| |
| |||||||
Log-Analyse und Auswertung: Windows 7: Downloads laufen bis 99% und nicht abgeschlossenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
05.08.2014, 22:49
| #1 |
| |  Windows 7: Downloads laufen bis 99% und nicht abgeschlossen Guten Abend Forum, ich hoffe, dass ich mich hier nicht in dem absolut falschen Forumbereich befinde, allerdings kann ich nicht ausschließen, dass es sich bei mir um ein durch Viren ausgelöstes Problem handelt. Vorab, es funktionierte bis vor 10 Tagen noch alles einwandfrei und habe mich die letzten Tage selbst daran versucht, aber ohne Erfolg, da sich meine Kenntnisse auch nur auf das nötigste beschränken. Mein Problem ist, dass wie oben angegeben, jegliche Downloads (merkwürdigerweise nicht die für die Log-fil-Programme) bis zu ca. 99% durchladen und dann einfach stoppen und nicht weiterlaufen, auch Warten über mehrere Minuten hat nicht geholfen. Es scheint gar so, als würden sie daran gehindert werden, richtig abgeschlossen zu werden. Teilweise taucht auch nach erfolgreicher Installation und Versuch die Programm zu installieren (dies war bei Malewarebytes der Fall), die Angabe " The files may be corrupted" und alles wird abgebrochen. Konnte es dann doch im abgesicherten Modus installieren, beim anschließenden Scan kam aber nichts raus! Außerdem ist mein Internet zur Zeit deutlich verlangsamt im Bereich von Videos oder etwas größeren Seiten, die Downloadgeschwindigkeit, bis er bei 99% abbricht, ist allerdings nahezu identisch im Vergleich zu den Zeit vor dem Problem. Vllt sollte ich sagen, dass ich permanent ca 90 Prozesse im Taskmanager laufen habe, lade dazu am besten auch fix die Screenshots hoch, vielleicht ist es auch durch ein simples Problem darin begründet. Wie gesagt, sowohl Malewarebytes, als auch Avira sind installiert, haben aber beide nichts gefunden, ich kann aber nicht ausschließen, dass es doch etwas schädliches ist, also wende ich mich an Euch!  Vielen Dank im Voraus.  Logfiles: Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-08-2014
Ran by K at 2014-08-05 22:13:11
Running from C:\Users\K\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.68 - NewTech Infosystems)
Acer Crystal Eye webcam Ver:1.1.194.1021 (HKLM-x32\...\{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}) (Version: 1.1.194.1021 - Chicony Electronics Co.,Ltd.)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3005 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Acer Incorporated)
Acer GameZone Console (HKLM-x32\...\{58F4D244-314F-4D26-B5EF-C28AB32E22CB}_is1) (Version: 6.1.0.9 - Oberon Media, Inc.)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0707.2010 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3001 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Activision(R) (x32 Version: 1.00.0000 - Activision) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader 9.5.2 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.2 - Adobe Systems Incorporated)
AION Free-To-Play (HKLM-x32\...\InstallShield_{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}) (Version: 2.70.0000 - Gameforge)
AION Free-To-Play (x32 Version: 2.70.0000 - Gameforge) Hidden
Airport Mania First Flight (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}) (Version: - Oberon Media)
Amazonia (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}) (Version: - Oberon Media)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo Burning Studio 2012 v.10.0.15 (HKLM-x32\...\Ashampoo Burning Studio 2012_is1) (Version: 10.0.15 - Ashampoo GmbH & Co. KG)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.5.464 - Avira)
Backup Manager Basic (x32 Version: 2.0.0.68 - NewTech Infosystems) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.02.000.6 - Atheros Communications)
Blur(TM) (HKLM-x32\...\InstallShield_{589A63D3-89E1-4D9B-8DBC-6039BB27289E}) (Version: 1.00.0000 - Activision)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Borderlands (HKLM-x32\...\{1F61E0B1-1AB8-F15E-07C4-46D100A1D3F7}) (Version: 1.0 - )
Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 14.0.2.3 - Broadcom Corporation)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
Cake Mania (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}) (Version: - Oberon Media)
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.3216.50 - CyberLink Corp.)
CyberLink PowerDVD 9 (x32 Version: 9.0.3216.50 - CyberLink Corp.) Hidden
D2400 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
D2400_Help (x32 Version: 90.0.235.000 - Hewlett-Packard) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.40.2.0131 - DT Soft Ltd)
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
dj_sf_ProductContext (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
dj_sf_software (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
dj_sf_software_req (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
Dream Day First Home (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version: - Oberon Media)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.3 - Dropbox, Inc.)
Druckerdeinstallation für EPSON S22 Series (HKLM\...\EPSON S22 Series) (Version: - SEIKO EPSON Corporation)
eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
Elasto Mania (HKLM-x32\...\Elasto Mania) (Version: - )
eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)
eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden
ETDWare PS/2-x64 7.0.6.5_WHQL (HKLM\...\Elantech) (Version: 7.0.6.5 - ELAN Microelectronics Corp.)
Farm Frenzy 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}) (Version: - Oberon Media)
Free YouTube to MP3 Converter version 3.11.34.1015 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.11.34.1015 - DVDVideoSoft Ltd.)
Galapago (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}) (Version: - Oberon Media)
GIMP 2.6.11 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)
Goodnight Timer 1.1 (HKLM-x32\...\Goodnight Timer_is1) (Version: - Sebastian Fritsch)
Google Chrome (HKCU\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Heroes of Hellas (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}) (Version: - Oberon Media)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Deskjet Printer Driver Software 13.0 Rel. 1 (HKLM\...\{3CDDD063-7FC2-43A7-9EC0-B3F1E38C7649}) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Icy Tower v1.5 (HKLM-x32\...\Icy Tower v1.5_is1) (Version: - Free Lunch Design)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2182 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)
IsoBuster 2.8.5 (HKLM-x32\...\IsoBuster_is1) (Version: 2.8.5 - Smart Projects)
iTunes (HKLM\...\{F73A118B-8271-47E2-8790-0C636B2539C5}) (Version: 11.1.0.126 - Apple Inc.)
Java Auto Updater (x32 Version: 2.0.2.4 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.220 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.14 - Acer Inc.)
League of Legends (HKLM-x32\...\{918A9082-6287-4D25-9002-5E5D5E4971CB}) (Version: 1.02.0000 - Riot Games)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Merriam Websters Spell Jam (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}) (Version: - Oberon Media)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MyWinLocker (x32 Version: 3.1.212.0 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}) (Version: 3.1.212.0 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 3.1.212.0 - Egis Technology Inc.) Hidden
NC Launcher (GameForge) (HKLM-x32\...\NCLauncher_GameForge) (Version: - NCsoft)
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8939 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.8939 - NTI Corporation) Hidden
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5997 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{8A809006-C25A-4A3A-9DAB-94659BCDB107}) (Version: 9.10.0224 - NVIDIA Corporation)
NVIDIA Updatus (x32 Version: 1.0.3 - NVIDIA Corporation) Hidden
OpenOffice.org 3.3 (HKLM-x32\...\{4286716B-1287-48E7-9078-3DC8248DBA96}) (Version: 3.3.9567 - OpenOffice.org)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.3.5.9 - Pando Networks Inc.)
Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 0.10.1.23266 - Grinding Gear Games)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.308.2 - Tracker Software Products Ltd)
Poker Pop (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111355427}) (Version: - Oberon Media)
Portal 2 (HKLM-x32\...\Postal 2_is1) (Version: - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6141 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30122 - Realtek Semiconductor Corp.)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Shredder (Version: 2.0.8.3 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.3 - Egis Technology Inc.) Hidden
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Spotify (HKCU\...\Spotify) (Version: 0.9.11.27.g2b1a638c - Spotify AB)
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: - TeamSpeak Systems GmbH)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
Überwachungstool für die Intel® Turbo-Boost-Technik (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.186.6 - Intel)
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
VLC media player 1.1.10 (HKLM-x32\...\VLC media player) (Version: 1.1.10 - VideoLAN)
Warcraft III (HKLM-x32\...\Warcraft III) (Version: - )
Warcraft III: All Products (HKCU\...\Warcraft III) (Version: - )
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3004 - Acer Incorporated)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows-Treiberpaket - Ralink (netr28ux) Net (04/03/2009 2.03.02.0000) (HKLM\...\B8E7C4C26481BF9AC5B437552431B65FCD7604DE) (Version: 04/03/2009 2.03.02.0000 - Ralink)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2828313656-2441848435-2941730167-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Konstantin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2828313656-2441848435-2941730167-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Konstantin\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2828313656-2441848435-2941730167-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Konstantin\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2828313656-2441848435-2941730167-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Konstantin\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2828313656-2441848435-2941730167-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Konstantin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2828313656-2441848435-2941730167-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Konstantin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2828313656-2441848435-2941730167-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Konstantin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2828313656-2441848435-2941730167-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Konstantin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2828313656-2441848435-2941730167-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Konstantin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2828313656-2441848435-2941730167-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Konstantin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2828313656-2441848435-2941730167-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Konstantin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2828313656-2441848435-2941730167-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Konstantin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2828313656-2441848435-2941730167-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Konstantin\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
==================== Restore Points =========================
01-08-2014 15:12:07 Windows 7 Service Pack 1
02-08-2014 07:27:39 Windows Update
02-08-2014 09:54:40 Windows Update
04-08-2014 10:00:49 Windows Update
05-08-2014 09:07:21 Windows Update
05-08-2014 19:18:34 Removed Norton Online Backup
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {032CACFC-BFC0-475B-9053-94E857D45F57} - \SidebarExecute No Task File <==== ATTENTION
Task: {0C3E2DFE-7602-42DE-99C1-A6CF3BD2D0CC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2828313656-2441848435-2941730167-1001UA => C:\Users\Konstantin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-04] (Google Inc.)
Task: {0D04A79B-1DEA-4495-8D78-540C35AEA154} - System32\Tasks\{2006166A-4FCF-4B71-AD44-6FDD99DE2934} => Firefox.exe hxxp://ui.skype.com/ui/0/5.9.0.123/de/abandoninstall?page=tsMain
Task: {1350CADA-135A-4D24-91C3-FA4966FC9E3F} - System32\Tasks\{D67F22EB-3EDE-48E0-B9DA-46D844577C8B} => Firefox.exe hxxp://ui.skype.com/ui/0/5.9.0.115/de/abandoninstall?page=tsMain
Task: {1498BC62-D578-492D-B71D-6DE45D6046BF} - System32\Tasks\{9B421DEA-E49F-4479-9C9D-44942C91069B} => Firefox.exe hxxp://ui.skype.com/ui/0/5.9.0.115/de/abandoninstall?page=tsMain
Task: {20DB98A3-EE30-401C-B960-63CA534FF249} - System32\Tasks\{A9DDCE1C-5271-4ADA-8631-98DF00B7F949} => Firefox.exe hxxp://ui.skype.com/ui/0/5.9.0.123/de/abandoninstall?page=tsMain
Task: {3D9E1D69-72F0-4B49-8898-BC9F56766F8D} - System32\Tasks\{358EF6A5-E638-47EE-B8F7-A750B99C3E63} => Firefox.exe hxxp://ui.skype.com/ui/0/5.9.0.123/de/abandoninstall?page=tsMain
Task: {7674CA35-53E5-42BF-86F8-39962F9C149C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-10] (Adobe Systems Incorporated)
Task: {77798261-15CA-433D-84E8-7F4CEC66D67D} - System32\Tasks\{EF4A45A3-1AE0-4B28-BA1B-68E8664020F0} => Firefox.exe hxxp://ui.skype.com/ui/0/5.9.0.115.367/de/abandoninstall?page=tsMain
Task: {793F70F5-74B1-4452-80CD-2A023747CA3C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {8377BEC5-5F5C-4E05-B46B-25FE97C39906} - System32\Tasks\{EB585293-9705-4DA7-8A9A-5C3071F5A2B6} => Firefox.exe hxxp://ui.skype.com/ui/0/5.9.0.115/de/abandoninstall?page=tsMain
Task: {8DBFEFC6-2B38-4D1E-A196-2E5F6F1DF893} - System32\Tasks\{3A14CD19-444B-46D1-A13E-1AD9B6012200} => Firefox.exe hxxp://ui.skype.com/ui/0/5.9.0.115/de/abandoninstall?page=tsMain
Task: {993A20C7-D725-4884-93AB-BFF371073063} - System32\Tasks\{A2C02C56-9DC3-4A88-B67E-F516272AF159} => Firefox.exe hxxp://ui.skype.com/ui/0/5.9.0.115/de/abandoninstall?page=tsMain
Task: {9A02E2B7-DE05-47A4-8A49-1CAB03B66E6F} - System32\Tasks\{4C785D75-544E-428C-88DD-E82A278B74BD} => Firefox.exe hxxp://ui.skype.com/ui/0/5.9.0.123/de/abandoninstall?page=tsMain
Task: {A1E50F34-194D-4F5E-AAC4-D189ED7DAAFA} - System32\Tasks\{F48C2212-9E13-44A9-A920-FA3D1E4A73C2} => Firefox.exe hxxp://ui.skype.com/ui/0/5.9.0.123/de/abandoninstall?page=tsMain
Task: {C25B0431-7ACD-4BAE-B30E-C9A4ACB90C09} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2828313656-2441848435-2941730167-1001Core => C:\Users\Konstantin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-04] (Google Inc.)
Task: {C6B027B2-A5E6-42EC-B253-1ADAE6FC7DCA} - System32\Tasks\{64790C3E-6E03-47B8-BEA6-0805DBF0BC96} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-05-08] (Skype Technologies S.A.)
