| |
| |||||||
Log-Analyse und Auswertung: Anzeige von "blockierten Ereignissen" störtWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
27.08.2014, 09:33
| #1 |
 |  Anzeige von "blockierten Ereignissen" stört Hallo, seit einigen Tagen versperrt mir ein ziemlich großes aufpoppendes hellgelbes Fenster den Blick auf den rechten unteren Bildschirmrand und damit auf mögliche wichtige andere Bildschirminhalte (s. Screenshot). Es sind bis zu 10 Zeilen. Die Inhalte der letzten Zeilen wechseln alle paar Sekunden. Mir gelingt es nicht, dieses Fenster zum Verschwinden zu bringen. Von welchem Programm kommt das, etwa von der Windows-Firewall (Windows 7)? Oder von Avira Free Antivirus? Ich habe nichts gegen die Blockade von möglicherweise infizierten Seiten, aber die Meldungen dürfen doch nicht den Bildschirminhalt verdecken! Außerdem sind sie für mich überflüssig, weil ich sie nicht verstehe. Kann jemand helfen? Ulli |
|
27.08.2014, 09:57
| #2 |
| /// the machine /// TB-Ausbilder    | Anzeige von "blockierten Ereignissen" stört hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
27.08.2014, 10:14
| #3 |
| | Anzeige von "blockierten Ereignissen" stört Mann, das ging ja schnell! Danke.
__________________ |
|
28.08.2014, 07:18
| #4 |
| /// the machine /// TB-Ausbilder | Anzeige von "blockierten Ereignissen" stört Hi, Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen. Ich kann auf Arbeit keine Anhänge öffnen, danke.  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
28.08.2014, 08:41
| #5 |
| | Anzeige von "blockierten Ereignissen" stört Sorry, das hatte ich nicht gewusst. Hoffentlich mache ich jetzt alles richtig! FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-08-2014
Ran by UB (administrator) on UB-PC on 27-08-2014 11:08:19
Running from C:\Users\UB\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Sphinx Software) C:\Program Files (x86)\Windows7FirewallControl\Windows7FirewallService.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Langmeier Software GmbH, Switzerland) C:\Program Files (x86)\Langmeier Software\Langmeier Backup\lmbackup.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodtray.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Samsung Electronics Co., Ltd.) D:\Samsung Kies\Kies\KiesTrayAgent.exe
(Thornsoft Development, Inc.) C:\Program Files (x86)\ClipMate7\ClipMate.exe
(ACD Systems International Inc.) C:\Program Files (x86)\Common Files\ACD Systems\DE\DevDetect.exe
(Daniel Manger Software) C:\Program Files (x86)\Kalenderchen\Kalenderchen.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Sphinx Software) C:\Program Files (x86)\Windows7FirewallControl\Windows7FirewallControl.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.10\AsusFanControlService.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
(Mister Group) C:\Program Files (x86)\System Explorer\SystemExplorer.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanNetService.exe
() C:\Program Files (x86)\LPT\srpts.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodag.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
() C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
(Uwe Sieber - www.uwe-sieber.de) C:\Tools\USBDLM\USBDLM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Uwe Sieber - www.uwe-sieber.de) C:\Tools\USBDLM\USBDLM_usr.exe
() C:\Program Files (x86)\LPT\srptsl.exe
() C:\Program Files (x86)\LPT\srptm.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Mister Group) C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Program Files (x86)\FastStone Capture\FSCapture.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [689488 2008-03-11] (CANON INC.)
HKLM\...\Run: [OODefragTray] => C:\Program Files\OO Software\Defrag\oodtray.exe [3998064 2012-06-06] (O&O Software GmbH)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [140568 2007-08-31] (Acronis)
HKLM\...\Run: [KiesTrayAgent] => D:\Samsung Kies\Kies\KiesTrayAgent.exe [310064 2014-05-28] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-07] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-20] (Intel Corporation)
HKLM-x32\...\Run: [Windows7FirewallControl] => C:\Program Files (x86)\Windows7FirewallControl\Windows7FirewallControl.exe [806912 2012-09-21] (Sphinx Software)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207360 2010-03-18] (ArcSoft Inc.)
HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [2622232 2007-08-31] (Acronis)
HKLM-x32\...\Run: [AcronisTimounterMonitor] => C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe [907040 2007-08-31] (Acronis)
HKLM-x32\...\Run: [SystemExplorerAutoStart] => C:\Program Files (x86)\System Explorer\SystemExplorer.exe [4008296 2014-05-12] (Mister Group)
HKLM-x32\...\Run: [KiesTrayAgent] => D:\Samsung Kies\Kies\KiesTrayAgent.exe [310064 2014-05-28] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [161584 2014-08-04] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1243157301-2590882679-505944417-1000\...\Run: [ClipMate7] => C:\Program Files (x86)\ClipMate7\ClipMate.exe [3760424 2009-01-31] (Thornsoft Development, Inc.)
HKU\S-1-5-21-1243157301-2590882679-505944417-1000\...\Run: [Device Detector] => DevDetect.exe -autorun
HKU\S-1-5-21-1243157301-2590882679-505944417-1000\...\Run: [DMS-Kalenderchen] => C:\Program Files (x86)\Kalenderchen\Kalenderchen.exe [3498496 2010-05-19] (Daniel Manger Software)
HKU\S-1-5-21-1243157301-2590882679-505944417-1000\...\MountPoints2: {09c8b007-2dd4-11e2-9def-c2021c3f4d6f} - H:\pushinst.exe
HKU\S-1-5-21-1243157301-2590882679-505944417-1000\...\MountPoints2: {f43196c8-2d8f-11e2-808b-806e6f6e6963} - X:\.\Bin\ASSETUP.exe
Lsa: [Authentication Packages] msv1_0 relog_ap
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
BootExecute: autocheck autochk * OODBS
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx880NHL4NpXhO1w6Yb0c1W97SuZoCycIxpUJ-gCzGjcB8CzCcZG6erFPTeU0ZVhjPPoOxR8h67j_OKaut2_FxtZyBTarSVVRuG-oZXR3RBFxHOtZfIqATKujReEoSbMnJInJ2qVLWzXhPjb_iBjkAEUAPbcho93T82drOO0Ji-3A,,&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx880NHL4NpXhO1w6Yb0c1W97SuZoCycIxpUJ-gCzGjcB8CzCcZG6erFPTeU0ZVhjPPoOxR8h67j_OKaut2_FxtZyzA95q4BM0hVCEznglFBk3ujIEUq2bgh8WJnXPoTdQAHTe_98H8xnKUikNAsOAo1WhA5exuXwSh7bZG6ARjtQ,,
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://isearch.babylon.com/?affID=116216&tt=4912_6&babsrc=HP_ss&mntrId=087c551f0000000000003085a9f62535
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx880NHL4NpXhO1w6Yb0c1W97SuZoCycIxpUJ-gCzGjcB8CzCcZG6erFPTeU0ZVhjPPoOxR8h67j_OKaut2_FxtZyBTarSVVRuG-oZXR3RBFxHOtZfIqATKujReEoSbMnJInJ2qVLWzXhPjb_iBjkAEUAPbcho93T82drOO0Ji-3A,,&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx880NHL4NpXhO1w6Yb0c1W97SuZoCycIxpUJ-gCzGjcB8CzCcZG6erFPTeU0ZVhjPPoOxR8h67j_OKaut2_FxtZyBTarSVVRuG-oZXR3RBFxHOtZfIqATKujReEoSbMnJInJ2qVLWzXhPjb_iBjkADQIQL3xgwQml1qFrH5iDO1A,,&q={searchTerms}
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx880NHL4NpXhO1w6Yb0c1W97SuZoCycIxpUJ-gCzGjcB8CzCcZG6erFPTeU0ZVhjPPoOxR8h67j_OKaut2_FxtZyBTarSVVRuG-oZXR3RBFxHOtZfIqATKujReEoSbMnJInJ2qVLWzXhPjb_iBjkADQIQL3xgwQml1qFrH5iDO1A,,&q={searchTerms}
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx880NHL4NpXhO1w6Yb0c1W97SuZoCycIxpUJ-gCzGjcB8CzCcZG6erFPTeU0ZVhjPPoOxR8h67j_OKaut2_FxtZyBTarSVVRuG-oZXR3RBFxHOtZfIqATKujReEoSbMnJInJ2qVLWzXhPjb_iBjkAEUAPbcho93T82drOO0Ji-3A,,&q={searchTerms}
SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx880NHL4NpXhO1w6Yb0c1W97SuZoCycIxpUJ-gCzGjcB8CzCcZG6erFPTeU0ZVhjPPoOxR8h67j_OKaut2_FxtZyBTarSVVRuG-oZXR3RBFxHOtZfIqATKujReEoSbMnJInJ2qVLWzXhPjb_iBjkAEUAPbcho93T82drOO0Ji-3A,,&q={searchTerms}
SearchScopes: HKCU - {42E0615A-ED6C-4119-8DF3-E9FA8EDF204A} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=FXTV5&o=101699&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^F4&apn_dtid=^YYYYYY^YY^DE&apn_uid=f950355a-6b7b-4113-b6ee-e9703bbbc4d3&apn_sauid=BC4DD6AA-39AE-49C6-AFA6-9DCCDF7D457E
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={FBA81CD2-F3DF-42FC-906D-71124080FDE3}&mid=10ca46cd78b947d084b3e1ccef12ccc6-e3b5ee5a16b4ebc64e965ee865f2921e7907d3e7&lang=de&ds=tc011&pr=sa&d=&v=&sap=dsp&q={searchTerms}
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll (CANON INC.)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - No File
Handler-x32: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Tcpip\..\Interfaces\{B13C63AC-E3CE-428E-9B78-65C1FBF91F26}: [NameServer] 192.168.178.1
Tcpip\..\Interfaces\{F1318F98-6E7A-4587-A3B4-0386D672D97E}: [NameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\UB\AppData\Roaming\Mozilla\Firefox\Profiles\y2ycry0v.default
FF DefaultSearchEngine: SafeFinder Search
FF SelectedSearchEngine: SafeFinder Search
FF Homepage: hxxp://duckduckgo.com/
FF Keyword.URL: hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx880NHL4NpXhO1w6Yb0c1W97SuZoCycIxpUJ-gCzGjcB8CzCcZG6erFPTeU0ZVhjPPoOxR8h67j_OKaut2_FxtZyBTarSVVRuG-oZXR3RBFxHOtZfIqATKujReEoSbMnJInJ2qVLWzXhPjb_iBjkAEUAPbcho93T82drOO0Ji-3A,,&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll (Adobe Systems, Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin HKCU: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF SearchPlugin: C:\Users\UB\AppData\Roaming\Mozilla\Firefox\Profiles\y2ycry0v.default\searchplugins\0180-telefonbuch.xml
FF SearchPlugin: C:\Users\UB\AppData\Roaming\Mozilla\Firefox\Profiles\y2ycry0v.default\searchplugins\avira-safesearch.xml
FF SearchPlugin: C:\Users\UB\AppData\Roaming\Mozilla\Firefox\Profiles\y2ycry0v.default\searchplugins\babylon1.xml
FF SearchPlugin: C:\Users\UB\AppData\Roaming\Mozilla\Firefox\Profiles\y2ycry0v.default\searchplugins\duckduckgo.xml
FF SearchPlugin: C:\Users\UB\AppData\Roaming\Mozilla\Firefox\Profiles\y2ycry0v.default\searchplugins\leo-deu-fra.xml
FF SearchPlugin: C:\Users\UB\AppData\Roaming\Mozilla\Firefox\Profiles\y2ycry0v.default\searchplugins\SafeFinder Search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira Browser Safety - C:\Users\UB\AppData\Roaming\Mozilla\Firefox\Profiles\y2ycry0v.default\Extensions\abs@avira.com [2014-08-18]
FF Extension: No Name - C:\Users\UB\AppData\Roaming\Mozilla\Firefox\Profiles\y2ycry0v.default\Extensions\staged [2012-11-16]
FF Extension: Fox!Box - C:\Users\UB\AppData\Roaming\Mozilla\Firefox\Profiles\y2ycry0v.default\Extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8}.xpi [2014-07-22]
Chrome:
=======
CHR DefaultSearchKeyword: Default -> search.yahoo.com
CHR DefaultSearchProvider: Default -> Web
CHR DefaultSearchURL: Default -> hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx880NHL4NpXhO1w6Yb0c1W97SuZoCycIxpUJ-gCzGjcB8CzCcZG6erFPTeU0ZVhjPPoOxR8h67j_OKaut2_FxtZyBTarSVVRuG-oZXR3RBFxHOtZfIqATKujReEoSbMnJInJ2qVLWzXhPjb_iBjkADQIQL3xgwQml1qFrH5iDO1A,,&q={searchTerms}
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR Profile: C:\Users\UB\AppData\Local\Google\Chrome\User Data\Default
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-17] (Adobe Systems Incorporated)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-07] (Avira Operations GmbH & Co. KG)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2012-06-01] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-06-01] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-17] (ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.10\AsusFanControlService.exe [1475744 2012-05-25] (ASUSTeK Computer Inc.)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [149296 2014-08-04] (Avira Operations GmbH & Co. KG)
R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin) [File not signed]
R3 ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [160768 2011-05-27] (Intel Corporation) [File not signed]
R2 LPTSystemUpdater; C:\Program Files (x86)\LPT\srpts.exe [32888 2014-08-13] ()
R2 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [3293552 2012-06-06] (O&O Software GmbH)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [386344 2010-08-19] ()
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1225312 2012-11-26] (Secunia)
R3 SystemExplorerHelpService; C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe [821720 2012-11-25] (Mister Group)
R2 TryAndDecideService; C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [498872 2007-08-31] ()
R2 USBDLM; C:\Tools\USBDLM\USBDLM.exe [451560 2013-02-25] (Uwe Sieber - www.uwe-sieber.de) [File not signed]
R2 Windows7FirewallService; C:\Program Files (x86)\Windows7FirewallControl\Windows7FirewallService.exe [491520 2012-09-21] (Sphinx Software) [File not signed]
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [613760 2012-10-29] (Wacom Technology, Corp.)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
S3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-20] (MCCI Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-20] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-19] (Avira Operations GmbH & Co. KG)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-22] (AVM Berlin)
S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2010-10-22] (AVM GmbH)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-10] (Corel Corporation)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [27960 2013-01-02] (Synaptics Incorporated)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-27 11:08 - 2014-08-27 11:08 - 00022839 _____ () C:\Users\UB\Desktop\FRST.txt
2014-08-27 11:08 - 2014-08-27 11:08 - 00000000 ____D () C:\FRST
2014-08-27 11:06 - 2014-08-27 11:03 - 02103296 _____ (Farbar) C:\Users\UB\Desktop\FRST64.exe
2014-08-26 18:43 - 2014-08-26 18:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec
2014-08-26 18:43 - 2014-08-26 18:43 - 00000000 ____D () C:\Program Files (x86)\MyFree Codec
2014-08-25 12:10 - 2014-08-27 09:10 - 00000336 _____ () C:\Windows\setupact.log
2014-08-25 12:10 - 2014-08-25 12:10 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-25 11:46 - 2014-08-25 11:46 - 00001170 _____ () C:\Users\UB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-25 11:23 - 2014-08-25 11:23 - 00000000 ____D () C:\NEW_VOLUME
2014-08-24 18:38 - 2014-08-26 11:42 - 00000085 ___SH () C:\ProgramData\.zreglib
2014-08-24 18:35 - 2014-08-24 18:35 - 00000000 ____D () C:\Users\UB\AppData\Local\WorldofTanks
2014-08-24 18:35 - 2014-08-24 18:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes
2014-08-24 18:35 - 2014-08-24 18:35 - 00000000 ____D () C:\Program Files (x86)\LPT
2014-08-24 18:35 - 2014-08-24 18:35 - 00000000 ____D () C:\Program Files (x86)\Elaborate Bytes
2014-08-24 18:34 - 2014-08-25 10:38 - 00000000 ____D () C:\Program Files (x86)\PC Speed Maximizer
2014-08-24 18:34 - 2014-08-24 18:34 - 00000000 ____D () C:\Users\UB\AppData\Roaming\0S1P1R2Y1C1P1Q0D1F2W1G1I1F1T1Q
2014-08-24 18:34 - 2014-08-24 18:34 - 00000000 ____D () C:\Users\UB\AppData\Local\GGEmpire
2014-08-22 17:48 - 2014-08-22 17:48 - 00000000 ____D () C:\Users\UB\Desktop\AIDA
2014-08-10 17:27 - 2014-08-13 00:57 - 00000000 ____D () C:\Users\UB\Desktop\Omnia
2014-08-07 09:13 - 2014-08-20 16:17 - 00001147 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-07 09:13 - 2014-08-20 16:17 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-06 07:10 - 2014-08-06 07:10 - 00002085 ____N () C:\Users\UB\Desktop\MyPhoneExplorer.lnk
2014-08-05 18:30 - 2014-08-05 18:30 - 00002067 _____ () C:\Users\Public\Desktop\MyPhoneExplorer.lnk
2014-08-05 18:30 - 2014-08-05 18:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer
2014-08-05 18:30 - 2014-08-05 18:30 - 00000000 ____D () C:\Program Files (x86)\MyPhoneExplorer
2014-08-05 18:04 - 2014-08-05 18:04 - 00000000 ____D () C:\Users\UB\.android
2014-08-05 18:02 - 2014-08-16 01:56 - 00000000 ____D () C:\Users\UB\AppData\Roaming\MyPhoneExplorer
2014-08-03 11:01 - 2014-08-03 11:01 - 00000000 ____D () C:\Program Files (x86)\MSECache
2014-07-31 10:01 - 2014-07-31 10:01 - 00000000 ____D () C:\Users\UB\Desktop\Screenshots
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-27 11:08 - 2014-08-27 11:08 - 00022839 _____ () C:\Users\UB\Desktop\FRST.txt
2014-08-27 11:08 - 2014-08-27 11:08 - 00000000 ____D () C:\FRST
2014-08-27 11:08 - 2012-11-13 16:58 - 01250612 _____ () C:\Windows\WindowsUpdate.log
2014-08-27 11:05 - 2012-12-16 18:54 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-27 11:03 - 2014-08-27 11:06 - 02103296 _____ (Farbar) C:\Users\UB\Desktop\FRST64.exe
2014-08-27 10:31 - 2012-12-15 01:47 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-27 09:18 - 2009-07-14 06:45 - 00022512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-27 09:18 - 2009-07-14 06:45 - 00022512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-27 09:16 - 2011-04-12 09:43 - 20318770 _____ () C:\Windows\system32\perfh007.dat
2014-08-27 09:16 - 2011-04-12 09:43 - 06336750 _____ () C:\Windows\system32\perfc007.dat
2014-08-27 09:16 - 2009-07-14 07:13 - 00010576 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-27 09:11 - 2012-11-25 11:50 - 00000000 ____D () C:\ProgramData\Temp
2014-08-27 09:11 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-27 09:10 - 2014-08-25 12:10 - 00000336 _____ () C:\Windows\setupact.log
2014-08-27 09:10 - 2013-03-09 18:46 - 01518440 _____ () C:\Windows\system32\oodbs.lor
2014-08-26 18:44 - 2014-06-04 15:35 - 00000757 _____ () C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
2014-08-26 18:44 - 2014-06-04 15:35 - 00000747 _____ () C:\Users\Public\Desktop\Samsung Kies.lnk
2014-08-26 18:43 - 2014-08-26 18:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec
2014-08-26 18:43 - 2014-08-26 18:43 - 00000000 ____D () C:\Program Files (x86)\MyFree Codec
2014-08-26 18:43 - 2013-02-06 14:47 - 00003906 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{3D791F18-8226-448D-8AB0-9EE369A04736}
2014-08-26 17:39 - 2013-11-29 19:15 - 00869376 _____ () C:\Users\UB\Documents\Meine Konten.sub
2014-08-26 11:42 - 2014-08-24 18:38 - 00000085 ___SH () C:\ProgramData\.zreglib
2014-08-26 11:42 - 2014-03-24 17:24 - 00000000 ____D () C:\Users\UB\AppData\Roaming\vlc
2014-08-26 11:24 - 2013-02-22 19:37 - 00000000 ____D () C:\ProgramData\DVD Shrink
2014-08-25 12:10 - 2014-08-25 12:10 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-25 11:46 - 2014-08-25 11:46 - 00001170 _____ () C:\Users\UB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-25 11:39 - 2013-03-12 15:52 - 00000000 ____D () C:\Users\UB\Desktop\Brennen
2014-08-25 11:36 - 2014-04-05 23:54 - 00000000 ____D () C:\Users\UB\AppData\Roaming\dvdcss
2014-08-25 11:23 - 2014-08-25 11:23 - 00000000 ____D () C:\NEW_VOLUME
2014-08-25 10:40 - 2013-11-09 01:35 - 00000000 ____D () C:\Windows\Minidump
2014-08-25 10:38 - 2014-08-24 18:34 - 00000000 ____D () C:\Program Files (x86)\PC Speed Maximizer
2014-08-24 18:35 - 2014-08-24 18:35 - 00000000 ____D () C:\Users\UB\AppData\Local\WorldofTanks
2014-08-24 18:35 - 2014-08-24 18:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes
2014-08-24 18:35 - 2014-08-24 18:35 - 00000000 ____D () C:\Program Files (x86)\LPT
2014-08-24 18:35 - 2014-08-24 18:35 - 00000000 ____D () C:\Program Files (x86)\Elaborate Bytes
2014-08-24 18:34 - 2014-08-24 18:34 - 00000000 ____D () C:\Users\UB\AppData\Roaming\0S1P1R2Y1C1P1Q0D1F2W1G1I1F1T1Q
2014-08-24 18:34 - 2014-08-24 18:34 - 00000000 ____D () C:\Users\UB\AppData\Local\GGEmpire
2014-08-22 17:49 - 2013-01-01 23:20 - 00000000 ____D () C:\Users\UB\Desktop\Utilities
2014-08-22 17:48 - 2014-08-22 17:48 - 00000000 ____D () C:\Users\UB\Desktop\AIDA
2014-08-22 17:35 - 2014-06-20 09:52 - 00000000 ____D () C:\Users\UB\Desktop\PBeaKK
2014-08-20 16:17 - 2014-08-07 09:13 - 00001147 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-20 16:17 - 2014-08-07 09:13 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-20 16:17 - 2012-11-14 12:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-20 16:17 - 2012-11-14 12:01 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-08-16 01:56 - 2014-08-05 18:02 - 00000000 ____D () C:\Users\UB\AppData\Roaming\MyPhoneExplorer
2014-08-15 08:39 - 2014-06-28 09:40 - 00000000 ____D () C:\Users\UB\Desktop\Bedienungsanleitungen
2014-08-15 08:31 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-13 00:57 - 2014-08-10 17:27 - 00000000 ____D () C:\Users\UB\Desktop\Omnia
2014-08-11 18:36 - 2014-07-19 13:29 - 00000000 ___HD () C:\Users\UB\Desktop\[Originaldateien]
2014-08-10 17:37 - 2013-02-09 18:36 - 00001158 _____ () C:\Users\UB\AppData\Roaming\ShiftN.ini
2014-08-09 12:59 - 2013-01-14 18:11 - 00000000 ____D () C:\ProgramData\Buhl Data Service GmbH
2014-08-09 12:41 - 2013-05-15 13:25 - 00003201 ____N () C:\Users\UB\Desktop\Sterbefall-Todo-Liste
2014-08-07 09:13 - 2012-11-14 12:01 - 00000000 ____D () C:\ProgramData\Avira
2014-08-06 11:09 - 2013-06-14 00:47 - 00006386 _____ () C:\Users\UB\Documents\TopBankingError.txt
2014-08-06 07:10 - 2014-08-06 07:10 - 00002085 ____N () C:\Users\UB\Desktop\MyPhoneExplorer.lnk
2014-08-05 18:30 - 2014-08-05 18:30 - 00002067 _____ () C:\Users\Public\Desktop\MyPhoneExplorer.lnk
2014-08-05 18:30 - 2014-08-05 18:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer
2014-08-05 18:30 - 2014-08-05 18:30 - 00000000 ____D () C:\Program Files (x86)\MyPhoneExplorer
2014-08-05 18:04 - 2014-08-05 18:04 - 00000000 ____D () C:\Users\UB\.android
2014-08-05 18:04 - 2012-11-13 16:58 - 00000000 ____D () C:\Users\UB
2014-08-03 11:01 - 2014-08-03 11:01 - 00000000 ____D () C:\Program Files (x86)\MSECache
2014-08-03 11:01 - 2013-08-06 18:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-08-01 08:38 - 2013-06-13 18:27 - 00001995 _____ () C:\Users\UB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Banking 4W.lnk
2014-07-31 10:01 - 2014-07-31 10:01 - 00000000 ____D () C:\Users\UB\Desktop\Screenshots
Some content of TEMP:
====================
C:\Users\UB\AppData\Local\Temp\avgnt.exe
C:\Users\UB\AppData\Local\Temp\Foxit Updater.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-07-20 10:41
==================== End Of Log ============================
--- --- --- --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-08-2014
Ran by UB at 2014-08-27 11:08:37
Running from C:\Users\UB\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKLM-x32\...\uTorrent) (Version: 3.3.0.29126 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
ACDSee Foto-Manager 12 (HKLM-x32\...\{A5CBD7C5-CF16-443F-A4F2-3503C9DE311B}) (Version: 12.0.344 - ACD Systems International Inc.)
