) IE - HKU\S-1-5-21-918124617-738689493-455985151-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd1202&cd=2XzuyEtN2Y1L1QzutDtDtDyEyD0F0BtB0F0C0A0Fzy0A0E0FtN0D0Tzu0SyBtCyEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1989247540&ir= FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found [2014.05.11 14:04:40 | 000,796,223 | -H-- | M] () (No name found) -- C:\WINDOWS\INSTALLER\{B16D8C33-92D4-47C7-A449-C55B0B3356E2}\{EBB09598-CE49-44A2-8D8F-DAE7F08CB84F}.XPI FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{EBB09598-CE49-44A2-8D8F-DAE7F08CB84F}: C:\Windows\Installer\{B16D8C33-92D4-47C7-A449-C55B0B3356E2}\{EBB09598-CE49-44A2-8D8F-DAE7F08CB84F}.xpi [2014.05.11 14:04:40 | 000,796,223 | -H-- | M] () O3 - HKU\S-1-5-21-918124617-738689493-455985151-1000\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found. O4 - HKLM..\Run: [Download Protect] C:\ProgramData\dlprotect.exe () O4 - HKU\.DEFAULT..\RunOnce: [SpUninstallDeleteDir] rmdir /s /q "\SearchProtect" File not found O4 - HKU\S-1-5-18..\RunOnce: [SpUninstallDeleteDir] rmdir /s /q "\SearchProtect" File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\SearchScopes present O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. [2014.05.10 18:34:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft [2014.05.10 18:34:44 | 000,001,432 | ---- | M] () -- C:\Users\Public\Desktop\Free YouTube Download.lnk [2014.05.10 18:34:44 | 000,001,235 | ---- | M] () -- C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk [2014.04.12 11:57:42 | 000,005,053 | ---- | M] () -- C:\ProgramData\hwjqxkkr.zva @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:BF31A799 @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:373E1720 :Commands [RESETHOSTS] [EMPTYTEMP]
Schritt 4: Adwarecleaner Downloade Dir bitte AdwCleaner auf deinen Desktop.
Schritt 5: Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Schritt 6: OTL Scan Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)
Schritt 7: Frage Wie läuft Dein System? |
11.05.2014, 16:24 | #8 |
| download protect 2.2.0 sicher entfernen habe den schritt 1+2 durchgeführt habe drei wie beschrieben eingeleitet aber beim punkt create a restore point dont interrupt passiert seit 35 min nichts ist dies normal dass dies oslange oder noch länger dauert? |
11.05.2014, 16:26 | #9 |
| download protect 2.2.0 sicher entfernen Komisch, das sollte eigentlich nicht passieren. Dann machen wir halt keinen Restore Point, probiere folgenden Fix aus.
Code:
ATTFilter :OTL SRV:64bit: - [2014.03.07 12:29:31 | 000,118,784 | -H-- | M] () [Auto | Running] -- C:\Windows\SysNative\mswsockd.exe -- (ntoskrol) DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard) IE - HKU\S-1-5-21-918124617-738689493-455985151-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd1202&cd=2XzuyEtN2Y1L1QzutDtDtDyEyD0F0BtB0F0C0A0Fzy0A0E0FtN0D0Tzu0SyBtCyEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1989247540&ir= FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found [2014.05.11 14:04:40 | 000,796,223 | -H-- | M] () (No name found) -- C:\WINDOWS\INSTALLER\{B16D8C33-92D4-47C7-A449-C55B0B3356E2}\{EBB09598-CE49-44A2-8D8F-DAE7F08CB84F}.XPI FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{EBB09598-CE49-44A2-8D8F-DAE7F08CB84F}: C:\Windows\Installer\{B16D8C33-92D4-47C7-A449-C55B0B3356E2}\{EBB09598-CE49-44A2-8D8F-DAE7F08CB84F}.xpi [2014.05.11 14:04:40 | 000,796,223 | -H-- | M] () O3 - HKU\S-1-5-21-918124617-738689493-455985151-1000\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found. O4 - HKLM..\Run: [Download Protect] C:\ProgramData\dlprotect.exe () O4 - HKU\.DEFAULT..\RunOnce: [SpUninstallDeleteDir] rmdir /s /q "\SearchProtect" File not found O4 - HKU\S-1-5-18..\RunOnce: [SpUninstallDeleteDir] rmdir /s /q "\SearchProtect" File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\SearchScopes present O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. [2014.05.10 18:34:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft [2014.05.10 18:34:44 | 000,001,432 | ---- | M] () -- C:\Users\Public\Desktop\Free YouTube Download.lnk [2014.05.10 18:34:44 | 000,001,235 | ---- | M] () -- C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk [2014.04.12 11:57:42 | 000,005,053 | ---- | M] () -- C:\ProgramData\hwjqxkkr.zva @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:BF31A799 @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:373E1720 :Commands [RESETHOSTS] [EMPTYTEMP]
|
11.05.2014, 17:00 | #10 |
| download protect 2.2.0 sicher entfernen wenn ic hmittels otl mit den im bild eingestellten einstellungen zu fixen beginne kommen nach cirka 3-4 sek ein paar einträge aber dann läuft ewig die sanduhr ohne ereignis habe dafür noch die zwei txt dateien der anderen programme angeführt vlt hilft dies jaAdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.207 - Bericht erstellt am 11/05/2014 um 17:48:12 # Aktualisiert 05/05/2014 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzername : xy - XY-PC # Gestartet von : D:\Downloads\adwcleaner_3.2.0.7.exe # Option : Suchen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** ***** [ Browser ] ***** -\\ Internet Explorer v11.0.9600.16518 -\\ Mozilla Firefox v29.0.1 (de) [ Datei : C:\Users\xy\AppData\Roaming\Mozilla\Firefox\Profiles\68zaqfqh.default-1399808736961\prefs.js ] -\\ Google Chrome v [ Datei : C:\Users\xy\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [16171 octets] - [07/09/2013 09:07:12] AdwCleaner[R10].txt - [3326 octets] - [10/05/2014 04:22:39] AdwCleaner[R11].txt - [2269 octets] - [11/05/2014 14:01:22] AdwCleaner[R12].txt - [963 octets] - [11/05/2014 17:48:12] AdwCleaner[R1].txt - [5313 octets] - [07/09/2013 11:55:20] AdwCleaner[R2].txt - [1237 octets] - [07/09/2013 11:58:03] AdwCleaner[R3].txt - [18051 octets] - [07/02/2014 22:34:16] AdwCleaner[R4].txt - [7137 octets] - [23/02/2014 17:05:02] AdwCleaner[R5].txt - [1744 octets] - [23/02/2014 17:09:48] AdwCleaner[R6].txt - [8384 octets] - [07/03/2014 12:56:48] AdwCleaner[R7].txt - [15501 octets] - [22/03/2014 16:02:52] AdwCleaner[R8].txt - [2361 octets] - [23/03/2014 16:49:53] AdwCleaner[R9].txt - [3264 octets] - [10/05/2014 04:10:58] AdwCleaner[S0].txt - [15710 octets] - [07/09/2013 09:07:50] AdwCleaner[S1].txt - [5204 octets] - [07/09/2013 11:55:47] AdwCleaner[S2].txt - [1249 octets] - [07/09/2013 11:58:55] AdwCleaner[S3].txt - [16841 octets] - [07/02/2014 22:35:35] AdwCleaner[S4].txt - [5473 octets] - [23/02/2014 17:06:15] AdwCleaner[S5].txt - [7152 octets] - [07/03/2014 13:02:21] AdwCleaner[S6].txt - [14250 octets] - [22/03/2014 16:03:21] AdwCleaner[S7].txt - [2378 octets] - [23/03/2014 16:50:31] AdwCleaner[S8].txt - [3340 octets] - [10/05/2014 04:23:09] AdwCleaner[S9].txt - [2283 octets] - [11/05/2014 14:02:05] ########## EOF - C:\AdwCleaner\AdwCleaner[R12].txt - [2168 octets] ########## Junkware Removal Tool (JRT) by Thisisu Version: 4.9.2 (04.29.2013:1) OS: Windows 7 Home Premium x64 Ran by xy on 11.05.2014 at 17:50:28,18 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ FireFox Emptied folder: C:\Users\xy\AppData\Roaming\mozilla\firefox\profiles\68zaqfqh.default-1399808736961\minidumps [1 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 11.05.2014 at 17:54:21,68 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
11.05.2014, 17:16 | #11 |
