|
Plagegeister aller Art und deren Bekämpfung: PUP.Optional.WebSteroids.AWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
15.08.2014, 10:49 | #1 |
| PUP.Optional.WebSteroids.A Hallo zusammen, ich habe gerade meinen PC mit dem Programm Malwarebytes Anti-Malware abscannen lassen und dabei hat er einige Meldungen rausgeworfen :-( Und zwar : Registrierungsschlüssel: 4 PUP.Optional.WebSteroids.A, HKLM\SOFTWARE\CLASSES\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}, , [ab340abc304ba393047c0a65748eb14f], PUP.Optional.DynConIE.A, HKLM\SOFTWARE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, , [23bc685e1b60a98de06f6a057092d030], PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\SEARCHPROTECT, , [26b946803e3de74f4aa59651867c3cc4], PUP.Optional.MultiIE.A, HKU\S-1-5-21-3307784932-3257054885-3720409516-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\DynConIE, , [25ba12b477042f07c63b49f6bd470bf5], Registrierungswerte: 1 PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\SEARCHPROTECT|InstallDir, C:\PROGRA~2\SearchProtect, , [26b946803e3de74f4aa59651867c3cc4] Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 1 PUP.Optional.Conduit.A, C:\Users\Mark-Peter\AppData\Roaming\Mozilla\Firefox\Profiles\sucmapd9.default\searchplugins\conduit-search.xml, , [2fb0e8de423979bd63e70839848010f0], Habe ich nun ein Problem und muss meinen PC komplett neu machen ( gerade erst neu gemacht ) oder kann man diese Probleme beheben ?? Würde mich freuen wenn sich sobald wie möglich jemand melden würde. Ab und zu geht auf meinem Desktop auch noch ein Fenster in regelmäßigen Abständen auf, Screen hänge ich mal an. Mark-Peter |
15.08.2014, 10:52 | #2 |
/// the machine /// TB-Ausbilder | PUP.Optional.WebSteroids.A hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
15.08.2014, 12:08 | #3 |
| PUP.Optional.WebSteroids.AFRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-08-2014 Ran by Mark-Peter (administrator) on MARK-PETER-PC on 15-08-2014 12:58:46 Running from D:\Mozilla-Downloads Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 8 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (AMD) C:\Windows\System32\atiesrxx.exe (Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (AMD) C:\Windows\System32\atieclxx.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe () C:\Program Files (x86)\FeedReader30\feedreader.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Sanford, L.P.) C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe (WiseCleaner.com) C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe () D:\janrufmonitor\jam.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (REINER SCT) C:\Windows\SysWOW64\cjpcsc.exe (Sanford, L.P.) C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe (AVM Berlin) C:\Users\Mark-Peter\AppData\Local\Apps\2.0\N9QOBBD3.TOD\PE8TCT8J.41Y\frit..tion_1acae14e4778b8d2_0002.0003_6dcb4a48ddb2ee39\fritzbox-usb-fernanschluss.exe (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE (MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Windows\System32\audiodg.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [P17RunE] => RunDll32 P17RunE.dll,RunDLLEntry HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-07-31] (AVAST Software) HKU\S-1-5-21-3307784932-3257054885-3720409516-1001\...\Run: [BirthdayRemember6] => C:\Program Files (x86)\BirthdayRemember\BirthdayRemember.exe [2440704 2008-07-28] (BirthdayRemember) HKU\S-1-5-21-3307784932-3257054885-3720409516-1001\...\Run: [AVMUSBFernanschluss] => C:\Users\Mark-Peter\AppData\Local\Apps\2.0\N9QOBBD3.TOD\PE8TCT8J.41Y\frit..tion_1acae14e4778b8d2_0002.0003_6dcb4a48ddb2ee39\AVMAutoStart.exe [139264 2014-06-08] (AVM Berlin) HKU\S-1-5-21-3307784932-3257054885-3720409516-1001\...\Run: [feedreader.exe] => C:\Program Files (x86)\FeedReader30\feedreader.exe [2058240 2009-03-29] () HKU\S-1-5-21-3307784932-3257054885-3720409516-1001\...\Run: [DymoQuickPrint] => C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe [1866544 2013-03-05] (Sanford, L.P.) HKU\S-1-5-21-3307784932-3257054885-3720409516-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-21-3307784932-3257054885-3720409516-1001\...\MountPoints2: {86a225f9-4aff-11e3-9b1b-002618988ac8} - K:\LaunchU3.exe -a Startup: C:\Users\Mark-Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jAnrufmonitor 5.0.lnk ShortcutTarget: jAnrufmonitor 5.0.lnk -> D:\janrufmonitor\jam.exe () ShellIconOverlayIdentifiers: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mark-Peter\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mark-Peter\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mark-Peter\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mark-Peter\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mark-Peter\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mark-Peter\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mark-Peter\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mark-Peter\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software) ShellIconOverlayIdentifiers: AcronisSyncError -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => No File ShellIconOverlayIdentifiers: AcronisSyncInProgress -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => No File ShellIconOverlayIdentifiers: AcronisSyncOk -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => No File ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB2D04FEBB143CF01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKCU - URL hxxp://search.conduit.com/Results.aspx?ctid=CT3323737&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=5&UP=SP7B061BD6-4860-4D72-AE7E-E762E5AA5BB9&q={searchTerms}&SSPV= SearchScopes: HKCU - SuggestionsURL_JSON hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms} BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre8\bin\ssv.dll (Oracle Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre8\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File DPF: HKLM-x32 {3746422E-4692-4429-9698-E3EB34FE07BC} hxxp://udo.selfhost.me/FSIPCam.cab DPF: HKLM-x32 {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} /codebase/DVM_IPCam2.ocx Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Filter-x32: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - No File Tcpip\Parameters: [DhcpNameServer] FireFox: ======== FF ProfilePath: C:\Users\Mark-Peter\AppData\Roaming\Mozilla\Firefox\Profiles\sucmapd9.default FF Homepage: hxxp://www.google.de/ FF NetworkProxy: "ftp", "79.142.126.3" FF NetworkProxy: "ftp_port", 8080 FF NetworkProxy: "http", "79.142.126.3" FF NetworkProxy: "http_port", 8080 FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co" FF NetworkProxy: "share_proxy_settings", true FF NetworkProxy: "socks", "79.142.126.3" FF NetworkProxy: "socks_port", 8080 FF NetworkProxy: "ssl", "79.142.126.3" FF NetworkProxy: "ssl_port", 8080 FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll () FF Plugin: @java.com/DTPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin-x32: @dymo.com/DymoLabelFramework -> C:\Program Files (x86)\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll ( Sanford L.P.) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @IPCWebComponents -> C:\Program Files (x86)\IPCWebComponents\npIPCReg.dll () FF Plugin-x32: @java.com/DTPlugin,version=11.11.2 -> C:\Program Files (x86)\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.11.2 -> C:\Program Files (x86)\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG) FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll (Tracker Software Products (Canada) Ltd.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Adblock Plus Pop-up Addon - C:\Users\Mark-Peter\AppData\Roaming\Mozilla\Firefox\Profiles\sucmapd9.default\Extensions\adblockpopups@jessehakanen.net.xpi [2013-11-11] FF Extension: AutoPager - C:\Users\Mark-Peter\AppData\Roaming\Mozilla\Firefox\Profiles\sucmapd9.default\Extensions\autopager@mozilla.org.xpi [2013-11-15] FF Extension: Facebook Disconnect - C:\Users\Mark-Peter\AppData\Roaming\Mozilla\Firefox\Profiles\sucmapd9.default\Extensions\facebook@disconnect.me.xpi [2013-11-15] FF Extension: Firebug - C:\Users\Mark-Peter\AppData\Roaming\Mozilla\Firefox\Profiles\sucmapd9.default\Extensions\firebug@software.joehewitt.com.xpi [2013-11-15] FF Extension: Stealthy - C:\Users\Mark-Peter\AppData\Roaming\Mozilla\Firefox\Profiles\sucmapd9.default\Extensions\stealthyextension@gmail.com.xpi [2013-11-15] FF Extension: عارض PDF - C:\Users\Mark-Peter\AppData\Roaming\Mozilla\Firefox\Profiles\sucmapd9.default\Extensions\uriloader@pdf.js.xpi [2013-11-15] FF Extension: ShowIP - C:\Users\Mark-Peter\AppData\Roaming\Mozilla\Firefox\Profiles\sucmapd9.default\Extensions\{3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}.xpi [2013-11-15] FF Extension: NoScript - C:\Users\Mark-Peter\AppData\Roaming\Mozilla\Firefox\Profiles\sucmapd9.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-06-28] FF Extension: ReloadEvery - C:\Users\Mark-Peter\AppData\Roaming\Mozilla\Firefox\Profiles\sucmapd9.default\Extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi [2013-11-15] FF Extension: Adblock Plus - C:\Users\Mark-Peter\AppData\Roaming\Mozilla\Firefox\Profiles\sucmapd9.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-11-11] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-03-05] Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-11] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-11] (AVAST Software) R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [106488 2014-07-11] (AVAST Software) R2 cjpcsc; C:\Windows\SysWOW64\cjpcsc.exe [515632 2013-05-21] (REINER SCT) S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2013-11-14] (Creative Labs) [File not signed] R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2008-11-18] (Creative Technology Ltd) [File not signed] R2 DymoPnpService; C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [33072 2013-03-05] (Sanford, L.P.) R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1253376 2009-08-27] (MAGIX AG) [File not signed] S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®) [File not signed] R2 HPSLPSVC; C:\Users\MARK-P~1\AppData\Local\Temp\7zS53A1\hpslpsvc64.dll [1039360 2013-07-19] (Hewlett-Packard Co.) [File not signed] R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-07-05] (Intel Corporation) S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-08-21] (Intel Corporation) S2 WiseBootAssistant; C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe [580232 2013-04-25] (WiseCleaner.com) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R0 %ServiceName%; C:\Windows\System32\drivers\iusb3hcs.sys [19264 2014-04-05] (Intel Corporation) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-11] () R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-07-11] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-11] (AVAST Software) R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [448400 2014-07-11] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-11] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-11] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-11] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-11] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-11] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-11] () R3 avmaura; C:\Windows\System32\DRIVERS\avmaura.sys [116480 2014-06-08] (AVM Berlin) R3 cjusb; C:\Windows\System32\DRIVERS\cjusb.sys [35192 2012-09-04] (REINER SCT) R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28216 2014-04-05] (Intel Corporation) R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46016 2012-08-17] () R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [44928 2012-10-11] (ManyCam LLC) R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [28160 2013-01-31] (ManyCam LLC) S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2013-11-14] () R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2013-11-11] (Acronis International GmbH) R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [198432 2013-11-11] (Acronis International GmbH) R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2013-11-11] (Acronis International GmbH) U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-15 12:36 - 2014-08-15 12:58 - 00000000 ____D () C:\FRST 2014-08-15 12:26 - 2014-08-15 12:26 - 00000056 _____ () C:\Windows\setupact.log 2014-08-15 12:26 - 2014-08-15 12:26 - 00000000 _____ () C:\Windows\setuperr.log 2014-08-15 12:25 - 2014-08-15 12:25 - 00000314 _____ () C:\Windows\PFRO.log 2014-08-15 11:55 - 2014-08-15 11:55 - 00003116 _____ () C:\Windows\System32\Tasks\WinZip Malware Protector_startup 2014-08-15 11:55 - 2014-08-15 11:55 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\Nico Mak Computing 2014-08-15 11:55 - 2014-08-15 11:55 - 00000000 ____D () C:\ProgramData\Nico Mak Computing 2014-08-15 11:55 - 2013-03-15 17:10 - 00020480 _____ () C:\Windows\system32\wsusnative64.exe 2014-08-11 21:50 - 2014-08-11 21:54 - 00000000 ____D () C:\ProgramData\firebird 2014-08-11 21:08 - 2014-08-11 21:50 - 00000000 ____D () C:\Users\Mark-Peter\Scoutsystems 2014-08-11 20:56 - 2014-08-11 20:56 - 00000000 ____D () C:\Users\Mark-Peter\.Report 2014-08-11 20:56 - 2014-08-11 20:56 - 00000000 ____D () C:\Users\Mark-Peter\.jfreereport 2014-08-07 00:29 - 