| |
| |||||||
Log-Analyse und Auswertung: Windows7 Firefox öffnet ständig neue Tabs mit WerbungWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
13.08.2014, 17:22
| #1 |
| |  Windows7 Firefox öffnet ständig neue Tabs mit Werbung Hallo Zusammen. wie aus dem Titel hervorgeht, habe ich das Problem, dass FF ständig Tabs mit Werbeseiten öffnet. Wenn mir geholfen werden könnte, wäre ich sehr dankbar. LG Olli Folgende Logfiles habe ich erstellet: Defogger Log: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 17:31 on 13/08/2014 (*******)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCU:DAEMON Tools Lite -> Removed
Checking for services/drivers...
SPTD -> Disabled (Service running -> reboot required)
-=E.O.F=-
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:13-08-2014
Ran by Oliver (administrator) on OLIVER-PC on 13-08-2014 18:08:39
Running from C:\Users\Oliver\Desktop\Virus\FRST
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
() C:\Program Files\ASUS\EPU-6 Engine\SixEngine.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Realtek) C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtlService.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(Realtek Semiconductor Corp.) C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Users\Oliver\AppData\Local\ContextFree\nvcmd.exe
(Dropbox, Inc.) C:\Users\Oliver\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKU\.DEFAULT\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2014-02-10] (Microsoft Corporation)
HKU\S-1-5-21-956886985-2695973545-304803630-1000\...\Run: [framei] => C:\Users\Oliver\AppData\Local\ContextFree\framei.exe [567808 2014-07-01] ()
HKU\S-1-5-21-956886985-2695973545-304803630-1000\...\Run: [nvcmd] => C:\Users\Oliver\AppData\Local\ContextFree\nvcmd.exe [596480 2014-07-01] ()
HKU\S-1-5-21-956886985-2695973545-304803630-1000\...\Run: [cntcmd] => C:\Users\Oliver\AppData\Local\ContextFree\cntcmd.exe [596480 2014-07-01] ()
HKU\S-1-5-21-956886985-2695973545-304803630-1000\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-956886985-2695973545-304803630-1000\...\MountPoints2: {e801ad7e-90e1-11e3-9cc6-806e6f6e6963} - D:\wubi.exe
Startup: C:\Users\Oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Oliver\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=securitascout
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\cfg85hsu.default-1402174875213
FF Homepage: https://www.google.de/?gws_rd=ssl
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF SearchPlugin: C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\cfg85hsu.default-1402174875213\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\cfg85hsu.default-1402174875213\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\cfg85hsu.default-1402174875213\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\cfg85hsu.default-1402174875213\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Download videos and MP3s from YouTube - C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\cfg85hsu.default-1402174875213\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900} [2014-08-09]
FF Extension: PDF Updater Free - C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\cfg85hsu.default-1402174875213\Extensions\{c5518a8b-51fa-437a-9f4d-34a5beb015eb}.xpi [2014-07-20]
FF Extension: Adblock Plus - C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\cfg85hsu.default-1402174875213\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-06-07]
FF Extension: {d3d8eb04-2a7c-4d14-84b4-f701af9beb83} - C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\cfg85hsu.default-1402174875213\Extensions\{d3d8eb04-2a7c-4d14-84b4-f701af9beb83}.xpi [2014-07-17]
FF Extension: Fox!Box - C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\cfg85hsu.default-1402174875213\Extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8}.xpi [2014-08-10]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-03-02]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff [2014-08-09]
Chrome:
=======
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AsSysCtrlService; C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [90112 2009-04-02] () [File not signed]
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2013-01-16] (Hewlett-Packard Company) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [769432 2012-07-13] (Nero AG)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44544 2008-12-03] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-12-03] (Hewlett-Packard) [File not signed]
R2 Realtek11nSU; C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [12400 2007-12-17] ()
S3 KMWDFILTERx86; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [25088 2009-04-29] (Windows (R) Codename Longhorn DDK provider)
R3 L1E; C:\Windows\System32\DRIVERS\L1E62x86.sys [47104 2009-07-14] (Atheros Communications, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [6504 2009-05-13] ()
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [320120 2014-06-20] (Duplex Secure Ltd.)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
U3 ufdiapob; \??\C:\Users\Oliver\AppData\Local\Temp\ufdiapob.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-13 17:31 - 2014-08-13 17:31 - 00000176 _____ () C:\Users\Oliver\defogger_reenable
2014-08-13 17:07 - 2014-08-13 17:07 - 00144584 _____ () C:\Windows\Minidump\081314-16676-01.dmp
2014-08-13 17:00 - 2014-08-13 18:08 - 00000000 ____D () C:\FRST
2014-08-13 16:59 - 2014-08-13 17:33 - 00000000 ____D () C:\Users\Oliver\Desktop\Virus
2014-08-12 18:32 - 2014-08-12 18:32 - 00000000 ____D () C:\Program Files\ESET
2014-08-12 18:26 - 2014-08-12 18:26 - 00000000 ____D () C:\Windows\ERUNT
2014-08-10 12:59 - 2014-08-12 17:57 - 00000000 ____D () C:\Windows\AutoKMS
2014-08-10 12:16 - 2014-08-10 12:18 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Genesis_08101016
2014-08-10 12:05 - 2014-08-10 12:05 - 00000000 ____D () C:\Users\Oliver\AppData\Local\ContextFree
2014-08-10 12:04 - 2014-08-10 12:06 - 00000000 ____D () C:\Users\Oliver\AppData\Local\fabulous_08101004
2014-08-09 20:29 - 2014-08-09 20:38 - 238945732 _____ () C:\Users\Oliver\Desktop\PLANET E_ ABENTEUER - MALLORCA, TEIL 1.avi
2014-08-09 20:19 - 2014-08-09 20:29 - 230164014 _____ () C:\Users\Oliver\Desktop\PLANET E_ ABENTEUER - MALLORCA, TEIL 2.avi
2014-08-09 18:33 - 2014-08-10 11:09 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\Skype
2014-08-09 18:33 - 2014-08-10 11:09 - 00000000 ____D () C:\ProgramData\Skype
2014-08-09 18:33 - 2014-08-09 18:33 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Skype
2014-08-09 18:32 - 2014-08-09 18:32 - 00002176 _____ () C:\Users\Public\Desktop\Free YouTube Download.lnk
2014-08-08 20:27 - 2014-08-08 20:27 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-08-07 17:39 - 2014-08-07 17:39 - 00367576 _____ () C:\Windows\Minidump\080714-19905-01.dmp
2014-07-31 21:40 - 2014-07-31 21:40 - 00367568 _____ () C:\Windows\Minidump\073114-20872-01.dmp
2014-07-29 21:49 - 2014-07-29 21:49 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-19 21:20 - 2014-07-20 12:24 - 00000000 ____D () C:\Users\Oliver\Desktop\Urlaub
2014-07-17 22:13 - 2014-07-17 22:15 - 00000000 ____D () C:\Users\Oliver\Desktop\backup
2014-07-17 22:13 - 2014-07-17 22:13 - 00000000 ____D () C:\Users\Oliver\Desktop\converted
2014-07-17 22:13 - 2014-07-17 22:13 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Tempde97d1ecad57e6a299c82b803e0e23e1______
2014-07-17 22:13 - 2014-07-17 22:13 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Tempb3e4a92b2fa33cb7a7281f2eb2a6c78e___
2014-07-17 22:05 - 2014-07-17 22:05 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Tempb3e4a92b2fa33cb7a7281f2eb2a6c78e__
2014-07-17 22:04 - 2014-07-17 22:04 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Tempde97d1ecad57e6a299c82b803e0e23e1_____
2014-07-17 22:02 - 2014-07-17 22:02 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Tempde97d1ecad57e6a299c82b803e0e23e1____
2014-07-17 21:34 - 2014-07-17 21:34 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Tempb3e4a92b2fa33cb7a7281f2eb2a6c78e_
2014-07-17 21:32 - 2014-07-17 21:32 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Tempde97d1ecad57e6a299c82b803e0e23e1___
2014-07-17 21:31 - 2014-07-17 22:15 - 00000223 _____ () C:\Users\Oliver\Desktop\WhatsAppMigrator.conf
2014-07-17 21:30 - 2014-07-17 21:30 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Tempde97d1ecad57e6a299c82b803e0e23e1__
2014-07-17 21:03 - 2014-07-17 21:03 - 00371736 _____ () C:\Windows\Minidump\071714-27690-01.dmp
2014-07-17 20:49 - 2014-07-17 20:49 - 00002013 _____ () C:\Users\Oliver\Desktop\iDevice Manager.lnk
2014-07-17 20:49 - 2014-07-17 20:49 - 00000000 ____D () C:\Users\Oliver\AppData\Local\IsolatedStorage
2014-07-17 20:49 - 2014-07-17 20:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iDevice Manager
2014-07-17 20:49 - 2014-07-17 20:49 - 00000000 ____D () C:\Program Files\iDevice Manager
2014-07-17 20:47 - 2014-07-17 20:47 - 00961360 _____ (Chip Digital GmbH) C:\Users\Oliver\Desktop\iDevice Manager iPhone Explorer - CHIP-Installer.exe
2014-07-17 20:34 - 2014-07-17 20:42 - 00000000 ____D () C:\Users\Oliver\AppData\Local\pangu
2014-07-17 20:33 - 2014-07-17 20:34 - 35956160 _____ () C:\Users\Oliver\Desktop\Pangu_v1.1.exe
2014-07-17 20:23 - 2014-07-17 20:23 - 00001753 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-17 20:23 - 2014-07-17 20:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-17 20:22 - 2014-07-17 20:23 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-07-17 20:22 - 2014-07-17 20:23 - 00000000 ____D () C:\Program Files\iTunes
2014-07-17 20:22 - 2014-07-17 20:22 - 00000000 ____D () C:\Program Files\iPod
2014-07-17 19:27 - 2014-07-17 22:12 - 00000000 ____D () C:\Users\Oliver\Desktop\Whatsapp
2014-07-17 19:24 - 2014-07-19 19:22 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\GHISLER
2014-07-17 19:21 - 2014-07-17 19:21 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Tempde97d1ecad57e6a299c82b803e0e23e1_
2014-07-17 19:21 - 2014-07-17 19:21 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Tempd60233d1130df8bd03cd6d2e3c2fc7d1
2014-07-17 19:21 - 2014-07-17 19:21 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Tempb3e4a92b2fa33cb7a7281f2eb2a6c78e
2014-07-17 19:21 - 2014-07-17 19:21 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Temp82152e590ca5570bb7bf75cfa8125e90
2014-07-17 19:18 - 2014-07-17 22:16 - 00004078 _____ () C:\Users\Oliver\Desktop\WhatsAppMigrator.log
2014-07-17 19:18 - 2014-07-17 19:18 - 00000000 ____D () C:\Users\Oliver\ChromeExtensions
2014-07-17 19:18 - 2014-07-17 19:18 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Tempde97d1ecad57e6a299c82b803e0e23e1
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-13 18:08 - 2014-08-13 17:00 - 00000000 ____D () C:\FRST
2014-08-13 18:03 - 2014-02-08 18:59 - 01932986 _____ () C:\Windows\WindowsUpdate.log
2014-08-13 17:39 - 2009-07-14 06:34 - 00016944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-13 17:39 - 2009-07-14 06:34 - 00016944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-13 17:33 - 2014-08-13 16:59 - 00000000 ____D () C:\Users\Oliver\Desktop\Virus
2014-08-13 17:33 - 2014-02-08 21:00 - 00000000 ___RD () C:\Users\Oliver\Dropbox
2014-08-13 17:33 - 2014-02-08 20:57 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\Dropbox
2014-08-13 17:32 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-13 17:32 - 2009-07-14 06:39 - 00047528 _____ () C:\Windows\setupact.log
2014-08-13 17:31 - 2014-08-13 17:31 - 00000176 _____ () C:\Users\Oliver\defogger_reenable
2014-08-13 17:31 - 2014-02-08 19:32 - 00000000 ____D () C:\Users\Oliver
2014-08-13 17:30 - 2014-02-08 19:13 - 01628044 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-13 17:16 - 2014-02-10 20:11 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-13 17:07 - 2014-08-13 17:07 - 00144584 _____ () C:\Windows\Minidump\081314-16676-01.dmp
2014-08-13 17:07 - 2014-03-16 15:02 - 00000000 ____D () C:\Windows\Minidump
2014-08-13 17:07 - 2014-03-16 15:01 - 357774381 _____ () C:\Windows\MEMORY.DMP
2014-08-12 20:47 - 2014-02-08 20:31 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\KeePass
2014-08-12 18:51 - 2014-02-16 18:38 - 00000000 ____D () C:\Users\Oliver\Desktop\Börsenkurse
2014-08-12 18:32 - 2014-08-12 18:32 - 00000000 ____D () C:\Program Files\ESET
2014-08-12 18:26 - 2014-08-12 18:26 - 00000000 ____D () C:\Windows\ERUNT
2014-08-12 18:23 - 2014-02-09 11:38 - 00023638 _____ () C:\Windows\PFRO.log
2014-08-12 18:22 - 2013-11-13 18:28 - 00000000 ____D () C:\AdwCleaner
2014-08-12 17:57 - 2014-08-10 12:59 - 00000000 ____D () C:\Windows\AutoKMS
2014-08-10 12:51 - 2014-02-09 10:37 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-10 12:18 - 2014-08-10 12:16 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Genesis_08101016
2014-08-10 12:18 - 2014-03-02 14:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-08-10 12:18 - 2014-03-02 14:52 - 00001797 _____ () C:\ProgramData\hpzinstall.log
2014-08-10 12:18 - 2014-03-02 14:52 - 00000000 ____D () C:\Program Files\HP
2014-08-10 12:06 - 2014-08-10 12:04 - 00000000 ____D () C:\Users\Oliver\AppData\Local\fabulous_08101004
2014-08-10 12:05 - 2014-08-10 12:05 - 00000000 ____D () C:\Users\Oliver\AppData\Local\ContextFree
2014-08-10 11:09 - 2014-08-09 18:33 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\Skype
2014-08-10 11:09 - 2014-08-09 18:33 - 00000000 ____D () C:\ProgramData\Skype
2014-08-09 21:18 - 2009-07-14 04:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-08-09 20:38 - 2014-08-09 20:29 - 238945732 _____ () C:\Users\Oliver\Desktop\PLANET E_ ABENTEUER - MALLORCA, TEIL 1.avi
2014-08-09 20:29 - 2014-08-09 20:19 - 230164014 _____ () C:\Users\Oliver\Desktop\PLANET E_ ABENTEUER - MALLORCA, TEIL 2.avi
2014-08-09 18:39 - 2014-06-07 09:13 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\vlc
2014-08-09 18:33 - 2014-08-09 18:33 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Skype
2014-08-09 18:33 - 2014-06-01 12:03 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\DVDVideoSoft
2014-08-09 18:32 - 2014-08-09 18:32 - 00002176 _____ () C:\Users\Public\Desktop\Free YouTube Download.lnk
2014-08-09 18:32 - 2014-06-01 12:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-08-09 18:32 - 2014-06-01 12:05 - 00000000 ____D () C:\Program Files\DVDVideoSoft
2014-08-09 18:32 - 2014-06-01 12:05 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2014-08-08 20:34 - 2014-02-08 19:48 - 00110056 _____ () C:\Users\Oliver\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-08 20:33 - 2009-07-14 06:33 - 00410352 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-08 20:30 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-08-08 20:27 - 2014-08-08 20:27 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-08-08 20:27 - 2014-02-09 10:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2014-08-08 20:27 - 2014-02-09 10:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-08-08 20:26 - 2009-07-14 10:56 - 00000000 ____D () C:\Windows\ShellNew
2014-08-08 20:26 - 2009-07-14 06:52 - 00000000 ____D () C:\Program Files\MSBuild
2014-08-08 20:26 - 2009-07-14 04:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-08-08 20:23 - 2009-07-14 04:04 - 00000615 _____ () C:\Windows\win.ini
2014-08-07 17:39 - 2014-08-07 17:39 - 00367576 _____ () C:\Windows\Minidump\080714-19905-01.dmp
2014-08-04 19:14 - 2009-07-14 06:52 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-07-31 21:40 - 2014-07-31 21:40 - 00367568 _____ () C:\Windows\Minidump\073114-20872-01.dmp
2014-07-31 17:14 - 2014-02-08 19:45 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-07-29 21:49 - 2014-07-29 21:49 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-29 13:02 - 2009-07-14 06:53 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-29 08:04 - 2014-02-09 13:50 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-28 18:40 - 2014-02-09 13:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-28 18:11 - 2014-02-08 20:58 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-07-28 18:11 - 2013-01-03 18:51 - 00001021 _____ () C:\Users\Oliver\Desktop\Dropbox.lnk
2014-07-20 21:40 - 2014-03-10 18:59 - 00001060 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-07-20 21:40 - 2014-03-10 18:59 - 00001048 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-07-20 16:17 - 2014-02-08 20:55 - 00000000 ____D () C:\Users\Oliver\Documents\Meine Scans
2014-07-20 12:24 - 2014-07-19 21:20 - 00000000 ____D () C:\Users\Oliver\Desktop\Urlaub
2014-07-19 19:22 - 2014-07-17 19:24 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\GHISLER
2014-07-17 22:31 - 2014-04-19 17:28 - 00000000 ____D () C:\Program Files\i-Funbox DevTeam
2014-07-17 22:16 - 2014-07-17 19:18 - 00004078 _____ () C:\Users\Oliver\Desktop\WhatsAppMigrator.log
2014-07-17 22:15 - 2014-07-17 22:13 - 00000000 ____D () C:\Users\Oliver\Desktop\backup
2014-07-17 22:15 - 2014-07-17 21:31 - 00000223 _____ () C:\Users\Oliver\Desktop\WhatsAppMigrator.conf
2014-07-17 22:13 - 2014-07-17 22:13 - 00000000 ____D () C:\Users\Oliver\Desktop\converted
2014-07-17 22:13 - 2014-07-17 22:13 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Tempde97d1ecad57e6a299c82b803e0e23e1______
2014-07-17 22:13 - 2014-07-17 22:13 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Tempb3e4a92b2fa33cb7a7281f2eb2a6c78e___
2014-07-17 22:12 - 2014-07-17 19:27 - 00000000 ____D () C:\Users\Oliver\Desktop\Whatsapp
2014-07-17 22:05 - 2014-07-17 22:05 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Tempb3e4a92b2fa33cb7a7281f2eb2a6c78e__
2014-07-17 22:04 - 2014-07-17 22:04 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Tempde97d1ecad57e6a299c82b803e0e23e1_____
2014-07-17 22:02 - 2014-07-17 22:02 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Tempde97d1ecad57e6a299c82b803e0e23e1____
2014-07-17 21:34 - 2014-07-17 21:34 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Tempb3e4a92b2fa33cb7a7281f2eb2a6c78e_
2014-07-17 21:32 - 2014-07-17 21:32 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Tempde97d1ecad57e6a299c82b803e0e23e1___
2014-07-17 21:30 - 2014-07-17 21:30 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Tempde97d1ecad57e6a299c82b803e0e23e1__
2014-07-17 21:11 - 2014-04-19 17:28 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\iFunbox_UserCache
2014-07-17 21:03 - 2014-07-17 21:03 - 00371736 _____ () C:\Windows\Minidump\071714-27690-01.dmp
2014-07-17 20:49 - 2014-07-17 20:49 - 00002013 _____ () C:\Users\Oliver\Desktop\iDevice Manager.lnk
2014-07-17 20:49 - 2014-07-17 20:49 - 00000000 ____D () C:\Users\Oliver\AppData\Local\IsolatedStorage
2014-07-17 20:49 - 2014-07-17 20:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iDevice Manager
2014-07-17 20:49 - 2014-07-17 20:49 - 00000000 ____D () C:\Program Files\iDevice Manager
2014-07-17 20:47 - 2014-07-17 20:47 - 00961360 _____ (Chip Digital GmbH) C:\Users\Oliver\Desktop\iDevice Manager iPhone Explorer - CHIP-Installer.exe
2014-07-17 20:42 - 2014-07-17 20:34 - 00000000 ____D () C:\Users\Oliver\AppData\Local\pangu
2014-07-17 20:34 - 2014-07-17 20:33 - 35956160 _____ () C:\Users\Oliver\Desktop\Pangu_v1.1.exe
2014-07-17 20:23 - 2014-07-17 20:23 - 00001753 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-17 20:23 - 2014-07-17 20:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-17 20:23 - 2014-07-17 20:22 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-07-17 20:23 - 2014-07-17 20:22 - 00000000 ____D () C:\Program Files\iTunes
2014-07-17 20:22 - 2014-07-17 20:22 - 00000000 ____D () C:\Program Files\iPod
2014-07-17 20:22 - 2014-05-04 11:48 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-07-17 19:21 - 2014-07-17 19:21 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Tempde97d1ecad57e6a299c82b803e0e23e1_
2014-07-17 19:21 - 2014-07-17 19:21 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Tempd60233d1130df8bd03cd6d2e3c2fc7d1
2014-07-17 19:21 - 2014-07-17 19:21 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Tempb3e4a92b2fa33cb7a7281f2eb2a6c78e
2014-07-17 19:21 - 2014-07-17 19:21 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Temp82152e590ca5570bb7bf75cfa8125e90
2014-07-17 19:19 - 2014-07-13 12:10 - 00000000 ____D () C:\Users\Oliver\.gimp-2.8
2014-07-17 19:18 - 2014-07-17 19:18 - 00000000 ____D () C:\Users\Oliver\ChromeExtensions
2014-07-17 19:18 - 2014-07-17 19:18 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Tempde97d1ecad57e6a299c82b803e0e23e1
2014-07-16 22:01 - 2014-02-08 20:14 - 00001075 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk
2014-07-16 22:01 - 2014-02-08 20:14 - 00000000 ____D () C:\Program Files\KeePass Password Safe 2
2014-07-16 22:01 - 2013-10-20 11:29 - 00001063 _____ () C:\Users\Oliver\Desktop\KeePass 2.lnk
2014-07-15 21:30 - 2014-06-13 16:10 - 00000000 ____D () C:\Users\Oliver\Desktop\WM
Some content of TEMP:
====================
C:\Users\Oliver\AppData\Local\Temp\13-12_win7_win8_32_dd_ccc_whql.exe
C:\Users\Oliver\AppData\Local\Temp\amazonicon_v6.exe
C:\Users\Oliver\AppData\Local\Temp\amazoninstallernircmdc.exe
C:\Users\Oliver\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplh0xpr.dll
C:\Users\Oliver\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Oliver\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\Oliver\AppData\Local\Temp\foxy_security.exe
C:\Users\Oliver\AppData\Local\Temp\FP_AX_MSI_INSTALLER.exe
C:\Users\Oliver\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Oliver\AppData\Local\Temp\ICReinstall_COMPUTER_BILD-Download-Manager_fuer_nerocoverdesigner-ESD_small-20131212115353069-12.0.01800.nsx.exe
C:\Users\Oliver\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Oliver\AppData\Local\Temp\MouseKeyboardCenterx86_1031.exe
C:\Users\Oliver\AppData\Local\Temp\MTK25beta5setup__6216_il14229.exe
C:\Users\Oliver\AppData\Local\Temp\nshAF48.exe
C:\Users\Oliver\AppData\Local\Temp\nsi1836.exe
C:\Users\Oliver\AppData\Local\Temp\nsmF88C.exe
C:\Users\Oliver\AppData\Local\Temp\nsrFD8C.exe
C:\Users\Oliver\AppData\Local\Temp\nswAB12.exe
C:\Users\Oliver\AppData\Local\Temp\ose00000.exe
C:\Users\Oliver\AppData\Local\Temp\PidGenX.dll
C:\Users\Oliver\AppData\Local\Temp\raptrpatch.exe
C:\Users\Oliver\AppData\Local\Temp\sdanircmdc.exe
C:\Users\Oliver\AppData\Local\Temp\sdapskill.exe
C:\Users\Oliver\AppData\Local\Temp\sdaspwn.exe
C:\Users\Oliver\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Oliver\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
C:\Users\Oliver\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Oliver\AppData\Local\Temp\System.Data.SQLite28784.dll
C:\Users\Oliver\AppData\Local\Temp\System.Data.SQLite42183.dll
C:\Users\Oliver\AppData\Local\Temp\System.Data.SQLite53031.dll
C:\Users\Oliver\AppData\Local\Temp\System.Data.SQLite56639.dll
C:\Users\Oliver\AppData\Local\Temp\System.Data.SQLite92236.dll
C:\Users\Oliver\AppData\Local\Temp\WEB.DE_MailCheck_FF_Setup_2.10.1.1735.exe
C:\Users\Oliver\AppData\Local\Temp\WhatsAppMigrator_1.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-08-07 18:05
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version:13-08-2014
Ran by Oliver at 2014-08-13 18:08:57
Running from C:\Users\Oliver\Desktop\Virus\FRST
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
32 Bit HP CIO Components Installer (Version: 6.1.1 - Hewlett-Packard) Hidden
7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )
Adobe Flash Player 10 ActiveX (HKLM\...\{B7B3E9B3-FB14-4927-894B-E9124509AF5A}) (Version: 10.0.32.18 - Adobe Systems, Inc.)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
AIO_Scan (Version: 130.0.365.000 - Hewlett-Packard) Hidden
AMD Accelerated Video Transcoding (Version: 13.20.100.31206 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (Version: 2013.1206.1603.28764 - Ihr Firmenname) Hidden
AMD Catalyst Install Manager (HKLM\...\{C2796CF4-6517-00C1-9F70-6A9C50680D29}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.81206.1620 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (HKLM\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{941B4CE7-3F5D-443E-A8B7-56A420D2EAFD}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden
calibre (HKLM\...\{B5D724AD-AC50-46B4-AAA7-62EF18F0CDFE}) (Version: 1.44.0 - Kovid Goyal)
Catalyst Control Center - Branding (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
ccc-utility (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4478 - CDBurnerXP)
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
CloudReading (HKLM\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.1.47.1220 - Foxit Corporation)
ContextFree (HKCU\...\ContextFree) (Version: - )
Copy (Version: 130.0.428.000 - Hewlett-Packard) Hidden
Creo Elements/Direct Modeling Express 4.0 (HKLM\...\{B4531C1A-9721-416A-A3BD-C0C600155176}) (Version: 40.0.10020 - Parametric Technology GmbH)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5C78021E-3C8E-4EDF-97EA-E9B8D808FD6D}) (Version: - Microsoft)
Destinations (Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 130.0.465.000 - Hewlett-Packard) Hidden
DJ_AIO_ProductContext (Version: 130.0.365.000 - Hewlett-Packard) Hidden
DJ_AIO_Software (Version: 130.0.365.000 - Hewlett-Packard) Hidden
DJ_AIO_Software_min (Version: 130.0.365.000 - Hewlett-Packard) Hidden
dreamboxEDIT -- The one and only settings editor for your Dreambox (HKLM\...\dreamboxEDIT) (Version: - )
Dropbox (HKCU\...\Dropbox) (Version: 2.10.3 - Dropbox, Inc.)