| download protect 2.2.0 sicher entfernen Dann verwenden wir ein anderes Tool. Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
|
11.05.2014, 17:26 | #12 |
| download protect 2.2.0 sicher entfernen FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-05-2014 Ran by xy (administrator) on XY-PC on 11-05-2014 18:20:00 Running from C:\Users\xy\Desktop Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\System32\atiesrxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (AMD) C:\Windows\System32\atieclxx.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (CrypKey (Canada) Ltd.) C:\Windows\System32\Crypserv.exe (MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe () C:\Windows\System32\mswsockd.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe () C:\ProgramData\dlprotect.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Dropbox, Inc.) C:\Users\xy\AppData\Roaming\Dropbox\bin\Dropbox.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\ipmgui.exe (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (Farbar) C:\Users\xy\Desktop\FRST64(1).exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7560296 2011-12-12] (Realtek Semiconductor) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-05-23] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [189480 2014-02-06] (Geek Software GmbH) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Download Protect] => C:\ProgramData\dlprotect.exe [12800 2014-03-07] () HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] - rmdir /s /q "\SearchProtect" HKU\S-1-5-21-918124617-738689493-455985151-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1561968 2013-05-23] (Samsung) HKU\S-1-5-21-918124617-738689493-455985151-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1825984 2014-04-24] (Valve Corporation) HKU\S-1-5-21-918124617-738689493-455985151-1000\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [1106288 2013-05-23] (Samsung) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (McAfee, Inc.) Startup: C:\Users\xy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\xy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x2D5581693C5DCE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - URL hxxp://www.trovigo.com/Results.aspx?gd=&ctid=CT3314759&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=5&UP=SP450BAC43-2951-4AEA-B92A-B2072D18AF62&q={searchTerms}&SSPV= SearchScopes: HKCU - SuggestionsURL_JSON hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms} SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd1202&cd=2XzuyEtN2Y1L1QzutDtDtDyEyD0F0BtB0F0C0A0Fzy0A0E0FtN0D0Tzu0SyBtCyEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1989247540&ir= BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{94FAA4C5-3B3C-4229-B168-76B8CA05270F}: [NameServer]8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 FireFox: ======== FF ProfilePath: C:\Users\xy\AppData\Roaming\Mozilla\Firefox\Profiles\68zaqfqh.default-1399808736961 FF Homepage: hxxp://www.upc.at/ FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll () FF Plugin: @java.com/DTPlugin,version=10.40.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll () FF Plugin-x32: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3522.0110 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker FF HKLM-x32\...\Firefox\Extensions: [{EBB09598-CE49-44A2-8D8F-DAE7F08CB84F}] - C:\Windows\Installer\{B16D8C33-92D4-47C7-A449-C55B0B3356E2}\{EBB09598-CE49-44A2-8D8F-DAE7F08CB84F}.xpi FF Extension: Download Protect - C:\Windows\Installer\{B16D8C33-92D4-47C7-A449-C55B0B3356E2}\{EBB09598-CE49-44A2-8D8F-DAE7F08CB84F}.xpi [2014-05-11] Chrome: ======= CHR HomePage: hxxp://www.google.com CHR RestoreOnStartup: "hxxp://www.google.com" CHR Extension: (Docs) - C:\Users\xy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-07-23] CHR Extension: (Google Drive) - C:\Users\xy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-23] CHR Extension: (Google Search) - C:\Users\xy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-23] CHR Extension: (Gmail) - C:\Users\xy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-23] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-06] (Advanced Micro Devices, Inc.) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG) R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64112 2014-01-16] (CyberGhost S.R.L) R2 Crypkey License; C:\Windows\system32\crypserv.exe [122880 2008-05-08] (CrypKey (Canada) Ltd.) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-16] (McAfee, Inc.) R2 ntoskrol; C:\Windows\system32\mswsockd.exe [118784 2014-03-07] () ==================== Drivers (Whitelisted) ==================== R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-20] (Advanced Micro Devices) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-26] (Avira Operations GmbH & Co. KG) R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [7717984 2013-12-24] (Kaspersky Lab ZAO) U5 klflt; C:\Windows\System32\Drivers\klflt.sys [90208 2013-12-24] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [489568 2013-12-24] (Kaspersky Lab ZAO) R1 NetworkX; C:\Windows\system32\ckldrv.sys [28664 2008-03-17] () R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [451480 2014-03-18] (Check Point Software Technologies Ltd.) U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation) S3 dgderdrv; System32\drivers\dgderdrv.sys [X] S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] S3 MSICDSetup; \??\E:\CDriver64.sys [X] S3 NTIOLib_1_0_C; \??\E:\NTIOLib_X64.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-11 18:20 - 2014-05-11 18:20 - 00015528 _____ () C:\Users\xy\Desktop\FRST.txt 2014-05-11 18:18 - 2014-05-11 18:18 - 02066432 _____ (Farbar) C:\Users\xy\Desktop\FRST64(1).exe 2014-05-11 17:54 - 2014-05-11 17:55 - 00000764 _____ () C:\Users\xy\Desktop\JRT.txt 2014-05-11 17:49 - 2014-05-11 17:49 - 00002249 _____ () C:\Users\xy\Desktop\AdwCleaner[R12].txt 2014-05-11 16:52 - 2014-05-11 16:52 - 00000000 ___DC () C:\_OTL 2014-05-11 15:26 - 2014-05-11 15:26 - 00174898 _____ () C:\Users\xy\Downloads\OTL.Txt 2014-05-11 15:10 - 2014-05-11 15:10 - 00602112 _____ (OldTimer Tools) C:\Users\xy\Desktop\OTL.exe 2014-05-11 14:56 - 2014-05-11 17:47 - 00000496 _____ () C:\Windows\error.log 2014-05-11 14:56 - 2014-05-11 17:47 - 00000224 _____ () C:\Windows\setupact.log 2014-05-11 14:56 - 2014-05-11 17:47 - 00000112 _____ () C:\Windows\errord.log 2014-05-11 14:56 - 2014-05-11 14:56 - 00000000 _____ () C:\Windows\setuperr.log 2014-05-11 14:26 - 2014-05-11 14:26 - 04892480 _____ (WinZip International LLC ) C:\Users\xy\Downloads\wzmp_8.exe 2014-05-11 13:33 - 2014-05-11 13:33 - 00000000 ____D () C:\ProgramData\Atheros 2014-05-10 18:34 - 2014-05-10 18:34 - 00001235 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk 2014-05-10 04:25 - 2014-05-10 04:25 - 00000944 _____ () C:\Users\xy\Desktop\adwcleaner_3.2.0.7 - Verknüpfung.lnk 2014-05-10 04:11 - 2010-08-30 08:34 - 00536576 ____H (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll 2014-05-10 03:35 - 2014-05-10 03:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-05-09 05:48 - 2014-05-09 05:48 - 00000000 ____D () C:\Users\Public\Documents\CrashDump 2014-05-04 07:56 - 2014-05-04 07:56 - 17931952 ____H (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2014-05-04 07:39 - 2014-05-04 07:39 - 00000000 ____D () C:\Users\xy\Documents\StreamingStar 2014-05-04 07:08 - 2014-05-04 07:08 - 00000684 _____ () C:\Users\xy\Desktop\MediathekView - neu.lnk 2014-05-04 07:03 - 2014-05-11 17:56 - 00000884 ____H () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-05-04 07:03 - 2014-05-04 07:56 - 00003822 ____H () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-05-03 15:11 - 2014-05-03 15:11 - 00000000 ____D () C:\Users\xy\AppData\Roaming\DropboxMaster 2014-05-03 10:57 - 2014-05-03 10:57 - 00000000 ____D () C:\Users\xy\Documents\MAGIX_MusicEditor 2014-05-03 09:39 - 2014-05-11 14:18 - 00000000 ____D () C:\Users\xy\AppData\Local\CrashDumps 2014-05-03 06:27 - 2014-05-03 06:27 - 00001155 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-05-03 06:27 - 2014-05-03 06:27 - 00001143 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-05-03 06:27 - 2014-05-03 06:27 - 00000000 ____D () C:\Users\xy\AppData\Roaming\Mozilla 2014-05-02 12:23 - 2014-05-02 12:23 - 00000000 ____D () C:\Users\xy\Documents\MAGIX_Foto_Manager_9 2014-05-02 12:18 - 2014-05-02 12:18 - 00001212 _____ () C:\Users\Public\Desktop\MAGIX Fotos auf CD & DVD 9 deluxe.lnk 2014-05-02 10:24 - 2014-05-02 10:24 - 00008476 _____ () C:\Users\xy\AppData\Local\recently-used.xbel 2014-05-02 06:17 - 2014-05-02 06:37 - 00000000 ____D () C:\ProgramData\MotionStudios 2014-05-02 03:00 - 2014-05-02 06:10 - 661401743 _____ () C:\Users\xy\Downloads\Install_VdG8HDProDemo.exe 2014-05-02 03:00 - 2014-05-02 03:00 - 00000000 ____D () C:\MotionStudios 2014-05-01 07:58 - 2014-05-01 07:58 - 00000000 ____D () C:\Users\xy\AppData\Local\MAGIX_AG 2014-04-27 11:54 - 2014-05-10 16:33 - 00000034 ____H () C:\Windows\cdplayer.ini 2014-04-20 09:09 - 2014-04-20 09:09 - 00000000 ____D () C:\Users\xy\Documents\Epubsoft 2014-04-20 09:09 - 2014-04-20 09:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPUBSOFT 2014-04-20 09:09 - 2014-04-20 09:09 - 00000000 ____D () C:\ProgramData\Epubsoft 2014-04-20 09:09 - 2014-04-20 09:09 - 00000000 ____D () C:\Program Files (x86)\EPUBSOFT 2014-04-20 08:59 - 2014-04-20 10:38 - 00000000 ____D () C:\Program Files (x86)\ePUBee 2014-04-20 08:59 - 2014-04-20 09:01 - 00000000 ____D () C:\Users\xy\AppData\Roaming\decrypt 2014-04-20 08:59 - 2014-04-20 09:01 - 00000000 ____D () C:\Users\xy\AppData\Roaming\.ePUBeedrmremoval 2014-04-20 08:59 - 2014-04-20 08:59 - 00000000 ____D () C:\Users\xy\AppData\Roaming\ePUBeedrmremoval 2014-04-19 11:42 - 2014-04-19 11:42 - 00000000 ____D () C:\Users\xy\AppData\Local\calibre-cache 2014-04-19 11:15 - 2014-04-19 12:26 - 00000000 ____D () C:\Users\xy\Documents\My Kindle Content 2014-04-19 11:14 - 2014-04-19 11:14 - 00001990 _____ () C:\Users\xy\Desktop\Kindle.lnk 2014-04-19 11:14 - 2014-04-19 11:14 - 00000000 ____D () C:\Users\xy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon 2014-04-19 11:14 - 2014-04-19 11:14 - 00000000 ____D () C:\Users\xy\AppData\Local\Amazon 2014-04-19 11:14 - 2014-04-19 11:14 - 00000000 ____D () C:\Program Files (x86)\Amazon 2014-04-18 06:31 - 2014-04-18 06:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sygate Personal Firewall 2014-04-18 06:31 - 2014-04-18 06:31 - 00000000 ____D () C:\Program Files (x86)\Sygate 2014-04-18 06:31 - 2004-10-15 18:32 - 00083096 ____H (Sygate Technologies, Inc.) C:\Windows\SysWOW64\SSSensor.dll 2014-04-17 20:52 - 2014-05-11 17:25 - 00303727 ____H () C:\Windows\WindowsUpdate.log 2014-04-17 20:28 - 2014-04-17 20:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point 2014-04-17 20:28 - 2014-04-17 20:29 - 00000132 ____H () C:\Windows\system32\Drivers\vsconfig.xml 2014-04-17 20:28 - 2013-12-24 23:33 - 07717984 ____H (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kl1.sys 2014-04-17 20:28 - 2013-12-24 23:33 - 00489568 ____H (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys 2014-04-17 20:28 - 2013-12-24 23:33 - 00090208 ____H (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys 2014-04-17 04:41 - 2014-04-17 20:42 - 00000000 ____D () C:\Program Files (x86)\CheckPoint 2014-04-17 04:39 - 2014-05-11 14:29 - 00119512 ____H (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-17 04:39 - 2014-04-17 04:39 - 00001098 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-04-17 04:39 - 2014-04-17 04:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-04-17 04:39 - 2014-04-17 04:39 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-04-17 04:39 - 2014-04-03 09:51 - 00088280 ____H (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-17 04:39 - 2014-04-03 09:51 - 00063192 ____H (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-17 04:39 - 2014-04-03 09:50 - 00025816 ____H (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-04-12 12:26 - 2014-04-12 12:26 - 00000000 ____D () C:\Users\xy\Documents\Camtasia Studio 2014-04-12 12:26 - 2014-04-12 12:26 - 00000000 ____D () C:\Users\xy\AppData\Roaming\TechSmith 2014-04-12 12:22 - 2014-04-12 12:29 - 00000000 ____D () C:\Users\xy\AppData\Local\Ashampoo Movie Studio 2014-04-12 12:21 - 2014-04-12 12:21 - 00001240 _____ () C:\Users\Public\Desktop\Ashampoo Movie Studio.lnk 2014-04-12 11:57 - 2014-04-12 11:57 - 00005053 _____ () C:\ProgramData\hwjqxkkr.zva 2014-04-12 11:57 - 2014-04-12 11:57 - 00000000 ____D () C:\Users\xy\AppData\Roaming\MOVAVI 2014-04-12 11:57 - 2014-04-12 11:57 - 00000000 ____D () C:\Users\xy\AppData\Local\Movavi 2014-04-12 11:37 - 2014-04-12 11:37 - 00000000 ____D () C:\ProgramData\TechSmith 2014-04-12 11:37 - 2014-04-12 11:37 - 00000000 ____D () C:\ProgramData\regid.1995-08.com.techsmith 2014-04-12 11:37 - 2014-04-12 11:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith 2014-04-12 11:37 - 2014-04-12 11:37 - 00000000 ____D () C:\Program Files (x86)\TechSmith 2014-04-12 11:37 - 2014-04-12 11:37 - 00000000 ____D () C:\Program Files (x86)\QuickTime ==================== One Month Modified Files and Folders ======= 2014-05-11 18:20 - 2014-05-11 18:20 - 00015528 _____ () C:\Users\xy\Desktop\FRST.txt 2014-05-11 18:20 - 2014-02-08 19:11 - 00000000 ____D () C:\FRST 2014-05-11 18:18 - 2014-05-11 18:18 - 02066432 _____ (Farbar) C:\Users\xy\Desktop\FRST64(1).exe 2014-05-11 18:05 - 2014-03-05 18:43 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-05-11 17:56 - 2014-05-04 07:03 - 00000884 ____H () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-05-11 17:55 - 2014-05-11 17:54 - 00000764 _____ () C:\Users\xy\Desktop\JRT.txt 2014-05-11 17:55 - 2009-07-14 06:45 - 00014832 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-05-11 17:55 - 2009-07-14 06:45 - 00014832 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-05-11 17:51 - 2014-04-17 20:52 - 00303727 ____H () C:\Windows\WindowsUpdate.log 2014-05-11 17:50 - 2013-05-31 20:46 - 00000000 ____D () C:\JRT 2014-05-11 17:49 - 2014-05-11 17:49 - 00002249 _____ () C:\Users\xy\Desktop\AdwCleaner[R12].txt 2014-05-11 17:49 - 2013-09-07 09:07 - 00000000 ___DC () C:\AdwCleaner 2014-05-11 17:49 - 2013-08-17 11:07 - 00000000 ____D () C:\Users\xy\AppData\Roaming\Dropbox 2014-05-11 17:48 - 2013-08-17 11:14 - 00000000 ___RD () C:\Users\xy\Dropbox 2014-05-11 17:47 - 2014-05-11 14:56 - 00000496 _____ () C:\Windows\error.log 2014-05-11 17:47 - 2014-05-11 14:56 - 00000224 _____ () C:\Windows\setupact.log 2014-05-11 17:47 - 2014-05-11 14:56 - 00000112 _____ () C:\Windows\errord.log 2014-05-11 17:47 - 2013-08-27 20:28 - 