Acronis*True*Image*Home (HKLM-x32\...\{E5343B27-55DF-40BD-9FCF-A643C1331E8A}) (Version: 11.0.8010 - Acronis)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Photoshop Elements 11 (HKLM-x32\...\Adobe Photoshop Elements 11) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 11 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.5.146 - Adobe Systems, Inc.)
AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 1.04.04 - ASUSTeK Computer Inc.)
Aplus DVD Copy 10.04 (HKLM-x32\...\Aplus DVD Copy_is1) (Version: - Aplus Software Inc.)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft PhotoStudio 6 (HKLM-x32\...\{ED8EF3C2-FA5B-4A1E-950D-5A0227161F97}) (Version: 6.0.1.148 - ArcSoft)
Art Effects for PDR10 (HKLM\...\NewBlue Art Effects for PDR10) (Version: 2.0 - NewBlue)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Avira (HKLM-x32\...\{e67154a7-9cc5-4167-b782-f3982bc6c70d}) (Version: 1.1.19.30000 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.19.30000 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.552 - Avira)
AVM FRITZ!WLAN (HKLM-x32\...\AVMWLANCLI) (Version: - AVM Berlin)
Banking 4W (HKLM-x32\...\TopBanking) (Version: - Subsembly GmbH)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.4.1.0 - Canon Inc.)
Canon iP4700 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4700_series) (Version: - )
Canon iP7200 series Benutzerregistrierung (HKLM-x32\...\Canon iP7200 series Benutzerregistrierung) (Version: - Canon Inc.)
Canon iP7200 series On-screen Manual (HKLM-x32\...\Canon iP7200 series On-screen Manual) (Version: 7.5.0 - Canon Inc.)
Canon iP7200 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP7200_series) (Version: - Canon Inc.)
Canon MP Navigator EX 2.0 (HKLM-x32\...\MP Navigator EX 2.0) (Version: - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version: - )
CanoScan 5600F Scanner Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4808) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 3.26 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.3.4643 - CDBurnerXP)
ClipMate 7 (HKLM-x32\...\{2E924A2A-8FBC-4C84-8A3A-63FB386C9A29}_is1) (Version: 7 - Thornsoft Development, Inc.)
CloneDVD2 (HKLM-x32\...\CloneDVD2) (Version: 2.9.3.0 - Elaborate Bytes)
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6021.5000 - Microsoft Corporation)
CopyCd personal (HKCU\...\ReuschtoolsCopyCd) (Version: CopyCd_1.2_german - Arndt Reusch eK, Germany)
CrystalDiskInfo 5.0.4 Shizuku Edition (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 5.0.4 - Crystal Dew World)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.1129a - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.1129a - CyberLink Corp.) Hidden
CyberLink WaveEditor (HKLM-x32\...\InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}) (Version: 1.0.1.3320 - CyberLink Corp.)
CyberLink WaveEditor (x32 Version: 1.0.1.3320 - CyberLink Corp.) Hidden
Elements 11 Organizer (x32 Version: 11.0 - Ihr Firmenname) Hidden
FastStone Capture 5.3 (HKLM-x32\...\FastStone Capture) (Version: 5.3 - FastStone Soft)
FastStone Photo Resizer 3.1 (HKLM-x32\...\FastStone Photo Resizer) (Version: 3.1 - FastStone Soft.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 5.4.5.124 - Foxit Corporation)
GeoGebra 4.2 (HKLM-x32\...\GeoGebra 4.2) (Version: 4.2.51.0 - International GeoGebra Institute)
GIMP 2.8.2 (HKLM\...\GIMP-2_is1) (Version: 2.8.2 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 24.0.1312.57 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.21.123 - Google Inc.) Hidden
GoogleClean (HKLM-x32\...\{4281435C-AD1D-4C8A-B9C0-3961C08EF142}_is1) (Version: 5.0.000 - Abelssoft)
Gratis downloaden & installieren Packages (HKCU\...\Gratis downloaden & installieren Packages) (Version: - ) <==== ATTENTION
HKGELD-2000 Version 1.14 (HKLM-x32\...\HKGELD-2000_is1) (Version: - Holger Krinke Softwareentwicklung)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2867 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.5.235 - Intel Corporation)
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version: - Intel Corporation)
Kalenderchen 5 (HKLM-x32\...\{11464943-4682-4F6B-A96D-D4E8C26DD111}_is1) (Version: - Daniel Manger)
Konz 2013 (HKLM-x32\...\InstallShield_{76651FD7-2B71-4B61-9F3A-E82F52F08D92}) (Version: 1.00.0000 - USM)
Konz 2013 (x32 Version: 1.00.0000 - USM) Hidden
KONZ-Steuer-2014 (HKLM-x32\...\InstallShield_{20F1078B-E3B6-4DA1-9570-003DE110890A}) (Version: 1.00.0000 - USM)
KONZ-Steuer-2014 (x32 Version: 1.00.0000 - USM) Hidden
Langmeier Backup (HKLM-x32\...\{C4B6AD5E-61D9-4C55-9EF1-99960994EDAC}) (Version: 6 - Langmeier Software)
LPT System Updater Service (HKLM-x32\...\{BC0BF363-63AB-4FF7-8EF1-AE0D7F711B24}) (Version: 1.0.0.0 - LPT) <==== ATTENTION
MatheAss 8.2 (HKLM-x32\...\MatheAss_is1) (Version: - MatheAss)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office XP Professional mit FrontPage (HKLM-x32\...\{90280407-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2701.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version: - Pavel Cvrcek)
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MyFreeCodec (HKCU\...\MyFreeCodec) (Version: - )
MyKeyFinder (HKLM-x32\...\MyKeyFinder_is1) (Version: 2014 - Abelssoft)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.5 - F.J. Wechselberger)
O&O Defrag Professional (HKLM\...\{BC39713D-B14D-4BB0-9663-BC9F7B8AB1F2}) (Version: 15.8.801 - O&O Software GmbH)
Open It! (HKLM-x32\...\OpenIt Open It!) (Version: 1.1.1 - OpenIt)
PantsOff 2.0 (HKLM-x32\...\{EC1F15E1-F3CC-46EE-B7A5-849A08ED60DC}}_is1) (Version: 2.0 - Christoph Bünger Software)
Pegasus Mail (HKLM-x32\...\Pegasus Mail) (Version: - David Harris)
Pegasus Mail HTML Renderer 2.4.9.2 (HKLM-x32\...\{A9F5E1E1-1281-4862-90B4-6CF8E6AF83CE}_is1) (Version: - Micha's Midnight Manufacture)
Pegasus Mail v4.7 Release 1, Build 546 (Deutsche Komplettversio (HKLM-x32\...\Pegasus Mail, Deutsche Komplettversion_is1) (Version: - Sven Henze)
PSE11 STI Installer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.61.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.44 - Piriform)
Revo Uninstaller Pro 2.5.9 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 2.5.9 - VS Revo Group, Ltd.)
roomeon 3D-Planer (HKLM-x32\...\{4A6A0C40-D592-4578-A4DF-CF483697D783}) (Version: 1.6.0.1 - roomeon GmbH)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.14044_16 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.3.14044_16 - Samsung Electronics Co., Ltd.) Hidden
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.3.0 - Samsung Electronics)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.43.0 - SAMSUNG Electronics Co., Ltd.)
Secunia PSI (3.0.0.6001) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.6001 - Secunia)
ShiftN 3.6.1 (HKLM-x32\...\ShiftN_is1) (Version: 3.6.1 - Marcus Hebel)
SmartSound Quicktracks 5 (HKLM-x32\...\InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.8 - SmartSound Software Inc.)
SmartSound Quicktracks 5 (x32 Version: 5.1.8 - SmartSound Software Inc.) Hidden
SmartTools Office DDE-Fix (HKLM-x32\...\SmartTools PublishingOffice DDE-Fixv1.20) (Version: v1.20 - SmartTools Publishing)
Steuer 2012 (HKCU\...\{01159E8A-44F7-4885-A7F9-872CE4D74063}) (Version: 20.00.8137 - Buhl Data Service GmbH)
Steuer 2013 (HKLM-x32\...\{05AEF487-8926-48A9-B5BA-9BED72BC6B1C}) (Version: 21.00.8480 - Buhl Data Service GmbH)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Explorer 5.6.0 (HKLM-x32\...\{40F485F7-6478-4896-B0D5-F94BE677EB78}_is1) (Version: - Mister Group)
TeamViewer 7 (HKLM-x32\...\TeamViewer 7) (Version: 7.0.15723 - TeamViewer)
TomTom HOME (HKLM-x32\...\{99072AB4-D795-44D5-9D65-E3C9F8322C97}) (Version: 2.9.7 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.01 - Ghisler Software GmbH)
TreeSize Professional V5.5.5 (HKLM-x32\...\TreeSize Professional_is1) (Version: 5.5.5 - JAM Software)
Uniblue DriverScanner (HKLM-x32\...\{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1) (Version: 4.0.9.10 - Uniblue Systems Ltd)
Unlocker 1.9.1-x64 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Wacom Tablett (HKLM\...\Wacom Tablet Driver) (Version: 6.3.4-3 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.2 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.2 - Wacom Technology Corp.)
Windows7FirewallControl (i386) 5.1.7.69 (HKLM-x32\...\Windows7FirewallControl_is1) (Version: 5.1.7.69 - Sphinx Software)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1243157301-2590882679-505944417-1000_Classes\CLSID\{02504641-039b-4746-9c4b-0f04428bb28b}\InprocServer32 -> C:\Users\UB\AppData\Local\CopyCd\RClick.dll (Arndt Reusch eK)
CustomCLSID: HKU\S-1-5-21-1243157301-2590882679-505944417-1000_Classes\CLSID\{092dfa86-5807-5a94-bf3b-5a53ba9e5308}\InprocServer32 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
==================== Restore Points =========================
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0837A075-6CDB-4AAA-9711-09ACF395F2D3} - System32\Tasks\{F4A8399B-0AE9-4224-87AF-60949197D4C8} => C:\Program Files (x86)\Programs\WINPM-32.EXE
Task: {09737F59-66C3-42A3-A3E9-674271778A62} - System32\Tasks\{0E4B3F76-C938-48DA-B4BD-07995DE40257} => C:\Program Files (x86)\Microsoft Office\Office10\WINWORD.EXE [2001-02-28] (Microsoft Corporation)
Task: {16B55CE5-149A-4BBC-B035-4FED801263CB} - System32\Tasks\{7854458A-EC66-4D81-80FC-80566CE21380} => C:\Program Files (x86)\Canon\CanoScan Toolbox Ver4.1\CSTBox.exe [2006-09-26] (CANON INC.)
Task: {2479B626-70AA-4F07-BFE8-08AD528D9B72} - System32\Tasks\{B7BFCA0F-1161-43A1-A850-B183581645AC} => C:\Program Files (x86)\Microsoft Office\Office10\WINWORD.EXE [2001-02-28] (Microsoft Corporation)
Task: {2573D8F2-1D23-401D-97DF-D7203C00FED3} - System32\Tasks\{BD4C1842-5FB9-41D3-A212-2FED6FD81536} => C:\Program Files (x86)\Microsoft Office\Office10\WINWORD.EXE [2001-02-28] (Microsoft Corporation)
Task: {25D48657-B7D5-4E87-8F14-7C5DBD97577A} - System32\Tasks\{B273CFE2-9A8B-43E0-8DD5-FCE6C9A7D0E7} => C:\Program Files (x86)\Microsoft Office\Office10\WINWORD.EXE [2001-02-28] (Microsoft Corporation)
Task: {35F61B8E-661B-480B-9764-91994B4D93B5} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {37462754-578F-4D54-BD14-8FA29EE348E9} - System32\Tasks\{D2E2947D-D4FA-430A-A112-FD27A250BA93} => C:\Program Files (x86)\Microsoft Office\Office10\WINWORD.EXE [2001-02-28] (Microsoft Corporation)
Task: {42E79128-5394-49C7-813E-298D5BA683A7} - System32\Tasks\{2B8F3863-918F-417C-8B32-7BE3B3EEDEEF} => C:\Program Files (x86)\Microsoft Office\Office10\WINWORD.EXE [2001-02-28] (Microsoft Corporation)
Task: {4B6F72D8-4ABB-47F5-BC2B-FF81A23EE73C} - System32\Tasks\{D94D3FF6-6FB6-4259-9960-F2D7CBFDA26E} => C:\Program Files (x86)\Programs\WINPM-32.EXE
Task: {52871EBA-3100-4FC9-B920-C7679481900A} - System32\Tasks\{1D8A0C9D-240E-4E96-A735-4A23C024A775} => C:\Program Files (x86)\Microsoft Office\Office10\WINWORD.EXE [2001-02-28] (Microsoft Corporation)
Task: {5F2BE2D7-82DC-47DE-83F3-3E5E7A4FB026} - System32\Tasks\Langmeier Backup => C:\Program Files (x86)\Langmeier Software\Langmeier Backup\lmbackup.exe [2009-05-06] (Langmeier Software GmbH, Switzerland)
Task: {6AD8E654-4ED9-4132-9E9F-A91B982BB329} - System32\Tasks\{42ECB1FF-C076-4ABD-ACAB-CA118F2A5483} => C:\Program Files (x86)\Programs\WINPM-32.EXE
Task: {6BC176FC-D17A-455A-8D5C-569384564427} - System32\Tasks\ASUS\ASUS Network iControl Help Execute => C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetSvcHelpEntry.exe [2012-05-02] (ASUSTeK Computer Inc.)
Task: {72BAB409-8109-44BB-A7BA-12D8BDBD68D6} - System32\Tasks\{84BC6D0B-F665-4923-A3C2-F5645A6563CA} => C:\Program Files (x86)\Microsoft Office\Office10\WINWORD.EXE [2001-02-28] (Microsoft Corporation)
Task: {7E52A239-BC5C-4479-8D95-D8F1FD6D452F} - System32\Tasks\{D6FD2CA3-8C0C-4E43-9236-CD6E4E60ACBA} => C:\Program Files (x86)\Programs\WINPM-32.EXE
Task: {8A00A273-FD28-4F36-B266-4E5284792E0A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-16] (Google Inc.)
Task: {92D22BC9-890C-4021-9B08-569B72A9499A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-19] (Adobe Systems Incorporated)
Task: {A3A334C8-44CB-445D-8E1D-576D75153EF7} - System32\Tasks\{F3D216FB-522A-441F-9586-FC5FC13180EE} => C:\Program Files (x86)\Microsoft Office\Office10\WINWORD.EXE [2001-02-28] (Microsoft Corporation)
Task: {C21E9720-2819-46EF-BAF4-D431EB0D00B7} - System32\Tasks\Go for FilesUpdate => C:\Program Files (x86)\GoforFiles\GFFUpdater.exe <==== ATTENTION
Task: {C24DC042-B279-4A7C-8D6E-8CC090AAA86C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-12-19] (Piriform Ltd)
Task: {CC8911CB-68F7-48AE-80E1-9BD490EBFECA} - System32\Tasks\{F20572C2-F00C-482A-BA71-02D64E2ABA17} => C:\Program Files (x86)\Microsoft Office\Office10\WINWORD.EXE [2001-02-28] (Microsoft Corporation)
Task: {D4A49E1E-44E0-44CF-961D-2E529B0A8292} - System32\Tasks\ASUS\USB 3.0 Boost Service => C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr.exe [2011-09-10] ()
Task: {D78E98E6-2B04-4EA1-99BE-C614B4EBF402} - System32\Tasks\ASUS\ASUS AI Suite II Execute => C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe [2012-03-13] (ASUSTeK Computer Inc.)
Task: {E0B37513-BA78-4088-A2D0-CF6E0FC614A7} - System32\Tasks\{D90BD1D0-37E6-4050-B26D-6EEC9F6BFA36} => C:\Program Files (x86)\Programs\WINPM-32.EXE
Task: {F2815038-B091-41B9-A3D4-2914C91CC0F3} - System32\Tasks\ASUS\ASUS DigiPowerControl Help => C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\PowerControlHelp.exe [2012-04-23] (ASUSTeK Computer Inc.)
Task: {FD9A1521-51E4-445E-8CCB-2B3017B34621} - System32\Tasks\{2A5A86E9-2C7C-42F2-B959-A3FEBE85041D} => C:\Program Files (x86)\Canon\CanoScan Toolbox Ver4.1\CSTBox.exe [2006-09-26] (CANON INC.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2012-06-01 11:42 - 2012-06-01 11:42 - 00920736 ____R () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
2012-11-16 18:46 - 2012-03-26 11:33 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-08-13 17:50 - 2014-08-13 17:50 - 00032888 _____ () C:\Program Files (x86)\LPT\srpts.exe
2012-11-25 11:53 - 2010-08-19 18:43 - 00386344 ____N () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2007-08-31 20:49 - 2007-08-31 20:49 - 00498872 _____ () C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
2014-08-13 17:50 - 2014-08-13 17:50 - 00034936 _____ () C:\Program Files (x86)\LPT\srptsl.exe
2014-08-13 17:50 - 2014-08-13 17:50 - 00020432 _____ () C:\Program Files (x86)\LPT\srptm.exe
2012-11-28 19:02 - 2012-10-29 09:14 - 01184640 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2007-02-12 21:51 - 2007-02-12 21:51 - 01111552 _____ () C:\Program Files (x86)\FastStone Capture\FSCapture.exe
2012-11-16 18:49 - 2014-08-27 09:11 - 00026112 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\PEbiosinterface32.dll
2012-11-16 18:49 - 2010-06-29 04:58 - 00104448 ____R () C:\Program Files (x86)\ASUS\AXSP\1.00.19\ATKEX.dll
2014-08-07 09:13 - 2014-08-04 14:20 - 00052472 _____ () C:\Users\UB\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2007-08-31 18:13 - 2007-08-31 18:13 - 01336600 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\fox.dll
2014-08-04 14:20 - 2014-08-04 14:20 - 00139056 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2014-08-13 17:50 - 2014-08-13 17:50 - 00040400 _____ () C:\Program Files (x86)\LPT\srptc.dll
2014-08-13 17:49 - 2014-08-13 17:49 - 00014800 _____ () C:\Program Files (x86)\LPT\Smartbar.Common.dll
2014-08-04 14:20 - 2014-08-04 14:20 - 00067832 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2014-08-13 17:50 - 2014-08-13 17:50 - 00067536 _____ () C:\Program Files (x86)\LPT\srut.dll
2014-08-13 17:50 - 2014-08-13 17:50 - 00079824 _____ () C:\Program Files (x86)\LPT\srpt.dll
2014-08-13 17:50 - 2014-08-13 17:50 - 00064464 _____ () C:\Program Files (x86)\LPT\sppsm.dll
2014-08-13 17:50 - 2014-08-13 17:50 - 00155600 _____ () C:\Program Files (x86)\LPT\Smartbar.Resources.HistoryAndStatsWrapper.dll
2014-08-13 17:50 - 2014-08-13 17:50 - 00024528 _____ () C:\Program Files (x86)\LPT\Smartbar.Personalization.Common.dll
2014-08-13 17:50 - 2014-08-13 17:50 - 00166008 _____ () C:\Program Files (x86)\LPT\Smartbar.Infrastructure.Utilities.dll
2014-08-13 17:50 - 2014-08-13 17:50 - 00047224 _____ () C:\Program Files (x86)\LPT\srbu.dll
2014-08-13 17:50 - 2014-08-13 17:50 - 00022480 _____ () C:\Program Files (x86)\LPT\srpdm.dll
2014-08-13 17:49 - 2014-08-13 17:49 - 00026232 _____ () C:\Program Files (x86)\LPT\ProxySettings.dll
2014-08-13 17:50 - 2014-08-13 17:50 - 00041424 _____ () C:\Program Files (x86)\LPT\Smartbar.Monetization.Proxy.ProxyService.dll
2014-08-24 18:34 - 2014-08-24 18:34 - 00904704 _____ () C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.66.0__db937bc2d44ff139\System.Data.SQLite.dll
2014-02-13 15:23 - 2014-02-13 15:23 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\00a0b4a9df6e4abf30ae2af3624a77ce\IsdiInterop.ni.dll
2012-11-16 18:48 - 2012-02-01 17:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2014-07-23 00:10 - 2014-07-23 00:10 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:B0D4D817
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^Users^UB^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Samsung Magician.lnk => C:\Windows\pss\Samsung Magician.lnk.Startup
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (08/27/2014 09:16:55 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error: (08/27/2014 09:16:55 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (08/27/2014 09:16:55 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (08/27/2014 09:11:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/26/2014 06:52:15 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error: (08/26/2014 06:52:15 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (08/26/2014 06:52:15 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (08/26/2014 06:46:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/26/2014 06:39:57 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error: (08/26/2014 06:39:57 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
System errors:
=============
Error: (08/26/2014 08:49:23 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Der Dienst Windows Update konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.
Error: (08/26/2014 06:45:32 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Der Dienst Windows Update konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.
Error: (08/26/2014 05:43:02 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Der Dienst Windows Update konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.
Error: (08/26/2014 05:42:59 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
Error: (08/25/2014 06:53:12 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Der Dienst Windows Update konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.
Error: (08/25/2014 00:10:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows-Fehlerberichterstattungsdienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (08/25/2014 11:51:28 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Der Dienst Windows Update konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.
Error: (08/25/2014 10:13:31 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Intelligenter Hintergrundübertragungsdienst" wurde mit folgendem dienstspezifischem Fehler beendet: %%-2147024846.
Error: (08/25/2014 10:13:31 AM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16392) (User: NT-AUTORITÄT)
Description: Fehler beim Starten des BITS-Dienstes. Fehler: 2147942450.
Error: (08/25/2014 10:10:34 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Der Dienst Windows Update konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.
Microsoft Office Sessions:
=========================
Error: (08/27/2014 09:16:55 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F20300004D070000
Error: (08/27/2014 09:16:55 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance1637070000640000000000000009030000
Error: (08/27/2014 09:16:55 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance16370700005C0000000000000009030000
Error: (08/27/2014 09:11:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/26/2014 06:52:15 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F20300004D070000
Error: (08/26/2014 06:52:15 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance1637070000640000000000000009030000
Error: (08/26/2014 06:52:15 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance16370700005C0000000000000009030000
Error: (08/26/2014 06:46:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/26/2014 06:39:57 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F20300004D070000
Error: (08/26/2014 06:39:57 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance1637070000640000000000000009030000
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-3570 CPU @ 3.40GHz
Percentage of memory in use: 14%
Total physical RAM: 16075.01 MB
Available physical RAM: 13711.33 MB
Total Pagefile: 32148.2 MB
Available Pagefile: 29570.23 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: (SSD 128 GB) (Fixed) (Total:104.14 GB) (Free:39.6 GB) NTFS
Drive d: (Seagate 2 TB intern) (Fixed) (Total:1862.89 GB) (Free:1380.93 GB) NTFS
Drive e: (Seagate 80 GB (320 GB)) (Fixed) (Total:80.1 GB) (Free:1.55 GB) NTFS
Drive f: (Seagate 240 GB (320 GB)) (Fixed) (Total:217.99 GB) (Free:70.46 GB) NTFS
Drive g: (Mobile Partner) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
Drive h: () (Removable) (Total:1.05 GB) (Free:0.89 GB) FAT32
Drive x: (NEW_VOLUME) (CDROM) (Total:1.72 GB) (Free:0 GB) UDF
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: 7E6BB91B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=104.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15 GB) - (Type=05)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 4414A7DD)
Partition: GPT Partition Type.