Task: {E49B388A-8281-412A-BA9A-D1625FBC1BE8} - System32\Tasks\{DAB5671C-FD26-4A9B-8C84-34C38F60E5FA} => Firefox.exe hxxp://ui.skype.com/ui/0/5.9.0.123/de/abandoninstall?page=tsMain
Task: {F3A120DA-D10B-4044-AFFA-96EA5292F34B} - System32\Tasks\{0875759C-B2BF-442F-9723-E7C627432479} => Firefox.exe hxxp://ui.skype.com/ui/0/5.9.0.115.367/de/abandoninstall?page=tsMain
Task: {F5457DF9-965E-4A88-85FC-5616E31CE6A8} - System32\Tasks\{1B5A3DCA-C989-465F-9DD9-B2D0008361B6} => Firefox.exe hxxp://ui.skype.com/ui/0/5.9.0.115.367/de/abandoninstall?page=tsMain
Task: {FCFAFD2F-376B-43C2-8800-D6008B64A226} - System32\Tasks\{BCA4B9FE-D69F-4514-BDA4-6C022244657F} => Firefox.exe hxxp://ui.skype.com/ui/0/5.9.0.115/de/abandoninstall?page=tsMain
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2828313656-2441848435-2941730167-1001Core.job => C:\Users\Konstantin\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2828313656-2441848435-2941730167-1001UA.job => C:\Users\Konstantin\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-05-23 15:49 - 2014-07-11 09:29 - 00601144 _____ () C:\Users\Konstantin\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
2014-08-05 22:07 - 2014-08-05 22:07 - 00050477 _____ () C:\Users\Konstantin\Downloads\Defogger.exe
2012-08-27 21:33 - 2012-08-27 21:33 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-08-27 21:33 - 2012-08-27 21:33 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-05-23 15:49 - 2014-07-11 09:29 - 36966968 _____ () C:\Users\Konstantin\AppData\Roaming\Spotify\Data\libcef.dll
2014-08-05 11:01 - 2014-08-05 11:01 - 00043008 _____ () c:\Users\Konstantin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpu_vxq4.dll
2013-10-19 01:55 - 2013-10-19 01:55 - 25100288 _____ () C:\Users\Konstantin\AppData\Roaming\Dropbox\bin\libcef.dll
2010-06-29 00:20 - 2010-06-29 00:20 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2010-06-29 00:12 - 2010-06-29 00:12 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll
2014-07-11 09:29 - 2014-07-11 09:29 - 00867896 _____ () C:\Users\Konstantin\AppData\Roaming\Spotify\Data\ffmpegsumo.dll
2014-05-23 15:49 - 2014-07-11 09:29 - 00886840 _____ () C:\Users\Konstantin\AppData\Roaming\Spotify\Data\libglesv2.dll
2014-05-23 15:49 - 2014-07-11 09:29 - 00108600 _____ () C:\Users\Konstantin\AppData\Roaming\Spotify\Data\libegl.dll
2014-07-10 21:30 - 2014-07-10 21:30 - 17029808 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll
2013-01-10 19:36 - 2013-01-10 19:36 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\9e5dc5d1c75de12100f8c1d8c65de002\IsdiInterop.ni.dll
2010-08-30 11:03 - 2010-04-13 18:52 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2010-11-02 12:59 - 2010-10-28 04:06 - 00010856 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2014-06-12 14:21 - 2014-07-17 07:42 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^Users^Konstantin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk => C:\Windows\pss\OpenOffice.org 3.3.lnk.Startup
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ApnTBMon => "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BackupManagerTray => "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: EgisTecPMMUpdate => "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
MSCONFIG\startupreg: EgisUpdate => "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
MSCONFIG\startupreg: Google Update => "C:\Users\Konstantin\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LManager => C:\Program Files (x86)\Launch Manager\LManager.exe
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SuiteTray => "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: VNT => C:\Program Files (x86)\VNT\vntldr.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (08/05/2014 08:54:23 PM) (Source: MsiInstaller) (EventID: 10005) (User: Konstantin-PC)
Description: Produkt: Avira SearchFree Toolbar -- Fehler 25001. Die folgenden Anwendungen sollten geschlossen werden, bevor Sie mit der Deinstallation fortfahren:
Mozilla Firefox
Google Chrome
Error: (08/05/2014 02:39:18 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (08/04/2014 02:01:43 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (08/01/2014 02:03:34 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (07/27/2014 05:14:43 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (07/25/2014 00:50:13 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (07/24/2014 10:20:11 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (07/21/2014 08:16:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: rads_user_kernel.exe, Version: 0.0.0.0, Zeitstempel: 0x4f20982b
Name des fehlerhaften Moduls: rads_user_kernel.exe, Version: 0.0.0.0, Zeitstempel: 0x4f20982b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000ba944
ID des fehlerhaften Prozesses: 0x13dc
Startzeit der fehlerhaften Anwendung: 0xrads_user_kernel.exe0
Pfad der fehlerhaften Anwendung: rads_user_kernel.exe1
Pfad des fehlerhaften Moduls: rads_user_kernel.exe2
Berichtskennung: rads_user_kernel.exe3
Error: (07/21/2014 08:15:36 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm rads_user_kernel.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 108c
Startzeit: 01cfa50fb2eee827
Endzeit: 3
Anwendungspfad: C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
Berichts-ID: f8c07028-1102-11e4-b8b0-1c75083d8018
Error: (07/20/2014 08:32:59 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.
System errors:
=============
Error: (08/05/2014 09:18:16 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Norton Online Backup" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (08/05/2014 09:16:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Dritek WMI Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (08/05/2014 11:14:12 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x8024200d fehlgeschlagen: Windows 7 Service Pack 1 für x64-basierte Systeme (KB976932)
Error: (08/04/2014 00:07:16 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x8024200d fehlgeschlagen: Windows 7 Service Pack 1 für x64-basierte Systeme (KB976932)
Error: (08/04/2014 11:12:02 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (08/04/2014 11:12:01 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}
Error: (08/04/2014 11:12:01 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
Error: (08/04/2014 11:11:59 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (08/04/2014 11:11:59 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (08/04/2014 11:11:56 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}
Microsoft Office Sessions:
=========================
Error: (08/05/2014 08:54:23 PM) (Source: MsiInstaller) (EventID: 10005) (User: Konstantin-PC)
Description: Produkt: Avira SearchFree Toolbar -- Fehler 25001. Die folgenden Anwendungen sollten geschlossen werden, bevor Sie mit der Deinstallation fortfahren:
Mozilla Firefox
Google Chrome (NULL)(NULL)(NULL)(NULL)(NULL)
Error: (08/05/2014 02:39:18 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3
Error: (08/04/2014 02:01:43 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3
Error: (08/01/2014 02:03:34 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3
Error: (07/27/2014 05:14:43 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3
Error: (07/25/2014 00:50:13 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3
Error: (07/24/2014 10:20:11 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3
Error: (07/21/2014 08:16:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: rads_user_kernel.exe0.0.0.04f20982brads_user_kernel.exe0.0.0.04f20982bc0000005000ba94413dc01cfa50fd7a443b0C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exeC:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe158f95d5-1103-11e4-b8b0-1c75083d8018
Error: (07/21/2014 08:15:36 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: rads_user_kernel.exe0.0.0.0108c01cfa50fb2eee8273C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exef8c07028-1102-11e4-b8b0-1c75083d8018
Error: (07/20/2014 08:32:59 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3
==================== Memory info ===========================
Percentage of memory in use: 63%
Total physical RAM: 3766.71 MB
Available physical RAM: 1393.63 MB
Total Pagefile: 7531.56 MB
Available Pagefile: 4645.05 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:685.54 GB) (Free:293.14 GB) NTFS
Drive f: () (Removable) (Total:29.79 GB) (Free:8.89 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: BAD5D002)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=686 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 30 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
==================== End Of Log ============================
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-08-2014
Ran by K (administrator) on KONSTANTIN-PC on 05-08-2014 22:11:25
Running from C:\Users\\Downloads
Platform: Windows 7 Home Premium (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIGEE.EXE
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Spotify Ltd) C:\Users\Konstantin\AppData\Roaming\Spotify\spotify.exe
(Spotify Ltd) C:\Users\Konstantin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Dropbox, Inc.) C:\Users\Konstantin\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
() C:\Users\Konstantin\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Konstantin\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Konstantin\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Konstantin\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Konstantin\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Konstantin\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Windows\System32\SnippingTool.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
() C:\Users\Konstantin\Downloads\Defogger.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-05-27] (Egis Technology Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-04-13] (ELAN Microelectronic Corp.)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [594080 2010-07-29] (Atheros Communications)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [377504 2010-07-29] (Atheros Commnucations)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-07-04] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2828313656-2441848435-2941730167-1000\...\RunOnce: [ScrSav] => C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-01-15] ()
HKU\S-1-5-21-2828313656-2441848435-2941730167-1001\...\Run: [EPSON S22 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGEE.EXE [224768 2009-09-14] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2828313656-2441848435-2941730167-1001\...\Run: [Google Update] => C:\Users\Konstantin\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-10-04] (Google Inc.)
HKU\S-1-5-21-2828313656-2441848435-2941730167-1001\...\Run: [Spotify] => C:\Users\Konstantin\AppData\Roaming\Spotify\Spotify.exe [6162488 2014-07-11] (Spotify Ltd)
HKU\S-1-5-21-2828313656-2441848435-2941730167-1001\...\Run: [Spotify Web Helper] => C:\Users\Konstantin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1178168 2014-07-11] (Spotify Ltd)
HKU\S-1-5-21-2828313656-2441848435-2941730167-1001\...\MountPoints2: {a2e94bb4-9480-11e0-bd29-1c75083d8018} - E:\setup\rsrc\Autorun.exe
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [111720 2010-10-28] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [100456 2010-10-28] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Konstantin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Konstantin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Konstantin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Konstantin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Konstantin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Konstantin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Konstantin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Konstantin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Konstantin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Konstantin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: egisPSDP -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Konstantin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Konstantin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Konstantin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Konstantin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Konstantin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Konstantin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Konstantin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Konstantin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: egisPSDP -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x86\psdprotect.dll (Egis Technology Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hiergehtslos.de
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: No Name -> {41564952-412D-5637-4300-7A786E7484D7} -> No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Konstantin\AppData\Roaming\Mozilla\Firefox\Profiles\ffpiknsx.default
FF Homepage: www.google.de
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Konstantin\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Konstantin\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Users\Konstantin\AppData\Roaming\Mozilla\Firefox\Profiles\ffpiknsx.default\searchplugins\11-suche.xml
FF SearchPlugin: C:\Users\Konstantin\AppData\Roaming\Mozilla\Firefox\Profiles\ffpiknsx.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Konstantin\AppData\Roaming\Mozilla\Firefox\Profiles\ffpiknsx.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Konstantin\AppData\Roaming\Mozilla\Firefox\Profiles\ffpiknsx.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Konstantin\AppData\Roaming\Mozilla\Firefox\Profiles\ffpiknsx.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: WEB.DE MailCheck - C:\Users\Konstantin\AppData\Roaming\Mozilla\Firefox\Profiles\ffpiknsx.default\Extensions\toolbar@web.de [2014-07-10]
FF Extension: FB Chat Sidebar Disabler - C:\Users\Konstantin\AppData\Roaming\Mozilla\Firefox\Profiles\ffpiknsx.default\Extensions\fbsidebardisabler@vittgam.net.xpi [2011-08-12]
FF Extension: Telekom YouTube Turbo - C:\Users\Konstantin\AppData\Roaming\Mozilla\Firefox\Profiles\ffpiknsx.default\Extensions\info@maltegoetz.de.xpi [2014-08-05]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Konstantin\AppData\Roaming\Mozilla\Firefox\Profiles\ffpiknsx.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-21]
FF Extension: User Agent Switcher - C:\Users\Konstantin\AppData\Roaming\Mozilla\Firefox\Profiles\ffpiknsx.default\Extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi [2013-08-02]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-07-10]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Users\Konstantin\AppData\Local\Google\Chrome\Application\36.0.1985.125\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.220.4) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U22) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Konstantin\AppData\Local\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Konstantin\AppData\Local\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Konstantin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\McChPlg.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\Konstantin\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (Google Wallet) - C:\Users\Konstantin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-04]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Users\Konstantin\AppData\Roaming\DVDVideoSoft\dvsYoutubeDownload.crx [2012-10-16]
CHR StartMenuInternet: Google Chrome - C:\Users\Konstantin\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-07-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1030224 2014-07-25] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [52896 2010-07-29] (Atheros Commnucations) [File not signed]
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-27] (Egis Technology Inc.)