00001098 ____H () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-05-11 17:47 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-05-11 17:46 - 2013-08-27 20:28 - 00001102 ____H () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-05-11 16:52 - 2014-05-11 16:52 - 00000000 ___DC () C:\_OTL 2014-05-11 16:49 - 2013-07-07 09:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft 2014-05-11 15:26 - 2014-05-11 15:26 - 00174898 _____ () C:\Users\xy\Downloads\OTL.Txt 2014-05-11 15:10 - 2014-05-11 15:10 - 00602112 _____ (OldTimer Tools) C:\Users\xy\Desktop\OTL.exe 2014-05-11 14:56 - 2014-05-11 14:56 - 00000000 _____ () C:\Windows\setuperr.log 2014-05-11 14:29 - 2014-04-17 04:39 - 00119512 ____H (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-11 14:26 - 2014-05-11 14:26 - 04892480 _____ (WinZip International LLC ) C:\Users\xy\Downloads\wzmp_8.exe 2014-05-11 14:18 - 2014-05-03 09:39 - 00000000 ____D () C:\Users\xy\AppData\Local\CrashDumps 2014-05-11 14:04 - 2014-03-26 20:44 - 00000306 __RSH () C:\ProgramData\ntuser.pol 2014-05-11 13:33 - 2014-05-11 13:33 - 00000000 ____D () C:\ProgramData\Atheros 2014-05-11 09:52 - 2009-07-14 19:58 - 00702926 ____H () C:\Windows\system32\perfh007.dat 2014-05-11 09:52 - 2009-07-14 19:58 - 00150566 ____H () C:\Windows\system32\perfc007.dat 2014-05-11 09:52 - 2009-07-14 07:13 - 01629276 ____H () C:\Windows\system32\PerfStringBackup.INI 2014-05-11 06:59 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\NDF 2014-05-10 18:49 - 2013-07-13 10:14 - 00000000 ____D () C:\Users\xy\Documents\Movies2DVDProjects 2014-05-10 18:47 - 2013-07-13 10:14 - 00000000 ____D () C:\Users\xy\AppData\Roaming\FreeMoviesToDVD 2014-05-10 18:41 - 2009-07-14 07:08 - 00032632 ____H () C:\Windows\Tasks\SCHEDLGU.TXT 2014-05-10 18:34 - 2014-05-10 18:34 - 00001235 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk 2014-05-10 18:34 - 2013-07-07 09:27 - 00000000 ____D () C:\Users\xy\AppData\Roaming\DVDVideoSoft 2014-05-10 18:11 - 2009-07-14 07:32 - 00000000 ___HD () C:\Windows\system32\FxsTmp 2014-05-10 16:50 - 2013-05-30 17:14 - 00000000 ____D () C:\Users\xy\Documents\MAGIX_Fotos_auf_CD_DVD_9_dlx 2014-05-10 16:33 - 2014-04-27 11:54 - 00000034 ____H () C:\Windows\cdplayer.ini 2014-05-10 04:25 - 2014-05-10 04:25 - 00000944 _____ () C:\Users\xy\Desktop\adwcleaner_3.2.0.7 - Verknüpfung.lnk 2014-05-10 04:23 - 2013-05-30 15:39 - 00000000 ____D () C:\Users\xy 2014-05-10 03:36 - 2014-05-10 03:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-05-10 03:24 - 2013-12-15 08:42 - 00000000 ____D () C:\Program Files (x86)\CDBurnerXP 2014-05-09 17:20 - 2014-02-15 13:45 - 00001945 _____ () C:\Users\Public\Desktop\CDBurnerXP.lnk 2014-05-09 17:20 - 2014-02-15 13:45 - 00001895 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk 2014-05-09 06:17 - 2013-10-06 11:08 - 00000655 ____C () C:\CKINFO.TXT 2014-05-09 06:10 - 2013-06-15 15:59 - 00000000 ____D () C:\Program Files (x86)\Nokia 2014-05-09 05:48 - 2014-05-09 05:48 - 00000000 ____D () C:\Users\Public\Documents\CrashDump 2014-05-06 15:41 - 2013-08-27 20:28 - 00004098 ____H () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-05-06 15:41 - 2013-08-27 20:28 - 00003846 ____H () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-05-04 09:17 - 2013-08-24 07:28 - 00000000 ____D () C:\Users\xy\AppData\Roaming\vlc 2014-05-04 08:43 - 2013-12-27 13:25 - 00000000 ____D () C:\Users\xy\.mediathek3 2014-05-04 07:56 - 2014-05-04 07:56 - 17931952 ____H (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2014-05-04 07:56 - 2014-05-04 07:03 - 00003822 ____H () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-05-04 07:56 - 2013-05-30 16:32 - 00692400 ____H (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-05-04 07:56 - 2013-05-30 16:32 - 00070832 ____H (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-05-04 07:39 - 2014-05-04 07:39 - 00000000 ____D () C:\Users\xy\Documents\StreamingStar 2014-05-04 07:08 - 2014-05-04 07:08 - 00000684 _____ () C:\Users\xy\Desktop\MediathekView - neu.lnk 2014-05-04 07:06 - 2013-07-04 15:26 - 00001930 _____ () C:\Users\Public\Desktop\Canon Easy-PhotoPrint EX.lnk 2014-05-04 07:06 - 2013-06-12 18:46 - 00001973 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk 2014-05-04 07:06 - 2013-06-01 07:27 - 00000866 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-05-04 06:53 - 2013-12-27 13:26 - 00000000 ____D () C:\Users\xy\MediathekView 2014-05-03 15:12 - 2013-05-30 15:40 - 00000000 ___RD () C:\Users\xy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-05-03 15:11 - 2014-05-03 15:11 - 00000000 ____D () C:\Users\xy\AppData\Roaming\DropboxMaster 2014-05-03 15:11 - 2013-08-17 11:14 - 00000970 _____ () C:\Users\xy\Desktop\Dropbox.lnk 2014-05-03 15:11 - 2013-08-17 11:08 - 00000000 ____D () C:\Users\xy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-05-03 10:59 - 2009-07-14 04:34 - 00000564 ____H () C:\Windows\win.ini 2014-05-03 10:57 - 2014-05-03 10:57 - 00000000 ____D () C:\Users\xy\Documents\MAGIX_MusicEditor 2014-05-03 10:12 - 2014-03-19 13:14 - 00011264 _____ () C:\Users\xy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-05-03 09:52 - 2013-06-26 18:05 - 00000000 ____D () C:\Users\xy\Documents\Calibre Bibliothek 2014-05-03 06:27 - 2014-05-03 06:27 - 00001155 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-05-03 06:27 - 2014-05-03 06:27 - 00001143 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-05-03 06:27 - 2014-05-03 06:27 - 00000000 ____D () C:\Users\xy\AppData\Roaming\Mozilla 2014-05-02 15:27 - 2009-07-14 06:45 - 00512808 ____H () C:\Windows\system32\FNTCACHE.DAT 2014-05-02 12:30 - 2013-05-30 15:48 - 00158840 _____ () C:\Users\xy\AppData\Local\GDIPFONTCACHEV1.DAT 2014-05-02 12:23 - 2014-05-02 12:23 - 00000000 ____D () C:\Users\xy\Documents\MAGIX_Foto_Manager_9 2014-05-02 12:23 - 2013-05-30 17:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX 2014-05-02 12:23 - 2013-05-30 17:13 - 00000000 ____D () C:\ProgramData\MAGIX 2014-05-02 12:18 - 2014-05-02 12:18 - 00001212 _____ () C:\Users\Public\Desktop\MAGIX Fotos auf CD & DVD 9 deluxe.lnk 2014-05-02 12:12 - 2013-05-30 17:12 - 00000000 ____D () C:\Program Files (x86)\MAGIX 2014-05-02 10:26 - 2013-07-11 18:00 - 00000000 ____D () C:\Users\xy\AppData\Local\gtk-2.0 2014-05-02 10:26 - 2013-07-11 17:57 - 00000000 ____D () C:\Users\xy\.gimp-2.8 2014-05-02 10:24 - 2014-05-02 10:24 - 00008476 _____ () C:\Users\xy\AppData\Local\recently-used.xbel 2014-05-02 06:37 - 2014-05-02 06:17 - 00000000 ____D () C:\ProgramData\MotionStudios 2014-05-02 06:10 - 2014-05-02 03:00 - 661401743 _____ () C:\Users\xy\Downloads\Install_VdG8HDProDemo.exe 2014-05-02 03:00 - 2014-05-02 03:00 - 00000000 ____D () C:\MotionStudios 2014-05-01 18:25 - 2013-05-30 17:24 - 00000000 ____D () C:\Users\xy\AppData\Roaming\MAGIX 2014-05-01 07:58 - 2014-05-01 07:58 - 00000000 ____D () C:\Users\xy\AppData\Local\MAGIX_AG 2014-04-20 10:38 - 2014-04-20 08:59 - 00000000 ____D () C:\Program Files (x86)\ePUBee 2014-04-20 09:20 - 2013-06-26 18:04 - 00000000 ____D () C:\Users\xy\AppData\Roaming\calibre 2014-04-20 09:09 - 2014-04-20 09:09 - 00000000 ____D () C:\Users\xy\Documents\Epubsoft 2014-04-20 09:09 - 2014-04-20 09:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPUBSOFT 2014-04-20 09:09 - 2014-04-20 09:09 - 00000000 ____D () C:\ProgramData\Epubsoft 