========================================================
Disk: 2 (Size: 298.1 GB) (Disk ID: C5439B0C)
Partition 1: (Active) - (Size=80.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=218 GB) - (Type=05)
========================================================
Disk: 3 (Size: 1.1 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
==================== End Of Log ============================
|
|
29.08.2014, 07:56
| #6 |
| /// the machine /// TB-Ausbilder | Anzeige von "blockierten Ereignissen" stört Adware & Co. deinstallieren
Scan mit Combofix
__________________ --> Anzeige von "blockierten Ereignissen" stört |
|
29.08.2014, 08:49
| #7 | |
| | Anzeige von "blockierten Ereignissen" störtZitat:
|
|
30.08.2014, 06:48
| #8 |
| /// the machine /// TB-Ausbilder | Anzeige von "blockierten Ereignissen" stört Klar, hast sie ja bezahlt 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
30.08.2014, 11:31
| #9 |
| | Anzeige von "blockierten Ereignissen" stört So, jetzt habe ich mit Revo die mit ATTENTION gekennzeichneten Anwendungen gelöscht. NICHT finden konnte ich mit Revo und auch sonst nicht etwas, was mit dem Eintrag Task: {C21E9720-2819-46EF-BAF4-D431EB0D00B7} - System32\Tasks\Go for FilesUpdate => C:\Program Files (x86)\GoforFiles\GFFUpdater.exe <==== ATTENTION zusammenhängen könnte. Dann PC vom Netz genommen, versucht, Avira zu deaktivieren, zunächst erfolglos. Combofix meckerte immer, dass Avira Desktop aktiv sei. Ich habe alle Avira-*.exe umbenannt, vergebens. Mit Autoruns versucht, alle Avira-Anwendungen zu deaktivieren, doch Autoruns verweiterte den Zugriff auf Avira-Anwendungen. Schließlich Win-Neustart, und endlich erschien das aufgespannte Avira-Schirmchen, das ich deaktivieren konnte. Jetzt meckerte Combofix nicht mehr, sondern führte einen AutoScan durch und suchte nach infizierten Dateien. Dann machte Combofix einen Win-Neustart, und schließlich war die Log-Datei fertig. Hier ist sie: Code:
ATTFilter ComboFix 14-08-29.03 - UB 30.08.2014 11:49:47.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.16075.14363 [GMT 2:00]
ausgeführt von:: d:\downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\UB\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
c:\users\UB\AppData\Local\Google\Chrome\User Data\Default\bProtectorPreferences
c:\users\UB\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\users\UB\AppData\Roaming\Mozilla\Firefox\Profiles\y2ycry0v.default\search-metadata.json
c:\windows\IsUn0407.exe
c:\windows\SysWow64\aosmtp.dll
F:\Autorun.inf
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-07-28 bis 2014-08-30 ))))))))))))))))))))))))))))))
.
.
2014-08-27 09:08 . 2014-08-27 09:09 -------- d-----w- C:\FRST
2014-08-26 16:43 . 2014-08-26 16:43 -------- d-----w- c:\program files (x86)\MyFree Codec
2014-08-25 09:23 . 2014-08-25 09:23 -------- d-----w- C:\NEW_VOLUME
2014-08-24 16:35 . 2014-08-24 16:35 -------- d-----w- c:\program files (x86)\Elaborate Bytes
2014-08-24 16:35 . 2014-08-30 09:31 -------- d-----w- c:\program files (x86)\LPT
2014-08-24 16:35 . 2014-08-24 16:35 -------- d-----w- c:\users\UB\AppData\Local\WorldofTanks
2014-08-24 16:34 . 2014-08-24 16:34 -------- d-----w- c:\users\UB\AppData\Local\GGEmpire
2014-08-24 16:34 . 2014-08-24 16:34 -------- d-----w- c:\users\UB\AppData\Roaming\0S1P1R2Y1C1P1Q0D1F2W1G1I1F1T1Q
2014-08-24 16:34 . 2014-08-25 08:38 -------- d-----w- c:\program files (x86)\PC Speed Maximizer
2014-08-07 07:13 . 2014-08-20 14:17 -------- d-----w- c:\programdata\Package Cache
2014-08-05 16:30 . 2014-08-05 16:30 -------- d-----w- c:\program files (x86)\MyPhoneExplorer
2014-08-05 16:04 . 2014-08-05 16:04 -------- d-----w- c:\users\UB\.android
2014-08-05 16:02 . 2014-08-15 23:56 -------- d-----w- c:\users\UB\AppData\Roaming\MyPhoneExplorer
2014-08-03 09:01 . 2014-08-03 09:01 -------- d-----w- c:\program files (x86)\MSECache
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-24 15:55 . 2013-05-06 09:18 42040 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2014-07-19 07:31 . 2012-12-14 23:47 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-19 07:31 . 2012-12-14 23:47 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-18 22:34 . 2012-11-27 10:53 96441528 ----a-w- c:\windows\system32\MRT.exe
2014-07-04 18:42 . 2013-04-21 08:24 117712 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-06-30 02:09 . 2014-07-18 22:25 519168 ----a-w- c:\windows\system32\aepdu.dll
2014-06-30 02:04 . 2014-07-18 22:25 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-06-20 20:14 . 2014-07-18 22:24 266424 ----a-w- c:\windows\system32\iedkcs32.dll
2014-06-19 01:39 . 2014-07-18 22:24 23464448 ----a-w- c:\windows\system32\mshtml.dll
2014-06-19 01:06 . 2014-07-18 22:24 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-06-19 01:06 . 2014-07-18 22:24 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-06-19 00:48 . 2014-07-18 22:24 2768384 ----a-w- c:\windows\system32\iertutil.dll
2014-06-19 00:42 . 2014-07-18 22:24 548352 ----a-w- c:\windows\system32\vbscript.dll
2014-06-19 00:42 . 2014-07-18 22:24 66048 ----a-w- c:\windows\system32\iesetup.dll
2014-06-19 00:41 . 2014-07-18 22:24 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-06-19 00:41 . 2014-07-18 22:24 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-06-19 00:32 . 2014-07-18 22:24 51200 ----a-w- c:\windows\system32\jsproxy.dll
2014-06-19 00:31 . 2014-07-18 22:24 33792 ----a-w- c:\windows\system32\iernonce.dll
2014-06-19 00:26 . 2014-07-18 22:24 598016 ----a-w- c:\windows\system32\ieui.dll
2014-06-19 00:24 . 2014-07-18 22:24 139264 ----a-w- c:\windows\system32\ieUnatt.exe
2014-06-19 00:24 . 2014-07-18 22:24 111616 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-06-19 00:23 . 2014-07-18 22:24 752640 ----a-w- c:\windows\system32\jscript9diag.dll
2014-06-19 00:14 . 2014-07-18 22:24 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-06-19 00:09 . 2014-07-18 22:24 452608 ----a-w- c:\windows\system32\dxtmsft.dll
2014-06-18 23:59 . 2014-07-18 22:24 38400 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-06-18 23:56 . 2014-07-18 22:24 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-06-18 23:53 . 2014-07-18 22:24 195584 ----a-w- c:\windows\system32\msrating.dll
2014-06-18 23:51 . 2014-07-18 22:24 5721088 ----a-w- c:\windows\system32\jscript9.dll
2014-06-18 23:50 . 2014-07-18 22:24 85504 ----a-w- c:\windows\system32\mshtmled.dll
2014-06-18 23:48 . 2014-07-18 22:24 292864 ----a-w- c:\windows\system32\dxtrans.dll
2014-06-18 23:39 . 2014-07-18 22:24 608768 ----a-w- c:\windows\system32\ie4uinit.exe
2014-06-18 23:38 . 2014-07-18 22:24 455168 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-06-18 23:37 . 2014-07-18 22:24 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2014-06-18 23:36 . 2014-07-18 22:24 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2014-06-18 23:35 . 2014-07-18 22:24 62464 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2014-06-18 23:33 . 2014-07-18 22:24 631808 ----a-w- c:\windows\system32\msfeeds.dll
2014-06-18 23:27 . 2014-07-18 22:24 1249280 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-06-18 23:27 . 2014-07-18 22:24 2040832 ----a-w- c:\windows\system32\inetcpl.cpl
2014-06-18 23:23 . 2014-07-18 22:24 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2014-06-18 23:22 . 2014-07-18 22:24 592896 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2014-06-18 23:06 . 2014-07-18 22:24 32256 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-06-18 22:58 . 2014-07-18 22:24 2266112 ----a-w- c:\windows\system32\wininet.dll
2014-06-18 22:52 . 2014-07-18 22:24 4254720 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-06-18 22:51 . 2014-07-18 22:24 13527040 ----a-w- c:\windows\system32\ieframe.dll
2014-06-18 22:46 . 2014-07-18 22:24 1068032 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2014-06-18 22:45 . 2014-07-18 22:24 1964544 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2014-06-18 22:34 . 2014-07-18 22:24 1393664 ----a-w- c:\windows\system32\urlmon.dll
2014-06-18 22:15 . 2014-07-18 22:24 846336 ----a-w- c:\windows\system32\ieapfltr.dll
2014-06-18 22:13 . 2014-07-18 22:24 1791488 ----a-w- c:\windows\SysWow64\wininet.dll
2014-06-18 02:18 . 2014-07-18 22:24 692736 ----a-w- c:\windows\system32\osk.exe
2014-06-18 01:51 . 2014-07-18 22:24 646144 ----a-w- c:\windows\SysWow64\osk.exe
2014-06-18 01:10 . 2014-07-18 22:24 3157504 ----a-w- c:\windows\system32\win32k.sys
2014-06-06 10:10 . 2014-07-18 22:24 624128 ----a-w- c:\windows\system32\qedit.dll
2014-06-06 09:44 . 2014-07-18 22:24 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-06-05 14:45 . 2014-07-18 22:20 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-06-05 14:26 . 2014-07-18 22:20 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-06-05 14:25 . 2014-07-18 22:20 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Device Detector"="DevDetect.exe -autorun" [X]
"ClipMate7"="c:\program files (x86)\ClipMate7\ClipMate.exe" [2009-01-31 3760424]
"DMS-Kalenderchen"="c:\program files (x86)\Kalenderchen\Kalenderchen.exe" [2010-05-18 3498496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-05-20 291648]
"Windows7FirewallControl"="c:\program files (x86)\Windows7FirewallControl\Windows7FirewallControl.exe" [2012-09-21 806912]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"AVMWlanClient"="c:\program files (x86)\avmwlanstick\wlangui.exe" [2010-10-22 2105344]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-08-31 2622232]
"AcronisTimounterMonitor"="c:\program files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-08-31 907040]
"SystemExplorerAutoStart"="c:\program files (x86)\System Explorer\SystemExplorer.exe" [2014-05-12 4008296]
"KiesTrayAgent"="d:\samsung kies\Kies\KiesTrayAgent.exe" [2014-05-28 310064]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-08-07 751184]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE -b -l [2001-2-13 83360]
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2012-11-26 573024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"TrueImageMonitor.exe"=c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"IAStorIcon"=c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"AcronisTimounterMonitor"=c:\program files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
.
R2 AdobeActiveFileMonitor11.0;Adobe Active File Monitor V11;c:\program files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [x]
R2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R2 LPTSystemUpdater;LPT System Updater Service;c:\program files (x86)\LPT\srpts.exe;c:\program files (x86)\LPT\srpts.exe [x]
R3 ASUSFILTER;ASUSFILTER;SysWow64\drivers\ASUSFILTER.sys;SysWow64\drivers\ASUSFILTER.sys [x]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys;c:\windows\SYSNATIVE\drivers\avmeject.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys;c:\windows\SYSNATIVE\DRIVERS\fwlanusb.sys [x]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 SystemExplorerHelpService;System Explorer Service;c:\program files (x86)\System Explorer\service\SystemExplorerService64.exe;c:\program files (x86)\System Explorer\service\SystemExplorerService64.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys;SysWow64\drivers\AsUpIO.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 ndisrd;WinpkFilter LightWeight Filter;c:\windows\system32\DRIVERS\ndisrd.sys;c:\windows\SYSNATIVE\DRIVERS\ndisrd.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe;c:\program files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [x]
S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe;c:\program files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [x]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [x]
S2 AsusFanControlService;AsusFanControlService;c:\program files (x86)\ASUS\AsusFanControlService\1.01.10\AsusFanControlService.exe;c:\program files (x86)\ASUS\AsusFanControlService\1.01.10\AsusFanControlService.exe [x]
S2 OODefragAgent;O&O Defrag;c:\program files\OO Software\Defrag\oodag.exe;c:\program files\OO Software\Defrag\oodag.exe [x]
S2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);c:\program files\CyberLink\Shared files\RichVideo64.exe;c:\program files\CyberLink\Shared files\RichVideo64.exe [x]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [x]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [x]
S2 USBDLM;USBDLM;c:\tools\USBDLM\USBDLM.exe;c:\tools\USBDLM\USBDLM.exe [x]
S2 Windows7FirewallService;Windows7FirewallService;c:\program files (x86)\Windows7FirewallControl\Windows7FirewallService.exe;c:\program files (x86)\Windows7FirewallControl\Windows7FirewallService.exe [x]
S2 WTabletServicePro;Wacom Professional Service;c:\program files\Tablet\Wacom\WTabletServicePro.exe;c:\program files\Tablet\Wacom\WTabletServicePro.exe [x]
S3 hidkmdf;KMDF Driver;c:\windows\system32\DRIVERS\hidkmdf.sys;c:\windows\SYSNATIVE\DRIVERS\hidkmdf.sys [x]
S3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);c:\windows\system32\DRIVERS\ICCWDT.sys;c:\windows\SYSNATIVE\DRIVERS\ICCWDT.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
S3 WacHidRouter;Wacom Hid Router;c:\windows\system32\DRIVERS\wachidrouter.sys;c:\windows\SYSNATIVE\DRIVERS\wachidrouter.sys [x]
S3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys;c:\windows\SYSNATIVE\DRIVERS\wacomrouterfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-31 17:13 1607120 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-08-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-14 07:31]
.
2014-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-16 16:54]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-01-10 172168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-01-10 400008]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-01-10 441992]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-11 689488]
"OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2012-06-06 3998064]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-08-31 140568]
"KiesTrayAgent"="d:\samsung kies\Kies\KiesTrayAgent.exe" [2014-05-28 310064]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx880NHL4NpXhO1w6Yb0c1W97SuZoCycIxpUJ-gCzGjcB8CzCcZG6erFPTeU0ZVhjPPoOxR8h67j_OKaut2_FxtZyzA95q4BM0hVCEznglFBk3ujIEUq2bgh8WJnXPoTdQAHTe_98H8xnKUikNAsOAo1WhA5exuXwSh7bZG6ARjtQ,,
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx880NHL4NpXhO1w6Yb0c1W97SuZoCycIxpUJ-gCzGjcB8CzCcZG6erFPTeU0ZVhjPPoOxR8h67j_OKaut2_FxtZyBTarSVVRuG-oZXR3RBFxHOtZfIqATKujReEoSbMnJInJ2qVLWzXhPjb_iBjkAEUAPbcho93T82drOO0Ji-3A,,&q={searchTerms}
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~1\Office10\EXCEL.EXE/3000
TCP: Interfaces\{B13C63AC-E3CE-428E-9B78-65C1FBF91F26}: NameServer = 192.168.178.1
TCP: Interfaces\{F1318F98-6E7A-4587-A3B4-0386D672D97E}: NameServer = 192.168.178.1
FF - ProfilePath - c:\users\UB\AppData\Roaming\Mozilla\Firefox\Profiles\y2ycry0v.default\
FF - prefs.js: browser.search.selectedEngine - SafeFinder Search
FF - prefs.js: browser.startup.homepage - hxxp://duckduckgo.com/
FF - prefs.js: keyword.URL - hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx880NHL4NpXhO1w6Yb0c1W97SuZoCycIxpUJ-gCzGjcB8CzCcZG6erFPTeU0ZVhjPPoOxR8h67j_OKaut2_FxtZyBTarSVVRuG-oZXR3RBFxHOtZfIqATKujReEoSbMnJInJ2qVLWzXhPjb_iBjkAEUAPbcho93T82drOO0Ji-3A,,&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-Avira Systray - c:\program files (x86)\Avira\My Avira\Avira.OE.Systray.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
"ImagePath"="\"c:\program files\CyberLink\Shared files\RichVideo64.exe\"\00Z
[\]^_á\00\00á\00\00\00\00HIJKLMNO\00\00\00\00\00\00\00\00\03\00\00\00|}~á\00\00á\00\00\00\00`\00\00\00\00\00\00\00\00‘’“"
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1243157301-2590882679-505944417-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.032"
.
[HKEY_USERS\S-1-5-21-1243157301-2590882679-505944417-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.abr"
.
[HKEY_USERS\S-1-5-21-1243157301-2590882679-505944417-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.amr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.amr"
.
[HKEY_USERS\S-1-5-21-1243157301-2590882679-505944417-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.ani"
.
[HKEY_USERS\S-1-5-21-1243157301-2590882679-505944417-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.apd"
.
[HKEY_USERS\S-1-5-21-1243157301-2590882679-505944417-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.arw"
.
[HKEY_USERS\S-1-5-21-1243157301-2590882679-505944417-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.bay"
.
[HKEY_USERS\S-1-5-21-1243157301-2590882679-505944417-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.bmp"
.
[HKEY_USERS\S-1-5-21-1243157301-2590882679-505944417-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.bw"
.
[HKEY_USERS\S-1-5-21-1243157301-2590882679-505944417-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bwf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.bwf"
.
[HKEY_USERS\S-1-5-21-1243157301-2590882679-505944417-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cel\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.cel"
.
[HKEY_USERS\S-1-5-21-1243157301-2590882679-505944417-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.cr2"
.
[HKEY_USERS\S-1-5-21-1243157301-2590882679-505944417-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.crw"
.
[HKEY_USERS\S-1-5-21-1243157301-2590882679-505944417-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.cs1"
.
[HKEY_USERS\S-1-5-21-1243157301-2590882679-505944417-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.cur"
.
[HKEY_USERS\S-1-5-21-1243157301-2590882679-505944417-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.dcr"
.
[HKEY_USERS\S-1-5-21-1243157301-2590882679-505944417-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.dcx"
.
[HKEY_USERS\S-1-5-21-1243157301-2590882679-505944417-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.dib"
.
[HKEY_USERS\S-1-5-21-1243157301-2590882679-505944417-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.djv"
.
[HKEY_USERS\S-1-5-21-1243157301-2590882679-505944417-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.djvu"
.
[HKEY_USERS\S-1-5-21-1243157301-2590882679-505944417-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.dng"
.
[HKEY_USERS\S-1-5-21-1243157301-2590882679-505944417-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.emf"
.
[HKEY_USERS\S-1-5-21-1243157301-2590882679-505944417-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.eps"
.
[HKEY_USERS\S-1-5-21-1243157301-2590882679-505944417-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.erf"
.
[HKEY_USERS\S-1-5-21-1243157301-2590882679-505944417-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.fff"
.
[HKEY_USERS\S-1-5-21-1243157301-2590882679-505944417-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.flc"
.
[HKEY_USERS\S-1-5-21-1243157301-2590882679-505944417-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fli\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.fli"
.
[HKEY_USERS\S-1-5-21-1243157301-2590882679-505944417-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.fpx"
.
[HKEY_USERS\S-1-5-21-1243157301-2590882679-505944417-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.gif"
.
[HKEY_USERS\S-1-5-21-1243157301-2590882679-505944417-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.hdr"
.
[HKEY_USERS\S-1-5-21-1243157301-2590882679-505944417-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.icl"
.
[HKEY_USERS\S-1-5-21-1243157301-2590882679-505944417-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.icn"
.
[HKEY_USERS\S-1-5-21-1243157301-2590882679-505944417-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.iff"
.
[HKEY_USERS\S-1-5-21-1243157301-2590882679-505944417-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.ilbm"
.
[HKEY_USERS\S-1-5-21-1243157301-2590882679-505944417-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.int"
.
[HKEY_USERS\S-1-5-21-1243157301-2590882679-505944417-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.inta"
.
[HKEY_USERS\S-1-5-21-1243157301-2590882679-505944417-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.iw4"
.
[HKEY_USERS\S-1-5-21-1243157301-2590882679-505944417-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.j2c"
.
[HKEY_USERS\S-1-5-21-1243157301-2590882679-505944417-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.j2k"
.
[HKEY_USERS\S-1-5-21-1243157301-2590882679-505944417-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.jbr"
.
[HKEY_USERS\S-1-5-21-1243157301-2590882679-505944417-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.jfif"
.
[HKEY_USERS\S-1-5-21-1243157301-2590882679-505944417-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.jif"
.
[HKEY_USERS\S-1-5-21-1243157301-2590882679-505944417-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.jp2"
.
[HKEY_USERS\S-1-5-21-1243157301-2590882679-505944417-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.jpc"
.
[HKEY_USERS\S-1-5-21-1243157301-2590882679-505944417-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1243157301-2590882679-505944417-1000)
"Progid"="ACDSee Foto-Manager 12.jpe"
.
[HKEY_USERS\S-1-5-21-1243157301-2590882679-505944417-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1243157301-2590882679-505944417-1000)
"Progid"="ACDSee Foto-Manager 12.jpeg"
.
[HKEY_USERS\S-1-5-21-1243157301-2590882679-505944417-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1243157301-2590882679-505944417-1000)
"Progid"="ACDSee Foto-Manager 12.jpg"
.
[HKEY_USERS\S-1-5-21-1243157301-2590882679-505944417-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.jpk"
.
[HKEY_USERS\S-1-5-21-1243157301-2590882679-505944417-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.jpx"
.
[HKEY_USERS\S-1-5-21-1243157301-2590882679-505944417-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kar\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.kar"
.
[HKEY_USERS\S-1-5-21-1243157301-2590882679-505944417-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.kdc"
.
[HKEY_USERS\S-1-5-21-1243157301-2590882679-505944417-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.lbm"
.
[HKEY_USERS\S-1-5-21-1243157301-2590882679-505944417-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m15\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.m15"
.
[HKEY_USERS\S-1-5-21-1243157301-2590882679-505944417-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1a\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.m1a"
.
[HKEY_USERS\S-1-5-21-1243157301-2590882679-505944417-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2a\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.m2a"
.
[HKEY_USERS\S-1-5-21-1243157301-2590882679-505944417-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m75\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.m75"
.
[HKEY_USERS\S-1-5-21-1243157301-2590882679-505944417-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.mef"
.
[HKEY_USERS\S-1-5-21-1243157301-2590882679-505944417-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.mos"
.
[HKEY_USERS\S-1-5-21-1243157301-2590882679-505944417-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.mpv"
.
[HKEY_USERS\S-1-5-21-1243157301-2590882679-505944417-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.mrw"
.
[HKEY_USERS\S-1-5-21-1243157301-2590882679-505944417-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.nef"
.
[HKEY_USERS\S-1-5-21-1243157301-2590882679-505944417-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.nrw"
.
[HKEY_USERS\S-1-5-21-1243157301-2590882679-505944417-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.orf"
.
[HKEY_USERS\S-1-5-21-1243157301-2590882679-505944417-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pbm"
.
[HKEY_USERS\S-1-5-21-1243157301-2590882679-505944417-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pbr"
.
[HKEY_USERS\S-1-5-21-1243157301-2590882679-505944417-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pcd"
.
[HKEY_USERS\S-1-5-21-1243157301-2590882679-505944417-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pct"
.
[HKEY_USERS\S-1-5-21-1243157301-2590882679-505944417-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pcx"
.
[HKEY_USERS\S-1-5-21-1243157301-2590882679-505944417-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pef"
.
[HKEY_USERS\S-1-5-21-1243157301-2590882679-505944417-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pgm"
.
[HKEY_USERS\S-1-5-21-1243157301-2590882679-505944417-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pic"
.
[HKEY_USERS\S-1-5-21-1243157301-2590882679-505944417-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pics\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pics"
.
[HKEY_USERS\S-1-5-21-1243157301-2590882679-505944417-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pict"
.
[HKEY_USERS\S-1-5-21-1243157301-2590882679-505944417-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pix"
.
[HKEY_USERS\S-1-5-21-1243157301-2590882679-505944417-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.png"
.
[HKEY_USERS\S-1-5-21-1243157301-2590882679-505944417-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.ppm"
.
[HKEY_USERS\S-1-5-21-1243157301-2590882679-505944417-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.psd"
.
[HKEY_USERS\S-1-5-21-1243157301-2590882679-505944417-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.psp"
.
[HKEY_USERS\S-1-5-21-1243157301-2590882679-505944417-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pspbrush"
.
[HKEY_USERS\S-1-5-21-1243157301-2590882679-505944417-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pspimage"
.
[HKEY_USERS\S-1-5-21-1243157301-2590882679-505944417-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qcp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.qcp"
.
[HKEY_USERS\S-1-5-21-1243157301-2590882679-505944417-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qtpf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.qtpf"
.
[HKEY_USERS\S-1-5-21-1243157301-2590882679-505944417-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.raf"
.
[HKEY_USERS\S-1-5-21-1243157301-2590882679-505944417-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.ras"
.
[HKEY_USERS\S-1-5-21-1243157301-2590882679-505944417-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.raw"
.
[HKEY_USERS\S-1-5-21-1243157301-2590882679-505944417-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.rgb"
.
[HKEY_USERS\S-1-5-21-1243157301-2590882679-505944417-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.rgba"
.
[HKEY_USERS\S-1-5-21-1243157301-2590882679-505944417-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.rle"
.
[HKEY_USERS\S-1-5-21-1243157301-2590882679-505944417-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.rsb"
.
[HKEY_USERS\S-1-5-21-1243157301-2590882679-505944417-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.rw2"
.
[HKEY_USERS\S-1-5-21-1243157301-2590882679-505944417-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.rwl"
.