S2 DsiWMIService; C:\Program Files (x86)\Launch Manager\dsiwmis.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-09] (Avira Operations GmbH & Co. KG)
U4 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [42040 2014-07-25] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2011-06-11] (DT Soft Ltd)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2012-03-26] (Apple Inc.) [File not signed]
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-05 22:11 - 2014-08-05 22:12 - 00022871 _____ () C:\Users\Konstantin\Downloads\FRST.txt
2014-08-05 22:11 - 2014-08-05 22:11 - 00000000 ____D () C:\FRST
2014-08-05 22:10 - 2014-08-05 22:10 - 02094080 _____ (Farbar) C:\Users\Konstantin\Downloads\FRST64.exe
2014-08-05 22:09 - 2014-08-05 22:09 - 00000482 _____ () C:\Users\Konstantin\Downloads\defogger_disable.log
2014-08-05 22:09 - 2014-08-05 22:09 - 00000000 _____ () C:\Users\Konstantin\defogger_reenable
2014-08-05 22:07 - 2014-08-05 22:07 - 00050477 _____ () C:\Users\Konstantin\Downloads\Defogger.exe
2014-08-05 11:10 - 2014-08-05 11:10 - 00000000 ____D () C:\Windows\system32\SPReview
2014-08-04 22:46 - 2014-08-04 22:46 - 00079991 _____ () C:\Users\Konstantin\Downloads\silverlight (2).diagcab
2014-08-04 12:26 - 2014-08-04 12:27 - 13087456 _____ (Microsoft Corporation) C:\Users\Konstantin\Downloads\Silverlight_x64.exe
2014-08-04 11:48 - 2014-08-04 11:48 - 00244408 _____ () C:\Users\Konstantin\Downloads\Firefox Setup Stub 31.0.exe
2014-08-04 11:16 - 2014-08-04 12:21 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-04 11:16 - 2014-08-04 11:16 - 00001110 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-04 11:16 - 2014-08-04 11:16 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-04 11:16 - 2014-08-04 11:16 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-08-04 11:16 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-04 11:16 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-04 11:16 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-04 11:14 - 2014-08-04 11:15 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Konstantin\Downloads\mbam-setup-2.0.2.1012(1).exe
2014-08-04 00:50 - 2014-08-04 00:51 - 07703550 _____ (Free Lunch Design ) C:\Users\Konstantin\Downloads\icytower151_install(1).exe
2014-08-03 23:54 - 2014-08-03 23:54 - 00079991 _____ () C:\Users\Konstantin\Downloads\silverlight (1).diagcab
2014-08-03 23:37 - 2014-08-03 23:38 - 00079991 _____ () C:\Users\Konstantin\Downloads\silverlight.diagcab
2014-08-01 16:40 - 2014-08-01 16:40 - 00000512 _____ () C:\Users\Konstantin\Downloads\AngemeldetePruefungendb1fead9-92a0-4866-b911-61058a85db4c.txt
2014-08-01 16:40 - 2014-08-01 16:40 - 00000512 _____ () C:\Users\Konstantin\Downloads\AngemeldetePruefungendb1fead9-92a0-4866-b911-61058a85db4c (1).txt
2014-07-31 21:47 - 2014-07-31 21:48 - 16781484 _____ (Malwarebytes Corporation ) C:\Users\Konstantin\Downloads\mbam-setup.exe
2014-07-31 21:45 - 2014-07-31 21:45 - 00686464 _____ (Malwarebytes Corporation ) C:\Users\Konstantin\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-31 21:44 - 2014-07-31 21:45 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Konstantin\Downloads\mbam-clean-2.1.1.1001.exe
2014-07-31 21:31 - 2014-07-31 21:35 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Konstantin\Downloads\mbam-setup-2.0.2.1012_CB-DL-Manager [1].exe
2014-07-31 21:29 - 2014-07-31 21:29 - 00787392 _____ ( ) C:\Users\Konstantin\Downloads\mbam-setup-2.0.2.1012_CB-DL-Manager.exe
2014-07-22 22:02 - 2014-07-22 22:02 - 00000000 ____D () C:\Users\Konstantin\Desktop\Arbeitsvertrag
2014-07-22 21:40 - 2014-07-22 21:40 - 00000000 ____D () C:\Users\Konstantin\AppData\Local\Blizzard
2014-07-22 20:31 - 2014-07-31 23:37 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-07-22 20:31 - 2014-07-22 20:31 - 00001163 _____ () C:\Users\Public\Desktop\Hearthstone.lnk
2014-07-22 20:31 - 2014-07-22 20:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2014-07-22 20:22 - 2014-07-31 23:45 - 00000000 ____D () C:\Users\Konstantin\AppData\Local\Battle.net
2014-07-22 20:22 - 2014-07-22 21:40 - 00000000 ____D () C:\Users\Konstantin\AppData\Roaming\Battle.net
2014-07-22 20:22 - 2014-07-22 20:22 - 00000000 ____D () C:\Users\Konstantin\AppData\Local\Blizzard Entertainment
2014-07-22 20:21 - 2014-07-24 20:35 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-07-22 20:21 - 2014-07-22 20:21 - 00001126 _____ () C:\Users\Public\Desktop\Battle.net.lnk
2014-07-22 20:21 - 2014-07-22 20:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2014-07-22 20:21 - 2014-07-22 20:21 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2014-07-22 20:13 - 2014-07-22 20:13 - 00000000 ____D () C:\ProgramData\Battle.net
2014-07-22 20:12 - 2014-07-22 20:13 - 03099552 _____ (Blizzard Entertainment) C:\Users\Konstantin\Downloads\Hearthstone-Setup-deDE.exe
2014-07-21 20:21 - 2014-07-21 20:21 - 00000000 ____D () C:\Users\Konstantin\Desktop\Simon-Handy-Haftpflicht
2014-07-21 20:17 - 2014-07-21 20:17 - 00000000 ____D () C:\ProgramData\Riot Games
2014-07-16 22:19 - 2014-07-16 22:19 - 00000000 ____D () C:\Users\Konstantin\AppData\Local\{70E1CCE2-5702-4B9C-9D95-1F2F55654B90}
2014-07-16 21:51 - 2014-07-16 21:52 - 00000000 ____D () C:\Users\Konstantin\Desktop\Arbeitspläne
2014-07-14 19:07 - 2014-07-14 19:07 - 00000000 ____D () C:\Users\Konstantin\AppData\Local\{0C978CD3-27E2-4069-8D3C-FFD5BBF1584D}
2014-07-10 22:57 - 2014-07-10 22:57 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-10 21:04 - 2014-07-01 03:56 - 00516096 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-10 21:04 - 2014-07-01 03:50 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-05 22:12 - 2014-08-05 22:11 - 00022871 _____ () C:\Users\Konstantin\Downloads\FRST.txt
2014-08-05 22:11 - 2014-08-05 22:11 - 00000000 ____D () C:\FRST
2014-08-05 22:10 - 2014-08-05 22:10 - 02094080 _____ (Farbar) C:\Users\Konstantin\Downloads\FRST64.exe
2014-08-05 22:09 - 2014-08-05 22:09 - 00000482 _____ () C:\Users\Konstantin\Downloads\defogger_disable.log
2014-08-05 22:09 - 2014-08-05 22:09 - 00000000 _____ () C:\Users\Konstantin\defogger_reenable
2014-08-05 22:09 - 2011-06-11 01:18 - 00000000 ____D () C:\Users\Konstantin
2014-08-05 22:07 - 2014-08-05 22:07 - 00050477 _____ () C:\Users\Konstantin\Downloads\Defogger.exe
2014-08-05 22:00 - 2014-05-23 15:49 - 00000000 ____D () C:\Users\Konstantin\AppData\Roaming\Spotify
2014-08-05 21:30 - 2012-05-28 12:03 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-05 21:22 - 2011-10-04 22:18 - 00001140 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2828313656-2441848435-2941730167-1001UA.job
2014-08-05 21:16 - 2010-11-23 17:17 - 00000000 ____D () C:\Program Files (x86)\Launch Manager
2014-08-05 20:35 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-05 20:35 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-05 17:22 - 2011-10-04 22:18 - 00001088 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2828313656-2441848435-2941730167-1001Core.job
2014-08-05 11:13 - 2010-11-23 17:03 - 01710756 _____ () C:\Windows\WindowsUpdate.log
2014-08-05 11:10 - 2014-08-05 11:10 - 00000000 ____D () C:\Windows\system32\SPReview
2014-08-05 11:02 - 2014-04-27 22:10 - 00000000 ___RD () C:\Users\Konstantin\Dropbox
2014-08-05 11:02 - 2014-04-27 22:04 - 00000000 ____D () C:\Users\Konstantin\AppData\Roaming\Dropbox
2014-08-05 11:00 - 2011-06-12 00:36 - 00000059 _____ () C:\Users\Konstantin\AppData\Roaming\GoodnightTimer.ini
2014-08-05 11:00 - 2010-11-23 17:38 - 00000035 _____ () C:\Users\Public\Documents\AtherosServiceConfig.ini
2014-08-05 10:59 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-05 10:59 - 2009-07-14 06:51 - 00161348 _____ () C:\Windows\setupact.log
2014-08-04 22:46 - 2014-08-04 22:46 - 00079991 _____ () C:\Users\Konstantin\Downloads\silverlight (2).diagcab
2014-08-04 12:27 - 2014-08-04 12:26 - 13087456 _____ (Microsoft Corporation) C:\Users\Konstantin\Downloads\Silverlight_x64.exe
2014-08-04 12:21 - 2014-08-04 11:16 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-04 11:54 - 2014-06-12 14:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-04 11:54 - 2012-04-26 18:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-04 11:54 - 2010-11-23 17:00 - 00118438 _____ () C:\Windows\PFRO.log
2014-08-04 11:51 - 2011-06-11 01:32 - 00001167 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-04 11:51 - 2011-06-11 01:32 - 00001155 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-08-04 11:48 - 2014-08-04 11:48 - 00244408 _____ () C:\Users\Konstantin\Downloads\Firefox Setup Stub 31.0.exe
2014-08-04 11:16 - 2014-08-04 11:16 - 00001110 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-04 11:16 - 2014-08-04 11:16 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-04 11:16 - 2014-08-04 11:16 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-08-04 11:15 - 2014-08-04 11:14 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Konstantin\Downloads\mbam-setup-2.0.2.1012(1).exe
2014-08-04 00:51 - 2014-08-04 00:50 - 07703550 _____ (Free Lunch Design ) C:\Users\Konstantin\Downloads\icytower151_install(1).exe
2014-08-04 00:36 - 2011-06-29 22:08 - 00000000 ____D () C:\Users\Konstantin\Desktop\Musik
2014-08-03 23:56 - 2010-08-30 11:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer GameZone
2014-08-03 23:56 - 2010-08-30 11:12 - 00000000 ____D () C:\Program Files (x86)\Acer GameZone
2014-08-03 23:54 - 2014-08-03 23:54 - 00079991 _____ () C:\Users\Konstantin\Downloads\silverlight (1).diagcab
2014-08-03 23:38 - 2014-08-03 23:37 - 00079991 _____ () C:\Users\Konstantin\Downloads\silverlight.diagcab
2014-08-01 16:40 - 2014-08-01 16:40 - 00000512 _____ () C:\Users\Konstantin\Downloads\AngemeldetePruefungendb1fead9-92a0-4866-b911-61058a85db4c.txt
2014-08-01 16:40 - 2014-08-01 16:40 - 00000512 _____ () C:\Users\Konstantin\Downloads\AngemeldetePruefungendb1fead9-92a0-4866-b911-61058a85db4c (1).txt
2014-08-01 16:38 - 2013-10-14 14:16 - 00000000 ____D () C:\Users\Konstantin\Desktop\Studium
2014-07-31 23:45 - 2014-07-22 20:22 - 00000000 ____D () C:\Users\Konstantin\AppData\Local\Battle.net
2014-07-31 23:37 - 2014-07-22 20:31 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-07-31 21:48 - 2014-07-31 21:47 - 16781484 _____ (Malwarebytes Corporation ) C:\Users\Konstantin\Downloads\mbam-setup.exe
2014-07-31 21:45 - 2014-07-31 21:45 - 00686464 _____ (Malwarebytes Corporation ) C:\Users\Konstantin\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-31 21:45 - 2014-07-31 21:44 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Konstantin\Downloads\mbam-clean-2.1.1.1001.exe
2014-07-31 21:35 - 2014-07-31 21:31 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Konstantin\Downloads\mbam-setup-2.0.2.1012_CB-DL-Manager [1].exe
2014-07-31 21:29 - 2014-07-31 21:29 - 00787392 _____ ( ) C:\Users\Konstantin\Downloads\mbam-setup-2.0.2.1012_CB-DL-Manager.exe
2014-07-31 20:41 - 2014-05-23 15:49 - 00000000 ____D () C:\Users\Konstantin\AppData\Local\Spotify
2014-07-27 17:48 - 2011-06-12 14:33 - 00000000 ____D () C:\Users\Konstantin\AppData\Roaming\Skype
2014-07-27 16:01 - 2010-11-24 01:55 - 00654400 _____ () C:\Windows\system32\perfh007.dat
2014-07-27 16:01 - 2010-11-24 01:55 - 00130240 _____ () C:\Windows\system32\perfc007.dat
2014-07-27 16:01 - 2009-07-14 07:13 - 01498742 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-25 22:48 - 2013-12-27 12:04 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-07-25 12:08 - 2014-04-27 22:10 - 00001041 _____ () C:\Users\Konstantin\Desktop\Dropbox.lnk
2014-07-25 12:08 - 2014-04-27 22:05 - 00000000 ____D () C:\Users\Konstantin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-07-24 20:35 - 2014-07-22 20:21 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-07-22 22:03 - 2011-08-07 21:58 - 00000000 ____D () C:\Users\Konstantin\Desktop\Sonstiges
2014-07-22 22:02 - 2014-07-22 22:02 - 00000000 ____D () C:\Users\Konstantin\Desktop\Arbeitsvertrag
2014-07-22 22:00 - 2012-05-30 18:31 - 00000000 ____D () C:\Users\Konstantin\Desktop\Handy
2014-07-22 22:00 - 2011-06-12 10:58 - 00000000 ____D () C:\Users\Konstantin\Desktop\Allgemein
2014-07-22 21:56 - 2014-06-20 15:04 - 00001191 _____ () C:\Users\Public\Desktop\PDF-Viewer.lnk
2014-07-22 21:40 - 2014-07-22 21:40 - 00000000 ____D () C:\Users\Konstantin\AppData\Local\Blizzard
2014-07-22 21:40 - 2014-07-22 20:22 - 00000000 ____D () C:\Users\Konstantin\AppData\Roaming\Battle.net
2014-07-22 20:31 - 2014-07-22 20:31 - 00001163 _____ () C:\Users\Public\Desktop\Hearthstone.lnk
2014-07-22 20:31 - 2014-07-22 20:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2014-07-22 20:22 - 2014-07-22 20:22 - 00000000 ____D () C:\Users\Konstantin\AppData\Local\Blizzard Entertainment
2014-07-22 20:21 - 2014-07-22 20:21 - 00001126 _____ () C:\Users\Public\Desktop\Battle.net.lnk
2014-07-22 20:21 - 2014-07-22 20:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2014-07-22 20:21 - 2014-07-22 20:21 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2014-07-22 20:13 - 2014-07-22 20:13 - 00000000 ____D () C:\ProgramData\Battle.net
2014-07-22 20:13 - 2014-07-22 20:12 - 03099552 _____ (Blizzard Entertainment) C:\Users\Konstantin\Downloads\Hearthstone-Setup-deDE.exe
2014-07-21 20:21 - 2014-07-21 20:21 - 00000000 ____D () C:\Users\Konstantin\Desktop\Simon-Handy-Haftpflicht
2014-07-21 20:17 - 2014-07-21 20:17 - 00000000 ____D () C:\ProgramData\Riot Games
2014-07-21 20:16 - 2011-07-10 15:07 - 00000000 ____D () C:\Users\Konstantin\AppData\Local\CrashDumps
2014-07-16 22:19 - 2014-07-16 22:19 - 00000000 ____D () C:\Users\Konstantin\AppData\Local\{70E1CCE2-5702-4B9C-9D95-1F2F55654B90}
2014-07-16 22:18 - 2011-06-11 02:21 - 00000000 ____D () C:\Users\Konstantin\Tracing
2014-07-16 21:52 - 2014-07-16 21:51 - 00000000 ____D () C:\Users\Konstantin\Desktop\Arbeitspläne
2014-07-14 19:07 - 2014-07-14 19:07 - 00000000 ____D () C:\Users\Konstantin\AppData\Local\{0C978CD3-27E2-4069-8D3C-FFD5BBF1584D}
2014-07-10 22:57 - 2014-07-10 22:57 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-10 22:57 - 2013-07-26 20:08 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-10 22:54 - 2013-02-03 14:11 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-10 21:30 - 2012-05-28 12:03 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-10 21:30 - 2012-05-28 12:02 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-10 21:30 - 2011-06-11 01:37 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
Some content of TEMP:
====================
C:\Users\Konstantin\AppData\Local\Temp\AskSLib.dll
C:\Users\Konstantin\AppData\Local\Temp\avgnt.exe
C:\Users\Konstantin\AppData\Local\Temp\CmdLineExt02.dll
C:\Users\Konstantin\AppData\Local\Temp\COMAP.EXE
C:\Users\Konstantin\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Konstantin\AppData\Local\Temp\drm_dyndata_7410004.dll
C:\Users\Konstantin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpu_vxq4.dll
C:\Users\Konstantin\AppData\Local\Temp\GUR8F24.exe
C:\Users\Konstantin\AppData\Local\Temp\MSNC2A4.exe
C:\Users\Konstantin\AppData\Local\Temp\nitro_reader3.exe
C:\Users\Konstantin\AppData\Local\Temp\nitro_reader3_64.exe
C:\Users\Konstantin\AppData\Local\Temp\Offercast_AVIRAV7_.exe
C:\Users\Konstantin\AppData\Local\Temp\SIntf16.dll
C:\Users\Konstantin\AppData\Local\Temp\SIntf32.dll
C:\Users\Konstantin\AppData\Local\Temp\SIntfNT.dll
C:\Users\Konstantin\AppData\Local\Temp\swt-win32-3349.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-08-01 02:01
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-08-05 23:04:29
Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD75 rev.01.0 698,64GB
Running: Gmer-19357.exe; Driver: C:\Users\KONSTA~1\AppData\Local\Temp\awdoqpod.sys
---- Threads - GMER 2.1 ----
Thread [1240:1672] 0000000077bc3e59
Thread [1240:1676] 0000000076367587
Thread [1240:1708] 000000007503bfb4
Thread [1240:1824] 000000007503bfb4
Thread [1240:1828] 000000007503bfb4
Thread [1240:1832] 000000007503bfb4
Thread [1240:1840] 0000000073af32fb
Thread [1240:1848] 0000000077bc2e3e
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4948:5192] 000007fefb642a88
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4948:5200] 000007fef2f6c0b0
---- Processes - GMER 2.1 ----
Library C:\Users\Konstantin\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll (*** suspicious ***) @ C:\Users\Konstantin\AppData\Roaming\Dropbox\bin\Dropbox.exe [2928](2014-07-21 20:53:38) 0000000004080000
Library c:\users\konsta~1\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpojuvdt.dll (*** suspicious ***) @ C:\Users\Konstantin\AppData\Roaming\Dropbox\bin\Dropbox.exe [2928](2014-08-05 20:53:29) 0000000003de0000
Library C:\Users\Konstantin\AppData\Roaming\Dropbox\bin\libcef.dll (*** suspicious ***) @ C:\Users\Konstantin\AppData\Roaming\Dropbox\bin\Dropbox.exe [2928](2013-10-18 23:55:02) 000000006a5c0000
Library C:\Users\Konstantin\AppData\Roaming\Dropbox\bin\icudt.dll (*** suspicious ***) @ C:\Users\Konstantin\AppData\Roaming\Dropbox\bin\Dropbox.exe [2928] (ICU Data DLL/The ICU Project)(2013-10-18 23:55:00) 0000000069c30000
---- EOF - GMER 2.1 ----
Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 22:09 on 05/08/2014
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
|
|
06.08.2014, 02:47
| #2 |
| /// the machine /// TB-Ausbilder    |  Windows 7: Downloads laufen bis 99% und nicht abgeschlossen hi,
__________________Scan mit Combofix
__________________ |
|
06.08.2014, 10:04
| #3 |
| | Windows 7: Downloads laufen bis 99% und nicht abgeschlossen Servus, hier sind die Log-Files von ComboFix
__________________Code:
ATTFilter ComboFix 14-08-05.01 - Konstantin 06.08.2014 10:37:48.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.3767.1647 [GMT 2:00]
ausgeführt von:: c:\users\Konstantin\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\windows\SysWow64\logs
c:\windows\SysWow64\logs\Game - R3d Logs\2012-10-10_23-21-57_r3dlog.txt
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-07-06 bis 2014-08-06 ))))))))))))))))))))))))))))))
.