2014-08-07 00:29 - 00002562 _____ () C:\Windows\diagwrn.xml 2014-08-07 00:29 - 2014-08-07 00:29 - 00001908 _____ () C:\Windows\diagerr.xml 2014-08-06 00:49 - 2014-08-06 00:49 - 00001933 _____ () C:\Users\Public\Desktop\Samsung Kies 3.lnk 2014-08-06 00:49 - 2014-08-06 00:49 - 00000000 ____D () C:\Users\Mark-Peter\Documents\SelfMV 2014-08-06 00:48 - 2014-05-07 17:42 - 00144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\Windows\SysWOW64\secman.dll 2014-08-03 19:50 - 2014-08-03 19:50 - 06004615 _____ (Tim Kosse) C:\Users\Mark-Peter\Downloads\FileZilla_3.9.0.2_win32-setup.exe 2014-08-03 19:50 - 2014-08-03 19:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client 2014-08-03 19:50 - 2014-08-03 19:50 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client 2014-08-03 16:09 - 2014-08-03 16:09 - 00000000 ____D () C:\Program Files\Bonjour 2014-08-03 16:09 - 2014-08-03 16:09 - 00000000 ____D () C:\Program Files (x86)\Bonjour 2014-08-03 16:09 - 2014-06-11 03:53 - 00423936 _____ (Hewlett-Packard) C:\Windows\system32\hpbprtmon.dll 2014-08-03 16:09 - 2014-06-11 03:53 - 00413184 _____ (Hewlett-Packard) C:\Windows\system32\hpbrprtmon.dll 2014-08-03 16:09 - 2014-06-11 03:52 - 00231424 _____ (Hewlett-Packard) C:\Windows\system32\hpbprtmonui.dll 2014-08-03 16:08 - 2014-08-03 16:08 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HP 2014-08-03 16:08 - 2014-08-03 16:08 - 00000000 ____D () C:\HP_ePrint 2014-08-02 12:18 - 2014-08-02 12:22 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\Feedreader 2014-08-02 12:18 - 2014-08-02 12:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FeedReader 2014-08-02 12:18 - 2014-08-02 12:18 - 00000000 ____D () C:\Program Files (x86)\FeedReader30 2014-07-29 10:35 - 2014-07-29 10:35 - 05981830 _____ (Tim Kosse) C:\Users\Mark-Peter\Downloads\FileZilla_3.9.0.1_win32-setup.exe 2014-07-25 14:43 - 2014-08-06 01:03 - 00000000 ___RD () C:\Users\Mark-Peter\Dropbox 2014-07-25 14:42 - 2014-08-06 00:41 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\Dropbox 2014-07-25 14:42 - 2014-07-25 14:42 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-07-23 00:55 - 2014-07-23 00:55 - 00000088 _____ () C:\Users\Mark-Peter\Desktop\listen.pls 2014-07-22 23:55 - 2014-08-15 12:20 - 00000000 ____D () C:\AdwCleaner 2014-07-21 11:47 - 2014-07-21 11:47 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-07-21 11:47 - 2014-07-21 11:47 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-07-21 11:47 - 2014-07-21 11:47 - 00176040 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-07-21 11:47 - 2014-07-21 11:47 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-07-21 11:47 - 2014-07-21 11:47 - 00000000 ____D () C:\Program Files (x86)\Java 2014-07-18 21:29 - 2014-07-18 21:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN 2014-07-17 22:59 - 2014-07-29 16:11 - 00000000 ____D () C:\Users\Mark-Peter\Desktop\Neuer Ordner ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-15 12:58 - 2014-08-15 12:36 - 00000000 ____D () C:\FRST 2014-08-15 12:37 - 2014-03-05 16:20 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-08-15 12:33 - 2009-07-14 06:45 - 00016336 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-08-15 12:33 - 2009-07-14 06:45 - 00016336 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-08-15 12:32 - 2009-07-14 19:58 - 05626472 _____ () C:\Windows\system32\perfh007.dat 2014-08-15 12:32 - 2009-07-14 19:58 - 01679632 _____ () C:\Windows\system32\perfc007.dat 2014-08-15 12:32 - 2009-07-14 07:13 - 00006232 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-08-15 12:26 - 2014-08-15 12:26 - 00000056 _____ () C:\Windows\setupact.log 2014-08-15 12:26 - 2014-08-15 12:26 - 00000000 _____ () C:\Windows\setuperr.log 2014-08-15 12:26 - 2014-04-06 01:02 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-08-15 12:26 - 2013-11-16 02:11 - 00000432 _____ () C:\Windows\Tasks\Wise Care 365.job 2014-08-15 12:26 - 2013-11-16 02:10 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\Wise Care 365 2014-08-15 12:26 - 2013-11-15 00:35 - 00001114 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-08-15 12:26 - 2013-11-14 16:49 - 00000000 ____D () C:\Users\Mark-Peter\Documents\jAnrufmonitor 2014-08-15 12:26 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-08-15 12:25 - 2014-08-15 12:25 - 00000314 _____ () C:\Windows\PFRO.log 2014-08-15 12:20 - 2014-07-22 23:55 - 00000000 ____D () C:\AdwCleaner 2014-08-15 12:20 - 2013-11-15 00:35 - 00001118 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-08-15 12:01 - 2013-11-14 01:37 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\Skype 2014-08-15 11:55 - 2014-08-15 11:55 - 00003116 _____ () C:\Windows\System32\Tasks\WinZip Malware Protector_startup 2014-08-15 11:55 - 2014-08-15 11:55 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\Nico Mak Computing 2014-08-15 11:55 - 2014-08-15 11:55 - 00000000 ____D () C:\ProgramData\Nico Mak Computing 2014-08-15 09:28 - 2014-06-29 15:43 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-15 09:27 - 2013-11-14 01:44 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\Winamp 2014-08-15 00:15 - 2013-11-14 20:01 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\vlc 2014-08-14 17:44 - 2014-06-24 00:27 - 00000000 ____D () C:\cbfunk-deutschland-neu 2014-08-13 17:52 - 2013-11-11 20:54 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-08-12 17:55 - 2013-11-11 21:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-08-12 14:24 - 2014-05-18 13:39 - 00002062 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk 2014-08-12 14:24 - 2014-05-18 13:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2014-08-12 10:17 - 2013-11-15 01:40 - 00000000 ____D () C:\Users\Mark-Peter\Documents\lqpl Invoice 2012 2014-08-11 21:54 - 2014-08-11 21:50 - 00000000 ____D () C:\ProgramData\firebird 2014-08-11 21:50 - 2014-08-11 21:08 - 00000000 ____D () C:\Users\Mark-Peter\Scoutsystems 2014-08-11 21:08 - 2013-11-11 19:43 - 00000000 ____D () C:\Users\Mark-Peter 2014-08-11 20:56 - 2014-08-11 20:56 - 00000000 ____D () C:\Users\Mark-Peter\.Report 2014-08-11 20:56 - 2014-08-11 20:56 - 00000000 ____D () C:\Users\Mark-Peter\.jfreereport 2014-08-11 19:38 - 2013-11-15 01:43 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\teamspeak2 2014-08-10 21:54 - 2013-12-19 14:19 - 00001062 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk 2014-08-10 21:54 - 2013-12-19 14:19 - 00001050 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk 2014-08-07 00:29 - 2014-08-07 00:29 - 00002562 _____ () C:\Windows\diagwrn.xml 2014-08-07 00:29 - 2014-08-07 00:29 - 00001908 _____ () C:\Windows\diagerr.xml 2014-08-06 23:42 - 2013-11-14 01:37 - 00000000 ____D () C:\ProgramData\Skype 2014-08-06 13:42 - 2013-11-14 02:29 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\TS3Client 2014-08-06 11:19 - 2013-12-27 20:51 - 00000000 ____D () C:\Program Files (x86)\MarkAny 2014-08-06 01:03 - 2014-07-25 14:43 - 00000000 ___RD () C:\Users\Mark-Peter\Dropbox 2014-08-06 00:52 - 2013-11-14 19:21 - 00000000 ____D () C:\Users\Mark-Peter\Documents\samsung 2014-08-06 00:51 - 2013-11-14 14:57 - 00000000 ____D () C:\ProgramData\Samsung 2014-08-06 00:50 - 2013-11-14 19:21 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\Samsung 2014-08-06 00:50 - 2013-11-14 19:21 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Local\Samsung 2014-08-06 00:50 - 2013-11-14 14:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung 2014-08-06 00:50 - 2013-11-14 14:57 - 00000000 ____D () C:\Program Files (x86)\Samsung 2014-08-06 00:50 - 2013-11-12 22:29 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-08-06 00:49 - 2014-08-06 00:49 - 00001933 _____ () C:\Users\Public\Desktop\Samsung Kies 3.lnk 2014-08-06 00:49 - 2014-08-06 00:49 - 00000000 ____D () C:\Users\Mark-Peter\Documents\SelfMV 2014-08-06 00:41 - 2014-07-25 14:42 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\Dropbox 2014-08-05 11:57 - 2013-11-11 21:16 - 00000600 _____ () C:\Users\Mark-Peter\AppData\Roaming\winscp.rnd 2014-08-04 14:28 - 2013-11-12 22:34 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\FileZilla 2014-08-04 10:06 - 2013-11-14 15:23 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Local\Deployment 2014-08-03 19:50 - 2014-08-03 19:50 - 06004615 _____ (Tim Kosse) C:\Users\Mark-Peter\Downloads\FileZilla_3.9.0.2_win32-setup.exe 2014-08-03 19:50 - 2014-08-03 19:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client 2014-08-03 19:50 - 2014-08-03 19:50 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client 2014-08-03 17:20 - 2013-11-14 18:25 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Local\HP 2014-08-03 17:19 - 2013-11-22 13:33 - 00000000 ____D () C:\Program Files\stinger 2014-08-03 16:11 - 2013-11-14 18:26 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\HpUpdate 2014-08-03 16:09 - 2014-08-03 16:09 - 00000000 ____D () C:\Program Files\Bonjour 2014-08-03 16:09 - 2014-08-03 16:09 - 00000000 ____D () C:\Program Files (x86)\Bonjour 2014-08-03 16:08 - 2014-08-03 16:08 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HP 2014-08-03 16:08 - 2014-08-03 16:08 - 00000000 ____D () C:\HP_ePrint 2014-08-03 16:08 - 2013-11-14 18:26 - 00000000 ____D () C:\ProgramData\HP 2014-08-03 16:08 - 2013-11-14 18:26 - 00000000 ____D () C:\Program Files (x86)\HP 2014-08-03 16:00 - 2013-11-23 14:18 - 00000000 ____D () C:\Quarantine 2014-08-02 12:22 - 2014-08-02 12:18 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\Feedreader 2014-08-02 12:18 - 2014-08-02 12:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FeedReader 2014-08-02 12:18 - 2014-08-02 12:18 - 00000000 ____D () C:\Program Files (x86)\FeedReader30 2014-08-02 11:42 - 2013-11-14 15:31 - 00000000 ____D () C:\Users\Mark-Peter\Documents\LiveZilla 2014-07-30 11:21 - 2014-06-18 12:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-07-29 16:11 - 2014-07-17 22:59 - 00000000 ____D () C:\Users\Mark-Peter\Desktop\Neuer Ordner 2014-07-29 10:35 - 2014-07-29 10:35 - 05981830 _____ (Tim Kosse) C:\Users\Mark-Peter\Downloads\FileZilla_3.9.0.1_win32-setup.exe 2014-07-26 01:00 - 2013-11-16 02:11 - 00000412 _____ () C:\Windows\Tasks\Wise Turbo Checker.job 2014-07-25 14:42 - 2014-07-25 14:42 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-07-25 00:23 - 2013-11-14 01:41 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client 2014-07-23 16:27 - 2013-11-17 21:04 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\DigiJay 2014-07-23 00:55 - 2014-07-23 00:55 - 00000088 _____ () C:\Users\Mark-Peter\Desktop\listen.pls 2014-07-21 14:24 - 2013-11-12 22:34 - 00000955 _____ () C:\Users\Public\Desktop\DigiJay.lnk 2014-07-21 14:24 - 2013-11-12 22:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DigiJay 2014-07-21 14:24 - 2013-11-12 22:34 - 00000000 ____D () C:\Program Files (x86)\DigiJay 2014-07-21 11:47 - 2014-07-21 11:47 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-07-21 11:47 - 2014-07-21 11:47 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-07-21 11:47 - 2014-07-21 11:47 - 00176040 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-07-21 11:47 - 2014-07-21 11:47 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-07-21 11:47 - 2014-07-21 11:47 - 00000000 ____D () C:\Program Files (x86)\Java 2014-07-18 21:29 - 2014-07-18 21:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN 2014-07-18 21:29 - 2013-11-14 20:01 - 00000831 _____ () C:\Users\Public\Desktop\VLC media player.lnk Some content of TEMP: ==================== C:\Users\Mark-Peter\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-08-07 08:37 ==================== End Of Log ============================ FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-08-2014 Ran by Mark-Peter at 2014-08-15 12:59:05 Running from D:\Mozilla-Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) A1-Faktura 1.429 (HKLM-x32\...\A1-Faktura_is1) (Version: - A1-Faktura) Acronis True Image 2014 (HKLM-x32\...\{3ECDD663-5AF8-489B-9E3C-561F33A271BD}Visible) (Version: 17.0.6673 - Acronis) Acronis True Image 2014 (x32 Version: 17.0.6673 - Acronis) Hidden Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated) Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated) AMD APP SDK Runtime (Version: 2.4.595.10 - Advanced Micro Devices Inc.) Hidden AMD Drag and Drop Transcoding (Version: 2.00.0000 - ATI Technologies Inc.) Hidden ATI Catalyst Install Manager (HKLM\...\{E6D44B7E-1B1E-04A7-86E3-06AD74583FE9}) (Version: 3.0.820.0 - ATI Technologies, Inc.) avast! Internet Security (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software) BirthdayRemember 6.3.2 (HKLM-x32\...\BirthdayRemember_is1) (Version: - geburtstagsgeschenk-online.de) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden Catalyst Control Center (x32 Version: 2011.0405.2218.38205 - Ihr Firmenname) Hidden Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0405.2218.38205 - ATI) Hidden Catalyst Control Center InstallProxy (x32 Version: 2011.0405.2218.38205 - ATI Technologies, Inc.) Hidden CCC Help English (x32 Version: 2011.0405.2217.38205 - ATI) Hidden ccc-utility64 (Version: 2011.0405.2218.38205 - ATI) Hidden CCleaner (HKLM\...\CCleaner) (Version: 4.03 - Piriform) Creative Audio-Systemsteuerung (HKLM-x32\...