![]() |
|
Log-Analyse und Auswertung: Ungewünschte Umleitung zu bycontext.com nach CHIP.DE-DownloadWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() | #1 |
![]() ![]() | ![]() Ungewünschte Umleitung zu bycontext.com nach CHIP.DE-Download Hallo, ich habe über Chip.de COREL-DRAW Testversion runtergeladen und dabei jede Menge anderer Sachen dazubekommen, die mir das Leben erschweren, ... Leider. Bereits im April/Mai hattet Ihr mir geholfen, und dabei hatte ich MALWAREBYTE runtergeladen. Das lässt sich jetzt zwar noch starten, das Programm macht auch noch was (ohne daß ich es gekauft hatte), aber es stoppt dann irgendwann die weitere Bearbeitung... Könnt Ihr mir bitte helfen? Hier Frst Log: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:10-08-2014 01 Ran by Rainer (administrator) on RAINER-PC on 10-08-2014 22:07:41 Running from C:\Users\Rainer\Downloads Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 8 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (AMD) C:\Windows\System32\atieclxx.exe (Cherished Technololgy LIMITED) C:\ProgramData\IePluginServices\PluginService.exe (Fuyu LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (TOSHIBA) C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe (TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe () C:\Program Files\LPT\srpts.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe () C:\Program Files\LPT\srptsl.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe () C:\Program Files\Deal Keeper\updateDealKeeper.exe () C:\Program Files\Deal Keeper\bin\utilDealKeeper.exe (McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe (McAfee, Inc.) C:\Program Files\Common Files\Mcafee\AMCore\mcshield.exe (McAfee, Inc.) C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (TOSHIBA) C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office\FINDFAST.EXE (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) C:\Windows\System32\conime.exe (Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\Windows\ehome\ehsched.exe (Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\McUICnt.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe () C:\Program Files\Deal Keeper\bin\DealKeeper.PurBrowse.exe () C:\Program Files\Deal Keeper\bin\DealKeeper.BrowserAdapter.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (AMD) C:\Windows\System32\atieclxx.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe () C:\Program Files\Deal Keeper\bin\DealKeeper.BrowserAdapter.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (Smartbar) C:\Users\Rainer\AppData\Local\Smartbar\Application\SafeFinder.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE (Microsoft Corporation) C:\Program Files\Microsoft Office\Office\FINDFAST.EXE (Smart PC Solutions) C:\Program Files\PC Speed Maximizer\SPMSmartScan.exe (Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe (McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\McUICnt.exe (McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (McAfee, Inc.) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\conime.exe () C:\Program Files\LPT\srptm.exe (Farbar) C:\Users\Rainer\Downloads\FRST(1).exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Policies\Explorer: [NoCDBurning] 0 HKU\.DEFAULT\...\Run: [TOSHIBA Online Product Information] => C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe [6158240 2009-03-16] (TOSHIBA) HKU\S-1-5-21-3586509278-78834929-860225448-1000\...\Run: [TOSHIBA Online Product Information] => C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe [6158240 2009-03-16] (TOSHIBA) HKU\S-1-5-21-3586509278-78834929-860225448-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation) HKU\S-1-5-21-3586509278-78834929-860225448-1000\...\Run: [Browser Infrastructure Helper] => C:\Users\Rainer\AppData\Local\Smartbar\Application\SafeFinder.exe [28952 2014-06-25] (Smartbar) HKU\S-1-5-21-3586509278-78834929-860225448-1002\...\Run: [TOSHIBA Online Product Information] => C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe [6158240 2009-03-16] (TOSHIBA) HKU\S-1-5-21-3586509278-78834929-860225448-1002\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [135680 2008-07-03] (Microsoft Corporation) HKU\S-1-5-21-3586509278-78834929-860225448-1002\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.) HKU\S-1-5-21-3586509278-78834929-860225448-1002\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation) HKU\S-1-5-21-3586509278-78834929-860225448-1002\...\MountPoints2: F - F:\LaunchU3.exe -a AppInit_DLLs: C:\PROGRA~1\SupTab\SEARCH~1.DLL => C:\Program Files\SupTab\SearchProtect32.dll [94088 2014-07-17] (Skytech Co., Ltd.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk ShortcutTarget: Audible Download Manager.lnk -> C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (No File) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office Shortcut-Leiste.lnk ShortcutTarget: Microsoft Office Shortcut-Leiste.lnk -> C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE (Microsoft Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft-Indexerstellung.lnk ShortcutTarget: Microsoft-Indexerstellung.lnk -> C:\Program Files\Microsoft Office\Office\FINDFAST.EXE (Microsoft Corporation) Startup: C:\Users\Conny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) Startup: C:\Users\Rainer-User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5HmPjeCV0pmwGMicem0sDkT3n6j6GlftxrCkuyklvKSWb5FcKUYupm-ZugD6xHMCLh1ErzCH6bsspH0TER-eLoz95qulOLHQhlmFnlqRsQDAFB43kHYrJaFSm5_FOEmeo7pYh-ktp4WSsF8CxMJUbQ,,&q={searchTerms} HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sweet-page.com/?type=hp&ts=1405630596&from=cor&uid=TOSHIBAXMK4055GSX_69KOT4VITXX69KOT4VIT HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5HmPjeCV0pmwGMicem0sDkT3n6j6GlftxrCkuyklvKSWb5FcKUYupm-ZugD6xHMCLh1ErzCH6bsspH0TER-eLoz95qulOLHQhlmFnlqRsQDAFB43kHYrJaFSm5_FOEmeo7pYh-ktp4WSsF8CxMJUbQ,,&q={searchTerms} HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1405630596&from=cor&uid=TOSHIBAXMK4055GSX_69KOT4VITXX69KOT4VIT HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sweet-page.com/?type=hp&ts=1405630596&from=cor&uid=TOSHIBAXMK4055GSX_69KOT4VITXX69KOT4VIT HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1405630596&from=cor&uid=TOSHIBAXMK4055GSX_69KOT4VITXX69KOT4VIT HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1405630596&from=cor&uid=TOSHIBAXMK4055GSX_69KOT4VITXX69KOT4VIT&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1405630596&from=cor&uid=TOSHIBAXMK4055GSX_69KOT4VITXX69KOT4VIT&q={searchTerms} SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1405630596&from=cor&uid=TOSHIBAXMK4055GSX_69KOT4VITXX69KOT4VIT&q={searchTerms} SearchScopes: HKLM - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5HmPjeCV0pmwGMicem0sDkT3n6j6GlftxrCkuyklvKSWb5FcKUYupm-ZugD6xHMCLh1ErzCH6bsspH0TER-eLoz95qulOLHQhlmFnlqRsQDAFB43kHYrJaFSm5_FOEmeo7pYh-ktp4WSsF8CxMJUbQ,,&q={searchTerms} SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1405630596&from=cor&uid=TOSHIBAXMK4055GSX_69KOT4VITXX69KOT4VIT&q={searchTerms} SearchScopes: HKLM - {38AEB7B3-42CC-4C33-9290-BEA08B6FE742} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEG; SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1405630596&from=cor&uid=TOSHIBAXMK4055GSX_69KOT4VITXX69KOT4VIT&q={searchTerms} SearchScopes: HKCU - F31624B0AF444080B7F139E05E41A758 URL = hxxp://isearch.avg.com/search?cid={72680FDB-E8CB-437D-AEE8-9F9D0761B89D}&mid=34d71d940f5847d1b30bd16a1c122099-aca251ad60a79a90d151588985182fee0518d1c3&lang=de&ds=tt014&pr=sa&d=2011-12-19 22:25:18&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms} SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5HmPjeCV0pmwGMicem0sDkT3n6j6GlftxrCkuyklvKSWb5FcKUYupm-ZugD6xHMCLh1ErzCH6bsspH0TER-eLoz95qulOLHQhlmFnlqRsQDAFB43kHYrJaFSm5_FOEmeo7pYh-ktp4WSsF8CxMJUbQ,,&q={searchTerms} SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1405630596&from=cor&uid=TOSHIBAXMK4055GSX_69KOT4VITXX69KOT4VIT&q={searchTerms} SearchScopes: HKCU - {38AEB7B3-42CC-4C33-9290-BEA08B6FE742} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEG; BHO: Adobe PDF Reader -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.) BHO: SafeFinder SmartbarEngine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\Windows\system32\mscoree.dll (Microsoft Corporation) BHO: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files\SupTab\SupTab.dll (Thinknice Co. Limited) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) Toolbar: HKLM - SafeFinder Smartbar - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll (Microsoft Corporation) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab DPF: {B07F54E6-0806-47DB-B5D8-398F240776F2} file:///E:/viewer/ORDcmViewCD.ocx DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) Handler: haufereader - No CLSID Value - Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.) Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Rainer\AppData\Roaming\Mozilla\Firefox\Profiles\yztin5xb.default FF NewTab: chrome://quick_start/content/index.html FF DefaultSearchEngine: sweet-page FF SelectedSearchEngine: sweet-page FF Homepage: hxxp://www.sweet-page.com/?type=hp&ts=1405630596&from=cor&uid=TOSHIBAXMK4055GSX_69KOT4VITXX69KOT4VIT FF Keyword.URL: hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5HmPjeCV0pmwGMicem0sDkT3n6j6GlftxrCkuyklvKSWb5FcKUYupm-ZugD6xHMCLh1ErzCH6bsspH0TER-eLoz95qulOLHQhlmFnlqRsQDAFB43kHYrJaFSm5_FOEmeo7pYh-ktp4WSsF8CxMJUbQ,,&q= FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @google.com/npPicasa2,version=2.0.0 -> C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.) FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin: @protectdisc.com/NPMPDRM -> C:\Program Files\Common Files\mpDRM\NPMPDRM.dll ( ) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF user.js: detected! => C:\Users\Rainer\AppData\Roaming\Mozilla\Firefox\Profiles\yztin5xb.default\user.js FF SearchPlugin: C:\Users\Rainer\AppData\Roaming\Mozilla\Firefox\Profiles\yztin5xb.default\searchplugins\SafeFinder Search.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\sweet-page.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Fast Start - C:\Users\Rainer\AppData\Roaming\Mozilla\Firefox\Profiles\yztin5xb.default\Extensions\faststartff@gmail.com [2014-07-17] FF Extension: No Name - C:\Users\Rainer\AppData\Roaming\Mozilla\Firefox\Profiles\yztin5xb.default\Extensions\staged [2014-08-10] FF Extension: SafeFinder Smartbar - C:\Users\Rainer\AppData\Roaming\Mozilla\Firefox\Profiles\yztin5xb.default\Extensions\{72d7ceec-c464-5081-0713-43871ac8b749} [2014-07-17] FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2011-12-15] FF HKLM\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\Rainer\AppData\Roaming\Mozilla\Firefox\Profiles\yztin5xb.default\extensions\faststartff@gmail.com FF HKLM\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2011-12-15] FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] Chrome: ======= CHR HomePage: CHR HKLM\...\Chrome\Extension: [bddpogknpjlgfpbboediomaiiaecfajn] - C:\Program Files\HomeTab\chrome\HomeTab.crx [] CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2011-12-15] CHR HKLM\...\Chrome\Extension: [kfepagcelbegkpkcjgfeecmlnmkedjin] - C:\Program Files\Browser Guard\browserguard.crx [2011-12-15] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S4 AAV UpdateService; C:\Program Files\AAVUpdateManager\aavus.exe [128296 2008-10-24] () R2 camsvc; C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe [20544 2009-04-16] (TOSHIBA) R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [46448 2009-03-10] (TOSHIBA CORPORATION) S4 GameConsoleService; C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe [242424 2009-02-11] (WildTangent, Inc.) R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.) S4 HRService; C:\Program Files\Haufe\iDesk\iDeskService\iDeskService.exe [71024 2010-10-25] () S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed] R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [759688 2014-07-17] (Cherished Technololgy LIMITED) R2 LPTSystemUpdater; C:\Program Files\LPT\srpts.exe [33560 2014-06-25] () R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.) R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [145568 2014-04-25] (McAfee, Inc.) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.) R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.) R2 McNaiAnn; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.) S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [472072 2014-06-12] (McAfee, Inc.) R2 mcpltsvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.) R2 McProxy; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.) R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [655936 2014-06-18] (McAfee, Inc.) R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169800 2014-06-20] (McAfee, Inc.) R2 mfevtp; C:\Windows\system32\mfevtps.exe [179600 2014-06-20] (McAfee, Inc.) R2 MSK80Service; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.) S4 SXDS10; C:\Program Files\Common Files\soft Xpansion\sxds10.exe [234096 2013-10-06] (soft Xpansion) R2 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [62776 2009-04-01] (TOSHIBA Corporation) R2 TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [176128 2009-04-24] (TOSHIBA Corporation) [File not signed] R2 TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [73728 2009-03-17] (TOSHIBA Corporation) [File not signed] R2 TPCHSrv; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [656752 2009-04-15] (TOSHIBA Corporation) S4 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [1529656 2013-12-11] (TuneUp Software) R2 Update Deal Keeper; C:\Program Files\Deal Keeper\updateDealKeeper.exe [323320 2014-08-10] () R2 Util Deal Keeper; C:\Program Files\Deal Keeper\bin\utilDealKeeper.exe [323320 2014-08-10] () R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [535936 2014-07-17] (Fuyu LIMITED) S2 APNMCP; "C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 acedrv10; C:\Windows\system32\drivers\acedrv10.sys [330144 2007-07-27] (Protect Software GmbH) R2 acedrv11; C:\Windows\system32\drivers\acedrv11.sys [185472 2010-02-24] (Protect Software GmbH) R2 acehlp10; C:\Windows\system32\drivers\acehlp10.sys [251680 2007-07-27] (Protect Software GmbH) R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [62832 2014-06-20] (McAfee, Inc.) S3 FTD2XX; C:\Windows\System32\Drivers\FTD2XX.sys [29292 2004-10-15] (FTDI Ltd.) [File not signed] S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [60104 2011-01-24] (FTDI Ltd.) S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [147912 2013-09-23] (McAfee, Inc.) R0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [25896 2008-05-07] (COMPAL ELECTRONIC INC.) S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-08-05] (Malwarebytes Corporation) R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [135968 2014-06-20] (McAfee, Inc.) R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [238176 2014-06-20] (McAfee, Inc.) S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [67816 2014-06-20] (McAfee, Inc.) R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [369248 2014-06-20] (McAfee, Inc.) R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [576048 2014-06-20] (McAfee, Inc.) R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [349192 2014-06-18] (McAfee, Inc.) S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [81296 2014-06-18] (McAfee, Inc.) R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [217224 2014-06-20] (McAfee, Inc.) R3 PGEffect; C:\Windows\System32\DRIVERS\pgeffect.sys [22272 2009-03-18] (TOSHIBA Corporation) R3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [154272 2008-11-11] (Realtek Semiconductor Corp.) R1 RtlProt; C:\Windows\System32\DRIVERS\rtlprot.sys [25896 2007-04-23] (Windows (R) Codename Longhorn DDK provider) S3 SAFAUSB; C:\Windows\System32\Drivers\VocTrace.sys [16035 2003-12-19] (Windows (R) 2000 DDK provider) S3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [10064 2011-12-12] (TuneUp Software) R2 TVALZFL; C:\Windows\System32\DRIVERS\TVALZFL.sys [12920 2009-03-21] (TOSHIBA Corporation) R1 {55dce8ba-9dec-4013-937e-adbf9317d990}Gt; C:\Windows\System32\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}Gt.sys [55232 2014-07-18] (StdLib) R1 {55dce8ba-9dec-4013-937e-adbf9317d990}t; C:\Windows\System32\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}t.sys [55232 2014-07-17] (StdLib) U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation) S4 avgtp; \??\C:\Windows\system32\drivers\avgtpx86.sys [X] S3 catchme; \??\C:\Users\Rainer\AppData\Local\Temp\catchme.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-10 22:03 - 2014-08-10 22:08 - 00037192 _____ () C:\Users\Rainer\Downloads\FRST.txt 2014-08-10 22:02 - 2014-08-10 22:02 - 01091072 _____ (Farbar) C:\Users\Rainer\Downloads\FRST(1).exe 2014-08-10 22:01 - 2014-08-10 22:01 - 00000474 _____ () C:\Users\Rainer\Downloads\defogger_disable.log 2014-08-10 22:01 - 2014-08-10 22:01 - 00000000 _____ () C:\Users\Rainer\defogger_reenable 2014-08-10 22:00 - 2014-08-10 22:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee 2014-08-10 21:59 - 2014-08-10 21:59 - 00050477 _____ () C:\Users\Rainer\Downloads\Defogger.exe 2014-08-07 22:57 - 2014-08-07 22:57 - 00761344 _____ () C:\Users\Rainer-User\Downloads\E1408.xls 2014-07-30 15:23 - 2014-07-30 15:24 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-07-26 11:46 - 2014-07-26 11:47 - 11332468 _____ () C:\Users\Rainer-User\Downloads\MA-2011-000179.tif 2014-07-26 11:46 - 2014-07-26 11:46 - 10376070 _____ () C:\Users\Rainer-User\Downloads\MA-2011-000180.tif 2014-07-26 11:46 - 2014-07-26 11:46 - 09944148 _____ () C:\Users\Rainer-User\Downloads\MA-2011-000187.tif 2014-07-26 11:45 - 2014-07-26 11:45 - 08258510 _____ () C:\Users\Rainer-User\Downloads\MA-2011-000188.tif 2014-07-26 11:45 - 2014-07-26 11:45 - 08216188 _____ () C:\Users\Rainer-User\Downloads\MA-2011-000190.tif 2014-07-26 11:44 - 2014-07-26 11:45 - 09557174 _____ () C:\Users\Rainer-User\Downloads\MA-2011-000191.tif 2014-07-26 11:44 - 2014-07-26 11:44 - 09139028 _____ () C:\Users\Rainer-User\Downloads\MA-2011-000192.tif 2014-07-26 11:43 - 2014-07-26 11:44 - 03325696 _____ () C:\Users\Rainer-User\Downloads\MA-2011-000351.tif 2014-07-25 21:40 - 2014-07-25 21:40 - 08877224 _____ () C:\Users\Rainer-User\Downloads\MA-2011-009108.tif 2014-07-25 21:40 - 2014-07-25 21:40 - 08108152 _____ () C:\Users\Rainer-User\Downloads\MA-2011-003547.tif 2014-07-25 21:40 - 2014-07-25 21:40 - 07543598 _____ () C:\Users\Rainer-User\Downloads\MA-2011-009141.tif 2014-07-23 09:38 - 2014-07-23 09:39 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 2014-07-23 09:38 - 2014-07-23 09:39 - 00000000 ____D () C:\Program