EasyBCD 2.2 (HKLM\...\EasyBCD) (Version: 2.2 - NeoSmart Technologies)
EPU-6 Engine (HKLM\...\{56B83336-FBC1-4C46-8613-90A9E3B440D6}) (Version: 1.01.14 - )
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
F2100 (Version: 130.0.365.000 - Hewlett-Packard) Hidden
F2100_Help (Version: 90.0.222.000 - Hewlett-Packard) Hidden
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 6.1.2.1224 - Foxit Corporation)
Free WMA to MP3 Converter 1.16 (HKLM\...\Free WMA to MP3 Converter_is1) (Version: - Jodix Technologies Ltd.)
Free YouTube Download version 3.2.43.806 (HKLM\...\Free YouTube Download_is1) (Version: 3.2.43.806 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.38.530 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.38.530 - DVDVideoSoft Ltd.)
FRITZ!Box-Fernzugang einrichten (HKLM\...\{EFADD989-D9F2-49F6-A280-675951CC78D3}) (Version: 1.0.3 - AVM Berlin)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Designjet 3D Software Solution 1.1 (HKLM\...\{3100A54E-7256-4D77-96B6-F51E910425F4}) (Version: 1.1 - Hewlett-Packard)
HP Deskjet All-In-One Driver Software 13.0 Rel. 1 (HKLM\...\{EB773820-0871-46A8-9B96-F2B04F8B34F0}) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
HPPhotoGadget (Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden
iFunbox (v2.7.2386.747), iFunbox DevTeam (HKLM\...\iFunbox_is1) (Version: v2.7.2386.747 - )
iTunes (HKLM\...\{0A37EE62-9A58-420D-90CC-4E52153112EE}) (Version: 11.3.0.54 - Apple Inc.)
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KeePass Password Safe 2.27 (HKLM\...\KeePassPasswordSafe2_is1) (Version: 2.27 - Dominik Reichl)
LightScribe System Software (HKLM\...\{F132000C-1CBA-458F-BF2F-FD43D59410F9}) (Version: 1.18.27.10 - LightScribe)
MarketResearch (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (Version: 2.2.173.0 - Microsoft Corporation) Hidden
Mozilla Firefox 31.0 (x86 de) (HKLM\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyFreeCodec (HKCU\...\MyFreeCodec) (Version: - )
Nero ControlCenter (Version: 11.0.15500 - Nero AG) Hidden
Nero ControlCenter Help (CHM) (Version: 12.0.7000 - Nero AG) Hidden
Nero Core Components (Version: 11.0.20200 - Nero AG) Hidden
Nero CoverDesigner (HKLM\...\{3143E3EB-17A5-48F9-90FC-D7CA556CA210}) (Version: 12.0.01500 - Nero AG)
Nero CoverDesigner (Version: 12.0.10003 - Nero AG) Hidden
Nero CoverDesigner Help (CHM) (Version: 12.0.2000 - Nero AG) Hidden
Nero Update (Version: 11.0.11800.31.0 - Nero AG) Hidden
Prerequisite installer (Version: 12.0.0003 - Nero AG) Hidden
REALTEK Wireless LAN Driver and Utility (HKLM\...\{9C049499-055C-4a0c-A916-1D8CA1FF45EB}) (Version: 1.00.0175 - )
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.14044_15 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.6.3.14044_15 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.43.0 - SAMSUNG Electronics Co., Ltd.)
Scan (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version: - Microsoft) Hidden
SmartWebPrinting (Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (Version: 130.0.469.000 - Hewlett-Packard) Hidden
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.29947 - TeamViewer)
TIPP10 Version 2.1.0 (HKLM\...\TIPP10_is1) (Version: - (c) 2006-2011, Tom Thielicke IT Solutions)
Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (Version: 130.0.422.000 - Hewlett-Packard) Hidden
UnloadSupport (Version: 11.0.0 - Hewlett-Packard) Hidden
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4ACD847E-547D-493F-9A86-F73EAE1B5174}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{4B93560B-F33D-4A67-A224-F5E1C329BD22}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{EAD7BEF9-B28C-425F-B2C5-538CB27EF013}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{C0BDC1DE-C35E-422B-8CBD-C1D555468720}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version: - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version: - Microsoft)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX control for remote connections (HKLM\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-956886985-2695973545-304803630-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Oliver\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-956886985-2695973545-304803630-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Oliver\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-956886985-2695973545-304803630-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Oliver\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-956886985-2695973545-304803630-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-956886985-2695973545-304803630-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-956886985-2695973545-304803630-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-956886985-2695973545-304803630-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-956886985-2695973545-304803630-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-956886985-2695973545-304803630-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-956886985-2695973545-304803630-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-956886985-2695973545-304803630-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
==================== Restore Points =========================
19-07-2014 17:22:56 Removed Apple Application Support
21-07-2014 08:31:56 Windows Update
28-07-2014 16:11:31 Windows Update
28-07-2014 16:39:32 Windows Update
01-08-2014 18:43:56 Windows Update
05-08-2014 19:27:19 Windows Update
08-08-2014 18:21:18 Configured Microsoft Office Professional Plus 2010
10-08-2014 09:03:10 Windows Update
10-08-2014 09:09:26 Removed Skype™ 6.18
10-08-2014 10:02:55 Uniblue SpeedUpMyPC installation
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {1E53F79C-86D1-4F91-A72E-5C16E03333B0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {20777A6D-966D-41ED-8DCA-97B01DB18C99} - System32\Tasks\ASUS\ASUS SIX Engine => C:\Program Files\ASUS\EPU-6 Engine\SixEngine.exe [2009-05-25] ()
Task: {3C0228AF-F8E5-4205-B9C4-5BDE4AE1C940} - \AutoKMS No Task File <==== ATTENTION
Task: {3E423C2E-9348-41D3-AF66-B84627CD3870} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {5A44A6F8-E1A4-43C5-9F9E-C93159962FDA} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {63225ABD-F84F-4C8F-8F4F-8704FADC65CE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)
Task: {9612E598-CC56-4176-B702-4381D362F24C} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {A7766A69-D134-4673-9E4A-D76784D0423A} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {E01649FF-E8C1-4508-98C3-A412E8630422} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-02-09 10:56 - 2009-05-25 11:33 - 06017024 _____ () C:\Program Files\ASUS\EPU-6 Engine\SixEngine.exe
2014-02-09 10:56 - 2009-04-22 21:20 - 00179712 _____ () C:\Program Files\ASUS\EPU-6 Engine\ASUSSERVICE.DLL
2014-02-09 10:56 - 2009-04-20 14:55 - 00565248 _____ () C:\Program Files\ASUS\EPU-6 Engine\pngio.dll
2014-02-09 10:56 - 2006-01-10 17:50 - 00024576 _____ () C:\Windows\system32\AsIo.dll
2014-02-09 10:56 - 2009-04-20 14:55 - 00053248 _____ () C:\Program Files\ASUS\EPU-6 Engine\AsSpindownTimeout.dll
2014-02-06 00:52 - 2014-02-06 00:52 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 00:52 - 2014-02-06 00:52 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-02-09 10:56 - 2009-04-02 13:27 - 00090112 _____ () C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
2014-02-08 19:42 - 2009-12-09 22:20 - 00126976 _____ () C:\Program Files\REALTEK\11n USB Wireless LAN Utility\EnumDevLib.dll
2014-07-01 14:26 - 2014-07-01 14:26 - 00596480 _____ () C:\Users\Oliver\AppData\Local\ContextFree\nvcmd.exe
2014-08-13 17:33 - 2014-08-13 17:33 - 00043008 _____ () c:\users\oliver\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplh0xpr.dll
2013-10-19 01:55 - 2013-10-19 01:55 - 25100288 _____ () C:\Users\Oliver\AppData\Roaming\Dropbox\bin\libcef.dll
2014-07-29 21:49 - 2014-07-29 21:49 - 03800688 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-07-08 16:54 - 2014-07-08 16:54 - 17029808 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\Oliver\Desktop\2014-05-25 14.58.09.jpg:com.dropbox.attributes
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Oliver^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk => C:\Windows\pss\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk.Startup
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: Google Update => "C:\Users\Oliver\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HP Software Update => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: hpqSRMon => C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
MSCONFIG\startupreg: StartCCC => "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe" MSRun
==================== Faulty Device Manager Devices =============
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (08/13/2014 05:39:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Gmer-19357.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Name des fehlerhaften Moduls: Gmer-19357.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00012298
ID des fehlerhaften Prozesses: 0x5c8
Startzeit der fehlerhaften Anwendung: 0xGmer-19357.exe0
Pfad der fehlerhaften Anwendung: Gmer-19357.exe1
Pfad des fehlerhaften Moduls: Gmer-19357.exe2
Berichtskennung: Gmer-19357.exe3
Error: (08/13/2014 05:09:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Gmer-19357.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Name des fehlerhaften Moduls: Gmer-19357.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00012298
ID des fehlerhaften Prozesses: 0xc98
Startzeit der fehlerhaften Anwendung: 0xGmer-19357.exe0
Pfad der fehlerhaften Anwendung: Gmer-19357.exe1
Pfad des fehlerhaften Moduls: Gmer-19357.exe2
Berichtskennung: Gmer-19357.exe3
Error: (08/13/2014 05:09:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Gmer-19357.exe, Version 2.1.19357.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: ddc
Startzeit: 01cfb70863704513
Endzeit: 15
Anwendungspfad: C:\Users\Oliver\Desktop\Virus\Gmer\Gmer-19357.exe
Berichts-ID: c377e711-22fb-11e4-95c1-0022156399ca
System errors:
=============
Error: (08/13/2014 05:07:19 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x0000008e (0xc0000005, 0x00007640, 0xaad71a6c, 0x00000000)C:\Windows\MEMORY.DMP081314-16676-01
Error: (08/13/2014 05:07:17 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 13.08.2014 um 17:05:19 unerwartet heruntergefahren.
Microsoft Office Sessions:
=========================
Error: (08/13/2014 05:39:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Gmer-19357.exe2.1.19357.052e7ea83Gmer-19357.exe2.1.19357.052e7ea83c0000005000122985c801cfb70c974f8a2bC:\Users\Oliver\Desktop\Virus\Gmer\Gmer-19357.exeC:\Users\Oliver\Desktop\Virus\Gmer\Gmer-19357.exefdc2ca70-22ff-11e4-a6f0-000272b08a19
Error: (08/13/2014 05:09:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Gmer-19357.exe2.1.19357.052e7ea83Gmer-19357.exe2.1.19357.052e7ea83c000000500012298c9801cfb70887a76f67C:\Users\Oliver\Desktop\Virus\Gmer\Gmer-19357.exeC:\Users\Oliver\Desktop\Virus\Gmer\Gmer-19357.exee1580c60-22fb-11e4-95c1-0022156399ca
Error: (08/13/2014 05:09:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Gmer-19357.exe2.1.19357.0ddc01cfb7086370451315C:\Users\Oliver\Desktop\Virus\Gmer\Gmer-19357.exec377e711-22fb-11e4-95c1-0022156399ca
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz
Percentage of memory in use: 39%
Total physical RAM: 3327.05 MB
Available physical RAM: 2005.84 MB
Total Pagefile: 6652.4 MB
Available Pagefile: 5071.11 MB
Total Virtual: 2047.88 MB
Available Virtual: 1908.59 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:365.16 GB) (Free:102.81 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: () (Fixed) (Total:465.76 GB) (Free:63.34 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 149 GB) (Disk ID: 000148CA)
Partition 1: (Active) - (Size=145 GB) - (Type=83)
Partition 2: (Not Active) - (Size=4 GB) - (Type=05)
========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: BA51F4EA)
Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 16251625)
Partition 1: (Active) - (Size=365 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=101 GB) - (Type=05)
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-08-13 18:02:33
Windows 6.1.7601 Service Pack 1 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP5T0L0-5 SAMSUNG_HD502IJ rev.1AA01118 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\Oliver\AppData\Local\Temp\ufdiapob.sys
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 82E4CA15 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82E86212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x9221A000, 0x153F4A, 0xE8000020]
---- User code sections - GMER 2.1 ----
.text C:\Program Files\Mozilla Firefox\firefox.exe[3132] ntdll.dll!NtCreateFile 76F05608 5 Bytes JMP 608C3D20 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3132] ntdll.dll!NtFlushBuffersFile 76F05998 5 Bytes JMP 608AC661 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3132] ntdll.dll!NtQueryFullAttributesFile 76F06028 5 Bytes JMP 608C3820 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3132] ntdll.dll!NtReadFile 76F062F8 5 Bytes JMP 608AC750 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3132] ntdll.dll!NtReadFileScatter 76F06308 5 Bytes JMP 6114E1FF C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3132] ntdll.dll!NtWriteFile 76F06AA8 5 Bytes JMP 608C43D0 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3132] ntdll.dll!NtWriteFileGather 76F06AB8 5 Bytes JMP 6114E1AE C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3132] ntdll.dll!LdrLoadDll 76F222AE 5 Bytes JMP 66641F4C C:\Program Files\Mozilla Firefox\mozglue.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3132] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D 752A94E6 7 Bytes JMP 610EF55F C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3132] kernel32.dll!QueryPerformanceCounter + 13 752AC4E5 7 Bytes JMP 610EF582 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3132] kernel32.dll!LoadAppInitDlls + 355 752AF5A6 7 Bytes JMP 608C06F3 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3132] USER32.dll!GetWindowInfo 76AF4B5E 5 Bytes JMP 60FFE5A9 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3132] GDI32.dll!GetViewportOrgEx + 26C 7679884B 1 Byte [E9]
.text C:\Program Files\Mozilla Firefox\firefox.exe[3132] GDI32.dll!GetViewportOrgEx + 26C 7679884B 7 Bytes JMP 610EF4E0 C:\Program Files\Mozilla Firefox\xul.dll
---- Devices - GMER 2.1 ----
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys
---- Threads - GMER 2.1 ----
Thread System [4:2432] A44E4F2E
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001167998c5c
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x05 0xAA 0x7F 0x8C ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xED 0xF4 0x31 0xA0 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x97 0x56 0x78 0x67 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001167998c5c (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x05 0xAA 0x7F 0x8C ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xED 0xF4 0x31 0xA0 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x97 0x56 0x78 0x67 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FDFE23FE-57DB-4479-A595-E4F5612DE272}
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FDFE23FE-57DB-4479-A595-E4F5612DE272}
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FDFE23FE-57DB-4479-A595-E4F5612DE272}@Path \Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FDFE23FE-57DB-4479-A595-E4F5612DE272}@Hash 0x02 0x6C 0x72 0x3E ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FDFE23FE-57DB-4479-A595-E4F5612DE272}@Triggers 0x15 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FDFE23FE-57DB-4479-A595-E4F5612DE272}@DynamicInfo 0x03 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan@Id {FDFE23FE-57DB-4479-A595-E4F5612DE272}
---- EOF - GMER 2.1 ----
|
|
13.08.2014, 17:46
| #2 |
| /// the machine /// TB-Ausbilder    | Windows7 Firefox öffnet ständig neue Tabs mit Werbung Hi,
__________________Scan mit Combofix
__________________ |
|
13.08.2014, 18:35
| #3 |
| | Windows7 Firefox öffnet ständig neue Tabs mit WerbungCode:
ATTFilter ComboFix 14-08-12.01 - Oliver 13.08.2014 19:18:01.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.3327.2042 [GMT 2:00]
ausgeführt von:: c:\users\Oliver\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Oliver\AppData\Local\ContextFree
c:\users\Oliver\AppData\Local\ContextFree\cntcmd.exe
c:\users\Oliver\AppData\Local\ContextFree\Context2pro_Uninstaller.exe
c:\users\Oliver\AppData\Local\ContextFree\framei.exe
c:\users\Oliver\AppData\Local\ContextFree\navigation.exe
c:\users\Oliver\AppData\Local\ContextFree\notifications.exe
c:\users\Oliver\AppData\Local\ContextFree\nvcmd.exe
c:\users\Oliver\AppData\Local\ContextFree\windoclib.exe
c:\users\Oliver\AppData\Local\Microsoft\Windows\Temporary Internet Files\{6CD9F101-C00C-41C6-86C7-FCCE9F145EA0}.xps
c:\users\Oliver\AppData\Local\Microsoft\Windows\Temporary Internet Files\{7339905B-C725-407F-AE64-1BE1FC7872A7}.xps
c:\users\Oliver\ncftp
c:\users\Oliver\ncftp\firewall.txt
c:\windows\IsUn0407.exe
E:\install.exe
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NETHFDRV
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-07-13 bis 2014-08-13 ))))))))))))))))))))))))))))))
.
.
2014-08-13 17:23 . 2014-08-13 17:23 -------- d-----w- c:\users\Oliver\AppData\Local\temp
2014-08-13 17:23 . 2014-08-13 17:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-08-13 16:02 . 2014-07-02 03:11 8217224 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6A765DE6-EFBE-49CA-B388-89619E3D4D16}\mpengine.dll
2014-08-13 15:00 . 2014-08-13 16:09 -------- d-----w- C:\FRST
2014-08-12 16:32 . 2014-08-12 16:32 -------- d-----w- c:\program files\ESET
2014-08-12 16:26 . 2014-08-12 16:26 -------- d-----w- c:\windows\ERUNT
2014-08-11 15:08 . 2014-07-02 03:11 8217224 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-08-10 10:59 . 2014-08-12 15:57 -------- d-----w- c:\windows\AutoKMS
2014-08-10 10:16 . 2014-08-10 10:18 -------- d-----w- c:\users\Oliver\AppData\Local\Genesis_08101016
2014-08-10 10:04 . 2014-08-10 10:06 -------- d-----w- c:\users\Oliver\AppData\Local\fabulous_08101004
2014-08-10 10:02 . 2014-08-10 10:03 -------- d-----w- c:\program files\Common Files\Config
2014-08-09 16:33 . 2014-08-09 16:33 -------- d-----w- c:\users\Oliver\AppData\Local\Skype
2014-08-09 16:33 . 2014-08-10 09:09 -------- d-----w- c:\users\Oliver\AppData\Roaming\Skype
2014-08-09 16:33 . 2014-08-10 09:09 -------- d-----w- c:\programdata\Skype
2014-08-03 09:44 . 2014-05-02 09:34 765968 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E61D54E8-6BAF-4D6B-8C18-6838A23D2EAF}\gapaengine.dll
2014-07-17 18:49 . 2014-07-17 18:49 -------- d-----w- c:\users\Oliver\AppData\Local\IsolatedStorage
2014-07-17 18:49 . 2014-07-17 18:49 -------- d-----w- c:\program files\iDevice Manager
2014-07-17 18:34 . 2014-07-17 18:42 -------- d-----w- c:\users\Oliver\AppData\Local\pangu
2014-07-17 18:22 . 2014-07-17 18:22 -------- d-----w- c:\program files\iPod
2014-07-17 18:22 . 2014-07-17 18:23 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-07-17 18:22 . 2014-07-17 18:23 -------- d-----w- c:\program files\iTunes
2014-07-17 17:24 . 2014-07-19 17:22 -------- d-----w- c:\users\Oliver\AppData\Roaming\GHISLER
2014-07-17 17:21 . 2014-07-17 17:21 -------- d-----w- c:\users\Oliver\AppData\Local\Temp82152e590ca5570bb7bf75cfa8125e90
2014-07-17 17:21 . 2014-07-17 17:21 -------- d-----w- c:\users\Oliver\AppData\Local\Tempb3e4a92b2fa33cb7a7281f2eb2a6c78e
2014-07-17 17:21 . 2014-07-17 17:21 -------- d-----w- c:\users\Oliver\AppData\Local\Tempd60233d1130df8bd03cd6d2e3c2fc7d1
2014-07-17 17:18 . 2014-07-17 17:18 -------- d-----w- c:\users\Oliver\ChromeExtensions
2014-07-17 17:18 . 2014-07-17 17:18 -------- d-----w- c:\users\Oliver\AppData\Local\Tempde97d1ecad57e6a299c82b803e0e23e1
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-08 14:54 . 2014-02-10 18:11 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-08 14:54 . 2014-02-10 18:11 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-06-30 01:40 . 2014-07-09 14:52 404480 ----a-w- c:\windows\system32\aepdu.dll
2014-06-30 01:36 . 2014-07-09 14:52 302592 ----a-w- c:\windows\system32\aeinv.dll
2014-06-20 13:55 . 2014-02-09 11:30 320120 ----a-w- c:\windows\system32\drivers\sptd.sys
2014-06-18 23:56 . 2014-07-09 14:52 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-06-18 23:56 . 2014-07-09 14:52 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-06-18 23:38 . 2014-07-09 14:52 455168 ----a-w- c:\windows\system32\vbscript.dll
2014-06-18 23:37 . 2014-07-09 14:52 61952 ----a-w- c:\windows\system32\iesetup.dll
2014-06-18 23:36 . 2014-07-09 14:52 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-06-18 23:35 . 2014-07-09 14:52 62464 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-06-18 23:23 . 2014-07-09 14:52 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2014-06-18 23:23 . 2014-07-09 14:52 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-06-18 23:22 . 2014-07-09 14:52 592896 ----a-w- c:\windows\system32\jscript9diag.dll
2014-06-18 23:16 . 2014-07-09 14:52 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-06-18 23:06 . 2014-07-09 14:52 32256 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-06-18 22:52 . 2014-07-09 14:52 4254720 ----a-w- c:\windows\system32\jscript9.dll
2014-06-18 22:46 . 2014-07-09 14:52 1068032 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-06-18 22:45 . 2014-07-09 14:52 1964544 ----a-w- c:\windows\system32\inetcpl.cpl
2014-06-18 22:13 . 2014-07-09 14:52 1791488 ----a-w- c:\windows\system32\wininet.dll
2014-06-18 01:51 . 2014-07-09 14:52 646144 ----a-w- c:\windows\system32\osk.exe
2014-06-18 00:52 . 2014-07-09 14:52 2350080 ----a-w- c:\windows\system32\win32k.sys
2014-06-06 09:44 . 2014-07-09 14:52 509440 ----a-w- c:\windows\system32\qedit.dll
2014-06-05 14:26 . 2014-07-09 14:52 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-05-30 07:52 . 2014-07-09 14:52 172032 ----a-w- c:\windows\system32\wdigest.dll
2014-05-30 07:52 . 2014-07-09 14:52 65536 ----a-w- c:\windows\system32\TSpkg.dll
2014-05-30 07:52 . 2014-07-09 14:52 247808 ----a-w- c:\windows\system32\schannel.dll
2014-05-30 07:52 . 2014-07-09 14:52 220160 ----a-w- c:\windows\system32\ncrypt.dll
2014-05-30 07:52 . 2014-07-09 14:52 259584 ----a-w- c:\windows\system32\msv1_0.dll
2014-05-30 07:52 . 2014-07-09 14:52 550912 ----a-w- c:\windows\system32\kerberos.dll
2014-05-30 07:52 . 2014-07-09 14:52 17408 ----a-w- c:\windows\system32\credssp.dll
2014-05-30 06:36 . 2014-07-09 14:52 338944 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 951576]
"KeePass 2 PreLoad"="c:\program files\KeePass Password Safe 2\KeePass.exe" [2014-07-06 2117632]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2014-05-23 311616]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-07-08 152392]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2014-02-10 280576]
.
c:\users\Oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Oliver\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-7-21 35464216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Oliver^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk]
path=c:\users\Oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
backup=c:\windows\pss\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2012-11-05 13:27 89184 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 15:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-07-22 17:33 150528 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2014-07-08 06:49 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2013-01-16 11:53 2736128 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2013-12-06 15:53 747264 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe
.