\AudioCS) (Version: 2.56 - Creative Technology Limited) Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.40 - Creative Technology Limited) Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version: - ) cyberJack Base Components (HKLM-x32\...\{FC338210-F594-11D3-BA24-00001C3AB4DF}) (Version: 6.10.7 - REINER SCT) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation) DigiJay 1.611 (HKLM-x32\...\DigiJay_is1) (Version: - MB Audio) DiskSpeed32 (HKLM-x32\...\DiskSpeed32) (Version: 3, 0, 0, 5 - ) Dropbox (HKCU\...\Dropbox) (Version: 2.10.3 - Dropbox, Inc.) DYMO Label v.8 (HKLM-x32\...\DYMO Label v.8) (Version: 8.5.0.1751 - Sanford, L.P.) EPSON WF-3520 Series Printer Uninstall (HKLM\...\EPSON WF-3520 Series) (Version: - SEIKO EPSON Corporation) erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden FeedReader (HKLM-x32\...\FeedReader_is1) (Version: - i-Systems Inc.) FGS_Cashbook (HKLM-x32\...\FGS_Cashbook6.0.1.9) (Version: 6.0.1.9 - FGS-Software) FileZilla Client 3.9.0.2 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0.2 - Tim Kosse) Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}) (Version: 2.1.27.0 - MAGIX AG) FormatFactory 3.2.1.0 (HKLM-x32\...\FormatFactory) (Version: 3.2.1.0 - Free Time) FotoGrusskarten DruckShop (HKLM-x32\...\{B7DE26E5-565D-4FEB-A596-09A96E0D788C}) (Version: - ) FreeCommander 2009.02b (HKLM-x32\...\FreeCommander_is1) (Version: 2009.02 - Marek Jasinski) FreePDF (Remove only) (HKLM-x32\...\FreePDF_XP) (Version: - ) FRITZ!Box USB-Fernanschluss (HKCU\...\2db37667170956ee) (Version: 2.3.2.0 - AVM Berlin) Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden GPL Ghostscript 8.71 (HKLM\...\GPL Ghostscript 8.71) (Version: - ) High-Definition Video Playback (x32 Version: 11.1.11100.4.196 - Nero AG) Hidden HP ePrint (HKLM-x32\...\{2794875B-6CCF-48B8-84A5-5B10DB98BEE6}) (Version: 14.0.14176.1823 - Hewlett-Packard) HP Officejet 6500 E710n-z - Grundlegende Software für das Gerät (HKLM\...\{56F91CE8-0168-4619-8FEC-13F5087E40F8}) (Version: 28.0.1315.0 - Hewlett-Packard Co.) HP Officejet 6500 E710n-z Hilfe (HKLM-x32\...\{130E5108-547F-4482-91EE-F45C784E08C7}) (Version: 140.0.2.2 - Hewlett Packard) HP Unified IO (Version: 2.0.0.434 - HP) Hidden HP Unified IO (x32 Version: 2.0.0.434 - HP) Hidden HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard) I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation) Intel(R) Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation) Intel® Trusted Connect Service Client (Version: 1.24.738.1 - Intel Corporation) Hidden IPCWebComponents 3.0.0.1 (HKLM-x32\...\{4740E1B2-51CF-4083-8976-D6B3B5A5064F}_is1) (Version: 3.0.0.1 - ) IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan) jAlbum (HKLM-x32\...\{300A49B9-C458-4681-BF10-3EFCAD56751E}) (Version: 11.6 - Jalbum AB) jAnrufmonitor 5.0 (HKLM-x32\...\jam50-64) (Version: - Thilo Brandt) Java 8 Update 11 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218011FF}) (Version: 8.0.110 - Oracle Corporation) Java 8 Update 5 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418005FF}) (Version: 8.0.50 - Oracle Corporation) Java Auto Updater (x32 Version: 2.8.11.12 - Oracle, Inc.) Hidden Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden KingBill 2009 (HKLM-x32\...\{23CEBB17-F054-42EE-8A1C-06E80E12756F}) (Version: 4.5.2 - KingBill GmbH) LiveZilla (HKLM-x32\...\LiveZilla) (Version: 5.2.5.0 - LiveZilla GmbH) LiveZilla (x32 Version: 5.2.5.0 - LiveZilla GmbH) Hidden Logitech Webcam-Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.) lqpl Invoice 2012 (HKLM-x32\...\{F2E24019-6832-49D6-9060-6CC6092AA91A}) (Version: 4.2.31 - lqpl Software) LWS Facebook (x32 Version: 13.50.854.0 - Logitech) Hidden LWS Gallery (x32 Version: 13.51.827.0 - Logitech) Hidden LWS Help_main (x32 Version: 13.51.828.0 - Logitech) Hidden LWS Launcher (x32 Version: 13.51.828.0 - Logitech) Hidden LWS Motion Detection (x32 Version: 13.51.815.0 - Logitech) Hidden LWS Pictures And Video (x32 Version: 13.51.815.0 - Logitech) Hidden LWS Twitter (x32 Version: 13.30.1346.0 - Logitech) Hidden LWS Webcam Software (x32 Version: 13.51.815.0 - Logitech) Hidden LWS WLM Plugin (x32 Version: 1.30.1201.0 - Logitech) Hidden LWS YouTube Plugin (x32 Version: 13.31.1038.0 - Logitech) Hidden MAGIX Foto Manager 10 (HKLM-x32\...\MAGIX_MSI_Foto_Manager_10) (Version: 8.0.0.123 - MAGIX AG) MAGIX Foto Manager 10 (x32 Version: 8.0.0.123 - MAGIX AG) Hidden MAGIX Online Druck Service (HKLM-x32\...\{ECF47E32-14CD-4ED2-9539-4083E873BFFC}) (Version: 3.4.3.0 - MAGIX AG) MAGIX Screenshare (HKLM-x32\...\{D4073F62-505F-4E05-AB13-B399E67C0DED}) (Version: 4.3.6.1987 - MAGIX AG) MAGIX Speed burnR (MSI) (HKLM-x32\...\{EC154DE4-54C6-427A-941F-FCF9B3A78DF1}) (Version: 7.0.2.6 - MAGIX AG) MAGIX Video deluxe 17 Plus (HKLM-x32\...\MAGIX_MSI_Videodeluxe17_plus) (Version: 10.0.2.8 - MAGIX AG) MAGIX Video deluxe 17 Plus (x32 Version: 10.0.2.8 - MAGIX AG) Hidden Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) ManyCam 3.1.58 (HKLM-x32\...\ManyCam) (Version: 3.1.58 - ManyCam LLC) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30320 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30320 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30320 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30320 - Microsoft Corporation) Microsoft .NET Framework 4 Extended (Version: 4.0.30320 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30320 - Microsoft Corporation) Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30320 - Microsoft Corporation) Hidden Microsoft Access Runtime 2010 (HKLM-x32\...\Office14.AccessRT) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Office Access Runtime 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Access Runtime MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office FrontPage 2003 (HKLM-x32\...\{91170407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation) Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft ReportViewer 2010 Redistributable (HKLM-x32\...\{C19B3EB6-B54C-3204-A4DF-88432E0C79F7}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual Basic PowerPacks 10.0 (HKLM-x32\...\{2D9F8079-7D50-3EFD-B3BD-ED642E4EE756}) (Version: 10.0.20911 - Microsoft) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla) Mozilla Thunderbird 31.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.0 (x86 de)) (Version: 31.0 - Mozilla) MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MyFreeCodec (HKCU\...\MyFreeCodec) (Version: - ) NB PC-Banking 3.7 (HKLM-x32\...\{017C20AC-25E0-4473-C99B-B7958AE6931D}) (Version: - ) Nero 11 (HKLM-x32\...\{810B7362-6B05-4714-AF6A-EF3A20CCD634}) (Version: 11.2.00600 - Nero AG) Nero 11 Cliparts (x32 Version: 11.0.11200.12.0 - Nero AG) Hidden Nero 11 Disc Menus Basic (x32 Version: 11.0.11200.12.0 - Nero AG) Hidden Nero 11 Effects Basic (x32 Version: 11.0.11400.14.0 - Nero AG) Hidden Nero 11 Image Samples (x32 Version: 11.0.11200.12.0 - Nero AG) Hidden Nero 11 Kwik Themes Basic (x32 Version: 11.0.11200.12.0 - Nero AG) Hidden Nero 11 PiP Effects Basic (x32 Version: 11.0.11400.14.0 - Nero AG) Hidden Nero 11 Video Samples (x32 Version: 11.0.11200.12.0 - Nero AG) Hidden Nero Audio Pack 1 (x32 Version: 11.0.11500.110.0 - Nero AG) Hidden Nero BackItUp 11 (x32 Version: 6.2.18400.2.100 - Nero AG) Hidden Nero BackItUp 11 Help (CHM) (x32 Version: 11.0.10400 - Nero AG) Hidden Nero Backup Drivers (HKLM\...\{D600D357-5CB9-4DE9-8FD4-14E208BD1970}) (Version: 1.0.11100.8.0 - Nero AG) Nero Burning ROM 11 (x32 Version: 11.2.10300.0.0 - Nero AG) Hidden Nero Burning ROM 11 Help (CHM) (x32 Version: 11.0.10300 - Nero AG) Hidden Nero ControlCenter 11 (x32 Version: 11.0.12700.0.27 - Nero AG) Hidden Nero ControlCenter 11 Help (CHM) (x32 Version: 11.0.10300 - Nero AG) Hidden Nero Core Components 11 (x32 Version: 11.0.16300.1.23 - Nero AG) Hidden Nero CoverDesigner 11 (x32 Version: 6.0.11000.13.100 - Nero AG) Hidden Nero CoverDesigner 11 Help (CHM) (x32 Version: 11.0.10300 - Nero AG) Hidden Nero Express 11 (x32 Version: 11.2.10300.0.0 - Nero AG) Hidden Nero Express 11 Help (CHM) (x32 Version: 11.0.10300 - Nero AG) Hidden Nero Kwik Media (x32 Version: 1.10.24800.146.100 - Nero AG) Hidden Nero Kwik Media Help (CHM) (x32 Version: 11.0.10200 - Nero AG) Hidden Nero Recode 11 (x32 Version: 5.2.10900.0.0 - Nero AG) Hidden Nero Recode 11 Help (CHM) (x32 Version: 11.0.10600 - Nero AG) Hidden Nero RescueAgent 11 (x32 Version: 4.0.10600.10.100 - Nero AG) Hidden Nero RescueAgent 11 Help (CHM) (x32 Version: 11.0.10400 - Nero AG) Hidden Nero SharedVideoCodecs (x32 Version: 1.0.11500.1.5 - Nero AG) Hidden Nero SoundTrax 11 (x32 Version: 5.0.10700.6.100 - Nero AG) Hidden Nero SoundTrax 11 Help (CHM) (x32 Version: 11.0.10400 - Nero AG) Hidden Nero Update (x32 Version: 11.0.11500.28.0 - Nero AG) Hidden Nero Video 11 (x32 Version: 8.2.15700.3.100 - Nero AG) Hidden Nero Video 11 Help (CHM) (x32 Version: 11.0.10300 - Nero AG) Hidden Nero WaveEditor 11 (x32 Version: 6.2.11300.0.100 - Nero AG) Hidden Nero WaveEditor 11 Help (CHM) (x32 Version: 11.0.10400 - Nero AG) Hidden nero.prerequisites.msi (x32 Version: 11.0.20010 - Nero AG) Hidden Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.3 - Notepad++ Team) NVIDIA 3D Vision Controller-Treiber 335.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 335.21 - NVIDIA Corporation) NVIDIA 3D Vision Treiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation) NVIDIA Grafiktreiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.147.1067 - NVIDIA Corporation) Hidden NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation) NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3523 - NVIDIA Corporation) Hidden NVIDIA Systemsteuerung 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation) PDF-XChange Editor (HKLM-x32\...\{57476447-95ee-4c7c-8373-875ad649bbb9}) (Version: 3.0.306.1 - Tracker Software Products (Canada) Ltd.) PDF-XChange Editor (Version: 3.0.306.1 - Tracker Software Products (Canada) Ltd.) Hidden Phase 5 HTML-Editor (HKLM-x32\...\{20B1B020-DEAE-48D1-9960-D4C3185D758B}) (Version: 5.6.2.3 - Systemberatung Schommer) Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden PoP-Tools Levelmeter (HKLM-x32\...\PoP-Tools Levelmeter_is1) (Version: - PoP-Tools Software Development GbR) RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: - ) Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14072.12 - Samsung Electronics Co., Ltd.) Samsung Kies3 (x32 Version: 3.2.14072.12 - Samsung Electronics Co., Ltd.) Hidden SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.) Service Pack 2 for Microsoft Access 2010 Runtime (KB2687444) 32-Bit Edition (HKLM-x32\...\{90140000-001C-0000-0000-0000000FF1CE}_Office14.AccessRT_{54846D1D-E5D5-4A28-AA6D-7208259007EA}) (Version: - Microsoft) Service Pack 2 for Microsoft Access 2010 Runtime (KB2687444) 32-Bit Edition (x32 Version: - Microsoft) Hidden Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.) Speccy (HKLM\...\Speccy) (Version: 1.25 - Piriform) SuperHTML Web Studio 8.5.6 (HKLM-x32\...\{31D72726-2A42-11E1-9D98-20824824019B}_is1) (Version: 8.5.6 - mirabyte GmbH & Co. KG) TeamSpeak 2 RC2 (HKLM-x32\...\Teamspeak 2 RC2_is1) (Version: 2.0.32.60 - Dominating Bytes Design) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH) TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.31064 - TeamViewer) TischFotoKalender 2010 Druckshop (HKLM-x32\...\{84C3B66D-E3EA-4EFF-8920-3526F4464217}) (Version: - ) TS3 Admin (HKCU\...\7a0e88a04267d7dd) (Version: 1.0.3.106 - noa-x) TV-Browser 3.3a (HKLM-x32\...\tvbrowser) (Version: 3.3a - TV-Browser Team) VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.) Visitenkarten DruckShop 50 (HKLM-x32\...\{9411D0C4-0641-4077-BB31-5418857C11AB}) (Version: - ) VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN) VP6 VFW Codec (HKLM-x32\...\{A23866A0-738B-4091-9924-0B0DE3988A15}) (Version: - ) Welcome App (Start-up experience) (x32 Version: 11.0.23500.0.0 - Nero AG) Hidden Winamp (HKLM-x32\...\Winamp) (Version: 5.66 - Nullsoft, Inc) Winamp Erkennungs-Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc) Windows Live Communications Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) Windows Live Essentials (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live Mail (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live MIME IFilter (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live UX Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live Writer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live Writer Resources (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden WinHTTrack Website Copier 3.47-27 (HKLM-x32\...\WinHTTrack Website Copier_is1) (Version: 3.47.27 - HTTrack) WinSCP 5.1.5 (HKLM-x32\...\winscp3_is1) (Version: 5.1.5 - Martin Prikryl) WinZip Malware Protector (HKLM-x32\...\WinZip Malware Protector_is1) (Version: 2.1.1000.10798 - WinZip International LLC) Wise Care 365 version 2.86 (HKLM-x32\...\{E864A1C8-EEE1-47D0-A7F8-00CC86D26D5E}_is1) (Version: 2.86 - WiseCleaner.com, Inc.) WMV9/VC-1 Video Playback (Version: 1.00.0000 - ATI Technologies Inc.) Hidden Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.) Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version: - ) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-3307784932-3257054885-3720409516-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Mark-Peter\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3307784932-3257054885-3720409516-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mark-Peter\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3307784932-3257054885-3720409516-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mark-Peter\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3307784932-3257054885-3720409516-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mark-Peter\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3307784932-3257054885-3720409516-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mark-Peter\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3307784932-3257054885-3720409516-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mark-Peter\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3307784932-3257054885-3720409516-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mark-Peter\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3307784932-3257054885-3720409516-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mark-Peter\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3307784932-3257054885-3720409516-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mark-Peter\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ==================== Restore Points ========================= 04-08-2014 10:11:42 Geplanter Prüfpunkt 05-08-2014 22:48:44 Installed Samsung Kies3 05-08-2014 22:50:02 Removed Samsung Kies 13-08-2014 09:11:53 Geplanter Prüfpunkt ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {2B9596ED-D216-4B5C-AB85-1F71CAF41BFB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-06-19] (Piriform Ltd) Task: {2DEAFEBE-1551-4C84-BBD1-A25E6839334C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-11] (Adobe Systems Incorporated) Task: {3A29B759-EC01-4217-BAC4-C2365C1D997D} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] () Task: {6637808B-6447-4DD3-B95C-9673769463EC} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] () Task: {84046041-8D73-4F31-8CBF-CC210C432CD8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-15] (Google Inc.) Task: {91B8D683-B45B-484A-A14D-3924DA7E6952} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-11] (AVAST Software) Task: {92E4C455-4F30-4B09-8B13-80C36DF5FA56} - System32\Tasks\WinZip Malware Protector_startup => C:\Program Files (x86)\WinZip Malware Protector\WinZipMalwareProtector.exe Task: {95A5667A-66A0-492F-BA7D-8C1A4B8944FE} - System32\Tasks\Wise Care 365 => C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe [2013-08-23] (WiseCleaner.com) Task: {A514C885-9579-4F87-8607-D6268A97ED64} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-15] (Google Inc.) Task: {CE6DC0FB-F080-4E6E-B7C9-DFC07BAD18C8} - System32\Tasks\Wise Turbo Checker => C:\Program Files (x86)\Wise\Wise Care 365\WiseTurbo.exe [2013-08-22] (WiseCleaner.COM) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\Wise Care 365.job => C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe Task: C:\Windows\Tasks\Wise Turbo Checker.job => C:\Program Files (x86)\Wise\Wise Care 365\WiseTurbo.exe ==================== Loaded Modules (whitelisted) ============= 2014-04-06 01:01 - 2014-03-04 15:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2013-11-14 14:50 - 2010-06-17 22:56 - 00087040 _____ () C:\Windows\System32\redmonnt.dll 2014-08-02 12:18 - 2009-03-29 11:30 - 02058240 _____ () C:\Program Files (x86)\FeedReader30\feedreader.exe 2014-04-25 08:52 - 2014-04-25 08:52 - 00163328 ____N () D:\janrufmonitor\jam.exe 2014-07-11 20:14 - 2014-07-11 20:14 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll 2014-08-15 09:22 - 2014-08-15 09:22 - 02797568 _____ () C:\Program Files\AVAST Software\Avast\defs\14081500\algo.dll 2013-03-05 08:58 - 2013-03-05 08:58 - 00085504 _____ () C:\Program Files (x86)\DYMO\DYMO Label Software\DYMO.Common.dll 2013-11-14 00:40 - 2009-02-06 18:52 - 00073728 _____ () C:\Windows\SysWOW64\CmdRtr.DLL 2013-11-14 00:40 - 2009-03-26 14:46 - 00148480 _____ () C:\Windows\SysWOW64\APOMngr.DLL 2014-07-11 20:14 - 2014-07-11 20:14 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2013-11-14 17:50 - 2007-05-31 09:38 - 00167936 ____N () C:\Windows\SysWOW64\SerialXP.dll 2014-02-04 19:25 - 2014-02-04 19:25 - 00028992 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\thread_pool.dll 2014-02-04 19:28 - 2014-02-04 19:28 - 00420160 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll 2014-04-06 00:54 - 2012-07-18 06:55 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\Temp:373E1720 ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Transfer Utility Camera Monitor.lnk => C:\Windows\pss\Transfer Utility Camera Monitor.lnk.CommonStartup MSCONFIG\startupfolder: C:^Users^Mark-Peter^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Produktregistrierung.lnk => C:\Windows\pss\Logitech . Produktregistrierung.lnk.Startup MSCONFIG\startupfolder: C:^Users^Mark-Peter^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Tintenwarnungen überwachen - HP Officejet 6500 E710n-z (Netzwerk).lnk => C:\Windows\pss\Tintenwarnungen überwachen - HP Officejet 6500 E710n-z (Netzwerk).lnk.Startup MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" MSCONFIG\startupreg: AcronisTibMounterMonitor => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe MSCONFIG\startupreg: BirthdayRemember6 => "C:\Program Files (x86)\BirthdayRemember\BirthdayRemember.exe" "autostart" MSCONFIG\startupreg: DLSService => "C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe" MSCONFIG\startupreg: DymoQuickPrint => "C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe" /startup MSCONFIG\startupreg: FreePDF Assistant => C:\Program Files (x86)\FreePDF_XP\fpassist.exe MSCONFIG\startupreg: HP Officejet 6500 E710n-z (NET) => "C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\ScanToPCActivationApp.exe" -deviceID "CN146113DB05JW:NW" -scfn "HP Officejet 6500 E710n-z (NET)" -AutoStart 1 MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe MSCONFIG\startupreg: IMSS => "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" MSCONFIG\startupreg: KiesAirMessage => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe MSCONFIG\startupreg: LiveZilla => "C:\Program Files (x86)\LiveZilla\LiveZilla.exe" -minimize MSCONFIG\startupreg: LWS => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet MSCONFIG\startupreg: NBAgent => "C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: TrayServer => C:\Program Files (x86)\MAGIX\Video_deluxe_17_Plus\TrayServer.exe MSCONFIG\startupreg: TrueImageMonitor.exe => "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (08/15/2014 00:31:58 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT) Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich. Error: (08/15/2014 00:31:58 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT) Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error: (08/15/2014 00:31:58 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT) Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error: (08/15/2014 11:46:31 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT) Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich. Error: (08/15/2014 11:46:31 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT) Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error: (08/15/2014 11:46:31 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT) Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error: (08/15/2014 11:33:48 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT) Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich. Error: (08/15/2014 11:33:48 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT) Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error: (08/15/2014 11:33:48 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT) Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error: (08/15/2014 09:44:39 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT) Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich. System errors: ============= Error: (08/15/2014 00:25:31 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} Error: (08/15/2014 09:58:02 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} Error: (08/15/2014 09:53:47 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} Error: (08/15/2014 09:38:12 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} Error: (08/15/2014 01:11:21 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} Error: (08/15/2014 00:26:02 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} Error: (08/15/2014 00:15:41 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} Error: (08/13/2014 10:24:37 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} Error: (08/13/2014 01:10:46 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} Error: (08/12/2014 05:55:12 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} Microsoft Office Sessions: ========================= Error: (08/15/2014 00:31:58 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT) Description: WmiApRplWmiApRpl8F20300004D070000 Error: (08/15/2014 00:31:58 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT) Description: Performance1637070000000000000000000009030000 Error: (08/15/2014 00:31:58 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT) Description: Performance1637070000000000000000000009030000 Error: (08/15/2014 11:46:31 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT) Description: WmiApRplWmiApRpl8F20300004D070000 Error: (08/15/2014 11:46:31 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT) Description: Performance1637070000000000000000000009030000 Error: (08/15/2014 11:46:31 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT) Description: Performance1637070000000000000000000009030000 Error: (08/15/2014 11:33:48 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT) Description: WmiApRplWmiApRpl8F20300004D070000 Error: (08/15/2014 11:33:48 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT) Description: Performance1637070000000000000000000009030000 Error: (08/15/2014 11:33:48 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT) Description: Performance1637070000000000000000000009030000 Error: (08/15/2014 09:44:39 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT) Description: WmiApRplWmiApRpl8F20300004D070000 ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz Percentage of memory in use: 23% Total physical RAM: 8132.04 MB Available physical RAM: 6182.23 MB Total Pagefile: 10178.23 MB Available Pagefile: 7808.84 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:111.69 GB) (Free:70.1 GB) NTFS Drive d: (Volume) (Fixed) (Total:551.76 GB) (Free:507.18 GB) NTFS Drive e: (Volume) (Fixed) (Total:551.76 GB) (Free:545.75 GB) NTFS Drive f: (Volume) (Fixed) (Total:408.91 GB) (Free:386.77 GB) NTFS Drive g: () (Removable) (Total:7.39 GB) (Free:1.42 GB) FAT32 Drive h: (Volume) (Fixed) (Total:620.12 GB) (Free:611.53 GB) NTFS Drive i: (Volume) (Fixed) (Total:622.78 GB) (Free:566.59 GB) NTFS Drive k: (Volume) (Fixed) (Total:620.12 GB) (Free:586.41 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 112 GB) (Disk ID: 1D774CC6) Partition 1: (Not Active) - (Size=112 GB) - (Type=07 NTFS) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 35372313) Partition 1: (Not Active) - (Size=552 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=961 GB) - (Type=OF Extended) ======================================================== Disk: 2 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 4E55956E) Partition 1: (Not Active) - (Size=620 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=620 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=623 GB) - (Type=07 NTFS) ======================================================== Disk: 3 (Size: 7 GB) (Disk ID: 00000000) Partition: GPT Partition Type. ==================== End Of Log ============================ |
16.08.2014, 06:52 | #4 |
/// the machine /// TB-Ausbilder | PUP.Optional.WebSteroids.A Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
16.08.2014, 11:21 | #5 |