Files\iTunes 2014-07-23 09:38 - 2014-07-23 09:38 - 00000000 ____D () C:\Program Files\iPod 2014-07-23 09:32 - 2014-07-23 09:32 - 00000000 ____D () C:\Program Files\Bonjour 2014-07-20 20:01 - 2014-07-20 20:01 - 00000000 ____D () C:\ProgramData\Riot Games 2014-07-20 18:14 - 2014-07-20 18:14 - 00455538 _____ () C:\Users\Rainer-User\Downloads\Bienenplakat.pptx 2014-07-20 15:19 - 2014-07-20 15:19 - 00000000 ____D () C:\Users\Conny\AppData\Roaming\Opera Software 2014-07-20 15:19 - 2014-07-20 15:19 - 00000000 ____D () C:\Users\Conny\AppData\Local\Opera Software 2014-07-20 13:23 - 2014-07-17 16:33 - 00055232 _____ (StdLib) C:\Windows\system32\Drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}t.sys 2014-07-18 20:56 - 2014-07-18 06:01 - 00055232 _____ (StdLib) C:\Windows\system32\Drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}Gt.sys 2014-07-18 20:51 - 2014-07-18 20:51 - 00000000 ____D () C:\Users\Conny\AppData\Roaming\Systweak 2014-07-17 23:03 - 2014-07-21 00:27 - 00000000 ____D () C:\Users\Rainer-User\Documents\Corel 2014-07-17 23:02 - 2014-07-17 23:03 - 00000000 ____D () C:\ProgramData\Protexis 2014-07-17 22:57 - 2014-07-23 08:59 - 00000000 ____D () C:\Program Files\Deal Keeper 2014-07-17 22:57 - 2014-07-17 22:58 - 00000000 ____D () C:\ProgramData\IePluginServices 2014-07-17 22:57 - 2014-07-17 22:58 - 00000000 ____D () C:\Program Files\SupTab 2014-07-17 22:57 - 2014-07-17 22:57 - 00000000 ____D () C:\Users\Rainer\AppData\Roaming\sweet-page 2014-07-17 22:57 - 2014-07-17 22:57 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect 2014-07-17 22:55 - 2014-07-20 15:21 - 00000000 ____D () C:\Users\Rainer\AppData\Roaming\Systweak 2014-07-17 22:55 - 2014-07-16 17:49 - 00018280 _____ () C:\Windows\system32\roboot.exe 2014-07-17 22:52 - 2014-07-17 23:02 - 00000000 ____D () C:\Users\Rainer-User\AppData\Roaming\Corel 2014-07-17 21:45 - 2014-07-17 21:45 - 00000000 ____D () C:\Users\Rainer\Documents\Visual Studio 2008 2014-07-17 21:45 - 2014-07-17 21:45 - 00000000 ____D () C:\Users\Rainer\Documents\Corel 2014-07-17 21:44 - 2014-07-17 21:44 - 00000000 ____D () C:\Users\Rainer\AppData\Local\Microsoft Help 2014-07-17 21:42 - 2014-07-17 21:48 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 9.0 2014-07-17 21:42 - 2014-07-17 21:42 - 00000000 ____D () C:\Program Files\Microsoft SDKs 2014-07-17 21:38 - 2014-07-17 21:38 - 00000000 ____D () C:\Program Files\Common Files\Corel 2014-07-17 21:37 - 2014-07-17 21:37 - 00000000 ____D () C:\ProgramData\Corel 2014-07-17 21:37 - 2014-07-17 21:37 - 00000000 ____D () C:\Program Files\Common Files\Protexis 2014-07-17 21:31 - 2014-07-17 21:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X5 2014-07-17 21:30 - 2014-07-17 21:30 - 00000000 ____D () C:\Program Files\Corel 2014-07-17 21:27 - 2014-07-17 21:51 - 00000000 ____D () C:\ProgramData\CorelDRAW Graphics Suite X5 2014-07-17 21:27 - 2014-07-17 21:27 - 00000000 ____D () C:\Users\Rainer\Documents\PC Speed Maximizer 2014-07-17 21:27 - 2014-07-17 21:27 - 00000000 ____D () C:\Users\Rainer\AppData\Roaming\PC Speed Maximizer 2014-07-17 21:27 - 2014-07-17 21:27 - 00000000 ____D () C:\Users\Rainer\AppData\Roaming\Opera Software 2014-07-17 21:27 - 2014-07-17 21:27 - 00000000 ____D () C:\Users\Rainer\AppData\Local\Opera Software 2014-07-17 21:26 - 2014-08-06 11:07 - 00000000 ____D () C:\Program Files\Opera 2014-07-17 21:26 - 2014-07-17 21:26 - 00000808 _____ () C:\Users\Public\Desktop\Opera.lnk 2014-07-17 21:26 - 2014-07-17 21:26 - 00000808 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk 2014-07-17 21:25 - 2014-07-17 22:58 - 875606016 _____ (Acresso Software Inc. ) C:\Users\Rainer\Downloads\CorelDRAWGraphicsSuiteX5Installer_DE [1].exe 2014-07-17 21:25 - 2014-07-17 21:25 - 00000000 ____D () C:\Program Files\LPT 2014-07-17 21:24 - 2014-07-17 21:24 - 00002181 _____ () C:\Users\Rainer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk 2014-07-17 21:24 - 2014-07-17 21:24 - 00002151 _____ () C:\Users\Rainer\Desktop\Search.lnk 2014-07-17 21:24 - 2014-07-17 21:24 - 00000000 ____D () C:\Users\Rainer\AppData\Local\Smartbar 2014-07-17 21:24 - 2014-07-17 21:24 - 00000000 ____D () C:\Users\Rainer\AppData\Local\LPT 2014-07-17 21:22 - 2014-07-17 21:22 - 00000919 _____ () C:\Users\Rainer\Desktop\PC Speed Maximizer.lnk 2014-07-17 21:22 - 2014-07-17 21:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speed Maximizer 2014-07-17 21:22 - 2014-07-17 21:22 - 00000000 ____D () C:\Program Files\PC Speed Maximizer 2014-07-17 21:20 - 2014-07-17 21:21 - 00756224 _____ ( ) C:\Users\Rainer-User\Downloads\CorelDRAWGraphicsSuiteX5Installer_DE.exe 2014-07-17 21:15 - 2014-07-17 21:17 - 00000000 ____D () C:\ProgramData\CorelDRAW Graphics Suite X7 2014-07-17 21:12 - 2014-07-17 21:14 - 489408088 _____ (Acresso Software Inc. ) C:\Users\Rainer-User\Downloads\CorelDRAWGraphicsSuiteX7Installer_DE32Bit.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-10 22:08 - 2014-08-10 22:03 - 00037192 _____ () C:\Users\Rainer\Downloads\FRST.txt 2014-08-10 22:08 - 2013-11-11 00:10 - 00000000 ____D () C:\FRST 2014-08-10 22:02 - 2014-08-10 22:02 - 01091072 _____ (Farbar) C:\Users\Rainer\Downloads\FRST(1).exe 2014-08-10 22:01 - 2014-08-10 22:01 - 00000474 _____ () C:\Users\Rainer\Downloads\defogger_disable.log 2014-08-10 22:01 - 2014-08-10 22:01 - 00000000 _____ () C:\Users\Rainer\defogger_reenable 2014-08-10 22:01 - 2010-08-29 23:01 - 00000000 ____D () C:\Users\Rainer 2014-08-10 22:00 - 2014-08-10 22:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee 2014-08-10 22:00 - 2013-02-20 08:55 - 00001756 _____ () C:\Users\Public\Desktop\McAfee Internet Security.lnk 2014-08-10 21:59 - 2014-08-10 21:59 - 00050477 _____ () C:\Users\Rainer\Downloads\Defogger.exe 2014-08-10 21:58 - 2008-02-24 09:46 - 01978074 _____ () C:\Windows\WindowsUpdate.log 2014-08-10 21:55 - 2014-06-22 14:29 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf8e15a8ab2474.job 2014-08-10 21:44 - 2006-11-02 12:23 - 00000462 _____ () C:\Windows\win.ini 2014-08-10 21:39 - 2012-04-04 21:24 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-08-10 21:39 - 2011-12-02 22:18 - 00000000 ___RD () C:\Users\Public\Recorded TV 2014-08-10 21:36 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-08-10 21:36 - 2006-11-02 14:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-08-10 21:36 - 2006-11-02 14:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-08-10 13:01 - 2006-11-02 15:01 - 00032530 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-08-10 12:34 - 2011-09-26 23:43 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-08-07 23:13 - 2010-11-14 21:59 - 00000000 ____D () C:\Users\Rainer-User\AppData\Roaming\Skype 2014-08-07 22:57 - 2014-08-07 22:57 - 00761344 _____ () C:\Users\Rainer-User\Downloads\E1408.xls 2014-08-06 16:55 - 2010-11-17 08:51 - 00000000 ____D () C:\Users\Conny\AppData\Roaming\Skype 2014-08-06 11:07 - 2014-07-17 21:26 - 00000000 ____D () C:\Program Files\Opera 2014-08-05 21:49 - 2008-01-21 04:47 - 00972448 _____ () C:\Windows\PFRO.log 2014-08-05 07:49 - 2014-04-28 22:25 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-04 23:44 - 2014-04-28 22:25 - 00000904 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-08-04 23:44 - 2014-04-28 22:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-08-04 23:44 - 2014-04-28 22:25 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-08-04 23:42 - 2010-08-29 22:04 - 00082968 _____ () C:\Users\Rainer\AppData\Local\GDIPFONTCACHEV1.DAT 2014-08-04 22:21 - 2011-11-20 21:37 - 00000020 ____H () C:\ProgramData\PKP_DLdw.DAT 2014-08-04 22:21 - 2011-11-20 21:35 - 00000020 ____H () C:\ProgramData\PKP_DLdu.DAT 2014-07-31 11:34 - 2011-11-26 10:09 - 00000000 ____D () C:\Users\Felix\AppData\Roaming\Skype 2014-07-31 11:29 - 2014-05-07 23:06 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-07-30 15:24 - 2014-07-30 15:23 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-07-26 11:47 - 2014-07-26 11:46 - 11332468 _____ () C:\Users\Rainer-User\Downloads\MA-2011-000179.tif 2014-07-26 11:46 - 2014-07-26 11:46 - 10376070 _____ () C:\Users\Rainer-User\Downloads\MA-2011-000180.tif 2014-07-26 11:46 - 2014-07-26 11:46 - 09944148 _____ () C:\Users\Rainer-User\Downloads\MA-2011-000187.tif 2014-07-26 11:45 - 2014-07-26 11:45 - 08258510 _____ () C:\Users\Rainer-User\Downloads\MA-2011-000188.tif 2014-07-26 11:45 - 2014-07-26 11:45 - 08216188 _____ () C:\Users\Rainer-User\Downloads\MA-2011-000190.tif 2014-07-26 11:45 - 2014-07-26 11:44 - 09557174 _____ () C:\Users\Rainer-User\Downloads\MA-2011-000191.tif 2014-07-26 11:44 - 2014-07-26 11:44 - 09139028 _____ () C:\Users\Rainer-User\Downloads\MA-2011-000192.tif 2014-07-26 11:44 - 2014-07-26 11:43 - 03325696 _____ () C:\Users\Rainer-User\Downloads\MA-2011-000351.tif 2014-07-25 21:50 - 2011-12-15 01:57 - 00000000 ____D () C:\Program Files\Common Files\Mcafee 2014-07-25 21:40 - 2014-07-25 21:40 - 08877224 _____ () C:\Users\Rainer-User\Downloads\MA-2011-009108.tif 2014-07-25 21:40 - 2014-07-25 21:40 - 08108152 _____ () C:\Users\Rainer-User\Downloads\MA-2011-003547.tif 2014-07-25 21:40 - 2014-07-25 21:40 - 07543598 _____ () C:\Users\Rainer-User\Downloads\MA-2011-009141.tif 2014-07-23 09:39 - 2014-07-23 09:38 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 2014-07-23 09:39 - 2014-07-23 09:38 - 00000000 ____D () C:\Program Files\iTunes 2014-07-23 09:38 - 2014-07-23 09:38 - 00000000 ____D () C:\Program Files\iPod 2014-07-23 09:38 - 2011-08-09 23:12 - 00000000 ____D () C:\Program Files\Common Files\Apple 2014-07-23 09:32 - 2014-07-23 09:32 - 00000000 ____D () C:\Program Files\Bonjour 2014-07-23 08:59 - 2014-07-17 22:57 - 00000000 ____D () C:\Program Files\Deal Keeper 2014-07-21 21:11 - 2008-01-21 09:16 - 01626604 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-07-21 00:27 - 2014-07-17 23:03 - 00000000 ____D () C:\Users\Rainer-User\Documents\Corel 2014-07-20 22:34 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-07-20 20:01 - 2014-07-20 20:01 - 00000000 ____D () C:\ProgramData\Riot Games 2014-07-20 18:54 - 2010-09-18 16:08 - 00082968 _____ () C:\Users\Felix\AppData\Local\GDIPFONTCACHEV1.DAT 2014-07-20 18:14 - 2014-07-20 18:14 - 00455538 _____ () C:\Users\Rainer-User\Downloads\Bienenplakat.pptx 2014-07-20 15:21 - 2014-07-17 22:55 - 00000000 ____D () C:\Users\Rainer\AppData\Roaming\Systweak 2014-07-20 15:19 - 2014-07-20 15:19 - 00000000 ____D () C:\Users\Conny\AppData\Roaming\Opera Software 2014-07-20 15:19 - 2014-07-20 15:19 - 00000000 ____D () C:\Users\Conny\AppData\Local\Opera Software 2014-07-18 20:52 - 2010-08-30 08:29 - 00082968 _____ () C:\Users\Conny\AppData\Local\GDIPFONTCACHEV1.DAT 2014-07-18 20:51 - 2014-07-18 20:51 - 00000000 ____D () C:\Users\Conny\AppData\Roaming\Systweak 2014-07-18 20:50 - 2006-11-02 14:47 - 00323320 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-07-18 06:01 - 2014-07-18 20:56 - 00055232 _____ (StdLib) C:\Windows\system32\Drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}Gt.sys 2014-07-17 23:03 - 2014-07-17 23:02 - 00000000 ____D () C:\ProgramData\Protexis 2014-07-17 23:02 - 2014-07-17 22:52 - 00000000 ____D () C:\Users\Rainer-User\AppData\Roaming\Corel 2014-07-17 23:02 - 2010-08-29 22:27 - 00082968 _____ () C:\Users\Rainer-User\AppData\Local\GDIPFONTCACHEV1.DAT 2014-07-17 22:58 - 2014-07-17 22:57 - 00000000 ____D () C:\ProgramData\IePluginServices 2014-07-17 22:58 - 2014-07-17 22:57 - 00000000 ____D () C:\Program Files\SupTab 2014-07-17 22:58 - 2014-07-17 21:25 - 875606016 _____ (Acresso Software Inc. ) C:\Users\Rainer\Downloads\CorelDRAWGraphicsSuiteX5Installer_DE [1].exe 2014-07-17 22:57 - 2014-07-17 22:57 - 00000000 ____D () C:\Users\Rainer\AppData\Roaming\sweet-page 2014-07-17 22:57 - 2014-07-17 22:57 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect 2014-07-17 21:51 - 2014-07-17 21:27 - 00000000 ____D () C:\ProgramData\CorelDRAW Graphics Suite X5 2014-07-17 21:48 - 2014-07-17 21:42 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 9.0 2014-07-17 21:48 - 2009-06-09 11:35 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-07-17 21:45 - 2014-07-17 21:45 - 00000000 ____D () C:\Users\Rainer\Documents\Visual Studio 2008 2014-07-17 21:45 - 2014-07-17 21:45 - 00000000 ____D () C:\Users\Rainer\Documents\Corel 2014-07-17 21:44 - 2014-07-17 21:44 - 00000000 ____D () C:\Users\Rainer\AppData\Local\Microsoft Help 2014-07-17 21:43 - 2006-11-02 13:18 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared 2014-07-17 21:42 - 2014-07-17 21:42 - 00000000 ____D () C:\Program Files\Microsoft SDKs 2014-07-17 21:38 - 2014-07-17 21:38 - 00000000 ____D () C:\Program Files\Common Files\Corel 2014-07-17 21:38 - 2014-07-17 21:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X5 2014-07-17 21:37 - 2014-07-17 21:37 - 00000000 ____D () C:\ProgramData\Corel 2014-07-17 21:37 - 2014-07-17 21:37 - 00000000 ____D () C:\Program Files\Common Files\Protexis 2014-07-17 21:30 - 2014-07-17 21:30 - 00000000 ____D () C:\Program Files\Corel 2014-07-17 21:27 - 2014-07-17 21:27 - 00000000 ____D () C:\Users\Rainer\Documents\PC Speed Maximizer 2014-07-17 21:27 - 2014-07-17 21:27 - 00000000 ____D () C:\Users\Rainer\AppData\Roaming\PC Speed Maximizer 2014-07-17 21:27 - 2014-07-17 21:27 - 00000000 ____D () C:\Users\Rainer\AppData\Roaming\Opera Software 2014-07-17 21:27 - 2014-07-17 21:27 - 00000000 ____D () C:\Users\Rainer\AppData\Local\Opera Software 2014-07-17 21:26 - 2014-07-17 21:26 - 00000808 _____ () C:\Users\Public\Desktop\Opera.lnk 2014-07-17 21:26 - 2014-07-17 21:26 - 00000808 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk 2014-07-17 21:25 - 2014-07-17 21:25 - 00000000 ____D () C:\Program Files\LPT 2014-07-17 21:24 - 2014-07-17 21:24 - 00002181 _____ () C:\Users\Rainer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk 2014-07-17 21:24 - 2014-07-17 21:24 - 00002151 _____ () C:\Users\Rainer\Desktop\Search.lnk 2014-07-17 21:24 - 2014-07-17 21:24 - 00000000 ____D () C:\Users\Rainer\AppData\Local\Smartbar 2014-07-17 21:24 - 2014-07-17 21:24 - 00000000 ____D () C:\Users\Rainer\AppData\Local\LPT 2014-07-17 21:22 - 2014-07-17 21:22 - 00000919 _____ () C:\Users\Rainer\Desktop\PC Speed Maximizer.lnk 2014-07-17 21:22 - 2014-07-17 21:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speed Maximizer 2014-07-17 21:22 - 2014-07-17 21:22 - 00000000 ____D () C:\Program Files\PC Speed Maximizer 2014-07-17 21:21 - 2014-07-17 21:20 - 00756224 _____ ( ) C:\Users\Rainer-User\Downloads\CorelDRAWGraphicsSuiteX5Installer_DE.exe 2014-07-17 21:17 - 2014-07-17 21:15 - 00000000 ____D () C:\ProgramData\CorelDRAW Graphics Suite X7 2014-07-17 21:14 - 2014-07-17 21:12 - 489408088 _____ (Acresso Software Inc. ) C:\Users\Rainer-User\Downloads\CorelDRAWGraphicsSuiteX7Installer_DE32Bit.exe 2014-07-17 17:33 - 2011-11-24 17:13 - 00000000 ____D () C:\Users\Marie-Sophie\AppData\Roaming\Skype 2014-07-17 16:33 - 2014-07-20 13:23 - 00055232 _____ (StdLib) C:\Windows\system32\Drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}t.sys 2014-07-16 17:49 - 2014-07-17 22:55 - 00018280 _____ () C:\Windows\system32\roboot.exe 2014-07-12 09:11 - 2012-04-04 21:24 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-07-12 09:11 - 2011-06-01 22:29 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-07-11 16:52 - 2006-11-02 14:37 - 00000000 ____D () C:\Program Files\Windows Journal 2014-07-11 16:42 - 2013-08-07 12:11 - 00000000 ____D () C:\Windows\system32\MRT 2014-07-11 16:35 - 2006-11-02 12:24 - 93585272 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe Some content of TEMP: ==================== C:\Users\Rainer\AppData\Local\temp\APNSetup.exe C:\Users\Rainer\AppData\Local\temp\AudibleDM_iTunesSetup(2).exe C:\Users\Rainer\AppData\Local\temp\g2bacafe.dll C:\Users\Rainer\AppData\Local\temp\h-dwhgph.dll C:\Users\Rainer\AppData\Local\temp\ivy7kdfr.dll C:\Users\Rainer\AppData\Local\temp\j6prhjk4.dll C:\Users\Rainer\AppData\Local\temp\jre-7u55-windows-i586-iftw.exe C:\Users\Rainer\AppData\Local\temp\mebma8zd.dll C:\Users\Rainer\AppData\Local\temp\qivaiijj.dll C:\Users\Rainer\AppData\Local\temp\Quarantine.exe C:\Users\Rainer\AppData\Local\temp\ww_8aipr.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-08-10 21:46 ==================== End Of Log ============================ Hier Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version:10-08-2014 01 Ran by Rainer at 2014-08-10 22:09:18 Running from C:\Users\Rainer\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892} AS: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) AAVUpdateManager (HKLM\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH) Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation) Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.9.0.1030 - Adobe Systems Incorporated) Adobe AIR (Version: 3.9.0.1030 - Adobe Systems Incorporated) Hidden Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated) Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated) Adobe Reader X (10.1.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated) Apple Application Support (HKLM\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{941B4CE7-3F5D-443E-A8B7-56A420D2EAFD}) (Version: 7.1.2.6 - Apple Inc.) Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) ArcSoft PhotoBase 3 (HKLM\...\{C1D14C0D-FDAA-4DF2-8441-A902805CCE8C}) (Version: - ) ArcSoft PhotoStudio 5 (HKLM\...\{03F1CC67-5BD8-4C36-8394-76311B2AE69A}) (Version: - ) Ask Toolbar (HKLM\...\{4F524A2D-5637-4300-76A7-A758B70C0F01}) (Version: 12.15.1.16 - APN, LLC) <==== ATTENTION ATI Catalyst Install Manager (HKLM\...\{4324E4DD-C67C-A413-5C12-5DC694A99AF6}) (Version: 3.0.723.0 - ATI Technologies, Inc.) Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.) Browser Guard (HKLM\...\Browser Guard) (Version: - ) Buzzdock (HKLM\...\{ac225167-00fc-452d-94c5-bb93600e7d9a}) (Version: - Alactro LLC) <==== ATTENTION Caminos neu A1 Vokabeltrainer (HKLM\...