R2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2012-07-13 769432]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2013-03-25 65200]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2014-04-11 89856]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-06-18 108032]
R3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\DRIVERS\KMWDFILTER.sys [2009-04-29 25088]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2014-03-11 104264]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2014-03-11 279776]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2014-04-11 184192]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-05-16 111280]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 MpKslaa3f429f;MpKslaa3f429f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6A765DE6-EFBE-49CA-B388-89619E3D4D16}\MpKslaa3f429f.sys [2014-08-13 39464]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2013-12-06 209408]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-04-02 90112]
S2 Realtek11nSU;Realtek11nSU;c:\program files\REALTEK\11n USB Wireless LAN Utility\RtlService.exe [2010-04-16 36864]
S2 TeamViewer9;TeamViewer 9;c:\program files\TeamViewer\Version9\TeamViewer_Service.exe [2014-07-02 5037888]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2013-09-24 77312]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-11-25 603240]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2013-01-16 11:46 454176 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-08-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-10 14:54]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyOverride = <-loopback>
IE: An OneNote s&enden - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: Free YouTube Download - c:\program files\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\cfg85hsu.default-1402174875213\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.de/?gws_rd=ssl
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-framei - c:\users\Oliver\AppData\Local\ContextFree\framei.exe
HKCU-Run-nvcmd - c:\users\Oliver\AppData\Local\ContextFree\nvcmd.exe
HKCU-Run-cntcmd - c:\users\Oliver\AppData\Local\ContextFree\cntcmd.exe
HKLM-Run-mbot_de_24 - (no file)
MSConfigStartUp-Google Update - c:\users\Oliver\AppData\Local\Google\Update\GoogleUpdate.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
AddRemove-ContextFree - c:\users\Oliver\AppData\Local\ContextFree\Context2pro_Uninstaller.exe
AddRemove-MyFreeCodec - c:\program files\MyFree Codec\1.0b beta\uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\atieclxx.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Microsoft Mouse and Keyboard Center\itype.exe
c:\program files\ASUS\EPU-6 Engine\SixEngine.exe
c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe
c:\windows\system32\conhost.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\REALTEK\11n USB Wireless LAN Utility\RtWlan.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\users\Oliver\AppData\Roaming\Dropbox\bin\Dropbox.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-08-13 19:32:43 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2014-08-13 17:32
.
Vor Suchlauf: 21 Verzeichnis(se), 129.697.013.760 Bytes frei
Nach Suchlauf: 27 Verzeichnis(se), 132.298.919.936 Bytes frei
.
- - End Of File - - C9204180C26401B4B08F31159CF0D343
A36C5E4F47E84449FF07ED3517B43A31
|
|
14.08.2014, 12:58
| #4 |
| /// the machine /// TB-Ausbilder | Windows7 Firefox öffnet ständig neue Tabs mit Werbung Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
14.08.2014, 20:38
| #5 |
| | Windows7 Firefox öffnet ständig neue Tabs mit Werbung Vielen Dank erstmal, für die zeitnahe Hilfe! Hier die gewünschten Logfiles in der o.g. Reihenfolge: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 14.08.2014 Suchlauf-Zeit: 20:48:50 Logdatei: mbm.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.08.14.09 Rootkit Datenbank: v2014.08.04.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Self-protection: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x86 Dateisystem: NTFS Benutzer: Oliver Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 331244 Verstrichene Zeit: 5 Min, 33 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 4 Trojan.BHO, HKU\S-1-5-21-956886985-2695973545-304803630-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{FCADDC14-BD46-408A-9842-CDBE1C6D37EB}, In Quarantäne, [463b2f97017a78beaf8585fba75b07f9], Trojan.BHO, HKU\S-1-5-21-956886985-2695973545-304803630-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{FCADDC14-BD46-408A-9842-CDBE1C6D37EB}, In Quarantäne, [463b2f97017a78beaf8585fba75b07f9], PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [b4cd92345c1fc07684df4d21c9397d83], PUP.Optional.MBot.A, HKLM\SOFTWARE\MYBESTOFFERSTODAY, In Quarantäne, [d8a9b70f1b60270f74d37e5e788a09f7], Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 3 PUP.Optional.OffersWizard.A, C:\Program Files\Common Files\Config, In Quarantäne, [add443831863f83e326ab132c63caf51], PUP.Optional.Fabulous.Discounts.T, C:\Users\Oliver\AppData\Local\fabulous_08101004, In Quarantäne, [156c972f641776c0d7eaf9d79969639d], PUP.Optional.GenesisOffers, C:\Users\Oliver\AppData\Local\Genesis_08101016, In Quarantäne, [1f628640e5961026f2c4ba1fdf235fa1], Dateien: 2 PUP.Optional.OffersWizard.A, C:\Program Files\Common Files\Config\ver.xml, In Quarantäne, [add443831863f83e326ab132c63caf51], PUP.Optional.OffersWizard.A, C:\Program Files\Common Files\Config\uninstinethnfd.exe, In Quarantäne, [add443831863f83e326ab132c63caf51], Physische Sektoren: 0 (No malicious items detected) (end) Code:
ATTFilter # AdwCleaner v3.305 - Bericht erstellt am 14/08/2014 um 21:09:49
# Aktualisiert 14/08/2014 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (32 bits)
# Benutzername : Oliver - OLIVER-PC
# Gestartet von : C:\Users\Oliver\Desktop\adwcleaner_3.305.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17207
-\\ Mozilla Firefox v31.0 (x86 de)
[ Datei : C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\cfg85hsu.default-1402174875213\prefs.js ]
[ Datei : C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\so6lk7hb.default\prefs.js ]
*************************
AdwCleaner[R0].txt - [39501 octets] - [13/11/2013 18:28:19]
AdwCleaner[R1].txt - [1205 octets] - [14/08/2014 21:09:04]
AdwCleaner[S0].txt - [38056 octets] - [13/11/2013 18:28:47]
AdwCleaner[S1].txt - [1126 octets] - [14/08/2014 21:09:49]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1186 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Ultimate x86
Ran by Oliver on 14.08.2014 at 21:23:12,12
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\Oliver\AppData\Roaming\mozilla\firefox\profiles\cfg85hsu.default-1402174875213\minidumps [1 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 14.08.2014 at 21:28:42,73
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:13-08-2014 Ran by Oliver (administrator) on OLIVER-PC on 14-08-2014 21:30:55 Running from C:\Users\Oliver\Desktop\Virus\FRST Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe () C:\Program Files\ASUS\EPU-6 Engine\SixEngine.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe () C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Dropbox, Inc.) C:\Users\Oliver\AppData\Roaming\Dropbox\bin\Dropbox.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe (Realtek) C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtlService.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (Realtek Semiconductor Corp.) C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Nero AG) C:\Program Files\Nero\Update\NASvc.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKU\.DEFAULT\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2014-02-10] (Microsoft Corporation) Startup: C:\Users\Oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Oliver\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=securitascout BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\cfg85hsu.default-1402174875213 FF Homepage: https://www.google.de/?gws_rd=ssl FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF SearchPlugin: C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\cfg85hsu.default-1402174875213\searchplugins\englische-ergebnisse.xml FF SearchPlugin: C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\cfg85hsu.default-1402174875213\searchplugins\gmx-suche.xml FF SearchPlugin: C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\cfg85hsu.default-1402174875213\searchplugins\lastminute.xml FF SearchPlugin: C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\cfg85hsu.default-1402174875213\searchplugins\webde-suche.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Download videos and MP3s from YouTube - C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\cfg85hsu.default-1402174875213\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900} [2014-08-09] FF Extension: PDF Updater Free - C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\cfg85hsu.default-1402174875213\Extensions\{c5518a8b-51fa-437a-9f4d-34a5beb015eb}.xpi [2014-07-20] FF Extension: Adblock Plus - C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\cfg85hsu.default-1402174875213\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-06-07] FF Extension: {d3d8eb04-2a7c-4d14-84b4-f701af9beb83} - C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\cfg85hsu.default-1402174875213\Extensions\{d3d8eb04-2a7c-4d14-84b4-f701af9beb83}.xpi [2014-07-17] FF Extension: Fox!Box - C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\cfg85hsu.default-1402174875213\Extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8}.xpi [2014-08-10] FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-03-02] FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff FF Extension: Download videos and MP3s from YouTube - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff [2014-08-09] Chrome: ======= ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AsSysCtrlService; C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [90112 2009-04-02] () [File not signed] R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed] R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed] R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2013-01-16] (Hewlett-Packard Company) [File not signed] R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation) R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [769432 2012-07-13] (Nero AG) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44544 2008-12-03] (Hewlett-Packard) [File not signed] S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation) R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-12-03] (Hewlett-Packard) [File not signed] R2 Realtek11nSU; C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [12400 2007-12-17] () S3 KMWDFILTERx86; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [25088 2009-04-29] (Windows (R) Codename Longhorn DDK provider) R3 L1E; C:\Windows\System32\DRIVERS\L1E62x86.sys [47104 2009-07-14] (Atheros Communications, Inc.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-08-14] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [6504 2009-05-13] () S4 sptd; C:\Windows\System32\Drivers\sptd.sys [320120 2014-06-20] (Duplex Secure Ltd.) S3 catchme; \??\C:\Users\Oliver\AppData\Local\Temp\catchme.sys [X] S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-14 21:28 - 2014-08-14 21:28 - 00000768 _____ () C:\Users\Oliver\Desktop\JRT.txt 2014-08-14 21:28 - 2014-08-14 21:28 - 00000768 _____ () C:\Users\Oliver\Desktop\JRT.txe.txt 2014-08-14 21:17 - 2014-08-14 21:17 - 00001266 _____ () C:\Users\Oliver\Desktop\AdwCleaner[S1].txt 2014-08-14 21:06 - 2014-08-14 21:06 - 00002527 _____ () C:\Users\Oliver\Desktop\mbam.txt.txt 2014-08-14 20:47 - 2014-08-14 21:20 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-14 20:47 - 2014-08-14 20:47 - 01356107 _____ () C:\Users\Oliver\Desktop\adwcleaner_3.305.exe 2014-08-14 20:47 - 2014-08-14 20:47 - 01016261 _____ (Thisisu) C:\Users\Oliver\Desktop\JRT.exe 2014-08-14 20:45 - 2014-08-14 20:45 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Oliver\Desktop\mbam-setup-2.0.2.1012.exe 2014-08-14 20:45 - 2014-08-14 20:45 - 00001060 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-08-14 20:45 - 2014-08-14 20:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-08-14 20:45 - 2014-08-14 20:45 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-08-14 20:45 - 2014-08-14 20:45 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-08-14 20:45 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-08-14 20:45 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-08-14 20:45 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-08-13 21:48 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll 2014-08-13 21:48 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe 2014-08-13 21:48 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe 2014-08-13 21:48 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll 2014-08-13 19:32 - 2014-08-13 19:32 - 00019705 _____ () C:\ComboFix.txt 2014-08-13 19:14 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-08-13 19:14 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-08-13 19:14 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-08-13 19:14 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-08-13 19:14 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-08-13 19:14 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe 2014-08-13 19:14 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe 2014-08-13 19:14 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe 2014-08-13 19:12 - 2014-08-13 19:12 - 05569662 ____R (Swearware) C:\Users\Oliver\Desktop\ComboFix.exe 2014-08-13 19:06 - 2014-08-13 19:32 - 00000000 ____D () C:\Qoobox 2014-08-13 19:06 - 2014-08-13 19:31 - 00000000 ____D () C:\Windows\erdnt 2014-08-13 17:31 - 2014-08-13 17:31 - 00000176 _____ () C:\Users\Oliver\defogger_reenable 2014-08-13 17:07 - 2014-08-13 17:07 - 00144584 _____ () C:\Windows\Minidump\081314-16676-01.dmp 2014-08-13 17:00 - 2014-08-14 21:30 - 00000000 ____D () C:\FRST 2014-08-13 16:59 - 2014-08-13 19:33 - 00000000 ____D () C:\Users\Oliver\Desktop\Virus 2014-08-12 18:32 - 2014-08-12 18:32 - 00000000 ____D () C:\Program Files\ESET 2014-08-12 18:26 - 2014-08-12 18:26 - 00000000 ____D () C:\Windows\ERUNT 2014-08-10 12:59 - 2014-08-12 17:57 - 00000000 ____D () C:\Windows\AutoKMS 2014-08-09 20:29 - 2014-08-09 20:38 - 238945732 _____ () C:\Users\Oliver\Desktop\PLANET E_ ABENTEUER - MALLORCA, TEIL 1.avi 2014-08-09 20:19 - 2014-08-09 20:29 - 230164014 _____ () C:\Users\Oliver\Desktop\PLANET E_ ABENTEUER - MALLORCA, TEIL 2.avi 2014-08-09 18:33 - 2014-08-10 11:09 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\Skype 2014-08-09 18:33 - 2014-08-10 11:09 - 00000000 ____D () C:\ProgramData\Skype 2014-08-09 18:33 - 2014-08-09 18:33 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Skype 2014-08-09 18:32 - 2014-08-09 18:32 - 00002176 _____ () C:\Users\Public\Desktop\Free YouTube Download.lnk 2014-08-08 20:27 - 2014-08-08 20:27 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER 2014-08-07 17:39 - 2014-08-07 17:39 - 00367576 _____ () C:\Windows\Minidump\080714-19905-01.dmp 2014-07-31 21:40 - 2014-07-31 21:40 - 00367568 _____ () C:\Windows\Minidump\073114-20872-01.dmp 2014-07-29 21:49 - 2014-07-29 21:49 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-07-19 21:20 - 2014-07-20 12:24 - 00000000 ____D () C:\Users\Oliver\Desktop\Urlaub 2014-07-17 22:13 - 2014-07-17 22:15 - 00000000 ____D () C:\Users\Oliver\Desktop\backup 2014-07-17 22:13 - 2014-07-17 22:13 - 00000000 ____D () C:\Users\Oliver\Desktop\converted 2014-07-17 22:13 - 2014-07-17 22:13 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Tempde97d1ecad57e6a299c82b803e0e23e1______ 2014-07-17 22:13 - 2014-07-17 22:13 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Tempb3e4a92b2fa33cb7a7281f2eb2a6c78e___ 2014-07-17 22:05 - 2014-07-17 22:05 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Tempb3e4a92b2fa33cb7a7281f2eb2a6c78e__ 2014-07-17 22:04 - 2014-07-17 22:04 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Tempde97d1ecad57e6a299c82b803e0e23e1_____ 2014-07-17 22:02 - 2014-07-17 22:02 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Tempde97d1ecad57e6a299c82b803e0e23e1____ 2014-07-17 21:34 - 2014-07-17 21:34 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Tempb3e4a92b2fa33cb7a7281f2eb2a6c78e_ 2014-07-17 21:32 - 2014-07-17 21:32 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Tempde97d1ecad57e6a299c82b803e0e23e1___ 2014-07-17 21:31 - 2014-07-17 22:15 - 00000223 _____ () C:\Users\Oliver\Desktop\WhatsAppMigrator.conf 2014-07-17 21:30 - 2014-07-17 21:30 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Tempde97d1ecad57e6a299c82b803e0e23e1__ 2014-07-17 21:03 - 2014-07-17 21:03 - 00371736 _____ () C:\Windows\Minidump\071714-27690-01.dmp 2014-07-17 20:49 - 2014-07-17 20:49 - 00002013 _____ () C:\Users\Oliver\Desktop\iDevice Manager.lnk 2014-07-17 20:49 - 2014-07-17 20:49 - 00000000 ____D () C:\Users\Oliver\AppData\Local\IsolatedStorage 2014-07-17 20:49 - 2014-07-17 20:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iDevice Manager 2014-07-17 20:49 - 2014-07-17 20:49 - 00000000 ____D () C:\Program Files\iDevice Manager 2014-07-17 20:47 - 2014-07-17 20:47 - 00961360 _____ (Chip Digital GmbH) C:\Users\Oliver\Desktop\iDevice Manager iPhone Explorer - CHIP-Installer.exe 2014-07-17 20:34 - 2014-07-17 20:42 - 00000000 ____D () C:\Users\Oliver\AppData\Local\pangu 2014-07-17 20:33 - 2014-07-17 20:34 - 35956160 _____ () C:\Users\Oliver\Desktop\Pangu_v1.1.exe 2014-07-17 20:23 - 2014-07-17 20:23 - 00001753 _____ () C:\Users\Public\Desktop\iTunes.lnk 2014-07-17 20:23 - 2014-07-17 20:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2014-07-17 20:22 - 2014-07-17 20:23 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 2014-07-17 20:22 - 2014-07-17 20:23 - 00000000 ____D () C:\Program Files\iTunes 2014-07-17 20:22 - 2014-07-17 20:22 - 00000000 ____D () C:\Program Files\iPod 2014-07-17 19:27 - 2014-07-17 22:12 - 00000000 ____D () C:\Users\Oliver\Desktop\Whatsapp 2014-07-17 19:24 - 2014-07-19 19:22 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\GHISLER 2014-07-17 19:21 - 2014-07-17 19:21 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Tempde97d1ecad57e6a299c82b803e0e23e1_ 2014-07-17 19:21 - 2014-07-17 19:21 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Tempd60233d1130df8bd03cd6d2e3c2fc7d1 2014-07-17 19:21 - 2014-07-17 19:21 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Tempb3e4a92b2fa33cb7a7281f2eb2a6c78e 2014-07-17 19:21 - 2014-07-17 19:21 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Temp82152e590ca5570bb7bf75cfa8125e90 2014-07-17 19:18 - 2014-07-17 22:16 - 00004078 _____ () C:\Users\Oliver\Desktop\WhatsAppMigrator.log 2014-07-17 19:18 - 2014-07-17 19:18 - 00000000 ____D () C:\Users\Oliver\ChromeExtensions 2014-07-17 19:18 - 2014-07-17 19:18 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Tempde97d1ecad57e6a299c82b803e0e23e1 ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-14 21:30 - 2014-08-13 17:00 - 00000000 ____D () C:\FRST 2014-08-14 21:28 - 2014-08-14 21:28 - 00000768 _____ () C:\Users\Oliver\Desktop\JRT.txt 2014-08-14 21:28 - 2014-08-14 21:28 - 00000768 _____ () C:\Users\Oliver\Desktop\JRT.txe.txt 2014-08-14 21:26 - 2009-07-14 06:34 - 00016944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-08-14 21:26 - 2009-07-14 06:34 - 00016944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-08-14 21:22 - 2014-02-08 18:59 - 01264732 _____ () C:\Windows\WindowsUpdate.log 2014-08-14 21:20 - 2014-08-14 20:47 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-14 21:20 - 2014-02-08 21:00 - 00000000 ___RD () C:\Users\Oliver\Dropbox 2014-08-14 21:20 - 2014-02-08 20:57 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\Dropbox 2014-08-14 21:19 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-08-14 21:19 - 2009-07-14 06:39 - 00047864 _____ () C:\Windows\setupact.log 2014-08-14 21:17 - 2014-08-14 21:17 - 00001266 _____ () C:\Users\Oliver\Desktop\AdwCleaner[S1].txt 2014-08-14 21:16 - 2014-02-10 20:11 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-08-14 21:16 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-08-14 21:10 - 2014-02-09 11:38 - 00026024 _____ () C:\Windows\PFRO.log 2014-08-14 21:09 - 2013-11-13 18:28 - 00000000 ____D () C:\AdwCleaner 2014-08-14 21:06 - 2014-08-14 21:06 - 00002527 _____ () C:\Users\Oliver\Desktop\mbam.txt.txt 2014-08-14 20:56 - 2009-07-14 10:56 - 00000000 __SHD () C:\Windows\BitLockerDiscoveryVolumeContents 2014-08-14 20:47 - 2014-08-14 20:47 - 01356107 _____ () C:\Users\Oliver\Desktop\adwcleaner_3.305.exe 2014-08-14 20:47 - 2014-08-14 20:47 - 01016261 _____ (Thisisu) C:\Users\Oliver\Desktop\JRT.exe 2014-08-14 20:45 - 2014-08-14 20:45 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Oliver\Desktop\mbam-setup-2.0.2.1012.exe 2014-08-14 20:45 - 2014-08-14 20:45 - 00001060 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-08-14 20:45 - 2014-08-14 20:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-08-14 20:45 - 2014-08-14 20:45 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-08-14 20:45 - 2014-08-14 20:45 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-08-14 20:44 - 2014-02-16 18:38 - 00000000 ____D () C:\Users\Oliver\Desktop\Börsenkurse 2014-08-13 21:51 - 2014-02-09 10:57 - 00000000 ____D () C:\Windows\system32\MRT 2014-08-13 21:49 - 2014-02-09 10:57 - 96303304 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-08-13 21:49 - 2014-02-09 10:37 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-08-13 21:48 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE 2014-08-13 21:45 - 2014-02-08 20:31 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\KeePass 2014-08-13 19:33 - 2014-08-13 16:59 - 00000000 ____D () C:\Users\Oliver\Desktop\Virus 2014-08-13 19:32 - 2014-08-13 19:32 - 00019705 _____ () C:\ComboFix.txt 2014-08-13 19:32 - 2014-08-13 19:06 - 00000000 ____D () C:\Qoobox 2014-08-13 19:32 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Default 2014-08-13 19:32 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public 2014-08-13 19:31 - 2014-08-13 19:06 - 00000000 ____D () C:\Windows\erdnt 2014-08-13 19:29 - 2009-07-14 04:04 - 00000215 _____ () C:\Windows\system.ini 2014-08-13 19:24 - 2009-07-14 04:03 - 57409536 _____ () C:\Windows\system32\config\SOFTWARE.bak 2014-08-13 19:24 - 2009-07-14 04:03 - 17301504 _____ () C:\Windows\system32\config\SYSTEM.bak 2014-08-13 19:24 - 2009-07-14 04:03 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak 2014-08-13 19:24 - 2009-07-14 04:03 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak 2014-08-13 19:24 - 2009-07-14 04:03 - 00262144 _____ () C:\Windows\system32\config\SAM.bak 2014-08-13 19:23 - 2014-02-08 19:32 - 00000000 ____D () C:\Users\Oliver 2014-08-13 19:12 - 2014-08-13 19:12 - 05569662 ____R (Swearware) C:\Users\Oliver\Desktop\ComboFix.exe 2014-08-13 17:31 - 2014-08-13 17:31 - 00000176 _____ () C:\Users\Oliver\defogger_reenable 2014-08-13 17:30 - 2014-02-08 19:13 - 01628044 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-08-13 17:07 - 2014-08-13 17:07 - 00144584 _____ () C:\Windows\Minidump\081314-16676-01.dmp 2014-08-13 17:07 - 2014-03-16 15:02 - 00000000 ____D () C:\Windows\Minidump 2014-08-13 17:07 - 2014-03-16 15:01 - 357774381 _____ () C:\Windows\MEMORY.DMP 2014-08-12 18:32 - 2014-08-12 18:32 - 00000000 ____D () C:\Program Files\ESET 2014-08-12 18:26 - 2014-08-12 18:26 - 00000000 ____D () C:\Windows\ERUNT 2014-08-12 17:57 - 2014-08-10 12:59 - 00000000 ____D () C:\Windows\AutoKMS 2014-08-10 12:18 - 2014-03-02 14:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP 2014-08-10 12:18 - 2014-03-02 14:52 - 00001797 _____ () C:\ProgramData\hpzinstall.log 2014-08-10 12:18 - 2014-03-02 14:52 - 00000000 ____D () C:\Program Files\HP 2014-08-10 11:09 - 2014-08-09 18:33 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\Skype 2014-08-10 11:09 - 2014-08-09 18:33 - 00000000 ____D () C:\ProgramData\Skype 2014-08-09 21:18 - 2009-07-14 04:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories 2014-08-09 20:38 - 2014-08-09 20:29 - 238945732 _____ () C:\Users\Oliver\Desktop\PLANET E_ ABENTEUER - MALLORCA, TEIL 1.avi 2014-08-09 20:29 - 2014-08-09 20:19 - 230164014 _____ () C:\Users\Oliver\Desktop\PLANET E_ ABENTEUER - MALLORCA, TEIL 2.avi 2014-08-09 18:39 - 2014-06-07 09:13 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\vlc 2014-08-09 18:33 - 2014-08-09 18:33 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Skype 2014-08-09 18:33 - 2014-06-01 12:03 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\DVDVideoSoft 2014-08-09 18:32 - 2014-08-09 18:32 - 00002176 _____ () C:\Users\Public\Desktop\Free YouTube Download.lnk 2014-08-09 18:32 - 2014-06-01 12:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft 2014-08-09 18:32 - 2014-06-01 12:05 - 00000000 ____D () C:\Program Files\DVDVideoSoft 2014-08-09 18:32 - 2014-06-01 12:05 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft 2014-08-08 20:34 - 2014-02-08 19:48 - 00110056 _____ () C:\Users\Oliver\AppData\Local\GDIPFONTCACHEV1.DAT 2014-08-08 20:33 - 2009-07-14 06:33 - 00410352 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-08-08 20:27 - 2014-08-08 20:27 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER 2014-08-08 20:27 - 2014-02-09 10:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint 2014-08-08 20:27 - 2014-02-09 10:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2014-08-08 20:26 - 2009-07-14 10:56 - 00000000 ____D () C:\Windows\ShellNew 2014-08-08 20:26 - 2009-07-14 06:52 - 00000000 ____D () C:\Program Files\MSBuild 2014-08-08 20:26 - 2009-07-14 04:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared 2014-08-08 20:23 - 2009-07-14 04:04 - 00000615 _____ () C:\Windows\win.ini 2014-08-07 17:39 - 2014-08-07 17:39 - 00367576 _____ () C:\Windows\Minidump\080714-19905-01.dmp 2014-08-04 19:14 - 2009-07-14 06:52 - 00000000 ____D () C:\Windows\system32\FxsTmp 2014-07-31 21:40 - 2014-07-31 21:40 - 00367568 _____ () C:\Windows\Minidump\073114-20872-01.dmp 2014-07-31 17:14 - 2014-02-08 19:45 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-07-29 21:49 - 2014-07-29 21:49 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-07-29 13:02 - 2009-07-14 06:53 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-07-29 08:04 - 2014-02-09 13:50 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-07-28 18:40 - 2014-02-09 13:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2014-07-28 18:11 - 2014-02-08 20:58 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-07-28 18:11 - 2013-01-03 18:51 - 00001021 _____ () C:\Users\Oliver\Desktop\Dropbox.lnk 2014-07-20 21:40 - 2014-03-10 18:59 - 00001060 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk 2014-07-20 21:40 - 2014-03-10 18:59 - 00001048 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk 2014-07-20 16:17 - 2014-02-08 20:55 - 00000000 ____D () C:\Users\Oliver\Documents\Meine Scans 2014-07-20 12:24 - 2014-07-19 21:20 - 00000000 ____D () C:\Users\Oliver\Desktop\Urlaub 2014-07-19 19:22 - 2014-07-17 19:24 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\GHISLER 2014-07-17 22:31 - 2014-04-19 17:28 - 00000000 ____D () C:\Program Files\i-Funbox DevTeam 2014-07-17 22:16 - 2014-07-17 19:18 - 00004078 _____ () C:\Users\Oliver\Desktop\WhatsAppMigrator.log 2014-07-17 22:15 - 2014-07-17 22:13 - 00000000 ____D () C:\Users\Oliver\Desktop\backup 2014-07-17 22:15 - 2014-07-17 21:31 - 00000223 _____ () C:\Users\Oliver\Desktop\WhatsAppMigrator.conf 2014-07-17 22:13 - 2014-07-17 22:13 - 00000000 ____D () C:\Users\Oliver\Desktop\converted 2014-07-17 22:13 - 2014-07-17 22:13 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Tempde97d1ecad57e6a299c82b803e0e23e1______ 2014-07-17 22:13 - 2014-07-17 22:13 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Tempb3e4a92b2fa33cb7a7281f2eb2a6c78e___ 2014-07-17 22:12 - 2014-07-17 19:27 - 00000000 ____D () C:\Users\Oliver\Desktop\Whatsapp 2014-07-17 22:05 - 2014-07-17 22:05 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Tempb3e4a92b2fa33cb7a7281f2eb2a6c78e__ 2014-07-17 22:04 - 2014-07-17 22:04 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Tempde97d1ecad57e6a299c82b803e0e23e1_____ 2014-07-17 22:02 - 2014-07-17 22:02 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Tempde97d1ecad57e6a299c82b803e0e23e1____ 2014-07-17 21:34 - 2014-07-17 21:34 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Tempb3e4a92b2fa33cb7a7281f2eb2a6c78e_ 2014-07-17 21:32 - 2014-07-17 21:32 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Tempde97d1ecad57e6a299c82b803e0e23e1___ 2014-07-17 21:30 - 2014-07-17 21:30 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Tempde97d1ecad57e6a299c82b803e0e23e1__ 2014-07-17 21:11 - 2014-04-19 17:28 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\iFunbox_UserCache 2014-07-17 21:03 - 2014-07-17 21:03 - 00371736 _____ () C:\Windows\Minidump\071714-27690-01.dmp 2014-07-17 20:49 - 2014-07-17 20:49 - 00002013 _____ () C:\Users\Oliver\Desktop\iDevice Manager.lnk 2014-07-17 20:49 - 2014-07-17 20:49 - 00000000 ____D () C:\Users\Oliver\AppData\Local\IsolatedStorage 2014-07-17 20:49 - 2014-07-17 20:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iDevice Manager 2014-07-17 20:49 - 2014-07-17 20:49 - 00000000 ____D () C:\Program Files\iDevice Manager 2014-07-17 20:47 - 2014-07-17 20:47 - 00961360 _____ (Chip Digital GmbH) C:\Users\Oliver\Desktop\iDevice Manager iPhone Explorer - CHIP-Installer.exe 2014-07-17 20:42 - 2014-07-17 20:34 - 00000000 ____D () C:\Users\Oliver\AppData\Local\pangu 2014-07-17 20:34 - 2014-07-17 20:33 - 35956160 _____ () C:\Users\Oliver\Desktop\Pangu_v1.1.exe 2014-07-17 20:23 - 2014-07-17 20:23 - 00001753 _____ () C:\Users\Public\Desktop\iTunes.lnk 2014-07-17 20:23 - 2014-07-17 20:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2014-07-17 20:23 - 2014-07-17 20:22 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 2014-07-17 20:23 - 2014-07-17 20:22 - 00000000 ____D () C:\Program Files\iTunes 2014-07-17 20:22 - 2014-07-17 20:22 - 00000000 ____D () C:\Program Files\iPod 2014-07-17 20:22 - 2014-05-04 11:48 - 00000000 ____D () C:\Program Files\Common Files\Apple 2014-07-17 19:21 - 2014-07-17 19:21 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Tempde97d1ecad57e6a299c82b803e0e23e1_ 2014-07-17 19:21 - 2014-07-17 19:21 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Tempd60233d1130df8bd03cd6d2e3c2fc7d1 2014-07-17 19:21 - 2014-07-17 19:21 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Tempb3e4a92b2fa33cb7a7281f2eb2a6c78e 2014-07-17 19:21 - 2014-07-17 19:21 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Temp82152e590ca5570bb7bf75cfa8125e90 2014-07-17 19:19 - 2014-07-13 12:10 - 00000000 ____D () C:\Users\Oliver\.gimp-2.8 2014-07-17 19:18 - 2014-07-17 19:18 - 00000000 ____D () C:\Users\Oliver\ChromeExtensions 2014-07-17 19:18 - 2014-07-17 19:18 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Tempde97d1ecad57e6a299c82b803e0e23e1 2014-07-16 22:01 - 2014-02-08 20:14 - 00001075 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk 2014-07-16 22:01 - 2014-02-08 20:14 - 00000000 ____D () C:\Program Files\KeePass Password Safe 2 2014-07-16 22:01 - 2013-10-20 11:29 - 00001063 _____ () C:\Users\Oliver\Desktop\KeePass 2.lnk 2014-07-15 21:30 - 2014-06-13 16:10 - 00000000 ____D () C:\Users\Oliver\Desktop\WM Some content of TEMP: ==================== C:\Users\Oliver\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnntjw5.dll C:\Users\Oliver\AppData\Local\temp\Quarantine.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-08-07 18:05 ==================== End Of Log ============================ --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version:13-08-2014
Ran by Oliver at 2014-08-14 21:31:32
Running from C:\Users\Oliver\Desktop\Virus\FRST
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Disabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Disabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
32 Bit HP CIO Components Installer (Version: 6.1.1 - Hewlett-Packard) Hidden
7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )
Adobe Flash Player 10 ActiveX (HKLM\...\{B7B3E9B3-FB14-4927-894B-E9124509AF5A}) (Version: 10.0.32.18 - Adobe Systems, Inc.)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
AIO_Scan (Version: 130.0.365.000 - Hewlett-Packard) Hidden
AMD Accelerated Video Transcoding (Version: 13.20.100.31206 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (Version: 2013.1206.1603.28764 - Ihr Firmenname) Hidden
AMD Catalyst Install Manager (HKLM\...\{C2796CF4-6517-00C1-9F70-6A9C50680D29}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.81206.1620 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (HKLM\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{941B4CE7-3F5D-443E-A8B7-56A420D2EAFD}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden
calibre (HKLM\...\{B5D724AD-AC50-46B4-AAA7-62EF18F0CDFE}) (Version: 1.44.0 - Kovid Goyal)
Catalyst Control Center - Branding (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
ccc-utility (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4478 - CDBurnerXP)
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
CloudReading (HKLM\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.1.47.1220 - Foxit Corporation)
Copy (Version: 130.0.428.000 - Hewlett-Packard) Hidden
Creo Elements/Direct Modeling Express 4.0 (HKLM\...\{B4531C1A-9721-416A-A3BD-C0C600155176}) (Version: 40.0.10020 - Parametric Technology GmbH)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5C78021E-3C8E-4EDF-97EA-E9B8D808FD6D}) (Version: - Microsoft)
Destinations (Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 130.0.465.000 - Hewlett-Packard) Hidden
DJ_AIO_ProductContext (Version: 130.0.365.000 - Hewlett-Packard) Hidden
DJ_AIO_Software (Version: 130.0.365.000 - Hewlett-Packard) Hidden
DJ_AIO_Software_min (Version: 130.0.365.000 - Hewlett-Packard) Hidden
dreamboxEDIT -- The one and only settings editor for your Dreambox (HKLM\...\dreamboxEDIT) (Version: - )
Dropbox (HKCU\...\Dropbox) (Version: 2.10.3 - Dropbox, Inc.)
EasyBCD 2.2 (HKLM\...\EasyBCD) (Version: 2.2 - NeoSmart Technologies)
EPU-6 Engine (HKLM\...\{56B83336-FBC1-4C46-8613-90A9E3B440D6}) (Version: 1.01.14 - )
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
F2100 (Version: 130.0.365.000 - Hewlett-Packard) Hidden
F2100_Help (Version: 90.0.222.000 - Hewlett-Packard) Hidden
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 6.1.2.1224 - Foxit Corporation)
Free WMA to MP3 Converter 1.16 (HKLM\...\Free WMA to MP3 Converter_is1) (Version: - Jodix Technologies Ltd.)
Free YouTube Download version 3.2.43.806 (HKLM\...\Free YouTube Download_is1) (Version: 3.2.43.806 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.38.530 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.38.530 - DVDVideoSoft Ltd.)
FRITZ!Box-Fernzugang einrichten (HKLM\...\{EFADD989-D9F2-49F6-A280-675951CC78D3}) (Version: 1.0.3 - AVM Berlin)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Designjet 3D Software Solution 1.1 (HKLM\...\{3100A54E-7256-4D77-96B6-F51E910425F4}) (Version: 1.1 - Hewlett-Packard)
HP Deskjet All-In-One Driver Software 13.0 Rel. 1 (HKLM\...\{EB773820-0871-46A8-9B96-F2B04F8B34F0}) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
HPPhotoGadget (Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden
iFunbox (v2.7.2386.747), iFunbox DevTeam (HKLM\...\iFunbox_is1) (Version: v2.7.2386.747 - )
iTunes (HKLM\...\{0A37EE62-9A58-420D-90CC-4E52153112EE}) (Version: 11.3.0.54 - Apple Inc.)
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KeePass Password Safe 2.27 (HKLM\...\KeePassPasswordSafe2_is1) (Version: 2.27 - Dominik Reichl)
LightScribe System Software (HKLM\...\{F132000C-1CBA-458F-BF2F-FD43D59410F9}) (Version: 1.18.27.10 - LightScribe)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MarketResearch (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (Version: 2.2.173.0 - Microsoft Corporation) Hidden
Mozilla Firefox 31.0 (x86 de) (HKLM\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero ControlCenter (Version: 11.0.15500 - Nero AG) Hidden
Nero ControlCenter Help (CHM) (Version: 12.0.7000 - Nero AG) Hidden
Nero Core Components (Version: 11.0.20200 - Nero AG) Hidden
Nero CoverDesigner (HKLM\...\{3143E3EB-17A5-48F9-90FC-D7CA556CA210}) (Version: 12.0.01500 - Nero AG)
Nero CoverDesigner (Version: 12.0.10003 - Nero AG) Hidden
Nero CoverDesigner Help (CHM) (Version: 12.0.2000 - Nero AG) Hidden
Nero Update (Version: 11.0.11800.31.0 - Nero AG) Hidden
Prerequisite installer (Version: 12.0.0003 - Nero AG) Hidden
REALTEK Wireless LAN Driver and Utility (HKLM\...\{9C049499-055C-4a0c-A916-1D8CA1FF45EB}) (Version: 1.00.0175 - )
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.14044_15 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.6.3.14044_15 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.43.0 - SAMSUNG Electronics Co., Ltd.)
Scan (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version: - Microsoft) Hidden
SmartWebPrinting (Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (Version: 130.0.469.000 - Hewlett-Packard) Hidden
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.29947 - TeamViewer)
TIPP10 Version 2.1.0 (HKLM\...\TIPP10_is1) (Version: - (c) 2006-2011, Tom Thielicke IT Solutions)
Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (Version: 130.0.422.000 - Hewlett-Packard) Hidden
UnloadSupport (Version: 11.0.0 - Hewlett-Packard) Hidden
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4ACD847E-547D-493F-9A86-F73EAE1B5174}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{4B93560B-F33D-4A67-A224-F5E1C329BD22}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{EAD7BEF9-B28C-425F-B2C5-538CB27EF013}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version: - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version: - Microsoft)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX control for remote connections (HKLM\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-956886985-2695973545-304803630-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Oliver\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-956886985-2695973545-304803630-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Oliver\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-956886985-2695973545-304803630-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Oliver\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-956886985-2695973545-304803630-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-956886985-2695973545-304803630-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-956886985-2695973545-304803630-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-956886985-2695973545-304803630-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-956886985-2695973545-304803630-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-956886985-2695973545-304803630-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-956886985-2695973545-304803630-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-956886985-2695973545-304803630-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
==================== Restore Points =========================
01-08-2014 18:43:56 Windows Update
05-08-2014 19:27:19 Windows Update
08-08-2014 18:21:18 Configured Microsoft Office Professional Plus 2010
10-08-2014 09:03:10 Windows Update
10-08-2014 09:09:26 Removed Skype™ 6.18
10-08-2014 10:02:55 Uniblue SpeedUpMyPC installation
13-08-2014 17:14:46 ComboFix created restore point
13-08-2014 17:40:44 Windows Update
13-08-2014 19:45:35 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:04 - 2014-08-13 19:28 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {1E53F79C-86D1-4F91-A72E-5C16E03333B0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {20777A6D-966D-41ED-8DCA-97B01DB18C99} - System32\Tasks\ASUS\ASUS SIX Engine => C:\Program Files\ASUS\EPU-6 Engine\SixEngine.exe [2009-05-25] ()
Task: {3C0228AF-F8E5-4205-B9C4-5BDE4AE1C940} - \AutoKMS No Task File <==== ATTENTION
Task: {3E423C2E-9348-41D3-AF66-B84627CD3870} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {5A44A6F8-E1A4-43C5-9F9E-C93159962FDA} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {63225ABD-F84F-4C8F-8F4F-8704FADC65CE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)
Task: {9612E598-CC56-4176-B702-4381D362F24C} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {A7766A69-D134-4673-9E4A-D76784D0423A} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {E01649FF-E8C1-4508-98C3-A412E8630422} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2014-02-06 00:52 - 2014-02-06 00:52 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 00:52 - 2014-02-06 00:52 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-02-09 10:56 - 2009-05-25 11:33 - 06017024 _____ () C:\Program Files\ASUS\EPU-6 Engine\SixEngine.exe
2014-02-09 10:56 - 2009-04-22 21:20 - 00179712 _____ () C:\Program Files\ASUS\EPU-6 Engine\ASUSSERVICE.DLL
2014-02-09 10:56 - 2009-04-20 14:55 - 00565248 _____ () C:\Program Files\ASUS\EPU-6 Engine\pngio.dll
2014-02-09 10:56 - 2006-01-10 17:50 - 00024576 _____ () C:\Windows\system32\AsIo.dll
2014-02-09 10:56 - 2009-04-20 14:55 - 00053248 _____ () C:\Program Files\ASUS\EPU-6 Engine\AsSpindownTimeout.dll
2014-02-09 10:56 - 2009-04-02 13:27 - 00090112 _____ () C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
2014-08-14 21:19 - 2014-08-14 21:19 - 00043008 _____ () c:\users\oliver\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnntjw5.dll
2013-10-19 01:55 - 2013-10-19 01:55 - 25100288 _____ () C:\Users\Oliver\AppData\Roaming\Dropbox\bin\libcef.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-02-08 19:42 - 2009-12-09 22:20 - 00126976 _____ () C:\Program Files\REALTEK\11n USB Wireless LAN Utility\EnumDevLib.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\Oliver\Desktop\2014-05-25 14.58.09.jpg:com.dropbox.attributes
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Oliver^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk => C:\Windows\pss\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk.Startup
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: HP Software Update => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: hpqSRMon => C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
MSCONFIG\startupreg: StartCCC => "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe" MSRun
==================== Faulty Device Manager Devices =============
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz
Percentage of memory in use: 31%
Total physical RAM: 3327.05 MB
Available physical RAM: 2270.32 MB
Total Pagefile: 6652.4 MB
Available Pagefile: 5447.41 MB
Total Virtual: 2047.88 MB
Available Virtual: 1918.66 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:365.16 GB) (Free:122.87 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: () (Fixed) (Total:465.76 GB) (Free:98.37 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 149 GB) (Disk ID: 000148CA)
Partition 1: (Active) - (Size=145 GB) - (Type=83)
Partition 2: (Not Active) - (Size=4 GB) - (Type=05)
========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: BA51F4EA)
Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 16251625)
Partition 1: (Active) - (Size=365 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=101 GB) - (Type=05)
==================== End Of Log ============================
Oliver |
|
15.08.2014, 18:51
| #6 |
| /// the machine /// TB-Ausbilder | Windows7 Firefox öffnet ständig neue Tabs mit WerbungESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ --> Windows7 Firefox öffnet ständig neue Tabs mit Werbung |
|
17.08.2014, 10:25
| #7 |
| | Windows7 Firefox öffnet ständig neue Tabs mit Werbung So, der Eset-Scan ging ewig (>12h). Wurde laut Meldung vom Benutzer abgebochen. Hab es 3x versucht und stelle jetzt mal die vorhandene Log-Datei, so wie sie ist, ein. Wenns nicht passt, bitte darauf hinweisen. Die Logs befinden sich auf Grund deren Größe im Anhang. Problem scheint behoben zu sein. Es öffnen sich keine Werbeseiten mehr. Schönes Wochenende. |
|
17.08.2014, 14:56
| #8 |
| /// the machine /// TB-Ausbilder | Windows7 Firefox öffnet ständig neue Tabs mit Werbung Hi, Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen. Ich kann auf Arbeit keine Anhänge öffnen, danke.  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
17.08.2014, 16:42
| #9 |
| | Windows7 Firefox öffnet ständig neue Tabs mit Werbung Geht klar: Eset Log: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=8b4568929386e042aa3f864c5cacea44
# engine=19620
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-08-12 04:43:33
# local_time=2014-08-12 06:43:33 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 10366955 30842207 0 0
# scanned=23296
# found=37
# cleaned=0
# scan_time=494
sh=51D579890A2F49E16DF7C03E596B15042E71925E ft=1 fh=167bbb57c2380519 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-956886985-2695973545-304803630-1000\$R2YSKJ4.exe"
sh=C4A5027F432215592CD578A8038D130770E9D757 ft=1 fh=18755ea5e795c0db vn="Variante von Win32/WinloadSDA.D evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-956886985-2695973545-304803630-1000\$R34W8JM.exe"
sh=57339B0F03749C8CF27D462BC5E736676C21C881 ft=1 fh=c71c0011e8464a4f vn="Variante von Win32/InstallCore.JW evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-956886985-2695973545-304803630-1000\$R5N0YR6.exe"
sh=9A7C9D6B7A556223DC67C538C302E328C6397289 ft=1 fh=2f2c381ee726585c vn="Variante von Win32/Amonetize.BK evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-956886985-2695973545-304803630-1000\$RBY9Z3Z.exe"
sh=9A7C9D6B7A556223DC67C538C302E328C6397289 ft=1 fh=2f2c381ee726585c vn="Variante von Win32/Amonetize.BK evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-956886985-2695973545-304803630-1000\$RH2ZMES.exe"
sh=234BCCD5A75A9847244168909E3C2942E094D034 ft=1 fh=f6557c3cda454e9e vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-956886985-2695973545-304803630-1000\$RSYI3FC.exe"
sh=8AF303BBEAD395DD3F72F48E9CA83EE29ED777CA ft=1 fh=8d8a56a9e7fdfd1b vn="Variante von Win32/Amonetize.BL evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-956886985-2695973545-304803630-1000\$RUSIC2S.exe"
sh=E750C443A83F9B135B499E7917C5A93120384BB3 ft=1 fh=4eedbac881d1fc72 vn="Win32/DownWare.L evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-956886985-2695973545-304803630-1000\$RV3YHC0.exe"
sh=B322363C3A207AC434F69151A51910359879710C ft=1 fh=1917a6c45b120574 vn="Variante von Win32/InstallCore.PC evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-956886985-2695973545-304803630-1000\$RZNUSLK.exe"
sh=D1337408DE8FC6409BCB0F52A3F84F2863A94C40 ft=1 fh=b4f71a4e9c68bca5 vn="Win32/DealPly.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\DealPlyLive\Update\1.3.23.0\DealPlyLiveBroker.exe.vir"
sh=E1124A98F09A6EBCE59FEA2E918FFE2DCB245146 ft=1 fh=c29d58234e843b86 vn="Win32/DealPly.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\DealPlyLive\Update\1.3.23.0\DealPlyLiveOnDemand.exe.vir"
sh=A658B92B519F7898937EE2AE8CF53A62F620C923 ft=1 fh=7f9bfa912e5e181c vn="Win32/DealPly.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\DealPlyLive\Update\1.3.23.0\goopdate.dll.vir"
sh=6D00C85C60CAF98D39E5CD07AACE53C757A99C49 ft=1 fh=ed4a7cab0d6835d6 vn="Win32/DealPly.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\DealPlyLive\Update\1.3.23.0\goopdateres_ru.dll.vir"
sh=7489D541CA03F640A02B20A33A88C70691D689D5 ft=1 fh=5216003ac57facf4 vn="Win32/DealPly.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll.vir"
sh=0652CF8AA5ACCADDDD31EE32521742F0CF6A62B0 ft=1 fh=6730b7aa2ee36939 vn="Win32/DealPly.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\DealPlyLive\Update\1.3.23.0\psmachine.dll.vir"
sh=C7C0F42A23562AA6DCCD60326FD8CC2AA41B5448 ft=1 fh=c053642cee9f3def vn="Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\DpInterface32.dll.vir"
sh=9DC13DB9C123270C2356ED410128E11D5ADF7C6E ft=1 fh=023ab782f0a9b07d vn="Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\SupTab.dll.vir"
sh=246DDBC3A2C223A6B9072637D93DC2A2832D097A ft=1 fh=c71c0011b04f613a vn="Win32/Toolbar.Babylon.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\DSearchLink\DSearchLink.exe.vir"
sh=56659F7FF1F1FA7906A77228E315F65F38BCEF73 ft=1 fh=0ff759dfc352fd03 vn="Variante von Win32/ELEX.AV evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\IePluginServices\PluginService.exe.vir"
sh=E3F8B8FE0BBC22CBB743C688ED79E0BF73FCCFE5 ft=1 fh=a81abe411291deb5 vn="Variante von Win32/Somoto.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\Local\FilesFrog Update Checker\update_checker.exe.vir"
sh=33E5392D35B724ECF66AA36489157C066FDDC8F6 ft=0 fh=0000000000000000 vn="Win32/DealPly.J evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejnmnhkgiphcaeefbaooconkceehicfi\3.5.0.0_0\background.js.vir"
sh=91F440A8F2A0FFC91EDA87FE5410B93141B1C6B0 ft=1 fh=1ce5d7cf83504dfe vn="Win32/Toolbar.Conduit.AF evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\Local\Temp\CT3312238\ctbe.exe.vir"
sh=E67AB9DC89D7BE54D998427ED4C4A8421A5259EE ft=1 fh=da8a95312d7cd829 vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\Local\Temp\CT3312238\ffLogic.exe.vir"
sh=F89D0D35647789000A23E8BD1E557BEE519A6BAE ft=1 fh=4f81c51847428f3f vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\Local\Temp\CT3312238\statisticsStub.exe.vir"
sh=D549BE6191D4DAED4713453495EFD48D5B90C443 ft=1 fh=009d5c7ba55c736d vn="Win32/Toolbar.Conduit.S evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\Local\Temp\CT3312238\stub.exe.vir"
sh=DABC08BDF0203F5946101A0EEA51D494E87F67B9 ft=1 fh=7788df8e5b966f5d vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\Local\Temp\OCS\ocs_v71.exe.vir"
sh=972DB9071C719922142BE77CF935C208B66F8DE2 ft=1 fh=c50a95d882970223 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\Local\Temp\OCS\ocs_v71b.exe.vir"
sh=848C686280EAA04B172FCCFFBD312132A0C46172 ft=1 fh=7764b0effb0b9556 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\Local\Temp\OCS\ocs_v7f.exe.vir"
sh=7FD3DB54264A63C00B3B3894B8F9C76E86215068 ft=1 fh=f8300a0c77a4950c vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\Local\Temp\OCS\ocs_v8.exe.vir"
sh=D8A2FE99C49ED9A3D7F908112D35B2DA101E48F4 ft=1 fh=ad0a5838d0edefbc vn="Variante von Win32/RiskWare.Astori.B Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\Roaming\InetStat\inetstat.exe.vir"
sh=D8A2FE99C49ED9A3D7F908112D35B2DA101E48F4 ft=1 fh=ad0a5838d0edefbc vn="Variante von Win32/RiskWare.Astori.B Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\Roaming\InetStat\isup.exe.vir"
sh=A6B0985ABC1E2C02B26045E46506CAAC737DA137 ft=1 fh=121662fb9c8fa164 vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\vcp7xx7r.default\Extensions\{2a208ced-fa1a-42dd-8d9b-c02fa5eec24f}\Plugins\npConduitFirefoxPlugin.dll.vir"
sh=C4420C6E94B8CAACCB3811384280D8A93CB0A37D ft=1 fh=25f111c507a31a21 vn="Win32/Toolbar.Conduit.R evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\Roaming\OpenCandy\A3BD802101584933B171387FA940D9DB\sp-downloader.exe.vir"
sh=7C620D1FDA9B0BCB94387A0E5AFD2565B2FB5B08 ft=1 fh=0ea7a7a2438ec590 vn="Win32/Toolbar.Conduit.R evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\Roaming\OpenCandy\A3BD802101584933B171387FA940D9DB\Whitesmoke_directN_p1v1.exe.vir"
sh=BD2FB2B5AB6E8D248C0FB11425B108C17B696835 ft=1 fh=75ed9a1f38cde0e4 vn="Variante von Win32/DealPly.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\Roaming\OpenCandy\C281B2D0ED204B30A2BEDBAEFE437DA4\dp.exe.vir"
sh=37CCAD86409E08816A4C00F1DBEA4604BA36D3A1 ft=1 fh=919a9505016e0e1e vn="Variante von Win32/Toolbar.Babylon.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\Roaming\OpenCandy\EAFF5B25E5B04E25A7D143B69870BF9D\DeltaTB.exe.vir"
sh=3EFFD6E8E0916BCB70C492CA4F84A94349FCF498 ft=1 fh=d94ef5df3e3c4da3 vn="Variante von Win32/Amonetize.AZ evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\system32\installd.exe.vir"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=8b4568929386e042aa3f864c5cacea44
# engine=19682
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-08-16 04:54:07
# local_time=2014-08-16 06:54:07 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 10669989 31145241 0 0
# scanned=378525
# found=66
# cleaned=0
# scan_time=32935
sh=D1337408DE8FC6409BCB0F52A3F84F2863A94C40 ft=1 fh=b4f71a4e9c68bca5 vn="Win32/DealPly.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\DealPlyLive\Update\1.3.23.0\DealPlyLiveBroker.exe.vir"
sh=E1124A98F09A6EBCE59FEA2E918FFE2DCB245146 ft=1 fh=c29d58234e843b86 vn="Win32/DealPly.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\DealPlyLive\Update\1.3.23.0\DealPlyLiveOnDemand.exe.vir"
sh=A658B92B519F7898937EE2AE8CF53A62F620C923 ft=1 fh=7f9bfa912e5e181c vn="Win32/DealPly.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\DealPlyLive\Update\1.3.23.0\goopdate.dll.vir"
sh=6D00C85C60CAF98D39E5CD07AACE53C757A99C49 ft=1 fh=ed4a7cab0d6835d6 vn="Win32/DealPly.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\DealPlyLive\Update\1.3.23.0\goopdateres_ru.dll.vir"
sh=7489D541CA03F640A02B20A33A88C70691D689D5 ft=1 fh=5216003ac57facf4 vn="Win32/DealPly.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll.vir"
sh=0652CF8AA5ACCADDDD31EE32521742F0CF6A62B0 ft=1 fh=6730b7aa2ee36939 vn="Win32/DealPly.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\DealPlyLive\Update\1.3.23.0\psmachine.dll.vir"
sh=C7C0F42A23562AA6DCCD60326FD8CC2AA41B5448 ft=1 fh=c053642cee9f3def vn="Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\DpInterface32.dll.vir"
sh=9DC13DB9C123270C2356ED410128E11D5ADF7C6E ft=1 fh=023ab782f0a9b07d vn="Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\SupTab.dll.vir"
sh=246DDBC3A2C223A6B9072637D93DC2A2832D097A ft=1 fh=c71c0011b04f613a vn="Win32/Toolbar.Babylon.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\DSearchLink\DSearchLink.exe.vir"
sh=56659F7FF1F1FA7906A77228E315F65F38BCEF73 ft=1 fh=0ff759dfc352fd03 vn="Variante von Win32/ELEX.AV evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\IePluginServices\PluginService.exe.vir"
sh=E3F8B8FE0BBC22CBB743C688ED79E0BF73FCCFE5 ft=1 fh=a81abe411291deb5 vn="Variante von Win32/Somoto.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\Local\FilesFrog Update Checker\update_checker.exe.vir"
sh=33E5392D35B724ECF66AA36489157C066FDDC8F6 ft=0 fh=0000000000000000 vn="Win32/DealPly.J evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejnmnhkgiphcaeefbaooconkceehicfi\3.5.0.0_0\background.js.vir"
sh=DEA64A4E8D44029BDF65774FBC1C98FC5EAE98D0 ft=0 fh=0000000000000000 vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\Local\Temp\CT3312238\CT3312238.xpi.vir"
sh=91F440A8F2A0FFC91EDA87FE5410B93141B1C6B0 ft=1 fh=1ce5d7cf83504dfe vn="Win32/Toolbar.Conduit.AF evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\Local\Temp\CT3312238\ctbe.exe.vir"
sh=E67AB9DC89D7BE54D998427ED4C4A8421A5259EE ft=1 fh=da8a95312d7cd829 vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\Local\Temp\CT3312238\ffLogic.exe.vir"
sh=F89D0D35647789000A23E8BD1E557BEE519A6BAE ft=1 fh=4f81c51847428f3f vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\Local\Temp\CT3312238\statisticsStub.exe.vir"
sh=D549BE6191D4DAED4713453495EFD48D5B90C443 ft=1 fh=009d5c7ba55c736d vn="Win32/Toolbar.Conduit.S evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\Local\Temp\CT3312238\stub.exe.vir"
sh=DABC08BDF0203F5946101A0EEA51D494E87F67B9 ft=1 fh=7788df8e5b966f5d vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\Local\Temp\OCS\ocs_v71.exe.vir"
sh=972DB9071C719922142BE77CF935C208B66F8DE2 ft=1 fh=c50a95d882970223 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\Local\Temp\OCS\ocs_v71b.exe.vir"
sh=848C686280EAA04B172FCCFFBD312132A0C46172 ft=1 fh=7764b0effb0b9556 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\Local\Temp\OCS\ocs_v7f.exe.vir"
sh=7FD3DB54264A63C00B3B3894B8F9C76E86215068 ft=1 fh=f8300a0c77a4950c vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\Local\Temp\OCS\ocs_v8.exe.vir"
sh=D8A2FE99C49ED9A3D7F908112D35B2DA101E48F4 ft=1 fh=ad0a5838d0edefbc vn="Variante von Win32/RiskWare.Astori.B Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\Roaming\InetStat\inetstat.exe.vir"
sh=D8A2FE99C49ED9A3D7F908112D35B2DA101E48F4 ft=1 fh=ad0a5838d0edefbc vn="Variante von Win32/RiskWare.Astori.B Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\Roaming\InetStat\isup.exe.vir"
sh=A6B0985ABC1E2C02B26045E46506CAAC737DA137 ft=1 fh=121662fb9c8fa164 vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\vcp7xx7r.default\Extensions\{2a208ced-fa1a-42dd-8d9b-c02fa5eec24f}\Plugins\npConduitFirefoxPlugin.dll.vir"
sh=C4420C6E94B8CAACCB3811384280D8A93CB0A37D ft=1 fh=25f111c507a31a21 vn="Win32/Toolbar.Conduit.R evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\Roaming\OpenCandy\A3BD802101584933B171387FA940D9DB\sp-downloader.exe.vir"
sh=7C620D1FDA9B0BCB94387A0E5AFD2565B2FB5B08 ft=1 fh=0ea7a7a2438ec590 vn="Win32/Toolbar.Conduit.R evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\Roaming\OpenCandy\A3BD802101584933B171387FA940D9DB\Whitesmoke_directN_p1v1.exe.vir"
sh=BD2FB2B5AB6E8D248C0FB11425B108C17B696835 ft=1 fh=75ed9a1f38cde0e4 vn="Variante von Win32/DealPly.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\Roaming\OpenCandy\C281B2D0ED204B30A2BEDBAEFE437DA4\dp.exe.vir"
sh=374CA69E67A1ABC42A8D39CAD7337F3BD3351926 ft=1 fh=feae0fe2f16b04d3 vn="Variante von Win32/OpenCandy.A potenziell unsichere Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\Roaming\OpenCandy\D04C7FBF877A43C281873CEDD44B0BC1\dlm.exe.vir"
sh=37CCAD86409E08816A4C00F1DBEA4604BA36D3A1 ft=1 fh=919a9505016e0e1e vn="Variante von Win32/Toolbar.Babylon.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\Roaming\OpenCandy\EAFF5B25E5B04E25A7D143B69870BF9D\DeltaTB.exe.vir"
sh=3EFFD6E8E0916BCB70C492CA4F84A94349FCF498 ft=1 fh=d94ef5df3e3c4da3 vn="Variante von Win32/Amonetize.AZ evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\system32\installd.exe.vir"
sh=7681FB592B74173844A29BD8434E17E4AC158B7C ft=1 fh=9073813a93b37e2a vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Oliver\Desktop\iDevice Manager iPhone Explorer - CHIP-Installer.exe"
sh=CE69F10D895A1F5EA177F76503E32189201EA826 ft=0 fh=0000000000000000 vn="Variante von MSIL/Injector.CID Trojaner" ac=I fn="C:\Users\Oliver\Desktop\Jailbrake\MTKV246.rar"
sh=2D2F8DC078AE60C9AAB3D5905DE695005CA31062 ft=0 fh=0000000000000000 vn="Win32/Packed.Autoit.H evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Oliver\Desktop\VPN\fritzbox\ruKernelTool.zip"
sh=2446E82304B2A797346141850D2245916E179BB6 ft=1 fh=4f9fb98a1d8c5ee8 vn="Win32/Packed.Autoit.H evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Oliver\Desktop\VPN\fritzbox\ruKernelTool\_Lib_\PrettyPrintFirmwareLinkListe.exe"
sh=2DA3B1AF0156C49327364F9216A0FA42087E7F38 ft=0 fh=0000000000000000 vn="MSIL/Hoax.FakeKG.C Anwendung" ac=I fn="C:\Windows.old\$Recycle.Bin\S-1-5-21-325037915-2226244175-370504178-1000\$R1GY7IN.rar"
sh=E47AD2590F15D7CA64B9ED24458226D1A03653F8 ft=1 fh=e25b12a6737cce92 vn="MSIL/Hoax.FakeKG.C Anwendung" ac=I fn="C:\Windows.old\$Recycle.Bin\S-1-5-21-325037915-2226244175-370504178-1000\$R9EIX9U\Microsoft Office KeyGen v2.2 (3 in 1).exe"
sh=E47AD2590F15D7CA64B9ED24458226D1A03653F8 ft=1 fh=e25b12a6737cce92 vn="MSIL/Hoax.FakeKG.C Anwendung" ac=I fn="C:\Windows.old\$Recycle.Bin\S-1-5-21-325037915-2226244175-370504178-1000\$RF971KF\Microsoft Office KeyGen v2.2 (3 in 1).exe"
sh=9FE7B1669161E3CF1E3B9E5E6B987BD4FC0A4016 ft=1 fh=7bda106797aa3408 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Oliver\Anwendungsdaten\DVDVideoSoft\FreeYouTubeToMP3Converter.exe"
sh=71F654650EE6D526890A9C8719EEA7BC579DEB92 ft=0 fh=0000000000000000 vn="Win32/Somoto.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Oliver\AppData\Local\Anwendungsdaten\Temp\evasi0n-win-1.5.3.zip"
sh=1426B95F2619E462F812F6807C88694DF9FBECE7 ft=1 fh=a10496de67a69999 vn="Win32/Toolbar.Conduit.S evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Oliver\AppData\Local\Anwendungsdaten\Temp\mconduitinstaller.exe"
sh=018D28392075686BBF154584B0FAF2256D96B9AF ft=1 fh=1e314ac3197f1288 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Oliver\AppData\Local\Anwendungsdaten\Temp\qrx8cvpT.exe.part"
sh=01896B95D6375A278229B56B5B81088016931256 ft=1 fh=70044e30080e6157 vn="Win32/Somoto.E evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Oliver\AppData\Local\Anwendungsdaten\Temp\tmp26B2.tmp.exe"
sh=241E168EFA1F37105368CE8ED4A9AEE438F09F08 ft=1 fh=bca334f013d9fd52 vn="Variante von Win32/Somoto.D evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Oliver\AppData\Local\Anwendungsdaten\Temp\UpdateCheckerSetup.exe"
sh=A836A8346F791EC8A83B51BC78E84B2F6659E6DA ft=1 fh=0a2e45c370149901 vn="Win32/Wajam.F evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Oliver\AppData\Local\Anwendungsdaten\Temp\is1070216317\2316258_stp\wajam_validate.exe"
sh=73E65A52BE9E31500F36F34AEF8778E2CBA8852B ft=1 fh=e03fc328f07c412f vn="MSIL/AdvancedSystemProtector.D evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Oliver\AppData\Local\Anwendungsdaten\Temp\is1070216317\2316474_stp\rcpsetup_adppi_adppi.exe"
sh=16068B8977B4DC562AE782D91BC009472667E331 ft=1 fh=c3b5a87b7d152749 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Oliver\AppData\Local\Anwendungsdaten\Temp\OCS\ocs_v71a.exe"
sh=71F654650EE6D526890A9C8719EEA7BC579DEB92 ft=0 fh=0000000000000000 vn="Win32/Somoto.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Oliver\AppData\Local\Temp\evasi0n-win-1.5.3.zip"
sh=1426B95F2619E462F812F6807C88694DF9FBECE7 ft=1 fh=a10496de67a69999 vn="Win32/Toolbar.Conduit.S evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Oliver\AppData\Local\Temp\mconduitinstaller.exe"
sh=018D28392075686BBF154584B0FAF2256D96B9AF ft=1 fh=1e314ac3197f1288 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Oliver\AppData\Local\Temp\qrx8cvpT.exe.part"
sh=01896B95D6375A278229B56B5B81088016931256 ft=1 fh=70044e30080e6157 vn="Win32/Somoto.E evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Oliver\AppData\Local\Temp\tmp26B2.tmp.exe"
sh=241E168EFA1F37105368CE8ED4A9AEE438F09F08 ft=1 fh=bca334f013d9fd52 vn="Variante von Win32/Somoto.D evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Oliver\AppData\Local\Temp\UpdateCheckerSetup.exe"
sh=A836A8346F791EC8A83B51BC78E84B2F6659E6DA ft=1 fh=0a2e45c370149901 vn="Win32/Wajam.F evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Oliver\AppData\Local\Temp\is1070216317\2316258_stp\wajam_validate.exe"
sh=73E65A52BE9E31500F36F34AEF8778E2CBA8852B ft=1 fh=e03fc328f07c412f vn="MSIL/AdvancedSystemProtector.D evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Oliver\AppData\Local\Temp\is1070216317\2316474_stp\rcpsetup_adppi_adppi.exe"
sh=16068B8977B4DC562AE782D91BC009472667E331 ft=1 fh=c3b5a87b7d152749 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Oliver\AppData\Local\Temp\OCS\ocs_v71a.exe"
sh=9FE7B1669161E3CF1E3B9E5E6B987BD4FC0A4016 ft=1 fh=7bda106797aa3408 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Oliver\AppData\Roaming\DVDVideoSoft\FreeYouTubeToMP3Converter.exe"
sh=CE69F10D895A1F5EA177F76503E32189201EA826 ft=0 fh=0000000000000000 vn="Variante von MSIL/Injector.CID Trojaner" ac=I fn="C:\Windows.old\Documents and Settings\Oliver\Desktop\MTKV246.rar"
sh=611508406F43276E8BE166DE278E6D908BB7592C ft=1 fh=952aa7a079bbb307 vn="Win32/MagicalJellyBean.A potenziell unsichere Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Oliver\Desktop\XP\WinXP 100 % legal machen\keyfinder.jpg"
sh=E06522229BEA7CA611C8F794558252B132CD6A99 ft=1 fh=f935f76a16c39db7 vn="Win32/HackHosts.AC potenziell unsichere Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Oliver\Desktop\XP\WinXP 100 % legal machen\wga-fix.exe"
sh=71F654650EE6D526890A9C8719EEA7BC579DEB92 ft=0 fh=0000000000000000 vn="Win32/Somoto.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Oliver\Lokale Einstellungen\Temp\evasi0n-win-1.5.3.zip"
sh=1426B95F2619E462F812F6807C88694DF9FBECE7 ft=1 fh=a10496de67a69999 vn="Win32/Toolbar.Conduit.S evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Oliver\Lokale Einstellungen\Temp\mconduitinstaller.exe"
sh=018D28392075686BBF154584B0FAF2256D96B9AF ft=1 fh=1e314ac3197f1288 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Oliver\Lokale Einstellungen\Temp\qrx8cvpT.exe.part"
sh=01896B95D6375A278229B56B5B81088016931256 ft=1 fh=70044e30080e6157 vn="Win32/Somoto.E evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Oliver\Lokale Einstellungen\Temp\tmp26B2.tmp.exe"
sh=241E168EFA1F37105368CE8ED4A9AEE438F09F08 ft=1 fh=bca334f013d9fd52 vn="Variante von Win32/Somoto.D evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Oliver\Lokale Einstellungen\Temp\UpdateCheckerSetup.exe"
sh=A836A8346F791EC8A83B51BC78E84B2F6659E6DA ft=1 fh=0a2e45c370149901 vn="Win32/Wajam.F evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Oliver\Lokale Einstellungen\Temp\is1070216317\2316258_stp\wajam_validate.exe"
sh=73E65A52BE9E31500F36F34AEF8778E2CBA8852B ft=1 fh=e03fc328f07c412f vn="MSIL/AdvancedSystemProtector.D evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Oliver\Lokale Einstellungen\Temp\is1070216317\2316474_stp\rcpsetup_adppi_adppi.exe"
sh=16068B8977B4DC562AE782D91BC009472667E331 ft=1 fh=c3b5a87b7d152749 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Oliver\Lokale Einstellungen\Temp\OCS\ocs_v71a.exe"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=8b4568929386e042aa3f864c5cacea44
# engine=19685
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=false
# utc_time=2014-08-16 05:20:10
# local_time=2014-08-16 07:20:10 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 10714752 31190004 0 0
# scanned=4782632
# found=36
# cleaned=0
# scan_time=44108
sh=D1337408DE8FC6409BCB0F52A3F84F2863A94C40 ft=1 fh=b4f71a4e9c68bca5 vn="Win32/DealPly.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\DealPlyLive\Update\1.3.23.0\DealPlyLiveBroker.exe.vir"
sh=E1124A98F09A6EBCE59FEA2E918FFE2DCB245146 ft=1 fh=c29d58234e843b86 vn="Win32/DealPly.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\DealPlyLive\Update\1.3.23.0\DealPlyLiveOnDemand.exe.vir"
sh=A658B92B519F7898937EE2AE8CF53A62F620C923 ft=1 fh=7f9bfa912e5e181c vn="Win32/DealPly.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\DealPlyLive\Update\1.3.23.0\goopdate.dll.vir"
sh=6D00C85C60CAF98D39E5CD07AACE53C757A99C49 ft=1 fh=ed4a7cab0d6835d6 vn="Win32/DealPly.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\DealPlyLive\Update\1.3.23.0\goopdateres_ru.dll.vir"
sh=7489D541CA03F640A02B20A33A88C70691D689D5 ft=1 fh=5216003ac57facf4 vn="Win32/DealPly.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll.vir"
sh=0652CF8AA5ACCADDDD31EE32521742F0CF6A62B0 ft=1 fh=6730b7aa2ee36939 vn="Win32/DealPly.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\DealPlyLive\Update\1.3.23.0\psmachine.dll.vir"
sh=C7C0F42A23562AA6DCCD60326FD8CC2AA41B5448 ft=1 fh=c053642cee9f3def vn="Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\DpInterface32.dll.vir"
sh=9DC13DB9C123270C2356ED410128E11D5ADF7C6E ft=1 fh=023ab782f0a9b07d vn="Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\SupTab.dll.vir"
sh=246DDBC3A2C223A6B9072637D93DC2A2832D097A ft=1 fh=c71c0011b04f613a vn="Win32/Toolbar.Babylon.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\DSearchLink\DSearchLink.exe.vir"
sh=56659F7FF1F1FA7906A77228E315F65F38BCEF73 ft=1 fh=0ff759dfc352fd03 vn="Variante von Win32/ELEX.AV evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\IePluginServices\PluginService.exe.vir"
sh=E3F8B8FE0BBC22CBB743C688ED79E0BF73FCCFE5 ft=1 fh=a81abe411291deb5 vn="Variante von Win32/Somoto.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\Local\FilesFrog Update Checker\update_checker.exe.vir"
sh=33E5392D35B724ECF66AA36489157C066FDDC8F6 ft=0 fh=0000000000000000 vn="Win32/DealPly.J evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejnmnhkgiphcaeefbaooconkceehicfi\3.5.0.0_0\background.js.vir"
sh=DEA64A4E8D44029BDF65774FBC1C98FC5EAE98D0 ft=0 fh=0000000000000000 vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\Local\Temp\CT3312238\CT3312238.xpi.vir"
sh=91F440A8F2A0FFC91EDA87FE5410B93141B1C6B0 ft=1 fh=1ce5d7cf83504dfe vn="Win32/Toolbar.Conduit.AF evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\Local\Temp\CT3312238\ctbe.exe.vir"
sh=E67AB9DC89D7BE54D998427ED4C4A8421A5259EE ft=1 fh=da8a95312d7cd829 vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\Local\Temp\CT3312238\ffLogic.exe.vir"
sh=F89D0D35647789000A23E8BD1E557BEE519A6BAE ft=1 fh=4f81c51847428f3f vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\Local\Temp\CT3312238\statisticsStub.exe.vir"
sh=D549BE6191D4DAED4713453495EFD48D5B90C443 ft=1 fh=009d5c7ba55c736d vn="Win32/Toolbar.Conduit.S evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\Local\Temp\CT3312238\stub.exe.vir"
sh=DABC08BDF0203F5946101A0EEA51D494E87F67B9 ft=1 fh=7788df8e5b966f5d vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\Local\Temp\OCS\ocs_v71.exe.vir"
sh=972DB9071C719922142BE77CF935C208B66F8DE2 ft=1 fh=c50a95d882970223 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\Local\Temp\OCS\ocs_v71b.exe.vir"
sh=848C686280EAA04B172FCCFFBD312132A0C46172 ft=1 fh=7764b0effb0b9556 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\Local\Temp\OCS\ocs_v7f.exe.vir"
sh=7FD3DB54264A63C00B3B3894B8F9C76E86215068 ft=1 fh=f8300a0c77a4950c vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\Local\Temp\OCS\ocs_v8.exe.vir"
sh=D8A2FE99C49ED9A3D7F908112D35B2DA101E48F4 ft=1 fh=ad0a5838d0edefbc vn="Variante von Win32/RiskWare.Astori.B Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\Roaming\InetStat\inetstat.exe.vir"
sh=D8A2FE99C49ED9A3D7F908112D35B2DA101E48F4 ft=1 fh=ad0a5838d0edefbc vn="Variante von Win32/RiskWare.Astori.B Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\Roaming\InetStat\isup.exe.vir"
sh=A6B0985ABC1E2C02B26045E46506CAAC737DA137 ft=1 fh=121662fb9c8fa164 vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\vcp7xx7r.default\Extensions\{2a208ced-fa1a-42dd-8d9b-c02fa5eec24f}\Plugins\npConduitFirefoxPlugin.dll.vir"
sh=C4420C6E94B8CAACCB3811384280D8A93CB0A37D ft=1 fh=25f111c507a31a21 vn="Win32/Toolbar.Conduit.R evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\Roaming\OpenCandy\A3BD802101584933B171387FA940D9DB\sp-downloader.exe.vir"
sh=7C620D1FDA9B0BCB94387A0E5AFD2565B2FB5B08 ft=1 fh=0ea7a7a2438ec590 vn="Win32/Toolbar.Conduit.R evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\Roaming\OpenCandy\A3BD802101584933B171387FA940D9DB\Whitesmoke_directN_p1v1.exe.vir"
sh=BD2FB2B5AB6E8D248C0FB11425B108C17B696835 ft=1 fh=75ed9a1f38cde0e4 vn="Variante von Win32/DealPly.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\Roaming\OpenCandy\C281B2D0ED204B30A2BEDBAEFE437DA4\dp.exe.vir"
sh=37CCAD86409E08816A4C00F1DBEA4604BA36D3A1 ft=1 fh=919a9505016e0e1e vn="Variante von Win32/Toolbar.Babylon.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\Roaming\OpenCandy\EAFF5B25E5B04E25A7D143B69870BF9D\DeltaTB.exe.vir"
sh=3EFFD6E8E0916BCB70C492CA4F84A94349FCF498 ft=1 fh=d94ef5df3e3c4da3 vn="Variante von Win32/Amonetize.AZ evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\system32\installd.exe.vir"
sh=CE69F10D895A1F5EA177F76503E32189201EA826 ft=0 fh=0000000000000000 vn="Variante von MSIL/Injector.CID Trojaner" ac=I fn="C:\Users\Oliver\Desktop\Jailbrake\MTKV246.rar"
sh=2446E82304B2A797346141850D2245916E179BB6 ft=1 fh=4f9fb98a1d8c5ee8 vn="Win32/Packed.Autoit.H evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Oliver\Desktop\VPN\fritzbox\ruKernelTool\_Lib_\PrettyPrintFirmwareLinkListe.exe"
sh=2D2F8DC078AE60C9AAB3D5905DE695005CA31062 ft=0 fh=0000000000000000 vn="Win32/Packed.Autoit.H evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Oliver\Desktop\VPN\fritzbox\ruKernelTool.zip"
sh=7681FB592B74173844A29BD8434E17E4AC158B7C ft=1 fh=9073813a93b37e2a vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Oliver\Desktop\iDevice Manager iPhone Explorer - CHIP-Installer.exe"
sh=E47AD2590F15D7CA64B9ED24458226D1A03653F8 ft=1 fh=e25b12a6737cce92 vn="MSIL/Hoax.FakeKG.C Anwendung" ac=I fn="C:\Windows.old\$Recycle.Bin\S-1-5-21-325037915-2226244175-370504178-1000\$R9EIX9U\Microsoft Office KeyGen v2.2 (3 in 1).exe"
sh=E47AD2590F15D7CA64B9ED24458226D1A03653F8 ft=1 fh=e25b12a6737cce92 vn="MSIL/Hoax.FakeKG.C Anwendung" ac=I fn="C:\Windows.old\$Recycle.Bin\S-1-5-21-325037915-2226244175-370504178-1000\$RF971KF\Microsoft Office KeyGen v2.2 (3 in 1).exe"
sh=2DA3B1AF0156C49327364F9216A0FA42087E7F38 ft=0 fh=0000000000000000 vn="MSIL/Hoax.FakeKG.C Anwendung" ac=I fn="C:\Windows.old\$Recycle.Bin\S-1-5-21-325037915-2226244175-370504178-1000\$R1GY7IN.rar"
Code:
ATTFilter Results of screen317's Security Check version 0.99.87
Windows 7 Service Pack 1 x86 (UAC is disabled!)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Microsoft Security Essentials
(On Access scanning disabled!)
Error obtaining update status for antivirus!
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 55
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 14.0.0.145
Mozilla Firefox (31.0)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:13-08-2014
Ran by Oliver (administrator) on OLIVER-PC on 13-08-2014 18:08:39
Running from C:\Users\Oliver\Desktop\Virus\FRST
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
() C:\Program Files\ASUS\EPU-6 Engine\SixEngine.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Realtek) C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtlService.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(Realtek Semiconductor Corp.) C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Users\Oliver\AppData\Local\ContextFree\nvcmd.exe
(Dropbox, Inc.) C:\Users\Oliver\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKU\.DEFAULT\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2014-02-10] (Microsoft Corporation)
HKU\S-1-5-21-956886985-2695973545-304803630-1000\...\Run: [framei] => C:\Users\Oliver\AppData\Local\ContextFree\framei.exe [567808 2014-07-01] ()
HKU\S-1-5-21-956886985-2695973545-304803630-1000\...\Run: [nvcmd] => C:\Users\Oliver\AppData\Local\ContextFree\nvcmd.exe [596480 2014-07-01] ()
HKU\S-1-5-21-956886985-2695973545-304803630-1000\...\Run: [cntcmd] => C:\Users\Oliver\AppData\Local\ContextFree\cntcmd.exe [596480 2014-07-01] ()
HKU\S-1-5-21-956886985-2695973545-304803630-1000\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-956886985-2695973545-304803630-1000\...\MountPoints2: {e801ad7e-90e1-11e3-9cc6-806e6f6e6963} - D:\wubi.exe
Startup: C:\Users\Oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Oliver\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=securitascout
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\cfg85hsu.default-1402174875213
FF Homepage: https://www.google.de/?gws_rd=ssl
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF SearchPlugin: C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\cfg85hsu.default-1402174875213\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\cfg85hsu.default-1402174875213\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\cfg85hsu.default-1402174875213\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\cfg85hsu.default-1402174875213\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Download videos and MP3s from YouTube - C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\cfg85hsu.default-1402174875213\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900} [2014-08-09]
FF Extension: PDF Updater Free - C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\cfg85hsu.default-1402174875213\Extensions\{c5518a8b-51fa-437a-9f4d-34a5beb015eb}.xpi [2014-07-20]
FF Extension: Adblock Plus - C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\cfg85hsu.default-1402174875213\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-06-07]
FF Extension: {d3d8eb04-2a7c-4d14-84b4-f701af9beb83} - C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\cfg85hsu.default-1402174875213\Extensions\{d3d8eb04-2a7c-4d14-84b4-f701af9beb83}.xpi [2014-07-17]
FF Extension: Fox!Box - C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\cfg85hsu.default-1402174875213\Extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8}.xpi [2014-08-10]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-03-02]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff [2014-08-09]
Chrome:
=======
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AsSysCtrlService; C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [90112 2009-04-02] () [File not signed]
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2013-01-16] (Hewlett-Packard Company) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [769432 2012-07-13] (Nero AG)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44544 2008-12-03] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-12-03] (Hewlett-Packard) [File not signed]
R2 Realtek11nSU; C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [12400 2007-12-17] ()
S3 KMWDFILTERx86; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [25088 2009-04-29] (Windows (R) Codename Longhorn DDK provider)
R3 L1E; C:\Windows\System32\DRIVERS\L1E62x86.sys [47104 2009-07-14] (Atheros Communications, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [6504 2009-05-13] ()
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [320120 2014-06-20] (Duplex Secure Ltd.)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
U3 ufdiapob; \??\C:\Users\Oliver\AppData\Local\Temp\ufdiapob.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-13 17:31 - 2014-08-13 17:31 - 00000176 _____ () C:\Users\Oliver\defogger_reenable
2014-08-13 17:07 - 2014-08-13 17:07 - 00144584 _____ () C:\Windows\Minidump\081314-16676-01.dmp
2014-08-13 17:00 - 2014-08-13 18:08 - 00000000 ____D () C:\FRST
2014-08-13 16:59 - 2014-08-13 17:33 - 00000000 ____D () C:\Users\Oliver\Desktop\Virus
2014-08-12 18:32 - 2014-08-12 18:32 - 00000000 ____D () C:\Program Files\ESET
2014-08-12 18:26 - 2014-08-12 18:26 - 00000000 ____D () C:\Windows\ERUNT
2014-08-10 12:59 - 2014-08-12 17:57 - 00000000 ____D () C:\Windows\AutoKMS
2014-08-10 12:16 - 2014-08-10 12:18 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Genesis_08101016
2014-08-10 12:05 - 2014-08-10 12:05 - 00000000 ____D () C:\Users\Oliver\AppData\Local\ContextFree
2014-08-10 12:04 - 2014-08-10 12:06 - 00000000 ____D () C:\Users\Oliver\AppData\Local\fabulous_08101004
2014-08-09 20:29 - 2014-08-09 20:38 - 238945732 _____ () C:\Users\Oliver\Desktop\PLANET E_ ABENTEUER - MALLORCA, TEIL 1.avi
2014-08-09 20:19 - 2014-08-09 20:29 - 230164014 _____ () C:\Users\Oliver\Desktop\PLANET E_ ABENTEUER - MALLORCA, TEIL 2.avi
2014-08-09 18:33 - 2014-08-10 11:09 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\Skype
2014-08-09 18:33 - 2014-08-10 11:09 - 00000000 ____D () C:\ProgramData\Skype
2014-08-09 18:33 - 2014-08-09 18:33 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Skype
2014-08-09 18:32 - 2014-08-09 18:32 - 00002176 _____ () C:\Users\Public\Desktop\Free YouTube Download.lnk
2014-08-08 20:27 - 2014-08-08 20:27 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-08-07 17:39 - 2014-08-07 17:39 - 00367576 _____ () C:\Windows\Minidump\080714-19905-01.dmp
2014-07-31 21:40 - 2014-07-31 21:40 - 00367568 _____ () C:\Windows\Minidump\073114-20872-01.dmp
2014-07-29 21:49 - 2014-07-29 21:49 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-19 21:20 - 2014-07-20 12:24 - 00000000 ____D () C:\Users\Oliver\Desktop\Urlaub
2014-07-17 22:13 - 2014-07-17 22:15 - 00000000 ____D () C:\Users\Oliver\Desktop\backup
2014-07-17 22:13 - 2014-07-17 22:13 - 00000000 ____D () C:\Users\Oliver\Desktop\converted
2014-07-17 22:13 - 2014-07-17 22:13 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Tempde97d1ecad57e6a299c82b803e0e23e1______
2014-07-17 22:13 - 2014-07-17 22:13 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Tempb3e4a92b2fa33cb7a7281f2eb2a6c78e___
2014-07-17 22:05 - 2014-07-17 22:05 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Tempb3e4a92b2fa33cb7a7281f2eb2a6c78e__
2014-07-17 22:04 - 2014-07-17 22:04 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Tempde97d1ecad57e6a299c82b803e0e23e1_____
2014-07-17 22:02 - 2014-07-17 22:02 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Tempde97d1ecad57e6a299c82b803e0e23e1____
2014-07-17 21:34 - 2014-07-17 21:34 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Tempb3e4a92b2fa33cb7a7281f2eb2a6c78e_
2014-07-17 21:32 - 2014-07-17 21:32 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Tempde97d1ecad57e6a299c82b803e0e23e1___
2014-07-17 21:31 - 2014-07-17 22:15 - 00000223 _____ () C:\Users\Oliver\Desktop\WhatsAppMigrator.conf
2014-07-17 21:30 - 2014-07-17 21:30 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Tempde97d1ecad57e6a299c82b803e0e23e1__
2014-07-17 21:03 - 2014-07-17 21:03 - 00371736 _____ () C:\Windows\Minidump\071714-27690-01.dmp
2014-07-17 20:49 - 2014-07-17 20:49 - 00002013 _____ () C:\Users\Oliver\Desktop\iDevice Manager.lnk
2014-07-17 20:49 - 2014-07-17 20:49 - 00000000 ____D () C:\Users\Oliver\AppData\Local\IsolatedStorage
2014-07-17 20:49 - 2014-07-17 20:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iDevice Manager
2014-07-17 20:49 - 2014-07-17 20:49 - 00000000 ____D () C:\Program Files\iDevice Manager
2014-07-17 20:47 - 2014-07-17 20:47 - 00961360 _____ (Chip Digital GmbH) C:\Users\Oliver\Desktop\iDevice Manager iPhone Explorer - CHIP-Installer.exe
2014-07-17 20:34 - 2014-07-17 20:42 - 00000000 ____D () C:\Users\Oliver\AppData\Local\pangu
2014-07-17 20:33 - 2014-07-17 20:34 - 35956160 _____ () C:\Users\Oliver\Desktop\Pangu_v1.1.exe
2014-07-17 20:23 - 2014-07-17 20:23 - 00001753 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-17 20:23 - 2014-07-17 20:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-17 20:22 - 2014-07-17 20:23 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-07-17 20:22 - 2014-07-17 20:23 - 00000000 ____D () C:\Program Files\iTunes
2014-07-17 20:22 - 2014-07-17 20:22 - 00000000 ____D () C:\Program Files\iPod
2014-07-17 19:27 - 2014-07-17 22:12 - 00000000 ____D () C:\Users\Oliver\Desktop\Whatsapp
2014-07-17 19:24 - 2014-07-19 19:22 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\GHISLER
2014-07-17 19:21 - 2014-07-17 19:21 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Tempde97d1ecad57e6a299c82b803e0e23e1_
2014-07-17 19:21 - 2014-07-17 19:21 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Tempd60233d1130df8bd03cd6d2e3c2fc7d1
2014-07-17 19:21 - 2014-07-17 19:21 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Tempb3e4a92b2fa33cb7a7281f2eb2a6c78e
2014-07-17 19:21 - 2014-07-17 19:21 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Temp82152e590ca5570bb7bf75cfa8125e90
2014-07-17 19:18 - 2014-07-17 22:16 - 00004078 _____ () C:\Users\Oliver\Desktop\WhatsAppMigrator.log
2014-07-17 19:18 - 2014-07-17 19:18 - 00000000 ____D () C:\Users\Oliver\ChromeExtensions
2014-07-17 19:18 - 2014-07-17 19:18 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Tempde97d1ecad57e6a299c82b803e0e23e1
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-13 18:08 - 2014-08-13 17:00 - 00000000 ____D () C:\FRST
2014-08-13 18:03 - 2014-02-08 18:59 - 01932986 _____ () C:\Windows\WindowsUpdate.log
2014-08-13 17:39 - 2009-07-14 06:34 - 00016944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-13 17:39 - 2009-07-14 06:34 - 00016944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-13 17:33 - 2014-08-13 16:59 - 00000000 ____D () C:\Users\Oliver\Desktop\Virus
2014-08-13 17:33 - 2014-02-08 21:00 - 00000000 ___RD () C:\Users\Oliver\Dropbox
2014-08-13 17:33 - 2014-02-08 20:57 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\Dropbox
2014-08-13 17:32 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-13 17:32 - 2009-07-14 06:39 - 00047528 _____ () C:\Windows\setupact.log
2014-08-13 17:31 - 2014-08-13 17:31 - 00000176 _____ () C:\Users\Oliver\defogger_reenable
2014-08-13 17:31 - 2014-02-08 19:32 - 00000000 ____D () C:\Users\Oliver
2014-08-13 17:30 - 2014-02-08 19:13 - 01628044 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-13 17:16 - 2014-02-10 20:11 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-13 17:07 - 2014-08-13 17:07 - 00144584 _____ () C:\Windows\Minidump\081314-16676-01.dmp
2014-08-13 17:07 - 2014-03-16 15:02 - 00000000 ____D () C:\Windows\Minidump
2014-08-13 17:07 - 2014-03-16 15:01 - 357774381 _____ () C:\Windows\MEMORY.DMP
2014-08-12 20:47 - 2014-02-08 20:31 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\KeePass
2014-08-12 18:51 - 2014-02-16 18:38 - 00000000 ____D () C:\Users\Oliver\Desktop\Börsenkurse
2014-08-12 18:32 - 2014-08-12 18:32 - 00000000 ____D () C:\Program Files\ESET
2014-08-12 18:26 - 2014-08-12 18:26 - 00000000 ____D () C:\Windows\ERUNT
2014-08-12 18:23 - 2014-02-09 11:38 - 00023638 _____ () C:\Windows\PFRO.log
2014-08-12 18:22 - 2013-11-13 18:28 - 00000000 ____D () C:\AdwCleaner
2014-08-12 17:57 - 2014-08-10 12:59 - 00000000 ____D () C:\Windows\AutoKMS
2014-08-10 12:51 - 2014-02-09 10:37 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-10 12:18 - 2014-08-10 12:16 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Genesis_08101016
2014-08-10 12:18 - 2014-03-02 14:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-08-10 12:18 - 2014-03-02 14:52 - 00001797 _____ () C:\ProgramData\hpzinstall.log
2014-08-10 12:18 - 2014-03-02 14:52 - 00000000 ____D () C:\Program Files\HP
2014-08-10 12:06 - 2014-08-10 12:04 - 00000000 ____D () C:\Users\Oliver\AppData\Local\fabulous_08101004
2014-08-10 12:05 - 2014-08-10 12:05 - 00000000 ____D () C:\Users\Oliver\AppData\Local\ContextFree
2014-08-10 11:09 - 2014-08-09 18:33 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\Skype
2014-08-10 11:09 - 2014-08-09 18:33 - 00000000 ____D () C:\ProgramData\Skype
2014-08-09 21:18 - 2009-07-14 04:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-08-09 20:38 - 2014-08-09 20:29 - 238945732 _____ () C:\Users\Oliver\Desktop\PLANET E_ ABENTEUER - MALLORCA, TEIL 1.avi
2014-08-09 20:29 - 2014-08-09 20:19 - 230164014 _____ () C:\Users\Oliver\Desktop\PLANET E_ ABENTEUER - MALLORCA, TEIL 2.avi
2014-08-09 18:39 - 2014-06-07 09:13 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\vlc
2014-08-09 18:33 - 2014-08-09 18:33 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Skype
2014-08-09 18:33 - 2014-06-01 12:03 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\DVDVideoSoft
2014-08-09 18:32 - 2014-08-09 18:32 - 00002176 _____ () C:\Users\Public\Desktop\Free YouTube Download.lnk
2014-08-09 18:32 - 2014-06-01 12:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-08-09 18:32 - 2014-06-01 12:05 - 00000000 ____D () C:\Program Files\DVDVideoSoft
2014-08-09 18:32 - 2014-06-01 12:05 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2014-08-08 20:34 - 2014-02-08 19:48 - 00110056 _____ () C:\Users\Oliver\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-08 20:33 - 2009-07-14 06:33 - 00410352 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-08 20:30 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-08-08 20:27 - 2014-08-08 20:27 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-08-08 20:27 - 2014-02-09 10:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2014-08-08 20:27 - 2014-02-09 10:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-08-08 20:26 - 2009-07-14 10:56 - 00000000 ____D () C:\Windows\ShellNew
2014-08-08 20:26 - 2009-07-14 06:52 - 00000000 ____D () C:\Program Files\MSBuild
2014-08-08 20:26 - 2009-07-14 04:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-08-08 20:23 - 2009-07-14 04:04 - 00000615 _____ () C:\Windows\win.ini
2014-08-07 17:39 - 2014-08-07 17:39 - 00367576 _____ () C:\Windows\Minidump\080714-19905-01.dmp
2014-08-04 19:14 - 2009-07-14 06:52 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-07-31 21:40 - 2014-07-31 21:40 - 00367568 _____ () C:\Windows\Minidump\073114-20872-01.dmp
2014-07-31 17:14 - 2014-02-08 19:45 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-07-29 21:49 - 2014-07-29 21:49 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-29 13:02 - 2009-07-14 06:53 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-29 08:04 - 2014-02-09 13:50 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-28 18:40 - 2014-02-09 13:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-28 18:11 - 2014-02-08 20:58 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-07-28 18:11 - 2013-01-03 18:51 - 00001021 _____ () C:\Users\Oliver\Desktop\Dropbox.lnk
2014-07-20 21:40 - 2014-03-10 18:59 - 00001060 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-07-20 21:40 - 2014-03-10 18:59 - 00001048 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-07-20 16:17 - 2014-02-08 20:55 - 00000000 ____D () C:\Users\Oliver\Documents\Meine Scans
2014-07-20 12:24 - 2014-07-19 21:20 - 00000000 ____D () C:\Users\Oliver\Desktop\Urlaub
2014-07-19 19:22 - 2014-07-17 19:24 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\GHISLER
2014-07-17 22:31 - 2014-04-19 17:28 - 00000000 ____D () C:\Program Files\i-Funbox DevTeam
2014-07-17 22:16 - 2014-07-17 19:18 - 00004078 _____ () C:\Users\Oliver\Desktop\WhatsAppMigrator.log
2014-07-17 22:15 - 2014-07-17 22:13 - 00000000 ____D () C:\Users\Oliver\Desktop\backup
2014-07-17 22:15 - 2014-07-17 21:31 - 00000223 _____ () C:\Users\Oliver\Desktop\WhatsAppMigrator.conf
2014-07-17 22:13 - 2014-07-17 22:13 - 00000000 ____D () C:\Users\Oliver\Desktop\converted
2014-07-17 22:13 - 2014-07-17 22:13 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Tempde97d1ecad57e6a299c82b803e0e23e1______
2014-07-17 22:13 - 2014-07-17 22:13 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Tempb3e4a92b2fa33cb7a7281f2eb2a6c78e___
2014-07-17 22:12 - 2014-07-17 19:27 - 00000000 ____D () C:\Users\Oliver\Desktop\Whatsapp
2014-07-17 22:05 - 2014-07-17 22:05 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Tempb3e4a92b2fa33cb7a7281f2eb2a6c78e__
2014-07-17 22:04 - 2014-07-17 22:04 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Tempde97d1ecad57e6a299c82b803e0e23e1_____
2014-07-17 22:02 - 2014-07-17 22:02 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Tempde97d1ecad57e6a299c82b803e0e23e1____
2014-07-17 21:34 - 2014-07-17 21:34 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Tempb3e4a92b2fa33cb7a7281f2eb2a6c78e_
2014-07-17 21:32 - 2014-07-17 21:32 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Tempde97d1ecad57e6a299c82b803e0e23e1___
2014-07-17 21:30 - 2014-07-17 21:30 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Tempde97d1ecad57e6a299c82b803e0e23e1__
2014-07-17 21:11 - 2014-04-19 17:28 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\iFunbox_UserCache
2014-07-17 21:03 - 2014-07-17 21:03 - 00371736 _____ () C:\Windows\Minidump\071714-27690-01.dmp
2014-07-17 20:49 - 2014-07-17 20:49 - 00002013 _____ () C:\Users\Oliver\Desktop\iDevice Manager.lnk
2014-07-17 20:49 - 2014-07-17 20:49 - 00000000 ____D () C:\Users\Oliver\AppData\Local\IsolatedStorage
2014-07-17 20:49 - 2014-07-17 20:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iDevice Manager
2014-07-17 20:49 - 2014-07-17 20:49 - 00000000 ____D () C:\Program Files\iDevice Manager
2014-07-17 20:47 - 2014-07-17 20:47 - 00961360 _____ (Chip Digital GmbH) C:\Users\Oliver\Desktop\iDevice Manager iPhone Explorer - CHIP-Installer.exe
2014-07-17 20:42 - 2014-07-17 20:34 - 00000000 ____D () C:\Users\Oliver\AppData\Local\pangu
2014-07-17 20:34 - 2014-07-17 20:33 - 35956160 _____ () C:\Users\Oliver\Desktop\Pangu_v1.1.exe
2014-07-17 20:23 - 2014-07-17 20:23 - 00001753 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-17 20:23 - 2014-07-17 20:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-17 20:23 - 2014-07-17 20:22 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-07-17 20:23 - 2014-07-17 20:22 - 00000000 ____D () C:\Program Files\iTunes
2014-07-17 20:22 - 2014-07-17 20:22 - 00000000 ____D () C:\Program Files\iPod
2014-07-17 20:22 - 2014-05-04 11:48 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-07-17 19:21 - 2014-07-17 19:21 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Tempde97d1ecad57e6a299c82b803e0e23e1_
2014-07-17 19:21 - 2014-07-17 19:21 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Tempd60233d1130df8bd03cd6d2e3c2fc7d1
2014-07-17 19:21 - 2014-07-17 19:21 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Tempb3e4a92b2fa33cb7a7281f2eb2a6c78e
2014-07-17 19:21 - 2014-07-17 19:21 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Temp82152e590ca5570bb7bf75cfa8125e90
2014-07-17 19:19 - 2014-07-13 12:10 - 00000000 ____D () C:\Users\Oliver\.gimp-2.8
2014-07-17 19:18 - 2014-07-17 19:18 - 00000000 ____D () C:\Users\Oliver\ChromeExtensions
2014-07-17 19:18 - 2014-07-17 19:18 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Tempde97d1ecad57e6a299c82b803e0e23e1
2014-07-16 22:01 - 2014-02-08 20:14 - 00001075 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk
2014-07-16 22:01 - 2014-02-08 20:14 - 00000000 ____D () C:\Program Files\KeePass Password Safe 2
2014-07-16 22:01 - 2013-10-20 11:29 - 00001063 _____ () C:\Users\Oliver\Desktop\KeePass 2.lnk
2014-07-15 21:30 - 2014-06-13 16:10 - 00000000 ____D () C:\Users\Oliver\Desktop\WM
Some content of TEMP:
====================
C:\Users\Oliver\AppData\Local\Temp\13-12_win7_win8_32_dd_ccc_whql.exe
C:\Users\Oliver\AppData\Local\Temp\amazonicon_v6.exe
C:\Users\Oliver\AppData\Local\Temp\amazoninstallernircmdc.exe
C:\Users\Oliver\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplh0xpr.dll
C:\Users\Oliver\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Oliver\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\Oliver\AppData\Local\Temp\foxy_security.exe
C:\Users\Oliver\AppData\Local\Temp\FP_AX_MSI_INSTALLER.exe
C:\Users\Oliver\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Oliver\AppData\Local\Temp\ICReinstall_COMPUTER_BILD-Download-Manager_fuer_nerocoverdesigner-ESD_small-20131212115353069-12.0.01800.nsx.exe
C:\Users\Oliver\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Oliver\AppData\Local\Temp\MouseKeyboardCenterx86_1031.exe
C:\Users\Oliver\AppData\Local\Temp\MTK25beta5setup__6216_il14229.exe
C:\Users\Oliver\AppData\Local\Temp\nshAF48.exe
C:\Users\Oliver\AppData\Local\Temp\nsi1836.exe
C:\Users\Oliver\AppData\Local\Temp\nsmF88C.exe
C:\Users\Oliver\AppData\Local\Temp\nsrFD8C.exe
C:\Users\Oliver\AppData\Local\Temp\nswAB12.exe
C:\Users\Oliver\AppData\Local\Temp\ose00000.exe
C:\Users\Oliver\AppData\Local\Temp\PidGenX.dll
C:\Users\Oliver\AppData\Local\Temp\raptrpatch.exe
C:\Users\Oliver\AppData\Local\Temp\sdanircmdc.exe
C:\Users\Oliver\AppData\Local\Temp\sdapskill.exe
C:\Users\Oliver\AppData\Local\Temp\sdaspwn.exe
C:\Users\Oliver\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Oliver\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
C:\Users\Oliver\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Oliver\AppData\Local\Temp\System.Data.SQLite28784.dll
C:\Users\Oliver\AppData\Local\Temp\System.Data.SQLite42183.dll
C:\Users\Oliver\AppData\Local\Temp\System.Data.SQLite53031.dll
C:\Users\Oliver\AppData\Local\Temp\System.Data.SQLite56639.dll
C:\Users\Oliver\AppData\Local\Temp\System.Data.SQLite92236.dll
C:\Users\Oliver\AppData\Local\Temp\WEB.DE_MailCheck_FF_Setup_2.10.1.1735.exe
C:\Users\Oliver\AppData\Local\Temp\WhatsAppMigrator_1.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-08-07 18:05
==================== End Of Log ============================
--- --- --- --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version:13-08-2014
Ran by Oliver at 2014-08-13 18:08:57
Running from C:\Users\Oliver\Desktop\Virus\FRST
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
32 Bit HP CIO Components Installer (Version: 6.1.1 - Hewlett-Packard) Hidden
7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )
Adobe Flash Player 10 ActiveX (HKLM\...\{B7B3E9B3-FB14-4927-894B-E9124509AF5A}) (Version: 10.0.32.18 - Adobe Systems, Inc.)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
AIO_Scan (Version: 130.0.365.000 - Hewlett-Packard) Hidden
AMD Accelerated Video Transcoding (Version: 13.20.100.31206 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (Version: 2013.1206.1603.28764 - Ihr Firmenname) Hidden
AMD Catalyst Install Manager (HKLM\...\{C2796CF4-6517-00C1-9F70-6A9C50680D29}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.81206.1620 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (HKLM\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{941B4CE7-3F5D-443E-A8B7-56A420D2EAFD}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden
calibre (HKLM\...\{B5D724AD-AC50-46B4-AAA7-62EF18F0CDFE}) (Version: 1.44.0 - Kovid Goyal)
Catalyst Control Center - Branding (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
ccc-utility (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4478 - CDBurnerXP)
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
CloudReading (HKLM\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.1.47.1220 - Foxit Corporation)
ContextFree (HKCU\...\ContextFree) (Version: - )
Copy (Version: 130.0.428.000 - Hewlett-Packard) Hidden
Creo Elements/Direct Modeling Express 4.0 (HKLM\...\{B4531C1A-9721-416A-A3BD-C0C600155176}) (Version: 40.0.10020 - Parametric Technology GmbH)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5C78021E-3C8E-4EDF-97EA-E9B8D808FD6D}) (Version: - Microsoft)
Destinations (Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 130.0.465.000 - Hewlett-Packard) Hidden
DJ_AIO_ProductContext (Version: 130.0.365.000 - Hewlett-Packard) Hidden
DJ_AIO_Software (Version: 130.0.365.000 - Hewlett-Packard) Hidden
DJ_AIO_Software_min (Version: 130.0.365.000 - Hewlett-Packard) Hidden
dreamboxEDIT -- The one and only settings editor for your Dreambox (HKLM\...\dreamboxEDIT) (Version: - )
Dropbox (HKCU\...\Dropbox) (Version: 2.10.3 - Dropbox, Inc.)
EasyBCD 2.2 (HKLM\...\EasyBCD) (Version: 2.2 - NeoSmart Technologies)
EPU-6 Engine (HKLM\...\{56B83336-FBC1-4C46-8613-90A9E3B440D6}) (Version: 1.01.14 - )
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
F2100 (Version: 130.0.365.000 - Hewlett-Packard) Hidden
F2100_Help (Version: 90.0.222.000 - Hewlett-Packard) Hidden
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 6.1.2.1224 - Foxit Corporation)
Free WMA to MP3 Converter 1.16 (HKLM\...\Free WMA to MP3 Converter_is1) (Version: - Jodix Technologies Ltd.)
Free YouTube Download version 3.2.43.806 (HKLM\...\Free YouTube Download_is1) (Version: 3.2.43.806 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.38.530 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.38.530 - DVDVideoSoft Ltd.)
FRITZ!Box-Fernzugang einrichten (HKLM\...\{EFADD989-D9F2-49F6-A280-675951CC78D3}) (Version: 1.0.3 - AVM Berlin)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Designjet 3D Software Solution 1.1 (HKLM\...\{3100A54E-7256-4D77-96B6-F51E910425F4}) (Version: 1.1 - Hewlett-Packard)
HP Deskjet All-In-One Driver Software 13.0 Rel. 1 (HKLM\...\{EB773820-0871-46A8-9B96-F2B04F8B34F0}) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
HPPhotoGadget (Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden
iFunbox (v2.7.2386.747), iFunbox DevTeam (HKLM\...\iFunbox_is1) (Version: v2.7.2386.747 - )
iTunes (HKLM\...\{0A37EE62-9A58-420D-90CC-4E52153112EE}) (Version: 11.3.0.54 - Apple Inc.)
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KeePass Password Safe 2.27 (HKLM\...\KeePassPasswordSafe2_is1) (Version: 2.27 - Dominik Reichl)
LightScribe System Software (HKLM\...\{F132000C-1CBA-458F-BF2F-FD43D59410F9}) (Version: 1.18.27.10 - LightScribe)
MarketResearch (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (Version: 2.2.173.0 - Microsoft Corporation) Hidden
Mozilla Firefox 31.0 (x86 de) (HKLM\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyFreeCodec (HKCU\...\MyFreeCodec) (Version: - )
Nero ControlCenter (Version: 11.0.15500 - Nero AG) Hidden
Nero ControlCenter Help (CHM) (Version: 12.0.7000 - Nero AG) Hidden
Nero Core Components (Version: 11.0.20200 - Nero AG) Hidden
Nero CoverDesigner (HKLM\...\{3143E3EB-17A5-48F9-90FC-D7CA556CA210}) (Version: 12.0.01500 - Nero AG)
Nero CoverDesigner (Version: 12.0.10003 - Nero AG) Hidden
Nero CoverDesigner Help (CHM) (Version: 12.0.2000 - Nero AG) Hidden
Nero Update (Version: 11.0.11800.31.0 - Nero AG) Hidden
Prerequisite installer (Version: 12.0.0003 - Nero AG) Hidden
REALTEK Wireless LAN Driver and Utility (HKLM\...\{9C049499-055C-4a0c-A916-1D8CA1FF45EB}) (Version: 1.00.0175 - )
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.14044_15 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.6.3.14044_15 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.43.0 - SAMSUNG Electronics Co., Ltd.)
Scan (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version: - Microsoft) Hidden
SmartWebPrinting (Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (Version: 130.0.469.000 - Hewlett-Packard) Hidden
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.29947 - TeamViewer)
TIPP10 Version 2.1.0 (HKLM\...\TIPP10_is1) (Version: - (c) 2006-2011, Tom Thielicke IT Solutions)
Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (Version: 130.0.422.000 - Hewlett-Packard) Hidden
UnloadSupport (Version: 11.0.0 - Hewlett-Packard) Hidden
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4ACD847E-547D-493F-9A86-F73EAE1B5174}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{4B93560B-F33D-4A67-A224-F5E1C329BD22}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{EAD7BEF9-B28C-425F-B2C5-538CB27EF013}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{C0BDC1DE-C35E-422B-8CBD-C1D555468720}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version: - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version: - Microsoft)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX control for remote connections (HKLM\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-956886985-2695973545-304803630-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Oliver\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-956886985-2695973545-304803630-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Oliver\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-956886985-2695973545-304803630-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Oliver\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-956886985-2695973545-304803630-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-956886985-2695973545-304803630-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-956886985-2695973545-304803630-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-956886985-2695973545-304803630-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-956886985-2695973545-304803630-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-956886985-2695973545-304803630-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-956886985-2695973545-304803630-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-956886985-2695973545-304803630-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
==================== Restore Points =========================
19-07-2014 17:22:56 Removed Apple Application Support
21-07-2014 08:31:56 Windows Update
28-07-2014 16:11:31 Windows Update
28-07-2014 16:39:32 Windows Update
01-08-2014 18:43:56 Windows Update
05-08-2014 19:27:19 Windows Update
08-08-2014 18:21:18 Configured Microsoft Office Professional Plus 2010
10-08-2014 09:03:10 Windows Update
10-08-2014 09:09:26 Removed Skype™ 6.18
10-08-2014 10:02:55 Uniblue SpeedUpMyPC installation
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {1E53F79C-86D1-4F91-A72E-5C16E03333B0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {20777A6D-966D-41ED-8DCA-97B01DB18C99} - System32\Tasks\ASUS\ASUS SIX Engine => C:\Program Files\ASUS\EPU-6 Engine\SixEngine.exe [2009-05-25] ()
Task: {3C0228AF-F8E5-4205-B9C4-5BDE4AE1C940} - \AutoKMS No Task File <==== ATTENTION
Task: {3E423C2E-9348-41D3-AF66-B84627CD3870} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {5A44A6F8-E1A4-43C5-9F9E-C93159962FDA} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {63225ABD-F84F-4C8F-8F4F-8704FADC65CE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)
Task: {9612E598-CC56-4176-B702-4381D362F24C} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {A7766A69-D134-4673-9E4A-D76784D0423A} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {E01649FF-E8C1-4508-98C3-A412E8630422} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-02-09 10:56 - 2009-05-25 11:33 - 06017024 _____ () C:\Program Files\ASUS\EPU-6 Engine\SixEngine.exe
2014-02-09 10:56 - 2009-04-22 21:20 - 00179712 _____ () C:\Program Files\ASUS\EPU-6 Engine\ASUSSERVICE.DLL
2014-02-09 10:56 - 2009-04-20 14:55 - 00565248 _____ () C:\Program Files\ASUS\EPU-6 Engine\pngio.dll
2014-02-09 10:56 - 2006-01-10 17:50 - 00024576 _____ () C:\Windows\system32\AsIo.dll
2014-02-09 10:56 - 2009-04-20 14:55 - 00053248 _____ () C:\Program Files\ASUS\EPU-6 Engine\AsSpindownTimeout.dll
2014-02-06 00:52 - 2014-02-06 00:52 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 00:52 - 2014-02-06 00:52 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-02-09 10:56 - 2009-04-02 13:27 - 00090112 _____ () C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
2014-02-08 19:42 - 2009-12-09 22:20 - 00126976 _____ () C:\Program Files\REALTEK\11n USB Wireless LAN Utility\EnumDevLib.dll
2014-07-01 14:26 - 2014-07-01 14:26 - 00596480 _____ () C:\Users\Oliver\AppData\Local\ContextFree\nvcmd.exe
2014-08-13 17:33 - 2014-08-13 17:33 - 00043008 _____ () c:\users\oliver\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplh0xpr.dll
2013-10-19 01:55 - 2013-10-19 01:55 - 25100288 _____ () C:\Users\Oliver\AppData\Roaming\Dropbox\bin\libcef.dll
2014-07-29 21:49 - 2014-07-29 21:49 - 03800688 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-07-08 16:54 - 2014-07-08 16:54 - 17029808 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\Oliver\Desktop\2014-05-25 14.58.09.jpg:com.dropbox.attributes
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Oliver^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk => C:\Windows\pss\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk.Startup
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: Google Update => "C:\Users\Oliver\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HP Software Update => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: hpqSRMon => C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
MSCONFIG\startupreg: StartCCC => "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe" MSRun
==================== Faulty Device Manager Devices =============
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (08/13/2014 05:39:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Gmer-19357.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Name des fehlerhaften Moduls: Gmer-19357.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00012298
ID des fehlerhaften Prozesses: 0x5c8
Startzeit der fehlerhaften Anwendung: 0xGmer-19357.exe0
Pfad der fehlerhaften Anwendung: Gmer-19357.exe1
Pfad des fehlerhaften Moduls: Gmer-19357.exe2
Berichtskennung: Gmer-19357.exe3
Error: (08/13/2014 05:09:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Gmer-19357.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Name des fehlerhaften Moduls: Gmer-19357.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00012298
ID des fehlerhaften Prozesses: 0xc98
Startzeit der fehlerhaften Anwendung: 0xGmer-19357.exe0
Pfad der fehlerhaften Anwendung: Gmer-19357.exe1
Pfad des fehlerhaften Moduls: Gmer-19357.exe2
Berichtskennung: Gmer-19357.exe3
Error: (08/13/2014 05:09:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Gmer-19357.exe, Version 2.1.19357.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: ddc
Startzeit: 01cfb70863704513
Endzeit: 15
Anwendungspfad: C:\Users\Oliver\Desktop\Virus\Gmer\Gmer-19357.exe
Berichts-ID: c377e711-22fb-11e4-95c1-0022156399ca
System errors:
=============
Error: (08/13/2014 05:07:19 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x0000008e (0xc0000005, 0x00007640, 0xaad71a6c, 0x00000000)C:\Windows\MEMORY.DMP081314-16676-01
Error: (08/13/2014 05:07:17 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 13.08.2014 um 17:05:19 unerwartet heruntergefahren.
Microsoft Office Sessions:
=========================
Error: (08/13/2014 05:39:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Gmer-19357.exe2.1.19357.052e7ea83Gmer-19357.exe2.1.19357.052e7ea83c0000005000122985c801cfb70c974f8a2bC:\Users\Oliver\Desktop\Virus\Gmer\Gmer-19357.exeC:\Users\Oliver\Desktop\Virus\Gmer\Gmer-19357.exefdc2ca70-22ff-11e4-a6f0-000272b08a19
Error: (08/13/2014 05:09:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Gmer-19357.exe2.1.19357.052e7ea83Gmer-19357.exe2.1.19357.052e7ea83c000000500012298c9801cfb70887a76f67C:\Users\Oliver\Desktop\Virus\Gmer\Gmer-19357.exeC:\Users\Oliver\Desktop\Virus\Gmer\Gmer-19357.exee1580c60-22fb-11e4-95c1-0022156399ca
Error: (08/13/2014 05:09:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Gmer-19357.exe2.1.19357.0ddc01cfb7086370451315C:\Users\Oliver\Desktop\Virus\Gmer\Gmer-19357.exec377e711-22fb-11e4-95c1-0022156399ca
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz
Percentage of memory in use: 39%
Total physical RAM: 3327.05 MB
Available physical RAM: 2005.84 MB
Total Pagefile: 6652.4 MB
Available Pagefile: 5071.11 MB
Total Virtual: 2047.88 MB
Available Virtual: 1908.59 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:365.16 GB) (Free:102.81 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: () (Fixed) (Total:465.76 GB) (Free:63.34 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 149 GB) (Disk ID: 000148CA)
Partition 1: (Active) - (Size=145 GB) - (Type=83)
Partition 2: (Not Active) - (Size=4 GB) - (Type=05)
========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: BA51F4EA)
Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 16251625)
Partition 1: (Active) - (Size=365 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=101 GB) - (Type=05)
==================== End Of Log ============================
|
|
18.08.2014, 20:40
| #10 |
| /// the machine /// TB-Ausbilder | Windows7 Firefox öffnet ständig neue Tabs mit Werbung Java und Flash updaten. Ordner windows.old löschen. Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop. Schließe nun alle offenen Programme und trenne Dich von dem Internet. Doppelklick auf die TFC.exe und drücke auf Start. Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKU\S-1-5-21-956886985-2695973545-304803630-1000\...\Run: [framei] => C:\Users\Oliver\AppData\Local\ContextFree\framei.exe [567808 2014-07-01] ()
HKU\S-1-5-21-956886985-2695973545-304803630-1000\...\Run: [nvcmd] => C:\Users\Oliver\AppData\Local\ContextFree\nvcmd.exe [596480 2014-07-01] ()
HKU\S-1-5-21-956886985-2695973545-304803630-1000\...\Run: [cntcmd] => C:\Users\Oliver\AppData\Local\ContextFree\cntcmd.exe [596480 2014-07-01] ()
HKU\S-1-5-21-956886985-2695973545-304803630-1000\...\Policies\Explorer: [DisallowRun] 1
2014-08-10 12:16 - 2014-08-10 12:18 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Genesis_08101016
2014-08-10 12:05 - 2014-08-10 12:05 - 00000000 ____D () C:\Users\Oliver\AppData\Local\ContextFree
2014-08-10 12:04 - 2014-08-10 12:06 - 00000000 ____D () C:\Users\Oliver\AppData\Local\fabulous_08101004
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Frisches FRST log bitte, noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
19.08.2014, 16:33
| #11 |
| | Windows7 Firefox öffnet ständig neue Tabs mit Werbung Auf gehts: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:16-08-2014 03
Ran by Oliver at 2014-08-19 17:30:03 Run:1
Running from C:\Users\Oliver\Desktop\Virus\FRST
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
HKU\S-1-5-21-956886985-2695973545-304803630-1000\...\Run: [framei] => C:\Users\Oliver\AppData\Local\ContextFree\framei.exe [567808 2014-07-01] ()
HKU\S-1-5-21-956886985-2695973545-304803630-1000\...\Run: [nvcmd] => C:\Users\Oliver\AppData\Local\ContextFree\nvcmd.exe [596480 2014-07-01] ()
HKU\S-1-5-21-956886985-2695973545-304803630-1000\...\Run: [cntcmd] => C:\Users\Oliver\AppData\Local\ContextFree\cntcmd.exe [596480 2014-07-01] ()
HKU\S-1-5-21-956886985-2695973545-304803630-1000\...\Policies\Explorer: [DisallowRun] 1
2014-08-10 12:16 - 2014-08-10 12:18 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Genesis_08101016
2014-08-10 12:05 - 2014-08-10 12:05 - 00000000 ____D () C:\Users\Oliver\AppData\Local\ContextFree
2014-08-10 12:04 - 2014-08-10 12:06 - 00000000 ____D () C:\Users\Oliver\AppData\Local\fabulous_08101004
*****************
HKU\S-1-5-21-956886985-2695973545-304803630-1000\Software\Microsoft\Windows\CurrentVersion\Run\\framei => Value not found.
HKU\S-1-5-21-956886985-2695973545-304803630-1000\Software\Microsoft\Windows\CurrentVersion\Run\\nvcmd => Value not found.
HKU\S-1-5-21-956886985-2695973545-304803630-1000\Software\Microsoft\Windows\CurrentVersion\Run\\cntcmd => Value not found.
HKU\S-1-5-21-956886985-2695973545-304803630-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisallowRun => Value not found.
"C:\Users\Oliver\AppData\Local\Genesis_08101016" => File/Directory not found.
"C:\Users\Oliver\AppData\Local\ContextFree" => File/Directory not found.
"C:\Users\Oliver\AppData\Local\fabulous_08101004" => File/Directory not found.
==== End of Fixlog ====
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:16-08-2014 03
Ran by Oliver (administrator) on OLIVER-PC on 19-08-2014 17:31:30
Running from C:\Users\Oliver\Desktop\Virus\FRST
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Realtek) C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtlService.exe
(Realtek Semiconductor Corp.) C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKU\.DEFAULT\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2014-02-10] (Microsoft Corporation)
Startup: C:\Users\Oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Oliver\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=securitascout
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\cfg85hsu.default-1402174875213
FF Homepage: https://www.google.de/?gws_rd=ssl
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF SearchPlugin: C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\cfg85hsu.default-1402174875213\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\cfg85hsu.default-1402174875213\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\cfg85hsu.default-1402174875213\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\cfg85hsu.default-1402174875213\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Download videos and MP3s from YouTube - C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\cfg85hsu.default-1402174875213\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900} [2014-08-09]
FF Extension: PDF Updater Free - C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\cfg85hsu.default-1402174875213\Extensions\{c5518a8b-51fa-437a-9f4d-34a5beb015eb}.xpi [2014-07-20]
FF Extension: Adblock Plus - C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\cfg85hsu.default-1402174875213\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-06-07]
FF Extension: {d3d8eb04-2a7c-4d14-84b4-f701af9beb83} - C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\cfg85hsu.default-1402174875213\Extensions\{d3d8eb04-2a7c-4d14-84b4-f701af9beb83}.xpi [2014-07-17]
FF Extension: Fox!Box - C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\cfg85hsu.default-1402174875213\Extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8}.xpi [2014-08-10]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-03-02]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff [2014-08-09]
Chrome:
=======
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AsSysCtrlService; C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [90112 2009-04-02] () [File not signed]
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2013-01-16] (Hewlett-Packard Company) [File not signed]
S2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [769432 2012-07-13] (Nero AG)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44544 2008-12-03] (Hewlett-Packard) [File not signed]
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-12-03] (Hewlett-Packard) [File not signed]
R2 Realtek11nSU; C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [12400 2007-12-17] ()
S3 KMWDFILTERx86; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [25088 2009-04-29] (Windows (R) Codename Longhorn DDK provider)
R3 L1E; C:\Windows\System32\DRIVERS\L1E62x86.sys [47104 2009-07-14] (Atheros Communications, Inc.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [6504 2009-05-13] ()
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [320120 2014-06-20] (Duplex Secure Ltd.)
S3 catchme; \??\C:\Users\Oliver\AppData\Local\Temp\catchme.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-19 17:22 - 2014-08-19 17:22 - 00004680 _____ () C:\Windows\system32\jupdate-1.7.0_67-b01.log
2014-08-19 17:22 - 2014-08-19 17:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-19 17:22 - 2014-08-19 17:22 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-08-19 17:22 - 2014-07-25 12:55 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-08-19 17:22 - 2014-07-25 12:49 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-08-19 17:22 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-08-19 17:22 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-08-19 17:10 - 2014-08-19 17:10 - 00448512 _____ (OldTimer Tools) C:\Users\Oliver\Desktop\TFC.exe
2014-08-17 11:18 - 2014-08-17 11:18 - 00023488 _____ () C:\Users\Oliver\Desktop\logs.zip
2014-08-16 19:26 - 2014-08-16 19:26 - 00000995 _____ () C:\Users\Oliver\Desktop\checkup.txt
2014-08-16 19:22 - 2014-08-16 19:22 - 00854417 _____ () C:\Users\Oliver\Desktop\SecurityCheck.exe
2014-08-15 21:42 - 2014-08-15 21:42 - 02347384 _____ (ESET) C:\Users\Oliver\Desktop\esetsmartinstaller_deu.exe
2014-08-14 21:28 - 2014-08-14 21:28 - 00000768 _____ () C:\Users\Oliver\Desktop\JRT.txt
2014-08-14 21:28 - 2014-08-14 21:28 - 00000768 _____ () C:\Users\Oliver\Desktop\JRT.txe.txt
2014-08-14 21:17 - 2014-08-14 21:17 - 00001266 _____ () C:\Users\Oliver\Desktop\AdwCleaner[S1].txt
2014-08-14 21:06 - 2014-08-14 21:06 - 00002527 _____ () C:\Users\Oliver\Desktop\mbam.txt.txt
2014-08-14 20:47 - 2014-08-19 17:06 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-14 20:47 - 2014-08-14 20:47 - 01356107 _____ () C:\Users\Oliver\Desktop\adwcleaner_3.305.exe
2014-08-14 20:47 - 2014-08-14 20:47 - 01016261 _____ (Thisisu) C:\Users\Oliver\Desktop\JRT.exe
2014-08-14 20:46 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-14 20:46 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-14 20:46 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-14 20:46 - 2014-07-25 15:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-14 20:46 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-14 20:46 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-14 20:46 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-14 20:46 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-14 20:46 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-14 20:46 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-14 20:46 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-14 20:46 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-14 20:46 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-14 20:46 - 2014-07-25 14:10 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-14 20:46 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-14 20:46 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-14 20:46 - 2014-07-25 13:59 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-14 20:46 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-14 20:46 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-14 20:46 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-14 20:46 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-14 20:46 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-14 20:46 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-14 20:46 - 2014-07-25 13:09 - 00663040 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-14 20:46 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-14 20:46 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-14 20:46 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-14 20:46 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-14 20:46 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-14 20:46 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-14 20:46 - 2014-07-16 04:47 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-14 20:46 - 2014-07-16 03:47 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-14 20:46 - 2014-07-14 03:42 - 00654336 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-14 20:46 - 2014-06-16 03:44 - 00730048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-14 20:46 - 2014-06-16 03:44 - 00219072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2014-08-14 20:46 - 2014-06-16 03:40 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-08-14 20:46 - 2014-06-03 11:30 - 00101824 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-14 20:46 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-14 20:46 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-14 20:46 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-14 20:45 - 2014-08-14 20:45 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Oliver\Desktop\mbam-setup-2.0.2.1012.exe
2014-08-14 20:45 - 2014-08-14 20:45 - 00001060 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-14 20:45 - 2014-08-14 20:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-08-14 20:45 - 2014-08-14 20:45 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-14 20:45 - 2014-08-14 20:45 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-08-14 20:45 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-14 20:45 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-14 20:45 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-14 20:45 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-14 20:44 - 2014-08-07 03:43 - 00412160 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-14 20:44 - 2014-08-07 03:39 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-14 20:44 - 2014-07-09 03:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-14 20:44 - 2014-07-09 03:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-14 20:44 - 2014-07-09 03:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-14 20:44 - 2014-07-09 03:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-14 20:44 - 2014-07-09 03:29 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-14 20:44 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-14 20:44 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-13 21:48 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-13 21:48 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-13 21:48 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-13 21:48 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-13 19:32 - 2014-08-13 19:32 - 00019705 _____ () C:\ComboFix.txt
2014-08-13 19:14 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-08-13 19:14 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-08-13 19:14 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-08-13 19:14 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-08-13 19:14 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-08-13 19:14 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-08-13 19:14 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-08-13 19:14 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-08-13 19:12 - 2014-08-13 19:12 - 05569662 ____R (Swearware) C:\Users\Oliver\Desktop\ComboFix.exe
2014-08-13 19:06 - 2014-08-13 19:32 - 00000000 ____D () C:\Qoobox
2014-08-13 19:06 - 2014-08-13 19:31 - 00000000 ____D () C:\Windows\erdnt
2014-08-13 17:31 - 2014-08-13 17:31 - 00000176 _____ () C:\Users\Oliver\defogger_reenable
2014-08-13 17:07 - 2014-08-13 17:07 - 00144584 _____ () C:\Windows\Minidump\081314-16676-01.dmp
2014-08-13 17:00 - 2014-08-19 17:31 - 00000000 ____D () C:\FRST
2014-08-13 16:59 - 2014-08-13 19:33 - 00000000 ____D () C:\Users\Oliver\Desktop\Virus
2014-08-12 18:32 - 2014-08-12 18:32 - 00000000 ____D () C:\Program Files\ESET
2014-08-12 18:26 - 2014-08-12 18:26 - 00000000 ____D () C:\Windows\ERUNT
2014-08-10 12:59 - 2014-08-12 17:57 - 00000000 ____D () C:\Windows\AutoKMS
2014-08-09 20:29 - 2014-08-09 20:38 - 238945732 _____ () C:\Users\Oliver\Desktop\PLANET E_ ABENTEUER - MALLORCA, TEIL 1.avi
2014-08-09 20:19 - 2014-08-09 20:29 - 230164014 _____ () C:\Users\Oliver\Desktop\PLANET E_ ABENTEUER - MALLORCA, TEIL 2.avi
2014-08-09 18:33 - 2014-08-10 11:09 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\Skype
2014-08-09 18:33 - 2014-08-10 11:09 - 00000000 ____D () C:\ProgramData\Skype
2014-08-09 18:33 - 2014-08-09 18:33 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Skype
2014-08-09 18:32 - 2014-08-09 18:32 - 00002176 _____ () C:\Users\Public\Desktop\Free YouTube Download.lnk
2014-08-08 20:27 - 2014-08-08 20:27 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-08-07 17:39 - 2014-08-07 17:39 - 00367576 _____ () C:\Windows\Minidump\080714-19905-01.dmp
2014-07-31 21:40 - 2014-07-31 21:40 - 00367568 _____ () C:\Windows\Minidump\073114-20872-01.dmp
2014-07-29 21:49 - 2014-07-29 21:49 - 00000000 ____D () C:\Program Files\Mozilla Firefox
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-19 17:31 - 2014-08-13 17:00 - 00000000 ____D () C:\FRST
2014-08-19 17:28 - 2014-02-08 18:59 - 01663711 _____ () C:\Windows\WindowsUpdate.log
2014-08-19 17:25 - 2014-02-10 20:11 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-08-19 17:25 - 2014-02-10 20:11 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-08-19 17:25 - 2014-02-10 20:11 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-19 17:23 - 2014-03-11 20:18 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-19 17:22 - 2014-08-19 17:22 - 00004680 _____ () C:\Windows\system32\jupdate-1.7.0_67-b01.log
2014-08-19 17:22 - 2014-08-19 17:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-19 17:22 - 2014-08-19 17:22 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-08-19 17:22 - 2014-03-11 20:18 - 00000000 ____D () C:\Program Files\Java
2014-08-19 17:12 - 2009-07-14 06:34 - 00020480 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-19 17:12 - 2009-07-14 06:34 - 00020480 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-19 17:10 - 2014-08-19 17:10 - 00448512 _____ (OldTimer Tools) C:\Users\Oliver\Desktop\TFC.exe
2014-08-19 17:07 - 2014-02-08 21:00 - 00000000 ___RD () C:\Users\Oliver\Dropbox
2014-08-19 17:07 - 2014-02-08 20:57 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\Dropbox
2014-08-19 17:06 - 2014-08-14 20:47 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-19 17:05 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-19 17:04 - 2009-07-14 06:39 - 00048424 _____ () C:\Windows\setupact.log
2014-08-18 18:07 - 2014-02-08 20:31 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\KeePass
2014-08-18 17:13 - 2009-07-14 06:33 - 00410352 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-17 18:27 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-08-17 12:08 - 2014-02-16 18:38 - 00000000 ____D () C:\Users\Oliver\Desktop\Börsenkurse
2014-08-17 11:18 - 2014-08-17 11:18 - 00023488 _____ () C:\Users\Oliver\Desktop\logs.zip
2014-08-16 19:26 - 2014-08-16 19:26 - 00000995 _____ () C:\Users\Oliver\Desktop\checkup.txt
2014-08-16 19:22 - 2014-08-16 19:22 - 00854417 _____ () C:\Users\Oliver\Desktop\SecurityCheck.exe
2014-08-15 22:11 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-08-15 21:42 - 2014-08-15 21:42 - 02347384 _____ (ESET) C:\Users\Oliver\Desktop\esetsmartinstaller_deu.exe
2014-08-15 06:35 - 2014-02-08 20:58 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-15 06:35 - 2013-01-03 18:51 - 00001021 _____ () C:\Users\Oliver\Desktop\Dropbox.lnk
2014-08-15 06:31 - 2014-05-07 18:24 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-15 06:31 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-08-14 22:08 - 2014-02-09 10:37 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-14 21:28 - 2014-08-14 21:28 - 00000768 _____ () C:\Users\Oliver\Desktop\JRT.txt
2014-08-14 21:28 - 2014-08-14 21:28 - 00000768 _____ () C:\Users\Oliver\Desktop\JRT.txe.txt
2014-08-14 21:17 - 2014-08-14 21:17 - 00001266 _____ () C:\Users\Oliver\Desktop\AdwCleaner[S1].txt
2014-08-14 21:10 - 2014-02-09 11:38 - 00026024 _____ () C:\Windows\PFRO.log
2014-08-14 21:09 - 2013-11-13 18:28 - 00000000 ____D () C:\AdwCleaner
2014-08-14 21:06 - 2014-08-14 21:06 - 00002527 _____ () C:\Users\Oliver\Desktop\mbam.txt.txt
2014-08-14 20:56 - 2009-07-14 10:56 - 00000000 __SHD () C:\Windows\BitLockerDiscoveryVolumeContents
2014-08-14 20:47 - 2014-08-14 20:47 - 01356107 _____ () C:\Users\Oliver\Desktop\adwcleaner_3.305.exe
2014-08-14 20:47 - 2014-08-14 20:47 - 01016261 _____ (Thisisu) C:\Users\Oliver\Desktop\JRT.exe
2014-08-14 20:45 - 2014-08-14 20:45 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Oliver\Desktop\mbam-setup-2.0.2.1012.exe
2014-08-14 20:45 - 2014-08-14 20:45 - 00001060 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-14 20:45 - 2014-08-14 20:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-08-14 20:45 - 2014-08-14 20:45 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-14 20:45 - 2014-08-14 20:45 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-08-13 21:51 - 2014-02-09 10:57 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-13 21:49 - 2014-02-09 10:57 - 96303304 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-13 19:33 - 2014-08-13 16:59 - 00000000 ____D () C:\Users\Oliver\Desktop\Virus
2014-08-13 19:32 - 2014-08-13 19:32 - 00019705 _____ () C:\ComboFix.txt
2014-08-13 19:32 - 2014-08-13 19:06 - 00000000 ____D () C:\Qoobox
2014-08-13 19:32 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Default
2014-08-13 19:32 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public
2014-08-13 19:31 - 2014-08-13 19:06 - 00000000 ____D () C:\Windows\erdnt
2014-08-13 19:29 - 2009-07-14 04:04 - 00000215 _____ () C:\Windows\system.ini
2014-08-13 19:24 - 2009-07-14 04:03 - 57409536 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-08-13 19:24 - 2009-07-14 04:03 - 17301504 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-08-13 19:24 - 2009-07-14 04:03 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-08-13 19:24 - 2009-07-14 04:03 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-08-13 19:24 - 2009-07-14 04:03 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-08-13 19:23 - 2014-02-08 19:32 - 00000000 ____D () C:\Users\Oliver
2014-08-13 19:12 - 2014-08-13 19:12 - 05569662 ____R (Swearware) C:\Users\Oliver\Desktop\ComboFix.exe
2014-08-13 17:31 - 2014-08-13 17:31 - 00000176 _____ () C:\Users\Oliver\defogger_reenable
2014-08-13 17:30 - 2014-02-08 19:13 - 01628044 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-13 17:07 - 2014-08-13 17:07 - 00144584 _____ () C:\Windows\Minidump\081314-16676-01.dmp
2014-08-13 17:07 - 2014-03-16 15:02 - 00000000 ____D () C:\Windows\Minidump
2014-08-13 17:07 - 2014-03-16 15:01 - 357774381 _____ () C:\Windows\MEMORY.DMP
2014-08-12 18:32 - 2014-08-12 18:32 - 00000000 ____D () C:\Program Files\ESET
2014-08-12 18:26 - 2014-08-12 18:26 - 00000000 ____D () C:\Windows\ERUNT
2014-08-12 17:57 - 2014-08-10 12:59 - 00000000 ____D () C:\Windows\AutoKMS
2014-08-10 12:18 - 2014-03-02 14:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-08-10 12:18 - 2014-03-02 14:52 - 00001797 _____ () C:\ProgramData\hpzinstall.log
2014-08-10 12:18 - 2014-03-02 14:52 - 00000000 ____D () C:\Program Files\HP
2014-08-10 11:09 - 2014-08-09 18:33 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\Skype
2014-08-10 11:09 - 2014-08-09 18:33 - 00000000 ____D () C:\ProgramData\Skype
2014-08-09 21:18 - 2009-07-14 04:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-08-09 20:38 - 2014-08-09 20:29 - 238945732 _____ () C:\Users\Oliver\Desktop\PLANET E_ ABENTEUER - MALLORCA, TEIL 1.avi
2014-08-09 20:29 - 2014-08-09 20:19 - 230164014 _____ () C:\Users\Oliver\Desktop\PLANET E_ ABENTEUER - MALLORCA, TEIL 2.avi
2014-08-09 18:39 - 2014-06-07 09:13 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\vlc
2014-08-09 18:33 - 2014-08-09 18:33 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Skype
2014-08-09 18:33 - 2014-06-01 12:03 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\DVDVideoSoft
2014-08-09 18:32 - 2014-08-09 18:32 - 00002176 _____ () C:\Users\Public\Desktop\Free YouTube Download.lnk
2014-08-09 18:32 - 2014-06-01 12:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-08-09 18:32 - 2014-06-01 12:05 - 00000000 ____D () C:\Program Files\DVDVideoSoft
2014-08-09 18:32 - 2014-06-01 12:05 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2014-08-08 20:34 - 2014-02-08 19:48 - 00110056 _____ () C:\Users\Oliver\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-08 20:27 - 2014-08-08 20:27 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-08-08 20:27 - 2014-02-09 10:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2014-08-08 20:27 - 2014-02-09 10:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-08-08 20:26 - 2009-07-14 10:56 - 00000000 ____D () C:\Windows\ShellNew
2014-08-08 20:26 - 2009-07-14 06:52 - 00000000 ____D () C:\Program Files\MSBuild
2014-08-08 20:26 - 2009-07-14 04:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-08-08 20:23 - 2009-07-14 04:04 - 00000615 _____ () C:\Windows\win.ini
2014-08-07 17:39 - 2014-08-07 17:39 - 00367576 _____ () C:\Windows\Minidump\080714-19905-01.dmp
2014-08-07 03:43 - 2014-08-14 20:44 - 00412160 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-07 03:39 - 2014-08-14 20:44 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-04 19:14 - 2009-07-14 06:52 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-08-01 01:16 - 2014-08-14 20:46 - 00307384 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-31 21:40 - 2014-07-31 21:40 - 00367568 _____ () C:\Windows\Minidump\073114-20872-01.dmp
2014-07-31 17:14 - 2014-02-08 19:45 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-07-29 21:49 - 2014-07-29 21:49 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-29 13:02 - 2009-07-14 06:53 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-29 08:04 - 2014-02-09 13:50 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-28 18:40 - 2014-02-09 13:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-25 15:51 - 2014-08-14 20:46 - 17524224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-25 15:04 - 2014-08-14 20:46 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-25 15:03 - 2014-08-14 20:46 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-25 14:34 - 2014-08-14 20:46 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-25 14:34 - 2014-08-14 20:46 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-25 14:33 - 2014-08-14 20:46 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-25 14:30 - 2014-08-14 20:46 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-25 14:21 - 2014-08-14 20:46 - 02184704 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-25 14:18 - 2014-08-14 20:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-25 14:17 - 2014-08-14 20:46 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-25 14:12 - 2014-08-14 20:46 - 00438784 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-25 14:10 - 2014-08-14 20:46 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-25 14:10 - 2014-08-14 20:46 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-25 14:08 - 2014-08-14 20:46 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-25 14:06 - 2014-08-14 20:46 - 04204032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-25 13:59 - 2014-08-14 20:46 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-25 13:52 - 2014-08-14 20:46 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-25 13:43 - 2014-08-14 20:46 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-25 13:36 - 2014-08-14 20:46 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-25 13:34 - 2014-08-14 20:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-25 13:29 - 2014-08-14 20:46 - 00239616 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-25 13:13 - 2014-08-14 20:46 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-25 13:09 - 2014-08-14 20:46 - 00663040 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-25 13:07 - 2014-08-14 20:46 - 02001920 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-25 13:07 - 2014-08-14 20:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-25 13:03 - 2014-08-14 20:46 - 11772928 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-25 12:55 - 2014-08-19 17:22 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-07-25 12:49 - 2014-08-19 17:22 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-07-25 12:49 - 2014-08-19 17:22 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-07-25 12:49 - 2014-08-19 17:22 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-07-25 12:09 - 2014-08-14 20:46 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-25 12:05 - 2014-08-14 20:46 - 01792512 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-25 12:00 - 2014-08-14 20:46 - 01169920 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-20 21:40 - 2014-03-10 18:59 - 00001060 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-07-20 21:40 - 2014-03-10 18:59 - 00001048 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-07-20 16:17 - 2014-02-08 20:55 - 00000000 ____D () C:\Users\Oliver\Documents\Meine Scans
2014-07-20 12:24 - 2014-07-19 21:20 - 00000000 ____D () C:\Users\Oliver\Desktop\Urlaub
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-08-17 18:16
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version:16-08-2014 03
Ran by Oliver at 2014-08-19 17:31:49
Running from C:\Users\Oliver\Desktop\Virus\FRST
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Disabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Disabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
32 Bit HP CIO Components Installer (Version: 6.1.1 - Hewlett-Packard) Hidden
7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )
Adobe Flash Player 10 ActiveX (HKLM\...\{B7B3E9B3-FB14-4927-894B-E9124509AF5A}) (Version: 10.0.32.18 - Adobe Systems, Inc.)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)
AIO_Scan (Version: 130.0.365.000 - Hewlett-Packard) Hidden
AMD Accelerated Video Transcoding (Version: 13.20.100.31206 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (Version: 2013.1206.1603.28764 - Ihr Firmenname) Hidden
AMD Catalyst Install Manager (HKLM\...\{C2796CF4-6517-00C1-9F70-6A9C50680D29}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.81206.1620 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (HKLM\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{941B4CE7-3F5D-443E-A8B7-56A420D2EAFD}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden
calibre (HKLM\...\{B5D724AD-AC50-46B4-AAA7-62EF18F0CDFE}) (Version: 1.44.0 - Kovid Goyal)
Catalyst Control Center - Branding (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
ccc-utility (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4478 - CDBurnerXP)
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
CloudReading (HKLM\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.1.47.1220 - Foxit Corporation)
Copy (Version: 130.0.428.000 - Hewlett-Packard) Hidden
Creo Elements/Direct Modeling Express 4.0 (HKLM\...\{B4531C1A-9721-416A-A3BD-C0C600155176}) (Version: 40.0.10020 - Parametric Technology GmbH)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{132D27B8-C656-44BD-8C16-73C54EA8A85F}) (Version: - Microsoft)
Destinations (Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 130.0.465.000 - Hewlett-Packard) Hidden
DJ_AIO_ProductContext (Version: 130.0.365.000 - Hewlett-Packard) Hidden
DJ_AIO_Software (Version: 130.0.365.000 - Hewlett-Packard) Hidden
DJ_AIO_Software_min (Version: 130.0.365.000 - Hewlett-Packard) Hidden
dreamboxEDIT -- The one and only settings editor for your Dreambox (HKLM\...\dreamboxEDIT) (Version: - )
Dropbox (HKCU\...\Dropbox) (Version: 2.10.27 - Dropbox, Inc.)
EasyBCD 2.2 (HKLM\...\EasyBCD) (Version: 2.2 - NeoSmart Technologies)
EPU-6 Engine (HKLM\...\{56B83336-FBC1-4C46-8613-90A9E3B440D6}) (Version: 1.01.14 - )
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
F2100 (Version: 130.0.365.000 - Hewlett-Packard) Hidden
F2100_Help (Version: 90.0.222.000 - Hewlett-Packard) Hidden
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 6.1.2.1224 - Foxit Corporation)
Free WMA to MP3 Converter 1.16 (HKLM\...\Free WMA to MP3 Converter_is1) (Version: - Jodix Technologies Ltd.)
Free YouTube Download version 3.2.43.806 (HKLM\...\Free YouTube Download_is1) (Version: 3.2.43.806 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.38.530 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.38.530 - DVDVideoSoft Ltd.)
FRITZ!Box-Fernzugang einrichten (HKLM\...\{EFADD989-D9F2-49F6-A280-675951CC78D3}) (Version: 1.0.3 - AVM Berlin)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Designjet 3D Software Solution 1.1 (HKLM\...\{3100A54E-7256-4D77-96B6-F51E910425F4}) (Version: 1.1 - Hewlett-Packard)
HP Deskjet All-In-One Driver Software 13.0 Rel. 1 (HKLM\...\{EB773820-0871-46A8-9B96-F2B04F8B34F0}) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
HPPhotoGadget (Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden
iFunbox (v2.7.2386.747), iFunbox DevTeam (HKLM\...\iFunbox_is1) (Version: v2.7.2386.747 - )
iTunes (HKLM\...\{0A37EE62-9A58-420D-90CC-4E52153112EE}) (Version: 11.3.0.54 - Apple Inc.)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (Version: 2.1.67.1 - Oracle, Inc.) Hidden
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KeePass Password Safe 2.27 (HKLM\...\KeePassPasswordSafe2_is1) (Version: 2.27 - Dominik Reichl)
LightScribe System Software (HKLM\...\{F132000C-1CBA-458F-BF2F-FD43D59410F9}) (Version: 1.18.27.10 - LightScribe)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MarketResearch (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (Version: 2.2.173.0 - Microsoft Corporation) Hidden
Mozilla Firefox 31.0 (x86 de) (HKLM\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero ControlCenter (Version: 11.0.15500 - Nero AG) Hidden
Nero ControlCenter Help (CHM) (Version: 12.0.7000 - Nero AG) Hidden
Nero Core Components (Version: 11.0.20200 - Nero AG) Hidden
Nero CoverDesigner (HKLM\...\{3143E3EB-17A5-48F9-90FC-D7CA556CA210}) (Version: 12.0.01500 - Nero AG)
Nero CoverDesigner (Version: 12.0.10003 - Nero AG) Hidden
Nero CoverDesigner Help (CHM) (Version: 12.0.2000 - Nero AG) Hidden
Nero Update (Version: 11.0.11800.31.0 - Nero AG) Hidden
Prerequisite installer (Version: 12.0.0003 - Nero AG) Hidden
REALTEK Wireless LAN Driver and Utility (HKLM\...\{9C049499-055C-4a0c-A916-1D8CA1FF45EB}) (Version: 1.00.0175 - )
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.14044_15 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.6.3.14044_15 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.43.0 - SAMSUNG Electronics Co., Ltd.)
Scan (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version: - Microsoft) Hidden
SmartWebPrinting (Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (Version: 130.0.469.000 - Hewlett-Packard) Hidden
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.29947 - TeamViewer)
TIPP10 Version 2.1.0 (HKLM\...\TIPP10_is1) (Version: - (c) 2006-2011, Tom Thielicke IT Solutions)
Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (Version: 130.0.422.000 - Hewlett-Packard) Hidden
UnloadSupport (Version: 11.0.0 - Hewlett-Packard) Hidden
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4ACD847E-547D-493F-9A86-F73EAE1B5174}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{4B93560B-F33D-4A67-A224-F5E1C329BD22}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{EAD7BEF9-B28C-425F-B2C5-538CB27EF013}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version: - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version: - Microsoft)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX control for remote connections (HKLM\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-956886985-2695973545-304803630-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Oliver\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-956886985-2695973545-304803630-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Oliver\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-956886985-2695973545-304803630-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Oliver\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-956886985-2695973545-304803630-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-956886985-2695973545-304803630-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-956886985-2695973545-304803630-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-956886985-2695973545-304803630-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-956886985-2695973545-304803630-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-956886985-2695973545-304803630-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-956886985-2695973545-304803630-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-956886985-2695973545-304803630-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
==================== Restore Points =========================
10-08-2014 10:02:55 Uniblue SpeedUpMyPC installation
13-08-2014 17:14:46 ComboFix created restore point
13-08-2014 17:40:44 Windows Update
13-08-2014 19:45:35 Windows Update
14-08-2014 20:06:17 Windows Update
18-08-2014 15:24:05 Windows Update
19-08-2014 15:21:39 Installed Java 7 Update 67
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:04 - 2014-08-13 19:28 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {1E53F79C-86D1-4F91-A72E-5C16E03333B0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {20777A6D-966D-41ED-8DCA-97B01DB18C99} - System32\Tasks\ASUS\ASUS SIX Engine => C:\Program Files\ASUS\EPU-6 Engine\SixEngine.exe [2009-05-25] ()
Task: {3C0228AF-F8E5-4205-B9C4-5BDE4AE1C940} - \AutoKMS No Task File <==== ATTENTION
Task: {3E423C2E-9348-41D3-AF66-B84627CD3870} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {5A44A6F8-E1A4-43C5-9F9E-C93159962FDA} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {63225ABD-F84F-4C8F-8F4F-8704FADC65CE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-19] (Adobe Systems Incorporated)
Task: {9612E598-CC56-4176-B702-4381D362F24C} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {A7766A69-D134-4673-9E4A-D76784D0423A} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {E01649FF-E8C1-4508-98C3-A412E8630422} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2014-02-06 00:52 - 2014-02-06 00:52 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 00:52 - 2014-02-06 00:52 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-02-09 10:56 - 2009-04-02 13:27 - 00090112 _____ () C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
2014-02-08 19:42 - 2009-12-09 22:20 - 00126976 _____ () C:\Program Files\REALTEK\11n USB Wireless LAN Utility\EnumDevLib.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-07-29 21:49 - 2014-07-29 21:49 - 03800688 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\Oliver\Desktop\2014-05-25 14.58.09.jpg:com.dropbox.attributes
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Oliver^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk => C:\Windows\pss\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk.Startup
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: HP Software Update => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: hpqSRMon => C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
MSCONFIG\startupreg: StartCCC => "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe" MSRun
==================== Faulty Device Manager Devices =============
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Error: (08/17/2014 05:34:45 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80004005
Error: (08/17/2014 00:08:26 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Error: (08/16/2014 10:42:16 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80004005
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz
Percentage of memory in use: 35%
Total physical RAM: 3327.05 MB
Available physical RAM: 2147.2 MB
Total Pagefile: 6652.4 MB
Available Pagefile: 5333.32 MB
Total Virtual: 2047.88 MB
Available Virtual: 1904.18 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:365.16 GB) (Free:227.39 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: () (Fixed) (Total:465.76 GB) (Free:98.37 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 149.1 GB) (Disk ID: 000148CA)
Partition 1: (Active) - (Size=145.1 GB) - (Type=83)
Partition 2: (Not Active) - (Size=4 GB) - (Type=05)
========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: BA51F4EA)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 16251625)
Partition 1: (Active) - (Size=365.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=100.6 GB) - (Type=05)
==================== End Of Log ============================
|
|
20.08.2014, 09:22
| #12 |
| /// the machine /// TB-Ausbilder | Windows7 Firefox öffnet ständig neue Tabs mit Werbung Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
Linear-Darstellung