| PUP.Optional.WebSteroids.A Junkware Removal Tool (JRT) by Thisisu Version: 6.1.4 (04.06.2014:1) OS: Windows 7 Home Premium x64 Ran by Mark-Peter on 16.08.2014 at 11:33:51,32 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{02DD8284-A49F-43E5-9D84-CF19DC9AD21D} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{27DE7D30-BCCD-44D1-ADCB-A74A4259EBEF} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3A0EFC4E-F167-4D0E-9C24-FC5519237993} ~~~ Files Successfully deleted: [File] "C:\Windows\Tasks\wise care 365.job" Successfully deleted: [File] "C:\Windows\syswow64\wscm64.dll" ~~~ Folders Successfully deleted: [Folder] "C:\Program Files (x86)\myfree codec" ~~~ FireFox Emptied folder: C:\Users\Mark-Peter\AppData\Roaming\mozilla\firefox\profiles\sucmapd9.default\minidumps [51 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 16.08.2014 at 11:40:36,03 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-08-2014 02 Ran by Mark-Peter (administrator) on MARK-PETER-PC on 16-08-2014 11:42:45 Running from D:\Mozilla-Downloads Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 8 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (AMD) C:\Windows\System32\atiesrxx.exe (Microsoft Corporation) C:\Windows\System32\audiodg.exe (Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (AMD) C:\Windows\System32\atieclxx.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe () C:\Program Files (x86)\FeedReader30\feedreader.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (WiseCleaner.com) C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe () D:\janrufmonitor\jam.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (REINER SCT) C:\Windows\SysWOW64\cjpcsc.exe (Sanford, L.P.) C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe (AVM Berlin) C:\Users\Mark-Peter\AppData\Local\Apps\2.0\N9QOBBD3.TOD\PE8TCT8J.41Y\frit..tion_1acae14e4778b8d2_0002.0003_6dcb4a48ddb2ee39\fritzbox-usb-fernanschluss.exe (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE (MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe (Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Thisisu) D:\Mozilla-Downloads\JRT.exe (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [P17RunE] => RunDll32 P17RunE.dll,RunDLLEntry HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-07-31] (AVAST Software) HKU\S-1-5-21-3307784932-3257054885-3720409516-1001\...\Run: [BirthdayRemember6] => C:\Program Files (x86)\BirthdayRemember\BirthdayRemember.exe [2440704 2008-07-28] (BirthdayRemember) HKU\S-1-5-21-3307784932-3257054885-3720409516-1001\...\Run: [AVMUSBFernanschluss] => C:\Users\Mark-Peter\AppData\Local\Apps\2.0\N9QOBBD3.TOD\PE8TCT8J.41Y\frit..tion_1acae14e4778b8d2_0002.0003_6dcb4a48ddb2ee39\AVMAutoStart.exe [139264 2014-06-08] (AVM Berlin) HKU\S-1-5-21-3307784932-3257054885-3720409516-1001\...\Run: [feedreader.exe] => C:\Program Files (x86)\FeedReader30\feedreader.exe [2058240 2009-03-29] () HKU\S-1-5-21-3307784932-3257054885-3720409516-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-21-3307784932-3257054885-3720409516-1001\...\MountPoints2: {86a225f9-4aff-11e3-9b1b-002618988ac8} - K:\LaunchU3.exe -a HKU\S-1-5-21-3307784932-3257054885-3720409516-1001\...\MountPoints2: {a9365d54-bcbd-11e3-8a41-806e6f6e6963} - J:\wubi.exe Startup: C:\Users\Mark-Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jAnrufmonitor 5.0.lnk ShortcutTarget: jAnrufmonitor 5.0.lnk -> D:\janrufmonitor\jam.exe () ShellIconOverlayIdentifiers: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mark-Peter\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mark-Peter\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mark-Peter\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mark-Peter\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mark-Peter\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mark-Peter\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mark-Peter\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mark-Peter\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software) ShellIconOverlayIdentifiers: AcronisSyncError -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => No File ShellIconOverlayIdentifiers: AcronisSyncInProgress -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => No File ShellIconOverlayIdentifiers: AcronisSyncOk -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => No File ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB2D04FEBB143CF01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKCU - URL hxxp://search.conduit.com/Results.aspx?ctid=CT3323737&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=5&UP=SP7B061BD6-4860-4D72-AE7E-E762E5AA5BB9&q={searchTerms}&SSPV= SearchScopes: HKCU - SuggestionsURL_JSON hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms} BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre8\bin\ssv.dll (Oracle Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre8\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File DPF: HKLM-x32 {3746422E-4692-4429-9698-E3EB34FE07BC} hxxp://udo.selfhost.me/FSIPCam.cab DPF: HKLM-x32 {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} hxxp://192.168.178.24/codebase/DVM_IPCam2.ocx Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Filter-x32: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - No File Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Mark-Peter\AppData\Roaming\Mozilla\Firefox\Profiles\sucmapd9.default FF Homepage: hxxp://www.google.de/ FF NetworkProxy: "ftp", "79.142.126.3" FF NetworkProxy: "ftp_port", 8080 FF NetworkProxy: "http", "79.142.126.3" FF NetworkProxy: "http_port", 8080 FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co" FF NetworkProxy: "share_proxy_settings", true FF NetworkProxy: "socks", "79.142.126.3" FF NetworkProxy: "socks_port", 8080 FF NetworkProxy: "ssl", "79.142.126.3" FF NetworkProxy: "ssl_port", 8080 FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll () FF Plugin: @java.com/DTPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin-x32: @dymo.com/DymoLabelFramework -> C:\Program Files (x86)\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll ( Sanford L.P.) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @IPCWebComponents -> C:\Program Files (x86)\IPCWebComponents\npIPCReg.dll () FF Plugin-x32: @java.com/DTPlugin,version=11.11.2 -> C:\Program Files (x86)\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.11.2 -> C:\Program Files (x86)\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG) FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll (Tracker Software Products (Canada) Ltd.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Adblock Plus Pop-up Addon - C:\Users\Mark-Peter\AppData\Roaming\Mozilla\Firefox\Profiles\sucmapd9.default\Extensions\adblockpopups@jessehakanen.net.xpi [2013-11-11] FF Extension: AutoPager - C:\Users\Mark-Peter\AppData\Roaming\Mozilla\Firefox\Profiles\sucmapd9.default\Extensions\autopager@mozilla.org.xpi [2013-11-15] FF Extension: Facebook Disconnect - C:\Users\Mark-Peter\AppData\Roaming\Mozilla\Firefox\Profiles\sucmapd9.default\Extensions\facebook@disconnect.me.xpi [2013-11-15] FF Extension: Firebug - C:\Users\Mark-Peter\AppData\Roaming\Mozilla\Firefox\Profiles\sucmapd9.default\Extensions\firebug@software.joehewitt.com.xpi [2013-11-15] FF Extension: Stealthy - C:\Users\Mark-Peter\AppData\Roaming\Mozilla\Firefox\Profiles\sucmapd9.default\Extensions\stealthyextension@gmail.com.xpi [2013-11-15] FF Extension: عارض PDF - C:\Users\Mark-Peter\AppData\Roaming\Mozilla\Firefox\Profiles\sucmapd9.default\Extensions\uriloader@pdf.js.xpi [2013-11-15] FF Extension: ShowIP - C:\Users\Mark-Peter\AppData\Roaming\Mozilla\Firefox\Profiles\sucmapd9.default\Extensions\{3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}.xpi [2013-11-15] FF Extension: NoScript - C:\Users\Mark-Peter\AppData\Roaming\Mozilla\Firefox\Profiles\sucmapd9.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-06-28] FF Extension: ReloadEvery - C:\Users\Mark-Peter\AppData\Roaming\Mozilla\Firefox\Profiles\sucmapd9.default\Extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi [2013-11-15] FF Extension: Adblock Plus - C:\Users\Mark-Peter\AppData\Roaming\Mozilla\Firefox\Profiles\sucmapd9.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-11-11] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-03-05] Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-11] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-11] (AVAST Software) R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [106488 2014-07-11] (AVAST Software) R2 cjpcsc; C:\Windows\SysWOW64\cjpcsc.exe [515632 2013-05-21] (REINER SCT) S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2013-11-14] (Creative Labs) [File not signed] R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2008-11-18] (Creative Technology Ltd) [File not signed] R2 DymoPnpService; C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [33072 2013-03-05] (Sanford, L.P.) R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1253376 2009-08-27] (MAGIX AG) [File not signed] S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®) [File not signed] R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-07-05] (Intel Corporation) S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-08-21] (Intel Corporation) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) S2 WiseBootAssistant; C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe [580232 2013-04-25] (WiseCleaner.com) S2 HPSLPSVC; C:\Users\MARK-P~1\AppData\Local\Temp\7zS53A1\hpslpsvc64.dll [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R0 %ServiceName%; C:\Windows\System32\drivers\iusb3hcs.sys [19264 2014-04-05] (Intel Corporation) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-11] () R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-07-11] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-11] (AVAST Software) R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [448400 2014-07-11] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-11] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-11] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-11] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-11] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-11] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-11] () R3 avmaura; C:\Windows\System32\DRIVERS\avmaura.sys [116480 2014-06-08] (AVM Berlin) R3 cjusb; C:\Windows\System32\DRIVERS\cjusb.sys [35192 2012-09-04] (REINER SCT) R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28216 2014-04-05] (Intel Corporation) R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46016 2012-08-17] () R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [44928 2012-10-11] (ManyCam LLC) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-16] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation) R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [28160 2013-01-31] (ManyCam LLC) S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2013-11-14] () R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2013-11-11] (Acronis International GmbH) R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [198432 2013-11-11] (Acronis International GmbH) R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2013-11-11] (Acronis International GmbH) U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation) S3 cpuz134; \??\C:\Users\MARK-P~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-16 11:40 - 2014-08-16 11:40 - 00001276 _____ () C:\Users\Mark-Peter\Desktop\JRT.txt 2014-08-16 11:33 - 2014-08-16 11:33 - 00000000 ____D () C:\Windows\ERUNT 2014-08-16 11:27 - 2014-08-16 11:27 - 00000056 _____ () C:\Windows\setupact.log 2014-08-16 11:27 - 2014-08-16 11:27 - 00000000 _____ () C:\Windows\setuperr.log 2014-08-15 17:11 - 2014-08-15 20:53 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-08-15 16:02 - 2014-08-15 16:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair 2014-08-15 16:02 - 2014-08-15 16:02 - 00003464 _____ () C:\Windows\System32\Tasks\Reimage Reminder 2014-08-15 16:02 - 2014-08-15 16:02 - 00000000 ____D () C:\rei 2014-08-15 16:02 - 2014-08-15 16:02 - 00000000 ____D () C:\ProgramData\Reimage Protector 2014-08-15 16:01 - 2014-08-15 16:02 - 00000156 _____ () C:\Windows\Reimage.ini 2014-08-15 12:36 - 2014-08-16 11:42 - 00000000 ____D () C:\FRST 2014-08-15 11:55 - 2014-08-15 11:55 - 00003116 _____ () C:\Windows\System32\Tasks\WinZip Malware Protector_startup 2014-08-15 11:55 - 2014-08-15 11:55 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\Nico Mak Computing 2014-08-15 11:55 - 2014-08-15 11:55 - 00000000 ____D () C:\ProgramData\Nico Mak Computing 2014-08-15 11:55 - 2013-03-15 17:10 - 00020480 _____ () C:\Windows\system32\wsusnative64.exe 2014-08-11 21:50 - 2014-08-11 21:54 - 00000000 ____D () C:\ProgramData\firebird 2014-08-11 21:08 - 2014-08-11 21:50 - 00000000 ____D () C:\Users\Mark-Peter\Scoutsystems 2014-08-11 20:56 - 2014-08-11 20:56 - 00000000 ____D () C:\Users\Mark-Peter\.Report 2014-08-11 20:56 - 2014-08-11 20:56 - 00000000 ____D () C:\Users\Mark-Peter\.jfreereport 2014-08-07 00:29 - 2014-08-07 00:29 - 00002562 _____ () C:\Windows\diagwrn.xml 2014-08-07 00:29 - 2014-08-07 00:29 - 00001908 _____ () C:\Windows\diagerr.xml 2014-08-06 00:49 - 2014-08-06 00:49 - 00001933 _____ () C:\Users\Public\Desktop\Samsung Kies 3.lnk 2014-08-06 00:49 - 2014-08-06 00:49 - 00000000 ____D () C:\Users\Mark-Peter\Documents\SelfMV 2014-08-06 00:48 - 2014-05-07 17:42 - 00144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\Windows\SysWOW64\secman.dll 2014-08-03 19:50 - 2014-08-03 19:50 - 06004615 _____ (Tim Kosse) C:\Users\Mark-Peter\Downloads\FileZilla_3.9.0.2_win32-setup.exe 2014-08-03 19:50 - 2014-08-03 19:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client 2014-08-03 19:50 - 2014-08-03 19:50 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client 2014-08-03 16:09 - 2014-08-03 16:09 - 00000000 ____D () C:\Program Files\Bonjour 2014-08-03 16:09 - 2014-08-03 16:09 - 00000000 ____D () C:\Program Files (x86)\Bonjour 2014-08-03 16:09 - 2014-06-11 03:53 - 00423936 _____ (Hewlett-Packard) C:\Windows\system32\hpbprtmon.dll 2014-08-03 16:09 - 2014-06-11 03:53 - 00413184 _____ (Hewlett-Packard) C:\Windows\system32\hpbrprtmon.dll 2014-08-03 16:09 - 2014-06-11 03:52 - 00231424 _____ (Hewlett-Packard) C:\Windows\system32\hpbprtmonui.dll 2014-08-03 16:08 - 2014-08-03 16:08 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HP 2014-08-03 16:08 - 2014-08-03 16:08 - 00000000 ____D () C:\HP_ePrint 2014-08-02 