\de.klett.vokabeltrainer.caminosneua1.CE0E3A60A72FE7E3EB57F417A8115A03D988FEF4.1) (Version: 1.1 - Ernst Klett Sprachen GmbH) Caminos neu A1 Vokabeltrainer (Version: 1.1 - Ernst Klett Sprachen GmbH) Hidden Catalyst Control Center - Branding (Version: 1.00.0000 - ATI) Hidden Catalyst Control Center Core Implementation (Version: 2009.0421.2132.36832 - ATI) Hidden Catalyst Control Center Graphics Full Existing (Version: 2009.0421.2132.36832 - ATI) Hidden Catalyst Control Center Graphics Full New (Version: 2009.0421.2132.36832 - ATI) Hidden Catalyst Control Center Graphics Light (Version: 2009.0421.2132.36832 - ATI) Hidden Catalyst Control Center Graphics Previews Vista (Version: 2009.0421.2132.36832 - ATI) Hidden Catalyst Control Center InstallProxy (Version: 2009.0421.2132.36832 - ATI Technologies, Inc.) Hidden Catalyst Control Center Localization All (Version: 2009.0421.2132.36832 - ATI) Hidden CCC Help Chinese Standard (Version: 2009.0421.2131.36832 - ATI) Hidden CCC Help Chinese Traditional (Version: 2009.0421.2131.36832 - ATI) Hidden CCC Help Czech (Version: 2009.0421.2131.36832 - ATI) Hidden CCC Help Danish (Version: 2009.0421.2131.36832 - ATI) Hidden CCC Help Dutch (Version: 2009.0421.2131.36832 - ATI) Hidden CCC Help English (Version: 2009.0421.2131.36832 - ATI) Hidden CCC Help Finnish (Version: 2009.0421.2131.36832 - ATI) Hidden CCC Help French (Version: 2009.0421.2131.36832 - ATI) Hidden CCC Help German (Version: 2009.0421.2131.36832 - ATI) Hidden CCC Help Greek (Version: 2009.0421.2131.36832 - ATI) Hidden CCC Help Hungarian (Version: 2009.0421.2131.36832 - ATI) Hidden CCC Help Italian (Version: 2009.0421.2131.36832 - ATI) Hidden CCC Help Japanese (Version: 2009.0421.2131.36832 - ATI) Hidden CCC Help Korean (Version: 2009.0421.2131.36832 - ATI) Hidden CCC Help Norwegian (Version: 2009.0421.2131.36832 - ATI) Hidden CCC Help Polish (Version: 2009.0421.2131.36832 - ATI) Hidden CCC Help Portuguese (Version: 2009.0421.2131.36832 - ATI) Hidden CCC Help Russian (Version: 2009.0421.2131.36832 - ATI) Hidden CCC Help Spanish (Version: 2009.0421.2131.36832 - ATI) Hidden CCC Help Swedish (Version: 2009.0421.2131.36832 - ATI) Hidden CCC Help Thai (Version: 2009.0421.2131.36832 - ATI) Hidden CCC Help Turkish (Version: 2009.0421.2131.36832 - ATI) Hidden ccc-core-static (Version: 2009.0421.2132.36832 - Ihr Firmenname) Hidden ccc-utility (Version: 2009.0421.2132.36832 - ATI) Hidden Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) ConvertHelper 2.2 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version: - DownloadHelper) Corel Graphics - Windows Shell Extension (HKLM\...\_{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}) (Version: 15.2.0.686 - Corel Corporation) Corel Graphics - Windows Shell Extension (Version: 15.2.686 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Capture (Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Common (Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Connect (Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Custom Data (Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - DE (Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Draw (Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Filters (Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - FontNav (Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - IPM (Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - PHOTO-PAINT (Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Photozoom Plugin (Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Redist (Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Setup Files (Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - VBA (Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - VideoBrowser (Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - VSTA (Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - WT (Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 (Version: 15.3 - Corel Corporation) Hidden CorelDRAW(R) Graphics Suite X5 (HKLM\...\_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}) (Version: 15.2.0.686 - Corel Corporation) Deal Keeper (HKLM\...\Deal Keeper) (Version: 2014.07.17.190627 - Deal Keeper) <==== ATTENTION Die Sims™ 3 (HKLM\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.42.130 - Electronic Arts) Die Sims™ 3 Einfach tierisch (HKLM\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts) Die Sims™ 3 Jahreszeiten (HKLM\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts) Die Sims™ 3 Luxus-Accessoires (HKLM\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.0.38 - Electronic Arts) Die Sims™ 3 Stadt-Accessoires (HKLM\...\{7B11296A-F894-449C-8DF6-6AAAA7D4D118}) (Version: 9.0.73 - Electronic Arts) dm Digi Foto (HKLM\...\dm Digi Foto) (Version: 2.3.0.93 - Imaxel Lab S.L) dm-Fotowelt (HKLM\...\dm-Fotowelt) (Version: 5.1.2 - CEWE COLOR AG u Co. OHG) Dr Kawashima (HKCU\...\DrKawashima) (Version: 1.0 - ) EG21 Vokabelkartei interaktiv 3 (HKLM\...\{D14B5875-A7FB-4169-BE5B-C9003A5C71AC}) (Version: 1.00.0000 - Cornelsen Verlag GmbH) ElsterFormular-Upgrade (HKLM\...\ElsterFormular 12.3.2.6814k) (Version: 14.3.11574 - Landesfinanzdirektion Thüringen) F-Editor (HKLM\...\{2A8AEFF7-E7DA-4440-979A-2AB137BE185C}_is1) (Version: 1.03 - Technische Alternative) File Uploader (HKLM\...\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}) (Version: 1.2.0 - Nikon) FOTOParadies (HKLM\...\{1CEA14B0-9E95-43FC-8D79-C81D20052375}}_is1) (Version: 3.1.10.253 - Foto Online Service GmbH) FOTOParadies (HKLM\...\{FD838798-E2CB-45FA-AF79-6011519031E2}}_is1) (Version: 3.5.7.1 - Foto Online Service GmbH) Free Audio CD Burner version 1.4 (HKLM\...\Free Audio CD Burner_is1) (Version: - DVDVideoSoft Limited.) Free YouTube to MP3 Converter version 3.10.15.1228 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: - DVDVideoSoft Ltd.) FTDI FTD2XX USB Drivers (HKLM\...\FTD2XX) (Version: - ) Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden Haufe iDesk-Browser (HKLM\...\{0F32914F-A633-4516-B531-7084C8F19F93}) (Version: 10.10.14.0000 - Haufe-Lexware GmbH & Co. KG) Haufe iDesk-Service (HKLM\...\{27F10580-E040-11DF-8C28-005056B12123}) (Version: 10.10.25.7810 - Haufe) Hotfix für Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789) (HKLM\...\{8E87B944-4815-3C5E-947F-5035C9F64362}.KB947789) (Version: 1 - Microsoft Corporation) HP OrderReminder (HKLM\...\HP OrderReminder) (Version: 2.1 - ) Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation) International Karting - from Midas (HKLM\...\International Karting - from Midas) (Version: - ) Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.550 - Oracle) Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden Java(TM) 6 Update 22 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216022F0}) (Version: 6.0.220 - Oracle) Java(TM) 6 Update 24 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216011FF}) (Version: 6.0.240 - Sun Microsystems, Inc.) Klett Lernsoftware Mathematik - Lambacher Schweizer (2. Lernjah (HKLM\...\Klett Lernsoftware Mathematik - Lambacher Schwei~B0BDFB6A_is1) (Version: - ) Klett Lernsoftware Mathematik - Lambacher Schweizer (4. Lernjah (HKLM\...\Klett Lernsoftware Mathematik - Lambacher Schwei~F7563B51_is1) (Version: - ) LaserJet 1018 (HKLM\...\HP-LaserJet 1018) (Version: - ) LCN-PRO 3 (HKLM\...\{5037D595-CA93-4463-7F05-4416F53D0C7D}) (Version: - ) League of Legends (HKLM\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games ) League of Legends (Version: 3.0.1 - Riot Games ) Hidden LEGO® Der Herr der Ringe™ (HKLM\...\{C6F20FA7-342A-47A9-A3C8-EB36CABE6419}) (Version: 1.0.0.0 - Warner Bros. Interactive Entertainment) Lexware Info Service (HKLM\...\{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}) (Version: 2.70.00.0081 - Haufe-Lexware GmbH & Co.KG) LPT System Updater Service (HKLM\...\{BC0BF363-63AB-4FF7-8EF1-AE0D7F711B24}) (Version: 1.0.0.0 - LPT) <==== ATTENTION Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Manual CanoScan 5000,5000F,8000F (HKLM\...\{D9261CAB-3E1D-423C-9DD6-2001056DA292}) (Version: - ) McAfee Internet Security (HKLM\...\MSC) (Version: 12.8.958 - McAfee, Inc.) McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.) Mein CEWE FOTOBUCH (HKLM\...\Mein CEWE FOTOBUCH) (Version: - ) Meine Tierarztpraxis in Australien (Nur Entfernen) (HKLM\...\Meine Tierarztpraxis in Australien) (Version: - ) Memory Manager 2.08 (HKLM\...\Memory Manager_is1) (Version: 2.08 - Technische Alternative GmbH) metaCrawler (HKLM\...\metaCrawler) (Version: - metaCrawler) <==== ATTENTION Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - ) Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - ) Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - ) Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation) Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Motocross Madness 2 (HKLM\...\Motocross Madness 2) (Version: - ) Microsoft Office 97, Professional Edition (HKLM\...\Office8.0) (Version: - ) Microsoft Office Excel MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft Office Home and Student 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office PowerPoint Viewer 2007 (German) (HKLM\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proof (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proof (Italian) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Word MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU (HKLM\...\{8E87B944-4815-3C5E-947F-5035C9F64362}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU (HKLM\...\{76DAEC83-AF7B-333C-8A53-83D7C7D39199}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Works (HKLM\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation) Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.) Mozilla Firefox 31.0 (x86 de) (HKLM\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla) MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) myphotobook 3.65 (HKLM\...\myphotobook) (Version: 3.65 - myphotobook) Nikon Message Center (HKLM\...\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}) (Version: 0.92.000 - Nikon) Nikon RAW Codec (HKLM\...\{C8616041-2802-4DE2-B3BD-6285AAD65C2A}) (Version: 1.00.0000 - Nikon) Nikon Transfer (HKLM\...\{E9757890-7EC5-46C8-99AB-B00F07B6525C}) (Version: 1.4.0 - Nikon) Opera Stable 23.0.1522.72 (HKLM\...