.
2014-08-06 08:50 . 2014-08-06 08:50 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-08-06 08:50 . 2014-08-06 08:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-08-06 08:24 . 2014-08-06 08:24 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F8D563E0-C77F-4DAF-8A2A-2EF9A3F3A58F}\offreg.dll
2014-08-06 08:12 . 2014-07-14 02:12 10924376 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F8D563E0-C77F-4DAF-8A2A-2EF9A3F3A58F}\mpengine.dll
2014-08-06 08:07 . 2014-08-06 08:07 -------- d-----w- c:\windows\system32\SPReview
2014-08-05 21:37 . 2014-08-05 21:37 -------- d-----w- c:\program files (x86)\7-Zip
2014-08-05 20:11 . 2014-08-05 20:14 -------- d-----w- C:\FRST
2014-08-04 09:16 . 2014-08-04 10:21 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-04 09:16 . 2014-08-04 09:16 -------- d-----w- c:\program files (x86)\ Malwarebytes Anti-Malware
2014-08-04 09:16 . 2014-08-04 09:16 -------- d-----w- c:\programdata\Malwarebytes
2014-08-04 09:16 . 2014-05-12 05:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-08-04 09:16 . 2014-05-12 05:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-08-04 09:16 . 2014-05-12 05:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-07-22 19:40 . 2014-07-22 19:40 -------- d-----w- c:\users\Konstantin\AppData\Local\Blizzard
2014-07-22 18:31 . 2014-07-31 21:37 -------- d-----w- c:\program files (x86)\Hearthstone
2014-07-22 18:22 . 2014-07-22 18:22 -------- d-----w- c:\users\Konstantin\AppData\Local\Blizzard Entertainment
2014-07-22 18:22 . 2014-07-31 21:45 -------- d-----w- c:\users\Konstantin\AppData\Local\Battle.net
2014-07-22 18:22 . 2014-07-22 19:40 -------- d-----w- c:\users\Konstantin\AppData\Roaming\Battle.net
2014-07-22 18:21 . 2014-07-24 18:35 -------- d-----w- c:\program files (x86)\Battle.net
2014-07-22 18:21 . 2014-07-22 18:31 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment
2014-07-22 18:21 . 2014-07-22 18:21 -------- d-----w- c:\programdata\Blizzard Entertainment
2014-07-22 18:13 . 2014-07-22 18:13 -------- d-----w- c:\programdata\Battle.net
2014-07-21 18:17 . 2014-07-21 18:17 -------- d-----w- c:\programdata\Riot Games
2014-07-10 20:57 . 2014-07-10 20:57 -------- d-s---w- c:\windows\system32\CompatTel
2014-07-10 19:04 . 2014-07-01 01:56 516096 ----a-w- c:\windows\system32\aepdu.dll
2014-07-10 19:04 . 2014-07-01 01:50 424448 ----a-w- c:\windows\system32\aeinv.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-25 20:48 . 2013-12-27 10:04 42040 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2014-07-23 08:52 . 2011-10-05 12:16 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-07-10 20:54 . 2013-02-03 12:11 96441528 ----a-w- c:\windows\system32\MRT.exe
2014-07-10 19:30 . 2012-05-28 10:02 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-10 19:30 . 2011-06-10 23:37 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-04 19:33 . 2013-12-27 10:04 117712 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-06-04 14:02 . 2013-12-27 10:04 130584 ----a-w- c:\windows\system32\drivers\avipbb.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Konstantin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Konstantin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Konstantin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Konstantin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Konstantin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Konstantin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Konstantin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Konstantin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:40 120176 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify"="c:\users\Konstantin\AppData\Roaming\Spotify\Spotify.exe" [2014-07-11 6162488]
"Spotify Web Helper"="c:\users\Konstantin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-07-11 1178168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-07-04 750160]
.
c:\users\Konstantin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Konstantin\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-7-21 35464216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"midi2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys;c:\windows\SYSNATIVE\Drivers\AthDfu.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2014-08-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-28 19:30]
.
2014-08-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2828313656-2441848435-2941730167-1001Core.job
- c:\users\Konstantin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-04 20:18]
.
2014-08-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2828313656-2441848435-2941730167-1001UA.job
- c:\users\Konstantin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-04 20:18]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Konstantin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Konstantin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Konstantin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Konstantin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Konstantin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Konstantin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Konstantin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Konstantin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:42 137584 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-05-27 349552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-23 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-23 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-23 415256]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-22 10920552]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2010-07-29 594080]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2010-07-29 377504]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-06-11 861216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.hiergehtslos.de
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://acer.msn.com
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Konstantin\AppData\Roaming\Mozilla\Firefox\Profiles\ffpiknsx.default\
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: !HIDDEN! 2011-07-10 16:01; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
BHO-{41564952-412D-5637-4300-7A786E7484D7} - (no file)
Toolbar-Locked - (no file)
HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe
HKLM-Run-PLFSetI - c:\windows\PLFSetI.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2828313656-2441848435-2941730167-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2828313656-2441848435-2941730167-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-08-06 10:54:29
ComboFix-quarantined-files.txt 2014-08-06 08:54
.
Vor Suchlauf: 15 Verzeichnis(se), 329.118.699.520 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 332.446.371.840 Bytes frei
.
- - End Of File - - A9B08854170BEC0CB68C0F3662763352
|
|
07.08.2014, 09:22
| #4 |
| /// the machine /// TB-Ausbilder | Windows 7: Downloads laufen bis 99% und nicht abgeschlossen Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
07.08.2014, 11:32
| #5 |
| | Windows 7: Downloads laufen bis 99% und nicht abgeschlossen So, ich denke ich habe alles zusammen  Vorab, die beschriebenen Probleme haben sich bereits verbessert und die Downloads funktionieren wieder problemlos  , weiß aber nicht, woran es jetzt lag und ob alles entfernt wurde  Aber hier die Log-Files Malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 07.08.2014 Suchlauf-Zeit: 10:59:26 Logdatei: Malware 07.08.14.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.08.07.01 Rootkit Datenbank: v2014.08.04.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Self-protection: Deaktiviert Betriebssystem: Windows 7 CPU: x64 Dateisystem: NTFS Benutzer: Konstantin Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 358976 Verstrichene Zeit: 50 Min, 21 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 1 PUP.Optional.OpenCandy, C:\Users\Konstantin\Downloads\winamp561_full_emusic-7plus_de-de.exe, In Quarantäne, [3489ffc4126925114c99f7f28d77a858], Physische Sektoren: 0 (No malicious items detected) (end) Code:
ATTFilter # AdwCleaner v3.303 - Bericht erstellt am 07/08/2014 um 12:05:51
# Aktualisiert 06/08/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium (64 bits)
# Benutzername : Konstantin - KONSTANTIN-PC
# Gestartet von : C:\Users\Konstantin\Desktop\Anti-Malware\AdwCleaner_3.3.0.3.exe
# Option : Suchen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Browser ] *****
-\\ Internet Explorer v9.0.8112.16476
-\\ Mozilla Firefox v31.0 (x86 de)
[ Datei : C:\Users\Konstantin\AppData\Roaming\Mozilla\Firefox\Profiles\ffpiknsx.default\prefs.js ]
-\\ Google Chrome v
[ Datei : C:\Users\Konstantin\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [2203 octets] - [07/08/2014 11:59:40]
AdwCleaner[R1].txt - [900 octets] - [07/08/2014 12:05:51]
AdwCleaner[S0].txt - [1963 octets] - [07/08/2014 12:05:17]
########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [1019 octets] ##########
Hatte deutlich zu viele Zeichen und ist als Zip im Anhang. FRST: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-08-2014
Ran by Konstantin (administrator) on KONSTANTIN-PC on 07-08-2014 12:20:28
Running from C:\Users\Konstantin\Downloads
Platform: Windows 7 Home Premium (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Spotify Ltd) C:\Users\Konstantin\AppData\Roaming\Spotify\spotify.exe
(Spotify Ltd) C:\Users\Konstantin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Dropbox, Inc.) C:\Users\Konstantin\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Users\Konstantin\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Konstantin\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Konstantin\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Konstantin\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Konstantin\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-05-27] (Egis Technology Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-04-13] (ELAN Microelectronic Corp.)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [594080 2010-07-29] (Atheros Communications)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [377504 2010-07-29] (Atheros Commnucations)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-07-04] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2828313656-2441848435-2941730167-1000\...\RunOnce: [ScrSav] => C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-01-15] ()
HKU\S-1-5-21-2828313656-2441848435-2941730167-1001\...\Run: [Spotify] => C:\Users\Konstantin\AppData\Roaming\Spotify\Spotify.exe [6162488 2014-07-11] (Spotify Ltd)
HKU\S-1-5-21-2828313656-2441848435-2941730167-1001\...\Run: [Spotify Web Helper] => C:\Users\Konstantin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1178168 2014-07-11] (Spotify Ltd)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [111720 2010-10-28] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [100456 2010-10-28] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Konstantin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Konstantin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Konstantin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Konstantin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Konstantin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Konstantin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Konstantin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Konstantin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Konstantin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Konstantin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: egisPSDP -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Konstantin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Konstantin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Konstantin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Konstantin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Konstantin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Konstantin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Konstantin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Konstantin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: egisPSDP -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x86\psdprotect.dll (Egis Technology Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: No Name -> {41564952-412D-5637-4300-7A786E7484D7} -> No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Konstantin\AppData\Roaming\Mozilla\Firefox\Profiles\ffpiknsx.default
FF Homepage: www.google.de
FF NetworkProxy: "http", "www-proxy.t-online.de"
FF NetworkProxy: "http_port", 80
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Konstantin\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Konstantin\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Users\Konstantin\AppData\Roaming\Mozilla\Firefox\Profiles\ffpiknsx.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Konstantin\AppData\Roaming\Mozilla\Firefox\Profiles\ffpiknsx.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Konstantin\AppData\Roaming\Mozilla\Firefox\Profiles\ffpiknsx.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Konstantin\AppData\Roaming\Mozilla\Firefox\Profiles\ffpiknsx.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: FB Chat Sidebar Disabler - C:\Users\Konstantin\AppData\Roaming\Mozilla\Firefox\Profiles\ffpiknsx.default\Extensions\fbsidebardisabler@vittgam.net.xpi [2011-08-12]
FF Extension: Telekom YouTube Turbo - C:\Users\Konstantin\AppData\Roaming\Mozilla\Firefox\Profiles\ffpiknsx.default\Extensions\info@maltegoetz.de.xpi [2014-08-05]
FF Extension: User Agent Switcher - C:\Users\Konstantin\AppData\Roaming\Mozilla\Firefox\Profiles\ffpiknsx.default\Extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi [2013-08-02]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-07-10]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Users\Konstantin\AppData\Local\Google\Chrome\Application\36.0.1985.125\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.220.4) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U22) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Konstantin\AppData\Local\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Konstantin\AppData\Local\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Konstantin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\McChPlg.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\Konstantin\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (Google Wallet) - C:\Users\Konstantin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-04]
CHR StartMenuInternet: Google Chrome - C:\Users\Konstantin\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-07-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1030224 2014-07-25] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [52896 2010-07-29] (Atheros Commnucations) [File not signed]
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-27] (Egis Technology Inc.)