[HKEY_USERS\S-1-5-21-1243157301-2590882679-505944417-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sdv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.sdv"
.
[HKEY_USERS\S-1-5-21-1243157301-2590882679-505944417-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sfil\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.sfil"
.
[HKEY_USERS\S-1-5-21-1243157301-2590882679-505944417-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.sgi"
.
[HKEY_USERS\S-1-5-21-1243157301-2590882679-505944417-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.smf"
.
[HKEY_USERS\S-1-5-21-1243157301-2590882679-505944417-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.smi"
.
[HKEY_USERS\S-1-5-21-1243157301-2590882679-505944417-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smil\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.smil"
.
[HKEY_USERS\S-1-5-21-1243157301-2590882679-505944417-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.sml"
.
[HKEY_USERS\S-1-5-21-1243157301-2590882679-505944417-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.sr2"
.
[HKEY_USERS\S-1-5-21-1243157301-2590882679-505944417-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.srf"
.
[HKEY_USERS\S-1-5-21-1243157301-2590882679-505944417-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 15.srw"
.
[HKEY_USERS\S-1-5-21-1243157301-2590882679-505944417-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.swa\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.swa"
.
[HKEY_USERS\S-1-5-21-1243157301-2590882679-505944417-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.tga"
.
[HKEY_USERS\S-1-5-21-1243157301-2590882679-505944417-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.thm"
.
[HKEY_USERS\S-1-5-21-1243157301-2590882679-505944417-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.tif"
.
[HKEY_USERS\S-1-5-21-1243157301-2590882679-505944417-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.tiff"
.
[HKEY_USERS\S-1-5-21-1243157301-2590882679-505944417-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.ttc"
.
[HKEY_USERS\S-1-5-21-1243157301-2590882679-505944417-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.ttf"
.
[HKEY_USERS\S-1-5-21-1243157301-2590882679-505944417-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ulw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.ulw"
.
[HKEY_USERS\S-1-5-21-1243157301-2590882679-505944417-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vfw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.vfw"
.
[HKEY_USERS\S-1-5-21-1243157301-2590882679-505944417-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.wbm"
.
[HKEY_USERS\S-1-5-21-1243157301-2590882679-505944417-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.wbmp"
.
[HKEY_USERS\S-1-5-21-1243157301-2590882679-505944417-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.wmf"
.
[HKEY_USERS\S-1-5-21-1243157301-2590882679-505944417-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.xbm"
.
[HKEY_USERS\S-1-5-21-1243157301-2590882679-505944417-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.xif"
.
[HKEY_USERS\S-1-5-21-1243157301-2590882679-505944417-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.xpm"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG15.00.00.01PROFESSIONAL"="CD9ADBC6C5E8443717B05116CAFBBA7E06AD9A210D520738DC97C459DC8C9151588B6E172BFB799D60C59C04B49A3EEAB0842AE6C44CE9EDAC30BA297FF55879AAD8CF3CC2DE8C0263055AFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA9C6AECB7A5D1407FEBC9E127BECC74CC038D530D6EB3452A9C6AECB7A5D1407A679B295A3E36842A19D711BFE11B5242E2318D6324DE4D6BDCB248F4382B770EF9BD683DC80620574B921BC57585645BA5C52F290DB5B24F1489F7F979D8197DC5DF8DD9F8D58DD6CB92B3CCE990059B6615625D0E501FD3305B12B4416FE474AC720ADEFA22DC4BC2614ABCCBAA235CA5DC6A75F4272B1BBECB8955C531864AA27076125D5B5D82ACC950390A6214F303B791AFECCBC2E5C2FC627C641A979828A1F4B6C463CDA8EBE1A1AA8CA5242B7B1767F4462E688F8BEA2ACBECE84B16AC78A9EC3927FB25AD143B1FA9781CC4433FDBF9A67E7F78BD246D55170EEDE10F5207600DFB0E70E1E666ABF03ECD14C7C7E263EC0AA579E6761B7E31E21F53671EDCEC8D7F5AAC1028ACB8488C858DC899F6143D99029533AD5CA2B52480F30D8B08A19A6E9CB1D1EECBEA9A33B8B931EB9068CA16D0FDDCF3BEA320D85E768135D6E427C19C0DFD67E14635760B9243FDA8AD48A89D186ED5958D7526DE0DBC61CA2668E8824DC55637CBA2946D6D638C4CA2B8B205DA821B139502A09001CDF47B67E94AAB37A87730F0D21EF780596EC07701F6141B637F593A01F56EBCD8F6E1BD54CEB51B01F3BC48ACED35B202CFCE0D9C371B1B2448B5525C145732AC8D4250DF6A982108FFCFDB8C3DE5CA90FD061727BE806369E0ECE0B263B87FEC4730E95D63571BA93ABFB6F94EE00B91AFB72964E533BEC624B3356E2123BAD7E747339B5D5EC6627F0E65BDB566BFBEB44E479C531F017EEC59CDB13954A2B3739D69361C4655C8C28467EB5DD6BAFE4A06A9FF0F4E98966350749D7868E0173539D94A931F0FBC8620AAC463F6D27AC419C6362080F2CB004D01BD41C8BCB798A127F62BA4B3924E3848FB0A985C9AD0675733147ECFA78CE412530FCE43D575A5F6C65F9CF97ABA5EB222040E9939406D4CFF7803187AC6A7F8D1747631BDB73184610F7023131D3DB38C21AF593D3097DCED4793274025B1850388C733E9C38334DC0B107374ACED0F248C3286D228D979BEA6A677A6D5EFA3A484FA714EFC00716DC9AA9694F2C2FCD67B8A3D77AC42EB1DFFC6A672B60FCF07D8CB31E73D85408CD18579FDDB33B94DA6FAE9D9994B0E5DFD3FD193A0456E7152EF070077F395E8005224357612167DDCC351F029672DA998105855E9FA36CCD96DC354EE7BDA864AE3F5160E66EBCB42C45CEF9982B0BBD0F07B39D3FE51C6B1A962A327A4A4B"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Langmeier Software\Langmeier Backup\lmbackup.exe
c:\program files (x86)\avmwlanstick\WlanNetService.exe
c:\program files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
c:\program files\Tablet\Wacom\WacomHost.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-08-30 11:53:20 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2014-08-30 09:53
.
Vor Suchlauf: 13 Verzeichnis(se), 42.313.650.176 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 42.141.147.136 Bytes frei
.
- - End Of File - - DFDFDCD01968078666788F489B52947E
Danke für Deine Hilfe und ein schönes Wochenende! Ulli |
|
30.08.2014, 15:38
| #10 |
| /// the machine /// TB-Ausbilder | Anzeige von "blockierten Ereignissen" stört Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
31.08.2014, 07:19
| #11 |
| | Anzeige von "blockierten Ereignissen" stört Hallo Schrauber, schon vor den in Deinem letzten Post durchgeführten Scans habe ich festgestellt, dass dieses ständige gelbe Fenster nur noch für ca. 2 Sekunden aufpoppt und dann wieder verschwindet, allerdings ziemlich häufig. Damit kann ich eigentlich leben. Jedoch wäre es schöner, wenn gar kein Fenster aufpoppen würde, weil mir der Inhalt nichts sagt. Deshalb wüsste ich zu gern, woher, von welchem Programm, das kommt. Noch nicht gebessert hat sich etwas, was ich noch gar nicht erwähnt hatte: Das Herunterfahren von Windows 7 dauert seit einiger Zeit (seit der Zeit, als die Schwierigkeiten mit dem gelben Fenster auftraten? Gefühlt: ja) mit meiner schnellen SSD ca. 40 Sekunden, wenn ich zwischenzeitlich Pegasus-Mail geöffnet und eine Mail bearbeitet habe, wenn ich Firefox benutzt habe, vielleicht Weiteres). Wenn ich gleich nach dem Hochfahren Windows wieder runterfahre, geht das in 5 Sekunden. Hier sind die gewünschten Logfiles. eine Addition.txt scheint es diesmal nicht zu geben, jedenfalls finde ich keine. Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 30.08.2014 Suchlauf-Zeit: 23:52:49 Logdatei: mbam.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.03.04.09 Rootkit Datenbank: v2014.02.20.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Self-protection: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: UB Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 241102 Verstrichene Zeit: 4 Min, 10 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 9 PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}, In Quarantäne, [3118639ce9912c0a9955eb890df5ee12], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\Iminent, In Quarantäne, [cf7a69963248df5787ebd1c49d65dc24], PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\SWEETIM, In Quarantäne, [9eabaa556d0da591a01e5655b44fd52b], PUP.Optional.Linkury.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\LPTSYSTEMUPDATER, In Quarantäne, [71d839c68febb383bc99840ab949c53b], PUP.Optional.1ClickDownload.A, HKU\S-1-5-21-1243157301-2590882679-505944417-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\1ClickDownload, Löschen bei Neustart, [024736c968122115240513992cd7de22], PUP.Optional.InstallCore.A, HKU\S-1-5-21-1243157301-2590882679-505944417-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\INSTALLCORE\1I1T1Q1S, Löschen bei Neustart, [92b75da2bbbfe452374195ff0101fe02], PUP.Optional.InstallCore.A, HKU\S-1-5-21-1243157301-2590882679-505944417-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\INSTALLCORE, Löschen bei Neustart, [2623a15e7cfeba7ca529abff6c9712ee], PUP.Optional.BProtector.A, HKU\S-1-5-21-1243157301-2590882679-505944417-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\bProtectSettings, Löschen bei Neustart, [63e6a35cb5c5a78f19ed921c838033cd], PUP.Optional.SweetIM.A, HKU\S-1-5-21-1243157301-2590882679-505944417-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\SWEETIM, Löschen bei Neustart, [da6fb9463b3f7cba239a9b104fb449b7], Registrierungswerte: 6 PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\SWEETIM|simapp_id, 11111111, In Quarantäne, [9eabaa556d0da591a01e5655b44fd52b] PUP.Optional.Linkury.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\LPTSYSTEMUPDATER|ImagePath, "C:\Program Files (x86)\LPT\srpts.exe", In Quarantäne, [71d839c68febb383bc99840ab949c53b] PUP.Optional.InstallCore.A, HKU\S-1-5-21-1243157301-2590882679-505944417-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\INSTALLCORE|tb, zr2Y1E2Z1G1J1T1M, Löschen bei Neustart, [2623a15e7cfeba7ca529abff6c9712ee] PUP.BProtector, HKU\S-1-5-21-1243157301-2590882679-505944417-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|bProtector Start Page, hxxp://isearch.babylon.com/?affID=116216&tt=4912_6&babsrc=HP_ss&mntrId=087c551f0000000000003085a9f62535, Löschen bei Neustart, [c7826e91b1c925117038b9f11ee5d729] PUP.BProtector, HKU\S-1-5-21-1243157301-2590882679-505944417-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|bProtectorDefaultScope, {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, Löschen bei Neustart, [6edbf20d4c2ebe7879300d9dd42ff20e] PUP.Optional.SweetIM.A, HKU\S-1-5-21-1243157301-2590882679-505944417-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\SWEETIM|simapp_id, 11111111, Löschen bei Neustart, [da6fb9463b3f7cba239a9b104fb449b7] Registrierungsdaten: 0 (No malicious items detected) Ordner: 2 PUP.Optional.OpenCandy, C:\Users\UB\AppData\Roaming\OpenCandy, In Quarantäne, [81c8bf40b0ca60d6ee9db1d5cd358779], PUP.Optional.OpenCandy, C:\Users\UB\AppData\Roaming\OpenCandy\A7AB9D122865425B83D7A6A319035A24, In Quarantäne, [81c8bf40b0ca60d6ee9db1d5cd358779], Dateien: 5 PUP.Optional.SmartBar, C:\Windows\Installer\MSI2DAE.tmp-\Smartbar.Installer.CustomActions.dll, In Quarantäne, [4cfdf906285296a033cc6b1048b85ba5], PUP.Optional.SmartBar, C:\Windows\Installer\MSI65EE.tmp-\Smartbar.Installer.CustomActions.dll, In Quarantäne, [72d71ae53e3ca78f56a9097279879967], PUP.Optional.SmartBar, C:\Windows\Installer\MSID0AB.tmp-\Smartbar.Installer.CustomActions.dll, In Quarantäne, [2227a35cc0ba0a2cd52aafcc946c42be], PUP.Optional.SmartBar, C:\Windows\Installer\MSIF2DE.tmp-\Smartbar.Installer.CustomActions.dll, In Quarantäne, [85c45fa0a4d650e6a956df9cb947a35d], PUP.Optional.OpenCandy, C:\Users\UB\AppData\Roaming\OpenCandy\A7AB9D122865425B83D7A6A319035A24\driverscannerROE.exe, In Quarantäne, [81c8bf40b0ca60d6ee9db1d5cd358779], Physische Sektoren: 0 (No malicious items detected) Code:
ATTFilter # AdwCleaner v3.308 - Bericht erstellt am 31/08/2014 um 00:16:18
# Aktualisiert 20/08/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : UB - UB-PC
# Gestartet von : C:\Users\UB\Desktop\adwcleaner_3.308.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\SoftWarehouse
Ordner Gelöscht : C:\ProgramData\Uniblue
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\open it!
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
Ordner Gelöscht : C:\Program Files (x86)\goforfiles
Ordner Gelöscht : C:\Program Files (x86)\LPT
Ordner Gelöscht : C:\Program Files (x86)\openit
Ordner Gelöscht : C:\Program Files (x86)\PC Speed Maximizer
Ordner Gelöscht : C:\Program Files (x86)\Uniblue
Ordner Gelöscht : C:\Users\UB\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\UB\AppData\LocalLow\BabylonToolbar
Ordner Gelöscht : C:\Users\UB\AppData\Roaming\DigitalSites
Ordner Gelöscht : C:\Users\UB\AppData\Roaming\ExpressFiles
Ordner Gelöscht : C:\Users\UB\AppData\Roaming\goforfiles
Ordner Gelöscht : C:\Users\UB\AppData\Roaming\Uniblue
Datei Gelöscht : C:\Users\Public\Desktop\Open It!.lnk
Datei Gelöscht : C:\Users\UB\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\driverscanner.lnk
Datei Gelöscht : C:\Users\UB\AppData\Roaming\Mozilla\Firefox\Profiles\y2ycry0v.default\bprotector_extensions.sqlite
Datei Gelöscht : C:\Users\UB\AppData\Roaming\Mozilla\Firefox\Profiles\y2ycry0v.default\bprotector_prefs.js
Datei Gelöscht : C:\Users\UB\AppData\Roaming\Mozilla\Firefox\Profiles\y2ycry0v.default\invalidprefs.js
Datei Gelöscht : C:\Users\UB\AppData\Roaming\Mozilla\Firefox\Profiles\y2ycry0v.default\searchplugins\babylon1.xml
Datei Gelöscht : C:\Users\UB\AppData\Roaming\Mozilla\Firefox\Profiles\y2ycry0v.default\searchplugins\SafeFinder Search.xml
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Schlüssel Gelöscht : HKCU\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\BabylonToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\driverscanner
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\driverscanner_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\driverscanner_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\GoforFiles_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\GoforFiles_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SafeFinder_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SafeFinder_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Schlüssel Gelöscht : HKCU\Software\5bed98ab139ed17
Schlüssel Gelöscht : HKLM\SOFTWARE\5bed98ab139ed17
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_revo-uninstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_revo-uninstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\dsiteproducts
Schlüssel Gelöscht : HKCU\Software\GoforFiles
Schlüssel Gelöscht : HKCU\Software\IGearSettings
Schlüssel Gelöscht : HKCU\Software\Microsoft\Babylon
Schlüssel Gelöscht : HKCU\Software\Myfree Codec
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\SecuredDownload
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\GoforFiles
Schlüssel Gelöscht : HKLM\SOFTWARE\Myfree Codec
Schlüssel Gelöscht : HKLM\SOFTWARE\PIP
Schlüssel Gelöscht : HKLM\SOFTWARE\Uniblue
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\openit open it!
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17207
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]
-\\ Mozilla Firefox v31.0 (x86 de)
[ Datei : C:\Users\UB\AppData\Roaming\Mozilla\Firefox\Profiles\y2ycry0v.default\prefs.js ]
Zeile gelöscht : user_pref("browser.search.defaultenginename", "SafeFinder Search");
Zeile gelöscht : user_pref("browser.search.selectedEngine", "SafeFinder Search");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.admin", false);
Zeile gelöscht : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.autoRvrt", "false");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.excTlbr", false);
Zeile gelöscht : user_pref("extensions.BabylonToolbar.id", "087c551f0000000000003085a9f62535");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.instlDay", "15680");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.rvrt", "false");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=087c551f0000000000003085a9f62535&q=");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.vrsn", "1.8.4.9");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.vrsni", "1.8.4.9");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.excTlbr", false);
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.newTab", false);
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.4.91:06:21");
Zeile gelöscht : user_pref("extensions.funmoods_i.aflt", "kno");
Zeile gelöscht : user_pref("extensions.funmoods_i.dfltLng", "");
Zeile gelöscht : user_pref("extensions.funmoods_i.excTlbr", false);
Zeile gelöscht : user_pref("extensions.funmoods_i.id", "e0dcc51d00000000000000e01881c97f");
Zeile gelöscht : user_pref("extensions.funmoods_i.instlDay", "15415");
Zeile gelöscht : user_pref("extensions.funmoods_i.instlRef", "");
Zeile gelöscht : user_pref("extensions.funmoods_i.newTab", false);
Zeile gelöscht : user_pref("extensions.funmoods_i.prdct", "funmoods");
Zeile gelöscht : user_pref("extensions.funmoods_i.prtnrId", "funmoods");
Zeile gelöscht : user_pref("extensions.funmoods_i.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.funmoods_i.tlbrId", "base");
Zeile gelöscht : user_pref("extensions.funmoods_i.tlbrSrchUrl", "hxxp://start.funmoods.com/results.php?f=3&a=kno&q=");
Zeile gelöscht : user_pref("extensions.funmoods_i.vrsn", "1.5.11.16");
Zeile gelöscht : user_pref("extensions.funmoods_i.vrsnTs", "1.5.11.1611:04:49");
Zeile gelöscht : user_pref("extensions.funmoods_i.vrsni", "1.5.11.16");
Zeile gelöscht : user_pref("extensions.helperbar.DockingPositionDown", false);
Zeile gelöscht : user_pref("extensions.helperbar.SmartbarDisabled", false);
Zeile gelöscht : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Zeile gelöscht : user_pref("extensions.helperbar.Visibility", false);
Zeile gelöscht : user_pref("extensions.helperbar.backPageCapacity", 3);
Zeile gelöscht : user_pref("extensions.helperbar.backPageCounter", 0);
Zeile gelöscht : user_pref("extensions.helperbar.backPageDay", 24);
Zeile gelöscht : user_pref("extensions.helperbar.backPageLastEvent", "1408725320623");
Zeile gelöscht : user_pref("extensions.helperbar.backPageMinInterval", 15);
Zeile gelöscht : user_pref("extensions.helperbar.barcodeid", "150031");
Zeile gelöscht : user_pref("extensions.helperbar.countryiso", "de");
Zeile gelöscht : user_pref("extensions.helperbar.downloadprovider", "irssf201");
Zeile gelöscht : user_pref("extensions.helperbar.externalJsFiles", "{\"d\":\"[{\\\"ExcludeDomains\\\":[],\\\"hxxpInjection\\\":\\\"hxxp:\\\\\\/\\\\\\/az412617.vo.msecnd.net\\\\\\/scripts\\\\\\/crt.js\\\",\\\"hxxpsInje[...]
Zeile gelöscht : user_pref("extensions.helperbar.fromautoupdate", "false");
Zeile gelöscht : user_pref("extensions.helperbar.installationid", "17adca34-c9e9-7325-df5c-1208ed784d9e");
Zeile gelöscht : user_pref("extensions.helperbar.installdate", "24/08/2014");
Zeile gelöscht : user_pref("extensions.helperbar.iswinxp", "false");
Zeile gelöscht : user_pref("extensions.helperbar.keepAliveLastevent", "1408898120");
Zeile gelöscht : user_pref("extensions.helperbar.lastExternalJsUpdate", "1408955420746");
Zeile gelöscht : user_pref("extensions.helperbar.publisher", "irssf");
Zeile gelöscht : user_pref("keyword.URL", "hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx880NHL4NpXhO1w6Yb0c1W97SuZoCycIxpUJ-gCzGjcB8CzCcZG6erFPTeU0ZVhjPPoOxR8h67j_OKaut2_FxtZyBTarSVVRuG-oZXR3RBFxHO[...]
-\\ Google Chrome v24.0.1312.57
[ Datei : C:\Users\UB\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [16739 octets] - [31/08/2014 00:14:36]
AdwCleaner[S0].txt - [14345 octets] - [31/08/2014 00:16:18]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [14406 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by UB on 31.08.2014 at 0:23:56,07
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1243157301-2590882679-505944417-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{42E0615A-ED6C-4119-8DF3-E9FA8EDF204A}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Program Files (x86)\myfree codec"
~~~ FireFox
Successfully deleted: [File] C:\user.js
Successfully deleted: [Folder] C:\Users\UB\AppData\Roaming\mozilla\firefox\profiles\y2ycry0v.default\extensions\staged
Emptied folder: C:\Users\UB\AppData\Roaming\mozilla\firefox\profiles\y2ycry0v.default\minidumps [26 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 31.08.2014 at 0:27:22,09
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-08-2014
Ran by UB (administrator) on UB-PC on 31-08-2014 08:03:58
Running from C:\Users\UB\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Sphinx Software) C:\Program Files (x86)\Windows7FirewallControl\Windows7FirewallService.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Langmeier Software GmbH, Switzerland) C:\Program Files (x86)\Langmeier Software\Langmeier Backup\lmbackup.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodtray.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Samsung Electronics Co., Ltd.) D:\Samsung Kies\Kies\KiesTrayAgent.exe
(Thornsoft Development, Inc.) C:\Program Files (x86)\ClipMate7\ClipMate.exe
(ACD Systems International Inc.) C:\Program Files (x86)\Common Files\ACD Systems\DE\DevDetect.exe
(Daniel Manger Software) C:\Program Files (x86)\Kalenderchen\Kalenderchen.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.10\AsusFanControlService.exe
(Sphinx Software) C:\Program Files (x86)\Windows7FirewallControl\Windows7FirewallControl.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanNetService.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodag.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
(Mister Group) C:\Program Files (x86)\System Explorer\SystemExplorer.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
() C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
(Uwe Sieber - www.uwe-sieber.de) C:\Tools\USBDLM\USBDLM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Uwe Sieber - www.uwe-sieber.de) C:\Tools\USBDLM\USBDLM_usr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Mister Group) C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(David Harris) C:\PMAIL\Programs\winpm-32.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [689488 2008-03-11] (CANON INC.)
HKLM\...\Run: [OODefragTray] => C:\Program Files\OO Software\Defrag\oodtray.exe [3998064 2012-06-06] (O&O Software GmbH)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [140568 2007-08-31] (Acronis)
HKLM\...\Run: [KiesTrayAgent] => D:\Samsung Kies\Kies\KiesTrayAgent.exe [310064 2014-05-28] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-20] (Intel Corporation)
HKLM-x32\...\Run: [Windows7FirewallControl] => C:\Program Files (x86)\Windows7FirewallControl\Windows7FirewallControl.exe [806912 2012-09-21] (Sphinx Software)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207360 2010-03-18] (ArcSoft Inc.)
HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [2622232 2007-08-31] (Acronis)
HKLM-x32\...\Run: [AcronisTimounterMonitor] => C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe [907040 2007-08-31] (Acronis)
HKLM-x32\...\Run: [SystemExplorerAutoStart] => C:\Program Files (x86)\System Explorer\SystemExplorer.exe [4008296 2014-05-12] (Mister Group)
HKLM-x32\...\Run: [KiesTrayAgent] => D:\Samsung Kies\Kies\KiesTrayAgent.exe [310064 2014-05-28] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-07] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1243157301-2590882679-505944417-1000\...\Run: [ClipMate7] => C:\Program Files (x86)\ClipMate7\ClipMate.exe [3760424 2009-01-31] (Thornsoft Development, Inc.)