2014-04-20 09:09 - 2014-04-20 09:09 - 00000000 ____D () C:\Program Files (x86)\EPUBSOFT 2014-04-20 09:01 - 2014-04-20 08:59 - 00000000 ____D () C:\Users\xy\AppData\Roaming\decrypt 2014-04-20 09:01 - 2014-04-20 08:59 - 00000000 ____D () C:\Users\xy\AppData\Roaming\.ePUBeedrmremoval 2014-04-20 08:59 - 2014-04-20 08:59 - 00000000 ____D () C:\Users\xy\AppData\Roaming\ePUBeedrmremoval 2014-04-19 12:26 - 2014-04-19 11:15 - 00000000 ____D () C:\Users\xy\Documents\My Kindle Content 2014-04-19 11:42 - 2014-04-19 11:42 - 00000000 ____D () C:\Users\xy\AppData\Local\calibre-cache 2014-04-19 11:42 - 2013-06-26 18:04 - 00000960 _____ () C:\Users\Public\Desktop\calibre - E-book management.lnk 2014-04-19 11:42 - 2013-06-26 18:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management 2014-04-19 11:42 - 2013-06-26 18:04 - 00000000 ____D () C:\Program Files (x86)\Calibre2 2014-04-19 11:14 - 2014-04-19 11:14 - 00001990 _____ () C:\Users\xy\Desktop\Kindle.lnk 2014-04-19 11:14 - 2014-04-19 11:14 - 00000000 ____D () C:\Users\xy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon 2014-04-19 11:14 - 2014-04-19 11:14 - 00000000 ____D () C:\Users\xy\AppData\Local\Amazon 2014-04-19 11:14 - 2014-04-19 11:14 - 00000000 ____D () C:\Program Files (x86)\Amazon 2014-04-18 06:31 - 2014-04-18 06:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sygate Personal Firewall 2014-04-18 06:31 - 2014-04-18 06:31 - 00000000 ____D () C:\Program Files (x86)\Sygate 2014-04-17 20:43 - 2014-04-17 20:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point 2014-04-17 20:42 - 2014-04-17 04:41 - 00000000 ____D () C:\Program Files (x86)\CheckPoint 2014-04-17 20:29 - 2014-04-17 20:28 - 00000132 ____H () C:\Windows\system32\Drivers\vsconfig.xml 2014-04-17 04:39 - 2014-04-17 04:39 - 00001098 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-04-17 04:39 - 2014-04-17 04:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-04-17 04:39 - 2014-04-17 04:39 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-04-17 04:39 - 2013-07-27 09:55 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-12 12:29 - 2014-04-12 12:22 - 00000000 ____D () C:\Users\xy\AppData\Local\Ashampoo Movie Studio 2014-04-12 12:26 - 2014-04-12 12:26 - 00000000 ____D () C:\Users\xy\Documents\Camtasia Studio 2014-04-12 12:26 - 2014-04-12 12:26 - 00000000 ____D () C:\Users\xy\AppData\Roaming\TechSmith 2014-04-12 12:21 - 2014-04-12 12:21 - 00001240 _____ () C:\Users\Public\Desktop\Ashampoo Movie Studio.lnk 2014-04-12 12:21 - 2014-03-15 10:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo 2014-04-12 12:21 - 2014-03-15 10:08 - 00000000 ____D () C:\ProgramData\Ashampoo 2014-04-12 12:21 - 2014-03-15 10:08 - 00000000 ____D () C:\Program Files (x86)\Ashampoo 2014-04-12 12:19 - 2013-09-28 08:32 - 00000000 ____D () C:\Program Files (x86)\CamStudio 2.7 2014-04-12 11:57 - 2014-04-12 11:57 - 00005053 _____ () C:\ProgramData\hwjqxkkr.zva 2014-04-12 11:57 - 2014-04-12 11:57 - 00000000 ____D () C:\Users\xy\AppData\Roaming\MOVAVI 2014-04-12 11:57 - 2014-04-12 11:57 - 00000000 ____D () C:\Users\xy\AppData\Local\Movavi 2014-04-12 11:42 - 2013-11-09 15:25 - 00004509 _____ () C:\Users\xy\AppData\Roaming\CamStudio.cfg 2014-04-12 11:42 - 2013-09-28 09:55 - 00000408 _____ () C:\Users\xy\AppData\Roaming\CamShapes.ini 2014-04-12 11:42 - 2013-09-28 09:55 - 00000408 _____ () C:\Users\xy\AppData\Roaming\CamLayout.ini 2014-04-12 11:42 - 2013-09-28 09:55 - 00000096 _____ () C:\Users\xy\AppData\Roaming\Camdata.ini 2014-04-12 11:37 - 2014-04-12 11:37 - 00000000 ____D () C:\ProgramData\TechSmith 2014-04-12 11:37 - 2014-04-12 11:37 - 00000000 ____D () C:\ProgramData\regid.1995-08.com.techsmith 2014-04-12 11:37 - 2014-04-12 11:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith 2014-04-12 11:37 - 2014-04-12 11:37 - 00000000 ____D () C:\Program Files (x86)\TechSmith 2014-04-12 11:37 - 2014-04-12 11:37 - 00000000 ____D () C:\Program Files (x86)\QuickTime Files to move or delete: ==================== C:\Users\xy\AppData\Roaming\Camdata.ini C:\Users\xy\AppData\Roaming\CamLayout.ini C:\Users\xy\AppData\Roaming\CamShapes.ini C:\Users\xy\AppData\Roaming\options.ini C:\Users\xy\AppData\Roaming\options_pdfcombine.ini C:\Users\xy\AppData\Roaming\options_pdfrotator.ini C:\Users\xy\AppData\Roaming\setup.ini C:\Users\xy\AppData\Roaming\setup_pdfcombine.ini C:\Users\xy\AppData\Roaming\setup_pdfrotator.ini C:\ProgramData\dlprotect.exe Some content of TEMP: ==================== C:\Users\xy\AppData\Local\Temp\avgnt.exe C:\Users\xy\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp4oohvo.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-05-09 06:43 ==================== End Of Log ============================ --- --- --- dies zuerst das mit dem addition txt muss ich erst klären wie des läuft ps danke für deine geduld FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-05-2014 Ran by xy at 2014-05-11 18:24:57 Running from C:\Users\xy\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.206 - Adobe Systems Incorporated) Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated) Adobe Reader XI (11.0.03) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated) Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version: - Amazon) AMD Accelerated Video Transcoding (Version: 13.20.100.31206 - Advanced Micro Devices, Inc.) Hidden AMD APP SDK Runtime (Version: 10.0.1084.4 - Advanced Micro Devices Inc.) Hidden AMD Catalyst Control Center (x32 Version: 2013.1206.1603.28764 - Ihr Firmenname) Hidden AMD Catalyst Install Manager (HKLM\...\{308051DA-0048-7A07-FE8B-9B6EC119A9E8}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.) AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden AMD Fuel (Version: 2013.1206.1603.28764 - Ihr Firmenname) Hidden AMD Media Foundation Decoders (Version: 1.0.81206.1620 - Advanced Micro Devices, Inc.) Hidden AMD Steady Video Plug-In (Version: 2.06.0000 - AMD) Hidden AMD Wireless Display v3.0 (Version: 1.0.0.14 - Advanced Micro Devices, Inc.) Hidden Ashampoo Burning Studio FREE v.1.12.0 (HKLM-x32\...\{91B33C97-91F8-FFB3-581B-BC952C901685}_is1) (Version: 1.12.0 - Ashampoo GmbH & Co. KG) Ashampoo Movie Studio v.1.0.13 (HKLM-x32\...\{91B33C97-54B3-9CEB-E911-246EDA9BDC9A}_is1) (Version: 1.0.13 - Ashampoo GmbH & Co. KG) Audiograbber 1.83 SE (HKLM-x32\...\Audiograbber) (Version: 1.83 SE - Audiograbber) Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira) calibre (HKLM-x32\...\{48C84341-E4F7-42EC-BED5-7A5CAA3291F5}) (Version: 1.33.0 - Kovid Goyal) Camtasia Studio 8 (HKLM-x32\...\{F5C9BE9A-04C3-4A72-8CD0-BB67C722D608}) (Version: 8.1.2.1344 - TechSmith Corporation) Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: 4.1.6 - Canon Inc.) Canon MG5300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series) (Version: - Canon Inc.) Canon MP Navigator EX 5.0 (HKLM-x32\...