S2 DsiWMIService; C:\Program Files (x86)\Launch Manager\dsiwmis.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-09] (Avira Operations GmbH & Co. KG)
U4 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [42040 2014-07-25] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2011-06-11] (DT Soft Ltd)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2012-03-26] (Apple Inc.) [File not signed]
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-07 12:07 - 2014-08-07 12:07 - 00000000 ____D () C:\Windows\ERUNT
2014-08-07 11:59 - 2014-08-07 12:06 - 00000000 ____D () C:\AdwCleaner
2014-08-07 11:42 - 2014-08-07 11:58 - 00000000 ____D () C:\Users\Konstantin\Desktop\Anti-Malware
2014-08-07 11:06 - 2014-08-07 11:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-08-07 11:06 - 2014-08-07 11:06 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-08-07 11:06 - 2014-08-07 11:06 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-08-07 11:04 - 2014-08-07 11:05 - 13087456 _____ (Microsoft Corporation) C:\Users\Konstantin\Downloads\Silverlight_x64(1).exe
2014-08-06 17:42 - 2014-08-06 17:42 - 00000000 ____D () C:\Windows\system32\SPReview
2014-08-06 10:54 - 2014-08-06 10:54 - 00025471 _____ () C:\ComboFix.txt
2014-08-06 10:35 - 2014-08-06 10:54 - 00000000 ____D () C:\Qoobox
2014-08-06 10:35 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-08-06 10:35 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-08-06 10:35 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-08-06 10:35 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-08-06 10:35 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-08-06 10:35 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-08-06 10:35 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-08-06 10:35 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-08-06 10:34 - 2014-08-07 11:52 - 00000000 ____D () C:\Windows\erdnt
2014-08-05 23:39 - 2014-08-05 23:39 - 00000984 _____ () C:\Users\Konstantin\Desktop\7-Zip File Manager.lnk
2014-08-05 23:37 - 2014-08-05 23:37 - 01110476 _____ () C:\Users\Konstantin\Downloads\7z920.exe
2014-08-05 23:37 - 2014-08-05 23:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-08-05 23:37 - 2014-08-05 23:37 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-08-05 22:15 - 2014-08-05 22:15 - 00380416 _____ () C:\Users\Konstantin\Downloads\Gmer-19357.exe
2014-08-05 22:13 - 2014-08-05 22:14 - 00041714 _____ () C:\Users\Konstantin\Downloads\Addition.txt
2014-08-05 22:11 - 2014-08-07 12:20 - 00021908 _____ () C:\Users\Konstantin\Downloads\FRST.txt
2014-08-05 22:11 - 2014-08-07 12:20 - 00000000 ____D () C:\FRST
2014-08-05 22:10 - 2014-08-05 22:10 - 02094080 _____ (Farbar) C:\Users\Konstantin\Downloads\FRST64.exe
2014-08-05 22:09 - 2014-08-05 22:09 - 00000000 _____ () C:\Users\Konstantin\defogger_reenable
2014-08-05 22:07 - 2014-08-05 22:07 - 00050477 _____ () C:\Users\Konstantin\Downloads\Defogger.exe
2014-08-04 22:46 - 2014-08-04 22:46 - 00079991 _____ () C:\Users\Konstantin\Downloads\silverlight (2).diagcab
2014-08-04 12:26 - 2014-08-04 12:27 - 13087456 _____ (Microsoft Corporation) C:\Users\Konstantin\Downloads\Silverlight_x64.exe
2014-08-04 11:48 - 2014-08-04 11:48 - 00244408 _____ () C:\Users\Konstantin\Downloads\Firefox Setup Stub 31.0.exe
2014-08-04 11:16 - 2014-08-07 11:57 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-04 11:16 - 2014-08-04 11:16 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-04 11:16 - 2014-08-04 11:16 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-08-04 11:16 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-04 11:16 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-04 11:16 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-04 11:14 - 2014-08-04 11:15 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Konstantin\Downloads\mbam-setup-2.0.2.1012(1).exe
2014-08-04 00:50 - 2014-08-04 00:51 - 07703550 _____ (Free Lunch Design ) C:\Users\Konstantin\Downloads\icytower151_install(1).exe
2014-08-03 23:54 - 2014-08-03 23:54 - 00079991 _____ () C:\Users\Konstantin\Downloads\silverlight (1).diagcab
2014-08-03 23:37 - 2014-08-03 23:38 - 00079991 _____ () C:\Users\Konstantin\Downloads\silverlight.diagcab
2014-08-01 16:40 - 2014-08-01 16:40 - 00000512 _____ () C:\Users\Konstantin\Downloads\AngemeldetePruefungendb1fead9-92a0-4866-b911-61058a85db4c.txt
2014-08-01 16:40 - 2014-08-01 16:40 - 00000512 _____ () C:\Users\Konstantin\Downloads\AngemeldetePruefungendb1fead9-92a0-4866-b911-61058a85db4c (1).txt
2014-07-31 21:47 - 2014-07-31 21:48 - 16781484 _____ (Malwarebytes Corporation ) C:\Users\Konstantin\Downloads\mbam-setup.exe
2014-07-31 21:45 - 2014-07-31 21:45 - 00686464 _____ (Malwarebytes Corporation ) C:\Users\Konstantin\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-31 21:44 - 2014-07-31 21:45 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Konstantin\Downloads\mbam-clean-2.1.1.1001.exe
2014-07-31 21:31 - 2014-07-31 21:35 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Konstantin\Downloads\mbam-setup-2.0.2.1012_CB-DL-Manager [1].exe
2014-07-31 21:29 - 2014-07-31 21:29 - 00787392 _____ ( ) C:\Users\Konstantin\Downloads\mbam-setup-2.0.2.1012_CB-DL-Manager.exe
2014-07-22 22:02 - 2014-07-22 22:02 - 00000000 ____D () C:\Users\Konstantin\Desktop\Arbeitsvertrag
2014-07-22 21:40 - 2014-07-22 21:40 - 00000000 ____D () C:\Users\Konstantin\AppData\Local\Blizzard
2014-07-22 20:31 - 2014-07-31 23:37 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-07-22 20:31 - 2014-07-22 20:31 - 00001163 _____ () C:\Users\Public\Desktop\Hearthstone.lnk
2014-07-22 20:31 - 2014-07-22 20:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2014-07-22 20:22 - 2014-07-31 23:45 - 00000000 ____D () C:\Users\Konstantin\AppData\Local\Battle.net
2014-07-22 20:22 - 2014-07-22 21:40 - 00000000 ____D () C:\Users\Konstantin\AppData\Roaming\Battle.net
2014-07-22 20:22 - 2014-07-22 20:22 - 00000000 ____D () C:\Users\Konstantin\AppData\Local\Blizzard Entertainment
2014-07-22 20:21 - 2014-07-24 20:35 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-07-22 20:21 - 2014-07-22 20:21 - 00001126 _____ () C:\Users\Public\Desktop\Battle.net.lnk
2014-07-22 20:21 - 2014-07-22 20:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2014-07-22 20:21 - 2014-07-22 20:21 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2014-07-22 20:13 - 2014-07-22 20:13 - 00000000 ____D () C:\ProgramData\Battle.net
2014-07-22 20:12 - 2014-07-22 20:13 - 03099552 _____ (Blizzard Entertainment) C:\Users\Konstantin\Downloads\Hearthstone-Setup-deDE.exe
2014-07-21 20:21 - 2014-07-21 20:21 - 00000000 ____D () C:\Users\Konstantin\Desktop\Simon-Handy-Haftpflicht
2014-07-21 20:17 - 2014-07-21 20:17 - 00000000 ____D () C:\ProgramData\Riot Games
2014-07-16 21:51 - 2014-07-16 21:52 - 00000000 ____D () C:\Users\Konstantin\Desktop\Arbeitspläne
2014-07-10 22:57 - 2014-07-10 22:57 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-10 21:04 - 2014-07-01 03:56 - 00516096 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-10 21:04 - 2014-07-01 03:50 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-07 12:22 - 2014-08-05 22:11 - 00021908 _____ () C:\Users\Konstantin\Downloads\FRST.txt
2014-08-07 12:22 - 2011-10-04 22:18 - 00001140 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2828313656-2441848435-2941730167-1001UA.job
2014-08-07 12:20 - 2014-08-05 22:11 - 00000000 ____D () C:\FRST
2014-08-07 12:20 - 2014-05-23 15:49 - 00000000 ____D () C:\Users\Konstantin\AppData\Roaming\Spotify
2014-08-07 12:15 - 2014-04-27 22:10 - 00000000 ___RD () C:\Users\Konstantin\Dropbox
2014-08-07 12:15 - 2014-04-27 22:04 - 00000000 ____D () C:\Users\Konstantin\AppData\Roaming\Dropbox
2014-08-07 12:15 - 2010-11-23 17:38 - 00000035 _____ () C:\Users\Public\Documents\AtherosServiceConfig.ini
2014-08-07 12:15 - 2010-11-23 17:00 - 00119708 _____ () C:\Windows\PFRO.log
2014-08-07 12:15 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-07 12:15 - 2009-07-14 06:51 - 00161684 _____ () C:\Windows\setupact.log
2014-08-07 12:14 - 2010-11-23 17:03 - 01823087 _____ () C:\Windows\WindowsUpdate.log
2014-08-07 12:07 - 2014-08-07 12:07 - 00000000 ____D () C:\Windows\ERUNT
2014-08-07 12:06 - 2014-08-07 11:59 - 00000000 ____D () C:\AdwCleaner
2014-08-07 12:05 - 2011-07-10 15:07 - 00000000 ____D () C:\Users\Konstantin\AppData\Local\CrashDumps
2014-08-07 12:02 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-07 12:02 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-07 11:58 - 2014-08-07 11:42 - 00000000 ____D () C:\Users\Konstantin\Desktop\Anti-Malware
2014-08-07 11:57 - 2014-08-04 11:16 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-07 11:54 - 2014-08-06 10:34 - 00000000 ____D () C:\Windows\erdnt
2014-08-07 11:43 - 2011-06-12 10:58 - 00000000 ____D () C:\Users\Konstantin\Desktop\Allgemein
2014-08-07 11:30 - 2012-05-28 12:03 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-07 11:06 - 2014-08-07 11:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-08-07 11:06 - 2014-08-07 11:06 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-08-07 11:06 - 2014-08-07 11:06 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-08-07 11:05 - 2014-08-07 11:04 - 13087456 _____ (Microsoft Corporation) C:\Users\Konstantin\Downloads\Silverlight_x64(1).exe
2014-08-06 17:42 - 2014-08-06 17:42 - 00000000 ____D () C:\Windows\system32\SPReview
2014-08-06 17:22 - 2011-10-04 22:18 - 00001088 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2828313656-2441848435-2941730167-1001Core.job
2014-08-06 10:54 - 2014-08-06 10:54 - 00025471 _____ () C:\ComboFix.txt
2014-08-06 10:54 - 2014-08-06 10:35 - 00000000 ____D () C:\Qoobox
2014-08-06 10:54 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-08-06 10:51 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-08-06 10:32 - 2011-06-12 14:33 - 00000000 ____D () C:\Users\Konstantin\AppData\Roaming\Skype
2014-08-06 09:56 - 2011-06-12 00:36 - 00000059 _____ () C:\Users\Konstantin\AppData\Roaming\GoodnightTimer.ini
2014-08-05 23:39 - 2014-08-05 23:39 - 00000984 _____ () C:\Users\Konstantin\Desktop\7-Zip File Manager.lnk
2014-08-05 23:37 - 2014-08-05 23:37 - 01110476 _____ () C:\Users\Konstantin\Downloads\7z920.exe
2014-08-05 23:37 - 2014-08-05 23:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-08-05 23:37 - 2014-08-05 23:37 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-08-05 22:15 - 2014-08-05 22:15 - 00380416 _____ () C:\Users\Konstantin\Downloads\Gmer-19357.exe
2014-08-05 22:14 - 2014-08-05 22:13 - 00041714 _____ () C:\Users\Konstantin\Downloads\Addition.txt
2014-08-05 22:10 - 2014-08-05 22:10 - 02094080 _____ (Farbar) C:\Users\Konstantin\Downloads\FRST64.exe
2014-08-05 22:09 - 2014-08-05 22:09 - 00000000 _____ () C:\Users\Konstantin\defogger_reenable
2014-08-05 22:09 - 2011-06-11 01:18 - 00000000 ____D () C:\Users\Konstantin
2014-08-05 22:07 - 2014-08-05 22:07 - 00050477 _____ () C:\Users\Konstantin\Downloads\Defogger.exe
2014-08-05 21:16 - 2010-11-23 17:17 - 00000000 ____D () C:\Program Files (x86)\Launch Manager
2014-08-04 22:46 - 2014-08-04 22:46 - 00079991 _____ () C:\Users\Konstantin\Downloads\silverlight (2).diagcab
2014-08-04 12:27 - 2014-08-04 12:26 - 13087456 _____ (Microsoft Corporation) C:\Users\Konstantin\Downloads\Silverlight_x64.exe
2014-08-04 11:54 - 2014-06-12 14:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-04 11:54 - 2012-04-26 18:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-04 11:51 - 2011-06-11 01:32 - 00001167 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-04 11:51 - 2011-06-11 01:32 - 00001155 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-08-04 11:48 - 2014-08-04 11:48 - 00244408 _____ () C:\Users\Konstantin\Downloads\Firefox Setup Stub 31.0.exe
2014-08-04 11:16 - 2014-08-04 11:16 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-04 11:16 - 2014-08-04 11:16 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-08-04 11:15 - 2014-08-04 11:14 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Konstantin\Downloads\mbam-setup-2.0.2.1012(1).exe
2014-08-04 00:51 - 2014-08-04 00:50 - 07703550 _____ (Free Lunch Design ) C:\Users\Konstantin\Downloads\icytower151_install(1).exe
2014-08-04 00:36 - 2011-06-29 22:08 - 00000000 ____D () C:\Users\Konstantin\Desktop\Musik
2014-08-03 23:56 - 2010-08-30 11:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer GameZone
2014-08-03 23:56 - 2010-08-30 11:12 - 00000000 ____D () C:\Program Files (x86)\Acer GameZone
2014-08-03 23:54 - 2014-08-03 23:54 - 00079991 _____ () C:\Users\Konstantin\Downloads\silverlight (1).diagcab
2014-08-03 23:38 - 2014-08-03 23:37 - 00079991 _____ () C:\Users\Konstantin\Downloads\silverlight.diagcab
2014-08-01 16:40 - 2014-08-01 16:40 - 00000512 _____ () C:\Users\Konstantin\Downloads\AngemeldetePruefungendb1fead9-92a0-4866-b911-61058a85db4c.txt
2014-08-01 16:40 - 2014-08-01 16:40 - 00000512 _____ () C:\Users\Konstantin\Downloads\AngemeldetePruefungendb1fead9-92a0-4866-b911-61058a85db4c (1).txt
2014-08-01 16:38 - 2013-10-14 14:16 - 00000000 ____D () C:\Users\Konstantin\Desktop\Studium
2014-07-31 23:45 - 2014-07-22 20:22 - 00000000 ____D () C:\Users\Konstantin\AppData\Local\Battle.net
2014-07-31 23:37 - 2014-07-22 20:31 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-07-31 21:48 - 2014-07-31 21:47 - 16781484 _____ (Malwarebytes Corporation ) C:\Users\Konstantin\Downloads\mbam-setup.exe