HKU\S-1-5-21-1243157301-2590882679-505944417-1000\...\Run: [Device Detector] => DevDetect.exe -autorun
HKU\S-1-5-21-1243157301-2590882679-505944417-1000\...\Run: [DMS-Kalenderchen] => C:\Program Files (x86)\Kalenderchen\Kalenderchen.exe [3498496 2010-05-19] (Daniel Manger Software)
Lsa: [Authentication Packages] msv1_0 relog_ap
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
BootExecute: autocheck autochk * OODBS
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll (CANON INC.)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - No File
Handler-x32: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Tcpip\..\Interfaces\{B13C63AC-E3CE-428E-9B78-65C1FBF91F26}: [NameServer] 192.168.178.1
Tcpip\..\Interfaces\{F1318F98-6E7A-4587-A3B4-0386D672D97E}: [NameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\UB\AppData\Roaming\Mozilla\Firefox\Profiles\y2ycry0v.default
FF Homepage: hxxp://duckduckgo.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll (Adobe Systems, Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin HKCU: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF SearchPlugin: C:\Users\UB\AppData\Roaming\Mozilla\Firefox\Profiles\y2ycry0v.default\searchplugins\0180-telefonbuch.xml
FF SearchPlugin: C:\Users\UB\AppData\Roaming\Mozilla\Firefox\Profiles\y2ycry0v.default\searchplugins\avira-safesearch.xml
FF SearchPlugin: C:\Users\UB\AppData\Roaming\Mozilla\Firefox\Profiles\y2ycry0v.default\searchplugins\duckduckgo.xml
FF SearchPlugin: C:\Users\UB\AppData\Roaming\Mozilla\Firefox\Profiles\y2ycry0v.default\searchplugins\leo-deu-fra.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira Browser Safety - C:\Users\UB\AppData\Roaming\Mozilla\Firefox\Profiles\y2ycry0v.default\Extensions\abs@avira.com [2014-08-29]
FF Extension: Fox!Box - C:\Users\UB\AppData\Roaming\Mozilla\Firefox\Profiles\y2ycry0v.default\Extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8}.xpi [2014-07-22]
Chrome:
=======
CHR HomePage: Default ->
CHR DefaultSearchKeyword: Default -> search.yahoo.com
CHR DefaultSearchProvider: Default -> Web
CHR DefaultSearchURL: Default -> hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx880NHL4NpXhO1w6Yb0c1W97SuZoCycIxpUJ-gCzGjcB8CzCcZG6erFPTeU0ZVhjPPoOxR8h67j_OKaut2_FxtZyBTarSVVRuG-oZXR3RBFxHOtZfIqATKujReEoSbMnJInJ2qVLWzXhPjb_iBjkADQIQL3xgwQml1qFrH5iDO1A,,&q={searchTerms}
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR Profile: C:\Users\UB\AppData\Local\Google\Chrome\User Data\Default
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-17] (Adobe Systems Incorporated)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-07] (Avira Operations GmbH & Co. KG)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2012-06-01] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-06-01] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-17] (ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.10\AsusFanControlService.exe [1475744 2012-05-25] (ASUSTeK Computer Inc.)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [149296 2014-08-04] (Avira Operations GmbH & Co. KG)
R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin) [File not signed]
R3 ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [160768 2011-05-27] (Intel Corporation) [File not signed]
R2 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [3293552 2012-06-06] (O&O Software GmbH)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [386344 2010-08-19] ()
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1225312 2012-11-26] (Secunia)
R3 SystemExplorerHelpService; C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe [821720 2012-11-25] (Mister Group)
R2 TryAndDecideService; C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [498872 2007-08-31] ()
R2 USBDLM; C:\Tools\USBDLM\USBDLM.exe [451560 2013-02-25] (Uwe Sieber - www.uwe-sieber.de) [File not signed]
R2 Windows7FirewallService; C:\Program Files (x86)\Windows7FirewallControl\Windows7FirewallService.exe [491520 2012-09-21] (Sphinx Software) [File not signed]
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [613760 2012-10-29] (Wacom Technology, Corp.)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
S3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-20] (MCCI Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-20] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-19] (Avira Operations GmbH & Co. KG)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-22] (AVM Berlin)
S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2010-10-22] (AVM GmbH)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-31] (Malwarebytes Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-10] (Corel Corporation)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [27960 2013-01-02] (Synaptics Incorporated)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-31 00:27 - 2014-08-31 00:27 - 00001318 _____ () C:\Users\UB\Desktop\JRT.txt
2014-08-31 00:23 - 2014-08-31 00:23 - 00000000 ____D () C:\Windows\ERUNT
2014-08-31 00:14 - 2014-08-31 00:16 - 00000000 ____D () C:\AdwCleaner
2014-08-31 00:14 - 2014-08-30 19:52 - 01364531 _____ () C:\Users\UB\Desktop\adwcleaner_3.308.exe
2014-08-31 00:14 - 2014-04-21 08:17 - 00647193 _____ () C:\Users\UB\Desktop\aida.gadget
2014-08-31 00:14 - 2013-03-12 15:42 - 00972393 _____ (Aplus Software Inc. ) C:\Users\UB\Desktop\AplusDVDCopy.exe
2014-08-31 00:14 - 2013-03-12 15:39 - 10712363 _____ () C:\Users\UB\Desktop\AplusDVDCopy.zip
2014-08-31 00:14 - 2012-04-14 19:30 - 06243960 _____ (Lavasoft Limited) C:\Users\UB\Desktop\Adaware_Installer.exe
2014-08-31 00:14 - 2012-01-30 14:13 - 12410880 _____ () C:\Users\UB\Desktop\Ad-Aware96Install.msi
2014-08-31 00:14 - 2012-01-26 11:56 - 00633491 _____ () C:\Users\UB\Desktop\adblock_plus-2.0.3-sm_tb_fn_fx.zip
2014-08-31 00:14 - 2011-09-02 13:52 - 00795657 _____ () C:\Users\UB\Desktop\Acronis-True-Image-Home-Setup.exe
2014-08-31 00:14 - 2011-06-15 11:14 - 10080256 _____ () C:\Users\UB\Desktop\Ad-Aware90Install.msi
2014-08-31 00:09 - 2014-08-31 00:09 - 00005031 _____ () C:\Users\UB\Desktop\mbam.txt
2014-08-31 00:07 - 2014-08-31 00:07 - 00005031 _____ () C:\mbam.txt
2014-08-30 23:51 - 2014-08-31 00:02 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-30 23:51 - 2014-08-30 23:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-08-30 23:51 - 2014-08-30 23:51 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-08-30 23:51 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-30 23:51 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-30 23:51 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-30 23:36 - 2014-08-30 23:36 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-30 18:08 - 2014-08-30 18:01 - 00034642 _____ () C:\Users\UB\Desktop\FRST (2).txt
2014-08-30 11:53 - 2014-08-30 11:53 - 00053377 _____ () C:\ComboFix.txt
2014-08-30 11:52 - 2014-08-30 11:52 - 00002092 _____ () C:\Users\Public\Desktop\Langmeier Backup.lnk
2014-08-30 11:49 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-08-30 11:49 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-08-30 11:49 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-08-30 11:49 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-08-30 11:49 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-08-30 11:49 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-08-30 11:49 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-08-30 11:49 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-08-30 11:31 - 2014-08-31 00:17 - 00011702 _____ () C:\Windows\PFRO.log
2014-08-30 11:26 - 2014-08-30 11:53 - 00000000 ____D () C:\Qoobox
2014-08-30 11:26 - 2014-08-30 11:52 - 00000000 ____D () C:\Windows\erdnt
2014-08-29 10:29 - 2014-08-29 11:06 - 00000000 ____D () C:\Users\UB\Desktop\Anzeigenbilder
2014-08-27 11:08 - 2014-08-31 08:04 - 00000000 ____D () C:\FRST
2014-08-27 11:08 - 2014-08-31 08:03 - 00018596 _____ () C:\Users\UB\Desktop\FRST.txt
2014-08-27 11:08 - 2014-08-27 11:09 - 00034477 ____N () C:\Users\UB\Desktop\Addition.txt
2014-08-27 11:06 - 2014-08-27 11:03 - 02103296 ____N (Farbar) C:\Users\UB\Desktop\FRST64.exe
2014-08-26 18:43 - 2014-08-26 18:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec
2014-08-25 12:10 - 2014-08-31 07:45 - 00001288 _____ () C:\Windows\setupact.log
2014-08-25 12:10 - 2014-08-25 12:10 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-25 11:46 - 2014-08-25 11:46 - 00001170 _____ () C:\Users\UB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-25 11:23 - 2014-08-25 11:23 - 00000000 ____D () C:\NEW_VOLUME
2014-08-24 18:38 - 2014-08-26 11:42 - 00000085 ___SH () C:\ProgramData\.zreglib
2014-08-24 18:35 - 2014-08-24 18:35 - 00000000 ____D () C:\Users\UB\AppData\Local\WorldofTanks
2014-08-24 18:35 - 2014-08-24 18:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes
2014-08-24 18:35 - 2014-08-24 18:35 - 00000000 ____D () C:\Program Files (x86)\Elaborate Bytes
2014-08-24 18:34 - 2014-08-24 18:34 - 00000000 ____D () C:\Users\UB\AppData\Roaming\0S1P1R2Y1C1P1Q0D1F2W1G1I1F1T1Q
2014-08-24 18:34 - 2014-08-24 18:34 - 00000000 ____D () C:\Users\UB\AppData\Local\GGEmpire
2014-08-22 17:48 - 2014-08-22 17:48 - 00000000 ____D () C:\Users\UB\Desktop\AIDA
2014-08-10 17:27 - 2014-08-13 00:57 - 00000000 ____D () C:\Users\UB\Desktop\Omnia
2014-08-07 09:13 - 2014-08-20 16:17 - 00001147 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-07 09:13 - 2014-08-20 16:17 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-06 07:10 - 2014-08-06 07:10 - 00002085 ____N () C:\Users\UB\Desktop\MyPhoneExplorer.lnk
2014-08-05 18:30 - 2014-08-05 18:30 - 00002067 _____ () C:\Users\Public\Desktop\MyPhoneExplorer.lnk
2014-08-05 18:30 - 2014-08-05 18:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer
2014-08-05 18:30 - 2014-08-05 18:30 - 00000000 ____D () C:\Program Files (x86)\MyPhoneExplorer
2014-08-05 18:04 - 2014-08-05 18:04 - 00000000 ____D () C:\Users\UB\.android
2014-08-05 18:02 - 2014-08-16 01:56 - 00000000 ____D () C:\Users\UB\AppData\Roaming\MyPhoneExplorer
2014-08-03 11:01 - 2014-08-03 11:01 - 00000000 ____D () C:\Program Files (x86)\MSECache
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-31 08:04 - 2014-08-27 11:08 - 00018596 _____ () C:\Users\UB\Desktop\FRST.txt
2014-08-31 08:04 - 2014-08-27 11:08 - 00000000 ____D () C:\FRST
2014-08-31 08:04 - 2012-11-13 16:58 - 01786955 _____ () C:\Windows\WindowsUpdate.log
2014-08-31 07:52 - 2009-07-14 06:45 - 00022512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-31 07:52 - 2009-07-14 06:45 - 00022512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-31 07:51 - 2011-04-12 09:43 - 20568840 _____ () C:\Windows\system32\perfh007.dat
2014-08-31 07:51 - 2011-04-12 09:43 - 06416412 _____ () C:\Windows\system32\perfc007.dat
2014-08-31 07:51 - 2009-07-14 07:13 - 00010576 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-31 07:45 - 2014-08-25 12:10 - 00001288 _____ () C:\Windows\setupact.log
2014-08-31 07:45 - 2013-03-09 18:46 - 01540132 _____ () C:\Windows\system32\oodbs.lor
2014-08-31 07:45 - 2012-11-25 11:50 - 00000000 ____D () C:\ProgramData\Temp
2014-08-31 07:45 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-31 00:46 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-31 00:31 - 2012-12-15 01:47 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-31 00:27 - 2014-08-31 00:27 - 00001318 _____ () C:\Users\UB\Desktop\JRT.txt
2014-08-31 00:23 - 2014-08-31 00:23 - 00000000 ____D () C:\Windows\ERUNT
2014-08-31 00:17 - 2014-08-30 11:31 - 00011702 _____ () C:\Windows\PFRO.log
2014-08-31 00:16 - 2014-08-31 00:14 - 00000000 ____D () C:\AdwCleaner
2014-08-31 00:09 - 2014-08-31 00:09 - 00005031 _____ () C:\Users\UB\Desktop\mbam.txt
2014-08-31 00:07 - 2014-08-31 00:07 - 00005031 _____ () C:\mbam.txt
2014-08-31 00:05 - 2012-12-16 18:54 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-31 00:02 - 2014-08-30 23:51 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-31 00:02 - 2013-01-01 23:20 - 00000000 ____D () C:\Users\UB\Desktop\Utilities
2014-08-30 23:59 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-30 23:51 - 2014-08-30 23:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-08-30 23:51 - 2014-08-30 23:51 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-08-30 23:36 - 2014-08-30 23:36 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-30 19:52 - 2014-08-31 00:14 - 01364531 _____ () C:\Users\UB\Desktop\adwcleaner_3.308.exe
2014-08-30 18:01 - 2014-08-30 18:08 - 00034642 _____ () C:\Users\UB\Desktop\FRST (2).txt
2014-08-30 14:45 - 2013-11-29 19:15 - 00820736 _____ () C:\Users\UB\Documents\Meine Konten.sub
2014-08-30 11:53 - 2014-08-30 11:53 - 00053377 _____ () C:\ComboFix.txt
2014-08-30 11:53 - 2014-08-30 11:26 - 00000000 ____D () C:\Qoobox
2014-08-30 11:53 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-08-30 11:52 - 2014-08-30 11:52 - 00002092 _____ () C:\Users\Public\Desktop\Langmeier Backup.lnk
2014-08-30 11:52 - 2014-08-30 11:26 - 00000000 ____D () C:\Windows\erdnt
2014-08-30 11:52 - 2013-02-06 15:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Langmeier Backup
2014-08-30 11:52 - 2009-07-14 04:34 - 00000248 _____ () C:\Windows\system.ini
2014-08-30 10:35 - 2013-02-06 14:47 - 00003906 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{3D791F18-8226-448D-8AB0-9EE369A04736}
2014-08-29 11:06 - 2014-08-29 10:29 - 00000000 ____D () C:\Users\UB\Desktop\Anzeigenbilder
2014-08-27 11:09 - 2014-08-27 11:08 - 00034477 ____N () C:\Users\UB\Desktop\Addition.txt
2014-08-27 11:03 - 2014-08-27 11:06 - 02103296 ____N (Farbar) C:\Users\UB\Desktop\FRST64.exe
2014-08-26 18:44 - 2014-06-04 15:35 - 00000757 _____ () C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
2014-08-26 18:44 - 2014-06-04 15:35 - 00000747 _____ () C:\Users\Public\Desktop\Samsung Kies.lnk
2014-08-26 18:43 - 2014-08-26 18:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec
2014-08-26 11:42 - 2014-08-24 18:38 - 00000085 ___SH () C:\ProgramData\.zreglib
2014-08-26 11:42 - 2014-03-24 17:24 - 00000000 ____D () C:\Users\UB\AppData\Roaming\vlc
2014-08-26 11:24 - 2013-02-22 19:37 - 00000000 ____D () C:\ProgramData\DVD Shrink
2014-08-25 12:10 - 2014-08-25 12:10 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-25 11:46 - 2014-08-25 11:46 - 00001170 _____ () C:\Users\UB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-25 11:39 - 2013-03-12 15:52 - 00000000 ____D () C:\Users\UB\Desktop\Brennen
2014-08-25 11:36 - 2014-04-05 23:54 - 00000000 ____D () C:\Users\UB\AppData\Roaming\dvdcss
2014-08-25 11:23 - 2014-08-25 11:23 - 00000000 ____D () C:\NEW_VOLUME
2014-08-25 10:40 - 2013-11-09 01:35 - 00000000 ____D () C:\Windows\Minidump
2014-08-24 18:35 - 2014-08-24 18:35 - 00000000 ____D () C:\Users\UB\AppData\Local\WorldofTanks
2014-08-24 18:35 - 2014-08-24 18:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes
2014-08-24 18:35 - 2014-08-24 18:35 - 00000000 ____D () C:\Program Files (x86)\Elaborate Bytes
2014-08-24 18:34 - 2014-08-24 18:34 - 00000000 ____D () C:\Users\UB\AppData\Roaming\0S1P1R2Y1C1P1Q0D1F2W1G1I1F1T1Q
2014-08-24 18:34 - 2014-08-24 18:34 - 00000000 ____D () C:\Users\UB\AppData\Local\GGEmpire
2014-08-22 17:48 - 2014-08-22 17:48 - 00000000 ____D () C:\Users\UB\Desktop\AIDA
2014-08-22 17:35 - 2014-06-20 09:52 - 00000000 ____D () C:\Users\UB\Desktop\PBeaKK
2014-08-20 16:17 - 2014-08-07 09:13 - 00001147 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-20 16:17 - 2014-08-07 09:13 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-20 16:17 - 2012-11-14 12:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-20 16:17 - 2012-11-14 12:01 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-08-16 01:56 - 2014-08-05 18:02 - 00000000 ____D () C:\Users\UB\AppData\Roaming\MyPhoneExplorer
2014-08-15 08:39 - 2014-06-28 09:40 - 00000000 ____D () C:\Users\UB\Desktop\Bedienungsanleitungen
2014-08-15 08:31 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-13 00:57 - 2014-08-10 17:27 - 00000000 ____D () C:\Users\UB\Desktop\Omnia
2014-08-11 18:36 - 2014-07-19 13:29 - 00000000 ___HD () C:\Users\UB\Desktop\[Originaldateien]
2014-08-10 17:37 - 2013-02-09 18:36 - 00001158 _____ () C:\Users\UB\AppData\Roaming\ShiftN.ini
2014-08-09 12:59 - 2013-01-14 18:11 - 00000000 ____D () C:\ProgramData\Buhl Data Service GmbH
2014-08-09 12:41 - 2013-05-15 13:25 - 00003201 ____N () C:\Users\UB\Desktop\Sterbefall-Todo-Liste
2014-08-07 09:13 - 2012-11-14 12:01 - 00000000 ____D () C:\ProgramData\Avira
2014-08-06 11:09 - 2013-06-14 00:47 - 00006386 _____ () C:\Users\UB\Documents\TopBankingError.txt
2014-08-06 07:10 - 2014-08-06 07:10 - 00002085 ____N () C:\Users\UB\Desktop\MyPhoneExplorer.lnk
2014-08-05 18:30 - 2014-08-05 18:30 - 00002067 _____ () C:\Users\Public\Desktop\MyPhoneExplorer.lnk
2014-08-05 18:30 - 2014-08-05 18:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer
2014-08-05 18:30 - 2014-08-05 18:30 - 00000000 ____D () C:\Program Files (x86)\MyPhoneExplorer
2014-08-05 18:04 - 2014-08-05 18:04 - 00000000 ____D () C:\Users\UB\.android
2014-08-05 18:04 - 2012-11-13 16:58 - 00000000 ____D () C:\Users\UB
2014-08-03 11:01 - 2014-08-03 11:01 - 00000000 ____D () C:\Program Files (x86)\MSECache
2014-08-03 11:01 - 2013-08-06 18:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-08-01 08:38 - 2013-06-13 18:27 - 00001995 _____ () C:\Users\UB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Banking 4W.lnk
Some content of TEMP:
====================
C:\Users\UB\AppData\Local\Temp\avgnt.exe
C:\Users\UB\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-07-20 10:41
==================== End Of Log ============================
--- --- --- --- --- --- --- --- --- Schönen Sonntag! Ulli Geändert von ulli912 (31.08.2014 um 07:36 Uhr) Grund: Ergänzung |
|
31.08.2014, 16:58
| #12 |
| /// the machine /// TB-Ausbilder | Anzeige von "blockierten Ereignissen" störtESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
01.09.2014, 10:08
| #13 | |
| | Anzeige von "blockierten Ereignissen" stört Hallo, das war vielleicht ein Mammut-Scan von ESET mit 3 ext. HDDs! Und vielen gefundenen Bedrohungen. Hier sind die gewünschten Scans: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=12
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=f2f230ff5f3e8d4ab24e84b8fb6a7b34
# engine=19930
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-08-31 08:54:55
# local_time=2014-08-31 10:54:55 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 11058 274941785 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 35948275 161148345 0 0
# scanned=10825
# found=1
# cleaned=0
# scan_time=45
sh=17A49F07D27EFCE6E60072713C14D51416E3F89D ft=1 fh=a4b8176735b0a9fd vn="Variante von Win32/YourFileDownloader.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\goforfiles\uninstall.exe.vir"
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=f2f230ff5f3e8d4ab24e84b8fb6a7b34
# engine=19930
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-09-01 08:03:46
# local_time=2014-09-01 10:03:46 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 51189 274981916 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 35988406 161188476 0 0
# scanned=461525
# found=188
# cleaned=0
# scan_time=39854
sh=17A49F07D27EFCE6E60072713C14D51416E3F89D ft=1 fh=a4b8176735b0a9fd vn="Variante von Win32/YourFileDownloader.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\goforfiles\uninstall.exe.vir"
sh=B84DA289FA8BEC345109AC49E4EC6754179EFC49 ft=1 fh=c71c001198f425ea vn="Win32/InstalleRex.M evtl. unerwünschte Anwendung" ac=I fn="C:\ProgramData\InstallMate\{153345E7-A654-46BB-A450-EE76CED06711}\Custom.dll"
sh=B84DA289FA8BEC345109AC49E4EC6754179EFC49 ft=1 fh=c71c001198f425ea vn="Win32/InstalleRex.M evtl. unerwünschte Anwendung" ac=I fn="C:\ProgramData\InstallMate\{424E83F9-2E9C-41B7-A35C-66BE99ADA10F}\Custom.dll"
sh=B84DA289FA8BEC345109AC49E4EC6754179EFC49 ft=1 fh=c71c001198f425ea vn="Win32/InstalleRex.M evtl. unerwünschte Anwendung" ac=I fn="C:\ProgramData\InstallMate\{5E7A3D05-7C48-4DB8-AF53-346A85991FF3}\Custom.dll"