\MP Navigator EX 5.0) (Version: - ) Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Graphics Previews Common (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center InstallProxy (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Localization All (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Standard (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Traditional (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Czech (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Danish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Dutch (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help English (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Finnish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help French (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help German (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Greek (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Hungarian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Italian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Japanese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Korean (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Norwegian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Polish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Portuguese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Russian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Spanish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Swedish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Thai (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Turkish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden ccc-utility64 (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden CCleaner (HKLM\...\CCleaner) (Version: 4.03 - Piriform) CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.3.4746 - CDBurnerXP) CDex - Open Source Digital Audio CD Extractor (HKLM-x32\...\CDex) (Version: 1.70.4.2009 - Georgy Berdyshev) CD-LabelPrint (HKLM-x32\...\MediaNavigation.CDLabelPrint) (Version: - ) CyberGhost 5 (HKLM\...\CyberGhost VPN 5_is1) (Version: - CyberGhost S.R.L.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Dark Project 2 (HKLM-x32\...\Thief22DeinstallKey) (Version: - ) DarkLoader 4.3 (HKLM-x32\...\DarkLoader_is1) (Version: 4.3 - WhoopDeDo.org) DesignPro 5 (HKLM-x32\...\InstallShield_{F82C6574-AD88-4B40-A432-970BC77F1BD2}) (Version: 5.5.708 - Avery Dennison) DesignPro 5 (x32 Version: 5.5.708 - Avery Dennison) Hidden Dropbox (HKCU\...\Dropbox) (Version: 2.6.31 - Dropbox, Inc.) DVD Decrypter (Remove Only) (HKLM-x32\...\DVD Decrypter) (Version: - ) DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen) DVD Shrink 3.2 deutsch (DeCSS-frei) (HKLM-x32\...\DVD Shrink DE_is1) (Version: - DVD Shrink) FILEminimizer Pictures (HKLM-x32\...\FILEminimizer Pictures_is1) (Version: - balesio AG) Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{AF37F9DE-0726-439E-BC10-43D9195394D0}) (Version: 2.1.26.0 - MAGIX AG) FormatFactory 3.1.1 (HKLM-x32\...\FormatFactory) (Version: 3.1.1 - Free Time) Fotogalerie (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden Free Video Dub version 2.0.21.822 (HKLM-x32\...\Free Video Dub_is1) (Version: 2.0.21.822 - DVDVideoSoft Ltd.) Free Videos To DVD V 4.0.0 (HKLM-x32\...\Free Videos To DVD_is1) (Version: 4.0.0.0 - Koyote soft) Freemake Video Converter Version 4.1.3 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.3 - Ellora Assets Corporation) GarrettLoader 1.41 (HKLM-x32\...\GarrettLoader_is1) (Version: 1.41 - Richard Potter) GIMP 2.8.6 (HKLM\...\GIMP-2_is1) (Version: 2.8.6 - The GIMP Team) Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden HOFER Bestellsoftware 4.12.1 (HKLM-x32\...\HOFER Bestellsoftware) (Version: 4.12.1 - ORWO Net) ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!) Java 7 Update 40 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417040FF}) (Version: 7.0.400 - Oracle) Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle) Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden Java SE Development Kit 7 Update 40 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170400}) (Version: 1.7.0.400 - Oracle) Java(TM) 7 Update 4 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217004F0}) (Version: 7.0.40 - Oracle) JavaFX 2.1.0 (HKLM-x32\...\{1111706F-666A-4037-7777-210328764D10}) (Version: 2.1.0 - Oracle Corporation) LAV Filters 0.55.3 (HKLM-x32\...\lavfilters_is1) (Version: 0.55.3 - Hendrik Leppkes) MAGIX 3D Maker (embeded) (HKLM-x32\...\MAGIX 3D Maker D) (Version: 6.0.0.8 - MAGIX AG) MAGIX Foto Manager 9 (HKLM-x32\...\MAGIX Foto Manager 9 D) (Version: 7.0.0.91 - MAGIX AG) MAGIX Fotos auf CD & DVD 9 deluxe 9.0.0.18 (D) (HKLM-x32\...\MAGIX Fotos auf CD & DVD 9 deluxe D) (Version: 9.0.0.18 - MAGIX AG) MAGIX Online Druck Service (HKLM-x32\...\MAGIX Online Druck Service D) (Version: 3.4.3.0 - MAGIX AG) MAGIX Screenshare (HKLM-x32\...\MAGIX Screenshare D) (Version: 4.3.6.1987 - MAGIX AG) MAGIX Speed burnR (HKLM-x32\...\MAGIX Speed burnR D) (Version: 6.0.1.4 - MAGIX AG) MAGIX Xtreme Foto Designer 6 (HKLM-x32\...\MAGIX Xtreme Foto Designer 6 D) (Version: 6.0.29.0 - MAGIX AG) Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation) McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.141.11 - McAfee, Inc.) Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden Microsoft Visual C++ Run Time Lib Setup (HKLM-x32\...\{AAF4238F-7C29-451D-9925-C753271A5728}) (Version: 1.0.0 - Microsoft) Microsoft_VC100_CRT_SP1_x64 (Version: 10.0.40219.1 - Nokia) Hidden Microsoft_VC100_CRT_SP1_x86 (x32 Version: 10.0.40219.1 - Nokia) Hidden Movie Maker (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla) MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) PC Connectivity Solution (HKLM-x32\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia) PDF24 Creator 6.3.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org) PDFZilla V3.0.6 (HKLM-x32\...\PDFZilla_is1) (Version: - PDFZilla, Inc.) Photo Gallery (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6526 - Realtek Semiconductor Corp.) Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group) Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.3.13052_10 - Samsung Electronics Co., Ltd.) Samsung Kies (x32 Version: 2.5.3.13052_10 - Samsung Electronics Co., Ltd.) Hidden SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.24.0 - SAMSUNG Electronics Co., Ltd.) Shockwave (HKLM-x32\...\Shockwave) (Version: - ) Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation) Stellar Phoenix Outlook PST Repair (HKLM-x32\...\Stellar Phoenix Outlook PST Repair_is1) (Version: 4.5.0.0 - Stellar Information Systems Ltd.) StreamTransport version: 1.1.0.1 (HKLM-x32\...\{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1) (Version: - ) Sygate Personal Firewall (HKLM-x32\...\{F34D9A5F-484A-4E31-A9D3-908CB265B289}) (Version: 5.6.2808 - Sygate Technologies, Inc.) TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - ) TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.25942 - TeamViewer) Thief - The Dark Project (Remove Only) (HKLM-x32\...\Thief - The Dark Project) (Version: 1.33 - Mastertronic Group Ltd.) Thief (HKLM-x32\...\Steam App 239160) (Version: - Eidos-Montréal) Thief 2 - The Metal Age (Remove Only) (HKLM-x32\...\Thief 2 - The Metal Age) (Version: 1.18 - Mastertronic Group Ltd.) Ultimate EPubsoft DRM Removal 8.5.5 (HKLM-x32\...\{49617AB8-5A31-44A7-95A6-BE6CE251A6F1}) (Version: 8.5.5 - EPUBSOFT) Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{128A5449-CF71-4DA4-A746-F49E3B5DB584}) (Version: - Microsoft) Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft) Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft) Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft) Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft) USB/DVD-Downloadtool für Windows 7 (HKLM-x32\...