2014-07-31 21:45 - 2014-07-31 21:45 - 00686464 _____ (Malwarebytes Corporation ) C:\Users\Konstantin\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-31 21:45 - 2014-07-31 21:44 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Konstantin\Downloads\mbam-clean-2.1.1.1001.exe
2014-07-31 21:35 - 2014-07-31 21:31 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Konstantin\Downloads\mbam-setup-2.0.2.1012_CB-DL-Manager [1].exe
2014-07-31 21:29 - 2014-07-31 21:29 - 00787392 _____ ( ) C:\Users\Konstantin\Downloads\mbam-setup-2.0.2.1012_CB-DL-Manager.exe
2014-07-31 20:41 - 2014-05-23 15:49 - 00000000 ____D () C:\Users\Konstantin\AppData\Local\Spotify
2014-07-27 16:01 - 2010-11-24 01:55 - 00654400 _____ () C:\Windows\system32\perfh007.dat
2014-07-27 16:01 - 2010-11-24 01:55 - 00130240 _____ () C:\Windows\system32\perfc007.dat
2014-07-27 16:01 - 2009-07-14 07:13 - 01498742 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-25 22:48 - 2013-12-27 12:04 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-07-25 12:08 - 2014-04-27 22:10 - 00001041 _____ () C:\Users\Konstantin\Desktop\Dropbox.lnk
2014-07-25 12:08 - 2014-04-27 22:05 - 00000000 ____D () C:\Users\Konstantin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-07-24 20:35 - 2014-07-22 20:21 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-07-23 10:52 - 2011-10-05 14:16 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-07-22 22:03 - 2011-08-07 21:58 - 00000000 ____D () C:\Users\Konstantin\Desktop\Sonstiges
2014-07-22 22:02 - 2014-07-22 22:02 - 00000000 ____D () C:\Users\Konstantin\Desktop\Arbeitsvertrag
2014-07-22 22:00 - 2012-05-30 18:31 - 00000000 ____D () C:\Users\Konstantin\Desktop\Handy
2014-07-22 21:56 - 2014-06-20 15:04 - 00001191 _____ () C:\Users\Public\Desktop\PDF-Viewer.lnk
2014-07-22 21:40 - 2014-07-22 21:40 - 00000000 ____D () C:\Users\Konstantin\AppData\Local\Blizzard
2014-07-22 21:40 - 2014-07-22 20:22 - 00000000 ____D () C:\Users\Konstantin\AppData\Roaming\Battle.net
2014-07-22 20:31 - 2014-07-22 20:31 - 00001163 _____ () C:\Users\Public\Desktop\Hearthstone.lnk
2014-07-22 20:31 - 2014-07-22 20:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2014-07-22 20:22 - 2014-07-22 20:22 - 00000000 ____D () C:\Users\Konstantin\AppData\Local\Blizzard Entertainment
2014-07-22 20:21 - 2014-07-22 20:21 - 00001126 _____ () C:\Users\Public\Desktop\Battle.net.lnk
2014-07-22 20:21 - 2014-07-22 20:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2014-07-22 20:21 - 2014-07-22 20:21 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2014-07-22 20:13 - 2014-07-22 20:13 - 00000000 ____D () C:\ProgramData\Battle.net
2014-07-22 20:13 - 2014-07-22 20:12 - 03099552 _____ (Blizzard Entertainment) C:\Users\Konstantin\Downloads\Hearthstone-Setup-deDE.exe
2014-07-21 20:21 - 2014-07-21 20:21 - 00000000 ____D () C:\Users\Konstantin\Desktop\Simon-Handy-Haftpflicht
2014-07-21 20:17 - 2014-07-21 20:17 - 00000000 ____D () C:\ProgramData\Riot Games
2014-07-16 22:18 - 2011-06-11 02:21 - 00000000 ____D () C:\Users\Konstantin\Tracing
2014-07-16 21:52 - 2014-07-16 21:51 - 00000000 ____D () C:\Users\Konstantin\Desktop\Arbeitspläne
2014-07-10 22:57 - 2014-07-10 22:57 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-10 22:57 - 2013-07-26 20:08 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-10 22:54 - 2013-02-03 14:11 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-10 21:30 - 2012-05-28 12:03 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-10 21:30 - 2012-05-28 12:02 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-10 21:30 - 2011-06-11 01:37 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
Some content of TEMP:
====================
C:\Users\Konstantin\AppData\Local\Temp\avgnt.exe
C:\Users\Konstantin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkz7fnt.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-08-01 02:01
==================== End Of Log ============================
--- --- --- Ist schon zu erkennen, ob und was das Problem war?  Gruß |
|
08.08.2014, 13:00
| #6 |
| /// the machine /// TB-Ausbilder | Windows 7: Downloads laufen bis 99% und nicht abgeschlossen Combofix hat es behoben. ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ --> Windows 7: Downloads laufen bis 99% und nicht abgeschlossen |
|
09.08.2014, 00:36
| #7 |
| | Windows 7: Downloads laufen bis 99% und nicht abgeschlossen Servus, vielen Dank für den Support! Hier der ESET: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=12
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=08ff90b6f65d174bae3496745787da61
# engine=19566
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-08-08 08:09:31
# local_time=2014-08-08 10:09:31 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7600 NT
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 21563 20946733 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 22114 159158421 0 0
# scanned=325015
# found=9
# cleaned=0
# scan_time=7706
sh=8992F72873D09212597E582A16F8D9BC60E6A22A ft=1 fh=e21391a34e842ffc vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe.vir"
sh=C100563CA93CB8082CEDBC8BA738B83C8B1F3A05 ft=0 fh=0000000000000000 vn="Variante von Android/AdDisplay.Djoy.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Konstantin\Desktop\Handy\Handy Speicherkarte\download\EmuRoms.apk"
sh=F0803B249A9EB23A27DDC384838C51AE3D598BE3 ft=1 fh=35c1ebbcb9c2fd66 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Konstantin\Downloads\ashampoo_burning_studio_2012_10.0.15_10583.exe"
sh=E5AB41BD9FC5166F039421C8F3B022752C3C605A ft=1 fh=9bffae5f27f9209e vn="Variante von Win32/Toolbar.Conduit.AI evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Konstantin\Downloads\FreeYouTubeToMP3Converter.exe"
sh=596D78A7F03D1DAEE86BCCE8DD7713AA60E8F9E4 ft=1 fh=8eaf1d336ac02ccc vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Konstantin\Downloads\FreeYouTubeToMP3Converter34.exe"
sh=AF63308AD4F9169575D7818886A4AF93C170D7B0 ft=1 fh=31688d33723650fa vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Konstantin\Downloads\icytower151_install(1).exe"
sh=AF63308AD4F9169575D7818886A4AF93C170D7B0 ft=1 fh=31688d33723650fa vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Konstantin\Downloads\icytower151_install.exe"
sh=55355942E2D03BB6C256F2222C9233E9213BA7CC ft=1 fh=74bc3bfee77212ad vn="Variante von Win32/InstallCore.OZ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Konstantin\Downloads\mbam-setup-2.0.2.1012_CB-DL-Manager.exe"
sh=1120C377D3A2546145B5AE4B17986220CF07F32E ft=1 fh=7fe94070b4dfae2c vn="Win32/StartPage.OIE Trojaner" ac=I fn="C:\Users\Konstantin\Downloads\vlc-1.1.10-win32.exe"
Code:
ATTFilter Results of screen317's Security Check version 0.99.86
Windows 7 x64 (UAC is disabled!)
Out of date service pack!!
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java(TM) 6 Update 22
Java version out of Date!
Adobe Flash Player 14.0.0.145
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (31.0)
Google Chrome 35.0.1916.153
Google Chrome 36.0.1985.125
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-08-2014
Ran by Konstantin (administrator) on KONSTANTIN-PC on 09-08-2014 01:24:50
Running from C:\Users\Konstantin\Downloads
Platform: Windows 7 Home Premium (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Spotify Ltd) C:\Users\Konstantin\AppData\Roaming\Spotify\spotify.exe
(Spotify Ltd) C:\Users\Konstantin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Dropbox, Inc.) C:\Users\Konstantin\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Users\Konstantin\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Konstantin\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Konstantin\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Konstantin\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Tracker Software Products (Canada) Ltd.) C:\Program Files\Tracker Software\PDF Viewer\PDFXCview.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
() C:\Users\Konstantin\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Users\Konstantin\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-05-27] (Egis Technology Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-04-13] (ELAN Microelectronic Corp.)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [594080 2010-07-29] (Atheros Communications)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [377504 2010-07-29] (Atheros Commnucations)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-08] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [190032 2014-07-24] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2828313656-2441848435-2941730167-1000\...\RunOnce: [ScrSav] => C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-01-15] ()
HKU\S-1-5-21-2828313656-2441848435-2941730167-1001\...\Run: [Spotify] => C:\Users\Konstantin\AppData\Roaming\Spotify\Spotify.exe [6162488 2014-07-11] (Spotify Ltd)
HKU\S-1-5-21-2828313656-2441848435-2941730167-1001\...\Run: [Spotify Web Helper] => C:\Users\Konstantin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1178168 2014-07-11] (Spotify Ltd)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [111720 2010-10-28] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [100456 2010-10-28] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Konstantin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Konstantin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Konstantin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Konstantin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Konstantin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Konstantin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Konstantin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Konstantin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Konstantin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Konstantin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: egisPSDP -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Konstantin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Konstantin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Konstantin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Konstantin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Konstantin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Konstantin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Konstantin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Konstantin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: egisPSDP -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x86\psdprotect.dll (Egis Technology Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: No Name -> {41564952-412D-5637-4300-7A786E7484D7} -> No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Konstantin\AppData\Roaming\Mozilla\Firefox\Profiles\ffpiknsx.default
FF Homepage: www.google.de
FF NetworkProxy: "http", "www-proxy.t-online.de"
FF NetworkProxy: "http_port", 80
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Konstantin\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Konstantin\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Users\Konstantin\AppData\Roaming\Mozilla\Firefox\Profiles\ffpiknsx.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Konstantin\AppData\Roaming\Mozilla\Firefox\Profiles\ffpiknsx.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Konstantin\AppData\Roaming\Mozilla\Firefox\Profiles\ffpiknsx.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Konstantin\AppData\Roaming\Mozilla\Firefox\Profiles\ffpiknsx.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira Browser Safety - C:\Users\Konstantin\AppData\Roaming\Mozilla\Firefox\Profiles\ffpiknsx.default\Extensions\abs@avira.com [2014-08-08]
FF Extension: FB Chat Sidebar Disabler - C:\Users\Konstantin\AppData\Roaming\Mozilla\Firefox\Profiles\ffpiknsx.default\Extensions\fbsidebardisabler@vittgam.net.xpi [2011-08-12]
FF Extension: Telekom YouTube Turbo - C:\Users\Konstantin\AppData\Roaming\Mozilla\Firefox\Profiles\ffpiknsx.default\Extensions\info@maltegoetz.de.xpi [2014-08-05]
FF Extension: User Agent Switcher - C:\Users\Konstantin\AppData\Roaming\Mozilla\Firefox\Profiles\ffpiknsx.default\Extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi [2013-08-02]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-07-10]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Users\Konstantin\AppData\Local\Google\Chrome\Application\36.0.1985.125\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.220.4) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U22) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Konstantin\AppData\Local\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Konstantin\AppData\Local\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Konstantin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\McChPlg.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\Konstantin\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (Google Wallet) - C:\Users\Konstantin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-04]
CHR StartMenuInternet: Google Chrome - C:\Users\Konstantin\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-08] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-08] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1021520 2014-08-08] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [52896 2010-07-29] (Atheros Commnucations) [File not signed]
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [141392 2014-07-24] (Avira Operations GmbH & Co. KG)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-27] (Egis Technology Inc.)