sh=B84DA289FA8BEC345109AC49E4EC6754179EFC49 ft=1 fh=c71c001198f425ea vn="Win32/InstalleRex.M evtl. unerwünschte Anwendung" ac=I fn="C:\ProgramData\InstallMate\{63CF5A73-B5BC-40D4-A23F-FD9EB82C7885}\Custom.dll"
sh=B84DA289FA8BEC345109AC49E4EC6754179EFC49 ft=1 fh=c71c001198f425ea vn="Win32/InstalleRex.M evtl. unerwünschte Anwendung" ac=I fn="C:\ProgramData\InstallMate\{74F3BA91-5C1F-4AC7-A82C-143DAF109867}\Custom.dll"
sh=B84DA289FA8BEC345109AC49E4EC6754179EFC49 ft=1 fh=c71c001198f425ea vn="Win32/InstalleRex.M evtl. unerwünschte Anwendung" ac=I fn="C:\ProgramData\InstallMate\{953F51F3-8679-4C2B-AEC0-CE5B4EDC7305}\Custom.dll"
sh=B84DA289FA8BEC345109AC49E4EC6754179EFC49 ft=1 fh=c71c001198f425ea vn="Win32/InstalleRex.M evtl. unerwünschte Anwendung" ac=I fn="C:\Users\All Users\InstallMate\{153345E7-A654-46BB-A450-EE76CED06711}\Custom.dll"
sh=B84DA289FA8BEC345109AC49E4EC6754179EFC49 ft=1 fh=c71c001198f425ea vn="Win32/InstalleRex.M evtl. unerwünschte Anwendung" ac=I fn="C:\Users\All Users\InstallMate\{424E83F9-2E9C-41B7-A35C-66BE99ADA10F}\Custom.dll"
sh=B84DA289FA8BEC345109AC49E4EC6754179EFC49 ft=1 fh=c71c001198f425ea vn="Win32/InstalleRex.M evtl. unerwünschte Anwendung" ac=I fn="C:\Users\All Users\InstallMate\{5E7A3D05-7C48-4DB8-AF53-346A85991FF3}\Custom.dll"
sh=B84DA289FA8BEC345109AC49E4EC6754179EFC49 ft=1 fh=c71c001198f425ea vn="Win32/InstalleRex.M evtl. unerwünschte Anwendung" ac=I fn="C:\Users\All Users\InstallMate\{63CF5A73-B5BC-40D4-A23F-FD9EB82C7885}\Custom.dll"
sh=B84DA289FA8BEC345109AC49E4EC6754179EFC49 ft=1 fh=c71c001198f425ea vn="Win32/InstalleRex.M evtl. unerwünschte Anwendung" ac=I fn="C:\Users\All Users\InstallMate\{74F3BA91-5C1F-4AC7-A82C-143DAF109867}\Custom.dll"
sh=B84DA289FA8BEC345109AC49E4EC6754179EFC49 ft=1 fh=c71c001198f425ea vn="Win32/InstalleRex.M evtl. unerwünschte Anwendung" ac=I fn="C:\Users\All Users\InstallMate\{953F51F3-8679-4C2B-AEC0-CE5B4EDC7305}\Custom.dll"
sh=2DAAB83B0439BC76845E58F3F7DDB84EE8E210C4 ft=1 fh=855a37aa5dbeb36f vn="Win32/InstallCore.PC evtl. unerwünschte Anwendung" ac=I fn="C:\Users\UB\AppData\Roaming\0S1P1R2Y1C1P1Q0D1F2W1G1I1F1T1Q\Gratis downloaden & installieren Packages\uninstaller.exe"
sh=924FBFDFE9B60F15B52812AA6E122D15C5640F50 ft=0 fh=0000000000000000 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\2119bac.msi"
sh=C60345A525F9ECE867A2D918E498132048637929 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Babylon.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\5a6d49.msi"
sh=FF95C96208846B91F6619631E777FFF8777B7A0D ft=1 fh=b1c966448c589b19 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI2DAE.tmp-\sppsm.dll"
sh=8AC143E18CA87AC3636DE55EF8A2ECF864F31B82 ft=1 fh=ea5e0724d0589487 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI2DAE.tmp-\spusm.dll"
sh=C992DE3D318BB72B8E76772AEC6D4901C0A1C623 ft=1 fh=b47bdf325a7b1513 vn="Variante von MSIL/Toolbar.Linkury.C evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI2DAE.tmp-\srbs.dll"
sh=C36218BF46315C11A0E6D90CDD09AFDDE83E648C ft=1 fh=a236f9108107e224 vn="Variante von MSIL/Toolbar.Linkury.F evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI2DAE.tmp-\srbu.dll"
sh=632AEB772CAA56339B2BC42D8AC04C4A72764C1B ft=1 fh=4f1da9cb37a68e50 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI2DAE.tmp-\srptc.dll"
sh=632AEB772CAA56339B2BC42D8AC04C4A72764C1B ft=1 fh=4f1da9cb37a68e50 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI65EE.tmp-\srptc.dll"
sh=FF95C96208846B91F6619631E777FFF8777B7A0D ft=1 fh=b1c966448c589b19 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSID0AB.tmp-\sppsm.dll"
sh=8AC143E18CA87AC3636DE55EF8A2ECF864F31B82 ft=1 fh=ea5e0724d0589487 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSID0AB.tmp-\spusm.dll"
sh=632AEB772CAA56339B2BC42D8AC04C4A72764C1B ft=1 fh=4f1da9cb37a68e50 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSID0AB.tmp-\srptc.dll"
sh=FF95C96208846B91F6619631E777FFF8777B7A0D ft=1 fh=b1c966448c589b19 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIF2DE.tmp-\sppsm.dll"
sh=8AC143E18CA87AC3636DE55EF8A2ECF864F31B82 ft=1 fh=ea5e0724d0589487 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIF2DE.tmp-\spusm.dll"
sh=632AEB772CAA56339B2BC42D8AC04C4A72764C1B ft=1 fh=4f1da9cb37a68e50 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIF2DE.tmp-\srptc.dll"
sh=0AE9EA41E2AD96BCEB05E511DD7E695B48136BE2 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="D:\Alter Desktop\Neue Downloads\AshampooHDDControl.zip"
sh=B9B71BF20BA1D5022912742CFA6EA8D7C9CE287F ft=1 fh=66385cb37e7cb8e4 vn="Win32/SpeedUpMyPC evtl. unerwünschte Anwendung" ac=I fn="D:\Alter Desktop\Neue Downloads\speedupmypc3plc.exe"
sh=B7BECAA1CACF89F71DDD304D3E0B14634B1E7F5D ft=1 fh=7d3d3f1ae5a78194 vn="Variante von Win32/Complitly.A evtl. unerwünschte Anwendung" ac=I fn="D:\Alter Desktop\Neue Downloads\SplitCamSetup.exe"
sh=49D80ECE7BF819F5D083F79399A0E69D83105BD7 ft=1 fh=c59d9e502dc3d860 vn="Win32/Packed.RBCrypt.A.Gen evtl. unerwünschte Anwendung" ac=I fn="D:\Desktop\DownloadProgs\speedupmypc.exe"
sh=0AE9EA41E2AD96BCEB05E511DD7E695B48136BE2 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="D:\Desktop\Neue Downloads\AshampooHDDControl.zip"
sh=B9B71BF20BA1D5022912742CFA6EA8D7C9CE287F ft=1 fh=66385cb37e7cb8e4 vn="Win32/SpeedUpMyPC evtl. unerwünschte Anwendung" ac=I fn="D:\Desktop\Neue Downloads\speedupmypc3plc.exe"
sh=B7BECAA1CACF89F71DDD304D3E0B14634B1E7F5D ft=1 fh=7d3d3f1ae5a78194 vn="Variante von Win32/Complitly.A evtl. unerwünschte Anwendung" ac=I fn="D:\Desktop\Neue Downloads\SplitCamSetup.exe"
sh=AA606E0EE83AA299FD2D99A7085E225206691D67 ft=1 fh=276565e90e0d493e vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="D:\Downloads\CloneDVD - CHIP-Installer(1).exe"
sh=AA606E0EE83AA299FD2D99A7085E225206691D67 ft=1 fh=276565e90e0d493e vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="D:\Downloads\CloneDVD - CHIP-Installer.exe"
sh=3B0C13A5C9DFEBE86D2D292F5D00A83A39384977 ft=1 fh=f70fea660f21f83e vn="Variante von Win32/InstallCore.QH evtl. unerwünschte Anwendung" ac=I fn="D:\Downloads\clonedvd_setup.exe"
sh=4CCF079145B405C5C3372132095409AC1ECC7D6A ft=1 fh=ed69c0f9d7233077 vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="D:\Downloads\FotoMorphV135Setup.exe"
sh=EAE2784C9115FE9CFA44A116B74E72C1BCCFA7F6 ft=1 fh=2e79e77116fe19c4 vn="Win32/DownWare.L evtl. unerwünschte Anwendung" ac=I fn="D:\Downloads\MyPhoneExplorer_1.8.5.exe"
sh=A26F29FBECF28BF5673D8AFBDAEEE21581A323AF ft=1 fh=2e7b0a7dfa885ec8 vn="Variante von Win32/WinloadSDA.D evtl. unerwünschte Anwendung" ac=I fn="D:\Downloads\Roomle-lnstall.exe"
sh=4B2BBA40EB768132CC25820A9D3E22B9BF9BA8EE ft=1 fh=4fe6842b64ac6e92 vn="Variante von Win32/Toolbar.Babylon evtl. unerwünschte Anwendung" ac=I fn="D:\Downloads\Unlocker1.9.1-x64.exe"
sh=55924E7ED2192B0D6CADFA327BF9271833A18F53 ft=1 fh=4782206cfd22ffc6 vn="Variante von Win32/ExpressFiles evtl. unerwünschte Anwendung" ac=I fn="D:\Downloads\WISO_-_Steuer_Sparbuch_(2012)_German_-_RESTORE_downloader(1).exe"
sh=55924E7ED2192B0D6CADFA327BF9271833A18F53 ft=1 fh=4782206cfd22ffc6 vn="Variante von Win32/ExpressFiles evtl. unerwünschte Anwendung" ac=I fn="D:\Downloads\WISO_-_Steuer_Sparbuch_(2012)_German_-_RESTORE_downloader.exe"
sh=55924E7ED2192B0D6CADFA327BF9271833A18F53 ft=1 fh=4782206cfd22ffc6 vn="Variante von Win32/ExpressFiles evtl. unerwünschte Anwendung" ac=I fn="D:\Downloads\WISO_Steuer-Sparbuch_2012_key.rar_downloader.exe"
sh=C95708F43A748061D4C31D39204F5D2FAAE9410D ft=1 fh=4d6416c07f3bf995 vn="Variante von Win32/Toolbar.Conduit.AI evtl. unerwünschte Anwendung" ac=I fn="D:\Installationsdateien\Isobuster\isobuster_3_0.exe"
sh=49D80ECE7BF819F5D083F79399A0E69D83105BD7 ft=1 fh=c59d9e502dc3d860 vn="Win32/Packed.RBCrypt.A.Gen evtl. unerwünschte Anwendung" ac=I fn="D:\Kopien vom alten PC\Desktop\DownloadProgs\speedupmypc.exe"
sh=0AE9EA41E2AD96BCEB05E511DD7E695B48136BE2 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="D:\Kopien vom alten PC\Desktop\Neue Downloads\AshampooHDDControl.zip"
sh=B9B71BF20BA1D5022912742CFA6EA8D7C9CE287F ft=1 fh=66385cb37e7cb8e4 vn="Win32/SpeedUpMyPC evtl. unerwünschte Anwendung" ac=I fn="D:\Kopien vom alten PC\Desktop\Neue Downloads\speedupmypc3plc.exe"
sh=B7BECAA1CACF89F71DDD304D3E0B14634B1E7F5D ft=1 fh=7d3d3f1ae5a78194 vn="Variante von Win32/Complitly.A evtl. unerwünschte Anwendung" ac=I fn="D:\Kopien vom alten PC\Desktop\Neue Downloads\SplitCamSetup.exe"
sh=0AE9EA41E2AD96BCEB05E511DD7E695B48136BE2 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="D:\WiederhDateien\Backup von Laufwerk C (Systempartition)\Dokumente und Einstellungen\Ulli\Desktop\Neue Downloads\AshampooHDDControl.zip"
sh=B9B71BF20BA1D5022912742CFA6EA8D7C9CE287F ft=1 fh=66385cb37e7cb8e4 vn="Win32/SpeedUpMyPC evtl. unerwünschte Anwendung" ac=I fn="D:\WiederhDateien\Backup von Laufwerk C (Systempartition)\Dokumente und Einstellungen\Ulli\Desktop\Neue Downloads\speedupmypc3plc.exe"
sh=B7BECAA1CACF89F71DDD304D3E0B14634B1E7F5D ft=1 fh=7d3d3f1ae5a78194 vn="Variante von Win32/Complitly.A evtl. unerwünschte Anwendung" ac=I fn="D:\WiederhDateien\Backup von Laufwerk C (Systempartition)\Dokumente und Einstellungen\Ulli\Desktop\Neue Downloads\SplitCamSetup.exe"
sh=0AE9EA41E2AD96BCEB05E511DD7E695B48136BE2 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="D:\WiederhDateien\RECYCLER\S-1-5-21-1993962763-73586283-682003330-1003\Dq250.zip"
sh=09AC657AE1D90670C88F2C82E129FA0F033678AF ft=1 fh=631af8457d724515 vn="möglicherweise Variante von Win32/RegistryBooster evtl. unerwünschte Anwendung" ac=I fn="E:\Dokumente und Einstellungen\NetworkService\Desktop\registryboosterplc.exe"
sh=72AACB5CBE1EA3C5E840328AD5B2AA94C84A0BB3 ft=1 fh=befdcc7f7bcda9e1 vn="Variante von Win32/Complitly.A evtl. unerwünschte Anwendung" ac=I fn="E:\Dokumente und Einstellungen\Ulli\Anwendungsdaten\Complitly\Complitly.dll"
sh=BDA4DB3CFDD7DE96B8849AD359E6C4E923AC3FA1 ft=1 fh=023ae1576bd08ac0 vn="Variante von Win32/PredictAd.A evtl. unerwünschte Anwendung" ac=I fn="E:\Dokumente und Einstellungen\Ulli\Anwendungsdaten\Complitly\KeepMeUpdated.exe"
sh=5F67FACD80A1F30131C646D654A22C0FDD4AC199 ft=1 fh=53ae952779ee63e7 vn="Variante von Win64/Complitly.A evtl. unerwünschte Anwendung" ac=I fn="E:\Dokumente und Einstellungen\Ulli\Anwendungsdaten\Complitly\64\Complitly64.dll"
sh=BDA4DB3CFDD7DE96B8849AD359E6C4E923AC3FA1 ft=1 fh=023ae1576bd08ac0 vn="Variante von Win32/PredictAd.A evtl. unerwünschte Anwendung" ac=I fn="E:\Dokumente und Einstellungen\Ulli\Anwendungsdaten\Complitly\64\KeepMeUpdated.exe"
sh=D1CD08147E2692346B074EC4F61A2D381781F5BA ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H Anwendung" ac=I fn="E:\Dokumente und Einstellungen\Ulli\Anwendungsdaten\Mozilla\Firefox\Profiles\4wmsmpgs.default\extensions\50c4c4666df27@50c4c4666df60.com\content\bg.js"
sh=49D80ECE7BF819F5D083F79399A0E69D83105BD7 ft=1 fh=c59d9e502dc3d860 vn="Win32/Packed.RBCrypt.A.Gen evtl. unerwünschte Anwendung" ac=I fn="E:\Dokumente und Einstellungen\Ulli\Desktop\DownloadProgs\speedupmypc.exe"
sh=0AE9EA41E2AD96BCEB05E511DD7E695B48136BE2 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="E:\Dokumente und Einstellungen\Ulli\Desktop\Neue Downloads\AshampooHDDControl.zip"
sh=B9B71BF20BA1D5022912742CFA6EA8D7C9CE287F ft=1 fh=66385cb37e7cb8e4 vn="Win32/SpeedUpMyPC evtl. unerwünschte Anwendung" ac=I fn="E:\Dokumente und Einstellungen\Ulli\Desktop\Neue Downloads\speedupmypc3plc.exe"
sh=B7BECAA1CACF89F71DDD304D3E0B14634B1E7F5D ft=1 fh=7d3d3f1ae5a78194 vn="Variante von Win32/Complitly.A evtl. unerwünschte Anwendung" ac=I fn="E:\Dokumente und Einstellungen\Ulli\Desktop\Neue Downloads\SplitCamSetup.exe"
sh=4CCF079145B405C5C3372132095409AC1ECC7D6A ft=1 fh=ed69c0f9d7233077 vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="E:\Dokumente und Einstellungen\Ulli\Eigene Dateien\Downloads\FotoMorphV135Setup.exe"
sh=55924E7ED2192B0D6CADFA327BF9271833A18F53 ft=1 fh=4782206cfd22ffc6 vn="Variante von Win32/ExpressFiles evtl. unerwünschte Anwendung" ac=I fn="E:\Dokumente und Einstellungen\Ulli\Eigene Dateien\Downloads\WISO_-_Steuer_Sparbuch_(2012)_German_-_RESTORE_downloader(1).exe"
sh=55924E7ED2192B0D6CADFA327BF9271833A18F53 ft=1 fh=4782206cfd22ffc6 vn="Variante von Win32/ExpressFiles evtl. unerwünschte Anwendung" ac=I fn="E:\Dokumente und Einstellungen\Ulli\Eigene Dateien\Downloads\WISO_-_Steuer_Sparbuch_(2012)_German_-_RESTORE_downloader.exe"
sh=55924E7ED2192B0D6CADFA327BF9271833A18F53 ft=1 fh=4782206cfd22ffc6 vn="Variante von Win32/ExpressFiles evtl. unerwünschte Anwendung" ac=I fn="E:\Dokumente und Einstellungen\Ulli\Eigene Dateien\Downloads\WISO_Steuer-Sparbuch_2012_key.rar_downloader.exe"
sh=95ADC7925C2BB20FACE637E7031972F8E208FA33 ft=0 fh=0000000000000000 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="E:\Dokumente und Einstellungen\Ulli\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx"
sh=9F9CF6762E257F68F6623E8B86E62819BB182C87 ft=0 fh=0000000000000000 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="E:\Dokumente und Einstellungen\Ulli\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetNT.crx"
sh=C8F1E3F28152C6C010B7AE8FA4D167E3C388FF0C ft=1 fh=84ff0b58ed098a1d vn="Win32/SweetIM.K evtl. unerwünschte Anwendung" ac=I fn="E:\Dokumente und Einstellungen\Ulli\Lokale Einstellungen\Temp\SQLite.dll"
sh=A4E24DFFCCC72CA7B2C3FE9B877F2457C1589E11 ft=1 fh=b1a504eead178409 vn="Variante von Win32/Adware.MediaFinder.F Anwendung" ac=I fn="E:\Dokumente und Einstellungen\Ulli\Lokale Einstellungen\Temp\is-9H0ET.tmp\setup.exe"
sh=C95708F43A748061D4C31D39204F5D2FAAE9410D ft=1 fh=4d6416c07f3bf995 vn="Variante von Win32/Toolbar.Conduit.AI evtl. unerwünschte Anwendung" ac=I fn="E:\InstDateien\isobuster_3_0.exe"
sh=CDB3A628DD9BAA576BDEF1EF2F395981B840FAD9 ft=1 fh=bd8b1791f7fad6a8 vn="Variante von Win32/YourFileDownloader.B evtl. unerwünschte Anwendung" ac=I fn="E:\InstDateien\langmeier_backup_8_keygen_downloader_98926.exe"
sh=1C62DBC19CAB3426AFB3501937FEF8AEFBEA6965 ft=1 fh=15c6f082d0e01d1e vn="Variante von Win32/YourFileDownloader.B evtl. unerwünschte Anwendung" ac=I fn="E:\InstDateien\Langmeier_Backup_v5.5.66_Multilanguage_With_SERIAL_downloader_99076.exe"
sh=CEFF33B379AD83E6CC7F6274934F01A412CB4746 ft=1 fh=7e6d0b116b69b319 vn="Variante von Win32/YourFileDownloader.B evtl. unerwünschte Anwendung" ac=I fn="E:\Programme\GoforFiles\GFFUpdater.exe"
sh=1255A0CF5936F3CD1CB3A88E872313A580C29E5A ft=1 fh=c6366e79d812c709 vn="Variante von Win32/YourFileDownloader.B evtl. unerwünschte Anwendung" ac=I fn="E:\Programme\GoforFiles\GoforFiles.exe"
sh=D0DAAD284010367245707B24344DF4C7D0C4B54F ft=1 fh=08d6526be6be5c15 vn="Win32/YourFileDownloader.B evtl. unerwünschte Anwendung" ac=I fn="E:\Programme\GoforFiles\goforfilesdl.exe"
sh=CDB3A628DD9BAA576BDEF1EF2F395981B840FAD9 ft=1 fh=bd8b1791f7fad6a8 vn="Variante von Win32/YourFileDownloader.B evtl. unerwünschte Anwendung" ac=I fn="E:\Programme\GoforFiles\uninstall.exe"
sh=D9CB66BC174AA8C14FA392C881FCA6316EE53EA6 ft=1 fh=4c00abfccb0215a7 vn="Win32/SProtector evtl. unerwünschte Anwendung" ac=I fn="E:\Programme\MocaFlix\sprotector.dll"
sh=59DC9A6B17BDE3CC0971673601333FEFA7D941B2 ft=1 fh=4d7eeed822e99db1 vn="Variante von Win32/SProtector.B evtl. unerwünschte Anwendung" ac=I fn="E:\Programme\MocaFlix\uninstall.exe"
sh=23B3E5F508EB6FC76D67A873A5AAC2D34C3CE5E1 ft=1 fh=b86fe1495473b541 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="E:\Programme\SweetIM\Communicator\mgcommon.dll"
sh=7DB65607A18C67C0C8C0310E0FF23A202AB3F070 ft=1 fh=9f565fd3b0ad3b83 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="E:\Programme\SweetIM\Communicator\mgcommunication.dll"
sh=3176C30E3A30990C42C968951B6BB2ADFD0B1C00 ft=1 fh=12a0591694d39321 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="E:\Programme\SweetIM\Communicator\mgsimcommon.dll"
sh=08647AB20AED7B8385931FDF5B4A48165131A061 ft=1 fh=b4c21070436958b0 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="E:\Programme\SweetIM\Communicator\mgxml_wrapper.dll"
sh=C6A9FB024D614702667E0768E0B673BA3A31F504 ft=1 fh=aa62bac49704426f vn="Variante von Win32/SweetIM.F evtl. unerwünschte Anwendung" ac=I fn="E:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe"
sh=C8F1E3F28152C6C010B7AE8FA4D167E3C388FF0C ft=1 fh=84ff0b58ed098a1d vn="Win32/SweetIM.K evtl. unerwünschte Anwendung" ac=I fn="E:\Programme\SweetIM\Communicator\resources\sqlite\mgSqlite3.dll"
sh=D09F832544B921CD7C61A7DB193F29EF6638AD88 ft=1 fh=58a116a27a6d5dbb vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="E:\Programme\SweetIM\Messenger\ContentPackagesActivationHandler.exe"
sh=C6E3F8034D197C34D61701AC146694B6DBEC36CD ft=1 fh=7f9fa2fc68c7b7f4 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="E:\Programme\SweetIM\Messenger\mgAdaptersProxy.dll"
sh=FC883B83DA2A9ED93AC2A4CEC9936268A6B264C2 ft=1 fh=80a06d85550fdea2 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="E:\Programme\SweetIM\Messenger\mgArchive.dll"
sh=F3001B5F58A6C6AB8DD7E6E63CB89D20F74EF228 ft=1 fh=f50ea5fcbc656251 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="E:\Programme\SweetIM\Messenger\mgcommon.dll"
sh=2CF3C9FBCBEBAA6D75DE43CCC487D62954538F81 ft=1 fh=446d6a4df1e456fa vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="E:\Programme\SweetIM\Messenger\mgcommunication.dll"
sh=60FCD298549E0383DFACBE66420DC922D6BAAF84 ft=1 fh=73f28a50980afe65 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="E:\Programme\SweetIM\Messenger\mgconfig.dll"
sh=531A5D492B39076AA7990DD76F41B762258B86A7 ft=1 fh=a45064434f491236 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="E:\Programme\SweetIM\Messenger\mgFlashPlayer.dll"
sh=AE57E26160449200540B1FD8E839F1BD5A30327A ft=1 fh=c29c62a52f555ace vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="E:\Programme\SweetIM\Messenger\mghooking.dll"
sh=B6E78443D25AF8B978DC24D515DF7B2F673629CC ft=1 fh=ece232c764d65d89 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="E:\Programme\SweetIM\Messenger\mgICQAuto.dll"
sh=42B14A7D72C6EDAF5140A2C7B95149B92473853C ft=1 fh=6f2c94e91302d1a2 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="E:\Programme\SweetIM\Messenger\mgICQMessengerAdapter.dll"
sh=B28C9BCA89A124EBD2EAAF5073370E7E0E87DB4E ft=1 fh=c56c5ff3b0e7703d vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="E:\Programme\SweetIM\Messenger\mglogger.dll"
sh=87FF2D9A36B50B5A7DF4D08F87B92BEA86D7DAB7 ft=1 fh=71dc135578fffed6 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="E:\Programme\SweetIM\Messenger\mgMediaPlayer.dll"
sh=C86CF9524D11A2392A491EA15ED12D2CA890F249 ft=1 fh=ae21d71fff630a17 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="E:\Programme\SweetIM\Messenger\mgMsnAuto.dll"
sh=055E7A147AB9DCB141FDF58A0D3CCD825AE8B361 ft=1 fh=ac8cec2f7886b930 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="E:\Programme\SweetIM\Messenger\mgMsnMessengerAdapter.dll"
sh=73987118D6F1799B0B29DB00BF7248B20347BB46 ft=1 fh=d25a2527398bc729 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="E:\Programme\SweetIM\Messenger\mgsimcommon.dll"
sh=C786E62AB09C10B6277F3E9CFC34207FE56E1FFA ft=1 fh=6c27d70c5686a2b1 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="E:\Programme\SweetIM\Messenger\mgSweetIM.dll"
sh=07695C8842935A01310F52C83BAB364950419841 ft=1 fh=e250219d9f9cd5af vn="Variante von Win32/SweetIM.F evtl. unerwünschte Anwendung" ac=I fn="E:\Programme\SweetIM\Messenger\mgUpdateSupport.dll"
sh=093FB06E67DB8C5562A823E389853340405B8724 ft=1 fh=1b5e6676818f2ad9 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="E:\Programme\SweetIM\Messenger\mgxml_wrapper.dll"
sh=A679EB39BB32DD88C09E150B0E5F7BAED12467A6 ft=1 fh=0ba701bbd4ac4b73 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="E:\Programme\SweetIM\Messenger\mgYahooAuto.dll"
sh=9B45902B8B791A84EC6F7D1AD2E8099410D1A467 ft=1 fh=3191d44e293b78d5 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="E:\Programme\SweetIM\Messenger\mgYahooMessengerAdapter.dll"
sh=AE3254BDF03A347110068EF29CB15C7B554491F0 ft=1 fh=30381f993c8268c2 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="E:\Programme\SweetIM\Messenger\SweetIM.exe"