\{7D6DDE45-FE2F-4D11-A7E7-BC2C2910536C}) (Version: 1.0.30 - Microsoft Corporation) Video to Video (HKLM-x32\...\{7F95A744-78DA-4AED-A8F0-A0AF330B8411}_is1) (Version: - Media Converters) VLC media player 2.0.8 (HKLM-x32\...\VLC media player) (Version: 2.0.8 - VideoLAN) Windows Live Communications Platform (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3522.0110 - Microsoft Corporation) Windows Live Essentials (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden Windows Live UX Platform (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia) ZoneAlarm Antivirus (x32 Version: 13.0.208.000 - Check Point Software Technologies Ltd.) Hidden ZoneAlarm Firewall (x32 Version: 13.0.208.000 - Check Point Software Technologies Ltd.) Hidden ZoneAlarm Security (x32 Version: 13.0.208.000 - Check Point Software Technologies Ltd.) Hidden ==================== Restore Points ========================= 09-05-2014 04:07:42 Revo Uninstaller's restore point - MyPhoneExplorer 09-05-2014 04:10:04 Revo Uninstaller's restore point - Nokia Connectivity Cable Driver 09-05-2014 04:11:16 Revo Uninstaller's restore point - Photo to Cartoon 09-05-2014 04:11:30 Removed Photo to Cartoon 09-05-2014 04:12:48 Revo Uninstaller's restore point - Seterra 4.02 09-05-2014 04:14:08 Revo Uninstaller's restore point - WinPcap 4.1.2 09-05-2014 04:15:05 Revo Uninstaller's restore point - Raptr 10-05-2014 16:29:16 Revo Uninstaller's restore point - Free YouTube Download version 3.2.30.319 11-05-2014 13:15:59 OTL Restore Point - 11.05.2014 15:15:54 11-05-2014 13:53:21 OTL Restore Point - 11.05.2014 15:53:20 11-05-2014 14:42:37 Installed Microsoft Fix it 50906 11-05-2014 14:48:26 Revo Uninstaller's restore point - Free YouTube Download version 3.2.33.424 ==================== Hosts content: ========================== 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____H C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {0E125C29-95DE-496B-86A3-2D1C0FC5DDC3} - \MySearchDial No Task File <==== ATTENTION Task: {1F691731-16AF-4B3C-AD55-BF4F72AE95F1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-04] (Adobe Systems Incorporated) Task: {23531204-81FC-40A3-BFF9-ACEFB6788CC5} - \Plus-HD-3.8-codedownloader No Task File <==== ATTENTION Task: {2A0DDAD7-4FA2-4736-A354-9B85417CCF83} - \DealPlyLiveUpdateTaskMachineUA No Task File <==== ATTENTION Task: {36187001-8CCF-4CA9-8E26-679A9980EF78} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-27] (Google Inc.) Task: {441A66ED-6311-4047-BA4B-ECF5BD68BF96} - \DealPlyLiveUpdateTaskMachineCore No Task File <==== ATTENTION Task: {4D89E493-FD66-4A94-BBD2-77B08DC85335} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-27] (Google Inc.) Task: {5D4A37BD-8A7E-4318-9087-F814EF2CB9B7} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: {7ADCE2F0-A84A-45F8-A13B-E898612D8DBE} - \Plus-HD-3.8-enabler No Task File <==== ATTENTION Task: {87804904-7149-4E85-8079-C97A1193CBE3} - \YourFile DownloaderUpdate No Task File <==== ATTENTION Task: {A682A5EB-4323-465A-807A-B67D9F926C4B} - \DealPlyUpdate No Task File <==== ATTENTION Task: {B961D51B-6104-4526-88CA-AD228A8348DC} - \Plus-HD-3.8-chromeinstaller No Task File <==== ATTENTION Task: {BB15B8B0-87E0-4094-A4EA-ED482FB4C62F} - \Plus-HD-3.8-updater No Task File <==== ATTENTION Task: {C2FD483E-7372-4528-A173-57438B05346E} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-05-11] (Adobe Systems Incorporated) Task: {C77811B6-F111-4FF4-A00E-120A1D461154} - \Plus-HD-3.8-firefoxinstaller No Task File <==== ATTENTION Task: {D540C745-CFDF-42C4-8412-1267B8F817AA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-06-19] (Piriform Ltd) Task: {E74E4D8F-1897-44E0-9D8C-B6BFC338EA6B} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation) Task: {F76D45D8-AEF7-4CC2-9954-A80713EEA0BE} - \Dealply No Task File <==== ATTENTION Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2013-12-06 17:06 - 2013-12-06 17:06 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll 2013-07-26 06:59 - 2013-07-26 06:59 - 00814592 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll 2013-07-26 06:59 - 2013-07-26 06:59 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll 2014-03-07 12:29 - 2014-03-07 12:29 - 00118784 ____H () C:\Windows\system32\mswsockd.exe 2014-03-07 12:29 - 2014-03-07 12:29 - 00012800 _____ () C:\ProgramData\dlprotect.exe 2013-12-06 17:06 - 2013-12-06 17:06 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll 2013-05-30 16:10 - 2013-01-25 10:25 - 00397704 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll 2014-05-11 17:48 - 2014-05-11 17:48 - 00041984 _____ () c:\users\xy\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp4oohvo.dll 2013-10-19 01:55 - 2013-10-19 01:55 - 25100288 _____ () C:\Users\xy\AppData\Roaming\Dropbox\bin\libcef.dll 2014-03-05 20:12 - 2014-04-22 00:55 - 00340480 _____ () C:\Program Files (x86)\Steam\libavresample-1.dll 2014-04-27 14:15 - 2014-04-22 00:55 - 00471552 _____ () C:\Program Files (x86)\Steam\libavutil-53.dll 2014-03-05 20:12 - 2014-04-01 00:09 - 00754688 _____ () C:\Program Files (x86)\Steam\SDL2.dll 2014-03-05 20:12 - 2014-04-24 00:01 - 01092288 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL 2014-03-05 20:12 - 2014-03-03 21:15 - 20626624 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll 2014-03-05 20:12 - 2013-06-15 01:49 - 01100800 _____ () C:\Program Files (x86)\Steam\bin\avcodec-53.dll 2014-03-05 20:12 - 2013-06-15 01:49 - 00124416 _____ () C:\Program Files (x86)\Steam\bin\avutil-51.dll 2014-03-05 20:12 - 2013-06-15 01:49 - 00192000 _____ () C:\Program Files (x86)\Steam\bin\avformat-53.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\ProgramData\TEMP:373E1720 AlternateDataStreams: C:\ProgramData\TEMP:BF31A799 ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service" ==================== EXE Association (whitelisted) ============= ==================== Disabled items from MSCONFIG ============== ==================== Faulty Device Manager Devices ============= Name: Microsoft PS/2-Maus Description: Microsoft PS/2-Maus Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== System errors: ============= Microsoft Office Sessions: ========================= Error: (02/13/2014 04:38:20 PM) (Source: Microsoft Office 12 Sessions) (User: ) (EventID: 7001) Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1601 seconds with 840 seconds of active time. This session ended with a crash. Error: (05/30/2013 05:53:02 PM) (Source: Microsoft Office 12 Sessions) (User: ) (EventID: 7001) Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 21 seconds with 0 seconds of active time. This session ended with a crash. CodeIntegrity Errors: =================================== Date: 2014-05-11 09:46:16.055 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\xy\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-05-11 09:46:15.922 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\xy\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-05-11 09:46:15.516 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Downloads\everest\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-05-11 09:46:15.384 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Downloads\everest\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-05-11 