\Opera 23.0.1522.72) (Version: 23.0.1522.72 - Opera Software ASA) Origin (HKLM\...\Origin) (Version: 9.0.14.2148 - Electronic Arts, Inc.) Pando Media Booster (HKLM\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.) PC Speed Maximizer v3.2 (HKLM\...\PC Speed Maximizer_is1) (Version: 3.2 - SoftCity) Personal Ancestral File 5 (HKLM\...\{D94A8E22-DF2B-4107-9E51-608A60A7671D}) (Version: - ) Picasa 2 (HKLM\...\Picasa2) (Version: 2.0 - Google, Inc.) Picture Control Utility (HKLM\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.1.5 - Nikon) PlayReady PC runtime (HKLM\...\{B0E5D7E7-A106-458F-BA7B-2F8CAEA3BF16}) (Version: 1 - Microsoft Corporation) Presto! PageManager 6 (HKLM\...\{580183A6-FF92-11D5-9294-0050BA073EEC}) (Version: - ) ProtectDisc Driver, Version 11 (HKLM\...\ProtectDisc Driver 11) (Version: 11.0.0.14 - ProtectDisc Software GmbH) ProtectDisc Helper Driver 10 (HKLM\...\ProtectDisc Driver 10) (Version: 10.0.0.3 - ) QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.) Realtek 8136 8168 8169 Ethernet Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0004 - Realtek) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5821 - Realtek Semiconductor Corp.) Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: 6.0.6000.20132 - Realtek Semiconductor Corp.) Realtek WiFi Protected Setup Library (HKLM\...\{02CA24DD-C8B0-4280-BE53-7862869C2EB1}) (Version: Package:1.00.0026 - REALTEK Semiconductor Corp.) Realtek WLAN Driver (HKLM\...\{0FB630AB-7BD8-40AE-B223-60397D57C3C9}) (Version: 2.00.0003 - Realtek) RegUse (HKLM\...\RegUse) (Version: 1.0.3.2 - Honlyn (Macao Commercial Offshore) Limited) Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group) Safari (HKLM\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.) SafeFinder Smartbar (HKLM\...\{877D0E59-6CBD-43C6-966F-1F4BA343AEEC}) (Version: 11.75.72.18057 - Linkury Ltd.) <==== ATTENTION SAMSUNG Intelli-studio (HKLM\...\Intelli-studio) (Version: - ) Shared C Run-time for x86 (Version: 10.0.0 - McAfee) Hidden Skins (Version: 2009.0421.2132.36832 - ATI) Hidden Skype™ 6.16 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.) Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated) Spielefieber Braingames für Vista (HKLM\...\Spielefieber Braingames für Vista) (Version: - KlickMedia) Star Stable 4 (HKLM\...\{A8522694-A08C-4844-872B-F69A175EF59C}) (Version: 1.00.0000 - Stabenfeldt) Star Wars Empire at War (HKLM\...\{99AE7207-8612-4DBA-A8F8-BAE5C633390D}) (Version: 1.0 - LucasArts) Star Wars Empire at War Forces of Corruption (HKLM\...\{6592FDEC-2C1A-413A-9985-25FEC2F0848D}) (Version: 1.0 - LucasArts) Steuer-Hilfesammlung 2010 (HKLM\...\{3BEFC315-7F74-4F71-B704-2CAF4DC046BB}) (Version: 17.10.0.0 - Haufe-Lexware GmbH & Co. KG) Steuer-Sparer 2012 (HKLM\...\{1CC7263A-9A5E-4EFB-9BB8-67642D10FA7C}) (Version: 17.11 - Wolters Kluwer Deutschland GmbH) Steuer-Sparer 2013 (HKLM\...\{0B914F2C-6CC2-4328-B84E-411A81B50FA4}) (Version: 18.09 - Wolters Kluwer Deutschland GmbH) Stronghold Crusader Extreme (HKLM\...\{8C3727F2-8E37-49E4-820C-03B1677F53B6}) (Version: 1.20.0000 - Firefly Studios) Stronghold Legends (HKLM\...\{66A405D2-BA14-4594-BF36-B3B544F0754E}) (Version: 1.20.0000 - Firefly Studios) sweet-page uninstall (HKLM\...\sweet-page uninstall) (Version: - sweet-page) <==== ATTENTION Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 12.2.11.0 - Synaptics Incorporated) TAPPS 1.29 DE (HKLM\...\TAPPS DE_is1) (Version: 1.29 - Technische Alternative GmbH) TFD128 1.00 (HKLM\...\TFD_Deploy_0) (Version: - ) TOSHIBA Accessibility (HKLM\...\InstallShield_{3A57482F-BEBC-47E4-ADA1-6302403C7E50}) (Version: 1.62.0.6C - TOSHIBA) TOSHIBA Accessibility (Version: 1.62.0.6C - TOSHIBA) Hidden TOSHIBA Assist (HKLM\...\{12B3A009-A080-4619-9A2A-C6DB151D8D67}) (Version: 2.01.10 - TOSHIBA) TOSHIBA Benutzerhandbücher (HKLM\...\{1C971EE3-B4C4-4367-9676-57549919C6CE}) (Version: 7.40 - TOSHIBA) TOSHIBA ConfigFree (HKLM\...\{F0A386D2-6E15-4A8F-A04E-87CE9BED0D48}) (Version: 7.4.9 - TOSHIBA Corporation) TOSHIBA Controls Driver (Version: 2.62.0.1C - TOSHIBA) Hidden TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.0.1.3 - TOSHIBA Corporation) TOSHIBA DVD PLAYER (HKLM\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.00.1.04-A - TOSHIBA Corporation) TOSHIBA eco Utility (HKLM\...\InstallShield_{53536479-DFB0-47ED-9D10-43F3708C222D}) (Version: 1.0.3.0 - TOSHIBA Corporation) TOSHIBA eco Utility (Version: 1.0.3.0 - TOSHIBA Corporation) Hidden TOSHIBA Extended Tiles for Windows Mobility Center (HKLM\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: 1.01.00 - Toshiba) TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00 - Toshiba) Hidden TOSHIBA Flash Cards Support Utility (HKLM\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.3C - TOSHIBA CORPORATION) TOSHIBA Flash Cards Support Utility (Version: 1.63.0.3C - TOSHIBA CORPORATION) Hidden TOSHIBA Hardware Setup (HKLM\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.0.6C - TOSHIBA CORPORATION) TOSHIBA Hardware Setup (Version: 1.63.0.6C - TOSHIBA CORPORATION) Hidden TOSHIBA HDD/SSD Alert (HKLM\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.0.0.1 - TOSHIBA Corporation) TOSHIBA HDD/SSD Alert (Version: 3.0.0.1 - TOSHIBA Corporation) Hidden Toshiba Online Product Information (HKLM\...\{2290A680-4083-410A-ADCC-7092C67FC052}) (Version: 2.06.0000 - TOSHIBA) TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.3.2.0 - TOSHIBA Corporation) TOSHIBA Recovery Disc Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.0.0.2 - TOSHIBA) TOSHIBA Recovery Disk Creator Reminder (HKLM\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0017 - TOSHIBA) TOSHIBA Recovery Disk Creator Reminder (Version: 1.00.0017 - TOSHIBA) Hidden TOSHIBA SD Memory Utilities (HKLM\...\{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}) (Version: 1.8.1.6 - TOSHIBA) TOSHIBA Service Station (HKLM\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.0.26 - TOSHIBA) TOSHIBA Supervisor Password (Version: 1.63.0.3C - TOSHIBA CORPORATION) Hidden TOSHIBA Supervisorkennwort (HKLM\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.0.3C - TOSHIBA CORPORATION) TOSHIBA Web Camera Application (HKLM\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.0.1.8 - TOSHIBA Corporation) TRORDCLauncher (HKLM\...\InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}) (Version: 1.0.0.6 - TOSHIBA) TRORDCLauncher (Version: 1.0.0.6 - TOSHIBA) Hidden TuneUp Utilities 2012 (HKLM\...\TuneUp Utilities 2012) (Version: 12.0.3600.171 - TuneUp Software) TuneUp Utilities 2012 (Version: 12.0.3600.171 - TuneUp Software) Hidden TuneUp Utilities Language Pack (de-DE) (Version: 12.0.3600.171 - TuneUp Software) Hidden Uninstall 1.0.0.1 (HKLM\...\Uninstall_is1) (Version: - ) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation) Update for Office 2007 (KB934528) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{2B939677-2FFD-48F6-9075-7BF48CB87C80}) (Version: - ) Update for Office System 2007 Setup (KB929722) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{D8E9BEBD-655F-467D-8176-CA9959C140A3}) (Version: - ) Utility Common Driver (Version: 1.0.50.24C - TOSHIBA) Hidden ViewNX (HKLM\...\{F007CBCE-D714-4C0B-8CE9-9B0D78116468}) (Version: 1.3.0 - Nikon) Visual Basic for Applications (R) Core - English (Version: 6.4.99.69 - Microsoft Corporation) Hidden Visual Basic for Applications (R) Core - German (Version: 6.4.99.69 - Microsoft Corporation) Hidden Visual Basic for Applications (R) Core (Version: 6.4.99.69 - Microsoft Corporation) Hidden VoiceTracer (HKLM\...\{54A13435-82CF-11D6-B859-C6D4DE0EF860}) (Version: 1.95 - ) Vokabelkartei interaktiv À plus! 2 (HKLM\...\{08DBA737-EAD2-4DDA-A48B-E7A8AEC45BD8}) (Version: 1.00.0000 - Cornelsen Verlag GmbH) Vokabelkartei interaktiv À plus! 4 (HKLM\...\{4D230951-6E24-4588-8B8C-D78E06F10A1C}) (Version: 1.00.0000 - Cornelsen Verlag GmbH) Wildlife Park 2 Familien Edition (HKLM\...\{740B51D7-C903-4536-9530-B6304C937F51}) (Version: 2.00 - Deep Silver) Wildlife Park 2 Horses (HKLM\...\{C649ED6C-2D44-40BA-AE75-0AADD5E411E5}) (Version: 2.00 - Deep Silver) Wildlife Park 3 v1.0 (HKLM\...\Wildlife Park 3_is1) (Version: - bitComposer Games) WildTangent-Spiele (HKLM\...\WildTangent toshiba Master Uninstall) (Version: 1.0.0.71 - WildTangent) WindowsMangerProtect20.0.0.502 (HKLM\...\WindowsMangerProtect) (Version: 20.0.0.502 - WindowsProtect LIMITED) <==== ATTENTION Winsol 2.00 (HKLM\...