sh=C8F1E3F28152C6C010B7AE8FA4D167E3C388FF0C ft=1 fh=84ff0b58ed098a1d vn="Win32/SweetIM.K evtl. unerwünschte Anwendung" ac=I fn="E:\Programme\SweetIM\Messenger\resources\sqlite\mgSqlite3.dll"
sh=106F591B2BD500597B72796DE6CF1882C4F19F0A ft=1 fh=4ffdf32f906db695 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="E:\Programme\SweetIM\Toolbars\Internet Explorer\ClearHist.exe"
sh=A50D4E8729EC3B275F6AFD9EE573E2A28546F01D ft=1 fh=b0987145db4c1583 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="E:\Programme\SweetIM\Toolbars\Internet Explorer\mgcommon.dll"
sh=851CA33721CF5E710133B4D36EAF921ACEB4CD50 ft=1 fh=15365fabb2edd5be vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="E:\Programme\SweetIM\Toolbars\Internet Explorer\mgconfig.dll"
sh=8B5C441500E865FC80A55583FC68036FAF7DAD06 ft=1 fh=c81a85374d8cfdb7 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="E:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll"
sh=95581618E0DAA5F92543B429C7EB383C6D63B3AE ft=1 fh=0132ebbe85145cfb vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="E:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe"
sh=41C2EC5BB47E9A40E309ABAA048BA1F742E43574 ft=1 fh=f7ee8c0d578659e0 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="E:\Programme\SweetIM\Toolbars\Internet Explorer\mghooking.dll"
sh=E32CD33BD92D0676F8F81103174AF5E4E9E3F38E ft=1 fh=0e4e3ab2b3f109e4 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="E:\Programme\SweetIM\Toolbars\Internet Explorer\mglogger.dll"
sh=F5348CC7962B088ACCCD2F67138D43FB88DF67F2 ft=1 fh=5a321158315b5fe9 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="E:\Programme\SweetIM\Toolbars\Internet Explorer\mgsimcommon.dll"
sh=26B6B3788EF0A2A83A43DFE5E13F51B3E491A6F4 ft=1 fh=073310618d11024b vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="E:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll"
sh=10B68A9C897C5854EA80624B01EE8BECF7017F01 ft=1 fh=6858221c6d206eb6 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="E:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll"
sh=B0C53EBE6A8C5B9B987F00F739D032767B291118 ft=1 fh=a07a814e5747bf62 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="E:\Programme\SweetIM\Toolbars\Internet Explorer\mgxml_wrapper.dll"
sh=DD5F1EB9CA21181B7488CED180278ACAFD709E9C ft=1 fh=01d93b8aecedd5de vn="Win32/Adware.1ClickDownload.J Anwendung" ac=I fn="E:\Programme\TornTV.com\uninst.exe"
sh=942AF8F9E1C0BA1F45D1BC51B7B1055B166CD9B4 ft=0 fh=0000000000000000 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="E:\WINDOWS\Installer\811263.msi"
sh=23F490BBC722117DC66A9BDD9FAF023A5940CA4E ft=0 fh=0000000000000000 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="E:\WINDOWS\Installer\81126c.msi"
sh=37F76A06FD7EA7A75813973BF507FC1103AE793D ft=0 fh=0000000000000000 vn="Variante von Win32/SweetIM.F evtl. unerwünschte Anwendung" ac=I fn="E:\WINDOWS\Installer\811275.msi"
sh=028DAC34C56611A4C148898327A5282D83735434 ft=1 fh=8786df26201275fb vn="Mehrere Bedrohungen" ac=I fn="E:\WINDOWS\Temp\RegistryOptimizer.exe"
sh=0AE9EA41E2AD96BCEB05E511DD7E695B48136BE2 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="O:\Backup von Laufwerk D (Win7)\Alter Desktop\Neue Downloads\AshampooHDDControl.zip"
sh=B9B71BF20BA1D5022912742CFA6EA8D7C9CE287F ft=1 fh=66385cb37e7cb8e4 vn="Win32/SpeedUpMyPC evtl. unerwünschte Anwendung" ac=I fn="O:\Backup von Laufwerk D (Win7)\Alter Desktop\Neue Downloads\speedupmypc3plc.exe"
sh=B7BECAA1CACF89F71DDD304D3E0B14634B1E7F5D ft=1 fh=7d3d3f1ae5a78194 vn="Variante von Win32/Complitly.A evtl. unerwünschte Anwendung" ac=I fn="O:\Backup von Laufwerk D (Win7)\Alter Desktop\Neue Downloads\SplitCamSetup.exe"
sh=49D80ECE7BF819F5D083F79399A0E69D83105BD7 ft=1 fh=c59d9e502dc3d860 vn="Win32/Packed.RBCrypt.A.Gen evtl. unerwünschte Anwendung" ac=I fn="O:\Backup von Laufwerk D (Win7)\Desktop\DownloadProgs\speedupmypc.exe"
sh=0AE9EA41E2AD96BCEB05E511DD7E695B48136BE2 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="O:\Backup von Laufwerk D (Win7)\Desktop\Neue Downloads\AshampooHDDControl.zip"
sh=B9B71BF20BA1D5022912742CFA6EA8D7C9CE287F ft=1 fh=66385cb37e7cb8e4 vn="Win32/SpeedUpMyPC evtl. unerwünschte Anwendung" ac=I fn="O:\Backup von Laufwerk D (Win7)\Desktop\Neue Downloads\speedupmypc3plc.exe"
sh=B7BECAA1CACF89F71DDD304D3E0B14634B1E7F5D ft=1 fh=7d3d3f1ae5a78194 vn="Variante von Win32/Complitly.A evtl. unerwünschte Anwendung" ac=I fn="O:\Backup von Laufwerk D (Win7)\Desktop\Neue Downloads\SplitCamSetup.exe"
sh=4CCF079145B405C5C3372132095409AC1ECC7D6A ft=1 fh=ed69c0f9d7233077 vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="O:\Backup von Laufwerk D (Win7)\Downloads\FotoMorphV135Setup.exe"
sh=4B2BBA40EB768132CC25820A9D3E22B9BF9BA8EE ft=1 fh=4fe6842b64ac6e92 vn="Variante von Win32/Toolbar.Babylon evtl. unerwünschte Anwendung" ac=I fn="O:\Backup von Laufwerk D (Win7)\Downloads\Unlocker1.9.1-x64.exe"
sh=55924E7ED2192B0D6CADFA327BF9271833A18F53 ft=1 fh=4782206cfd22ffc6 vn="Variante von Win32/ExpressFiles evtl. unerwünschte Anwendung" ac=I fn="O:\Backup von Laufwerk D (Win7)\Downloads\WISO_-_Steuer_Sparbuch_(2012)_German_-_RESTORE_downloader(1).exe"
sh=55924E7ED2192B0D6CADFA327BF9271833A18F53 ft=1 fh=4782206cfd22ffc6 vn="Variante von Win32/ExpressFiles evtl. unerwünschte Anwendung" ac=I fn="O:\Backup von Laufwerk D (Win7)\Downloads\WISO_-_Steuer_Sparbuch_(2012)_German_-_RESTORE_downloader.exe"
sh=55924E7ED2192B0D6CADFA327BF9271833A18F53 ft=1 fh=4782206cfd22ffc6 vn="Variante von Win32/ExpressFiles evtl. unerwünschte Anwendung" ac=I fn="O:\Backup von Laufwerk D (Win7)\Downloads\WISO_Steuer-Sparbuch_2012_key.rar_downloader.exe"
sh=012DC4C376160B008FBBC343761D5C2E33F18749 ft=1 fh=82815bf16dafdffa vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="O:\Backup von Laufwerk D (Win7)\Installationsdateien\CCleaner\CCleaner 3.22.1800.exe"
sh=FF43DAAA081B878137436D6D4C6E4D7CA8CEC43C ft=1 fh=812c65ec176c0578 vn="Variante von Win32/ExpressFiles.B evtl. unerwünschte Anwendung" ac=I fn="O:\Backup von Laufwerk D (Win7)\Installationsdateien\Haushaltsbuch\aquamarin_haushaltsbuch_downloader_de_133(1).exe"
sh=FF43DAAA081B878137436D6D4C6E4D7CA8CEC43C ft=1 fh=812c65ec176c0578 vn="Variante von Win32/ExpressFiles.B evtl. unerwünschte Anwendung" ac=I fn="O:\Backup von Laufwerk D (Win7)\Installationsdateien\Haushaltsbuch\aquamarin_haushaltsbuch_downloader_de_133.exe"
sh=C95708F43A748061D4C31D39204F5D2FAAE9410D ft=1 fh=4d6416c07f3bf995 vn="Variante von Win32/Toolbar.Conduit.AI evtl. unerwünschte Anwendung" ac=I fn="O:\Backup von Laufwerk D (Win7)\Installationsdateien\Isobuster\isobuster_3_0.exe"
sh=4CE33DC87C3C7200445021154F8A5C1C91BF2F6D ft=1 fh=41bc0c198fdb1558 vn="Mehrere Bedrohungen" ac=I fn="O:\Backup von Laufwerk D (Win7)\Installationsdateien\PhElements11\Adobe_Photoshop_Elements_11.0_Multilingual_ChingLiu(1).exe"
sh=313A5B69F676BFA3000056701449C8272B6B7E98 ft=1 fh=6e09ea932032a7b7 vn="Mehrere Bedrohungen" ac=I fn="O:\Backup von Laufwerk D (Win7)\Installationsdateien\PhElements11\Adobe_Photoshop_Elements_11.0_Multilingual_ChingLiu(2).exe"
sh=313A5B69F676BFA3000056701449C8272B6B7E98 ft=1 fh=6e09ea932032a7b7 vn="Mehrere Bedrohungen" ac=I fn="O:\Backup von Laufwerk D (Win7)\Installationsdateien\PhElements11\Adobe_Photoshop_Elements_11.0_Multilingual_ChingLiu.exe"
sh=49D80ECE7BF819F5D083F79399A0E69D83105BD7 ft=1 fh=c59d9e502dc3d860 vn="Win32/Packed.RBCrypt.A.Gen evtl. unerwünschte Anwendung" ac=I fn="O:\Backup von Laufwerk D (Win7)\Kopien vom alten PC\Desktop\DownloadProgs\speedupmypc.exe"
sh=0AE9EA41E2AD96BCEB05E511DD7E695B48136BE2 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="O:\Backup von Laufwerk D (Win7)\Kopien vom alten PC\Desktop\Neue Downloads\AshampooHDDControl.zip"
sh=B9B71BF20BA1D5022912742CFA6EA8D7C9CE287F ft=1 fh=66385cb37e7cb8e4 vn="Win32/SpeedUpMyPC evtl. unerwünschte Anwendung" ac=I fn="O:\Backup von Laufwerk D (Win7)\Kopien vom alten PC\Desktop\Neue Downloads\speedupmypc3plc.exe"
sh=B7BECAA1CACF89F71DDD304D3E0B14634B1E7F5D ft=1 fh=7d3d3f1ae5a78194 vn="Variante von Win32/Complitly.A evtl. unerwünschte Anwendung" ac=I fn="O:\Backup von Laufwerk D (Win7)\Kopien vom alten PC\Desktop\Neue Downloads\SplitCamSetup.exe"
sh=B95ADB6C2819C54241FAFC5959612F70643302C1 ft=0 fh=0000000000000000 vn="Win32/bProtector.E evtl. unerwünschte Anwendung" ac=I fn="O:\Backup von Laufwerk D (Win7)\UB-PC\Backup Set 2013-03-02 141453\Backup Files 2013-03-02 141453\Backup files 1.zip"
sh=0AE9EA41E2AD96BCEB05E511DD7E695B48136BE2 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="O:\Backup von Laufwerk D (Win7)\WiederhDateien\Backup von Laufwerk C (Systempartition)\Dokumente und Einstellungen\Ulli\Desktop\Neue Downloads\AshampooHDDControl.zip"
sh=B9B71BF20BA1D5022912742CFA6EA8D7C9CE287F ft=1 fh=66385cb37e7cb8e4 vn="Win32/SpeedUpMyPC evtl. unerwünschte Anwendung" ac=I fn="O:\Backup von Laufwerk D (Win7)\WiederhDateien\Backup von Laufwerk C (Systempartition)\Dokumente und Einstellungen\Ulli\Desktop\Neue Downloads\speedupmypc3plc.exe"
sh=B7BECAA1CACF89F71DDD304D3E0B14634B1E7F5D ft=1 fh=7d3d3f1ae5a78194 vn="Variante von Win32/Complitly.A evtl. unerwünschte Anwendung" ac=I fn="O:\Backup von Laufwerk D (Win7)\WiederhDateien\Backup von Laufwerk C (Systempartition)\Dokumente und Einstellungen\Ulli\Desktop\Neue Downloads\SplitCamSetup.exe"
sh=0AE9EA41E2AD96BCEB05E511DD7E695B48136BE2 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="O:\Backup von Laufwerk D (Win7)\WiederhDateien\RECYCLER\S-1-5-21-1993962763-73586283-682003330-1003\Dq250.zip"
sh=09AC657AE1D90670C88F2C82E129FA0F033678AF ft=1 fh=631af8457d724515 vn="möglicherweise Variante von Win32/RegistryBooster evtl. unerwünschte Anwendung" ac=I fn="P:\BackupPersonal\LwK\BACKUP von WinXP-Daten\LwC\Dokumente und Einstellungen\Ulli\Desktop\registryboosterplc.exe"
sh=0C73CCC63EC56232CA1EF6BF8573B3A9AB323052 ft=1 fh=d014c1be8c7ac6c1 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="P:\BackupPersonal\LwK\BACKUP von WinXP-Daten\LwC\Programme\ConduitEngine\ConduitEngine.dll"
sh=BA6C6840226B65FEDEE212EA4CDF0DFF3CD70DEE ft=1 fh=b3f31d088a5ec434 vn="Win32/Adware.ADON evtl. unerwünschte Anwendung" ac=I fn="P:\BackupPersonal\LwK\BACKUP von WinXP-Daten\LwC\Programme\Unlocker\eBay_shortcuts_1016.exe"
sh=0C73CCC63EC56232CA1EF6BF8573B3A9AB323052 ft=1 fh=d014c1be8c7ac6c1 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="P:\BackupPersonal\LwK\BACKUP von WinXP-Daten\LwC\Programme\Winload\tbWin0.dll"
sh=98E58E66E0169C373CE32C96DC0D8DE5CEA860F9 ft=0 fh=0000000000000000 vn="INF/Autorun.gen Wurm" ac=I fn="P:\BackupPersonal\LwK\BACKUP von WinXP-Daten\LwJ\autorun.inf"
sh=C5E59E3B7F722A2BCD2F13FA9541CBB749389CBD ft=0 fh=0000000000000000 vn="Variante von Win32/RegPatch.A evtl. unerwünschte Anwendung" ac=I fn="P:\Sicherheitskopien\I-Backup_von_WinXP-Daten\BACKUP von WinXP-Daten\Ulli\Eigene Dateien\Firefox\Profiles\default.uvq\Cache\4C2AB1A0d01"
sh=C5E59E3B7F722A2BCD2F13FA9541CBB749389CBD ft=0 fh=0000000000000000 vn="Variante von Win32/RegPatch.A evtl. unerwünschte Anwendung" ac=I fn="P:\Sicherheitskopien\J-Video\Sich-LW\Dokumente und Einstellungen\Ulli\Eigene Dateien\Firefox\Profiles\default.uvq\Cache\4C2AB1A0d01"
sh=0AE9EA41E2AD96BCEB05E511DD7E695B48136BE2 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="Q:\Backup von Laufwerk D (Win7)\Alter Desktop\Neue Downloads\AshampooHDDControl.zip"
sh=B9B71BF20BA1D5022912742CFA6EA8D7C9CE287F ft=1 fh=66385cb37e7cb8e4 vn="Win32/SpeedUpMyPC evtl. unerwünschte Anwendung" ac=I fn="Q:\Backup von Laufwerk D (Win7)\Alter Desktop\Neue Downloads\speedupmypc3plc.exe"
sh=B7BECAA1CACF89F71DDD304D3E0B14634B1E7F5D ft=1 fh=7d3d3f1ae5a78194 vn="Variante von Win32/Complitly.A evtl. unerwünschte Anwendung" ac=I fn="Q:\Backup von Laufwerk D (Win7)\Alter Desktop\Neue Downloads\SplitCamSetup.exe"
sh=49D80ECE7BF819F5D083F79399A0E69D83105BD7 ft=1 fh=c59d9e502dc3d860 vn="Win32/Packed.RBCrypt.A.Gen evtl. unerwünschte Anwendung" ac=I fn="Q:\Backup von Laufwerk D (Win7)\Desktop\DownloadProgs\speedupmypc.exe"
sh=0AE9EA41E2AD96BCEB05E511DD7E695B48136BE2 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="Q:\Backup von Laufwerk D (Win7)\Desktop\Neue Downloads\AshampooHDDControl.zip"
sh=B9B71BF20BA1D5022912742CFA6EA8D7C9CE287F ft=1 fh=66385cb37e7cb8e4 vn="Win32/SpeedUpMyPC evtl. unerwünschte Anwendung" ac=I fn="Q:\Backup von Laufwerk D (Win7)\Desktop\Neue Downloads\speedupmypc3plc.exe"
sh=B7BECAA1CACF89F71DDD304D3E0B14634B1E7F5D ft=1 fh=7d3d3f1ae5a78194 vn="Variante von Win32/Complitly.A evtl. unerwünschte Anwendung" ac=I fn="Q:\Backup von Laufwerk D (Win7)\Desktop\Neue Downloads\SplitCamSetup.exe"
sh=4CCF079145B405C5C3372132095409AC1ECC7D6A ft=1 fh=ed69c0f9d7233077 vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="Q:\Backup von Laufwerk D (Win7)\Downloads\FotoMorphV135Setup.exe"
sh=4B2BBA40EB768132CC25820A9D3E22B9BF9BA8EE ft=1 fh=4fe6842b64ac6e92 vn="Variante von Win32/Toolbar.Babylon evtl. unerwünschte Anwendung" ac=I fn="Q:\Backup von Laufwerk D (Win7)\Downloads\Unlocker1.9.1-x64.exe"
sh=55924E7ED2192B0D6CADFA327BF9271833A18F53 ft=1 fh=4782206cfd22ffc6 vn="Variante von Win32/ExpressFiles evtl. unerwünschte Anwendung" ac=I fn="Q:\Backup von Laufwerk D (Win7)\Downloads\WISO_-_Steuer_Sparbuch_(2012)_German_-_RESTORE_downloader(1).exe"
sh=55924E7ED2192B0D6CADFA327BF9271833A18F53 ft=1 fh=4782206cfd22ffc6 vn="Variante von Win32/ExpressFiles evtl. unerwünschte Anwendung" ac=I fn="Q:\Backup von Laufwerk D (Win7)\Downloads\WISO_-_Steuer_Sparbuch_(2012)_German_-_RESTORE_downloader.exe"
sh=55924E7ED2192B0D6CADFA327BF9271833A18F53 ft=1 fh=4782206cfd22ffc6 vn="Variante von Win32/ExpressFiles evtl. unerwünschte Anwendung" ac=I fn="Q:\Backup von Laufwerk D (Win7)\Downloads\WISO_Steuer-Sparbuch_2012_key.rar_downloader.exe"
sh=012DC4C376160B008FBBC343761D5C2E33F18749 ft=1 fh=82815bf16dafdffa vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="Q:\Backup von Laufwerk D (Win7)\Installationsdateien\CCleaner\CCleaner 3.22.1800.exe"
sh=FF43DAAA081B878137436D6D4C6E4D7CA8CEC43C ft=1 fh=812c65ec176c0578 vn="Variante von Win32/ExpressFiles.B evtl. unerwünschte Anwendung" ac=I fn="Q:\Backup von Laufwerk D (Win7)\Installationsdateien\Haushaltsbuch\aquamarin_haushaltsbuch_downloader_de_133(1).exe"
sh=FF43DAAA081B878137436D6D4C6E4D7CA8CEC43C ft=1 fh=812c65ec176c0578 vn="Variante von Win32/ExpressFiles.B evtl. unerwünschte Anwendung" ac=I fn="Q:\Backup von Laufwerk D (Win7)\Installationsdateien\Haushaltsbuch\aquamarin_haushaltsbuch_downloader_de_133.exe"
sh=C95708F43A748061D4C31D39204F5D2FAAE9410D ft=1 fh=4d6416c07f3bf995 vn="Variante von Win32/Toolbar.Conduit.AI evtl. unerwünschte Anwendung" ac=I fn="Q:\Backup von Laufwerk D (Win7)\Installationsdateien\Isobuster\isobuster_3_0.exe"
sh=4CE33DC87C3C7200445021154F8A5C1C91BF2F6D ft=1 fh=41bc0c198fdb1558 vn="Mehrere Bedrohungen" ac=I fn="Q:\Backup von Laufwerk D (Win7)\Installationsdateien\PhElements11\Adobe_Photoshop_Elements_11.0_Multilingual_ChingLiu(1).exe"
sh=313A5B69F676BFA3000056701449C8272B6B7E98 ft=1 fh=6e09ea932032a7b7 vn="Mehrere Bedrohungen" ac=I fn="Q:\Backup von Laufwerk D (Win7)\Installationsdateien\PhElements11\Adobe_Photoshop_Elements_11.0_Multilingual_ChingLiu(2).exe"
sh=313A5B69F676BFA3000056701449C8272B6B7E98 ft=1 fh=6e09ea932032a7b7 vn="Mehrere Bedrohungen" ac=I fn="Q:\Backup von Laufwerk D (Win7)\Installationsdateien\PhElements11\Adobe_Photoshop_Elements_11.0_Multilingual_ChingLiu.exe"
sh=49D80ECE7BF819F5D083F79399A0E69D83105BD7 ft=1 fh=c59d9e502dc3d860 vn="Win32/Packed.RBCrypt.A.Gen evtl. unerwünschte Anwendung" ac=I fn="Q:\Backup von Laufwerk D (Win7)\Kopien vom alten PC\Desktop\DownloadProgs\speedupmypc.exe"
sh=0AE9EA41E2AD96BCEB05E511DD7E695B48136BE2 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="Q:\Backup von Laufwerk D (Win7)\Kopien vom alten PC\Desktop\Neue Downloads\AshampooHDDControl.zip"
sh=B9B71BF20BA1D5022912742CFA6EA8D7C9CE287F ft=1 fh=66385cb37e7cb8e4 vn="Win32/SpeedUpMyPC evtl. unerwünschte Anwendung" ac=I fn="Q:\Backup von Laufwerk D (Win7)\Kopien vom alten PC\Desktop\Neue Downloads\speedupmypc3plc.exe"
sh=B7BECAA1CACF89F71DDD304D3E0B14634B1E7F5D ft=1 fh=7d3d3f1ae5a78194 vn="Variante von Win32/Complitly.A evtl. unerwünschte Anwendung" ac=I fn="Q:\Backup von Laufwerk D (Win7)\Kopien vom alten PC\Desktop\Neue Downloads\SplitCamSetup.exe"
sh=B95ADB6C2819C54241FAFC5959612F70643302C1 ft=0 fh=0000000000000000 vn="Win32/bProtector.E evtl. unerwünschte Anwendung" ac=I fn="Q:\Backup von Laufwerk D (Win7)\UB-PC\Backup Set 2013-03-02 141453\Backup Files 2013-03-02 141453\Backup files 1.zip"
sh=0AE9EA41E2AD96BCEB05E511DD7E695B48136BE2 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="Q:\Backup von Laufwerk D (Win7)\WiederhDateien\Backup von Laufwerk C (Systempartition)\Dokumente und Einstellungen\Ulli\Desktop\Neue Downloads\AshampooHDDControl.zip"
sh=B9B71BF20BA1D5022912742CFA6EA8D7C9CE287F ft=1 fh=66385cb37e7cb8e4 vn="Win32/SpeedUpMyPC evtl. unerwünschte Anwendung" ac=I fn="Q:\Backup von Laufwerk D (Win7)\WiederhDateien\Backup von Laufwerk C (Systempartition)\Dokumente und Einstellungen\Ulli\Desktop\Neue Downloads\speedupmypc3plc.exe"
sh=B7BECAA1CACF89F71DDD304D3E0B14634B1E7F5D ft=1 fh=7d3d3f1ae5a78194 vn="Variante von Win32/Complitly.A evtl. unerwünschte Anwendung" ac=I fn="Q:\Backup von Laufwerk D (Win7)\WiederhDateien\Backup von Laufwerk C (Systempartition)\Dokumente und Einstellungen\Ulli\Desktop\Neue Downloads\SplitCamSetup.exe"
sh=0AE9EA41E2AD96BCEB05E511DD7E695B48136BE2 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="Q:\Backup von Laufwerk D (Win7)\WiederhDateien\RECYCLER\S-1-5-21-1993962763-73586283-682003330-1003\Dq250.zip"
Code:
ATTFilter Results of screen317's Security Check version 0.99.87
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Secunia PSI (3.0.0.6001)
Adobe Flash Player 14.0.0.145
Mozilla Firefox (31.0)
Google Chrome 24.0.1312.52
Google Chrome 24.0.1312.57
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
Windows7FirewallControl Windows7FirewallService.exe
Windows7FirewallControl Windows7FirewallControl.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-08-2014
Ran by UB (administrator) on UB-PC on 01-09-2014 10:48:30
Running from C:\Users\UB\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Sphinx Software) C:\Program Files (x86)\Windows7FirewallControl\Windows7FirewallService.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Langmeier Software GmbH, Switzerland) C:\Program Files (x86)\Langmeier Software\Langmeier Backup\lmbackup.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodtray.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Samsung Electronics Co., Ltd.) D:\Samsung Kies\Kies\KiesTrayAgent.exe
(Thornsoft Development, Inc.) C:\Program Files (x86)\ClipMate7\ClipMate.exe
(ACD Systems International Inc.) C:\Program Files (x86)\Common Files\ACD Systems\DE\DevDetect.exe
(Daniel Manger Software) C:\Program Files (x86)\Kalenderchen\Kalenderchen.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Sphinx Software) C:\Program Files (x86)\Windows7FirewallControl\Windows7FirewallControl.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
(Mister Group) C:\Program Files (x86)\System Explorer\SystemExplorer.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.10\AsusFanControlService.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanNetService.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodag.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
() C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
(Uwe Sieber - www.uwe-sieber.de) C:\Tools\USBDLM\USBDLM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Uwe Sieber - www.uwe-sieber.de) C:\Tools\USBDLM\USBDLM_usr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Mister Group) C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(David Harris) C:\PMAIL\Programs\winpm-32.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Ghisler Software GmbH) C:\Program Files\totalcmd\TOTALCMD.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [689488 2008-03-11] (CANON INC.)