09:43:44.895 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\xy\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-05-11 09:43:44.763 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\xy\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-05-11 09:43:44.145 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Downloads\everest\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-05-11 09:43:44.013 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Downloads\everest\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-05-11 07:07:35.196 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\xy\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-05-11 07:07:35.076 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\xy\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. ==================== Memory info =========================== Percentage of memory in use: 30% Total physical RAM: 3574.68 MB Available physical RAM: 2495.01 MB Total Pagefile: 7147.55 MB Available Pagefile: 5409.37 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:210.06 GB) (Free:106.93 GB) NTFS Drive d: (Volume) (Fixed) (Total:721.35 GB) (Free:383.4 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 9D9072D6) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=210 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=721 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
11.05.2014, 17:34 | #13 |
| download protect 2.2.0 sicher entfernen hat sich erledigt Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKLM-x32\...\Run: [Download Protect] => C:\ProgramData\dlprotect.exe [12800 2014-03-07] () HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] - rmdir /s /q "\SearchProtect" GroupPolicy: Group Policy on Chrome detected <======= ATTENTION SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - URL hxxp://www.trovigo.com/Results.aspx?gd=&ctid=CT3314759&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=5&UP=SP450BAC43-2951-4AEA-B92A-B2072D18AF62&q={searchTerms}&SSPV= SearchScopes: HKCU - SuggestionsURL_JSON hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms} SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd1202&cd=2XzuyEtN2Y1L1QzutDtDtDyEyD0F0BtB0F0C0A0Fzy0A0E0FtN0D0Tzu0SyBtCyEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1989247540&ir= Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF HKLM-x32\...\Firefox\Extensions: [{EBB09598-CE49-44A2-8D8F-DAE7F08CB84F}] - C:\Windows\Installer\{B16D8C33-92D4-47C7-A449-C55B0B3356E2}\{EBB09598-CE49-44A2-8D8F-DAE7F08CB84F}.xpi FF Extension: Download Protect - C:\Windows\Installer\{B16D8C33-92D4-47C7-A449-C55B0B3356E2}\{EBB09598-CE49-44A2-8D8F-DAE7F08CB84F}.xpi [2014-05-11] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION R2 ntoskrol; C:\Windows\system32\mswsockd.exe [118784 2014-03-07] () S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] 2014-05-10 18:34 - 2014-05-10 18:34 - 00001235 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk 2014-04-12 11:57 - 2014-04-12 11:57 - 00005053 _____ () C:\ProgramData\hwjqxkkr.zva C:\ProgramData\dlprotect.exe C:\Windows\system32\mswsockd.exe Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
|
11.05.2014, 18:01 | #14 |
| download protect 2.2.0 sicher entfernen Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-05-2014 Ran by xy at 2014-05-11 18:58:09 Run:1 Running from C:\Users\xy\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** HKLM-x32\...\Run: [Download Protect] => C:\ProgramData\dlprotect.exe [12800 2014-03-07] () HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] - rmdir /s /q "\SearchProtect" GroupPolicy: Group Policy on Chrome detected <======= ATTENTION SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - URL hxxp://www.trovigo.com/Results.aspx?gd=&ctid=CT3314759&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=5&UP=SP450BAC43-2951-4AEA-B92A-B2072D18AF62&q={searchTerms}&SSPV= SearchScopes: HKCU - SuggestionsURL_JSON hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms} SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd1202&cd=2XzuyEtN2Y1L1QzutDtDtDyEyD0F0BtB0F0C0A0Fzy0A0E0FtN0D0Tzu0SyBtCyEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1Czut CyD1B1P1R&cr=1989247540&ir= Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF HKLM-x32\...\Firefox\Extensions: [{EBB09598-CE49-44A2-8D8F-DAE7F08CB84F}] - C:\Windows\Installer\{B16D8C33-92D4-47C7-A449-C55B0B3356E2}\{EBB09598-CE49-44A2-8D8F-DAE7F08CB84F}.xpi FF Extension: Download Protect - C:\Windows\Installer\{B16D8C33-92D4-47C7-A449-C55B0B3356E2}\{EBB09598-CE49-44A2-8D8F-DAE7F08CB84F}.xpi [2014-05-11] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION R2 ntoskrol; C:\Windows\system32\mswsockd.exe [118784 2014-03-07] () S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] 2014-05-10 18:34 - 2014-05-10 18:34 - 00001235 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk 2014-04-12 11:57 - 2014-04-12 11:57 - 00005053 _____ () C:\ProgramData\hwjqxkkr.zva C:\ProgramData\dlprotect.exe C:\Windows\system32\mswsockd.exe ***************** HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Download Protect => Value deleted successfully. HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpUninstallDeleteDir => Value deleted successfully. C:\Windows\system32\GroupPolicy\Machine => Moved successfully. C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\URL => Value deleted successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\SuggestionsURL_JSON => Value deleted successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully. HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} => Value deleted successfully. HKCR\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} => Key not found. HKLM\Software\MozillaPlugins\FF Plugin: @microsoft.com/GENUINE - disabled No File => Key not found. "FF Plugin: @microsoft.com/GENUINE - disabled No File" => not found. HKLM\Software\Wow6432Node\MozillaPlugins\FF Plugin-x32: @microsoft.com/GENUINE - disabled No File => Key not found. FF Plugin-x32: @microsoft.com/GENUINE - disabled No File not found. HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{EBB09598-CE49-44A2-8D8F-DAE7F08CB84F} => Value deleted successfully. C:\Windows\Installer\{B16D8C33-92D4-47C7-A449-C55B0B3356E2}\{EBB09598-CE49-44A2-8D8F-DAE7F08CB84F}.xpi => Moved successfully. HKLM\SOFTWARE\Policies\Google => Key deleted successfully. ntoskrol => Service stopped successfully. ntoskrol => Service deleted successfully. esgiguard => Service deleted successfully. C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk => Moved successfully. C:\ProgramData\hwjqxkkr.zva => Moved successfully. C:\ProgramData\dlprotect.exe => Moved successfully. C:\Windows\system32\mswsockd.exe => Moved successfully. The system needed a reboot. ==== End of Fixlog ==== |
11.05.2014, 18:07 | #15 |
| download protect 2.2.0 sicher entfernen Gut, das hat jetzt funktioniert. Wie läuft das System? Bitte starte FRST erneut, setze den Haken auch bei Addition.txt und drücke auf Scan. |
Themen zu download protect 2.2.0 sicher entfernen |
brauch, detected, download, download protect, entferne, entfernen, malware, malwarebytes, nichts, protect, protect 2.2.0, protection, service, spoiler, system, threat, website, windows, windows 7 |