S2 DsiWMIService; C:\Program Files (x86)\Launch Manager\dsiwmis.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-09] (Avira Operations GmbH & Co. KG)
U4 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [42040 2014-07-25] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2011-06-11] (DT Soft Ltd)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2012-03-26] (Apple Inc.) [File not signed]
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-09 01:20 - 2014-08-09 01:20 - 00854410 _____ () C:\Users\Konstantin\Desktop\SecurityCheck.exe
2014-08-08 19:52 - 2014-08-08 19:52 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-08-08 19:51 - 2014-08-08 19:52 - 02347384 _____ (ESET) C:\Users\Konstantin\Desktop\esetsmartinstaller_deu.exe
2014-08-08 16:10 - 2014-08-08 16:17 - 00001141 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-08 16:10 - 2014-08-08 16:17 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-08 14:12 - 2014-08-08 14:12 - 00000000 ____D () C:\Windows\system32\SPReview
2014-08-07 12:07 - 2014-08-07 12:07 - 00000000 ____D () C:\Windows\ERUNT
2014-08-07 11:59 - 2014-08-07 12:06 - 00000000 ____D () C:\AdwCleaner
2014-08-07 11:42 - 2014-08-07 11:58 - 00000000 ____D () C:\Users\Konstantin\Desktop\Anti-Malware
2014-08-07 11:06 - 2014-08-07 11:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-08-07 11:06 - 2014-08-07 11:06 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-08-07 11:06 - 2014-08-07 11:06 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-08-07 11:04 - 2014-08-07 11:05 - 13087456 _____ (Microsoft Corporation) C:\Users\Konstantin\Downloads\Silverlight_x64(1).exe
2014-08-06 10:54 - 2014-08-06 10:54 - 00025471 _____ () C:\ComboFix.txt
2014-08-06 10:35 - 2014-08-06 10:54 - 00000000 ____D () C:\Qoobox
2014-08-06 10:35 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-08-06 10:35 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-08-06 10:35 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-08-06 10:35 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-08-06 10:35 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-08-06 10:35 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-08-06 10:35 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-08-06 10:35 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-08-06 10:34 - 2014-08-07 11:54 - 00000000 ____D () C:\Windows\erdnt
2014-08-05 23:39 - 2014-08-05 23:39 - 00000984 _____ () C:\Users\Konstantin\Desktop\7-Zip File Manager.lnk
2014-08-05 23:37 - 2014-08-05 23:37 - 01110476 _____ () C:\Users\Konstantin\Downloads\7z920.exe
2014-08-05 23:37 - 2014-08-05 23:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-08-05 23:37 - 2014-08-05 23:37 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-08-05 22:15 - 2014-08-05 22:15 - 00380416 _____ () C:\Users\Konstantin\Downloads\Gmer-19357.exe
2014-08-05 22:13 - 2014-08-05 22:14 - 00041714 _____ () C:\Users\Konstantin\Downloads\Addition.txt
2014-08-05 22:11 - 2014-08-09 01:24 - 00022717 _____ () C:\Users\Konstantin\Downloads\FRST.txt
2014-08-05 22:11 - 2014-08-09 01:24 - 00000000 ____D () C:\FRST
2014-08-05 22:10 - 2014-08-05 22:10 - 02094080 _____ (Farbar) C:\Users\Konstantin\Downloads\FRST64.exe
2014-08-05 22:09 - 2014-08-05 22:09 - 00000000 _____ () C:\Users\Konstantin\defogger_reenable
2014-08-05 22:07 - 2014-08-05 22:07 - 00050477 _____ () C:\Users\Konstantin\Downloads\Defogger.exe
2014-08-04 22:46 - 2014-08-04 22:46 - 00079991 _____ () C:\Users\Konstantin\Downloads\silverlight (2).diagcab
2014-08-04 12:26 - 2014-08-04 12:27 - 13087456 _____ (Microsoft Corporation) C:\Users\Konstantin\Downloads\Silverlight_x64.exe
2014-08-04 11:48 - 2014-08-04 11:48 - 00244408 _____ () C:\Users\Konstantin\Downloads\Firefox Setup Stub 31.0.exe
2014-08-04 11:16 - 2014-08-07 11:57 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-04 11:16 - 2014-08-04 11:16 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-04 11:16 - 2014-08-04 11:16 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-08-04 11:16 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-04 11:16 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-04 11:16 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-04 11:14 - 2014-08-04 11:15 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Konstantin\Downloads\mbam-setup-2.0.2.1012(1).exe
2014-08-04 00:50 - 2014-08-04 00:51 - 07703550 _____ (Free Lunch Design ) C:\Users\Konstantin\Downloads\icytower151_install(1).exe
2014-08-03 23:54 - 2014-08-03 23:54 - 00079991 _____ () C:\Users\Konstantin\Downloads\silverlight (1).diagcab
2014-08-03 23:37 - 2014-08-03 23:38 - 00079991 _____ () C:\Users\Konstantin\Downloads\silverlight.diagcab
2014-08-01 16:40 - 2014-08-01 16:40 - 00000512 _____ () C:\Users\Konstantin\Downloads\AngemeldetePruefungendb1fead9-92a0-4866-b911-61058a85db4c.txt
2014-08-01 16:40 - 2014-08-01 16:40 - 00000512 _____ () C:\Users\Konstantin\Downloads\AngemeldetePruefungendb1fead9-92a0-4866-b911-61058a85db4c (1).txt
2014-07-31 21:47 - 2014-07-31 21:48 - 16781484 _____ (Malwarebytes Corporation ) C:\Users\Konstantin\Downloads\mbam-setup.exe
2014-07-31 21:45 - 2014-07-31 21:45 - 00686464 _____ (Malwarebytes Corporation ) C:\Users\Konstantin\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-31 21:44 - 2014-07-31 21:45 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Konstantin\Downloads\mbam-clean-2.1.1.1001.exe
2014-07-31 21:31 - 2014-07-31 21:35 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Konstantin\Downloads\mbam-setup-2.0.2.1012_CB-DL-Manager [1].exe
2014-07-31 21:29 - 2014-07-31 21:29 - 00787392 _____ ( ) C:\Users\Konstantin\Downloads\mbam-setup-2.0.2.1012_CB-DL-Manager.exe
2014-07-22 22:02 - 2014-07-22 22:02 - 00000000 ____D () C:\Users\Konstantin\Desktop\Arbeitsvertrag
2014-07-22 21:40 - 2014-07-22 21:40 - 00000000 ____D () C:\Users\Konstantin\AppData\Local\Blizzard
2014-07-22 20:31 - 2014-07-31 23:37 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-07-22 20:31 - 2014-07-22 20:31 - 00001163 _____ () C:\Users\Public\Desktop\Hearthstone.lnk
2014-07-22 20:31 - 2014-07-22 20:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2014-07-22 20:22 - 2014-07-31 23:45 - 00000000 ____D () C:\Users\Konstantin\AppData\Local\Battle.net
2014-07-22 20:22 - 2014-07-22 21:40 - 00000000 ____D () C:\Users\Konstantin\AppData\Roaming\Battle.net
2014-07-22 20:22 - 2014-07-22 20:22 - 00000000 ____D () C:\Users\Konstantin\AppData\Local\Blizzard Entertainment
2014-07-22 20:21 - 2014-07-24 20:35 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-07-22 20:21 - 2014-07-22 20:21 - 00001126 _____ () C:\Users\Public\Desktop\Battle.net.lnk
2014-07-22 20:21 - 2014-07-22 20:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2014-07-22 20:21 - 2014-07-22 20:21 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2014-07-22 20:13 - 2014-07-22 20:13 - 00000000 ____D () C:\ProgramData\Battle.net
2014-07-22 20:12 - 2014-07-22 20:13 - 03099552 _____ (Blizzard Entertainment) C:\Users\Konstantin\Downloads\Hearthstone-Setup-deDE.exe
2014-07-21 20:21 - 2014-07-21 20:21 - 00000000 ____D () C:\Users\Konstantin\Desktop\Simon-Handy-Haftpflicht
2014-07-21 20:17 - 2014-07-21 20:17 - 00000000 ____D () C:\ProgramData\Riot Games
2014-07-16 21:51 - 2014-07-16 21:52 - 00000000 ____D () C:\Users\Konstantin\Desktop\Arbeitspläne
2014-07-10 22:57 - 2014-07-10 22:57 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-10 21:04 - 2014-07-01 03:56 - 00516096 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-10 21:04 - 2014-07-01 03:50 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-09 01:25 - 2014-08-05 22:11 - 00022717 _____ () C:\Users\Konstantin\Downloads\FRST.txt
2014-08-09 01:24 - 2014-08-05 22:11 - 00000000 ____D () C:\FRST
2014-08-09 01:22 - 2011-10-04 22:18 - 00001140 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2828313656-2441848435-2941730167-1001UA.job
2014-08-09 01:20 - 2014-08-09 01:20 - 00854410 _____ () C:\Users\Konstantin\Desktop\SecurityCheck.exe
2014-08-09 01:16 - 2009-07-14 06:51 - 00161852 _____ () C:\Windows\setupact.log
2014-08-09 00:30 - 2012-05-28 12:03 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-08 21:04 - 2014-05-23 15:49 - 00000000 ____D () C:\Users\Konstantin\AppData\Roaming\Spotify
2014-08-08 19:52 - 2014-08-08 19:52 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-08-08 19:52 - 2014-08-08 19:51 - 02347384 _____ (ESET) C:\Users\Konstantin\Desktop\esetsmartinstaller_deu.exe
2014-08-08 17:22 - 2011-10-04 22:18 - 00001088 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2828313656-2441848435-2941730167-1001Core.job
2014-08-08 16:28 - 2010-11-23 17:03 - 01884691 _____ () C:\Windows\WindowsUpdate.log
2014-08-08 16:17 - 2014-08-08 16:10 - 00001141 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-08 16:17 - 2014-08-08 16:10 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-08 16:17 - 2013-12-27 12:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-08 16:17 - 2013-12-27 12:04 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-08-08 16:10 - 2013-12-27 12:04 - 00000000 ____D () C:\ProgramData\Avira
2014-08-08 14:12 - 2014-08-08 14:12 - 00000000 ____D () C:\Windows\system32\SPReview
2014-08-08 14:12 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-08 14:12 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-08 14:03 - 2014-04-27 22:10 - 00000000 ___RD () C:\Users\Konstantin\Dropbox
2014-08-08 14:03 - 2014-04-27 22:04 - 00000000 ____D () C:\Users\Konstantin\AppData\Roaming\Dropbox
2014-08-08 14:02 - 2011-06-12 00:36 - 00000059 _____ () C:\Users\Konstantin\AppData\Roaming\GoodnightTimer.ini
2014-08-08 14:02 - 2010-11-23 17:38 - 00000035 _____ () C:\Users\Public\Documents\AtherosServiceConfig.ini
2014-08-08 14:02 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-07 12:15 - 2010-11-23 17:00 - 00119708 _____ () C:\Windows\PFRO.log
2014-08-07 12:07 - 2014-08-07 12:07 - 00000000 ____D () C:\Windows\ERUNT
2014-08-07 12:06 - 2014-08-07 11:59 - 00000000 ____D () C:\AdwCleaner
2014-08-07 12:05 - 2011-07-10 15:07 - 00000000 ____D () C:\Users\Konstantin\AppData\Local\CrashDumps
2014-08-07 11:58 - 2014-08-07 11:42 - 00000000 ____D () C:\Users\Konstantin\Desktop\Anti-Malware
2014-08-07 11:57 - 2014-08-04 11:16 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-07 11:54 - 2014-08-06 10:34 - 00000000 ____D () C:\Windows\erdnt
2014-08-07 11:43 - 2011-06-12 10:58 - 00000000 ____D () C:\Users\Konstantin\Desktop\Allgemein
2014-08-07 11:06 - 2014-08-07 11:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-08-07 11:06 - 2014-08-07 11:06 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-08-07 11:06 - 2014-08-07 11:06 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-08-07 11:05 - 2014-08-07 11:04 - 13087456 _____ (Microsoft Corporation) C:\Users\Konstantin\Downloads\Silverlight_x64(1).exe
2014-08-06 10:54 - 2014-08-06 10:54 - 00025471 _____ () C:\ComboFix.txt
2014-08-06 10:54 - 2014-08-06 10:35 - 00000000 ____D () C:\Qoobox
2014-08-06 10:54 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-08-06 10:51 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-08-06 10:32 - 2011-06-12 14:33 - 00000000 ____D () C:\Users\Konstantin\AppData\Roaming\Skype
2014-08-05 23:39 - 2014-08-05 23:39 - 00000984 _____ () C:\Users\Konstantin\Desktop\7-Zip File Manager.lnk
2014-08-05 23:37 - 2014-08-05 23:37 - 01110476 _____ () C:\Users\Konstantin\Downloads\7z920.exe
2014-08-05 23:37 - 2014-08-05 23:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-08-05 23:37 - 2014-08-05 23:37 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-08-05 22:15 - 2014-08-05 22:15 - 00380416 _____ () C:\Users\Konstantin\Downloads\Gmer-19357.exe
2014-08-05 22:14 - 2014-08-05 22:13 - 00041714 _____ () C:\Users\Konstantin\Downloads\Addition.txt
2014-08-05 22:10 - 2014-08-05 22:10 - 02094080 _____ (Farbar) C:\Users\Konstantin\Downloads\FRST64.exe
2014-08-05 22:09 - 2014-08-05 22:09 - 00000000 _____ () C:\Users\Konstantin\defogger_reenable
2014-08-05 22:09 - 2011-06-11 01:18 - 00000000 ____D () C:\Users\Konstantin
2014-08-05 22:07 - 2014-08-05 22:07 - 00050477 _____ () C:\Users\Konstantin\Downloads\Defogger.exe
2014-08-05 21:16 - 2010-11-23 17:17 - 00000000 ____D () C:\Program Files (x86)\Launch Manager
2014-08-05 09:20 - 2011-10-05 14:16 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-04 22:46 - 2014-08-04 22:46 - 00079991 _____ () C:\Users\Konstantin\Downloads\silverlight (2).diagcab
2014-08-04 12:27 - 2014-08-04 12:26 - 13087456 _____ (Microsoft Corporation) C:\Users\Konstantin\Downloads\Silverlight_x64.exe
2014-08-04 11:54 - 2014-06-12 14:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-04 11:54 - 2012-04-26 18:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-04 11:51 - 2011-06-11 01:32 - 00001167 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-04 11:51 - 2011-06-11 01:32 - 00001155 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-08-04 11:48 - 2014-08-04 11:48 - 00244408 _____ () C:\Users\Konstantin\Downloads\Firefox Setup Stub 31.0.exe
2014-08-04 11:16 - 2014-08-04 11:16 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-04 11:16 - 2014-08-04 11:16 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-08-04 11:15 - 2014-08-04 11:14 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Konstantin\Downloads\mbam-setup-2.0.2.1012(1).exe
2014-08-04 00:51 - 2014-08-04 00:50 - 07703550 _____ (Free Lunch Design ) C:\Users\Konstantin\Downloads\icytower151_install(1).exe
2014-08-04 00:36 - 2011-06-29 22:08 - 00000000 ____D () C:\Users\Konstantin\Desktop\Musik
2014-08-03 23:56 - 2010-08-30 11:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer GameZone
2014-08-03 23:56 - 2010-08-30 11:12 - 00000000 ____D () C:\Program Files (x86)\Acer GameZone
2014-08-03 23:54 - 2014-08-03 23:54 - 00079991 _____ () C:\Users\Konstantin\Downloads\silverlight (1).diagcab
2014-08-03 23:38 - 2014-08-03 23:37 - 00079991 _____ () C:\Users\Konstantin\Downloads\silverlight.diagcab
2014-08-01 16:40 - 2014-08-01 16:40 - 00000512 _____ () C:\Users\Konstantin\Downloads\AngemeldetePruefungendb1fead9-92a0-4866-b911-61058a85db4c.txt
2014-08-01 16:40 - 2014-08-01 16:40 - 00000512 _____ () C:\Users\Konstantin\Downloads\AngemeldetePruefungendb1fead9-92a0-4866-b911-61058a85db4c (1).txt
2014-08-01 16:38 - 2013-10-14 14:16 - 00000000 ____D () C:\Users\Konstantin\Desktop\Studium
2014-07-31 23:45 - 2014-07-22 20:22 - 00000000 ____D () C:\Users\Konstantin\AppData\Local\Battle.net
2014-07-31 23:37 - 2014-07-22 20:31 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-07-31 21:48 - 2014-07-31 21:47 - 16781484 _____ (Malwarebytes Corporation ) C:\Users\Konstantin\Downloads\mbam-setup.exe