12:18 - 2014-08-02 12:22 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\Feedreader 2014-08-02 12:18 - 2014-08-02 12:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FeedReader 2014-08-02 12:18 - 2014-08-02 12:18 - 00000000 ____D () C:\Program Files (x86)\FeedReader30 2014-07-29 10:35 - 2014-07-29 10:35 - 05981830 _____ (Tim Kosse) C:\Users\Mark-Peter\Downloads\FileZilla_3.9.0.1_win32-setup.exe 2014-07-25 14:43 - 2014-08-06 01:03 - 00000000 ___RD () C:\Users\Mark-Peter\Dropbox 2014-07-25 14:42 - 2014-08-06 00:41 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\Dropbox 2014-07-25 14:42 - 2014-07-25 14:42 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-07-23 00:55 - 2014-07-23 00:55 - 00000088 _____ () C:\Users\Mark-Peter\Desktop\listen.pls 2014-07-22 23:55 - 2014-08-15 22:50 - 00000000 ____D () C:\AdwCleaner 2014-07-21 11:47 - 2014-07-21 11:47 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-07-21 11:47 - 2014-07-21 11:47 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-07-21 11:47 - 2014-07-21 11:47 - 00176040 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-07-21 11:47 - 2014-07-21 11:47 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-07-21 11:47 - 2014-07-21 11:47 - 00000000 ____D () C:\Program Files (x86)\Java 2014-07-18 21:29 - 2014-07-18 21:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN 2014-07-17 22:59 - 2014-07-29 16:11 - 00000000 ____D () C:\Users\Mark-Peter\Desktop\Neuer Ordner ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-16 11:42 - 2014-08-15 12:36 - 00000000 ____D () C:\FRST 2014-08-16 11:40 - 2014-08-16 11:40 - 00001276 _____ () C:\Users\Mark-Peter\Desktop\JRT.txt 2014-08-16 11:37 - 2014-03-05 16:20 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-08-16 11:35 - 2009-07-14 06:45 - 00016336 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-08-16 11:35 - 2009-07-14 06:45 - 00016336 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-08-16 11:33 - 2014-08-16 11:33 - 00000000 ____D () C:\Windows\ERUNT 2014-08-16 11:33 - 2009-07-14 19:58 - 05830060 _____ () C:\Windows\system32\perfh007.dat 2014-08-16 11:33 - 2009-07-14 19:58 - 01742884 _____ () C:\Windows\system32\perfc007.dat 2014-08-16 11:33 - 2009-07-14 07:13 - 00006232 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-08-16 11:28 - 2014-06-29 15:43 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-16 11:28 - 2013-11-16 02:10 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\Wise Care 365 2014-08-16 11:28 - 2013-11-15 00:35 - 00001114 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-08-16 11:28 - 2013-11-14 16:49 - 00000000 ____D () C:\Users\Mark-Peter\Documents\jAnrufmonitor 2014-08-16 11:27 - 2014-08-16 11:27 - 00000056 _____ () C:\Windows\setupact.log 2014-08-16 11:27 - 2014-08-16 11:27 - 00000000 _____ () C:\Windows\setuperr.log 2014-08-16 11:27 - 2014-04-06 01:02 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-08-16 11:27 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-08-16 00:20 - 2013-11-15 00:35 - 00001118 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-08-15 23:31 - 2014-03-05 16:20 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-08-15 23:31 - 2013-11-14 01:20 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-08-15 23:31 - 2013-11-14 01:20 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-08-15 22:50 - 2014-07-22 23:55 - 00000000 ____D () C:\AdwCleaner 2014-08-15 22:24 - 2013-11-14 01:37 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\Skype 2014-08-15 21:57 - 2013-11-14 20:01 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\vlc 2014-08-15 20:53 - 2014-08-15 17:11 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-08-15 19:23 - 2013-11-22 13:33 - 00000000 ____D () C:\Program Files\stinger 2014-08-15 16:14 - 2014-08-15 16:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair 2014-08-15 16:02 - 2014-08-15 16:02 - 00003464 _____ () C:\Windows\System32\Tasks\Reimage Reminder 2014-08-15 16:02 - 2014-08-15 16:02 - 00000000 ____D () C:\rei 2014-08-15 16:02 - 2014-08-15 16:02 - 00000000 ____D () C:\ProgramData\Reimage Protector 2014-08-15 16:02 - 2014-08-15 16:01 - 00000156 _____ () C:\Windows\Reimage.ini 2014-08-15 11:55 - 2014-08-15 11:55 - 00003116 _____ () C:\Windows\System32\Tasks\WinZip Malware Protector_startup 2014-08-15 11:55 - 2014-08-15 11:55 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\Nico Mak Computing 2014-08-15 11:55 - 2014-08-15 11:55 - 00000000 ____D () C:\ProgramData\Nico Mak Computing 2014-08-15 09:27 - 2013-11-14 01:44 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\Winamp 2014-08-14 17:44 - 2014-06-24 00:27 - 00000000 ____D () C:\cbfunk-deutschland-neu 2014-08-13 17:52 - 2013-11-11 20:54 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-08-12 17:55 - 2013-11-11 21:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-08-12 14:24 - 2014-05-18 13:39 - 00002062 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk 2014-08-12 14:24 - 2014-05-18 13:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2014-08-12 10:17 - 2013-11-15 01:40 - 00000000 ____D () C:\Users\Mark-Peter\Documents\lqpl Invoice 2012 2014-08-11 21:54 - 2014-08-11 21:50 - 00000000 ____D () C:\ProgramData\firebird 2014-08-11 21:50 - 2014-08-11 21:08 - 00000000 ____D () C:\Users\Mark-Peter\Scoutsystems 2014-08-11 21:08 - 2013-11-11 19:43 - 00000000 ____D () C:\Users\Mark-Peter 2014-08-11 20:56 - 2014-08-11 20:56 - 00000000 ____D () C:\Users\Mark-Peter\.Report 2014-08-11 20:56 - 2014-08-11 20:56 - 00000000 ____D () C:\Users\Mark-Peter\.jfreereport 2014-08-11 19:38 - 2013-11-15 01:43 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\teamspeak2 2014-08-10 21:54 - 2013-12-19 14:19 - 00001062 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk 2014-08-10 21:54 - 2013-12-19 14:19 - 00001050 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk 2014-08-07 00:29 - 2014-08-07 00:29 - 00002562 _____ () C:\Windows\diagwrn.xml 2014-08-07 00:29 - 2014-08-07 00:29 - 00001908 _____ () C:\Windows\diagerr.xml 2014-08-06 23:42 - 2013-11-14 01:37 - 00000000 ____D () C:\ProgramData\Skype 2014-08-06 13:42 - 2013-11-14 02:29 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\TS3Client 2014-08-06 11:19 - 2013-12-27 20:51 - 00000000 ____D () C:\Program Files (x86)\MarkAny 2014-08-06 01:03 - 2014-07-25 14:43 - 00000000 ___RD () C:\Users\Mark-Peter\Dropbox 2014-08-06 00:52 - 2013-11-14 19:21 - 00000000 ____D () C:\Users\Mark-Peter\Documents\samsung 2014-08-06 00:51 - 2013-11-14 14:57 - 00000000 ____D () C:\ProgramData\Samsung 2014-08-06 00:50 - 2013-11-14 19:21 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\Samsung 2014-08-06 00:50 - 2013-11-14 19:21 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Local\Samsung 2014-08-06 00:50 - 2013-11-14 14:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung 2014-08-06 00:50 - 2013-11-14 14:57 - 00000000 ____D () C:\Program Files (x86)\Samsung 2014-08-06 00:50 - 2013-11-12 22:29 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-08-06 00:49 - 2014-08-06 00:49 - 00001933 _____ () C:\Users\Public\Desktop\Samsung Kies 3.lnk 2014-08-06 00:49 - 2014-08-06 00:49 - 00000000 ____D () C:\Users\Mark-Peter\Documents\SelfMV 2014-08-06 00:41 - 2014-07-25 14:42 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\Dropbox 2014-08-05 11:57 - 2013-11-11 21:16 - 00000600 _____ () C:\Users\Mark-Peter\AppData\Roaming\winscp.rnd 2014-08-04 14:28 - 2013-11-12 22:34 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\FileZilla 2014-08-04 10:06 - 2013-11-14 15:23 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Local\Deployment 2014-08-03 19:50 - 2014-08-03 19:50 - 06004615 _____ (Tim Kosse) C:\Users\Mark-Peter\Downloads\FileZilla_3.9.0.2_win32-setup.exe 2014-08-03 19:50 - 2014-08-03 19:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client 2014-08-03 19:50 - 2014-08-03 19:50 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client 2014-08-03 17:20 - 2013-11-14 18:25 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Local\HP 2014-08-03 16:11 - 2013-11-14 18:26 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\HpUpdate 2014-08-03 16:09 - 2014-08-03 16:09 - 00000000 ____D () C:\Program Files\Bonjour 2014-08-03 16:09 - 2014-08-03 16:09 - 00000000 ____D () C:\Program Files (x86)\Bonjour 2014-08-03 16:08 - 2014-08-03 16:08 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HP 2014-08-03 16:08 - 2014-08-03 16:08 - 00000000 ____D () C:\HP_ePrint 2014-08-03 16:08 - 2013-11-14 18:26 - 00000000 ____D () C:\ProgramData\HP 2014-08-03 16:08 - 2013-11-14 18:26 - 00000000 ____D () C:\Program Files (x86)\HP 2014-08-03 16:00 - 2013-11-23 14:18 - 00000000 ____D () C:\Quarantine 2014-08-02 12:22 - 2014-08-02 12:18 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\Feedreader 2014-08-02 12:18 - 2014-08-02 12:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FeedReader 2014-08-02 12:18 - 2014-08-02 12:18 - 00000000 ____D () C:\Program Files (x86)\FeedReader30 2014-08-02 11:42 - 2013-11-14 15:31 - 00000000 ____D () C:\Users\Mark-Peter\Documents\LiveZilla 2014-07-30 11:21 - 2014-06-18 12:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-07-29 16:11 - 2014-07-17 22:59 - 00000000 ____D () C:\Users\Mark-Peter\Desktop\Neuer Ordner 2014-07-29 10:35 - 2014-07-29 10:35 - 05981830 _____ (Tim Kosse) C:\Users\Mark-Peter\Downloads\FileZilla_3.9.0.1_win32-setup.exe 2014-07-26 01:00 - 2013-11-16 02:11 - 00000412 _____ () C:\Windows\Tasks\Wise Turbo Checker.job 2014-07-25 14:42 - 2014-07-25 14:42 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-07-25 00:23 - 2013-11-14 01:41 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client 2014-07-23 16:27 - 2013-11-17 21:04 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\DigiJay 2014-07-23 00:55 - 2014-07-23 00:55 - 00000088 _____ () C:\Users\Mark-Peter\Desktop\listen.pls 2014-07-21 14:24 - 2013-11-12 22:34 - 00000955 _____ () C:\Users\Public\Desktop\DigiJay.lnk 2014-07-21 14:24 - 2013-11-12 22:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DigiJay 2014-07-21 14:24 - 2013-11-12 22:34 - 00000000 ____D () C:\Program Files (x86)\DigiJay 2014-07-21 11:47 - 2014-07-21 11:47 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-07-21 11:47 - 2014-07-21 11:47 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-07-21 11:47 - 2014-07-21 11:47 - 00176040 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-07-21 11:47 - 2014-07-21 11:47 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-07-21 11:47 - 2014-07-21 11:47 - 00000000 ____D () C:\Program Files (x86)\Java 2014-07-18 21:29 - 2014-07-18 21:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN 2014-07-18 21:29 - 2013-11-14 20:01 - 00000831 _____ () C:\Users\Public\Desktop\VLC media player.lnk Some content of TEMP: ==================== C:\Users\Mark-Peter\AppData\Local\Temp\Quarantine.exe C:\Users\Mark-Peter\AppData\Local\Temp\ReimagePackage.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-08-07 08:37 ==================== End Of Log ============================ AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.306 - Bericht erstellt am 16/08/2014 um 11:45:18 # Aktualisiert 15/08/2014 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzername : Mark-Peter - MARK-PETER-PC # Gestartet von : D:\Mozilla-Downloads\adwcleaner_3.306.exe # Option : Suchen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** ***** [ Tasks ] ***** ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** ***** [ Browser ] ***** -\\ Internet Explorer v8.0.7601.17514 -\\ Mozilla Firefox v31.0 (x86 de) [ Datei : C:\Users\Mark-Peter\AppData\Roaming\Mozilla\Firefox\Profiles\sucmapd9.default\prefs.js ] ************************* AdwCleaner[R5].txt - [714 octets] - [16/08/2014 11:45:18] ########## EOF - C:\AdwCleaner\AdwCleaner[R5].txt - [773 octets] ########## |
17.08.2014, 07:10 | #6 |
/// the machine /// TB-Ausbilder | PUP.Optional.WebSteroids.AESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ --> PUP.Optional.WebSteroids.A |
17.08.2014, 12:19 | #7 |