HKLM\...\Run: [OODefragTray] => C:\Program Files\OO Software\Defrag\oodtray.exe [3998064 2012-06-06] (O&O Software GmbH)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [140568 2007-08-31] (Acronis)
HKLM\...\Run: [KiesTrayAgent] => D:\Samsung Kies\Kies\KiesTrayAgent.exe [310064 2014-05-28] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-20] (Intel Corporation)
HKLM-x32\...\Run: [Windows7FirewallControl] => C:\Program Files (x86)\Windows7FirewallControl\Windows7FirewallControl.exe [806912 2012-09-21] (Sphinx Software)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207360 2010-03-18] (ArcSoft Inc.)
HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [2622232 2007-08-31] (Acronis)
HKLM-x32\...\Run: [AcronisTimounterMonitor] => C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe [907040 2007-08-31] (Acronis)
HKLM-x32\...\Run: [SystemExplorerAutoStart] => C:\Program Files (x86)\System Explorer\SystemExplorer.exe [4008296 2014-05-12] (Mister Group)
HKLM-x32\...\Run: [KiesTrayAgent] => D:\Samsung Kies\Kies\KiesTrayAgent.exe [310064 2014-05-28] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-07] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1243157301-2590882679-505944417-1000\...\Run: [ClipMate7] => C:\Program Files (x86)\ClipMate7\ClipMate.exe [3760424 2009-01-31] (Thornsoft Development, Inc.)
HKU\S-1-5-21-1243157301-2590882679-505944417-1000\...\Run: [Device Detector] => DevDetect.exe -autorun
HKU\S-1-5-21-1243157301-2590882679-505944417-1000\...\Run: [DMS-Kalenderchen] => C:\Program Files (x86)\Kalenderchen\Kalenderchen.exe [3498496 2010-05-19] (Daniel Manger Software)
Lsa: [Authentication Packages] msv1_0 relog_ap
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
BootExecute: autocheck autochk * OODBS
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll (CANON INC.)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKCU - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.)
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - No File
Handler-x32: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Tcpip\..\Interfaces\{B13C63AC-E3CE-428E-9B78-65C1FBF91F26}: [NameServer] 192.168.178.1
Tcpip\..\Interfaces\{F1318F98-6E7A-4587-A3B4-0386D672D97E}: [NameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\UB\AppData\Roaming\Mozilla\Firefox\Profiles\y2ycry0v.default
FF Homepage: hxxp://duckduckgo.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll (Adobe Systems, Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin HKCU: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF SearchPlugin: C:\Users\UB\AppData\Roaming\Mozilla\Firefox\Profiles\y2ycry0v.default\searchplugins\0180-telefonbuch.xml
FF SearchPlugin: C:\Users\UB\AppData\Roaming\Mozilla\Firefox\Profiles\y2ycry0v.default\searchplugins\avira-safesearch.xml
FF SearchPlugin: C:\Users\UB\AppData\Roaming\Mozilla\Firefox\Profiles\y2ycry0v.default\searchplugins\duckduckgo.xml
FF SearchPlugin: C:\Users\UB\AppData\Roaming\Mozilla\Firefox\Profiles\y2ycry0v.default\searchplugins\leo-deu-fra.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira Browser Safety - C:\Users\UB\AppData\Roaming\Mozilla\Firefox\Profiles\y2ycry0v.default\Extensions\abs@avira.com [2014-08-29]
FF Extension: Fox!Box - C:\Users\UB\AppData\Roaming\Mozilla\Firefox\Profiles\y2ycry0v.default\Extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8}.xpi [2014-07-22]
Chrome:
=======
CHR HomePage: Default ->
CHR DefaultSearchKeyword: Default -> search.yahoo.com
CHR DefaultSearchProvider: Default -> Web
CHR DefaultSearchURL: Default -> hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx880NHL4NpXhO1w6Yb0c1W97SuZoCycIxpUJ-gCzGjcB8CzCcZG6erFPTeU0ZVhjPPoOxR8h67j_OKaut2_FxtZyBTarSVVRuG-oZXR3RBFxHOtZfIqATKujReEoSbMnJInJ2qVLWzXhPjb_iBjkADQIQL3xgwQml1qFrH5iDO1A,,&q={searchTerms}
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR Profile: C:\Users\UB\AppData\Local\Google\Chrome\User Data\Default
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-17] (Adobe Systems Incorporated)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-07] (Avira Operations GmbH & Co. KG)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2012-06-01] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-06-01] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-17] (ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.10\AsusFanControlService.exe [1475744 2012-05-25] (ASUSTeK Computer Inc.)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [149296 2014-08-04] (Avira Operations GmbH & Co. KG)
R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin) [File not signed]
R3 ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [160768 2011-05-27] (Intel Corporation) [File not signed]
R2 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [3293552 2012-06-06] (O&O Software GmbH)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [386344 2010-08-19] ()
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1225312 2012-11-26] (Secunia)
R3 SystemExplorerHelpService; C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe [821720 2012-11-25] (Mister Group)
R2 TryAndDecideService; C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [498872 2007-08-31] ()
R2 USBDLM; C:\Tools\USBDLM\USBDLM.exe [451560 2013-02-25] (Uwe Sieber - www.uwe-sieber.de) [File not signed]
R2 Windows7FirewallService; C:\Program Files (x86)\Windows7FirewallControl\Windows7FirewallService.exe [491520 2012-09-21] (Sphinx Software) [File not signed]
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [613760 2012-10-29] (Wacom Technology, Corp.)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
S3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-20] (MCCI Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-20] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-19] (Avira Operations GmbH & Co. KG)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-22] (AVM Berlin)
S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2010-10-22] (AVM GmbH)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-31] (Malwarebytes Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-10] (Corel Corporation)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [27960 2013-01-02] (Synaptics Incorporated)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-01 10:45 - 2014-08-31 19:58 - 00854417 _____ () C:\Users\UB\Desktop\SecurityCheck.exe
2014-08-31 22:32 - 2014-08-31 22:32 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-08-31 17:26 - 2014-08-31 22:13 - 00000168 _____ () C:\Windows\setupact.log
2014-08-31 17:26 - 2014-08-31 17:26 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-31 15:21 - 2014-08-31 15:47 - 00017117 _____ () C:\Users\UB\AppData\Roaming\AllChars.xml
2014-08-31 15:21 - 2014-08-31 15:43 - 00016555 _____ () C:\Users\UB\AppData\Roaming\AllChars-example.xml
2014-08-31 13:35 - 2014-08-31 13:35 - 00000877 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-08-31 00:27 - 2014-08-31 00:27 - 00001318 _____ () C:\Users\UB\Desktop\JRT.txt
2014-08-31 00:23 - 2014-08-31 00:23 - 00000000 ____D () C:\Windows\ERUNT
2014-08-31 00:14 - 2014-08-31 00:16 - 00000000 ____D () C:\AdwCleaner
2014-08-31 00:14 - 2014-08-30 19:52 - 01364531 _____ () C:\Users\UB\Desktop\adwcleaner_3.308.exe
2014-08-31 00:14 - 2014-04-21 08:17 - 00647193 _____ () C:\Users\UB\Desktop\aida.gadget
2014-08-31 00:14 - 2013-03-12 15:42 - 00972393 _____ (Aplus Software Inc. ) C:\Users\UB\Desktop\AplusDVDCopy.exe
2014-08-31 00:14 - 2013-03-12 15:39 - 10712363 _____ () C:\Users\UB\Desktop\AplusDVDCopy.zip
2014-08-31 00:14 - 2012-04-14 19:30 - 06243960 _____ (Lavasoft Limited) C:\Users\UB\Desktop\Adaware_Installer.exe
2014-08-31 00:14 - 2012-01-30 14:13 - 12410880 _____ () C:\Users\UB\Desktop\Ad-Aware96Install.msi
2014-08-31 00:14 - 2012-01-26 11:56 - 00633491 _____ () C:\Users\UB\Desktop\adblock_plus-2.0.3-sm_tb_fn_fx.zip
2014-08-31 00:14 - 2011-09-02 13:52 - 00795657 _____ () C:\Users\UB\Desktop\Acronis-True-Image-Home-Setup.exe
2014-08-31 00:14 - 2011-06-15 11:14 - 10080256 _____ () C:\Users\UB\Desktop\Ad-Aware90Install.msi
2014-08-31 00:09 - 2014-08-31 00:09 - 00005031 _____ () C:\Users\UB\Desktop\mbam.txt
2014-08-31 00:07 - 2014-08-31 00:07 - 00005031 _____ () C:\mbam.txt
2014-08-30 23:51 - 2014-08-31 00:02 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-30 23:51 - 2014-08-30 23:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-08-30 23:51 - 2014-08-30 23:51 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-08-30 23:51 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-30 23:51 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-30 23:51 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-30 23:36 - 2014-08-30 23:36 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-30 18:08 - 2014-08-30 18:01 - 00034642 _____ () C:\Users\UB\Desktop\FRST (2).txt
2014-08-30 11:53 - 2014-08-30 11:53 - 00053377 _____ () C:\ComboFix.txt
2014-08-30 11:52 - 2014-08-30 11:52 - 00002092 _____ () C:\Users\Public\Desktop\Langmeier Backup.lnk
2014-08-30 11:49 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-08-30 11:49 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-08-30 11:49 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-08-30 11:49 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-08-30 11:49 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-08-30 11:49 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-08-30 11:49 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-08-30 11:49 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-08-30 11:26 - 2014-08-30 11:53 - 00000000 ____D () C:\Qoobox
2014-08-30 11:26 - 2014-08-30 11:52 - 00000000 ____D () C:\Windows\erdnt
2014-08-29 10:29 - 2014-08-29 11:06 - 00000000 ____D () C:\Users\UB\Desktop\Anzeigenbilder
2014-08-27 11:08 - 2014-09-01 10:48 - 00018766 _____ () C:\Users\UB\Desktop\FRST.txt
2014-08-27 11:08 - 2014-09-01 10:48 - 00000000 ____D () C:\FRST
2014-08-27 11:08 - 2014-08-27 11:09 - 00034477 ____N () C:\Users\UB\Desktop\Addition.txt
2014-08-27 11:06 - 2014-08-27 11:03 - 02103296 ____N (Farbar) C:\Users\UB\Desktop\FRST64.exe
2014-08-26 18:43 - 2014-08-26 18:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec
2014-08-25 11:46 - 2014-08-25 11:46 - 00001170 _____ () C:\Users\UB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-25 11:23 - 2014-08-25 11:23 - 00000000 ____D () C:\NEW_VOLUME
2014-08-24 18:38 - 2014-08-26 11:42 - 00000085 ___SH () C:\ProgramData\.zreglib
2014-08-24 18:35 - 2014-08-24 18:35 - 00000000 ____D () C:\Users\UB\AppData\Local\WorldofTanks
2014-08-24 18:35 - 2014-08-24 18:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes
2014-08-24 18:35 - 2014-08-24 18:35 - 00000000 ____D () C:\Program Files (x86)\Elaborate Bytes
2014-08-24 18:34 - 2014-08-24 18:34 - 00000000 ____D () C:\Users\UB\AppData\Roaming\0S1P1R2Y1C1P1Q0D1F2W1G1I1F1T1Q
2014-08-24 18:34 - 2014-08-24 18:34 - 00000000 ____D () C:\Users\UB\AppData\Local\GGEmpire
2014-08-22 17:48 - 2014-08-22 17:48 - 00000000 ____D () C:\Users\UB\Desktop\AIDA
2014-08-10 17:27 - 2014-08-13 00:57 - 00000000 ____D () C:\Users\UB\Desktop\Omnia
2014-08-07 09:13 - 2014-08-20 16:17 - 00001147 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-07 09:13 - 2014-08-20 16:17 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-06 07:10 - 2014-08-06 07:10 - 00002085 ____N () C:\Users\UB\Desktop\MyPhoneExplorer.lnk
2014-08-05 18:30 - 2014-08-05 18:30 - 00002067 _____ () C:\Users\Public\Desktop\MyPhoneExplorer.lnk
2014-08-05 18:30 - 2014-08-05 18:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer
2014-08-05 18:30 - 2014-08-05 18:30 - 00000000 ____D () C:\Program Files (x86)\MyPhoneExplorer
2014-08-05 18:04 - 2014-08-05 18:04 - 00000000 ____D () C:\Users\UB\.android
2014-08-05 18:02 - 2014-08-16 01:56 - 00000000 ____D () C:\Users\UB\AppData\Roaming\MyPhoneExplorer
2014-08-03 11:01 - 2014-08-03 11:01 - 00000000 ____D () C:\Program Files (x86)\MSECache
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-01 10:48 - 2014-08-27 11:08 - 00018766 _____ () C:\Users\UB\Desktop\FRST.txt
2014-09-01 10:48 - 2014-08-27 11:08 - 00000000 ____D () C:\FRST
2014-09-01 10:48 - 2012-11-13 16:58 - 01072678 _____ () C:\Windows\WindowsUpdate.log
2014-09-01 10:31 - 2012-12-15 01:47 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-01 10:05 - 2012-12-16 18:54 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-01 10:05 - 2012-11-20 18:23 - 00007627 _____ () C:\Users\UB\AppData\Local\resmon.resmoncfg
2014-08-31 22:33 - 2011-04-12 09:43 - 20657100 _____ () C:\Windows\system32\perfh007.dat
2014-08-31 22:33 - 2011-04-12 09:43 - 06444528 _____ () C:\Windows\system32\perfc007.dat
2014-08-31 22:33 - 2009-07-14 07:13 - 00010576 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-31 22:32 - 2014-08-31 22:32 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-08-31 22:20 - 2009-07-14 06:45 - 00022512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-31 22:20 - 2009-07-14 06:45 - 00022512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-31 22:13 - 2014-08-31 17:26 - 00000168 _____ () C:\Windows\setupact.log
2014-08-31 22:13 - 2012-11-25 11:50 - 00000000 ____D () C:\ProgramData\Temp
2014-08-31 22:13 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-31 22:12 - 2013-03-09 18:46 - 01546512 _____ () C:\Windows\system32\oodbs.lor
2014-08-31 19:58 - 2014-09-01 10:45 - 00854417 _____ () C:\Users\UB\Desktop\SecurityCheck.exe
2014-08-31 17:26 - 2014-08-31 17:26 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-31 15:47 - 2014-08-31 15:21 - 00017117 _____ () C:\Users\UB\AppData\Roaming\AllChars.xml
2014-08-31 15:43 - 2014-08-31 15:21 - 00016555 _____ () C:\Users\UB\AppData\Roaming\AllChars-example.xml
2014-08-31 14:04 - 2014-01-10 19:50 - 00000000 ____D () C:\ProgramData\InstallMate
2014-08-31 13:54 - 2013-01-01 23:20 - 00000000 ____D () C:\Users\UB\Desktop\Utilities
2014-08-31 13:35 - 2014-08-31 13:35 - 00000877 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-08-31 13:35 - 2013-01-02 19:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-08-31 13:35 - 2013-01-02 19:36 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-31 11:16 - 2013-02-06 14:47 - 00003906 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{3D791F18-8226-448D-8AB0-9EE369A04736}
2014-08-31 10:09 - 2013-11-29 19:15 - 00820736 _____ () C:\Users\UB\Documents\Meine Konten.sub
2014-08-31 00:46 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-31 00:27 - 2014-08-31 00:27 - 00001318 _____ () C:\Users\UB\Desktop\JRT.txt
2014-08-31 00:23 - 2014-08-31 00:23 - 00000000 ____D () C:\Windows\ERUNT
2014-08-31 00:16 - 2014-08-31 00:14 - 00000000 ____D () C:\AdwCleaner
2014-08-31 00:09 - 2014-08-31 00:09 - 00005031 _____ () C:\Users\UB\Desktop\mbam.txt
2014-08-31 00:07 - 2014-08-31 00:07 - 00005031 _____ () C:\mbam.txt
2014-08-31 00:02 - 2014-08-30 23:51 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-30 23:59 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-30 23:51 - 2014-08-30 23:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-08-30 23:51 - 2014-08-30 23:51 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-08-30 23:36 - 2014-08-30 23:36 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-30 19:52 - 2014-08-31 00:14 - 01364531 _____ () C:\Users\UB\Desktop\adwcleaner_3.308.exe
2014-08-30 18:01 - 2014-08-30 18:08 - 00034642 _____ () C:\Users\UB\Desktop\FRST (2).txt
2014-08-30 11:53 - 2014-08-30 11:53 - 00053377 _____ () C:\ComboFix.txt
2014-08-30 11:53 - 2014-08-30 11:26 - 00000000 ____D () C:\Qoobox
2014-08-30 11:53 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-08-30 11:52 - 2014-08-30 11:52 - 00002092 _____ () C:\Users\Public\Desktop\Langmeier Backup.lnk
2014-08-30 11:52 - 2014-08-30 11:26 - 00000000 ____D () C:\Windows\erdnt
2014-08-30 11:52 - 2013-02-06 15:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Langmeier Backup
2014-08-30 11:52 - 2009-07-14 04:34 - 00000248 _____ () C:\Windows\system.ini
2014-08-29 11:06 - 2014-08-29 10:29 - 00000000 ____D () C:\Users\UB\Desktop\Anzeigenbilder
2014-08-27 11:09 - 2014-08-27 11:08 - 00034477 ____N () C:\Users\UB\Desktop\Addition.txt
2014-08-27 11:03 - 2014-08-27 11:06 - 02103296 ____N (Farbar) C:\Users\UB\Desktop\FRST64.exe
2014-08-26 18:44 - 2014-06-04 15:35 - 00000757 _____ () C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
2014-08-26 18:44 - 2014-06-04 15:35 - 00000747 _____ () C:\Users\Public\Desktop\Samsung Kies.lnk
2014-08-26 18:43 - 2014-08-26 18:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec
2014-08-26 11:42 - 2014-08-24 18:38 - 00000085 ___SH () C:\ProgramData\.zreglib
2014-08-26 11:42 - 2014-03-24 17:24 - 00000000 ____D () C:\Users\UB\AppData\Roaming\vlc
2014-08-26 11:24 - 2013-02-22 19:37 - 00000000 ____D () C:\ProgramData\DVD Shrink
2014-08-25 11:46 - 2014-08-25 11:46 - 00001170 _____ () C:\Users\UB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-25 11:39 - 2013-03-12 15:52 - 00000000 ____D () C:\Users\UB\Desktop\Brennen
2014-08-25 11:36 - 2014-04-05 23:54 - 00000000 ____D () C:\Users\UB\AppData\Roaming\dvdcss
2014-08-25 11:23 - 2014-08-25 11:23 - 00000000 ____D () C:\NEW_VOLUME
2014-08-25 10:40 - 2013-11-09 01:35 - 00000000 ____D () C:\Windows\Minidump
2014-08-24 18:35 - 2014-08-24 18:35 - 00000000 ____D () C:\Users\UB\AppData\Local\WorldofTanks
2014-08-24 18:35 - 2014-08-24 18:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes
2014-08-24 18:35 - 2014-08-24 18:35 - 00000000 ____D () C:\Program Files (x86)\Elaborate Bytes
2014-08-24 18:34 - 2014-08-24 18:34 - 00000000 ____D () C:\Users\UB\AppData\Roaming\0S1P1R2Y1C1P1Q0D1F2W1G1I1F1T1Q
2014-08-24 18:34 - 2014-08-24 18:34 - 00000000 ____D () C:\Users\UB\AppData\Local\GGEmpire
2014-08-22 17:48 - 2014-08-22 17:48 - 00000000 ____D () C:\Users\UB\Desktop\AIDA
2014-08-22 17:35 - 2014-06-20 09:52 - 00000000 ____D () C:\Users\UB\Desktop\PBeaKK
2014-08-20 16:17 - 2014-08-07 09:13 - 00001147 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-20 16:17 - 2014-08-07 09:13 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-20 16:17 - 2012-11-14 12:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-20 16:17 - 2012-11-14 12:01 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-08-16 01:56 - 2014-08-05 18:02 - 00000000 ____D () C:\Users\UB\AppData\Roaming\MyPhoneExplorer
2014-08-15 08:39 - 2014-06-28 09:40 - 00000000 ____D () C:\Users\UB\Desktop\Bedienungsanleitungen
2014-08-15 08:31 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-13 00:57 - 2014-08-10 17:27 - 00000000 ____D () C:\Users\UB\Desktop\Omnia
2014-08-11 18:36 - 2014-07-19 13:29 - 00000000 ___HD () C:\Users\UB\Desktop\[Originaldateien]
2014-08-10 17:37 - 2013-02-09 18:36 - 00001158 _____ () C:\Users\UB\AppData\Roaming\ShiftN.ini
2014-08-09 12:59 - 2013-01-14 18:11 - 00000000 ____D () C:\ProgramData\Buhl Data Service GmbH
2014-08-09 12:41 - 2013-05-15 13:25 - 00003201 ____N () C:\Users\UB\Desktop\Sterbefall-Todo-Liste
2014-08-07 09:13 - 2012-11-14 12:01 - 00000000 ____D () C:\ProgramData\Avira
2014-08-06 11:09 - 2013-06-14 00:47 - 00006386 _____ () C:\Users\UB\Documents\TopBankingError.txt
2014-08-06 07:10 - 2014-08-06 07:10 - 00002085 ____N () C:\Users\UB\Desktop\MyPhoneExplorer.lnk
2014-08-05 18:30 - 2014-08-05 18:30 - 00002067 _____ () C:\Users\Public\Desktop\MyPhoneExplorer.lnk
2014-08-05 18:30 - 2014-08-05 18:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer
2014-08-05 18:30 - 2014-08-05 18:30 - 00000000 ____D () C:\Program Files (x86)\MyPhoneExplorer
2014-08-05 18:04 - 2014-08-05 18:04 - 00000000 ____D () C:\Users\UB\.android
2014-08-05 18:04 - 2012-11-13 16:58 - 00000000 ____D () C:\Users\UB
2014-08-03 11:01 - 2014-08-03 11:01 - 00000000 ____D () C:\Program Files (x86)\MSECache
2014-08-03 11:01 - 2013-08-06 18:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
Some content of TEMP:
====================
C:\Users\UB\AppData\Local\Temp\avgnt.exe
C:\Users\UB\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-07-20 10:41
==================== End Of Log ============================
Zitat:
Unendlichen Dank für Deine Bemühungen! |
|
01.09.2014, 21:05
| #14 |
| /// the machine /// TB-Ausbilder | Anzeige von "blockierten Ereignissen" stört Ich weiß noch nit genau von welchem Programm das kommt. Was mich jetzt im Moment gerade mehr stutzig macht ist das Log von ESET. Ist das ein Firmenrechner? ODer warum hängen da zig Backup Platten dran, die alle bis zum Überlaufen voll mit ROtz sind?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
02.09.2014, 08:06
| #15 |
| | Anzeige von "blockierten Ereignissen" stört Nein, das ist ein völlig privater PC, zu dem nur ich Zugriff habe. Zusammengeschraubt von Mindfactory nach meinen Vorgaben. Die eingebauten Festplatten C: (SSD) und D: sind neu (Lieferdatum 8.11.2012), die ext. Platten alt vom XP-Vorgänger. Auf den alten Platten sind alte Backups vom alten Rechner und neue Backups vom neuen Win7-Rechner. Die Backups sind sicherheitshalber auf zwei alten Platten gleichzeitig, weil die Platten doch schon ein gewisses Alter haben. Sicher ließe sich da noch viel ausmisten, es ist alles eine Frage der zur Verfügung stehenden Zeit. Außerdem sind da Videocaptures von selbstgedrehten Videos drauf (*.avi) und ISO-Dateien von selbstgefertigten DVDs. Außerdem Backups von vielen *.jpg-Bildern. Diese 3 ext. Platten werden nur bei Bedarf über USB angeklemmt. Sind also in der Regel vom PC getrennt. Geändert von ulli912 (02.09.2014 um 08:12 Uhr) |
|
Revo Uninstaller herunter.
dann auf 
und dann auf 
.
Linear-Darstellung