\Winsol_is1) (Version: 2.00 - Technische Alternative GmbH) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-3586509278-78834929-860225448-1000_Classes\CLSID\{31261F21-2B16-45EE-BEAB-07C4CFA18B65}\InprocServer32 -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) CustomCLSID: HKU\S-1-5-21-3586509278-78834929-860225448-1002_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File CustomCLSID: HKU\S-1-5-21-3586509278-78834929-860225448-1002_Classes\CLSID\{31261F21-2B16-45EE-BEAB-07C4CFA18B65}\InprocServer32 -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) CustomCLSID: HKU\S-1-5-21-3586509278-78834929-860225448-1002_Classes\CLSID\{4052D303-74C5-49EA-BC6B-66099C8D4007}\InprocServer32 -> C:\Program Files\Google\Google Desktop Search\GoogleDesktopAPI2.dll No File CustomCLSID: HKU\S-1-5-21-3586509278-78834929-860225448-1002_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File CustomCLSID: HKU\S-1-5-21-3586509278-78834929-860225448-1002_Classes\CLSID\{BB6410D8-F879-4184-9C5C-6A02D16AE0B3}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File CustomCLSID: HKU\S-1-5-21-3586509278-78834929-860225448-1002_Classes\CLSID\{CA1073A2-5F3F-4445-8E5E-7109BDCEDDBE}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File CustomCLSID: HKU\S-1-5-21-3586509278-78834929-860225448-1002_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File CustomCLSID: HKU\S-1-5-21-3586509278-78834929-860225448-1002_Classes\CLSID\{D5A55D2D-C59D-42C3-A5BF-4C08EEE74339}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File ==================== Restore Points ========================= 15-07-2014 11:23:26 Windows Update 17-07-2014 21:00:29 RCP Do, Jul 17, 14 23:00 18-07-2014 18:59:13 Windows Update 22-07-2014 12:00:13 Windows Update 24-07-2014 11:49:41 Geplanter Prüfpunkt 29-07-2014 12:50:07 Windows Update 04-08-2014 21:38:05 Installed TOSHIBA Value Added Package 06-08-2014 06:53:17 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2006-11-02 12:23 - 2014-04-27 14:03 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0D494D4F-C171-4567-9A2B-EF54F35F50A4} - System32\Tasks\ASP => C:\Program Files\RegClean Pro\SystweakASP.exe <==== ATTENTION Task: {15B72F65-D23D-463C-A89C-D302BECADA67} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-09-26] (Google Inc.) Task: {1A27D10D-6B90-4FCB-B9AF-5C6501316B34} - System32\Tasks\PC Speed Maximizer Schedule => C:\Program Files\PC Speed Maximizer\SPMLauncher.exe [2014-04-28] (Smart PC Solutions) Task: {1AFDE751-66A1-420C-BAED-2F748CD6E04D} - System32\Tasks\GoogleUpdateTaskMachineCore1cf8e15a8ab2474 => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-09-26] (Google Inc.) Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM Task: {23E19204-A4C0-4FE1-B046-07C8C569482F} - System32\Tasks\{14AD0C82-FB85-4C18-8A14-04D561BC579D} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.3.0.105/de/abandoninstall?page=tsProgressBar Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI Task: {34DF98C5-A9D6-47F6-8294-54CAA3D1CB3C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {39D70AAE-4BA4-4E66-8AEC-5ADF274EE5AE} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation) Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation) Task: {57FB448F-C823-41DB-B91A-1C0586C1CDCB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-12] (Adobe Systems Incorporated) Task: {6669A209-B771-4A2B-B9C7-B8070FEE4E1A} - System32\Tasks\Lexware-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe [2010-09-15] (Haufe-Lexware GmbH & Co. KG) Task: {73D58360-79E6-4978-83D3-4FF2663087E5} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated) Task: {81D6AAFD-88F3-4289-B3AA-74297386338D} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Conny => C:\Program Files\Windows Calendar\wincal.exe [2009-04-11] (Microsoft Corporation) Task: {9B8B1DD8-E318-48DB-BE03-A5E343B59A6B} - System32\Tasks\{FFCD702D-C383-483E-9222-78453479684B} => C:\Program Files\Skype\\Phone\Skype.exe [2014-05-08] (Skype Technologies S.A.) Task: {BBCEF35F-709C-41BA-8461-A10BF63007AF} - System32\Tasks\{28CC4EDD-F8B3-4A32-AE6A-97AA732C005D} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.16.0.105/de/abandoninstall?page=tsProgressBar Task: {C27DC93F-4B21-45E0-BDB8-C711D34B55C8} - System32\Tasks\Opera scheduled Autoupdate 1405625202 => C:\Program Files\Opera\launcher.exe [2014-08-05] (Opera Software) Task: {D21B4A59-B972-4028-9D35-A15048FBBD99} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2012 => C:\Program Files\TuneUp Utilities 2012\OneClick.exe [2013-12-11] (TuneUp Software) Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] () Task: {F851638C-3015-4550-B49A-5F3C8A042324} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation) Task: {FA228AC1-CD41-427F-BE9E-59DBF4D1E3D2} - System32\Tasks\{443024A5-EF36-4634-ADDC-CA05EF656195} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.10.0.104/de/abandoninstall?page=tsProgressBar (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf8e15a8ab2474.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2008-02-24 09:49 - 2009-04-21 23:05 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll 2014-02-12 21:58 - 2014-02-12 21:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2014-02-12 21:58 - 2014-02-12 21:58 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2014-06-25 16:28 - 2014-06-25 16:28 - 00033560 _____ () C:\Program Files\LPT\srpts.exe 2014-06-25 16:28 - 2014-06-25 16:28 - 00043288 _____ () C:\Program Files\LPT\srptc.dll 2014-06-25 16:28 - 2014-06-25 16:28 - 00018200 _____ () C:\Program Files\LPT\Smartbar.Common.dll 2014-06-25 16:28 - 2014-06-25 16:28 - 00037656 _____ () C:\Program Files\LPT\srptsl.exe 2014-06-25 16:28 - 2014-06-25 16:28 - 00066840 _____ () C:\Program Files\LPT\srut.dll 2009-04-24 12:39 - 2009-04-24 12:39 - 00516096 _____ () C:\Program Files\TOSHIBA\TECO\TecoPower.dll 2014-07-17 21:06 - 2014-08-10 09:23 - 00323320 _____ () C:\Program Files\Deal Keeper\updateDealKeeper.exe 2014-07-18 20:54 - 2014-08-10 09:22 - 00323320 _____ () C:\Program Files\Deal Keeper\bin\utilDealKeeper.exe 2009-01-30 22:11 - 2009-01-30 22:11 - 00073728 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll 1997-09-04 00:00 - 1997-09-04 00:00 - 03782416 _____ () C:\Program Files\Microsoft Office\Office\MSO97.DLL 2008-02-24 09:50 - 2008-02-24 09:50 - 00014848 _____ () C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll 2009-01-30 11:41 - 2009-01-30 11:41 - 00016384 ____R () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll 2008-02-24 09:50 - 2008-02-24 09:50 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll 2014-08-09 17:38 - 2014-08-10 11:23 - 00239352 _____ () C:\Program Files\Deal Keeper\bin\DealKeeper.PurBrowse.exe 2014-07-18 20:56 - 2014-08-10 20:23 - 00096504 _____ () C:\Program Files\Deal Keeper\bin\DealKeeper.BrowserAdapter.exe 2014-06-25 16:28 - 2014-06-25 16:28 - 00047384 _____ () C:\Users\Rainer\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll 2014-06-25 16:28 - 2014-06-25 16:28 - 00070936 _____ () C:\Users\Rainer\AppData\Local\Smartbar\Application\srau.dll 2014-06-25 16:28 - 2014-06-25 16:28 - 00166680 _____ () C:\Users\Rainer\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Utilities.dll 2014-06-25 16:28 - 2014-06-25 16:28 - 02344216 _____ () C:\Users\Rainer\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll 2014-06-25 16:28 - 2014-06-25 16:28 - 00067864 _____ () C:\Users\Rainer\AppData\Local\Smartbar\Application\spbl.dll 2014-06-25 16:28 - 2014-06-25 16:28 - 00158488 _____ () C:\Users\Rainer\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll 2014-06-25 16:28 - 2014-06-25 16:28 - 00015128 _____ () C:\Users\Rainer\AppData\Local\Smartbar\Application\siem.dll 2014-06-25 16:28 - 2014-06-25 16:28 - 00067864 _____ () C:\Users\Rainer\AppData\Local\Smartbar\Application\sppsm.dll 2014-06-25 16:28 - 2014-06-25 16:28 - 00697624 _____ () C:\Users\Rainer\AppData\Local\Smartbar\Application\Smartbar.GUI.Controls.dll 2014-06-25 16:28 - 2014-06-25 16:28 - 00015640 _____ () C:\Users\Rainer\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.BusinessEntities.dll 2014-06-25 16:28 - 2014-06-25 16:28 - 00079640 _____ () C:\Users\Rainer\AppData\Local\Smartbar\Application\Smartbar.GUI.Docking.dll 2014-06-25 16:28 - 2014-06-25 16:28 - 00027928 _____ () C:\Users\Rainer\AppData\Local\Smartbar\Application\Smartbar.Personalization.Common.dll 2014-06-25 16:28 - 2014-06-25 16:28 - 00066840 _____ () C:\Users\Rainer\AppData\Local\Smartbar\Application\srut.dll 2014-06-25 16:28 - 2014-06-25 16:28 - 00030488 _____ () C:\Users\Rainer\AppData\Local\Smartbar\Application\srsbs.dll 2014-06-25 16:28 - 2014-06-25 16:28 - 00066328 _____ () C:\Users\Rainer\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll 2014-06-25 16:28 - 2014-06-25 16:28 - 00150808 _____ () C:\Users\Rainer\AppData\Local\Smartbar\Application\smti.dll 2014-06-25 16:28 - 2014-06-25 16:28 - 00032024 _____ () C:\Users\Rainer\AppData\Local\Smartbar\Application\srom.dll 2014-06-25 16:28 - 2014-06-25 16:28 - 00031512 _____ () C:\Users\Rainer\AppData\Local\Smartbar\Application\smtu.dll 2014-06-25 16:28 - 2014-06-25 16:28 - 00040216 _____ () C:\Users\Rainer\AppData\Local\Smartbar\Application\smta.dll 2014-06-25 16:28 - 2014-06-25 16:28 - 00062744 _____ () C:\Users\Rainer\AppData\Local\Smartbar\Application\smsp.dll 2014-07-17 21:24 - 2014-07-17 21:24 - 00904704 _____ () C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.66.0__db937bc2d44ff139\System.Data.SQLite.dll 2014-06-25 16:28 - 2014-06-25 16:28 - 00046872 _____ () C:\Users\Rainer\AppData\Local\Smartbar\Application\srbu.dll 2014-06-25 16:28 - 2014-06-25 16:28 - 00024856 _____ () C:\Users\Rainer\AppData\Local\Smartbar\Application\sgml.dll 2014-06-25 16:28 - 2014-06-25 16:28 - 00062744 _____ () C:\Users\Rainer\AppData\Local\Smartbar\Application\Smartbar.Resources.LanguageSettings.dll 2014-06-25 16:28 - 2014-06-25 16:28 - 00025880 _____ () C:\Users\Rainer\AppData\Local\Smartbar\Application\srpdm.dll 2014-06-25 16:26 - 2014-06-25 16:26 - 00044312 _____ () C:\Users\Rainer\AppData\Local\Smartbar\Application\MACTrackBarLib.dll 2014-06-25 16:18 - 2014-06-25 16:18 - 00025880 _____ () C:\Users\Rainer\AppData\Local\Smartbar\Application\de\Smartbar.Resources.LanguageSettings.resources.dll 2014-06-25 16:28 - 2014-06-25 16:28 - 00036120 _____ () C:\Users\Rainer\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.dll 2014-06-25 16:28 - 2014-06-25 16:28 - 00193816 _____ () C:\Users\Rainer\AppData\Local\Smartbar\Application\sgmu.dll 2014-05-12 11:21 - 2014-05-12 11:21 - 00061440 _____ () C:\Users\Rainer\AppData\Local\Smartbar\Application\AxInterop.WMPLib.dll 2014-06-25 16:28 - 2014-06-25 16:28 - 00256280 _____ () C:\Users\Rainer\AppData\Local\Smartbar\Application\srns.dll 2014-07-30 15:23 - 2014-07-30 15:24 - 03800688 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll 2014-07-18 20:56 - 2014-08-10 20:23 - 00195320 _____ () C:\Program Files\Deal Keeper\bin\DealKeeperBAApp.dll 2014-07-12 09:11 - 2014-07-12 09:11 - 17029808 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll 2014-06-25 16:28 - 2014-06-25 16:28 - 00023832 _____ () C:\Program Files\LPT\srptm.exe 2014-06-25 16:28 - 2014-06-25 16:28 - 00081688 _____ () C:\Program Files\LPT\srpt.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\Services: AAV UpdateService => 2 MSCONFIG\Services: AdobeARMservice => 2 MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3 MSCONFIG\Services: GameConsoleService => 3 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: gusvc => 3 MSCONFIG\Services: HRService => 3 MSCONFIG\Services: SkypeUpdate => 2 MSCONFIG\Services: SXDS10 => 3 MSCONFIG\Services: TuneUp.UtilitiesSvc => 2 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Winsol_Autostart.lnk => C:\Windows\pss\Winsol_Autostart.lnk.CommonStartup MSCONFIG\startupfolder: C:^Users^Rainer^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyPC Backup.lnk => C:\Windows\pss\MyPC Backup.lnk.Startup MSCONFIG\startupreg: cfFncEnabler.exe => "C:\Program Files\TOSHIBA\ConfigFree\cfFncEnabler.exe" MSCONFIG\startupreg: NDSTray.exe => "C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe" MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun MSCONFIG\startupreg: SmartFaceVWatcher => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe MSCONFIG\startupreg: Teco => "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r MSCONFIG\startupreg: ToshibaServiceStation => "C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 MSCONFIG\startupreg: TPCHWMsg => %ProgramFiles%\TOSHIBA\TPHM\TPCHWMsg.exe ==================== Faulty Device Manager Devices ============= Name: 6TO4 Adapter Description: Microsoft-6zu4-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: 6TO4 Adapter Description: Microsoft-6zu4-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: Teredo Tunneling Pseudo-Interface Description: Microsoft Tun-Miniportadapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunmp Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: Teredo Tunneling Pseudo-Interface Description: Microsoft Tun-Miniportadapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunmp Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (08/10/2014 09:54:26 PM) (Source: EventSystem) (EventID: 4609) (User: ) Description: d:\longhorn\com\complus\src\events\tier2\eventsystem2.cpp458800700b7 Error: (08/10/2014 09:50:25 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Fehlerhafte Anwendung FlashPlayerPlugin_14_0_0_145.exe, Version 14.0.0.145, Zeitstempel 0x53aa1aea, fehlerhaftes Modul FlashPlayerPlugin_14_0_0_145.exe, Version 14.0.0.145, Zeitstempel 0x53aa1aea, Ausnahmecode 0x40000015, Fehleroffset 0x00017670, Prozess-ID 0x1834, Anwendungsstartzeit FlashPlayerPlugin_14_0_0_145.exe0. Error: (08/10/2014 09:48:30 PM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: Eintrag <C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MCAFEE\MCAFEE INTERNET SECURITY.LNK> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) Error: (08/10/2014 09:48:30 PM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: Eintrag <C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MCAFEE\MCAFEE INTERNET SECURITY.LNK> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) Error: (08/10/2014 09:46:51 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Fehlerhafte Anwendung FlashPlayerPlugin_14_0_0_145.exe, Version 14.0.0.145, Zeitstempel 0x53aa1aea, fehlerhaftes Modul FlashPlayerPlugin_14_0_0_145.exe, Version 14.0.0.145, Zeitstempel 0x53aa1aea, Ausnahmecode 0x40000015, Fehleroffset 0x00017670, Prozess-ID 0x101c, Anwendungsstartzeit FlashPlayerPlugin_14_0_0_145.exe0. Error: (08/10/2014 09:38:57 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Fehlerhafte Anwendung MSOFFICE.EXE, Version 8.0.0.3512, Zeitstempel 0x3287ddb4, fehlerhaftes Modul MSOFFICE.EXE, Version 8.0.0.3512, Zeitstempel 0x3287ddb4, Ausnahmecode 0xc0000005, Fehleroffset 0x0000acfd, Prozess-ID 0x1280, Anwendungsstartzeit MSOFFICE.EXE0. Error: (08/10/2014 09:38:08 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/10/2014 00:28:25 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/10/2014 09:22:43 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/09/2014 05:37:55 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (08/10/2014 09:57:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: McAfee Platform Services%%1053 Error: (08/10/2014 09:57:15 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: 30000McAfee Platform Services Error: (08/10/2014 09:57:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: McAfee Platform Services%%1053 Error: (08/10/2014 09:57:14 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: 30000McAfee Platform Services Error: (08/10/2014 09:57:14 PM) (Source: DCOM) (EventID: 10005) (User: ) Description: 1053mcpltsvc{20966775-18A4-4299-B8E3-772C336B52A7} Error: (08/10/2014 09:56:07 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {6DFC2D17-579D-4C1C-93B7-B05B7DCCD766} Error: (08/10/2014 09:50:16 PM) (Source: iaStor) (EventID: 9) (User: ) Description: Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet. Error: (08/10/2014 09:39:22 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {0228576F-6E6C-4E1A-B175-0E46A316AFE2} Error: (08/10/2014 09:38:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Parallel port driver%%1058 Error: (08/10/2014 09:36:31 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 412) (User: NT-AUTORITÄT) Description: 2147942402 Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2014-08-10 21:49:12.322 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-08-10 21:49:11.229 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-08-10 21:49:10.128 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-08-10 21:49:08.643 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-08-10 21:49:06.628 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-08-10 21:49:05.779 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-08-10 21:49:04.987 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-08-10 21:49:04.343 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-08-07 15:11:49.325 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-08-07 15:11:48.698 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Percentage of memory in use: 68% Total physical RAM: 3035.93 MB Available physical RAM: 969 MB Total Pagefile: 6276.09 MB Available Pagefile: 3900.92 MB Total Virtual: 2047.88 MB Available Virtual: 1914.65 MB ==================== Drives ================================ Drive c: (Vista) (Fixed) (Total:186.31 GB) (Free:19.91 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (Data) (Fixed) (Total:184.84 GB) (Free:108.62 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 373 GB) (Disk ID: 7878FC96) Partition 1: (Not Active) - (Size=1 GB) - (Type=27) Partition 2: (Active) - (Size=186 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=185 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2014-08-10 22:52:03 Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.FG01 372.61GB Running: Gmer-19357.exe; Driver: C:\Users\Rainer\AppData\Local\Temp\kxliqpog.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\Windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x84B50480, 0x3C939, 0xE8000020] .dsrt C:\Windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x84B91900, 0x3CA, 0x48000040] .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x90A09000, 0x263970, 0xE8000020] .reloc C:\Windows\system32\drivers\acehlp10.sys section is executable [0x91011B80, 0x37FC7, 0xE0000060] .reloc C:\Windows\system32\drivers\acedrv10.sys section is executable [0xA10A4000, 0x459C1, 0xE0000060] .vmp2 C:\Windows\system32\drivers\acedrv11.sys entry point in ".vmp2" section [0xA111169D] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe[1312] kernel32.dll!LoadLibraryW 75F694F8 5 Bytes JMP 6354B470 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll .text C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe[1312] kernel32.dll!LoadLibraryA 75F69674 5 Bytes JMP 6354B370 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys AttachedDevice \Driver\tdx \Device\Tcp {55dce8ba-9dec-4013-937e-adbf9317d990}t.sys AttachedDevice \Driver\tdx \Device\Tcp mfewfpk.sys AttachedDevice \Driver\tdx \Device\Udp {55dce8ba-9dec-4013-937e-adbf9317d990}t.sys AttachedDevice \Driver\tdx \Device\Udp mfewfpk.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Media Center\Service\Scheduler@Heartbeat 0x40 0x52 0xCB 0x8F ... ---- EOF - GMER 2.1 ---- Die unerwünschte Umleitung ist immer noch aktiv... Viele Grüße und vielen Dank Rainer Geändert von Romanos (10.08.2014 um 22:18 Uhr) |