| PUP.Optional.WebSteroids.A ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=2037e81d4974b541bdb1c40db5300727 # engine=19697 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=false # utc_time=2014-08-17 10:59:08 # local_time=2014-08-17 12:59:08 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='avast! Internet Security' # compatibility_mode=781 16777213 100 93 1390892 14248783 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776574 100 94 23521291 159902998 0 0 # scanned=331420 # found=11 # cleaned=0 # scan_time=5865 sh=3F8CCD9279F8D950622F536D3202CC0E44134A8E ft=1 fh=4cb693d7b46c457f vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\sweetpacks bundle uninstaller\uninstaller.exe.vir" sh=7560ADB6881D658A46F52AD1DCDF667B615F6EDE ft=1 fh=19f14dde2ee67322 vn="Variante von MSIL/AdvancedSystemProtector.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\WinZip Malware Protector\WinZipMalwareProtector.exe.vir" sh=24EACADAF8910146B00A3B6146FAD19E11BFF03B ft=1 fh=5e1dc8d93e2d8e01 vn="Variante von Win32/Hao123.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Package\BaiDu\hao123inst-egypt.exe" sh=34D77A23AA7C7648948E4BFAB31F33F517A785DC ft=1 fh=11cdaad78b073df2 vn="Variante von Win32/Hao123.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Package\BaiDu\hao123inst-japan.exe" sh=E5A3C100D2D0FD94482783AF2B2FF94CDFC9923F ft=1 fh=a0ddd0619a504a2e vn="Variante von Win32/Hao123.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Package\BaiDu\hao123inst.exe" sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="JS/Agent.NKW Trojaner" ac=I fn="D:\Mozilla-Downloads\137-2014-08-14-185627.tar.gz" sh=A981E3D6F03D3BD57D1472F33A4093A01533F8A8 ft=1 fh=7aaf7b3d0491af48 vn="Variante von MSIL/AdvancedSystemProtector.A evtl. unerwünschte Anwendung" ac=I fn="D:\Mozilla-Downloads\wzmp_8.exe" sh=9A579D06963998D2E015B69737AA1AA9D8A4F37B ft=1 fh=75557439e7bfbd68 vn="Variante von Win32/Hao123.A evtl. unerwünschte Anwendung" ac=I fn="D:\PC-neu-Installation\FFSetup3.1.1.exe" sh=9037E7BE4C82C4F9E717F12ED8FEF35498FC845A ft=0 fh=0000000000000000 vn="PHP/Obfuscated.D evtl. unerwünschte Anwendung" ac=I fn="F:\Homepage's\PHP FUSION\phponline_2.1.2.zip" sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="JS/Agent.NKW Trojaner" ac=I fn="K:\Vserver-oVZM-137-Backup\01-08-2014\137-2014-08-01-214425.tar.gz" sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="JS/Agent.NKW Trojaner" ac=I fn="K:\Vserver-oVZM-137-Backup\26-07-2014\137-2014-07-26-222126.tar.gz" Results of screen317's Security Check version 0.99.87 Windows 7 Service Pack 1 x64 (UAC is enabled) ``````````````Antivirus/Firewall Check:`````````````` avast! Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Java 8 Update 11 Java version out of Date! Adobe Flash Player 14.0.0.145 Mozilla Firefox (31.0) Mozilla Thunderbird (31.0.) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Malwarebytes Anti-Malware mbamscheduler.exe AVAST Software Avast AvastSvc.exe AVAST Software Avast afwServ.exe AVAST Software Avast avastui.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-08-2014 04 Ran by Mark-Peter (administrator) on MARK-PETER-PC on 17-08-2014 13:12:05 Running from D:\Mozilla-Downloads Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 8 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (AMD) C:\Windows\System32\atiesrxx.exe (Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (AMD) C:\Windows\System32\atieclxx.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe () C:\Program Files (x86)\FeedReader30\feedreader.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe () D:\janrufmonitor\jam.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (REINER SCT) C:\Windows\SysWOW64\cjpcsc.exe (Sanford, L.P.) C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe (AVM Berlin) C:\Users\Mark-Peter\AppData\Local\Apps\2.0\N9QOBBD3.TOD\PE8TCT8J.41Y\frit..tion_1acae14e4778b8d2_0002.0003_6dcb4a48ddb2ee39\fritzbox-usb-fernanschluss.exe (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE (MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Windows\System32\audiodg.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [P17RunE] => RunDll32 P17RunE.dll,RunDLLEntry HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-07-31] (AVAST Software) HKU\S-1-5-21-3307784932-3257054885-3720409516-1001\...\Run: [BirthdayRemember6] => C:\Program Files (x86)\BirthdayRemember\BirthdayRemember.exe [2440704 2008-07-28] (BirthdayRemember) HKU\S-1-5-21-3307784932-3257054885-3720409516-1001\...\Run: [AVMUSBFernanschluss] => C:\Users\Mark-Peter\AppData\Local\Apps\2.0\N9QOBBD3.TOD\PE8TCT8J.41Y\frit..tion_1acae14e4778b8d2_0002.0003_6dcb4a48ddb2ee39\AVMAutoStart.exe [139264 2014-06-08] (AVM Berlin) HKU\S-1-5-21-3307784932-3257054885-3720409516-1001\...\Run: [feedreader.exe] => C:\Program Files (x86)\FeedReader30\feedreader.exe [2058240 2009-03-29] () HKU\S-1-5-21-3307784932-3257054885-3720409516-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-21-3307784932-3257054885-3720409516-1001\...\MountPoints2: {63960f58-257a-11e4-80ae-bc5ff4e465d9} - G:\EasySuite.exe HKU\S-1-5-21-3307784932-3257054885-3720409516-1001\...\MountPoints2: {86a225f9-4aff-11e3-9b1b-002618988ac8} - K:\LaunchU3.exe -a HKU\S-1-5-21-3307784932-3257054885-3720409516-1001\...\MountPoints2: {a9365d54-bcbd-11e3-8a41-806e6f6e6963} - J:\wubi.exe Startup: C:\Users\Mark-Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jAnrufmonitor 5.0.lnk ShortcutTarget: jAnrufmonitor 5.0.lnk -> D:\janrufmonitor\jam.exe () ShellIconOverlayIdentifiers: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mark-Peter\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mark-Peter\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mark-Peter\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mark-Peter\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mark-Peter\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mark-Peter\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mark-Peter\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mark-Peter\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software) ShellIconOverlayIdentifiers: AcronisSyncError -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => No File ShellIconOverlayIdentifiers: AcronisSyncInProgress -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => No File ShellIconOverlayIdentifiers: AcronisSyncOk -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => No File ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB2D04FEBB143CF01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKCU - URL hxxp://search.conduit.com/Results.aspx?ctid=CT3323737&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=5&UP=SP7B061BD6-4860-4D72-AE7E-E762E5AA5BB9&q={searchTerms}&SSPV= SearchScopes: HKCU - SuggestionsURL_JSON hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms} BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre8\bin\ssv.dll (Oracle Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre8\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File DPF: HKLM-x32 {3746422E-4692-4429-9698-E3EB34FE07BC} hxxp://udo.selfhost.me/FSIPCam.cab DPF: HKLM-x32 {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} hxxp://192.168.178.24/codebase/DVM_IPCam2.ocx Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Filter-x32: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - No File Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Mark-Peter\AppData\Roaming\Mozilla\Firefox\Profiles\sucmapd9.default FF Homepage: hxxp://www.google.de/ FF NetworkProxy: "ftp", "79.142.126.3" FF NetworkProxy: "ftp_port", 8080 FF NetworkProxy: "http", "79.142.126.3" FF NetworkProxy: "http_port", 8080 FF NetworkProxy: "no_proxies_on", "localhost,stealthy.co" FF NetworkProxy: "share_proxy_settings", true FF NetworkProxy: "socks", "45.41.257" FF NetworkProxy: "socks_port", 8080 FF NetworkProxy: "ssl", "459.175.147.3" FF NetworkProxy: "ssl_port", 8010 FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll () FF Plugin: @java.com/DTPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin-x32: @dymo.com/DymoLabelFramework -> C:\Program Files (x86)\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll ( Sanford L.P.) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @IPCWebComponents -> C:\Program Files (x86)\IPCWebComponents\npIPCReg.dll () FF Plugin-x32: @java.com/DTPlugin,version=11.11.2 -> C:\Program Files (x86)\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.11.2 -> C:\Program Files (x86)\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG) FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll (Tracker Software Products (Canada) Ltd.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Adblock Plus Pop-up Addon - C:\Users\Mark-Peter\AppData\Roaming\Mozilla\Firefox\Profiles\sucmapd9.default\Extensions\adblockpopups@jessehakanen.net.xpi [2013-11-11] FF Extension: AutoPager - C:\Users\Mark-Peter\AppData\Roaming\Mozilla\Firefox\Profiles\sucmapd9.default\Extensions\autopager@mozilla.org.xpi [2013-11-15] FF Extension: Facebook Disconnect - C:\Users\Mark-Peter\AppData\Roaming\Mozilla\Firefox\Profiles\sucmapd9.default\Extensions\facebook@disconnect.me.xpi [2013-11-15] FF Extension: Firebug - C:\Users\Mark-Peter\AppData\Roaming\Mozilla\Firefox\Profiles\sucmapd9.default\Extensions\firebug@software.joehewitt.com.xpi [2013-11-15] FF Extension: Stealthy - C:\Users\Mark-Peter\AppData\Roaming\Mozilla\Firefox\Profiles\sucmapd9.default\Extensions\stealthyextension@gmail.com.xpi [2013-11-15] FF Extension: عارض PDF - C:\Users\Mark-Peter\AppData\Roaming\Mozilla\Firefox\Profiles\sucmapd9.default\Extensions\uriloader@pdf.js.xpi [2013-11-15] FF Extension: ShowIP - C:\Users\Mark-Peter\AppData\Roaming\Mozilla\Firefox\Profiles\sucmapd9.default\Extensions\{3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}.xpi [2013-11-15] FF Extension: NoScript - C:\Users\Mark-Peter\AppData\Roaming\Mozilla\Firefox\Profiles\sucmapd9.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-06-28] FF Extension: ReloadEvery - C:\Users\Mark-Peter\AppData\Roaming\Mozilla\Firefox\Profiles\sucmapd9.default\Extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi [2013-11-15] FF Extension: Adblock Plus - C:\Users\Mark-Peter\AppData\Roaming\Mozilla\Firefox\Profiles\sucmapd9.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-11-11] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-03-05] Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-11] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-11] (AVAST Software) R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [106488 2014-07-11] (AVAST Software) R2 cjpcsc; C:\Windows\SysWOW64\cjpcsc.exe [515632 2013-05-21] (REINER SCT) S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2013-11-14] (Creative Labs) [File not signed] R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2008-11-18] (Creative Technology Ltd) [File not signed] R2 DymoPnpService; C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [33072 2013-03-05] (Sanford, L.P.) R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1253376 2009-08-27] (MAGIX AG) [File not signed] S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®) [File not signed] R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-07-05] (Intel Corporation) S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-08-21] (Intel Corporation) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) S2 WiseBootAssistant; C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe [580232 2013-04-25] (WiseCleaner.com) S2 HPSLPSVC; C:\Users\MARK-P~1\AppData\Local\Temp\7zS53A1\hpslpsvc64.dll [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R0 %ServiceName%; C:\Windows\System32\drivers\iusb3hcs.sys [19264 2014-04-05] (Intel Corporation) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-11] () R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-07-11] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-11] (AVAST Software) R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [448400 2014-07-11] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-11] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-11] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-11] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-11] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-11] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-11] () R3 avmaura; C:\Windows\System32\DRIVERS\avmaura.sys [116480 2014-06-08] (AVM Berlin) R3 cjusb; C:\Windows\System32\DRIVERS\cjusb.sys [35192 2012-09-04] (REINER SCT) R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28216 2014-04-05] (Intel Corporation) R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46016 2012-08-17] () R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [44928 2012-10-11] (ManyCam LLC) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-17] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation) R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [28160 2013-01-31] (ManyCam LLC) S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2013-11-14] () R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2013-11-11] (Acronis International GmbH) R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [198432 2013-11-11] (Acronis International GmbH) R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2013-11-11] (Acronis International GmbH) U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation) S3 cpuz134; \??