2014-07-31 21:45 - 2014-07-31 21:45 - 00686464 _____ (Malwarebytes Corporation ) C:\Users\Konstantin\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-31 21:45 - 2014-07-31 21:44 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Konstantin\Downloads\mbam-clean-2.1.1.1001.exe
2014-07-31 21:35 - 2014-07-31 21:31 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Konstantin\Downloads\mbam-setup-2.0.2.1012_CB-DL-Manager [1].exe
2014-07-31 21:29 - 2014-07-31 21:29 - 00787392 _____ ( ) C:\Users\Konstantin\Downloads\mbam-setup-2.0.2.1012_CB-DL-Manager.exe
2014-07-31 20:41 - 2014-05-23 15:49 - 00000000 ____D () C:\Users\Konstantin\AppData\Local\Spotify
2014-07-27 16:01 - 2010-11-24 01:55 - 00654400 _____ () C:\Windows\system32\perfh007.dat
2014-07-27 16:01 - 2010-11-24 01:55 - 00130240 _____ () C:\Windows\system32\perfc007.dat
2014-07-27 16:01 - 2009-07-14 07:13 - 01498742 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-25 22:48 - 2013-12-27 12:04 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-07-25 12:08 - 2014-04-27 22:10 - 00001041 _____ () C:\Users\Konstantin\Desktop\Dropbox.lnk
2014-07-25 12:08 - 2014-04-27 22:05 - 00000000 ____D () C:\Users\Konstantin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-07-24 20:35 - 2014-07-22 20:21 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-07-22 22:03 - 2011-08-07 21:58 - 00000000 ____D () C:\Users\Konstantin\Desktop\Sonstiges
2014-07-22 22:02 - 2014-07-22 22:02 - 00000000 ____D () C:\Users\Konstantin\Desktop\Arbeitsvertrag
2014-07-22 22:00 - 2012-05-30 18:31 - 00000000 ____D () C:\Users\Konstantin\Desktop\Handy
2014-07-22 21:56 - 2014-06-20 15:04 - 00001191 _____ () C:\Users\Public\Desktop\PDF-Viewer.lnk
2014-07-22 21:40 - 2014-07-22 21:40 - 00000000 ____D () C:\Users\Konstantin\AppData\Local\Blizzard
2014-07-22 21:40 - 2014-07-22 20:22 - 00000000 ____D () C:\Users\Konstantin\AppData\Roaming\Battle.net
2014-07-22 20:31 - 2014-07-22 20:31 - 00001163 _____ () C:\Users\Public\Desktop\Hearthstone.lnk
2014-07-22 20:31 - 2014-07-22 20:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2014-07-22 20:22 - 2014-07-22 20:22 - 00000000 ____D () C:\Users\Konstantin\AppData\Local\Blizzard Entertainment
2014-07-22 20:21 - 2014-07-22 20:21 - 00001126 _____ () C:\Users\Public\Desktop\Battle.net.lnk
2014-07-22 20:21 - 2014-07-22 20:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2014-07-22 20:21 - 2014-07-22 20:21 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2014-07-22 20:13 - 2014-07-22 20:13 - 00000000 ____D () C:\ProgramData\Battle.net
2014-07-22 20:13 - 2014-07-22 20:12 - 03099552 _____ (Blizzard Entertainment) C:\Users\Konstantin\Downloads\Hearthstone-Setup-deDE.exe
2014-07-21 20:21 - 2014-07-21 20:21 - 00000000 ____D () C:\Users\Konstantin\Desktop\Simon-Handy-Haftpflicht
2014-07-21 20:17 - 2014-07-21 20:17 - 00000000 ____D () C:\ProgramData\Riot Games
2014-07-16 22:18 - 2011-06-11 02:21 - 00000000 ____D () C:\Users\Konstantin\Tracing
2014-07-16 21:52 - 2014-07-16 21:51 - 00000000 ____D () C:\Users\Konstantin\Desktop\Arbeitspläne
2014-07-10 22:57 - 2014-07-10 22:57 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-10 22:57 - 2013-07-26 20:08 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-10 22:54 - 2013-02-03 14:11 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-10 21:30 - 2012-05-28 12:03 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-10 21:30 - 2012-05-28 12:02 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-10 21:30 - 2011-06-11 01:37 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
Some content of TEMP:
====================
C:\Users\Konstantin\AppData\Local\Temp\avgnt.exe
C:\Users\Konstantin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpw0xwgf.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-08-07 18:18
==================== End Of Log ============================
--- --- --- --- --- --- Hätte nur noch eine Frage, ob du dir mal meine aktiven Tasks ansehen könntest, hatte die am Anfang gepostet, kenne mich da aber nur gering aus. Einfach mal sagen, wie viel unsinniger Kram dabei ist oder wie man sowas leicht ökonomischer gestaltet kann.  Das wäre super, ansonsten bin ich bereits sehr zufrieden  |
|
09.08.2014, 14:33
| #8 | |
| /// the machine /// TB-Ausbilder | Windows 7: Downloads laufen bis 99% und nicht abgeschlossen Java und Adobe updaten. Windows updaten, da fehlt ein Servicepack! Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
11.08.2014, 21:36
| #9 |
| | Windows 7: Downloads laufen bis 99% und nicht abgeschlossen Alles klar! Vielen Dank nochmals, läuft wieder alles super!  Soll ich denn eigentlich die angegebenen Sachen beim ESET noch löschen, oder ist das unwichtig? Ich meinte die ca tausend laufenden Prozesse in dem geposteten Screenshot vom Tastmanager, ob man da so auf Anhieb paar Sachen sieht, die ich beenden oder löschen kann, damit nicht permanent so viel parallel läuft   |
|
12.08.2014, 17:44
| #10 |
| /// the machine /// TB-Ausbilder | Windows 7: Downloads laufen bis 99% und nicht abgeschlossen im aktuellsten Log laufen keine Prozesse die nicht sein sollen Funde von ESET, im DOwnload Ordner, kannste manuell löschen. Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
14.08.2014, 22:30
| #11 |
| | Windows 7: Downloads laufen bis 99% und nicht abgeschlossen Hey, es haben sich jetzt doch noch ein paar kurze Fragen ergeben, zum Einen habe ich Combofix in uninstall.exe umbenannt und gestartet, es ist aber normal durchgelaufen und hat sich nicht entfernt. Hab jetzt mal den Log gespeichert und lad ihn einfach auch mal hoch Kann ich Combofix nicht auch einfach auf dem PC lassen und mit DelFix weitermachen?  Code:
ATTFilter ComboFix 14-08-05.01 - 14.08.2014 22:51:59.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.3767.1953 [GMT 2:00]
ausgeführt von::
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\KONSTA~1\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\users\Konstantin\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-07-14 bis 2014-08-14 ))))))))))))))))))))))))))))))
.
.
2014-08-14 21:02 . 2014-08-14 21:02 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-08-14 21:02 . 2014-08-14 21:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-08-14 19:17 . 2011-05-13 10:16 493056 ----a-w- c:\windows\SysWow64\dhRichClient3.dll
2014-08-14 19:17 . 2011-03-25 18:42 338432 ----a-w- c:\windows\SysWow64\sqlite36_engine.dll
2014-08-14 18:56 . 2014-08-14 18:56 -------- d-----w- c:\windows\system32\SPReview
2014-08-13 21:42 . 2014-08-07 01:52 526848 ----a-w- c:\windows\system32\aepdu.dll
2014-08-13 21:42 . 2014-08-07 01:46 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-08-13 20:46 . 2014-08-13 20:46 -------- d-----w- c:\windows\CheckSur
2014-08-08 14:10 . 2014-08-08 14:17 -------- d-----w- c:\programdata\Package Cache
2014-08-07 10:07 . 2014-08-07 10:07 -------- d-----w- c:\windows\ERUNT
2014-08-07 09:59 . 2014-08-07 10:06 -------- d-----w- C:\AdwCleaner
2014-08-07 09:06 . 2014-08-07 09:06 -------- d-----w- c:\program files\Microsoft Silverlight
2014-08-07 09:06 . 2014-08-07 09:06 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2014-08-05 21:37 . 2014-08-05 21:37 -------- d-----w- c:\program files (x86)\7-Zip
2014-08-05 20:11 . 2014-08-08 23:26 -------- d-----w- C:\FRST
2014-08-04 09:16 . 2014-08-07 09:57 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-04 09:16 . 2014-08-04 09:16 -------- d-----w- c:\program files (x86)\ Malwarebytes Anti-Malware
2014-08-04 09:16 . 2014-08-04 09:16 -------- d-----w- c:\programdata\Malwarebytes
2014-08-04 09:16 . 2014-05-12 05:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-08-04 09:16 . 2014-05-12 05:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-08-04 09:16 . 2014-05-12 05:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-07-22 19:40 . 2014-07-22 19:40 -------- d-----w- c:\users\Konstantin\AppData\Local\Blizzard
2014-07-22 18:31 . 2014-07-31 21:37 -------- d-----w- c:\program files (x86)\Hearthstone
2014-07-22 18:22 . 2014-07-22 18:22 -------- d-----w- c:\users\Konstantin\AppData\Local\Blizzard Entertainment
2014-07-22 18:22 . 2014-07-31 21:45 -------- d-----w- c:\users\Konstantin\AppData\Local\Battle.net
2014-07-22 18:22 . 2014-07-22 19:40 -------- d-----w- c:\users\Konstantin\AppData\Roaming\Battle.net
2014-07-22 18:21 . 2014-07-24 18:35 -------- d-----w- c:\program files (x86)\Battle.net
2014-07-22 18:21 . 2014-07-22 18:31 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment
2014-07-22 18:21 . 2014-07-22 18:21 -------- d-----w- c:\programdata\Blizzard Entertainment
2014-07-22 18:13 . 2014-07-22 18:13 -------- d-----w- c:\programdata\Battle.net
2014-07-21 18:17 . 2014-07-21 18:17 -------- d-----w- c:\programdata\Riot Games
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-14 17:51 . 2013-02-03 12:11 99218768 ----a-w- c:\windows\system32\MRT.exe
2014-08-08 12:03 . 2011-10-10 09:19 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-05 07:20 . 2011-10-05 12:16 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-07-25 20:48 . 2013-12-27 10:04 42040 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2014-07-10 19:30 . 2012-05-28 10:02 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-10 19:30 . 2011-06-10 23:37 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-04 19:33 . 2013-12-27 10:04 117712 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-06-04 14:02 . 2013-12-27 10:04 130584 ----a-w- c:\windows\system32\drivers\avipbb.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Konstantin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Konstantin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Konstantin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Konstantin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Konstantin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Konstantin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Konstantin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Konstantin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:40 120176 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify"="c:\users\Konstantin\AppData\Roaming\Spotify\Spotify.exe" [2014-07-11 6162488]
"Spotify Web Helper"="c:\users\Konstantin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-07-11 1178168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-08-08 751184]
"Avira Systray"="c:\program files (x86)\Avira\My Avira\Avira.OE.Systray.exe" [2014-07-24 190032]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056]
.
c:\users\Konstantin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Konstantin\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-7-21 35464216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"midi2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys;c:\windows\SYSNATIVE\Drivers\AthDfu.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2014-08-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-28 19:30]
.
2014-08-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2828313656-2441848435-2941730167-1001Core.job
- c:\users\Konstantin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-04 20:18]
.
2014-08-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2828313656-2441848435-2941730167-1001UA.job
- c:\users\Konstantin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-04 20:18]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Konstantin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Konstantin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Konstantin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Konstantin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Konstantin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Konstantin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Konstantin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Konstantin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:42 137584 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-05-27 349552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-23 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-23 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-23 415256]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-22 10920552]
"ETDWare"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"PLFSetI"="c:\windows\PLFSetI.exe" [BU]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2010-07-29 594080]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2010-07-29 377504]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-06-11 861216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://acer.msn.com
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Konstantin\AppData\Roaming\Mozilla\Firefox\Profiles\ffpiknsx.default\
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: network.proxy.http - www-proxy.t-online.de
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: !HIDDEN! 2011-07-10 16:01; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
BHO-{41564952-412D-5637-4300-7A786E7484D7} - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2828313656-2441848435-2941730167-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2828313656-2441848435-2941730167-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\users\Konstantin\AppData\Roaming\Dropbox\bin\Dropbox.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-08-14 23:12:01 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2014-08-14 21:12
ComboFix2.txt 2014-08-06 08:54
.
Vor Suchlauf: 20 Verzeichnis(se), 329.041.158.144 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 328.743.669.760 Bytes frei
.
- - End Of File - - AB8A68CE7318C522DC21D283390882D8
 Gruß |
|
15.08.2014, 18:55
| #12 |
| /// the machine /// TB-Ausbilder | Windows 7: Downloads laufen bis 99% und nicht abgeschlossen Den Offline Installer hast du also auch versucht? Was ist die genaue Fehlermeldung? Combofix bite mit dem Befehl /Uninstall entfernen, nicht umbenennen in UNinstall. Wenn das nicht geht nochmal melden
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Windows 7: Downloads laufen bis 99% und nicht abgeschlossen |
| android/addisplay.djoy.a, antivirus, converter, downloadgeschwindigkeit, dvdvideosoft ltd., firefox 31.0, flash player, homepage, iexplore.exe, installation, problem, pup.optional.opencandy, siteadvisor, software, spotify web helper, symantec, taskmanager, tower, tracker, win32/installcore.oz, win32/startpage.oie, win32/toolbar.conduit, win32/toolbar.conduit.ai, windows |
WARNUNG an die MITLESER: 
Linear-Darstellung