\C:\Users\MARK-P~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-17 11:16 - 2014-08-17 11:16 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-08-16 11:33 - 2014-08-16 11:33 - 00000000 ____D () C:\Windows\ERUNT 2014-08-15 17:11 - 2014-08-15 20:53 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-08-15 16:02 - 2014-08-15 16:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair 2014-08-15 16:02 - 2014-08-15 16:02 - 00003464 _____ () C:\Windows\System32\Tasks\Reimage Reminder 2014-08-15 16:02 - 2014-08-15 16:02 - 00000000 ____D () C:\rei 2014-08-15 16:02 - 2014-08-15 16:02 - 00000000 ____D () C:\ProgramData\Reimage Protector 2014-08-15 16:01 - 2014-08-15 16:02 - 00000156 _____ () C:\Windows\Reimage.ini 2014-08-15 12:36 - 2014-08-17 13:12 - 00000000 ____D () C:\FRST 2014-08-15 11:55 - 2014-08-15 11:55 - 00003116 _____ () C:\Windows\System32\Tasks\WinZip Malware Protector_startup 2014-08-15 11:55 - 2014-08-15 11:55 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\Nico Mak Computing 2014-08-15 11:55 - 2014-08-15 11:55 - 00000000 ____D () C:\ProgramData\Nico Mak Computing 2014-08-15 11:55 - 2013-03-15 17:10 - 00020480 _____ () C:\Windows\system32\wsusnative64.exe 2014-08-11 21:50 - 2014-08-11 21:54 - 00000000 ____D () C:\ProgramData\firebird 2014-08-11 21:08 - 2014-08-11 21:50 - 00000000 ____D () C:\Users\Mark-Peter\Scoutsystems 2014-08-11 20:56 - 2014-08-11 20:56 - 00000000 ____D () C:\Users\Mark-Peter\.Report 2014-08-11 20:56 - 2014-08-11 20:56 - 00000000 ____D () C:\Users\Mark-Peter\.jfreereport 2014-08-07 00:29 - 2014-08-07 00:29 - 00002562 _____ () C:\Windows\diagwrn.xml 2014-08-07 00:29 - 2014-08-07 00:29 - 00001908 _____ () C:\Windows\diagerr.xml 2014-08-06 00:49 - 2014-08-06 00:49 - 00001933 _____ () C:\Users\Public\Desktop\Samsung Kies 3.lnk 2014-08-06 00:49 - 2014-08-06 00:49 - 00000000 ____D () C:\Users\Mark-Peter\Documents\SelfMV 2014-08-06 00:48 - 2014-05-07 17:42 - 00144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\Windows\SysWOW64\secman.dll 2014-08-03 19:50 - 2014-08-03 19:50 - 06004615 _____ (Tim Kosse) C:\Users\Mark-Peter\Downloads\FileZilla_3.9.0.2_win32-setup.exe 2014-08-03 19:50 - 2014-08-03 19:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client 2014-08-03 19:50 - 2014-08-03 19:50 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client 2014-08-03 16:09 - 2014-08-03 16:09 - 00000000 ____D () C:\Program Files\Bonjour 2014-08-03 16:09 - 2014-08-03 16:09 - 00000000 ____D () C:\Program Files (x86)\Bonjour 2014-08-03 16:09 - 2014-06-11 03:53 - 00423936 _____ (Hewlett-Packard) C:\Windows\system32\hpbprtmon.dll 2014-08-03 16:09 - 2014-06-11 03:53 - 00413184 _____ (Hewlett-Packard) C:\Windows\system32\hpbrprtmon.dll 2014-08-03 16:09 - 2014-06-11 03:52 - 00231424 _____ (Hewlett-Packard) C:\Windows\system32\hpbprtmonui.dll 2014-08-03 16:08 - 2014-08-03 16:08 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HP 2014-08-03 16:08 - 2014-08-03 16:08 - 00000000 ____D () C:\HP_ePrint 2014-08-02 12:18 - 2014-08-02 12:22 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\Feedreader 2014-08-02 12:18 - 2014-08-02 12:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FeedReader 2014-08-02 12:18 - 2014-08-02 12:18 - 00000000 ____D () C:\Program Files (x86)\FeedReader30 2014-07-29 10:35 - 2014-07-29 10:35 - 05981830 _____ (Tim Kosse) C:\Users\Mark-Peter\Downloads\FileZilla_3.9.0.1_win32-setup.exe 2014-07-25 14:43 - 2014-08-06 01:03 - 00000000 ___RD () C:\Users\Mark-Peter\Dropbox 2014-07-25 14:42 - 2014-08-06 00:41 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\Dropbox 2014-07-25 14:42 - 2014-07-25 14:42 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-07-23 00:55 - 2014-07-23 00:55 - 00000088 _____ () C:\Users\Mark-Peter\Desktop\listen.pls 2014-07-22 23:55 - 2014-08-16 11:45 - 00000000 ____D () C:\AdwCleaner 2014-07-21 11:47 - 2014-07-21 11:47 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-07-21 11:47 - 2014-07-21 11:47 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-07-21 11:47 - 2014-07-21 11:47 - 00176040 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-07-21 11:47 - 2014-07-21 11:47 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-07-21 11:47 - 2014-07-21 11:47 - 00000000 ____D () C:\Program Files (x86)\Java 2014-07-18 21:29 - 2014-07-18 21:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-17 13:12 - 2014-08-15 12:36 - 00000000 ____D () C:\FRST 2014-08-17 12:37 - 2014-03-05 16:20 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-08-17 12:37 - 2009-07-14 19:58 - 05888228 _____ () C:\Windows\system32\perfh007.dat 2014-08-17 12:37 - 2009-07-14 19:58 - 01760956 _____ () C:\Windows\system32\perfc007.dat 2014-08-17 12:37 - 2009-07-14 07:13 - 00006232 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-08-17 12:28 - 2014-06-29 15:43 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-17 12:20 - 2013-11-15 00:35 - 00001118 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-08-17 11:16 - 2014-08-17 11:16 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-08-17 11:14 - 2013-11-14 01:37 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\Skype 2014-08-17 11:06 - 2009-07-14 06:45 - 00016336 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-08-17 11:06 - 2009-07-14 06:45 - 00016336 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-08-17 11:00 - 2013-11-16 02:10 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\Wise Care 365 2014-08-17 10:59 - 2014-04-06 01:02 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-08-17 10:59 - 2013-11-15 00:35 - 00001114 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-08-17 10:59 - 2013-11-14 16:49 - 00000000 ____D () C:\Users\Mark-Peter\Documents\jAnrufmonitor 2014-08-17 10:59 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-08-16 19:28 - 2013-11-14 14:52 - 00000000 ____D () C:\Program Files (x86)\FGS_Cashbook 2014-08-16 11:45 - 2014-07-22 23:55 - 00000000 ____D () C:\AdwCleaner 2014-08-16 11:33 - 2014-08-16 11:33 - 00000000 ____D () C:\Windows\ERUNT 2014-08-15 23:31 - 2014-03-05 16:20 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-08-15 23:31 - 2013-11-14 01:20 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-08-15 23:31 - 2013-11-14 01:20 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-08-15 21:57 - 2013-11-14 20:01 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\vlc 2014-08-15 20:53 - 2014-08-15 17:11 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-08-15 19:23 - 2013-11-22 13:33 - 00000000 ____D () C:\Program Files\stinger 2014-08-15 16:14 - 2014-08-15 16:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair 2014-08-15 16:02 - 2014-08-15 16:02 - 00003464 _____ () C:\Windows\System32\Tasks\Reimage Reminder 2014-08-15 16:02 - 2014-08-15 16:02 - 00000000 ____D () C:\rei 2014-08-15 16:02 - 2014-08-15 16:02 - 00000000 ____D () C:\ProgramData\Reimage Protector 2014-08-15 16:02 - 2014-08-15 16:01 - 00000156 _____ () C:\Windows\Reimage.ini 2014-08-15 11:55 - 2014-08-15 11:55 - 00003116 _____ () C:\Windows\System32\Tasks\WinZip Malware Protector_startup 2014-08-15 11:55 - 2014-08-15 11:55 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\Nico Mak Computing 2014-08-15 11:55 - 2014-08-15 11:55 - 00000000 ____D () C:\ProgramData\Nico Mak Computing 2014-08-15 09:27 - 2013-11-14 01:44 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\Winamp 2014-08-14 17:44 - 2014-06-24 00:27 - 00000000 ____D () C:\cbfunk-deutschland-neu 2014-08-13 17:52 - 2013-11-11 20:54 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-08-12 17:55 - 2013-11-11 21:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-08-12 14:24 - 2014-05-18 13:39 - 00002062 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk 2014-08-12 14:24 - 2014-05-18 13:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2014-08-12 10:17 - 2013-11-15 01:40 - 00000000 ____D () C:\Users\Mark-Peter\Documents\lqpl Invoice 2012 2014-08-11 21:54 - 2014-08-11 21:50 - 00000000 ____D () C:\ProgramData\firebird 2014-08-11 21:50 - 2014-08-11 21:08 - 00000000 ____D () C:\Users\Mark-Peter\Scoutsystems 2014-08-11 21:08 - 2013-11-11 19:43 - 00000000 ____D () C:\Users\Mark-Peter 2014-08-11 20:56 - 2014-08-11 20:56 - 00000000 ____D () C:\Users\Mark-Peter\.Report 2014-08-11 20:56 - 2014-08-11 20:56 - 00000000 ____D () C:\Users\Mark-Peter\.jfreereport 2014-08-11 19:38 - 2013-11-15 01:43 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\teamspeak2 2014-08-10 21:54 - 2013-12-19 14:19 - 00001062 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk 2014-08-10 21:54 - 2013-12-19 14:19 - 00001050 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk 2014-08-07 00:29 - 2014-08-07 00:29 - 00002562 _____ () C:\Windows\diagwrn.xml 2014-08-07 00:29 - 2014-08-07 00:29 - 00001908 _____ () C:\Windows\diagerr.xml 2014-08-06 23:42 - 2013-11-14 01:37 - 00000000 ____D () C:\ProgramData\Skype 2014-08-06 13:42 - 2013-11-14 02:29 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\TS3Client 2014-08-06 11:19 - 2013-12-27 20:51 - 00000000 ____D () C:\Program Files (x86)\MarkAny 2014-08-06 01:03 - 2014-07-25 14:43 - 00000000 ___RD () C:\Users\Mark-Peter\Dropbox 2014-08-06 00:52 - 2013-11-14 19:21 - 00000000 ____D () C:\Users\Mark-Peter\Documents\samsung 2014-08-06 00:51 - 2013-11-14 14:57 - 00000000 ____D () C:\ProgramData\Samsung 2014-08-06 00:50 - 2013-11-14 19:21 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\Samsung 2014-08-06 00:50 - 2013-11-14 19:21 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Local\Samsung 2014-08-06 00:50 - 2013-11-14 14:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung 2014-08-06 00:50 - 2013-11-14 14:57 - 00000000 ____D () C:\Program Files (x86)\Samsung 2014-08-06 00:50 - 2013-11-12 22:29 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-08-06 00:49 - 2014-08-06 00:49 - 00001933 _____ () C:\Users\Public\Desktop\Samsung Kies 3.lnk 2014-08-06 00:49 - 2014-08-06 00:49 - 00000000 ____D () C:\Users\Mark-Peter\Documents\SelfMV 2014-08-06 00:41 - 2014-07-25 14:42 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\Dropbox 2014-08-05 11:57 - 2013-11-11 21:16 - 00000600 _____ () C:\Users\Mark-Peter\AppData\Roaming\winscp.rnd 2014-08-04 14:28 - 2013-11-12 22:34 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\FileZilla 2014-08-04 10:06 - 2013-11-14 15:23 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Local\Deployment 2014-08-03 19:50 - 2014-08-03 19:50 - 06004615 _____ (Tim Kosse) C:\Users\Mark-Peter\Downloads\FileZilla_3.9.0.2_win32-setup.exe 2014-08-03 19:50 - 2014-08-03 19:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client 2014-08-03 19:50 - 2014-08-03 19:50 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client 2014-08-03 17:20 - 2013-11-14 18:25 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Local\HP 2014-08-03 16:11 - 2013-11-14 18:26 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\HpUpdate 2014-08-03 16:09 - 2014-08-03 16:09 - 00000000 ____D () C:\Program Files\Bonjour 2014-08-03 16:09 - 2014-08-03 16:09 - 00000000 ____D () C:\Program Files (x86)\Bonjour 2014-08-03 16:08 - 2014-08-03 16:08 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HP 2014-08-03 16:08 - 2014-08-03 16:08 - 00000000 ____D () C:\HP_ePrint 2014-08-03 16:08 - 2013-11-14 18:26 - 00000000 ____D () C:\ProgramData\HP 2014-08-03 16:08 - 2013-11-14 18:26 - 00000000 ____D () C:\Program Files (x86)\HP 2014-08-03 16:00 - 2013-11-23 14:18 - 00000000 ____D () C:\Quarantine 2014-08-02 12:22 - 2014-08-02 12:18 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\Feedreader 2014-08-02 12:18 - 2014-08-02 12:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FeedReader 2014-08-02 12:18 - 2014-08-02 12:18 - 00000000 ____D () C:\Program Files (x86)\FeedReader30 2014-08-02 11:42 - 2013-11-14 15:31 - 00000000 ____D () C:\Users\Mark-Peter\Documents\LiveZilla 2014-07-30 11:21 - 2014-06-18 12:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-07-29 16:11 - 2014-07-17 22:59 - 00000000 ____D () C:\Users\Mark-Peter\Desktop\Neuer Ordner 2014-07-29 10:35 - 2014-07-29 10:35 - 05981830 _____ (Tim Kosse) C:\Users\Mark-Peter\Downloads\FileZilla_3.9.0.1_win32-setup.exe 2014-07-26 01:00 - 2013-11-16 02:11 - 00000412 _____ () C:\Windows\Tasks\Wise Turbo Checker.job 2014-07-25 14:42 - 2014-07-25 14:42 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-07-25 00:23 - 2013-11-14 01:41 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client 2014-07-23 16:27 - 2013-11-17 21:04 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\DigiJay 2014-07-23 00:55 - 2014-07-23 00:55 - 00000088 _____ () C:\Users\Mark-Peter\Desktop\listen.pls 2014-07-21 14:24 - 2013-11-12 22:34 - 00000955 _____ () C:\Users\Public\Desktop\DigiJay.lnk 2014-07-21 14:24 - 2013-11-12 22:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DigiJay 2014-07-21 14:24 - 2013-11-12 22:34 - 00000000 ____D () C:\Program Files (x86)\DigiJay 2014-07-21 11:47 - 2014-07-21 11:47 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-07-21 11:47 - 2014-07-21 11:47 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-07-21 11:47 - 2014-07-21 11:47 - 00176040 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-07-21 11:47 - 2014-07-21 11:47 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-07-21 11:47 - 2014-07-21 11:47 - 00000000 ____D () C:\Program Files (x86)\Java 2014-07-18 21:29 - 2014-07-18 21:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN 2014-07-18 21:29 - 2013-11-14 20:01 - 00000831 _____ () C:\Users\Public\Desktop\VLC media player.lnk ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-08-07 08:37 ==================== End Of Log ============================ Über eine baldige Antwort würde ich mich freuen. |
17.08.2014, 22:57 | #8 | |
/// the machine /// TB-Ausbilder | PUP.Optional.WebSteroids.A Java updaten. Backups auf K, die von ESET angemeckert werden, löschen. Zitat:
Noch Probleme mit dem Rechner?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
17.08.2014, 23:15 | #9 |
| PUP.Optional.WebSteroids.A Hallo, bei dem Update sagt er aber das die aktuelle Java 8 Update 11 Installiert ist, und wenn ich es versuche bekomme ich eine Fehlermeldung. |
18.08.2014, 20:54 | #10 |
/// the machine /// TB-Ausbilder | PUP.Optional.WebSteroids.A Ignorier Java, Flaschanzeige von Securitycheck.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |