| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: lrcnta + srptm, graue FelderWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
10.09.2014, 15:40
| #31 |
 |  lrcnta + srptm, graue FelderCode:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-09-2014
Ran by Ute at 2014-09-10 16:25:29
Running from C:\Users\Ute\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: G DATA ANTIVIRUS (Disabled - Up to date) {545C8713-0744-B079-87F8-349A6D5C8CF0}
AS: G DATA ANTIVIRUS (Disabled - Up to date) {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)
Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)
64 Bit HP CIO Components Installer (Version: 1.0.0 - Hewlett-Packard) Hidden
ABBYY PDF Transformer 3.0 (HKLM-x32\...\ABBYY PDF Transformer 3.0) (Version: 3.00.317.68010 - ABBYY)
ABBYY PDF Transformer 3.0 (Version: 3.00.317.68010 - ABBYY) Hidden
Activation Assistant for the 2007 Microsoft Office suites (x32 Version: 1.0.1 - Microsoft Corporation) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader X (10.1.11) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.8.638 - Adobe Systems, Inc.)
AGEIA PhysX v7.01.12 (HKLM-x32\...\{E2BE1618-AF5F-4F7D-8484-42E080EDF609}) (Version: 7.01.12 - AGEIA Technologies, Inc.)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
AOL Deinstallation (HKLM-x32\...\AOL Deinstallation) (Version: - )
Apple Application Support (HKLM-x32\...\{3FA365DF-2D68-45ED-8F83-8C8A33E65143}) (Version: 1.1.0 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{9EA8213A-9080-C41F-2F85-8FF98374AB9F}) (Version: 3.0.678.0 - ATI Technologies, Inc.)
AVM FRITZ!Box Dokumentation (HKLM-x32\...\AVMFBox) (Version: - AVM Berlin)
AVM FRITZ!Box Druckeranschluss (HKLM-x32\...\AVMFBoxPrinter) (Version: - AVM Berlin)
AVM FRITZ!WLAN (HKLM-x32\...\AVMWLANCLI) (Version: - AVM Berlin)
Big Fish Games Client (HKLM-x32\...\BFGC) (Version: 1.4.0.11 - )
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v7.00.05 - TOSHIBA CORPORATION)
Browser 7 der Telekom 31.0.19 (x86 de) (HKLM-x32\...\Browser 7 der Telekom 31.0.19 (x86 de)) (Version: 31.0.19 - Deutsche Telekom AG)
Browser 7 Maintenance Service (HKLM-x32\...\Browser7MaintenanceService) (Version: 29.0.40 - Deutsche Telekom AG)
BufferChm (x32 Version: 90.0.146.000 - Hewlett-Packard) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2008.0514.2139.36863 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2008.0514.2139.36863 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2008.0514.2139.36863 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2008.0514.2139.36863 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2008.0514.2139.36863 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2008.0514.2139.36863 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2008.0514.2139.36863 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization Chinese Standard (x32 Version: 2008.0514.2139.36863 - ATI) Hidden
Catalyst Control Center Localization Chinese Traditional (x32 Version: 2008.0514.2139.36863 - ATI) Hidden
Catalyst Control Center Localization Czech (x32 Version: 2008.0514.2139.36863 - ATI) Hidden
Catalyst Control Center Localization Danish (x32 Version: 2008.0514.2139.36863 - ATI) Hidden
Catalyst Control Center Localization Dutch (x32 Version: 2008.0514.2139.36863 - ATI) Hidden
Catalyst Control Center Localization Finnish (x32 Version: 2008.0514.2139.36863 - ATI) Hidden
Catalyst Control Center Localization French (x32 Version: 2008.0514.2139.36863 - ATI) Hidden
Catalyst Control Center Localization German (x32 Version: 2008.0514.2139.36863 - ATI) Hidden
Catalyst Control Center Localization Greek (x32 Version: 2008.0514.2139.36863 - ATI) Hidden
Catalyst Control Center Localization Hungarian (x32 Version: 2008.0514.2139.36863 - ATI) Hidden
Catalyst Control Center Localization Italian (x32 Version: 2008.0514.2139.36863 - ATI) Hidden
Catalyst Control Center Localization Japanese (x32 Version: 2008.0514.2139.36863 - ATI) Hidden
Catalyst Control Center Localization Korean (x32 Version: 2008.0514.2139.36863 - ATI) Hidden
Catalyst Control Center Localization Norwegian (x32 Version: 2008.0514.2139.36863 - ATI) Hidden
Catalyst Control Center Localization Polish (x32 Version: 2008.0514.2139.36863 - ATI) Hidden
Catalyst Control Center Localization Portuguese (x32 Version: 2008.0514.2139.36863 - ATI) Hidden
Catalyst Control Center Localization Russian (x32 Version: 2008.0514.2139.36863 - ATI) Hidden
Catalyst Control Center Localization Spanish (x32 Version: 2008.0514.2139.36863 - ATI) Hidden
Catalyst Control Center Localization Swedish (x32 Version: 2008.0514.2139.36863 - ATI) Hidden
Catalyst Control Center Localization Thai (x32 Version: 2008.0514.2139.36863 - ATI) Hidden
Catalyst Control Center Localization Turkish (x32 Version: 2008.0514.2139.36863 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2008.0514.2138.36863 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2008.0514.2138.36863 - ATI) Hidden
CCC Help Czech (x32 Version: 2008.0514.2138.36863 - ATI) Hidden
CCC Help Danish (x32 Version: 2008.0514.2138.36863 - ATI) Hidden
CCC Help Dutch (x32 Version: 2008.0514.2138.36863 - ATI) Hidden
CCC Help English (x32 Version: 2008.0514.2138.36863 - ATI) Hidden
CCC Help Finnish (x32 Version: 2008.0514.2138.36863 - ATI) Hidden
CCC Help French (x32 Version: 2008.0514.2138.36863 - ATI) Hidden
CCC Help German (x32 Version: 2008.0514.2138.36863 - ATI) Hidden
CCC Help Greek (x32 Version: 2008.0514.2138.36863 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2008.0514.2138.36863 - ATI) Hidden
CCC Help Italian (x32 Version: 2008.0514.2138.36863 - ATI) Hidden
CCC Help Japanese (x32 Version: 2008.0514.2138.36863 - ATI) Hidden
CCC Help Korean (x32 Version: 2008.0514.2138.36863 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2008.0514.2138.36863 - ATI) Hidden
CCC Help Polish (x32 Version: 2008.0514.2138.36863 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2008.0514.2138.36863 - ATI) Hidden
CCC Help Russian (x32 Version: 2008.0514.2138.36863 - ATI) Hidden
CCC Help Spanish (x32 Version: 2008.0514.2138.36863 - ATI) Hidden
CCC Help Swedish (x32 Version: 2008.0514.2138.36863 - ATI) Hidden
CCC Help Thai (x32 Version: 2008.0514.2138.36863 - ATI) Hidden
CCC Help Turkish (x32 Version: 2008.0514.2138.36863 - ATI) Hidden
ccc-core-static (x32 Version: 2008.0514.2139.36863 - Ihr Firmenname) Hidden
ccc-utility64 (Version: 2008.0514.2139.36863 - ATI) Hidden
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Copy (x32 Version: 90.0.146.000 - Hewlett-Packard) Hidden
CustomerResearchQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
Destination Component (x32 Version: 090.000.091.086 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 110.0.180.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
DivX Converter (HKLM-x32\...\{B13A7C41581B411290FBC0395694E2A9}) (Version: 7.1.0 - DivX, Inc.)
DivX Plus DirectShow Filters (HKLM-x32\...\DivX Plus DirectShow Filters) (Version: - DivX, Inc.)
DivX-Setup (HKLM-x32\...\DivX Setup.divx.com) (Version: 2.5.0.8 - DivX, LLC)
Elevated Installer (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
Favorit (HKLM-x32\...\koega) (Version: - )
Fax (x32 Version: 120.0.194.000 - Hewlett-Packard) Hidden
Fotostory 3 für Windows (HKLM-x32\...\{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}) (Version: 3.0.1115.15 - Microsoft Corporation)
G DATA ANTIVIRUS (HKLM-x32\...\{B9FC0A7D-FA1D-4347-ABED-AD8AD5305633}) (Version: 25.0.2.1 - G DATA Software AG)
Garmin Express (HKLM-x32\...\{b43ffffb-1adc-4bcb-b277-7844ebff94da}) (Version: 3.2.17.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
GEAR driver installer for AMD64 and Intel EM64T (HKLM\...\{50CBBEC7-1010-41C5-8718-A1A6FEDD9C3A}) (Version: 2.003.1 - GEAR Software, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.103 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Hewlett-Packard Active Check for Health Check (x32 Version: 1.1.15.2 - Hewlett-Packard) Hidden
Hewlett-Packard Asset Agent for Health Check (x32 Version: 2.0.63.2 - HP) Hidden
HP Active Support Library (x32 Version: 3.1.6.1 - Hewlett-Packard) Hidden
HP Customer Experience Enhancements (HKLM-x32\...\{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}) (Version: 5.6.0.2510 - Hewlett-Packard)
HP Customer Feedback (x32 Version: 1.0.0 - Hewlett-Packard) Hidden
HP Customer Participation Program 9.0 (HKLM\...\HPExtendedCapabilities) (Version: 9.0 - HP)
HP Imaging Device Functions 9.0 (HKLM\...\HP Imaging Device Functions) (Version: 9.0 - HP)
HP Picasso Media Center Add-In (x32 Version: 1.0.0 - HP) Hidden
HP Recovery Manager RSS (x32 Version: 84.0.0.7 - Hewlet Packard Company) Hidden
HP Update (HKLM-x32\...\{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}) (Version: 4.000.010.008 - Hewlett-Packard)
HP_Network_UserGuide (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HPSSupply (HKLM-x32\...\{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}) (Version: 2.2.0.0000 - Ihr Firmenname)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
king.com (remove only) (HKLM-x32\...\king.com) (Version: - Midasplayer Ltd (king.com))
LG United Mobile Driver (HKLM-x32\...\{2A3A4BD6-6CE0-4e2a-80D2-1D0FF6ACBFBA}) (Version: 3.10.1.0 - LG Electronics)
Marco Polo Mobile Navigator 2 (HKLM-x32\...\{5F65ECEE-EB1D-4C85-8D8C-9C7CE2DBB1D6}) (Version: - )
MarketResearch (x32 Version: 90.0.146.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Corporation (Version: 9.1.0.0 - Microsoft Corporation) Hidden
Microsoft Corporation (x32 Version: 9.1.0.0 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM-x32\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft VC9 runtime libraries (x32 Version: 2.0.0 - AOL Inc.) Hidden
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Works (HKLM-x32\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version: - Pavel Cvrcek)
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 24.2.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.2.0 (x86 de)) (Version: 24.2.0 - Mozilla)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NAVIGON Fresh 3.5.1 (HKLM-x32\...\NAVIGON Fresh) (Version: 3.5.1 - NAVIGON)
Nero 8 (HKLM-x32\...\{1CA7ACD6-B21B-4240-AA05-4FC55F6E1031}) (Version: 8.3.465 - Nero AG)
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
NewFreeScreensaver nfsHDWaterfall03 (HKLM-x32\...\nfsHDWaterfall03 New Free Screensaver_is1) (Version: - )
Nokia Connectivity Cable Driver (HKLM-x32\...\{25CFEF55-A945-41FC-86ED-76469F31DF37}) (Version: 7.1.41.0 - Nokia)
Nokia Music Player (HKLM-x32\...\{4FCB1267-7380-4EBA-9A6C-69809C6E8227}) (Version: 2.5.11021 - Nokia Music Player)
Nokia_Multimedia_Common_Components_2_5 (HKLM-x32\...\{25F61E72-AAA4-4607-95D2-1E5139C98FFB}) (Version: 2.7.69 - Nokia)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - )
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Optimierte Multimedia-Tastatur-Lösung (HKLM-x32\...\KBD) (Version: - Hewlett-Packard)
PanoStandAlone (x32 Version: 90.0.146.000 - Hewlett-Packard) Hidden
PaperPort Image Printer 64-bit (HKLM\...\{ABA4FAF1-6389-45F9-92CE-3914A4E5C471}) (Version: 1.00.0000 - Nuance Communications, Inc.)
PC Connectivity Solution (HKLM-x32\...\{4B28C077-9958-45F1-8BB4-CBF90A69AD4E}) (Version: 11.4.15.0 - Nokia)
PhotoScape (HKLM-x32\...\PhotoScape) (Version: - )
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 6.5.2926 - CyberLink Corp.)
PowerDirector (x32 Version: 6.5.2926 - CyberLink Corp.) Hidden
Primo (x32 Version: 1.00.0000 - Your Company Name) Hidden
Python 2.5.2 (HKLM-x32\...\{6B976ADF-8AE8-434E-B282-A06C7F624D2F}) (Version: 2.5.2150 - Python Software Foundation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5657 - Realtek Semiconductor Corp.)
RTC Client API v1.2 (HKLM-x32\...\{44CDBD1B-89FB-4E02-8319-2A4C550F664A}) (Version: 1.2.0000 - Microsoft)
Runtime (x32 Version: 1.00.0000 - Your Company Name) Hidden
SafeFinder Smartbar (HKLM-x32\...\{1898B668-CCF5-429F-A86F-9837E5439D77}) (Version: 11.114.72.19232 - Linkury Ltd.) <==== ATTENTION
Skins (x32 Version: 2008.0514.2139.36863 - ATI) Hidden
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.9.9216 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Sony USB Driver (HKLM-x32\...\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}) (Version: 2.00 - Sony Corporation)
Spielefieber Patiencen für Vista (HKLM-x32\...\Spielefieber Patiencen für Vista) (Version: - KlickMedia)
Status (x32 Version: 110.0.180.000 - Hewlett-Packard) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Top Ten Solitaire (HKLM-x32\...\{51790747-4141-2516-5286-723025870322}) (Version: 1.0 - Bluefish Games)
TrayApp (x32 Version: 110.0.180.000 - Hewlett-Packard) Hidden
TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.340 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities) (Version: 14.0.1000.340 - TuneUp Software)
TuneUp Utilities 2014 (x32 Version: 14.0.1000.340 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (x32 Version: 12.0.3600.171 - TuneUp Software) Hidden
UnloadSupport (x32 Version: 9.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM-x32\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2883097) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{B2260BC9-D561-46EE-B33D-739CF760A2A9}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VCRedistSetup (x32 Version: 1.0.0 - Nero AG) Hidden
VR-NetWorld (HKLM-x32\...\{8815F011-43AF-4F50-BBD8-D78ED3D6F5B9}) (Version: - )
WDR RadioRecorder (HKLM-x32\...\Tobit Radio.fx Server 1) (Version: - Tobit.Software)
Windows 7 Upgrade Advisor (HKLM-x32\...\{9A4D182C-35C7-4791-8484-4304EBC9101A}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Live Call (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8098.930 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 14.0.8093.805 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8091.0730 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Mobile Device Updater Component (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) (HKLM\...\FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D) (Version: 08/22/2008 7.0.0.0 - Nokia)
Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Wondershare MobileTrans ( Version 4.2.0 ) (HKLM-x32\...\{18CDCEAA-A9E4-4A4C-AC0E-C15E87C30EA5}_is1) (Version: 4.2.0 - Wondershare)
Xvid 1.1.2 final uninstall (HKLM-x32\...\Xvid_is1) (Version: 1.1 - Xvid team (Koepi))
Zoo Tycoon: Complete Collection (HKLM-x32\...\Zoo Tycoon 1.0) (Version: - )
Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation)
Zune (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (CHS) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (CHT) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (CSY) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (DAN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (DEU) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (ELL) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (ESP) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (FIN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (FRA) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (HUN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (IND) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (ITA) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (JPN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (KOR) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (MSL) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (NLD) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (NOR) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (PLK) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (PTB) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (PTG) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (RUS) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (SVE) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 14:34 - 2006-09-18 23:37 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {00BCCA01-A40B-4CAE-8227-2F62DC9E814B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-09] (Google Inc.)
Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {279F157C-71B0-48BD-869F-5517150C523D} - System32\Tasks\HP Health Check Scheduler => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-06-02] (Hewlett-Packard)
Task: {28D5FA8E-3458-4145-A83A-4C217971EE93} - System32\Tasks\HP-Online-Aktualisierungsprogramm => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2007-03-11] (Hewlett-Packard Co.)
Task: {36094E77-3C21-421B-8EAB-76A357083F9B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-10] (Adobe Systems Incorporated)
Task: {376BB1C6-EE4E-4BEC-B4FE-84F31A30F5B1} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {468EF5B9-5FB1-4743-B57F-2607EADD3A6C} - System32\Tasks\HP Health Check => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-06-02] (Hewlett-Packard)
Task: {4C1210EF-7F37-4352-A913-6973F45DEBA2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {4F0D940C-AD4F-4AE6-AF83-44F78476290D} - System32\Tasks\ScanSoft Background Update => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe
Task: {50B63E3C-8429-4B61-9671-2F1989927645} - System32\Tasks\Automatische Wartung => C:\Program Files (x86)\TuneUp Utilities 2009\OneClickStarter.exe
Task: {5EE7DBA1-E02B-449D-A55F-76653BBFC245} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {5F5E9998-8B9C-481E-94C4-CA2EB746A438} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {A4B635A8-CB6E-4CC9-A4C2-ED29C5B288AD} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-08-07] ()
Task: {ADFA917F-CC05-4250-BF79-23261ED49A92} - System32\Tasks\Desktop Messenger => C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
Task: {B000A09E-317B-407D-BA22-B7FEDB6F3186} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe [2014-07-16] (TuneUp Software)
Task: {CDBEB6A4-BC55-4040-88D6-844C74525DBE} - System32\Tasks\{4231AEF2-8460-496A-9460-D6D1F6493ADF} => Chrome.exe hxxp://ui.skype.com/ui/0/5.3.0.116/de/abandoninstall?source=lightinstaller&page=tsDownload&installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:notoffered;ienotdefaultbrowser2
Task: {DD7781E1-AD7A-437B-8126-4B49A280B14A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-09] (Google Inc.)
Task: {E6C229EB-FEFD-4A53-A5C9-7AE2CDBC5A82} - System32\Tasks\RecoveryCD => C:\Program Files (x86)\Hewlett-Packard\SDP\RemEngine.exe [2008-06-12] ()
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2011-01-22 19:58 - 2011-11-18 15:51 - 03673944 _____ () J:\Tobit Radio.fx\Server\rfx-server.exe
2014-07-16 10:24 - 2014-07-16 10:24 - 00699704 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\avgrepliba.dll
2008-09-12 21:49 - 2008-05-15 00:04 - 00116736 _____ () C:\Windows\system32\atitmm64.dll
2014-05-20 03:38 - 2014-05-20 03:38 - 00340088 ____N () C:\Program Files (x86)\Common Files\G Data\AVKProxy\PktIcpt2x64.dll
2004-01-09 22:02 - 2004-01-09 22:02 - 00045056 _____ () C:\Program Files (x86)\AOL 9.0 VR\zlib.dll
2002-04-22 23:08 - 2002-04-22 23:08 - 00053248 _____ () C:\Program Files (x86)\AOL 9.0 VR\xmlparse.dll
2002-04-22 23:08 - 2002-04-22 23:08 - 00081920 _____ () C:\Program Files (x86)\AOL 9.0 VR\xmltok.dll
2007-05-24 10:01 - 2007-05-24 10:01 - 00090112 _____ () C:\Program Files (x86)\AOL 9.0 VR\Components\Tier2Svc.dll
2007-05-24 10:01 - 2007-05-24 10:01 - 00061440 _____ () C:\Program Files (x86)\AOL 9.0 VR\Components\DataSvcs.dll
2009-01-07 17:42 - 2007-05-24 04:49 - 00131072 _____ () c:\program files (x86)\common files\aol\1231342872\ee\services\proxyprovider\ver1_0_0_1\proxyprovider.dll
2009-01-07 17:42 - 2007-05-24 04:57 - 00094208 _____ () c:\program files (x86)\common files\aol\1231342872\ee\services\waolTrayMenuService\ver_0_9_1\waolTrayMenuService.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\Manopost:zylomtest
AlternateDataStreams: C:\Users\Manopost:zylomtr{000HQ7FF-AD7A-3FG7-DNQC-2227NIQAQVVE}
AlternateDataStreams: C:\Users\Manopost:zylomtr{000HQ7FF-AD7A-3FG7-FCUD-28A45N46SVT9}
AlternateDataStreams: C:\ProgramData\TEMP:2B1EA607
AlternateDataStreams: C:\ProgramData\TEMP:8AD1F2E0
AlternateDataStreams: C:\ProgramData\TEMP:957E9765
AlternateDataStreams: C:\ProgramData\TEMP:BD36345D
AlternateDataStreams: C:\ProgramData\TEMP:F0D7EE30
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: KBD => C:\HP\KBD\KbdStub.EXE
MSCONFIG\startupreg: Wondershare Helper Compact.exe => "C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe"
MSCONFIG\startupreg: WSHelperSetup.exe => "C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe"
==================== Faulty Device Manager Devices =============
Name: isatap.{A615081A-DB1C-42C8-8B6A-0E4FEC46738B}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: isatap.{1AFC8298-E6C4-448F-A08D-F0585C2E35D5}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (09/10/2014 04:25:32 PM) (Source: VSS) (EventID: 12292) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422] ist ein Fehler aufgetreten.
Vorgang:
Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
Schattenkopien abfragen
Kontext:
Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
Snapshotkontext: 13
Snapshotkontext: 13
Ausführungskontext: Coordinator
Error: (09/10/2014 04:25:32 PM) (Source: VSS) (EventID: 40) (User: )
Description: Volumeschattenkopie-Dienst-Fehler: Der Dienst "Microsoft-Softwareschattenkopie-Anbieter"
(SWPRV) ist deaktiviert. Aktivieren Sie den Dienst, und wiederholen Sie den Vorgang.
Vorgang:
Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
Schattenkopien abfragen
Kontext:
Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
Snapshotkontext: 13
Snapshotkontext: 13
Ausführungskontext: Coordinator
Error: (09/10/2014 01:39:00 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts auf dem Volume (Prozess = C:\Windows\system32\svchost.exe -k netsvcs; Beschreibung = Windows Update; Hr = 0x8004230f).
Error: (09/10/2014 01:39:00 PM) (Source: VSS) (EventID: 12292) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422] ist ein Fehler aufgetreten.
Vorgang:
Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
Schattenkopien löschen
Kontext:
Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
Snapshotkontext: 0
Snapshotkontext: 0
Ausführungskontext: Coordinator
Error: (09/10/2014 01:39:00 PM) (Source: VSS) (EventID: 40) (User: )
Description: Volumeschattenkopie-Dienst-Fehler: Der Dienst "Microsoft-Softwareschattenkopie-Anbieter"
(SWPRV) ist deaktiviert. Aktivieren Sie den Dienst, und wiederholen Sie den Vorgang.
Vorgang:
Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
Schattenkopien löschen
Kontext:
Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
Snapshotkontext: 0
Snapshotkontext: 0
Ausführungskontext: Coordinator
Error: (09/10/2014 01:39:00 PM) (Source: VSS) (EventID: 12292) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422] ist ein Fehler aufgetreten.
Vorgang:
Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
Schattenkopien abfragen
Schattenkopien löschen
Kontext:
Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
Snapshotkontext: 0
Snapshotkontext: 0
Ausführungskontext: Coordinator
Ausführungskontext: Coordinator
Error: (09/10/2014 01:39:00 PM) (Source: VSS) (EventID: 40) (User: )
Description: Volumeschattenkopie-Dienst-Fehler: Der Dienst "Microsoft-Softwareschattenkopie-Anbieter"
(SWPRV) ist deaktiviert. Aktivieren Sie den Dienst, und wiederholen Sie den Vorgang.
Vorgang:
Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
Schattenkopien abfragen
Schattenkopien löschen
Kontext:
Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
Snapshotkontext: 0
Snapshotkontext: 0
Ausführungskontext: Coordinator
Ausführungskontext: Coordinator
Error: (09/10/2014 01:39:00 PM) (Source: VSS) (EventID: 12292) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422] ist ein Fehler aufgetreten.
Vorgang:
Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
Überprüfen, ob das Volume vom Anbieter unterstützt wird
Volume einem Schattenkopiesatz hinzufügen
Kontext:
Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Klassen-ID: {00000000-0000-0000-0000-000000000000}
Snapshotkontext: 4194317
Ausführungskontext: Coordinator
Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Volumename: \\?\Volume{cc3cf33a-b60c-11dd-934c-806e6f6e6963}\
Ausführungskontext: Coordinator
Error: (09/10/2014 01:39:00 PM) (Source: VSS) (EventID: 40) (User: )
Description: Volumeschattenkopie-Dienst-Fehler: Der Dienst "Microsoft-Softwareschattenkopie-Anbieter"
(SWPRV) ist deaktiviert. Aktivieren Sie den Dienst, und wiederholen Sie den Vorgang.
Vorgang:
Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
Überprüfen, ob das Volume vom Anbieter unterstützt wird
Volume einem Schattenkopiesatz hinzufügen
Kontext:
Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Klassen-ID: {00000000-0000-0000-0000-000000000000}
Snapshotkontext: 4194317
Ausführungskontext: Coordinator
Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Volumename: \\?\Volume{cc3cf33a-b60c-11dd-934c-806e6f6e6963}\
Ausführungskontext: Coordinator
Error: (09/10/2014 01:28:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung sidebar.exe, Version 6.0.6002.18005, Zeitstempel 0x49e035b8, fehlerhaftes Modul OLEAUT32.dll, Version 6.0.6002.18508, Zeitstempel 0x4e567628, Ausnahmecode 0xc0000005, Fehleroffset 0x0000000000001149,
Prozess-ID 0xfb4, Anwendungsstartzeit sidebar.exe0.
System errors:
=============
Error: (09/10/2014 01:26:41 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: HP CUE DeviceDiscovery Service%%2147500037
Error: (09/10/2014 01:26:38 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: i8042prt
Error: (09/10/2014 01:26:38 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: HP CUE DeviceDiscovery Service
Error: (09/10/2014 01:26:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: vToolbarUpdater18.1.9%%2
Error: (09/10/2014 01:26:38 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Windows-BilderfassungShellhardwareerkennung%%1058
Error: (09/10/2014 01:26:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: scores%%2
Error: (09/10/2014 01:15:16 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: HP CUE DeviceDiscovery Service%%2147500037
Error: (09/10/2014 01:15:02 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: i8042prt
Error: (09/10/2014 01:15:01 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: HP CUE DeviceDiscovery Service
Error: (09/10/2014 01:15:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: vToolbarUpdater18.1.9%%2
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2014-09-10 16:24:56.932
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\HookCentre.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-09-10 16:24:56.168
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\HookCentre.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-09-10 16:24:55.388
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\HookCentre.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-09-10 16:24:54.624
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\HookCentre.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-09-10 16:22:57.072
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\HookCentre.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-09-10 16:22:56.339
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\HookCentre.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-09-10 16:22:55.559
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\HookCentre.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-09-10 16:22:54.779
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\HookCentre.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-09-10 13:37:00.279
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\HookCentre.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-09-10 13:36:59.727
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\HookCentre.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: AMD Phenom(tm) 9650 Quad-Core Processor
Percentage of memory in use: 46%
Total physical RAM: 4093.58 MB
Available physical RAM: 2170.86 MB
Total Pagefile: 8395.68 MB
Available Pagefile: 6175.43 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB
==================== Drives ================================
Drive c: (HP) (Fixed) (Total:582.63 GB) (Free:325.56 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (FACTORY_IMAGE) (Fixed) (Total:13.54 GB) (Free:1.86 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (AVK_09Sep14) (CDROM) (Total:0.19 GB) (Free:0 GB) UDF
Drive j: (HP Pocket Media Drive) (Fixed) (Total:149.04 GB) (Free:126.5 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=582.6 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=13.5 GB) - (Type=07 NTFS)
========================================================
Disk: 5 (MBR Code: Windows XP) (Size: 149.1 GB) (Disk ID: 2BD35C77)
Partition 1: (Not Active) - (Size=149 GB) - (Type=OF Extended)
==================== End Of Log ============================
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-09-2014
Ran by Ute (administrator) on MANOPOST-PC on 10-09-2014 16:24:43
Running from C:\Users\Ute\Desktop
Platform: Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(G Data Software AG) C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKWCtlx64.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(AOL LLC) C:\Program Files (x86)\Common Files\aol\acs\AOLacsd.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanNetService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() J:\Tobit Radio.fx\Server\rfx-server.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(G Data Software AG) C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G DATA\AVKProxy\GdBgInx64.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G DATA\AVKProxy\GDKBFltExe32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\conime.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKBap64.exe
(AOL, LLC.) C:\Program Files (x86)\AOL 9.0 VR\waol.exe
(America Online, Inc.) C:\Program Files (x86)\Common Files\aol\1231342872\ee\aolsoftware.exe
(AOL, LLC.) C:\Program Files (x86)\AOL 9.0 VR\shellmon.exe
(America Online Inc) C:\Program Files (x86)\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe
(Microsoft Corporation) C:\Windows\SysWOW64\conime.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [ITSecMng] => C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [83336 2009-07-22] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [SunJavaUpdateReg] => C:\Windows\SysWOW64\jureg.exe [54936 2007-04-07] (Sun Microsystems, Inc.)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe,
HKU\.DEFAULT\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries)
HKU\.DEFAULT\...\Winlogon: [Shell] C:\Windows\explorer.exe [3079168 2009-04-11] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-19\...\Winlogon: [Shell] C:\Windows\explorer.exe [3079168 2009-04-11] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Winlogon: [Shell] C:\Windows\explorer.exe [3079168 2009-04-11] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-21-243317379-2889874547-3061927781-1001\...\Run: [AOL Fast Start] => C:\Program Files (x86)\AOL 9.0 VR\AOL.EXE [50480 2007-06-21] (AOL, LLC.)
AppInit_DLLs-x32: C:\Users\Manopost\AppData\Local\Smartbar\Application\Resources\crdlil.dll => "C:\Users\Manopost\AppData\Local\Smartbar\Application\Resources\crdlil.dll" File Not Found
IFEO: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\bip_camera1.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\browser7.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\btassist1.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\coverdes.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\discspeed.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\drivespeed.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\eccenter1.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\excel.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\express.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\frontpg.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\groove.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\hpwucli.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\infopath.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\infotool.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\lifecam.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\mobiletrans.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\msaccess.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\msoxmled.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\mspub.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\mstore.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\mypc backup.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\nero.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\neroburnrights.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\nerohome.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\neromediahome.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\nerorescueagent.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\neroscoutoptions.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\nerostartsmart.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\nerovision.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\offdiag.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\ois.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\onenote.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\osa.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\outlook.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\photosnap.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\photosnapviewer.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\powerpnt.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\pptview.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\recode.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\setupx.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\showtime.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\skype.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\soundtrax.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\tosbtmng.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\tosbtproc1.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\unins000.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\uninst.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\usrguide.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\waveedit.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\winword.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\wirelessftp1.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\wlangui.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\zune.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
ShellIconOverlayIdentifiers: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/cpm-redir/ie-9.html
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.t-online.de/cpm-redir/ie-9.html
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.t-online.de/cpm-redir/ie-9.html
hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=84&bd=Pavilion&pf=cndt
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.t-online.de/cpm-redir/ie-9.html
hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=84&bd=Pavilion&pf=cndt
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,CustomizeSearch = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {D6E4D59A-E5FE-4C8D-8347-B99B76E656E5} URL = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
SearchScopes: HKLM - {F137222E-6DE9-44E9-8EF2-CC5A8D3833BB} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
SearchScopes: HKLM-x32 - {2059CF48-25F3-40d7-9D37-24A3142FD20B} URL = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=3379&q={searchTerms}&rp=&s_it=tb50-ie-aolde-chromesbox-de-de
SearchScopes: HKLM-x32 - {D6E4D59A-E5FE-4C8D-8347-B99B76E656E5} URL = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
SearchScopes: HKCU - DefaultScope {83CB6700-9424-4FE4-B1F4-F9BC555167F3} URL = hxxp://suche.t-online.de/fast-cgi/tsc?mandant=toi&device=html&portallanguage=de&userlanguage=de&dia=suche&context=internet-tab&tpc=internet&ptl=std&classification=internet-tab_internet_std&q={searchTerms}&br=ie7-toi
SearchScopes: HKCU - {6C7BD9C4-A466-46C4-82C4-CC66701D1395} URL = hxxp://rover.ebay.com/rover/1/707-1403-276402/4?mpre=hxxp://search.ebay.de/search/search.dll?shortcut=4&query={sear chTerms}
SearchScopes: HKCU - {83CB6700-9424-4FE4-B1F4-F9BC555167F3} URL = hxxp://suche.t-online.de/fast-cgi/tsc?mandant=toi&device=html&portallanguage=de&userlanguage=de&dia=suche&context=internet-tab&tpc=internet&ptl=std&classification=internet-tab_internet_std&q={searchTerms}&br=ie7-toi
SearchScopes: HKCU - {E6396811-2413-44EC-A69B-A788B0E124FC} URL = hxxp://suche.t-online.de/fastcgi/tsc?mandant=toi&device=html&portallanguage=de&userlanguage=de&d ia=suche&context=wiki-tab&tpc=internet&ptl=std&classification=wikitab_internet_std&q={searchTerms}&br=ie7-toi
SearchScopes: HKCU - {F048D832-4CD6-4A55-AAC4-45E3EE19F9B4} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag= interactivemesuche21&index=blended&linkCode=ur2&camp=1638&creative=6742
BHO: Windows Live Family Safety Browser Helper Class -> {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} -> C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: HKLM-x32 {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
DPF: HKLM-x32 {477E2667-7E7A-4737-BFF5-121D68EF7816} hxxp://musikdownloads.aol.de/imcdms-static/code/AOL%20Download%20Assistent.ocx
DPF: HKLM-x32 {74E4A24D-5224-4F05-8A41-99445E0FC22B} hxxp://www.gamehouse.com/games/gamehouse/ghplayer.cab
DPF: HKLM-x32 {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\syswow64\urlmon.dll (Microsoft Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.5.0 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll No File
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-03-21]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-03-07]
Chrome:
=======
CHR HomePage: Default -> CA7071918667F4327D423F4D70E794BF606311A235D4A490FC145E6BC7418393
CHR DefaultSearchKeyword: Default -> 199E29FAA7C54775CD180793079F5617B561B965549C89D4A6FC35C2896A28AE
CHR DefaultSearchProvider: Default -> 9F43598E6FC84D62FAD3F1C6194BCCCF9B797405CD55613E71E6FE5656259DC3
CHR DefaultSearchURL: Default -> C67BD8333C5775407A7F68E95C2FCB3F70A25EEE0505DE41C14945691D0CE179
CHR Profile: C:\Users\Ute\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\Ute\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-09]
CHR Extension: (Docs) - C:\Users\Ute\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-09]
CHR Extension: (Google Drive) - C:\Users\Ute\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-09]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Ute\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-09]
CHR Extension: (YouTube) - C:\Users\Ute\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-09]
CHR Extension: (Google-Suche) - C:\Users\Ute\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-09]
CHR Extension: (Google Sheets) - C:\Users\Ute\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-09]
CHR Extension: (Skype Click to Call) - C:\Users\Ute\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-09-09]
CHR Extension: (Mehr Leistung und Videoformate für dein HTML5 <video>) - C:\Users\Ute\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2014-09-09]
CHR Extension: (Google Mail) - C:\Users\Ute\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-09]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-01-17]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S4 ABBYY.Licensing.PDFTransformer.Classic.3.0; C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe [759048 2010-02-01] (ABBYY)
R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2250360 2014-07-30] (G Data Software AG)
R2 AVKService; C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe [914552 2013-12-19] (G Data Software AG)
R2 AVKWCtl; C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKWCtlx64.exe [2683760 2014-05-20] (G Data Software AG)
R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [356352 2006-12-28] (AVM Berlin) [File not signed]
S4 Boonty Games; C:\Program Files (x86)\Common Files\BOONTY Shared\Service\Boonty.exe [69120 2009-01-28] (BOONTY) [File not signed]
S4 Browser7Maintenance; C:\Program Files (x86)\Browser 7 Maintenance Service\maintenanceservice.exe [112128 2014-08-26] (Deutsche Telekom AG) [File not signed]
R2 ezSharedSvc; C:\Windows\SysWOW64\ezsvc7.dll [129992 2008-02-03] (EasyBits Sofware AS) [File not signed]
S4 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-08-07] (Garmin Ltd or its subsidiaries)
R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [700536 2014-05-20] (G Data Software AG)
S3 HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-06-02] (Hewlett-Packard) [File not signed]
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2008-10-16] (Hewlett-Packard Co.) [File not signed]
S2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [135168 2008-03-25] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [69632 2006-11-08] (Hewlett-Packard) [File not signed]
S4 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [537896 2008-12-12] (Nero AG)
S4 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [88064 2006-11-08] (Hewlett-Packard) [File not signed]
R2 Radio.fx; J:\Tobit Radio.fx\Server\rfx-server.exe [3673944 2011-11-18] ()
S4 ServiceLayer; C:\Program Files (x86)\Nokia\PC Connectivity Solution\ServiceLayer.exe [632832 2011-03-21] (Nokia) [File not signed]
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2145080 2014-07-16] (TuneUp Software)
S2 scores; C:\Windows\score.exe [X]
S2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [29184 2013-04-18] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [36352 2013-06-28] (LG Electronics Inc.)
S3 andnetndis; C:\Windows\System32\DRIVERS\lgandnetndis64.sys [103936 2013-04-23] (LG Electronics Inc.)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [310984 2010-07-22] ()
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-20] (AVG Technologies)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2006-12-28] (AVM Berlin)
S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [34704 2010-02-05] (CSR, plc)
R3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2006-12-28] (AVM GmbH)
R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [55808 2014-09-01] (G Data Software AG)
R1 GDKBFlt; C:\Windows\system32\drivers\GDKBFlt64.sys [20992 2014-07-06] (G Data Software AG)
R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [142336 2014-09-01] (G Data Software AG)
R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [64000 2014-07-06] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [64000 2014-09-01] (G Data Software AG)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [106272 2014-08-31] (G Data Software)
R3 HCW3x64; C:\Windows\System32\DRIVERS\HCW3x64.sys [1087872 2007-03-26] (Hauppauge Computer Works inc.)
R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [61440 2014-07-06] (G Data Software AG)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [42696 2010-07-22] ()
S4 nvrd64; C:\Windows\system32\drivers\nvrd64.sys [166944 2008-06-06] (NVIDIA Corporation)
S3 Ph3xIB64; C:\Windows\System32\DRIVERS\Ph3xIB64.sys [1368960 2006-09-30] (Philips Semiconductors GmbH)
S3 Ps2; C:\Windows\System32\DRIVERS\PS2.sys [21504 2006-09-07] ()
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-08-20] ()
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-09-18] (TuneUp Software)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
|
|
10.09.2014, 15:43
| #32 |
| | lrcnta + srptm, graue FelderCode:
ATTFilter
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-10 16:24 - 2014-09-10 16:25 - 00029459 _____ () C:\Users\Ute\Desktop\FRST.txt
2014-09-10 16:22 - 2014-09-10 16:24 - 02105856 _____ (Farbar) C:\Users\Ute\Desktop\FRST64.exe
2014-09-10 13:38 - 2014-09-10 13:38 - 01016261 _____ (Thisisu) C:\Users\Ute\Desktop\JRT.exe
2014-09-09 18:21 - 2014-09-09 18:21 - 01016261 _____ (Thisisu) C:\Users\Ute\Downloads\JRT (2).exe
2014-09-09 18:08 - 2014-09-09 18:08 - 00000000 ____D () C:\Windows\ERUNT
2014-09-09 18:06 - 2014-09-09 18:06 - 01016261 _____ (Thisisu) C:\Users\Ute\Downloads\JRT (1).exe
2014-09-09 18:05 - 2014-09-09 18:06 - 01016261 _____ (Thisisu) C:\Users\Ute\Downloads\JRT.exe
2014-09-09 17:48 - 2014-09-09 17:52 - 00000000 ____D () C:\AdwCleaner
2014-09-09 17:45 - 2014-09-09 17:45 - 01370483 _____ () C:\Users\Ute\Desktop\adwcleaner_3.309.exe
2014-09-09 15:48 - 2014-09-09 15:49 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Ute\Desktop\tdsskiller.exe
2014-09-09 15:44 - 2014-09-09 15:44 - 00000000 ____D () C:\Users\Ute\AppData\Local\Google
2014-09-09 12:52 - 2014-09-09 12:52 - 00895120 _____ (Google Inc.) C:\Users\Manopost\Downloads\ChromeSetup(3).exe
2014-09-09 12:50 - 2014-09-09 12:50 - 00733168 _____ () C:\Users\Manopost\Downloads\chromesetup(2).exe
2014-09-09 12:44 - 2014-09-09 13:06 - 00001979 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-09 12:44 - 2014-09-09 12:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-09-09 12:43 - 2014-09-10 15:48 - 00001114 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-09 12:43 - 2014-09-10 13:28 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-09 12:43 - 2014-09-09 12:43 - 00004110 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-09-09 12:43 - 2014-09-09 12:43 - 00003858 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-09-09 12:42 - 2014-09-09 12:42 - 00895120 _____ (Google Inc.) C:\Users\Manopost\Downloads\ChromeSetup(1).exe
2014-09-09 07:02 - 2014-09-09 09:03 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-09 06:56 - 2014-09-09 08:20 - 00000000 ____D () C:\Users\Ute\Desktop\mbar
2014-09-09 06:55 - 2014-09-09 06:56 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Ute\Desktop\mbar-1.07.0.1012.exe
2014-09-08 14:59 - 2014-09-08 18:17 - 00000000 ___SD () C:\32788R22FWJFW
2014-09-08 14:59 - 2014-09-08 14:59 - 00000000 ____D () C:\Windows\erdnt
2014-09-08 12:17 - 2014-09-08 12:17 - 00054750 _____ () C:\Users\Ute\Desktop\Addition1.txt
2014-09-08 09:47 - 2014-09-08 09:47 - 00000000 ____D () C:\Users\Ute\AppData\Roaming\Adobe
2014-09-08 09:46 - 2014-09-08 11:00 - 00000000 ____D () C:\Users\Ute\AppData\Roaming\TuneUp Software
2014-09-08 09:46 - 2014-09-08 09:46 - 00000000 ____D () C:\Users\Ute\AppData\Local\TuneUp Software
2014-09-08 09:45 - 2014-09-08 09:45 - 00000951 _____ () C:\Users\Ute\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-09-08 09:45 - 2014-09-08 09:45 - 00000000 ____D () C:\Users\Ute\AppData\Roaming\AOL
2014-09-08 09:45 - 2014-09-08 09:45 - 00000000 ____D () C:\Users\Ute\AppData\Local\AOL
2014-09-08 09:44 - 2014-09-08 09:45 - 00000941 _____ () C:\Users\Ute\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-08 09:44 - 2014-09-08 09:44 - 00000936 _____ () C:\Users\Ute\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-09-08 09:42 - 2014-09-08 09:44 - 00000917 _____ () C:\Users\Ute\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2014-09-08 09:41 - 2014-09-08 09:46 - 00000000 ____D () C:\Users\Ute\AppData\Local\VirtualStore
2014-09-08 09:41 - 2014-09-08 09:44 - 00000000 ____D () C:\Users\Ute
2014-09-08 09:41 - 2014-09-08 09:41 - 00000020 ___SH () C:\Users\Ute\ntuser.ini
2014-09-08 09:41 - 2014-09-08 09:41 - 00000000 _SHDL () C:\Users\Ute\Vorlagen
2014-09-08 09:41 - 2014-09-08 09:41 - 00000000 _SHDL () C:\Users\Ute\Startmenü
2014-09-08 09:41 - 2014-09-08 09:41 - 00000000 _SHDL () C:\Users\Ute\Netzwerkumgebung
2014-09-08 09:41 - 2014-09-08 09:41 - 00000000 _SHDL () C:\Users\Ute\Lokale Einstellungen
2014-09-08 09:41 - 2014-09-08 09:41 - 00000000 _SHDL () C:\Users\Ute\Eigene Dateien
2014-09-08 09:41 - 2014-09-08 09:41 - 00000000 _SHDL () C:\Users\Ute\Druckumgebung
2014-09-08 09:41 - 2014-09-08 09:41 - 00000000 _SHDL () C:\Users\Ute\Documents\Eigene Musik
2014-09-08 09:41 - 2014-09-08 09:41 - 00000000 _SHDL () C:\Users\Ute\Documents\Eigene Bilder
2014-09-08 09:41 - 2014-09-08 09:41 - 00000000 _SHDL () C:\Users\Ute\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-09-08 09:41 - 2014-09-08 09:41 - 00000000 _SHDL () C:\Users\Ute\AppData\Local\Verlauf
2014-09-08 09:41 - 2014-09-08 09:41 - 00000000 _SHDL () C:\Users\Ute\AppData\Local\Anwendungsdaten
2014-09-08 09:41 - 2014-09-08 09:41 - 00000000 _SHDL () C:\Users\Ute\Anwendungsdaten
2014-09-08 09:41 - 2014-04-09 17:34 - 00000000 ____D () C:\Users\Ute\AppData\Roaming\Garmin
2014-09-08 09:41 - 2011-11-18 04:55 - 00000000 ____D () C:\Users\Ute\AppData\Roaming\Macromedia
2014-09-08 09:41 - 2010-11-16 00:09 - 00000000 ____D () C:\Users\Ute\AppData\Local\Microsoft Help
2014-09-08 09:41 - 2008-01-21 05:20 - 00000000 ___RD () C:\Users\Ute\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-09-08 09:41 - 2008-01-21 05:20 - 00000000 ___RD () C:\Users\Ute\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-08 08:03 - 2014-09-08 08:03 - 00003631 _____ () C:\Users\Manopost\Downloads\FRST.txt
2014-09-08 08:02 - 2014-09-08 08:03 - 02105344 _____ (Farbar) C:\Users\Manopost\Downloads\FRST64(1).exe
2014-09-08 07:44 - 2011-05-13 12:16 - 00493056 _____ ( datenhaus GmbH) C:\Windows\SysWOW64\dhRichClient3.dll
2014-09-08 07:44 - 2011-03-25 20:42 - 00338432 _____ () C:\Windows\SysWOW64\sqlite36_engine.dll
2014-09-08 07:43 - 2014-09-08 07:43 - 01101648 _____ () C:\Users\Manopost\Downloads\HijackThis - CHIP-Installer.exe
2014-09-07 19:19 - 2014-09-07 19:19 - 02105344 _____ (Farbar) C:\Users\Manopost\Downloads\FRST64.exe
2014-09-07 16:19 - 2014-09-07 16:19 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-07 16:18 - 2014-09-07 16:19 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Manopost\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-07 15:00 - 2014-09-10 16:24 - 00000000 ____D () C:\FRST
2014-09-07 10:24 - 2014-09-07 10:24 - 00388152 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-07 10:23 - 2014-09-09 17:56 - 00187784 _____ () C:\Windows\PFRO.log
2014-09-06 23:41 - 2014-09-06 23:42 - 00895120 _____ (Google Inc.) C:\Users\Manopost\Downloads\ChromeSetup.exe
2014-09-06 23:24 - 2014-09-06 23:24 - 00106712 _____ () C:\Users\Manopost\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-06 23:24 - 2014-09-06 23:24 - 00002379 _____ () C:\Users\Manopost\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-09-06 23:16 - 2014-09-06 23:57 - 00000000 ____D () C:\Users\Manopost\AppData\Local\Gameo
2014-09-06 23:16 - 2014-09-06 23:16 - 00000174 _____ () C:\Users\Manopost\Desktop\Play Games Online.url
2014-09-06 23:16 - 2014-09-06 23:16 - 00000174 _____ () C:\Users\Manopost\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play Games Online.url
2014-09-06 23:16 - 2014-09-06 23:16 - 00000000 ___HD () C:\Users\Manopost\AppData\Roaming\GoldenGate
2014-09-06 16:11 - 2014-09-06 16:11 - 00000000 ____D () C:\Users\Manopost\AppData\Local\Deployment
2014-09-01 23:00 - 2014-09-01 23:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G DATA ANTIVIRUS
2014-08-28 21:52 - 2014-08-23 03:05 - 00304128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-28 21:52 - 2014-08-23 02:42 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 21:52 - 2014-08-23 01:38 - 02782208 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-27 10:03 - 2014-08-27 10:03 - 00000630 _____ () C:\Users\Manopost\Desktop\BLT14-15_209.exe - Verknüpfung.lnk
2014-08-27 09:52 - 2014-08-27 09:52 - 00724992 _____ (Maximilian Stangel) C:\Users\Manopost\Downloads\BLT14-15_209.exe
2014-08-27 09:33 - 2014-08-27 09:33 - 00000000 ____D () C:\ProgramData\Avg_Update_0814tb
2014-08-26 18:52 - 2014-08-31 22:03 - 00000000 ___HD () C:\Users\Public\Temp
2014-08-26 18:49 - 2014-08-26 18:50 - 00000000 ____D () C:\Users\Public\29B3597AA0BC4491BC3F1A409CD7CF3F
2014-08-26 14:15 - 2013-12-27 16:17 - 37650432 _____ () C:\Users\Manopost\Desktop\M2U00050.MPG
2014-08-26 13:28 - 2014-09-06 23:26 - 00000000 ____D () C:\Users\Manopost\Desktop\Tablet
2014-08-26 13:13 - 2014-08-26 13:13 - 00000000 ____D () C:\ProgramData\Telekom-Browser 7
2014-08-25 17:43 - 2014-09-07 01:20 - 00000000 ___RD () C:\Users\Manopost\Dropbox
2014-08-25 17:41 - 2014-08-25 17:41 - 00000000 ____D () C:\Users\Manopost\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-25 17:41 - 2014-08-25 17:41 - 00000000 ____D () C:\Program Files (x86)\Dropbox
2014-08-25 17:39 - 2014-09-06 22:46 - 00000000 ____D () C:\Users\Manopost\AppData\Roaming\Dropbox
2014-08-25 07:52 - 2014-08-25 07:52 - 00000000 ____D () C:\Users\Manopost\AppData\Local\Adobe
2014-08-22 15:27 - 2014-08-22 15:27 - 00000000 ____D () C:\ProgramData\Xerox
2014-08-22 14:28 - 2014-09-06 23:32 - 00000000 ____D () C:\Users\Manopost\Desktop\Neuer Ordner
2014-08-22 12:43 - 2014-08-22 12:45 - 00000000 ____D () C:\Users\Public\10F34257C92C4CB28669BE8F744057EF
2014-08-22 10:23 - 2014-08-22 10:24 - 00000000 ____D () C:\Users\Public\39203AE8A0DE4F819CFD816F114013DB
2014-08-22 10:00 - 2014-04-19 17:34 - 00000426 _____ () C:\AVScanner.ini
2014-08-22 09:11 - 2014-08-31 15:59 - 00000000 ____D () C:\Program Files (x86)\videos MediaPlay-Air
2014-08-22 09:10 - 2014-08-22 09:12 - 00062602 _____ () C:\Users\Manopost\AppData\Local\dd_vcredistMSI61B3.txt
2014-08-22 09:10 - 2014-08-22 09:12 - 00012036 _____ () C:\Users\Manopost\AppData\Local\dd_vcredistUI61B3.txt
2014-08-20 14:49 - 2014-08-20 14:49 - 00016152 _____ () C:\Windows\system32\Drivers\SWDUMon.sys
2014-08-20 14:49 - 2014-08-20 14:49 - 00000000 ____D () C:\Users\Manopost\AppData\Local\SlimWare Utilities Inc
2014-08-20 14:48 - 2014-08-20 14:48 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers
2014-08-20 14:45 - 2014-08-20 15:13 - 00000732 _____ () C:\Users\Manopost\AppData\Local\d3d9caps64.dat
2014-08-20 14:44 - 2014-08-20 14:44 - 00796720 _____ ( ) C:\Users\Manopost\Downloads\nero_setup.exe
2014-08-17 18:20 - 2014-08-17 18:45 - 00001653 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fotostory 3 für Windows.lnk
2014-08-17 18:20 - 2014-08-17 18:20 - 00000000 ____D () C:\Program Files (x86)\Photo Story 3 for Windows
2014-08-17 18:18 - 2014-08-17 18:18 - 01101648 _____ () C:\Users\Manopost\Documents\Microsoft Photo Story - CHIP-Installer.exe
2014-08-17 13:33 - 2014-08-22 13:21 - 00000000 ____D () C:\Users\Manopost\Desktop\Tolo Video 1
2014-08-17 13:26 - 2014-08-22 14:59 - 00000000 ____D () C:\Users\Manopost\Desktop\Tolo 2
2014-08-17 11:21 - 2014-08-26 14:04 - 00000000 ____D () C:\Users\Manopost\Desktop\Meine Bilder
2014-08-17 08:49 - 2014-08-17 08:49 - 01058200 _____ (Adobe) C:\Users\Manopost\Downloads\install_flashplayer14x32au_mssa_awc_aih.exe
2014-08-17 08:36 - 2014-06-27 00:17 - 01389200 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-17 08:36 - 2014-06-27 00:17 - 00619664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-17 08:36 - 2014-06-27 00:17 - 00171152 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-17 08:36 - 2014-06-27 00:17 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-17 08:36 - 2014-06-27 00:17 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-17 08:36 - 2014-06-27 00:17 - 00008848 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-17 08:36 - 2014-06-06 06:29 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-17 08:36 - 2014-06-06 06:28 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-17 08:32 - 2014-08-17 08:32 - 00001757 _____ () C:\Users\Public\Desktop\Garmin Express.lnk
2014-08-17 08:32 - 2014-08-17 08:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2014-08-17 00:05 - 2014-08-14 12:15 - 36898446 _____ () C:\Users\Manopost\Desktop\20140814_131447.mp4
2014-08-16 23:56 - 2014-08-20 19:35 - 00000000 ____D () C:\Users\Manopost\Desktop\Handy Tolo
2014-08-16 23:37 - 2014-06-14 02:56 - 00901568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-16 23:37 - 2014-06-14 02:51 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-08-16 23:37 - 2014-06-02 23:30 - 03137536 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-16 23:37 - 2014-06-02 23:30 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-16 23:37 - 2014-06-02 23:29 - 02280448 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-16 23:37 - 2014-06-02 23:29 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2014-08-16 23:37 - 2014-06-02 22:29 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-16 23:37 - 2014-06-02 12:31 - 02263552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-16 23:37 - 2014-06-02 12:31 - 00332800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-16 23:37 - 2014-06-02 12:30 - 01993728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-16 23:36 - 2014-07-24 21:28 - 17861120 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-16 23:36 - 2014-07-24 21:12 - 02339328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-16 23:36 - 2014-07-24 21:10 - 10920960 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-16 23:36 - 2014-07-24 21:07 - 01384960 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-16 23:36 - 2014-07-24 21:06 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-16 23:36 - 2014-07-24 21:05 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-16 23:36 - 2014-07-24 21:05 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-08-16 23:36 - 2014-07-24 21:05 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-16 23:36 - 2014-07-24 21:04 - 02155520 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-16 23:36 - 2014-07-24 21:04 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-08-16 23:36 - 2014-07-24 21:04 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-16 23:36 - 2014-07-24 21:04 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-16 23:36 - 2014-07-24 21:04 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-16 23:36 - 2014-07-24 21:04 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-16 23:36 - 2014-07-24 21:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-16 23:36 - 2014-07-24 21:03 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-16 23:36 - 2014-07-24 21:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-16 23:36 - 2014-07-24 21:03 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-08-16 23:36 - 2014-07-24 21:03 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-08-16 23:36 - 2014-07-24 21:03 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-08-16 23:36 - 2014-07-24 21:02 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-16 23:36 - 2014-07-24 20:07 - 12356608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-16 23:36 - 2014-07-24 19:58 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-16 23:36 - 2014-07-24 19:57 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-16 23:36 - 2014-07-24 19:52 - 01137664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-16 23:36 - 2014-07-24 19:51 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-16 23:36 - 2014-07-24 19:51 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-16 23:36 - 2014-07-24 19:50 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-08-16 23:36 - 2014-07-24 19:50 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-16 23:36 - 2014-07-24 19:49 - 01802240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-16 23:36 - 2014-07-24 19:49 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-08-16 23:36 - 2014-07-24 19:49 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-16 23:36 - 2014-07-24 19:49 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-16 23:36 - 2014-07-24 19:49 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-16 23:36 - 2014-07-24 19:48 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-16 23:36 - 2014-07-24 19:48 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-16 23:36 - 2014-07-24 19:48 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-16 23:36 - 2014-07-24 19:48 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-16 23:36 - 2014-07-24 19:48 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-08-16 23:36 - 2014-07-24 19:48 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-08-16 23:36 - 2014-07-24 19:48 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-08-16 23:36 - 2014-07-24 19:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-16 23:36 - 2014-07-08 03:12 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-16 23:36 - 2014-07-08 02:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-16 23:06 - 2014-09-06 23:25 - 00000000 ____D () C:\Users\Manopost\Desktop\Kamera Tolo
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-10 16:25 - 2014-09-10 16:24 - 00029459 _____ () C:\Users\Ute\Desktop\FRST.txt
2014-09-10 16:24 - 2014-09-10 16:22 - 02105856 _____ (Farbar) C:\Users\Ute\Desktop\FRST64.exe
2014-09-10 16:24 - 2014-09-07 15:00 - 00000000 ____D () C:\FRST
2014-09-10 15:48 - 2014-09-09 12:43 - 00001114 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-10 15:35 - 2012-07-19 18:26 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-10 15:25 - 2006-11-02 17:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-10 15:25 - 2006-11-02 17:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-10 14:47 - 2010-11-02 18:19 - 01227917 _____ () C:\Windows\WindowsUpdate.log
2014-09-10 14:35 - 2012-07-19 18:26 - 00003736 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-10 14:35 - 2012-04-08 10:43 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-10 14:35 - 2011-05-14 09:27 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-10 13:38 - 2014-09-10 13:38 - 01016261 _____ (Thisisu) C:\Users\Ute\Desktop\JRT.exe
2014-09-10 13:28 - 2014-09-09 12:43 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-10 13:25 - 2006-11-02 17:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-10 13:21 - 2006-11-02 17:42 - 00032514 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-09 18:21 - 2014-09-09 18:21 - 01016261 _____ (Thisisu) C:\Users\Ute\Downloads\JRT (2).exe
2014-09-09 18:08 - 2014-09-09 18:08 - 00000000 ____D () C:\Windows\ERUNT
2014-09-09 18:06 - 2014-09-09 18:06 - 01016261 _____ (Thisisu) C:\Users\Ute\Downloads\JRT (1).exe
2014-09-09 18:06 - 2014-09-09 18:05 - 01016261 _____ (Thisisu) C:\Users\Ute\Downloads\JRT.exe
2014-09-09 17:56 - 2014-09-07 10:23 - 00187784 _____ () C:\Windows\PFRO.log
2014-09-09 17:52 - 2014-09-09 17:48 - 00000000 ____D () C:\AdwCleaner
2014-09-09 17:52 - 2009-01-07 16:52 - 00000000 ____D () C:\Users\Manopost
2014-09-09 17:45 - 2014-09-09 17:45 - 01370483 _____ () C:\Users\Ute\Desktop\adwcleaner_3.309.exe
2014-09-09 15:49 - 2014-09-09 15:48 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Ute\Desktop\tdsskiller.exe
2014-09-09 15:44 - 2014-09-09 15:44 - 00000000 ____D () C:\Users\Ute\AppData\Local\Google
2014-09-09 13:06 - 2014-09-09 12:44 - 00001979 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-09 12:52 - 2014-09-09 12:52 - 00895120 _____ (Google Inc.) C:\Users\Manopost\Downloads\ChromeSetup(3).exe
2014-09-09 12:50 - 2014-09-09 12:50 - 00733168 _____ () C:\Users\Manopost\Downloads\chromesetup(2).exe
2014-09-09 12:44 - 2014-09-09 12:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-09-09 12:43 - 2014-09-09 12:43 - 00004110 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-09-09 12:43 - 2014-09-09 12:43 - 00003858 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-09-09 12:43 - 2009-01-10 16:50 - 00000000 ____D () C:\Program Files (x86)\Google
2014-09-09 12:42 - 2014-09-09 12:42 - 00895120 _____ (Google Inc.) C:\Users\Manopost\Downloads\ChromeSetup(1).exe
2014-09-09 09:03 - 2014-09-09 07:02 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-09 08:33 - 2008-09-13 07:16 - 00699062 _____ () C:\Windows\system32\perfh007.dat
2014-09-09 08:33 - 2008-09-13 07:16 - 00156416 _____ () C:\Windows\system32\perfc007.dat
2014-09-09 08:33 - 2006-11-02 14:46 - 01638136 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-09 08:20 - 2014-09-09 06:56 - 00000000 ____D () C:\Users\Ute\Desktop\mbar
2014-09-09 07:35 - 2010-04-27 13:26 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-09-09 06:56 - 2014-09-09 06:55 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Ute\Desktop\mbar-1.07.0.1012.exe
2014-09-08 19:58 - 2009-01-08 19:17 - 00000000 ____D () C:\Program Files (x86)\TuneUp Utilities 2009
2014-09-08 19:45 - 2014-07-31 19:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-08 18:17 - 2014-09-08 14:59 - 00000000 ___SD () C:\32788R22FWJFW
2014-09-08 14:59 - 2014-09-08 14:59 - 00000000 ____D () C:\Windows\erdnt
2014-09-08 12:17 - 2014-09-08 12:17 - 00054750 _____ () C:\Users\Ute\Desktop\Addition1.txt
2014-09-08 11:00 - 2014-09-08 09:46 - 00000000 ____D () C:\Users\Ute\AppData\Roaming\TuneUp Software
2014-09-08 09:47 - 2014-09-08 09:47 - 00000000 ____D () C:\Users\Ute\AppData\Roaming\Adobe
2014-09-08 09:46 - 2014-09-08 09:46 - 00000000 ____D () C:\Users\Ute\AppData\Local\TuneUp Software
2014-09-08 09:46 - 2014-09-08 09:41 - 00000000 ____D () C:\Users\Ute\AppData\Local\VirtualStore
2014-09-08 09:45 - 2014-09-08 09:45 - 00000951 _____ () C:\Users\Ute\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-09-08 09:45 - 2014-09-08 09:45 - 00000000 ____D () C:\Users\Ute\AppData\Roaming\AOL
2014-09-08 09:45 - 2014-09-08 09:45 - 00000000 ____D () C:\Users\Ute\AppData\Local\AOL
2014-09-08 09:45 - 2014-09-08 09:44 - 00000941 _____ () C:\Users\Ute\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-08 09:44 - 2014-09-08 09:44 - 00000936 _____ () C:\Users\Ute\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-09-08 09:44 - 2014-09-08 09:42 - 00000917 _____ () C:\Users\Ute\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2014-09-08 09:44 - 2014-09-08 09:41 - 00000000 ____D () C:\Users\Ute
2014-09-08 09:41 - 2014-09-08 09:41 - 00000020 ___SH () C:\Users\Ute\ntuser.ini
2014-09-08 09:41 - 2014-09-08 09:41 - 00000000 _SHDL () C:\Users\Ute\Vorlagen
2014-09-08 09:41 - 2014-09-08 09:41 - 00000000 _SHDL () C:\Users\Ute\Startmenü
2014-09-08 09:41 - 2014-09-08 09:41 - 00000000 _SHDL () C:\Users\Ute\Netzwerkumgebung
2014-09-08 09:41 - 2014-09-08 09:41 - 00000000 _SHDL () C:\Users\Ute\Lokale Einstellungen
2014-09-08 09:41 - 2014-09-08 09:41 - 00000000 _SHDL () C:\Users\Ute\Eigene Dateien
2014-09-08 09:41 - 2014-09-08 09:41 - 00000000 _SHDL () C:\Users\Ute\Druckumgebung
2014-09-08 09:41 - 2014-09-08 09:41 - 00000000 _SHDL () C:\Users\Ute\Documents\Eigene Musik
2014-09-08 09:41 - 2014-09-08 09:41 - 00000000 _SHDL () C:\Users\Ute\Documents\Eigene Bilder
2014-09-08 09:41 - 2014-09-08 09:41 - 00000000 _SHDL () C:\Users\Ute\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-09-08 09:41 - 2014-09-08 09:41 - 00000000 _SHDL () C:\Users\Ute\AppData\Local\Verlauf
2014-09-08 09:41 - 2014-09-08 09:41 - 00000000 _SHDL () C:\Users\Ute\AppData\Local\Anwendungsdaten
2014-09-08 09:41 - 2014-09-08 09:41 - 00000000 _SHDL () C:\Users\Ute\Anwendungsdaten
2014-09-08 08:03 - 2014-09-08 08:03 - 00003631 _____ () C:\Users\Manopost\Downloads\FRST.txt
2014-09-08 08:03 - 2014-09-08 08:02 - 02105344 _____ (Farbar) C:\Users\Manopost\Downloads\FRST64(1).exe
2014-09-08 07:52 - 2009-02-04 12:45 - 00000069 _____ () C:\Windows\NeroDigital.ini
2014-09-08 07:43 - 2014-09-08 07:43 - 01101648 _____ () C:\Users\Manopost\Downloads\HijackThis - CHIP-Installer.exe
2014-09-08 06:31 - 2013-09-17 15:45 - 00000425 _____ () C:\Windows\BRWMARK.INI
2014-09-07 21:28 - 2011-06-11 10:44 - 00003714 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{7D2327BF-DAC5-43D7-8EB3-6EA0AF4A749D}
2014-09-07 19:19 - 2014-09-07 19:19 - 02105344 _____ (Farbar) C:\Users\Manopost\Downloads\FRST64.exe
2014-09-07 18:29 - 2009-01-28 11:48 - 00000108 _____ () C:\Users\Manopost\AppData\Roaming\default.pls
2014-09-07 16:19 - 2014-09-07 16:19 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-07 16:19 - 2014-09-07 16:18 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Manopost\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-07 11:08 - 2010-11-15 00:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-09-07 11:08 - 2010-11-15 00:52 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-07 10:24 - 2014-09-07 10:24 - 00388152 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-07 01:20 - 2014-08-25 17:43 - 00000000 ___RD () C:\Users\Manopost\Dropbox
2014-09-06 23:57 - 2014-09-06 23:16 - 00000000 ____D () C:\Users\Manopost\AppData\Local\Gameo
2014-09-06 23:42 - 2014-09-06 23:41 - 00895120 _____ (Google Inc.) C:\Users\Manopost\Downloads\ChromeSetup.exe
2014-09-06 23:35 - 2013-12-03 13:32 - 00000000 ___RD () C:\Users\Manopost\Documents\Fugen-T-Poster
2014-09-06 23:34 - 2014-01-02 12:23 - 00000000 ____D () C:\Users\Manopost\Desktop\2014
2014-09-06 23:33 - 2014-01-02 15:28 - 00000000 ____D () C:\Users\Manopost\Desktop\Bayrischer Wald
2014-09-06 23:32 - 2014-08-22 14:28 - 00000000 ____D () C:\Users\Manopost\Desktop\Neuer Ordner
2014-09-06 23:27 - 2013-01-21 16:39 - 00000000 ____D () C:\Users\Manopost\Desktop\Bilder1
2014-09-06 23:26 - 2014-08-26 13:28 - 00000000 ____D () C:\Users\Manopost\Desktop\Tablet
2014-09-06 23:25 - 2014-08-16 23:06 - 00000000 ____D () C:\Users\Manopost\Desktop\Kamera Tolo
2014-09-06 23:24 - 2014-09-06 23:24 - 00106712 _____ () C:\Users\Manopost\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-06 23:24 - 2014-09-06 23:24 - 00002379 _____ () C:\Users\Manopost\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-09-06 23:16 - 2014-09-06 23:16 - 00000174 _____ () C:\Users\Manopost\Desktop\Play Games Online.url
2014-09-06 23:16 - 2014-09-06 23:16 - 00000174 _____ () C:\Users\Manopost\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play Games Online.url
2014-09-06 23:16 - 2014-09-06 23:16 - 00000000 ___HD () C:\Users\Manopost\AppData\Roaming\GoldenGate
2014-09-06 22:51 - 2006-11-02 15:33 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-09-06 22:50 - 2009-01-07 16:56 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-09-06 22:50 - 2006-11-02 17:15 - 00000000 ____D () C:\Windows\WindowsMobile
2014-09-06 22:46 - 2014-08-25 17:39 - 00000000 ____D () C:\Users\Manopost\AppData\Roaming\Dropbox
2014-09-06 22:41 - 2013-04-11 17:22 - 00000000 ____D () C:\Program Files\Google
2014-09-06 22:40 - 2013-09-17 15:40 - 00000000 ____D () C:\ProgramData\InstallShield
2014-09-06 22:39 - 2013-09-17 15:42 - 00000000 ____D () C:\Program Files (x86)\Brother
2014-09-06 16:12 - 2009-01-10 16:51 - 00000000 ____D () C:\Users\Manopost\AppData\Local\Google
2014-09-06 16:11 - 2014-09-06 16:11 - 00000000 ____D () C:\Users\Manopost\AppData\Local\Deployment
2014-09-06 16:11 - 2010-06-03 12:57 - 00000000 ____D () C:\Users\Manopost\AppData\Local\Apps\2.0
2014-09-06 15:57 - 2009-01-10 16:51 - 00000000 ____D () C:\ProgramData\Google
2014-09-06 15:36 - 2011-06-13 13:08 - 00003292 _____ () C:\Windows\System32\Tasks\{4231AEF2-8460-496A-9460-D6D1F6493ADF}
2014-09-01 23:00 - 2014-09-01 23:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G DATA ANTIVIRUS
2014-09-01 23:00 - 2014-04-12 12:28 - 00001794 _____ () C:\Users\Public\Desktop\G DATA ANTIVIRUS.lnk
2014-09-01 23:00 - 2009-10-03 14:49 - 00055808 _____ (G Data Software AG) C:\Windows\system32\Drivers\GDBehave.sys
2014-09-01 23:00 - 2009-06-20 14:57 - 00142336 _____ (G Data Software AG) C:\Windows\system32\Drivers\MiniIcpt.sys
2014-09-01 23:00 - 2009-06-20 14:56 - 00064000 _____ (G Data Software AG) C:\Windows\system32\Drivers\gdwfpcd64.sys
2014-08-31 23:00 - 2014-02-28 00:00 - 00018160 _____ (G Data Software) C:\Windows\system32\Drivers\GdPhyMem.sys
2014-08-31 23:00 - 2009-07-28 16:34 - 00106272 _____ (G Data Software) C:\Windows\system32\Drivers\GRD.sys
2014-08-31 22:03 - 2014-08-26 18:52 - 00000000 ___HD () C:\Users\Public\Temp
2014-08-31 15:59 - 2014-08-22 09:11 - 00000000 ____D () C:\Program Files (x86)\videos MediaPlay-Air
2014-08-29 15:01 - 2009-01-08 19:24 - 00003784 _____ () C:\Windows\System32\Tasks\HP-Online-Aktualisierungsprogramm
2014-08-29 15:00 - 2014-04-06 16:26 - 00003558 _____ () C:\Windows\System32\Tasks\GarminUpdaterTask
2014-08-27 10:03 - 2014-08-27 10:03 - 00000630 _____ () C:\Users\Manopost\Desktop\BLT14-15_209.exe - Verknüpfung.lnk
2014-08-27 09:52 - 2014-08-27 09:52 - 00724992 _____ (Maximilian Stangel) C:\Users\Manopost\Downloads\BLT14-15_209.exe
2014-08-27 09:33 - 2014-08-27 09:33 - 00000000 ____D () C:\ProgramData\Avg_Update_0814tb
2014-08-27 07:33 - 2014-07-28 19:59 - 00000000 ____D () C:\Program Files (x86)\Browser 7 Maintenance Service
2014-08-26 18:50 - 2014-08-26 18:49 - 00000000 ____D () C:\Users\Public\29B3597AA0BC4491BC3F1A409CD7CF3F
2014-08-26 14:04 - 2014-08-17 11:21 - 00000000 ____D () C:\Users\Manopost\Desktop\Meine Bilder
2014-08-26 13:43 - 2009-01-09 17:08 - 00112128 _____ () C:\Users\Manopost\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-08-26 13:13 - 2014-08-26 13:13 - 00000000 ____D () C:\ProgramData\Telekom-Browser 7
2014-08-26 13:13 - 2014-07-28 19:59 - 00000000 ____D () C:\Users\Manopost\AppData\Roaming\Deutsche Telekom AG
2014-08-25 17:41 - 2014-08-25 17:41 - 00000000 ____D () C:\Users\Manopost\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-25 17:41 - 2014-08-25 17:41 - 00000000 ____D () C:\Program Files (x86)\Dropbox
2014-08-25 07:52 - 2014-08-25 07:52 - 00000000 ____D () C:\Users\Manopost\AppData\Local\Adobe
2014-08-23 03:05 - 2014-08-28 21:52 - 00304128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 02:42 - 2014-08-28 21:52 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 01:38 - 2014-08-28 21:52 - 02782208 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-22 15:27 - 2014-08-22 15:27 - 00000000 ____D () C:\ProgramData\Xerox
2014-08-22 14:59 - 2014-08-17 13:26 - 00000000 ____D () C:\Users\Manopost\Desktop\Tolo 2
2014-08-22 13:21 - 2014-08-17 13:33 - 00000000 ____D () C:\Users\Manopost\Desktop\Tolo Video 1
2014-08-22 12:45 - 2014-08-22 12:43 - 00000000 ____D () C:\Users\Public\10F34257C92C4CB28669BE8F744057EF
2014-08-22 10:24 - 2014-08-22 10:23 - 00000000 ____D () C:\Users\Public\39203AE8A0DE4F819CFD816F114013DB
2014-08-22 10:20 - 2009-01-28 10:44 - 00000000 ____D () C:\Users\Manopost\AppData\Local\Ahead
2014-08-22 09:57 - 2009-02-02 23:48 - 00000000 __SHD () C:\found.000
2014-08-22 09:36 - 2012-12-16 14:45 - 00000111 _____ () C:\.dir
2014-08-22 09:24 - 2014-01-03 19:18 - 00000008 __RSH () C:\Users\Manopost\ntuser.pol
2014-08-22 09:24 - 2009-11-23 14:04 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-08-22 09:16 - 2006-11-02 15:34 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-08-22 09:12 - 2014-08-22 09:10 - 00062602 _____ () C:\Users\Manopost\AppData\Local\dd_vcredistMSI61B3.txt
2014-08-22 09:12 - 2014-08-22 09:10 - 00012036 _____ () C:\Users\Manopost\AppData\Local\dd_vcredistUI61B3.txt
2014-08-20 19:35 - 2014-08-16 23:56 - 00000000 ____D () C:\Users\Manopost\Desktop\Handy Tolo
2014-08-20 19:28 - 2012-09-05 19:54 - 00050976 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2014-08-20 17:31 - 2010-08-01 13:11 - 00000000 ____D () C:\Users\Manopost\AppData\Roaming\Skype
2014-08-20 15:13 - 2014-08-20 14:45 - 00000732 _____ () C:\Users\Manopost\AppData\Local\d3d9caps64.dat
2014-08-20 14:49 - 2014-08-20 14:49 - 00016152 _____ () C:\Windows\system32\Drivers\SWDUMon.sys
2014-08-20 14:49 - 2014-08-20 14:49 - 00000000 ____D () C:\Users\Manopost\AppData\Local\SlimWare Utilities Inc
2014-08-20 14:48 - 2014-08-20 14:48 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers
2014-08-20 14:44 - 2014-08-20 14:44 - 00796720 _____ ( ) C:\Users\Manopost\Downloads\nero_setup.exe
2014-08-17 18:45 - 2014-08-17 18:20 - 00001653 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fotostory 3 für Windows.lnk
2014-08-17 18:20 - 2014-08-17 18:20 - 00000000 ____D () C:\Program Files (x86)\Photo Story 3 for Windows
2014-08-17 18:18 - 2014-08-17 18:18 - 01101648 _____ () C:\Users\Manopost\Documents\Microsoft Photo Story - CHIP-Installer.exe
2014-08-17 11:36 - 2013-07-04 09:21 - 00000855 _____ () C:\Users\Manopost\Desktop\Bluetooth-Informationsaustausch.lnk
2014-08-17 09:51 - 2006-11-02 15:33 - 00000000 ____D () C:\Windows\rescache
2014-08-17 08:49 - 2014-08-17 08:49 - 01058200 _____ (Adobe) C:\Users\Manopost\Downloads\install_flashplayer14x32au_mssa_awc_aih.exe
2014-08-17 08:48 - 2013-08-15 20:56 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-17 08:44 - 2006-11-02 14:35 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-08-17 08:33 - 2014-02-19 16:41 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-17 08:32 - 2014-08-17 08:32 - 00001757 _____ () C:\Users\Public\Desktop\Garmin Express.lnk
2014-08-17 08:32 - 2014-08-17 08:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2014-08-17 08:32 - 2014-02-19 16:42 - 00000000 ____D () C:\ProgramData\Garmin
2014-08-17 08:32 - 2014-02-19 16:41 - 00000000 ____D () C:\Program Files (x86)\Garmin
2014-08-14 12:15 - 2014-08-17 00:05 - 36898446 _____ () C:\Users\Manopost\Desktop\20140814_131447.mp4
Files to move or delete:
====================
C:\Users\Manopost\DivXInstaller7.exe
C:\Users\Manopost\googleupdatesetup.exe
C:\Users\Manopost\Nero-8.3.13.0_all_update.exe
C:\Users\Manopost\pcfresh.exe
C:\Users\Manopost\PowerPointViewer.exe
Some content of TEMP:
====================
C:\Users\Manopost\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphpm47v.dll
C:\Users\Manopost\AppData\Local\Temp\ICReinstall_google-chrome_setup (1).exe
C:\Users\Manopost\AppData\Local\Temp\_isA52C.exe
C:\Users\Ute\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-09-10 13:37
==================== End Of Log ============================
|
|
10.09.2014, 22:36
| #33 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | lrcnta + srptm, graue Felder Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.
__________________Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKU\.DEFAULT\...\Winlogon: [Shell] C:\Windows\explorer.exe [3079168 2009-04-11] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-19\...\Winlogon: [Shell] C:\Windows\explorer.exe [3079168 2009-04-11] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-20\...\Winlogon: [Shell] C:\Windows\explorer.exe [3079168 2009-04-11] (Microsoft Corporation) <==== ATTENTION
AppInit_DLLs-x32: C:\Users\Manopost\AppData\Local\Smartbar\Application\Resources\crdlil.dll => "C:\Users\Manopost\AppData\Local\Smartbar\Application\Resources\crdlil.dll" File Not Found
CHR HomePage: Default -> CA7071918667F4327D423F4D70E794BF606311A235D4A490FC145E6BC7418393
CHR DefaultSearchKeyword: Default -> 199E29FAA7C54775CD180793079F5617B561B965549C89D4A6FC35C2896A28AE
CHR DefaultSearchProvider: Default -> 9F43598E6FC84D62FAD3F1C6194BCCCF9B797405CD55613E71E6FE5656259DC3
CHR DefaultSearchURL: Default -> C67BD8333C5775407A7F68E95C2FCB3F70A25EEE0505DE41C14945691D0CE179
S2 scores; C:\Windows\score.exe [X]
C:\Users\Manopost\AppData\Local\Smartbar
C:\Windows\score.exe
AlternateDataStreams: C:\Users\Manopost:zylomtest
AlternateDataStreams: C:\Users\Manopost:zylomtr{000HQ7FF-AD7A-3FG7-DNQC-2227NIQAQVVE}
AlternateDataStreams: C:\Users\Manopost:zylomtr{000HQ7FF-AD7A-3FG7-FCUD-28A45N46SVT9}
AlternateDataStreams: C:\ProgramData\TEMP:2B1EA607
AlternateDataStreams: C:\ProgramData\TEMP:8AD1F2E0
AlternateDataStreams: C:\ProgramData\TEMP:957E9765
AlternateDataStreams: C:\ProgramData\TEMP:BD36345D
AlternateDataStreams: C:\ProgramData\TEMP:F0D7EE30
C:\Users\Manopost\DivXInstaller7.exe
C:\Users\Manopost\googleupdatesetup.exe
C:\Users\Manopost\Nero-8.3.13.0_all_update.exe
C:\Users\Manopost\pcfresh.exe
C:\Users\Manopost\PowerPointViewer.exe
C:\Users\Public\10F34257C92C4CB28669BE8F744057EF
C:\Users\Public\39203AE8A0DE4F819CFD816F114013DB
C:\Windows\System32\Tasks\{4231AEF2-8460-496A-9460-D6D1F6493ADF}
EmptyTemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ |
|
11.09.2014, 12:30
| #34 |
| | lrcnta + srptm, graue FelderCode:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-09-2014
Ran by Ute at 2014-09-11 13:07:01 Run:2
Running from C:\Users\Ute\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
HKU\.DEFAULT\...\Winlogon: [Shell] C:\Windows\explorer.exe [3079168 2009-04-11] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-19\...\Winlogon: [Shell] C:\Windows\explorer.exe [3079168 2009-04-11] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-20\...\Winlogon: [Shell] C:\Windows\explorer.exe [3079168 2009-04-11] (Microsoft Corporation) <==== ATTENTION
AppInit_DLLs-x32: C:\Users\Manopost\AppData\Local\Smartbar\Application\Resources\crdlil.dll => "C:\Users\Manopost\AppData\Local\Smartbar\Application\Resources\crdlil.dll" File Not Found
CHR HomePage: Default -> CA7071918667F4327D423F4D70E794BF606311A235D4A490FC145E6BC7418393
CHR DefaultSearchKeyword: Default -> 199E29FAA7C54775CD180793079F5617B561B965549C89D4A6FC35C2896A28AE
CHR DefaultSearchProvider: Default -> 9F43598E6FC84D62FAD3F1C6194BCCCF9B797405CD55613E71E6FE5656259DC3
CHR DefaultSearchURL: Default -> C67BD8333C5775407A7F68E95C2FCB3F70A25EEE0505DE41C14945691D0CE179
S2 scores; C:\Windows\score.exe [X]
C:\Users\Manopost\AppData\Local\Smartbar
C:\Windows\score.exe
AlternateDataStreams: C:\Users\Manopost:zylomtest
AlternateDataStreams: C:\Users\Manopost:zylomtr{000HQ7FF-AD7A-3FG7-DNQC-2227NIQAQVVE}
AlternateDataStreams: C:\Users\Manopost:zylomtr{000HQ7FF-AD7A-3FG7-FCUD-28A45N46SVT9}
AlternateDataStreams: C:\ProgramData\TEMP:2B1EA607
AlternateDataStreams: C:\ProgramData\TEMP:8AD1F2E0
AlternateDataStreams: C:\ProgramData\TEMP:957E9765
AlternateDataStreams: C:\ProgramData\TEMP:BD36345D
AlternateDataStreams: C:\ProgramData\TEMP:F0D7EE30
C:\Users\Manopost\DivXInstaller7.exe
C:\Users\Manopost\googleupdatesetup.exe
C:\Users\Manopost\Nero-8.3.13.0_all_update.exe
C:\Users\Manopost\pcfresh.exe
C:\Users\Manopost\PowerPointViewer.exe
C:\Users\Public\10F34257C92C4CB28669BE8F744057EF
C:\Users\Public\39203AE8A0DE4F819CFD816F114013DB
C:\Windows\System32\Tasks\{4231AEF2-8460-496A-9460-D6D1F6493ADF}
EmptyTemp:
*****************
HKU\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value not found.
HKU\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value not found.
HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value not found.
"C:\Users\Manopost\AppData\Local\Smartbar\Application\Resources\crdlil.dll" => Value Data not found.
Chrome HomePage deleted successfully.
Chrome DefaultSearchKeyword deleted successfully.
CHR DefaultSearchProvider: Default -> 9F43598E6FC84D62FAD3F1C6194BCCCF9B797405CD55613E71E6FE5656259DC3 ==> The Chrome "Settings" can be used to fix the entry.
Chrome DefaultSearchURL deleted successfully.
scores => Service deleted successfully.
"C:\Users\Manopost\AppData\Local\Smartbar" => File/Directory not found.
"C:\Windows\score.exe" => File/Directory not found.
C:\Users\Manopost => ":zylomtest" ADS removed successfully.
C:\Users\Manopost => ":zylomtr{000HQ7FF-AD7A-3FG7-DNQC-2227NIQAQVVE}" ADS removed successfully.
C:\Users\Manopost => ":zylomtr{000HQ7FF-AD7A-3FG7-FCUD-28A45N46SVT9}" ADS removed successfully.
C:\ProgramData\TEMP => ":2B1EA607" ADS removed successfully.
C:\ProgramData\TEMP => ":8AD1F2E0" ADS removed successfully.
C:\ProgramData\TEMP => ":957E9765" ADS removed successfully.
C:\ProgramData\TEMP => ":BD36345D" ADS removed successfully.
C:\ProgramData\TEMP => ":F0D7EE30" ADS removed successfully.
C:\Users\Manopost\DivXInstaller7.exe => Moved successfully.
C:\Users\Manopost\googleupdatesetup.exe => Moved successfully.
C:\Users\Manopost\Nero-8.3.13.0_all_update.exe => Moved successfully.
C:\Users\Manopost\pcfresh.exe => Moved successfully.
C:\Users\Manopost\PowerPointViewer.exe => Moved successfully.
C:\Users\Public\10F34257C92C4CB28669BE8F744057EF => Moved successfully.
C:\Users\Public\39203AE8A0DE4F819CFD816F114013DB => Moved successfully.
C:\Windows\System32\Tasks\{4231AEF2-8460-496A-9460-D6D1F6493ADF} => Moved successfully.
EmptyTemp: => Removed 5.5 GB temporary data.
The system needed a reboot.
==== End of Fixlog ====
|
|
11.09.2014, 14:08
| #35 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | lrcnta + srptm, graue Felder Rechner neu starten, dann neue FRST Logs. Haken setzen bei addition.txt dann auf Scan klicken 
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
11.09.2014, 14:41
| #36 |
| | lrcnta + srptm, graue Felder FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-09-2014
Ran by Ute (administrator) on MANOPOST-PC on 11-09-2014 15:36:07
Running from C:\Users\Ute\Desktop
Platform: Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(G Data Software AG) C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKWCtlx64.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(AOL LLC) C:\Program Files (x86)\Common Files\aol\acs\AOLacsd.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanNetService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() J:\Tobit Radio.fx\Server\rfx-server.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(G Data Software AG) C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G DATA\AVKProxy\GdBgInx64.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G DATA\AVKProxy\GDKBFltExe32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\conime.exe
(AOL, LLC.) C:\Program Files (x86)\AOL 9.0 VR\waol.exe
(America Online, Inc.) C:\Program Files (x86)\Common Files\aol\1231342872\ee\aolsoftware.exe
(AOL, LLC.) C:\Program Files (x86)\AOL 9.0 VR\shellmon.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKBap64.exe
(America Online Inc) C:\Program Files (x86)\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [ITSecMng] => C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [83336 2009-07-22] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [SunJavaUpdateReg] => C:\Windows\SysWOW64\jureg.exe [54936 2007-04-07] (Sun Microsystems, Inc.)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe,
HKU\.DEFAULT\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-243317379-2889874547-3061927781-1001\...\Run: [AOL Fast Start] => C:\Program Files (x86)\AOL 9.0 VR\AOL.EXE [50480 2007-06-21] (AOL, LLC.)
IFEO: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\bip_camera1.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\browser7.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\btassist1.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\coverdes.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\discspeed.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\drivespeed.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\eccenter1.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\excel.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\express.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\frontpg.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\groove.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\hpwucli.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\infopath.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\infotool.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\lifecam.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\mobiletrans.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\msaccess.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\msoxmled.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\mspub.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\mstore.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\mypc backup.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\nero.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\neroburnrights.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\nerohome.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\neromediahome.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\nerorescueagent.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\neroscoutoptions.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\nerostartsmart.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\nerovision.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\offdiag.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\ois.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\onenote.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\osa.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\outlook.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\photosnap.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\photosnapviewer.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\powerpnt.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\pptview.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\recode.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\setupx.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\showtime.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\skype.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\soundtrax.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\tosbtmng.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\tosbtproc1.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\unins000.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\uninst.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\usrguide.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\waveedit.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\winword.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\wirelessftp1.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\wlangui.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\zune.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
ShellIconOverlayIdentifiers: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/cpm-redir/ie-9.html
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.t-online.de/cpm-redir/ie-9.html
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.t-online.de/cpm-redir/ie-9.html
hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=84&bd=Pavilion&pf=cndt
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.t-online.de/cpm-redir/ie-9.html
hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=84&bd=Pavilion&pf=cndt
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,CustomizeSearch = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {D6E4D59A-E5FE-4C8D-8347-B99B76E656E5} URL = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
SearchScopes: HKLM - {F137222E-6DE9-44E9-8EF2-CC5A8D3833BB} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
SearchScopes: HKLM-x32 - {2059CF48-25F3-40d7-9D37-24A3142FD20B} URL = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=3379&q={searchTerms}&rp=&s_it=tb50-ie-aolde-chromesbox-de-de
SearchScopes: HKLM-x32 - {D6E4D59A-E5FE-4C8D-8347-B99B76E656E5} URL = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
SearchScopes: HKCU - DefaultScope {83CB6700-9424-4FE4-B1F4-F9BC555167F3} URL = hxxp://suche.t-online.de/fast-cgi/tsc?mandant=toi&device=html&portallanguage=de&userlanguage=de&dia=suche&context=internet-tab&tpc=internet&ptl=std&classification=internet-tab_internet_std&q={searchTerms}&br=ie7-toi
SearchScopes: HKCU - {6C7BD9C4-A466-46C4-82C4-CC66701D1395} URL = hxxp://rover.ebay.com/rover/1/707-1403-276402/4?mpre=hxxp://search.ebay.de/search/search.dll?shortcut=4&query={sear chTerms}
SearchScopes: HKCU - {83CB6700-9424-4FE4-B1F4-F9BC555167F3} URL = hxxp://suche.t-online.de/fast-cgi/tsc?mandant=toi&device=html&portallanguage=de&userlanguage=de&dia=suche&context=internet-tab&tpc=internet&ptl=std&classification=internet-tab_internet_std&q={searchTerms}&br=ie7-toi
SearchScopes: HKCU - {E6396811-2413-44EC-A69B-A788B0E124FC} URL = hxxp://suche.t-online.de/fastcgi/tsc?mandant=toi&device=html&portallanguage=de&userlanguage=de&d ia=suche&context=wiki-tab&tpc=internet&ptl=std&classification=wikitab_internet_std&q={searchTerms}&br=ie7-toi
SearchScopes: HKCU - {F048D832-4CD6-4A55-AAC4-45E3EE19F9B4} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag= interactivemesuche21&index=blended&linkCode=ur2&camp=1638&creative=6742
BHO: Windows Live Family Safety Browser Helper Class -> {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} -> C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: HKLM-x32 {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
DPF: HKLM-x32 {477E2667-7E7A-4737-BFF5-121D68EF7816} hxxp://musikdownloads.aol.de/imcdms-static/code/AOL%20Download%20Assistent.ocx
DPF: HKLM-x32 {74E4A24D-5224-4F05-8A41-99445E0FC22B} hxxp://www.gamehouse.com/games/gamehouse/ghplayer.cab
DPF: HKLM-x32 {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\syswow64\urlmon.dll (Microsoft Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.5.0 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll No File
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-03-21]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-03-07]
Chrome:
=======
CHR DefaultSearchProvider: Default -> 9F43598E6FC84D62FAD3F1C6194BCCCF9B797405CD55613E71E6FE5656259DC3
CHR Profile: C:\Users\Ute\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\Ute\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-09]
CHR Extension: (Google Docs) - C:\Users\Ute\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-09]
CHR Extension: (Google Drive) - C:\Users\Ute\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-09]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Ute\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-09]
CHR Extension: (YouTube) - C:\Users\Ute\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-09]
CHR Extension: (Google-Suche) - C:\Users\Ute\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-09]
CHR Extension: (Skype Click to Call) - C:\Users\Ute\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-09-09]
CHR Extension: (Google Wallet) - C:\Users\Ute\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-10]
CHR Extension: (Mehr Leistung und Videoformate für dein HTML5 <video>) - C:\Users\Ute\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2014-09-09]
CHR Extension: (Google Mail) - C:\Users\Ute\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-09]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-01-17]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S4 ABBYY.Licensing.PDFTransformer.Classic.3.0; C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe [759048 2010-02-01] (ABBYY)
R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2250360 2014-07-30] (G Data Software AG)
R2 AVKService; C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe [914552 2013-12-19] (G Data Software AG)
R2 AVKWCtl; C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKWCtlx64.exe [2683760 2014-05-20] (G Data Software AG)
R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [356352 2006-12-28] (AVM Berlin) [File not signed]
S4 Boonty Games; C:\Program Files (x86)\Common Files\BOONTY Shared\Service\Boonty.exe [69120 2009-01-28] (BOONTY) [File not signed]
S4 Browser7Maintenance; C:\Program Files (x86)\Browser 7 Maintenance Service\maintenanceservice.exe [112128 2014-08-26] (Deutsche Telekom AG) [File not signed]
R2 ezSharedSvc; C:\Windows\SysWOW64\ezsvc7.dll [129992 2008-02-03] (EasyBits Sofware AS) [File not signed]
S4 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-08-07] (Garmin Ltd or its subsidiaries)
R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [700536 2014-05-20] (G Data Software AG)
S3 HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-06-02] (Hewlett-Packard) [File not signed]
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2008-10-16] (Hewlett-Packard Co.) [File not signed]
S2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [135168 2008-03-25] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [69632 2006-11-08] (Hewlett-Packard) [File not signed]
S4 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [537896 2008-12-12] (Nero AG)
S4 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [88064 2006-11-08] (Hewlett-Packard) [File not signed]
R2 Radio.fx; J:\Tobit Radio.fx\Server\rfx-server.exe [3673944 2011-11-18] ()
S4 ServiceLayer; C:\Program Files (x86)\Nokia\PC Connectivity Solution\ServiceLayer.exe [632832 2011-03-21] (Nokia) [File not signed]
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2145080 2014-07-16] (TuneUp Software)
S2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [29184 2013-04-18] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [36352 2013-06-28] (LG Electronics Inc.)
S3 andnetndis; C:\Windows\System32\DRIVERS\lgandnetndis64.sys [103936 2013-04-23] (LG Electronics Inc.)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [310984 2010-07-22] ()
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-20] (AVG Technologies)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2006-12-28] (AVM Berlin)
S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [34704 2010-02-05] (CSR, plc)
R3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2006-12-28] (AVM GmbH)
R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [55808 2014-09-01] (G Data Software AG)
R1 GDKBFlt; C:\Windows\system32\drivers\GDKBFlt64.sys [20992 2014-07-06] (G Data Software AG)
R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [142336 2014-09-01] (G Data Software AG)
R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [64000 2014-07-06] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [64000 2014-09-01] (G Data Software AG)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [106272 2014-08-31] (G Data Software)
R3 HCW3x64; C:\Windows\System32\DRIVERS\HCW3x64.sys [1087872 2007-03-26] (Hauppauge Computer Works inc.)
R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [61440 2014-07-06] (G Data Software AG)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [42696 2010-07-22] ()
S4 nvrd64; C:\Windows\system32\drivers\nvrd64.sys [166944 2008-06-06] (NVIDIA Corporation)
S3 Ph3xIB64; C:\Windows\System32\DRIVERS\Ph3xIB64.sys [1368960 2006-09-30] (Philips Semiconductors GmbH)
S3 Ps2; C:\Windows\System32\DRIVERS\PS2.sys [21504 2006-09-07] ()
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-08-20] ()
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-09-18] (TuneUp Software)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-11 15:36 - 2014-09-11 15:36 - 00028470 _____ () C:\Users\Ute\Desktop\FRST.txt
2014-09-11 15:35 - 2014-09-11 15:35 - 02105856 _____ (Farbar) C:\Users\Ute\Desktop\FRST64.exe
2014-09-11 12:33 - 2014-08-15 17:48 - 17868288 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-11 12:33 - 2014-08-15 17:36 - 10920960 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-11 12:33 - 2014-08-15 17:35 - 02339328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-11 12:33 - 2014-08-15 17:31 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-11 12:33 - 2014-08-15 17:31 - 01384960 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-11 12:33 - 2014-08-15 17:30 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-11 12:33 - 2014-08-15 17:30 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-09-11 12:33 - 2014-08-15 17:30 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-11 12:33 - 2014-08-15 17:29 - 02156032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-11 12:33 - 2014-08-15 17:29 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-11 12:33 - 2014-08-15 17:29 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-11 12:33 - 2014-08-15 17:29 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-11 12:33 - 2014-08-15 17:29 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-09-11 12:33 - 2014-08-15 17:29 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-11 12:33 - 2014-08-15 17:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-11 12:33 - 2014-08-15 17:29 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-11 12:33 - 2014-08-15 17:29 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-09-11 12:33 - 2014-08-15 17:28 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-11 12:33 - 2014-08-15 17:28 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-11 12:33 - 2014-08-15 17:28 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-09-11 12:33 - 2014-08-15 17:28 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-09-11 12:33 - 2014-08-15 16:51 - 12363264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-11 12:33 - 2014-08-15 16:42 - 09739776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-11 12:33 - 2014-08-15 16:42 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-11 12:33 - 2014-08-15 16:37 - 01137664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-11 12:33 - 2014-08-15 16:37 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-11 12:33 - 2014-08-15 16:36 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-11 12:33 - 2014-08-15 16:35 - 01802240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-11 12:33 - 2014-08-15 16:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-09-11 12:33 - 2014-08-15 16:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-11 12:33 - 2014-08-15 16:35 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-11 12:33 - 2014-08-15 16:35 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-11 12:33 - 2014-08-15 16:35 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-09-11 12:33 - 2014-08-15 16:35 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-11 12:33 - 2014-08-15 16:35 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-11 12:33 - 2014-08-15 16:35 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-11 12:33 - 2014-08-15 16:35 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-09-11 12:33 - 2014-08-15 16:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-11 12:33 - 2014-08-15 16:34 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-11 12:33 - 2014-08-15 16:34 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-11 12:33 - 2014-08-15 16:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-09-11 12:33 - 2014-08-15 16:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-09-10 13:38 - 2014-09-10 13:38 - 01016261 _____ (Thisisu) C:\Users\Ute\Desktop\JRT.exe
2014-09-09 18:21 - 2014-09-09 18:21 - 01016261 _____ (Thisisu) C:\Users\Ute\Downloads\JRT (2).exe
2014-09-09 18:08 - 2014-09-09 18:08 - 00000000 ____D () C:\Windows\ERUNT
2014-09-09 18:06 - 2014-09-09 18:06 - 01016261 _____ (Thisisu) C:\Users\Ute\Downloads\JRT (1).exe
2014-09-09 18:05 - 2014-09-09 18:06 - 01016261 _____ (Thisisu) C:\Users\Ute\Downloads\JRT.exe
2014-09-09 17:48 - 2014-09-09 17:52 - 00000000 ____D () C:\AdwCleaner
2014-09-09 17:45 - 2014-09-09 17:45 - 01370483 _____ () C:\Users\Ute\Desktop\adwcleaner_3.309.exe
2014-09-09 15:48 - 2014-09-09 15:49 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Ute\Desktop\tdsskiller.exe
2014-09-09 15:44 - 2014-09-09 15:44 - 00000000 ____D () C:\Users\Ute\AppData\Local\Google
2014-09-09 12:52 - 2014-09-09 12:52 - 00895120 _____ (Google Inc.) C:\Users\Manopost\Downloads\ChromeSetup(3).exe
2014-09-09 12:50 - 2014-09-09 12:50 - 00733168 _____ () C:\Users\Manopost\Downloads\chromesetup(2).exe
2014-09-09 12:44 - 2014-09-09 13:06 - 00001979 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-09 12:44 - 2014-09-09 12:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-09-09 12:43 - 2014-09-11 15:23 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-09 12:43 - 2014-09-11 14:48 - 00001114 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-09 12:43 - 2014-09-09 12:43 - 00004110 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-09-09 12:43 - 2014-09-09 12:43 - 00003858 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-09-09 12:42 - 2014-09-09 12:42 - 00895120 _____ (Google Inc.) C:\Users\Manopost\Downloads\ChromeSetup(1).exe
2014-09-09 07:02 - 2014-09-09 09:03 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-09 06:56 - 2014-09-09 08:20 - 00000000 ____D () C:\Users\Ute\Desktop\mbar
2014-09-09 06:55 - 2014-09-09 06:56 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Ute\Desktop\mbar-1.07.0.1012.exe
2014-09-08 14:59 - 2014-09-08 18:17 - 00000000 ___SD () C:\32788R22FWJFW
2014-09-08 14:59 - 2014-09-08 14:59 - 00000000 ____D () C:\Windows\erdnt
2014-09-08 09:47 - 2014-09-08 09:47 - 00000000 ____D () C:\Users\Ute\AppData\Roaming\Adobe
2014-09-08 09:46 - 2014-09-08 11:00 - 00000000 ____D () C:\Users\Ute\AppData\Roaming\TuneUp Software
2014-09-08 09:46 - 2014-09-08 09:46 - 00000000 ____D () C:\Users\Ute\AppData\Local\TuneUp Software
2014-09-08 09:45 - 2014-09-08 09:45 - 00000951 _____ () C:\Users\Ute\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-09-08 09:45 - 2014-09-08 09:45 - 00000000 ____D () C:\Users\Ute\AppData\Roaming\AOL
2014-09-08 09:45 - 2014-09-08 09:45 - 00000000 ____D () C:\Users\Ute\AppData\Local\AOL
2014-09-08 09:44 - 2014-09-08 09:45 - 00000941 _____ () C:\Users\Ute\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-08 09:44 - 2014-09-08 09:44 - 00000936 _____ () C:\Users\Ute\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-09-08 09:42 - 2014-09-08 09:44 - 00000917 _____ () C:\Users\Ute\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2014-09-08 09:41 - 2014-09-08 09:46 - 00000000 ____D () C:\Users\Ute\AppData\Local\VirtualStore
2014-09-08 09:41 - 2014-09-08 09:44 - 00000000 ____D () C:\Users\Ute
2014-09-08 09:41 - 2014-09-08 09:41 - 00000020 ___SH () C:\Users\Ute\ntuser.ini
2014-09-08 09:41 - 2014-09-08 09:41 - 00000000 _SHDL () C:\Users\Ute\Vorlagen
2014-09-08 09:41 - 2014-09-08 09:41 - 00000000 _SHDL () C:\Users\Ute\Startmenü
2014-09-08 09:41 - 2014-09-08 09:41 - 00000000 _SHDL () C:\Users\Ute\Netzwerkumgebung
2014-09-08 09:41 - 2014-09-08 09:41 - 00000000 _SHDL () C:\Users\Ute\Lokale Einstellungen
2014-09-08 09:41 - 2014-09-08 09:41 - 00000000 _SHDL () C:\Users\Ute\Eigene Dateien
2014-09-08 09:41 - 2014-09-08 09:41 - 00000000 _SHDL () C:\Users\Ute\Druckumgebung
2014-09-08 09:41 - 2014-09-08 09:41 - 00000000 _SHDL () C:\Users\Ute\Documents\Eigene Musik
2014-09-08 09:41 - 2014-09-08 09:41 - 00000000 _SHDL () C:\Users\Ute\Documents\Eigene Bilder
2014-09-08 09:41 - 2014-09-08 09:41 - 00000000 _SHDL () C:\Users\Ute\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-09-08 09:41 - 2014-09-08 09:41 - 00000000 _SHDL () C:\Users\Ute\AppData\Local\Verlauf
2014-09-08 09:41 - 2014-09-08 09:41 - 00000000 _SHDL () C:\Users\Ute\AppData\Local\Anwendungsdaten
2014-09-08 09:41 - 2014-09-08 09:41 - 00000000 _SHDL () C:\Users\Ute\Anwendungsdaten
2014-09-08 09:41 - 2014-04-09 17:34 - 00000000 ____D () C:\Users\Ute\AppData\Roaming\Garmin
2014-09-08 09:41 - 2011-11-18 04:55 - 00000000 ____D () C:\Users\Ute\AppData\Roaming\Macromedia
2014-09-08 09:41 - 2010-11-16 00:09 - 00000000 ____D () C:\Users\Ute\AppData\Local\Microsoft Help
2014-09-08 09:41 - 2008-01-21 05:20 - 00000000 ___RD () C:\Users\Ute\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-09-08 09:41 - 2008-01-21 05:20 - 00000000 ___RD () C:\Users\Ute\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-08 08:03 - 2014-09-08 08:03 - 00003631 _____ () C:\Users\Manopost\Downloads\FRST.txt
2014-09-08 08:02 - 2014-09-08 08:03 - 02105344 _____ (Farbar) C:\Users\Manopost\Downloads\FRST64(1).exe
2014-09-08 07:44 - 2011-05-13 12:16 - 00493056 _____ ( datenhaus GmbH) C:\Windows\SysWOW64\dhRichClient3.dll
2014-09-08 07:44 - 2011-03-25 20:42 - 00338432 _____ () C:\Windows\SysWOW64\sqlite36_engine.dll
2014-09-08 07:43 - 2014-09-08 07:43 - 01101648 _____ () C:\Users\Manopost\Downloads\HijackThis - CHIP-Installer.exe
2014-09-07 19:19 - 2014-09-07 19:19 - 02105344 _____ (Farbar) C:\Users\Manopost\Downloads\FRST64.exe
2014-09-07 16:19 - 2014-09-07 16:19 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-07 16:18 - 2014-09-07 16:19 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Manopost\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-07 15:00 - 2014-09-11 15:36 - 00000000 ____D () C:\FRST
2014-09-07 10:24 - 2014-09-07 10:24 - 00388152 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-07 10:23 - 2014-09-11 13:18 - 00658662 _____ () C:\Windows\PFRO.log
2014-09-06 23:41 - 2014-09-06 23:42 - 00895120 _____ (Google Inc.) C:\Users\Manopost\Downloads\ChromeSetup.exe
2014-09-06 23:24 - 2014-09-06 23:24 - 00106712 _____ () C:\Users\Manopost\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-06 23:24 - 2014-09-06 23:24 - 00002379 _____ () C:\Users\Manopost\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-09-06 23:16 - 2014-09-06 23:57 - 00000000 ____D () C:\Users\Manopost\AppData\Local\Gameo
2014-09-06 23:16 - 2014-09-06 23:16 - 00000174 _____ () C:\Users\Manopost\Desktop\Play Games Online.url
2014-09-06 23:16 - 2014-09-06 23:16 - 00000174 _____ () C:\Users\Manopost\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play Games Online.url
2014-09-06 23:16 - 2014-09-06 23:16 - 00000000 ___HD () C:\Users\Manopost\AppData\Roaming\GoldenGate
2014-09-06 16:11 - 2014-09-06 16:11 - 00000000 ____D () C:\Users\Manopost\AppData\Local\Deployment
2014-09-01 23:00 - 2014-09-01 23:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G DATA ANTIVIRUS
2014-08-28 21:52 - 2014-08-23 03:05 - 00304128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-28 21:52 - 2014-08-23 02:42 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 21:52 - 2014-08-23 01:38 - 02782208 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-27 10:03 - 2014-08-27 10:03 - 00000630 _____ () C:\Users\Manopost\Desktop\BLT14-15_209.exe - Verknüpfung.lnk
2014-08-27 09:52 - 2014-08-27 09:52 - 00724992 _____ (Maximilian Stangel) C:\Users\Manopost\Downloads\BLT14-15_209.exe
2014-08-27 09:33 - 2014-08-27 09:33 - 00000000 ____D () C:\ProgramData\Avg_Update_0814tb
2014-08-26 18:52 - 2014-08-31 22:03 - 00000000 ___HD () C:\Users\Public\Temp
2014-08-26 18:49 - 2014-08-26 18:50 - 00000000 ____D () C:\Users\Public\29B3597AA0BC4491BC3F1A409CD7CF3F
2014-08-26 14:15 - 2013-12-27 16:17 - 37650432 _____ () C:\Users\Manopost\Desktop\M2U00050.MPG
2014-08-26 13:28 - 2014-09-06 23:26 - 00000000 ____D () C:\Users\Manopost\Desktop\Tablet
2014-08-26 13:13 - 2014-08-26 13:13 - 00000000 ____D () C:\ProgramData\Telekom-Browser 7
2014-08-25 17:43 - 2014-09-07 01:20 - 00000000 ___RD () C:\Users\Manopost\Dropbox
2014-08-25 17:41 - 2014-08-25 17:41 - 00000000 ____D () C:\Users\Manopost\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-25 17:41 - 2014-08-25 17:41 - 00000000 ____D () C:\Program Files (x86)\Dropbox
2014-08-25 17:39 - 2014-09-06 22:46 - 00000000 ____D () C:\Users\Manopost\AppData\Roaming\Dropbox
2014-08-25 07:52 - 2014-08-25 07:52 - 00000000 ____D () C:\Users\Manopost\AppData\Local\Adobe
2014-08-22 15:27 - 2014-08-22 15:27 - 00000000 ____D () C:\ProgramData\Xerox
2014-08-22 14:28 - 2014-09-06 23:32 - 00000000 ____D () C:\Users\Manopost\Desktop\Neuer Ordner
2014-08-22 10:00 - 2014-04-19 17:34 - 00000426 _____ () C:\AVScanner.ini
2014-08-22 09:11 - 2014-08-31 15:59 - 00000000 ____D () C:\Program Files (x86)\videos MediaPlay-Air
2014-08-22 09:10 - 2014-08-22 09:12 - 00062602 _____ () C:\Users\Manopost\AppData\Local\dd_vcredistMSI61B3.txt
2014-08-22 09:10 - 2014-08-22 09:12 - 00012036 _____ () C:\Users\Manopost\AppData\Local\dd_vcredistUI61B3.txt
2014-08-20 14:49 - 2014-08-20 14:49 - 00016152 _____ () C:\Windows\system32\Drivers\SWDUMon.sys
2014-08-20 14:49 - 2014-08-20 14:49 - 00000000 ____D () C:\Users\Manopost\AppData\Local\SlimWare Utilities Inc
2014-08-20 14:48 - 2014-08-20 14:48 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers
2014-08-20 14:45 - 2014-08-20 15:13 - 00000732 _____ () C:\Users\Manopost\AppData\Local\d3d9caps64.dat
2014-08-20 14:44 - 2014-08-20 14:44 - 00796720 _____ ( ) C:\Users\Manopost\Downloads\nero_setup.exe
2014-08-17 18:20 - 2014-08-17 18:45 - 00001653 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fotostory 3 für Windows.lnk
2014-08-17 18:20 - 2014-08-17 18:20 - 00000000 ____D () C:\Program Files (x86)\Photo Story 3 for Windows
2014-08-17 18:18 - 2014-08-17 18:18 - 01101648 _____ () C:\Users\Manopost\Documents\Microsoft Photo Story - CHIP-Installer.exe
2014-08-17 13:33 - 2014-08-22 13:21 - 00000000 ____D () C:\Users\Manopost\Desktop\Tolo Video 1
2014-08-17 13:26 - 2014-08-22 14:59 - 00000000 ____D () C:\Users\Manopost\Desktop\Tolo 2
2014-08-17 11:21 - 2014-08-26 14:04 - 00000000 ____D () C:\Users\Manopost\Desktop\Meine Bilder
2014-08-17 08:49 - 2014-08-17 08:49 - 01058200 _____ (Adobe) C:\Users\Manopost\Downloads\install_flashplayer14x32au_mssa_awc_aih.exe
2014-08-17 08:36 - 2014-06-27 00:17 - 01389200 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-17 08:36 - 2014-06-27 00:17 - 00619664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-17 08:36 - 2014-06-27 00:17 - 00171152 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-17 08:36 - 2014-06-27 00:17 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-17 08:36 - 2014-06-27 00:17 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-17 08:36 - 2014-06-27 00:17 - 00008848 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-17 08:36 - 2014-06-06 06:29 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-17 08:36 - 2014-06-06 06:28 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-17 08:32 - 2014-08-17 08:32 - 00001757 _____ () C:\Users\Public\Desktop\Garmin Express.lnk
2014-08-17 08:32 - 2014-08-17 08:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2014-08-17 00:05 - 2014-08-14 12:15 - 36898446 _____ () C:\Users\Manopost\Desktop\20140814_131447.mp4
2014-08-16 23:56 - 2014-08-20 19:35 - 00000000 ____D () C:\Users\Manopost\Desktop\Handy Tolo
2014-08-16 23:37 - 2014-06-14 02:56 - 00901568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-16 23:37 - 2014-06-14 02:51 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-08-16 23:37 - 2014-06-02 23:30 - 03137536 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-16 23:37 - 2014-06-02 23:30 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-16 23:37 - 2014-06-02 23:29 - 02280448 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-16 23:37 - 2014-06-02 23:29 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2014-08-16 23:37 - 2014-06-02 22:29 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-16 23:37 - 2014-06-02 12:31 - 02263552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-16 23:37 - 2014-06-02 12:31 - 00332800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-16 23:37 - 2014-06-02 12:30 - 01993728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-16 23:36 - 2014-07-08 03:12 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-16 23:36 - 2014-07-08 02:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-16 23:06 - 2014-09-06 23:25 - 00000000 ____D () C:\Users\Manopost\Desktop\Kamera Tolo
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-11 15:36 - 2014-09-11 15:36 - 00028470 _____ () C:\Users\Ute\Desktop\FRST.txt
2014-09-11 15:36 - 2014-09-07 15:00 - 00000000 ____D () C:\FRST
2014-09-11 15:35 - 2014-09-11 15:35 - 02105856 _____ (Farbar) C:\Users\Ute\Desktop\FRST64.exe
2014-09-11 15:35 - 2012-07-19 18:26 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-11 15:27 - 2010-11-02 18:19 - 01283890 _____ () C:\Windows\WindowsUpdate.log
2014-09-11 15:23 - 2014-09-09 12:43 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-11 15:23 - 2006-11-02 17:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-11 15:23 - 2006-11-02 17:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-11 15:23 - 2006-11-02 17:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-11 15:21 - 2006-11-02 17:42 - 00032514 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-11 14:48 - 2014-09-09 12:43 - 00001114 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-11 13:18 - 2014-09-07 10:23 - 00658662 _____ () C:\Windows\PFRO.log
2014-09-11 13:08 - 2009-01-07 16:52 - 00000000 ____D () C:\Users\Manopost
2014-09-11 12:38 - 2010-11-15 00:52 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-11 12:32 - 2010-05-06 16:04 - 01613592 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-11 12:32 - 2008-09-13 07:16 - 00699062 _____ () C:\Windows\system32\perfh007.dat
2014-09-11 12:32 - 2008-09-13 07:16 - 00156416 _____ () C:\Windows\system32\perfc007.dat
2014-09-11 12:32 - 2006-11-02 14:46 - 01613592 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-11 12:31 - 2013-08-15 20:56 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-11 11:59 - 2006-11-02 14:35 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-09-10 14:35 - 2012-07-19 18:26 - 00003736 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-10 14:35 - 2012-04-08 10:43 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-10 14:35 - 2011-05-14 09:27 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-10 13:38 - 2014-09-10 13:38 - 01016261 _____ (Thisisu) C:\Users\Ute\Desktop\JRT.exe
2014-09-09 18:21 - 2014-09-09 18:21 - 01016261 _____ (Thisisu) C:\Users\Ute\Downloads\JRT (2).exe
2014-09-09 18:08 - 2014-09-09 18:08 - 00000000 ____D () C:\Windows\ERUNT
2014-09-09 18:06 - 2014-09-09 18:06 - 01016261 _____ (Thisisu) C:\Users\Ute\Downloads\JRT (1).exe
2014-09-09 18:06 - 2014-09-09 18:05 - 01016261 _____ (Thisisu) C:\Users\Ute\Downloads\JRT.exe
2014-09-09 17:52 - 2014-09-09 17:48 - 00000000 ____D () C:\AdwCleaner
2014-09-09 17:45 - 2014-09-09 17:45 - 01370483 _____ () C:\Users\Ute\Desktop\adwcleaner_3.309.exe
2014-09-09 15:49 - 2014-09-09 15:48 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Ute\Desktop\tdsskiller.exe
2014-09-09 15:44 - 2014-09-09 15:44 - 00000000 ____D () C:\Users\Ute\AppData\Local\Google
2014-09-09 13:06 - 2014-09-09 12:44 - 00001979 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-09 12:52 - 2014-09-09 12:52 - 00895120 _____ (Google Inc.) C:\Users\Manopost\Downloads\ChromeSetup(3).exe
2014-09-09 12:50 - 2014-09-09 12:50 - 00733168 _____ () C:\Users\Manopost\Downloads\chromesetup(2).exe
2014-09-09 12:44 - 2014-09-09 12:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-09-09 12:43 - 2014-09-09 12:43 - 00004110 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-09-09 12:43 - 2014-09-09 12:43 - 00003858 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-09-09 12:43 - 2009-01-10 16:50 - 00000000 ____D () C:\Program Files (x86)\Google
2014-09-09 12:42 - 2014-09-09 12:42 - 00895120 _____ (Google Inc.) C:\Users\Manopost\Downloads\ChromeSetup(1).exe
2014-09-09 09:03 - 2014-09-09 07:02 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-09 08:20 - 2014-09-09 06:56 - 00000000 ____D () C:\Users\Ute\Desktop\mbar
2014-09-09 07:35 - 2010-04-27 13:26 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-09-09 06:56 - 2014-09-09 06:55 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Ute\Desktop\mbar-1.07.0.1012.exe
2014-09-08 19:58 - 2009-01-08 19:17 - 00000000 ____D () C:\Program Files (x86)\TuneUp Utilities 2009
2014-09-08 19:45 - 2014-07-31 19:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-08 18:17 - 2014-09-08 14:59 - 00000000 ___SD () C:\32788R22FWJFW
2014-09-08 14:59 - 2014-09-08 14:59 - 00000000 ____D () C:\Windows\erdnt
2014-09-08 11:00 - 2014-09-08 09:46 - 00000000 ____D () C:\Users\Ute\AppData\Roaming\TuneUp Software
2014-09-08 09:47 - 2014-09-08 09:47 - 00000000 ____D () C:\Users\Ute\AppData\Roaming\Adobe
2014-09-08 09:46 - 2014-09-08 09:46 - 00000000 ____D () C:\Users\Ute\AppData\Local\TuneUp Software
2014-09-08 09:46 - 2014-09-08 09:41 - 00000000 ____D () C:\Users\Ute\AppData\Local\VirtualStore
2014-09-08 09:45 - 2014-09-08 09:45 - 00000951 _____ () C:\Users\Ute\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-09-08 09:45 - 2014-09-08 09:45 - 00000000 ____D () C:\Users\Ute\AppData\Roaming\AOL
2014-09-08 09:45 - 2014-09-08 09:45 - 00000000 ____D () C:\Users\Ute\AppData\Local\AOL
2014-09-08 09:45 - 2014-09-08 09:44 - 00000941 _____ () C:\Users\Ute\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-08 09:44 - 2014-09-08 09:44 - 00000936 _____ () C:\Users\Ute\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-09-08 09:44 - 2014-09-08 09:42 - 00000917 _____ () C:\Users\Ute\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2014-09-08 09:44 - 2014-09-08 09:41 - 00000000 ____D () C:\Users\Ute
2014-09-08 09:41 - 2014-09-08 09:41 - 00000020 ___SH () C:\Users\Ute\ntuser.ini
2014-09-08 09:41 - 2014-09-08 09:41 - 00000000 _SHDL () C:\Users\Ute\Vorlagen
2014-09-08 09:41 - 2014-09-08 09:41 - 00000000 _SHDL () C:\Users\Ute\Startmenü
2014-09-08 09:41 - 2014-09-08 09:41 - 00000000 _SHDL () C:\Users\Ute\Netzwerkumgebung
2014-09-08 09:41 - 2014-09-08 09:41 - 00000000 _SHDL () C:\Users\Ute\Lokale Einstellungen
2014-09-08 09:41 - 2014-09-08 09:41 - 00000000 _SHDL () C:\Users\Ute\Eigene Dateien
2014-09-08 09:41 - 2014-09-08 09:41 - 00000000 _SHDL () C:\Users\Ute\Druckumgebung
2014-09-08 09:41 - 2014-09-08 09:41 - 00000000 _SHDL () C:\Users\Ute\Documents\Eigene Musik
2014-09-08 09:41 - 2014-09-08 09:41 - 00000000 _SHDL () C:\Users\Ute\Documents\Eigene Bilder
2014-09-08 09:41 - 2014-09-08 09:41 - 00000000 _SHDL () C:\Users\Ute\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-09-08 09:41 - 2014-09-08 09:41 - 00000000 _SHDL () C:\Users\Ute\AppData\Local\Verlauf
2014-09-08 09:41 - 2014-09-08 09:41 - 00000000 _SHDL () C:\Users\Ute\AppData\Local\Anwendungsdaten
2014-09-08 09:41 - 2014-09-08 09:41 - 00000000 _SHDL () C:\Users\Ute\Anwendungsdaten
2014-09-08 08:03 - 2014-09-08 08:03 - 00003631 _____ () C:\Users\Manopost\Downloads\FRST.txt
2014-09-08 08:03 - 2014-09-08 08:02 - 02105344 _____ (Farbar) C:\Users\Manopost\Downloads\FRST64(1).exe
2014-09-08 07:52 - 2009-02-04 12:45 - 00000069 _____ () C:\Windows\NeroDigital.ini
2014-09-08 07:43 - 2014-09-08 07:43 - 01101648 _____ () C:\Users\Manopost\Downloads\HijackThis - CHIP-Installer.exe
2014-09-08 06:31 - 2013-09-17 15:45 - 00000425 _____ () C:\Windows\BRWMARK.INI
2014-09-07 21:28 - 2011-06-11 10:44 - 00003714 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{7D2327BF-DAC5-43D7-8EB3-6EA0AF4A749D}
2014-09-07 19:19 - 2014-09-07 19:19 - 02105344 _____ (Farbar) C:\Users\Manopost\Downloads\FRST64.exe
2014-09-07 18:29 - 2009-01-28 11:48 - 00000108 _____ () C:\Users\Manopost\AppData\Roaming\default.pls
2014-09-07 16:19 - 2014-09-07 16:19 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-07 16:19 - 2014-09-07 16:18 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Manopost\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-07 11:08 - 2010-11-15 00:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-09-07 10:24 - 2014-09-07 10:24 - 00388152 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-07 01:20 - 2014-08-25 17:43 - 00000000 ___RD () C:\Users\Manopost\Dropbox
2014-09-06 23:57 - 2014-09-06 23:16 - 00000000 ____D () C:\Users\Manopost\AppData\Local\Gameo
2014-09-06 23:42 - 2014-09-06 23:41 - 00895120 _____ (Google Inc.) C:\Users\Manopost\Downloads\ChromeSetup.exe
2014-09-06 23:35 - 2013-12-03 13:32 - 00000000 ___RD () C:\Users\Manopost\Documents\Fugen-T-Poster
2014-09-06 23:34 - 2014-01-02 12:23 - 00000000 ____D () C:\Users\Manopost\Desktop\2014
2014-09-06 23:33 - 2014-01-02 15:28 - 00000000 ____D () C:\Users\Manopost\Desktop\Bayrischer Wald
2014-09-06 23:32 - 2014-08-22 14:28 - 00000000 ____D () C:\Users\Manopost\Desktop\Neuer Ordner
2014-09-06 23:27 - 2013-01-21 16:39 - 00000000 ____D () C:\Users\Manopost\Desktop\Bilder1
2014-09-06 23:26 - 2014-08-26 13:28 - 00000000 ____D () C:\Users\Manopost\Desktop\Tablet
2014-09-06 23:25 - 2014-08-16 23:06 - 00000000 ____D () C:\Users\Manopost\Desktop\Kamera Tolo
2014-09-06 23:24 - 2014-09-06 23:24 - 00106712 _____ () C:\Users\Manopost\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-06 23:24 - 2014-09-06 23:24 - 00002379 _____ () C:\Users\Manopost\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-09-06 23:16 - 2014-09-06 23:16 - 00000174 _____ () C:\Users\Manopost\Desktop\Play Games Online.url
2014-09-06 23:16 - 2014-09-06 23:16 - 00000174 _____ () C:\Users\Manopost\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play Games Online.url
2014-09-06 23:16 - 2014-09-06 23:16 - 00000000 ___HD () C:\Users\Manopost\AppData\Roaming\GoldenGate
2014-09-06 22:51 - 2006-11-02 15:33 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-09-06 22:50 - 2009-01-07 16:56 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-09-06 22:50 - 2006-11-02 17:15 - 00000000 ____D () C:\Windows\WindowsMobile
2014-09-06 22:46 - 2014-08-25 17:39 - 00000000 ____D () C:\Users\Manopost\AppData\Roaming\Dropbox
2014-09-06 22:41 - 2013-04-11 17:22 - 00000000 ____D () C:\Program Files\Google
2014-09-06 22:40 - 2013-09-17 15:40 - 00000000 ____D () C:\ProgramData\InstallShield
2014-09-06 22:39 - 2013-09-17 15:42 - 00000000 ____D () C:\Program Files (x86)\Brother
2014-09-06 16:12 - 2009-01-10 16:51 - 00000000 ____D () C:\Users\Manopost\AppData\Local\Google
2014-09-06 16:11 - 2014-09-06 16:11 - 00000000 ____D () C:\Users\Manopost\AppData\Local\Deployment
2014-09-06 16:11 - 2010-06-03 12:57 - 00000000 ____D () C:\Users\Manopost\AppData\Local\Apps\2.0
2014-09-06 15:57 - 2009-01-10 16:51 - 00000000 ____D () C:\ProgramData\Google
2014-09-01 23:00 - 2014-09-01 23:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G DATA ANTIVIRUS
2014-09-01 23:00 - 2014-04-12 12:28 - 00001794 _____ () C:\Users\Public\Desktop\G DATA ANTIVIRUS.lnk
2014-09-01 23:00 - 2009-10-03 14:49 - 00055808 _____ (G Data Software AG) C:\Windows\system32\Drivers\GDBehave.sys
2014-09-01 23:00 - 2009-06-20 14:57 - 00142336 _____ (G Data Software AG) C:\Windows\system32\Drivers\MiniIcpt.sys
2014-09-01 23:00 - 2009-06-20 14:56 - 00064000 _____ (G Data Software AG) C:\Windows\system32\Drivers\gdwfpcd64.sys
2014-08-31 23:00 - 2014-02-28 00:00 - 00018160 _____ (G Data Software) C:\Windows\system32\Drivers\GdPhyMem.sys
2014-08-31 23:00 - 2009-07-28 16:34 - 00106272 _____ (G Data Software) C:\Windows\system32\Drivers\GRD.sys
2014-08-31 22:03 - 2014-08-26 18:52 - 00000000 ___HD () C:\Users\Public\Temp
2014-08-31 15:59 - 2014-08-22 09:11 - 00000000 ____D () C:\Program Files (x86)\videos MediaPlay-Air
2014-08-29 15:01 - 2009-01-08 19:24 - 00003784 _____ () C:\Windows\System32\Tasks\HP-Online-Aktualisierungsprogramm
2014-08-29 15:00 - 2014-04-06 16:26 - 00003558 _____ () C:\Windows\System32\Tasks\GarminUpdaterTask
2014-08-27 10:03 - 2014-08-27 10:03 - 00000630 _____ () C:\Users\Manopost\Desktop\BLT14-15_209.exe - Verknüpfung.lnk
2014-08-27 09:52 - 2014-08-27 09:52 - 00724992 _____ (Maximilian Stangel) C:\Users\Manopost\Downloads\BLT14-15_209.exe
2014-08-27 09:33 - 2014-08-27 09:33 - 00000000 ____D () C:\ProgramData\Avg_Update_0814tb
2014-08-27 07:33 - 2014-07-28 19:59 - 00000000 ____D () C:\Program Files (x86)\Browser 7 Maintenance Service
2014-08-26 18:50 - 2014-08-26 18:49 - 00000000 ____D () C:\Users\Public\29B3597AA0BC4491BC3F1A409CD7CF3F
2014-08-26 14:04 - 2014-08-17 11:21 - 00000000 ____D () C:\Users\Manopost\Desktop\Meine Bilder
2014-08-26 13:43 - 2009-01-09 17:08 - 00112128 _____ () C:\Users\Manopost\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-08-26 13:13 - 2014-08-26 13:13 - 00000000 ____D () C:\ProgramData\Telekom-Browser 7
2014-08-26 13:13 - 2014-07-28 19:59 - 00000000 ____D () C:\Users\Manopost\AppData\Roaming\Deutsche Telekom AG
2014-08-25 17:41 - 2014-08-25 17:41 - 00000000 ____D () C:\Users\Manopost\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-25 17:41 - 2014-08-25 17:41 - 00000000 ____D () C:\Program Files (x86)\Dropbox
2014-08-25 07:52 - 2014-08-25 07:52 - 00000000 ____D () C:\Users\Manopost\AppData\Local\Adobe
2014-08-23 03:05 - 2014-08-28 21:52 - 00304128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 02:42 - 2014-08-28 21:52 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 01:38 - 2014-08-28 21:52 - 02782208 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-22 15:27 - 2014-08-22 15:27 - 00000000 ____D () C:\ProgramData\Xerox
2014-08-22 14:59 - 2014-08-17 13:26 - 00000000 ____D () C:\Users\Manopost\Desktop\Tolo 2
2014-08-22 13:21 - 2014-08-17 13:33 - 00000000 ____D () C:\Users\Manopost\Desktop\Tolo Video 1
2014-08-22 10:20 - 2009-01-28 10:44 - 00000000 ____D () C:\Users\Manopost\AppData\Local\Ahead
2014-08-22 09:57 - 2009-02-02 23:48 - 00000000 __SHD () C:\found.000
2014-08-22 09:36 - 2012-12-16 14:45 - 00000111 _____ () C:\.dir
2014-08-22 09:24 - 2014-01-03 19:18 - 00000008 __RSH () C:\Users\Manopost\ntuser.pol
2014-08-22 09:24 - 2009-11-23 14:04 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-08-22 09:16 - 2006-11-02 15:34 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-08-22 09:12 - 2014-08-22 09:10 - 00062602 _____ () C:\Users\Manopost\AppData\Local\dd_vcredistMSI61B3.txt
2014-08-22 09:12 - 2014-08-22 09:10 - 00012036 _____ () C:\Users\Manopost\AppData\Local\dd_vcredistUI61B3.txt
2014-08-20 19:35 - 2014-08-16 23:56 - 00000000 ____D () C:\Users\Manopost\Desktop\Handy Tolo
2014-08-20 19:28 - 2012-09-05 19:54 - 00050976 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2014-08-20 17:31 - 2010-08-01 13:11 - 00000000 ____D () C:\Users\Manopost\AppData\Roaming\Skype
2014-08-20 15:13 - 2014-08-20 14:45 - 00000732 _____ () C:\Users\Manopost\AppData\Local\d3d9caps64.dat
2014-08-20 14:49 - 2014-08-20 14:49 - 00016152 _____ () C:\Windows\system32\Drivers\SWDUMon.sys
2014-08-20 14:49 - 2014-08-20 14:49 - 00000000 ____D () C:\Users\Manopost\AppData\Local\SlimWare Utilities Inc
2014-08-20 14:48 - 2014-08-20 14:48 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers
2014-08-20 14:44 - 2014-08-20 14:44 - 00796720 _____ ( ) C:\Users\Manopost\Downloads\nero_setup.exe
2014-08-17 18:45 - 2014-08-17 18:20 - 00001653 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fotostory 3 für Windows.lnk
2014-08-17 18:20 - 2014-08-17 18:20 - 00000000 ____D () C:\Program Files (x86)\Photo Story 3 for Windows
2014-08-17 18:18 - 2014-08-17 18:18 - 01101648 _____ () C:\Users\Manopost\Documents\Microsoft Photo Story - CHIP-Installer.exe
2014-08-17 11:36 - 2013-07-04 09:21 - 00000855 _____ () C:\Users\Manopost\Desktop\Bluetooth-Informationsaustausch.lnk
2014-08-17 09:51 - 2006-11-02 15:33 - 00000000 ____D () C:\Windows\rescache
2014-08-17 08:49 - 2014-08-17 08:49 - 01058200 _____ (Adobe) C:\Users\Manopost\Downloads\install_flashplayer14x32au_mssa_awc_aih.exe
2014-08-17 08:33 - 2014-02-19 16:41 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-17 08:32 - 2014-08-17 08:32 - 00001757 _____ () C:\Users\Public\Desktop\Garmin Express.lnk
2014-08-17 08:32 - 2014-08-17 08:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2014-08-17 08:32 - 2014-02-19 16:42 - 00000000 ____D () C:\ProgramData\Garmin
2014-08-17 08:32 - 2014-02-19 16:41 - 00000000 ____D () C:\Program Files (x86)\Garmin
2014-08-15 17:48 - 2014-09-11 12:33 - 17868288 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-15 17:36 - 2014-09-11 12:33 - 10920960 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-15 17:35 - 2014-09-11 12:33 - 02339328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-15 17:31 - 2014-09-11 12:33 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-15 17:31 - 2014-09-11 12:33 - 01384960 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-15 17:30 - 2014-09-11 12:33 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-15 17:30 - 2014-09-11 12:33 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-08-15 17:30 - 2014-09-11 12:33 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-15 17:29 - 2014-09-11 12:33 - 02156032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-15 17:29 - 2014-09-11 12:33 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-15 17:29 - 2014-09-11 12:33 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-15 17:29 - 2014-09-11 12:33 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-15 17:29 - 2014-09-11 12:33 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-08-15 17:29 - 2014-09-11 12:33 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-15 17:29 - 2014-09-11 12:33 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-15 17:29 - 2014-09-11 12:33 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-15 17:29 - 2014-09-11 12:33 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-08-15 17:28 - 2014-09-11 12:33 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-15 17:28 - 2014-09-11 12:33 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-15 17:28 - 2014-09-11 12:33 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-08-15 17:28 - 2014-09-11 12:33 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-08-15 16:51 - 2014-09-11 12:33 - 12363264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-15 16:42 - 2014-09-11 12:33 - 09739776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-15 16:42 - 2014-09-11 12:33 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-15 16:37 - 2014-09-11 12:33 - 01137664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-15 16:37 - 2014-09-11 12:33 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-15 16:36 - 2014-09-11 12:33 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-15 16:35 - 2014-09-11 12:33 - 01802240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-15 16:35 - 2014-09-11 12:33 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-08-15 16:35 - 2014-09-11 12:33 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-15 16:35 - 2014-09-11 12:33 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-15 16:35 - 2014-09-11 12:33 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-15 16:35 - 2014-09-11 12:33 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-08-15 16:35 - 2014-09-11 12:33 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-15 16:35 - 2014-09-11 12:33 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-15 16:35 - 2014-09-11 12:33 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-15 16:35 - 2014-09-11 12:33 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-08-15 16:34 - 2014-09-11 12:33 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-15 16:34 - 2014-09-11 12:33 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-15 16:34 - 2014-09-11 12:33 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-15 16:34 - 2014-09-11 12:33 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-08-15 16:34 - 2014-09-11 12:33 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-08-14 12:15 - 2014-08-17 00:05 - 36898446 _____ () C:\Users\Manopost\Desktop\20140814_131447.mp4
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-09-11 15:29
==================== End Of Log ============================
--- --- --- --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-09-2014
Ran by Ute at 2014-09-11 15:36:52
Running from C:\Users\Ute\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: G DATA ANTIVIRUS (Disabled - Up to date) {545C8713-0744-B079-87F8-349A6D5C8CF0}
AS: G DATA ANTIVIRUS (Disabled - Up to date) {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)
Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)
64 Bit HP CIO Components Installer (Version: 1.0.0 - Hewlett-Packard) Hidden
ABBYY PDF Transformer 3.0 (HKLM-x32\...\ABBYY PDF Transformer 3.0) (Version: 3.00.317.68010 - ABBYY)
ABBYY PDF Transformer 3.0 (Version: 3.00.317.68010 - ABBYY) Hidden
Activation Assistant for the 2007 Microsoft Office suites (x32 Version: 1.0.1 - Microsoft Corporation) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader X (10.1.11) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.8.638 - Adobe Systems, Inc.)
AGEIA PhysX v7.01.12 (HKLM-x32\...\{E2BE1618-AF5F-4F7D-8484-42E080EDF609}) (Version: 7.01.12 - AGEIA Technologies, Inc.)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
AOL Deinstallation (HKLM-x32\...\AOL Deinstallation) (Version: - )
Apple Application Support (HKLM-x32\...\{3FA365DF-2D68-45ED-8F83-8C8A33E65143}) (Version: 1.1.0 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{9EA8213A-9080-C41F-2F85-8FF98374AB9F}) (Version: 3.0.678.0 - ATI Technologies, Inc.)
AVM FRITZ!Box Dokumentation (HKLM-x32\...\AVMFBox) (Version: - AVM Berlin)
AVM FRITZ!Box Druckeranschluss (HKLM-x32\...\AVMFBoxPrinter) (Version: - AVM Berlin)
AVM FRITZ!WLAN (HKLM-x32\...\AVMWLANCLI) (Version: - AVM Berlin)
Big Fish Games Client (HKLM-x32\...\BFGC) (Version: 1.4.0.11 - )
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v7.00.05 - TOSHIBA CORPORATION)
Browser 7 der Telekom 31.0.19 (x86 de) (HKLM-x32\...\Browser 7 der Telekom 31.0.19 (x86 de)) (Version: 31.0.19 - Deutsche Telekom AG)
Browser 7 Maintenance Service (HKLM-x32\...\Browser7MaintenanceService) (Version: 29.0.40 - Deutsche Telekom AG)
BufferChm (x32 Version: 90.0.146.000 - Hewlett-Packard) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2008.0514.2139.36863 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2008.0514.2139.36863 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2008.0514.2139.36863 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2008.0514.2139.36863 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2008.0514.2139.36863 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2008.0514.2139.36863 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2008.0514.2139.36863 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization Chinese Standard (x32 Version: 2008.0514.2139.36863 - ATI) Hidden
Catalyst Control Center Localization Chinese Traditional (x32 Version: 2008.0514.2139.36863 - ATI) Hidden
Catalyst Control Center Localization Czech (x32 Version: 2008.0514.2139.36863 - ATI) Hidden
Catalyst Control Center Localization Danish (x32 Version: 2008.0514.2139.36863 - ATI) Hidden
Catalyst Control Center Localization Dutch (x32 Version: 2008.0514.2139.36863 - ATI) Hidden
Catalyst Control Center Localization Finnish (x32 Version: 2008.0514.2139.36863 - ATI) Hidden
Catalyst Control Center Localization French (x32 Version: 2008.0514.2139.36863 - ATI) Hidden
Catalyst Control Center Localization German (x32 Version: 2008.0514.2139.36863 - ATI) Hidden
Catalyst Control Center Localization Greek (x32 Version: 2008.0514.2139.36863 - ATI) Hidden
Catalyst Control Center Localization Hungarian (x32 Version: 2008.0514.2139.36863 - ATI) Hidden
Catalyst Control Center Localization Italian (x32 Version: 2008.0514.2139.36863 - ATI) Hidden
Catalyst Control Center Localization Japanese (x32 Version: 2008.0514.2139.36863 - ATI) Hidden
Catalyst Control Center Localization Korean (x32 Version: 2008.0514.2139.36863 - ATI) Hidden
Catalyst Control Center Localization Norwegian (x32 Version: 2008.0514.2139.36863 - ATI) Hidden
Catalyst Control Center Localization Polish (x32 Version: 2008.0514.2139.36863 - ATI) Hidden
Catalyst Control Center Localization Portuguese (x32 Version: 2008.0514.2139.36863 - ATI) Hidden
Catalyst Control Center Localization Russian (x32 Version: 2008.0514.2139.36863 - ATI) Hidden
Catalyst Control Center Localization Spanish (x32 Version: 2008.0514.2139.36863 - ATI) Hidden
Catalyst Control Center Localization Swedish (x32 Version: 2008.0514.2139.36863 - ATI) Hidden
Catalyst Control Center Localization Thai (x32 Version: 2008.0514.2139.36863 - ATI) Hidden
Catalyst Control Center Localization Turkish (x32 Version: 2008.0514.2139.36863 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2008.0514.2138.36863 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2008.0514.2138.36863 - ATI) Hidden
CCC Help Czech (x32 Version: 2008.0514.2138.36863 - ATI) Hidden
CCC Help Danish (x32 Version: 2008.0514.2138.36863 - ATI) Hidden
CCC Help Dutch (x32 Version: 2008.0514.2138.36863 - ATI) Hidden
CCC Help English (x32 Version: 2008.0514.2138.36863 - ATI) Hidden
CCC Help Finnish (x32 Version: 2008.0514.2138.36863 - ATI) Hidden
CCC Help French (x32 Version: 2008.0514.2138.36863 - ATI) Hidden
CCC Help German (x32 Version: 2008.0514.2138.36863 - ATI) Hidden
CCC Help Greek (x32 Version: 2008.0514.2138.36863 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2008.0514.2138.36863 - ATI) Hidden
CCC Help Italian (x32 Version: 2008.0514.2138.36863 - ATI) Hidden
CCC Help Japanese (x32 Version: 2008.0514.2138.36863 - ATI) Hidden
CCC Help Korean (x32 Version: 2008.0514.2138.36863 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2008.0514.2138.36863 - ATI) Hidden
CCC Help Polish (x32 Version: 2008.0514.2138.36863 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2008.0514.2138.36863 - ATI) Hidden
CCC Help Russian (x32 Version: 2008.0514.2138.36863 - ATI) Hidden
CCC Help Spanish (x32 Version: 2008.0514.2138.36863 - ATI) Hidden
CCC Help Swedish (x32 Version: 2008.0514.2138.36863 - ATI) Hidden
CCC Help Thai (x32 Version: 2008.0514.2138.36863 - ATI) Hidden
CCC Help Turkish (x32 Version: 2008.0514.2138.36863 - ATI) Hidden
ccc-core-static (x32 Version: 2008.0514.2139.36863 - Ihr Firmenname) Hidden
ccc-utility64 (Version: 2008.0514.2139.36863 - ATI) Hidden
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Copy (x32 Version: 90.0.146.000 - Hewlett-Packard) Hidden
CustomerResearchQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
Destination Component (x32 Version: 090.000.091.086 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 110.0.180.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
DivX Converter (HKLM-x32\...\{B13A7C41581B411290FBC0395694E2A9}) (Version: 7.1.0 - DivX, Inc.)
DivX Plus DirectShow Filters (HKLM-x32\...\DivX Plus DirectShow Filters) (Version: - DivX, Inc.)
DivX-Setup (HKLM-x32\...\DivX Setup.divx.com) (Version: 2.5.0.8 - DivX, LLC)
Elevated Installer (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
Favorit (HKLM-x32\...\koega) (Version: - )
Fax (x32 Version: 120.0.194.000 - Hewlett-Packard) Hidden
Fotostory 3 für Windows (HKLM-x32\...\{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}) (Version: 3.0.1115.15 - Microsoft Corporation)
G DATA ANTIVIRUS (HKLM-x32\...\{B9FC0A7D-FA1D-4347-ABED-AD8AD5305633}) (Version: 25.0.2.1 - G DATA Software AG)
Garmin Express (HKLM-x32\...\{b43ffffb-1adc-4bcb-b277-7844ebff94da}) (Version: 3.2.17.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
GEAR driver installer for AMD64 and Intel EM64T (HKLM\...\{50CBBEC7-1010-41C5-8718-A1A6FEDD9C3A}) (Version: 2.003.1 - GEAR Software, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.103 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Hewlett-Packard Active Check for Health Check (x32 Version: 1.1.15.2 - Hewlett-Packard) Hidden
Hewlett-Packard Asset Agent for Health Check (x32 Version: 2.0.63.2 - HP) Hidden
HP Active Support Library (x32 Version: 3.1.6.1 - Hewlett-Packard) Hidden
HP Customer Experience Enhancements (HKLM-x32\...\{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}) (Version: 5.6.0.2510 - Hewlett-Packard)
HP Customer Feedback (x32 Version: 1.0.0 - Hewlett-Packard) Hidden
HP Customer Participation Program 9.0 (HKLM\...\HPExtendedCapabilities) (Version: 9.0 - HP)
HP Imaging Device Functions 9.0 (HKLM\...\HP Imaging Device Functions) (Version: 9.0 - HP)
HP Picasso Media Center Add-In (x32 Version: 1.0.0 - HP) Hidden
HP Recovery Manager RSS (x32 Version: 84.0.0.7 - Hewlet Packard Company) Hidden
HP Update (HKLM-x32\...\{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}) (Version: 4.000.010.008 - Hewlett-Packard)
HP_Network_UserGuide (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HPSSupply (HKLM-x32\...\{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}) (Version: 2.2.0.0000 - Ihr Firmenname)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
king.com (remove only) (HKLM-x32\...\king.com) (Version: - Midasplayer Ltd (king.com))
LG United Mobile Driver (HKLM-x32\...\{2A3A4BD6-6CE0-4e2a-80D2-1D0FF6ACBFBA}) (Version: 3.10.1.0 - LG Electronics)
Marco Polo Mobile Navigator 2 (HKLM-x32\...\{5F65ECEE-EB1D-4C85-8D8C-9C7CE2DBB1D6}) (Version: - )
MarketResearch (x32 Version: 90.0.146.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Corporation (Version: 9.1.0.0 - Microsoft Corporation) Hidden
Microsoft Corporation (x32 Version: 9.1.0.0 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM-x32\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft VC9 runtime libraries (x32 Version: 2.0.0 - AOL Inc.) Hidden
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Works (HKLM-x32\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version: - Pavel Cvrcek)
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 24.2.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.2.0 (x86 de)) (Version: 24.2.0 - Mozilla)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NAVIGON Fresh 3.5.1 (HKLM-x32\...\NAVIGON Fresh) (Version: 3.5.1 - NAVIGON)
Nero 8 (HKLM-x32\...\{1CA7ACD6-B21B-4240-AA05-4FC55F6E1031}) (Version: 8.3.465 - Nero AG)
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
NewFreeScreensaver nfsHDWaterfall03 (HKLM-x32\...\nfsHDWaterfall03 New Free Screensaver_is1) (Version: - )
Nokia Connectivity Cable Driver (HKLM-x32\...\{25CFEF55-A945-41FC-86ED-76469F31DF37}) (Version: 7.1.41.0 - Nokia)
Nokia Music Player (HKLM-x32\...\{4FCB1267-7380-4EBA-9A6C-69809C6E8227}) (Version: 2.5.11021 - Nokia Music Player)
Nokia_Multimedia_Common_Components_2_5 (HKLM-x32\...\{25F61E72-AAA4-4607-95D2-1E5139C98FFB}) (Version: 2.7.69 - Nokia)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - )
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Optimierte Multimedia-Tastatur-Lösung (HKLM-x32\...\KBD) (Version: - Hewlett-Packard)
PanoStandAlone (x32 Version: 90.0.146.000 - Hewlett-Packard) Hidden
PaperPort Image Printer 64-bit (HKLM\...\{ABA4FAF1-6389-45F9-92CE-3914A4E5C471}) (Version: 1.00.0000 - Nuance Communications, Inc.)
PC Connectivity Solution (HKLM-x32\...\{4B28C077-9958-45F1-8BB4-CBF90A69AD4E}) (Version: 11.4.15.0 - Nokia)
PhotoScape (HKLM-x32\...\PhotoScape) (Version: - )
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 6.5.2926 - CyberLink Corp.)
PowerDirector (x32 Version: 6.5.2926 - CyberLink Corp.) Hidden
Primo (x32 Version: 1.00.0000 - Your Company Name) Hidden
Python 2.5.2 (HKLM-x32\...\{6B976ADF-8AE8-434E-B282-A06C7F624D2F}) (Version: 2.5.2150 - Python Software Foundation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5657 - Realtek Semiconductor Corp.)
RTC Client API v1.2 (HKLM-x32\...\{44CDBD1B-89FB-4E02-8319-2A4C550F664A}) (Version: 1.2.0000 - Microsoft)
Runtime (x32 Version: 1.00.0000 - Your Company Name) Hidden
SafeFinder Smartbar (HKLM-x32\...\{1898B668-CCF5-429F-A86F-9837E5439D77}) (Version: 11.114.72.19232 - Linkury Ltd.) <==== ATTENTION
Skins (x32 Version: 2008.0514.2139.36863 - ATI) Hidden
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.9.9216 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Sony USB Driver (HKLM-x32\...\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}) (Version: 2.00 - Sony Corporation)
Spielefieber Patiencen für Vista (HKLM-x32\...\Spielefieber Patiencen für Vista) (Version: - KlickMedia)
Status (x32 Version: 110.0.180.000 - Hewlett-Packard) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Top Ten Solitaire (HKLM-x32\...\{51790747-4141-2516-5286-723025870322}) (Version: 1.0 - Bluefish Games)
TrayApp (x32 Version: 110.0.180.000 - Hewlett-Packard) Hidden
TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.340 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities) (Version: 14.0.1000.340 - TuneUp Software)
TuneUp Utilities 2014 (x32 Version: 14.0.1000.340 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (x32 Version: 12.0.3600.171 - TuneUp Software) Hidden
UnloadSupport (x32 Version: 9.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM-x32\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2889914) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{F3F83933-75FC-4B60-84F2-3F8FA63D042E}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VCRedistSetup (x32 Version: 1.0.0 - Nero AG) Hidden
VR-NetWorld (HKLM-x32\...\{8815F011-43AF-4F50-BBD8-D78ED3D6F5B9}) (Version: - )
WDR RadioRecorder (HKLM-x32\...\Tobit Radio.fx Server 1) (Version: - Tobit.Software)
Windows 7 Upgrade Advisor (HKLM-x32\...\{9A4D182C-35C7-4791-8484-4304EBC9101A}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Live Call (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8098.930 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 14.0.8093.805 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8091.0730 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Mobile Device Updater Component (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) (HKLM\...\FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D) (Version: 08/22/2008 7.0.0.0 - Nokia)
Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Wondershare MobileTrans ( Version 4.2.0 ) (HKLM-x32\...\{18CDCEAA-A9E4-4A4C-AC0E-C15E87C30EA5}_is1) (Version: 4.2.0 - Wondershare)
Xvid 1.1.2 final uninstall (HKLM-x32\...\Xvid_is1) (Version: 1.1 - Xvid team (Koepi))
Zoo Tycoon: Complete Collection (HKLM-x32\...\Zoo Tycoon 1.0) (Version: - )
Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation)
Zune (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (CHS) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (CHT) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (CSY) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (DAN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (DEU) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (ELL) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (ESP) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (FIN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (FRA) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (HUN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (IND) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (ITA) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (JPN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (KOR) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (MSL) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (NLD) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (NOR) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (PLK) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (PTB) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (PTG) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (RUS) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (SVE) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 14:34 - 2006-09-18 23:37 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {00BCCA01-A40B-4CAE-8227-2F62DC9E814B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-09] (Google Inc.)
Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {279F157C-71B0-48BD-869F-5517150C523D} - System32\Tasks\HP Health Check Scheduler => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-06-02] (Hewlett-Packard)
Task: {28D5FA8E-3458-4145-A83A-4C217971EE93} - System32\Tasks\HP-Online-Aktualisierungsprogramm => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2007-03-11] (Hewlett-Packard Co.)
Task: {36094E77-3C21-421B-8EAB-76A357083F9B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-10] (Adobe Systems Incorporated)
Task: {376BB1C6-EE4E-4BEC-B4FE-84F31A30F5B1} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {468EF5B9-5FB1-4743-B57F-2607EADD3A6C} - System32\Tasks\HP Health Check => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-06-02] (Hewlett-Packard)
Task: {4C1210EF-7F37-4352-A913-6973F45DEBA2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {4F0D940C-AD4F-4AE6-AF83-44F78476290D} - System32\Tasks\ScanSoft Background Update => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe
Task: {50B63E3C-8429-4B61-9671-2F1989927645} - System32\Tasks\Automatische Wartung => C:\Program Files (x86)\TuneUp Utilities 2009\OneClickStarter.exe
Task: {5EE7DBA1-E02B-449D-A55F-76653BBFC245} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {5F5E9998-8B9C-481E-94C4-CA2EB746A438} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {A4B635A8-CB6E-4CC9-A4C2-ED29C5B288AD} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-08-07] ()
Task: {ADFA917F-CC05-4250-BF79-23261ED49A92} - System32\Tasks\Desktop Messenger => C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
Task: {B000A09E-317B-407D-BA22-B7FEDB6F3186} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe [2014-07-16] (TuneUp Software)
Task: {CDBEB6A4-BC55-4040-88D6-844C74525DBE} - \{4231AEF2-8460-496A-9460-D6D1F6493ADF} No Task File <==== ATTENTION
Task: {DD7781E1-AD7A-437B-8126-4B49A280B14A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-09] (Google Inc.)
Task: {E6C229EB-FEFD-4A53-A5C9-7AE2CDBC5A82} - System32\Tasks\RecoveryCD => C:\Program Files (x86)\Hewlett-Packard\SDP\RemEngine.exe [2008-06-12] ()
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2011-01-22 19:58 - 2011-11-18 15:51 - 03673944 _____ () J:\Tobit Radio.fx\Server\rfx-server.exe
2014-07-16 10:24 - 2014-07-16 10:24 - 00699704 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\avgrepliba.dll
2008-09-12 21:49 - 2008-05-15 00:04 - 00116736 _____ () C:\Windows\system32\atitmm64.dll
2014-05-20 03:38 - 2014-05-20 03:38 - 00340088 ____N () C:\Program Files (x86)\Common Files\G Data\AVKProxy\PktIcpt2x64.dll
2004-01-09 22:02 - 2004-01-09 22:02 - 00045056 _____ () C:\Program Files (x86)\AOL 9.0 VR\zlib.dll
2002-04-22 23:08 - 2002-04-22 23:08 - 00053248 _____ () C:\Program Files (x86)\AOL 9.0 VR\xmlparse.dll
2002-04-22 23:08 - 2002-04-22 23:08 - 00081920 _____ () C:\Program Files (x86)\AOL 9.0 VR\xmltok.dll
2007-05-24 10:01 - 2007-05-24 10:01 - 00090112 _____ () C:\Program Files (x86)\AOL 9.0 VR\Components\Tier2Svc.dll
2007-05-24 10:01 - 2007-05-24 10:01 - 00061440 _____ () C:\Program Files (x86)\AOL 9.0 VR\Components\DataSvcs.dll
2009-01-07 17:42 - 2007-05-24 04:49 - 00131072 _____ () c:\program files (x86)\common files\aol\1231342872\ee\services\proxyprovider\ver1_0_0_1\proxyprovider.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: KBD => C:\HP\KBD\KbdStub.EXE
MSCONFIG\startupreg: Wondershare Helper Compact.exe => "C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe"
MSCONFIG\startupreg: WSHelperSetup.exe => "C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe"
==================== Faulty Device Manager Devices =============
Name: isatap.{A615081A-DB1C-42C8-8B6A-0E4FEC46738B}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: isatap.{1AFC8298-E6C4-448F-A08D-F0585C2E35D5}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Code:
ATTFilter
==================== Event log errors: =========================
Application errors:
==================
Error: (09/11/2014 03:36:54 PM) (Source: VSS) (EventID: 12292) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422] ist ein Fehler aufgetreten.
Vorgang:
Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
Schattenkopien abfragen
Kontext:
Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
Snapshotkontext: 13
Snapshotkontext: 13
Ausführungskontext: Coordinator
Error: (09/11/2014 03:36:54 PM) (Source: VSS) (EventID: 40) (User: )
Description: Volumeschattenkopie-Dienst-Fehler: Der Dienst "Microsoft-Softwareschattenkopie-Anbieter"
(SWPRV) ist deaktiviert. Aktivieren Sie den Dienst, und wiederholen Sie den Vorgang.
Vorgang:
Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
Schattenkopien abfragen
Kontext:
Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
Snapshotkontext: 13
Snapshotkontext: 13
Ausführungskontext: Coordinator
Error: (09/11/2014 03:25:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung sidebar.exe, Version 6.0.6002.18005, Zeitstempel 0x49e035b8, fehlerhaftes Modul OLEAUT32.dll, Version 6.0.6002.18508, Zeitstempel 0x4e567628, Ausnahmecode 0xc0000005, Fehleroffset 0x0000000000001149,
Prozess-ID 0xc7c, Anwendungsstartzeit sidebar.exe0.
Error: (09/11/2014 03:25:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung sidebar.exe, Version 6.0.6002.18005, Zeitstempel 0x49e035b8, fehlerhaftes Modul OLEAUT32.dll, Version 6.0.6002.18508, Zeitstempel 0x4e567628, Ausnahmecode 0xc0000005, Fehleroffset 0x0000000000001149,
Prozess-ID 0xd28, Anwendungsstartzeit sidebar.exe0.
Error: (09/11/2014 03:24:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/11/2014 01:24:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung sidebar.exe, Version 6.0.6002.18005, Zeitstempel 0x49e035b8, fehlerhaftes Modul OLEAUT32.dll, Version 6.0.6002.18508, Zeitstempel 0x4e567628, Ausnahmecode 0xc0000005, Fehleroffset 0x0000000000001149,
Prozess-ID 0x12d0, Anwendungsstartzeit sidebar.exe0.
Error: (09/11/2014 01:23:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung sidebar.exe, Version 6.0.6002.18005, Zeitstempel 0x49e035b8, fehlerhaftes Modul OLEAUT32.dll, Version 6.0.6002.18508, Zeitstempel 0x4e567628, Ausnahmecode 0xc0000005, Fehleroffset 0x0000000000001149,
Prozess-ID 0xe44, Anwendungsstartzeit sidebar.exe0.
Error: (09/11/2014 01:19:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/11/2014 00:35:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung sidebar.exe, Version 6.0.6002.18005, Zeitstempel 0x49e035b8, fehlerhaftes Modul OLEAUT32.dll, Version 6.0.6002.18508, Zeitstempel 0x4e567628, Ausnahmecode 0xc0000005, Fehleroffset 0x0000000000001149,
Prozess-ID 0x12d4, Anwendungsstartzeit sidebar.exe0.
Error: (09/11/2014 00:35:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung sidebar.exe, Version 6.0.6002.18005, Zeitstempel 0x49e035b8, fehlerhaftes Modul OLEAUT32.dll, Version 6.0.6002.18508, Zeitstempel 0x4e567628, Ausnahmecode 0xc0000005, Fehleroffset 0x0000000000001149,
Prozess-ID 0xfc0, Anwendungsstartzeit sidebar.exe0.
System errors:
=============
Error: (09/11/2014 03:25:02 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: HP CUE DeviceDiscovery Service%%2147500037
Error: (09/11/2014 03:25:00 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: i8042prt
Error: (09/11/2014 03:25:00 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: HP CUE DeviceDiscovery Service
Error: (09/11/2014 03:24:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: vToolbarUpdater18.1.9%%2
Error: (09/11/2014 03:24:26 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Windows-BilderfassungShellhardwareerkennung%%1058
Error: (09/11/2014 01:20:22 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: HP CUE DeviceDiscovery Service%%2147500037
Error: (09/11/2014 01:20:13 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: i8042prt
Error: (09/11/2014 01:20:12 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: HP CUE DeviceDiscovery Service
Error: (09/11/2014 01:19:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: vToolbarUpdater18.1.9%%2
Error: (09/11/2014 01:19:58 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Windows-BilderfassungShellhardwareerkennung%%1058
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2014-09-10 16:24:56.932
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\HookCentre.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-09-10 16:24:56.168
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\HookCentre.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-09-10 16:24:55.388
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\HookCentre.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-09-10 16:24:54.624
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\HookCentre.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-09-10 16:22:57.072
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\HookCentre.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-09-10 16:22:56.339
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\HookCentre.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-09-10 16:22:55.559
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\HookCentre.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-09-10 16:22:54.779
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\HookCentre.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-09-10 13:37:00.279
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\HookCentre.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-09-10 13:36:59.727
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\HookCentre.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: AMD Phenom(tm) 9650 Quad-Core Processor
Percentage of memory in use: 35%
Total physical RAM: 4093.58 MB
Available physical RAM: 2635.82 MB
Total Pagefile: 8389.68 MB
Available Pagefile: 6529.21 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: (HP) (Fixed) (Total:582.63 GB) (Free:331.14 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (FACTORY_IMAGE) (Fixed) (Total:13.54 GB) (Free:1.86 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (AVK_09Sep14) (CDROM) (Total:0.19 GB) (Free:0 GB) UDF
Drive j: (HP Pocket Media Drive) (Fixed) (Total:149.04 GB) (Free:126.5 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=582.6 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=13.5 GB) - (Type=07 NTFS)
========================================================
Disk: 5 (MBR Code: Windows XP) (Size: 149.1 GB) (Disk ID: 2BD35C77)
Partition 1: (Not Active) - (Size=149 GB) - (Type=OF Extended)
==================== End Of Log ============================
|
|
11.09.2014, 20:56
| #37 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | lrcnta + srptm, graue Felder Okay, dann Kontrollscans mit MBAM und ESET bitte: Downloade Dir bitte  Malwarebytes Anti-Malware
ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.09.2014, 07:21
| #38 |
| | lrcnta + srptm, graue Felder Mist, beim MBAM hängt sich der Rechner immer auf. Es wurden etliche Bedrohungen gefunden, beim speichern auf dem Desktop geht dann gar nichts mehr. Wollte alle Bedrohungen wieder Einspielen um erneut den Suchlauf zu aktivieren doch der Rechner macht nix. Die Resultate sind im Verlauf, können aber nicht gespeichert werden, nur wieder hergestellt oder gelöscht. Soll ich mit ESET weitermachen? |
|
12.09.2014, 08:17
| #39 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | lrcnta + srptm, graue Felder Log von MBAM als XML speichern, manchmal stürzt MBAM beim Umwandeln von XML zu TXT nämlich ab
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.09.2014, 09:24
| #40 |
| | lrcnta + srptm, graue FelderCode:
ATTFilter <?xml version="1.0" encoding="UTF-16"?>
-<mbam-log> -<header> <date>2014/09/12 09:55:12 +0200</date> <logfile>mbam-log-2014-09-12 (09-55-10).xml</logfile> <isadmin>yes</isadmin> </header> -<engine> <version>2.00.2.1012</version> <malware-database>v2014.09.12.02</malware-database> <rootkit-database>v2014.09.10.02</rootkit-database> <license>trial</license> <file-protection>enabled</file-protection> <web-protection>enabled</web-protection> <self-protection>disabled</self-protection> </engine> -<system> <osversion>Windows Vista Service Pack 2</osversion> <arch>x64</arch> <username>Ute</username> <filesys>NTFS</filesys> </system> -<summary> <type>threat</type> <result>completed</result> <objects>373379</objects> <time>1387</time> <processes>0</processes> <modules>0</modules> <keys>0</keys> <values>0</values> <datas>0</datas> <folders>1</folders> <files>29</files> <sectors>0</sectors> </summary> -<options> <memory>enabled</memory> <startup>enabled</startup> <filesystem>enabled</filesystem> <archives>enabled</archives> <rootkits>enabled</rootkits> <deeprootkit>disabled</deeprootkit> <heuristics>enabled</heuristics> <pup>enabled</pup> <pum>enabled</pum> </options> -<items> -<folder><path>C:\Program Files (x86)\ver1Re-markit</path><vendor>PUP.Optional.ReMarkIt.A</vendor><action/><hash>34ccfbf1572458def3b9f8ef3ec44db3</hash></folder> -<file><path>C:\Program Files (x86)\ver1Re-markit\e6Re-markite74.dll</path><vendor>PUP.Optional.ReMarkIt.A</vendor><action/><hash>34ccfbf1572458def3b9f8ef3ec44db3</hash></file> -<file><path>C:\Users\Manopost\AppData\Roaming\Mozilla\Firefox\Profiles\rjmb4qdq.default\prefs.js</path><vendor>PUP.Optional.Softonic.A</vendor><action/><baddata>user_pref("extensions.Softonic.admin", false);</baddata><gooddata/><hash>6d9312da5f1cc86e83e433faae578c74</hash></file> -<file><path>C:\Users\Manopost\AppData\Roaming\Mozilla\Firefox\Profiles\rjmb4qdq.default\prefs.js</path><vendor>PUP.Optional.Softonic.A</vendor><action/><baddata>user_pref("extensions.Softonic.aflt", "SD");</baddata><gooddata/><hash>c33d1cd0106b1b1b4d1af439fa0bb050</hash></file> -<file><path>C:\Users\Manopost\AppData\Roaming\Mozilla\Firefox\Profiles\rjmb4qdq.default\prefs.js</path><vendor>PUP.Optional.Softonic.A</vendor><action/><baddata>user_pref("extensions.Softonic.appId", "{7ABBFE1C-E485-44AA-8F36-353751B4124D}");</baddata><gooddata/><hash>4eb237b598e3cb6b2f381a13699c3dc3</hash></file> -<file><path>C:\Users\Manopost\AppData\Roaming\Mozilla\Firefox\Profiles\rjmb4qdq.default\prefs.js</path><vendor>PUP.Optional.Softonic.A</vendor><action/><baddata>user_pref("extensions.Softonic.autoRvrt", "false");</baddata><gooddata/><hash>f808f0fc48338aacb1b6230a2dd812ee</hash></file> -<file><path>C:\Users\Manopost\AppData\Roaming\Mozilla\Firefox\Profiles\rjmb4qdq.default\prefs.js</path><vendor>PUP.Optional.Softonic.A</vendor><action/><baddata>user_pref("extensions.Softonic.dfltLng", "de");</baddata><gooddata/><hash>10f01ad2eb904de9c99e5dd0e61fe917</hash></file> -<file><path>C:\Users\Manopost\AppData\Roaming\Mozilla\Firefox\Profiles\rjmb4qdq.default\prefs.js</path><vendor>PUP.Optional.Softonic.A</vendor><action/><baddata>user_pref("extensions.Softonic.dfltSrch", true);</baddata><gooddata/><hash>d52bdb1153280a2cbbac68c57491b34d</hash></file> -<file><path>C:\Users\Manopost\AppData\Roaming\Mozilla\Firefox\Profiles\rjmb4qdq.default\prefs.js</path><vendor>PUP.Optional.Softonic.A</vendor><action/><baddata>user_pref("extensions.Softonic.dnsErr", true);</baddata><gooddata/><hash>a35d09e37a0150e62e39230ae22353ad</hash></file> -<file><path>C:\Users\Manopost\AppData\Roaming\Mozilla\Firefox\Profiles\rjmb4qdq.default\prefs.js</path><vendor>PUP.Optional.Softonic.A</vendor><action/><baddata>user_pref("extensions.Softonic.excTlbr", false);</baddata><gooddata/><hash>50b059939ae1072f363143ea5baa0ef2</hash></file> -<file><path>C:\Users\Manopost\AppData\Roaming\Mozilla\Firefox\Profiles\rjmb4qdq.default\prefs.js</path><vendor>PUP.Optional.Softonic.A</vendor><action/><baddata>user_pref("extensions.Softonic.ffxUnstlRst", false);</baddata><gooddata/><hash>e51b48a47605cb6b4d1a4de00302d22e</hash></file> -<file><path>C:\Users\Manopost\AppData\Roaming\Mozilla\Firefox\Profiles\rjmb4qdq.default\prefs.js</path><vendor>PUP.Optional.Softonic.A</vendor><action/><baddata>user_pref("extensions.Softonic.hmpg", true);</baddata><gooddata/><hash>9e623ab2df9c37ff6ef91617d92ca060</hash></file> -<file><path>C:\Users\Manopost\AppData\Roaming\Mozilla\Firefox\Profiles\rjmb4qdq.default\prefs.js</path><vendor>PUP.Optional.Softonic.A</vendor><action/><baddata>user_pref("extensions.Softonic.hmpgUrl", "hxxp://search.softonic.com/MOY00009/tb_v1?SearchSource=13&cc=&mi=7047a004000000000000001a4f9d7b72&toi=16073");</baddata><gooddata/><hash>f01037b52e4d1125214644e9699cfc04</hash></file> -<file><path>C:\Users\Manopost\AppData\Roaming\Mozilla\Firefox\Profiles\rjmb4qdq.default\prefs.js</path><vendor>PUP.Optional.Softonic.A</vendor><action/><baddata>user_pref("extensions.Softonic.hpOld0", "hxxp://www.aol.de/");</baddata><gooddata/><hash>0bf52dbf26550630e6815ecf877ec23e</hash></file> -<file><path>C:\Users\Manopost\AppData\Roaming\Mozilla\Firefox\Profiles\rjmb4qdq.default\prefs.js</path><vendor>PUP.Optional.Softonic.A</vendor><action/><baddata>user_pref("extensions.Softonic.id", "7047a004000000000000001a4f9d7b72");</baddata><gooddata/><hash>3bc59a525d1eff3798cf16171de84fb1</hash></file> -<file><path>C:\Users\Manopost\AppData\Roaming\Mozilla\Firefox\Profiles\rjmb4qdq.default\prefs.js</path><vendor>PUP.Optional.Softonic.A</vendor><action/><baddata>user_pref("extensions.Softonic.instlDay", "16073");</baddata><gooddata/><hash>e51bcf1db2c9f73f88df82abb84d3cc4</hash></file> -<file><path>C:\Users\Manopost\AppData\Roaming\Mozilla\Firefox\Profiles\rjmb4qdq.default\prefs.js</path><vendor>PUP.Optional.Softonic.A</vendor><action/><baddata>user_pref("extensions.Softonic.instlRef", "MOY00009");</baddata><gooddata/><hash>40c08c607a01dc5a580f4de005007e82</hash></file> -<file><path>C:\Users\Manopost\AppData\Roaming\Mozilla\Firefox\Profiles\rjmb4qdq.default\prefs.js</path><vendor>PUP.Optional.Softonic.A</vendor><action/><baddata>user_pref("extensions.Softonic.kw_url", "hxxp://search.softonic.com/MOY00009/tb_v1?SearchSource=2&cc=&mi=7047a004000000000000001a4f9d7b72&toi=16073&q=");</baddata><gooddata/><hash>2cd49953c4b7af8779ee53dadc29827e</hash></file> -<file><path>C:\Users\Manopost\AppData\Roaming\Mozilla\Firefox\Profiles\rjmb4qdq.default\prefs.js</path><vendor>PUP.Optional.Softonic.A</vendor><action/><baddata>user_pref("extensions.Softonic.newTab", true);</baddata><gooddata/><hash>4fb187653d3e3df94126ba73818458a8</hash></file> -<file><path>C:\Users\Manopost\AppData\Roaming\Mozilla\Firefox\Profiles\rjmb4qdq.default\prefs.js</path><vendor>PUP.Optional.Softonic.A</vendor><action/><baddata>user_pref("extensions.Softonic.newTabUrl", "hxxp://search.softonic.com/MOY00009/tb_v1/?SearchSource=15&cc=&mi=7047a004000000000000001a4f9d7b72&toi=16073");</baddata><gooddata/><hash>837dfdef166524125b0c8da037ceb64a</hash></file> -<file><path>C:\Users\Manopost\AppData\Roaming\Mozilla\Firefox\Profiles\rjmb4qdq.default\prefs.js</path><vendor>PUP.Optional.Softonic.A</vendor><action/><baddata>user_pref("extensions.Softonic.prdct", "Softonic");</baddata><gooddata/><hash>11ef63898deed363580f5fcee61f0ff1</hash></file> -<file><path>C:\Users\Manopost\AppData\Roaming\Mozilla\Firefox\Profiles\rjmb4qdq.default\prefs.js</path><vendor>PUP.Optional.Softonic.A</vendor><action/><baddata>user_pref("extensions.Softonic.prtnrId", "softonic");</baddata><gooddata/><hash>d7294f9d5922b1854720240962a33ac6</hash></file> -<file><path>C:\Users\Manopost\AppData\Roaming\Mozilla\Firefox\Profiles\rjmb4qdq.default\prefs.js</path><vendor>PUP.Optional.Softonic.A</vendor><action/><baddata>user_pref("extensions.Softonic.rvrt", "false");</baddata><gooddata/><hash>ed139c50c0bbdc5a6700c96408fd51af</hash></file> -<file><path>C:\Users\Manopost\AppData\Roaming\Mozilla\Firefox\Profiles\rjmb4qdq.default\prefs.js</path><vendor>PUP.Optional.Softonic.A</vendor><action/><baddata>user_pref("extensions.Softonic.smplGrp", "none");</baddata><gooddata/><hash>12ee6f7dd2a986b08ed940ed6f9638c8</hash></file> -<file><path>C:\Users\Manopost\AppData\Roaming\Mozilla\Firefox\Profiles\rjmb4qdq.default\prefs.js</path><vendor>PUP.Optional.Softonic.A</vendor><action/><baddata>user_pref("extensions.Softonic.srchPrvdr", "Search the web (Softonic)");</baddata><gooddata/><hash>e21e6d7fa0dbba7c65022ffe9174b749</hash></file> -<file><path>C:\Users\Manopost\AppData\Roaming\Mozilla\Firefox\Profiles\rjmb4qdq.default\prefs.js</path><vendor>PUP.Optional.Softonic.A</vendor><action/><baddata>user_pref("extensions.Softonic.tlbrId", "2013desingbrand");</baddata><gooddata/><hash>46ba32baa4d73df9b4b39994897caa56</hash></file> -<file><path>C:\Users\Manopost\AppData\Roaming\Mozilla\Firefox\Profiles\rjmb4qdq.default\prefs.js</path><vendor>PUP.Optional.Softonic.A</vendor><action/><baddata>user_pref("extensions.Softonic.tlbrSrchUrl", "hxxp://search.softonic.com/MOY00009/tb_v1?SearchSource=1&cc=&mi=7047a004000000000000001a4f9d7b72&toi=16073&q=");</baddata><gooddata/><hash>6f9145a7d3a87cbafa6d9d909e676a96</hash></file> -<file><path>C:\Users\Manopost\AppData\Roaming\Mozilla\Firefox\Profiles\rjmb4qdq.default\prefs.js</path><vendor>PUP.Optional.Softonic.A</vendor><action/><baddata>user_pref("extensions.Softonic.vrsn", "1.8.29.3");</baddata><gooddata/><hash>db25af3d7506db5bde893feea36256aa</hash></file> -<file><path>C:\Users\Manopost\AppData\Roaming\Mozilla\Firefox\Profiles\rjmb4qdq.default\prefs.js</path><vendor>PUP.Optional.Softonic.A</vendor><action/><baddata>user_pref("extensions.Softonic.vrsnTs", "1.8.29.318:18:22");</baddata><gooddata/><hash>48b8c527aecd7db9f86f220b37cea060</hash></file> -<file><path>C:\Users\Manopost\AppData\Roaming\Mozilla\Firefox\Profiles\rjmb4qdq.default\prefs.js</path><vendor>PUP.Optional.Softonic.A</vendor><action/><baddata>user_pref("extensions.Softonic.vrsni", "1.8.29.3");</baddata><gooddata/><hash>6d93925ae992112551168ca14abb4eb2</hash></file> </items> </mbam-log>
|
|
12.09.2014, 10:49
| #41 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | lrcnta + srptm, graue Felder Junkware-Reste. Diese Junkware kam auch mit kräftiger Mithilfe deinerseits auf den Rechner, da du vermüllte Software von Softonic runtergeladen und installiert ist. Funde mit MBAM entfernt?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.09.2014, 11:51
| #42 |
| | lrcnta + srptm, graue Felder in Quarantäne. Soll ich löschen? Eset Scanner zeigt schon einen Trojaner an. Ist aber noch am suchen, hat erst ein Drittel. kann ich Softronicmüll irgendwie löschen? Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=52214efe42a7c0468d2926f2b9b16a93
# engine=20121
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-09-12 09:44:34
# local_time=2014-09-12 11:44:34 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1=''
# compatibility_mode=5892 16776573 100 100 82941 248038980 0 0
# scanned=206169
# found=26
# cleaned=0
# scan_time=4176
sh=844949940EDFA51D38C5FA3294892B92C8D3CF8E ft=1 fh=c71c00116efa4a17 vn="Win32/Toolbar.AskSBar evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskTBar\bar\1.bin\A5POPSWT.DLL.vir"
sh=BB975EE11563FEB8F5AE1EA682E97A00D689F4E9 ft=1 fh=e477418542ff9b15 vn="Win32/Toolbar.MyWebSearch evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FunWebProducts\Installr\1.bin\F3PLUGIN.DLL.vir"
sh=A4C84CDB3FF2839E3E634D8872F3FB1E6CC4FCD2 ft=1 fh=98329bfe943c52a7 vn="Variante von Win32/AdWare.AddLyrics.BJ Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ver1Re-markit\Uninstall.exe.vir"
sh=8E85D93BE859D28C3AD8F3F6B4D26E939D54B7F1 ft=1 fh=444194059f223716 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Manopost\AppData\Local\Smartbar\Application\SmartbarInternetExplorerBHO2.dll.vir"
sh=B0312E8AF5F085D4D7C4AC12A6C902CD3ACB799E ft=1 fh=1042727feb7509bb vn="Variante von MSIL/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Manopost\AppData\Local\Smartbar\Application\SmartbarInternetExplorerExtension2.dll.vir"
sh=70511E1DC237B11EB2DA47764E2F58D66884A8D4 ft=1 fh=8926dceffb73a01c vn="Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Manopost\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\GoogleChromeRemotePlugin.dll.vir"
sh=857CC3345A3822AF53B1929B8A2BBCF72BB1391E ft=1 fh=acc9f12da781c207 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Manopost\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_26.dll.vir"
sh=0414957AE0D2B342AB58CA7C0DEB191EB252F689 ft=1 fh=513fca58ac50a90d vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Manopost\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_27.dll.vir"
sh=2A78FC37034AA9C58B1B2D47929D23620D62C657 ft=1 fh=3d7c65ead160cf01 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Manopost\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_28.dll.vir"
sh=D0E111B46081B7F29F5F97BBD27826BE7FF2D100 ft=1 fh=8fb3d533241ad012 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Manopost\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_29.dll.vir"
sh=DA8A32C2FC62802F155C7B8DC2B3DFBB58672098 ft=1 fh=6e51ce951b902f0d vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Manopost\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_30.dll.vir"
sh=FA63E2B986E0D6F5312E74B7AFFF49030529B199 ft=1 fh=5eb8c17bce0f839a vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Manopost\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_31.dll.vir"
sh=857CC3345A3822AF53B1929B8A2BBCF72BB1391E ft=1 fh=acc9f12da781c207 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Manopost\AppData\Roaming\Mozilla\Firefox\Profiles\rjmb4qdq.default\extensions\{dd6584dc-e4dc-64c2-eaa6-c04952c01f05}\components\SmartbarFireFoxRemotePlugin_26.dll"
sh=0414957AE0D2B342AB58CA7C0DEB191EB252F689 ft=1 fh=513fca58ac50a90d vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Manopost\AppData\Roaming\Mozilla\Firefox\Profiles\rjmb4qdq.default\extensions\{dd6584dc-e4dc-64c2-eaa6-c04952c01f05}\components\SmartbarFireFoxRemotePlugin_27.dll"
sh=2A78FC37034AA9C58B1B2D47929D23620D62C657 ft=1 fh=3d7c65ead160cf01 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Manopost\AppData\Roaming\Mozilla\Firefox\Profiles\rjmb4qdq.default\extensions\{dd6584dc-e4dc-64c2-eaa6-c04952c01f05}\components\SmartbarFireFoxRemotePlugin_28.dll"
sh=D0E111B46081B7F29F5F97BBD27826BE7FF2D100 ft=1 fh=8fb3d533241ad012 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Manopost\AppData\Roaming\Mozilla\Firefox\Profiles\rjmb4qdq.default\extensions\{dd6584dc-e4dc-64c2-eaa6-c04952c01f05}\components\SmartbarFireFoxRemotePlugin_29.dll"
sh=DA8A32C2FC62802F155C7B8DC2B3DFBB58672098 ft=1 fh=6e51ce951b902f0d vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Manopost\AppData\Roaming\Mozilla\Firefox\Profiles\rjmb4qdq.default\extensions\{dd6584dc-e4dc-64c2-eaa6-c04952c01f05}\components\SmartbarFireFoxRemotePlugin_30.dll"
sh=FA63E2B986E0D6F5312E74B7AFFF49030529B199 ft=1 fh=5eb8c17bce0f839a vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Manopost\AppData\Roaming\Mozilla\Firefox\Profiles\rjmb4qdq.default\extensions\{dd6584dc-e4dc-64c2-eaa6-c04952c01f05}\components\SmartbarFireFoxRemotePlugin_31.dll"
sh=4073DB60355D23C0B264619DE291A9860E26ED9C ft=1 fh=15dba066dc8bc1b4 vn="Variante von MSIL/DownloadGuide.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Manopost\Downloads\chromesetup(2).exe"
sh=771B12AB94CBB0E497C3450804AA6CC4019AC67A ft=1 fh=16d4b30a78ab41fc vn="Variante von Win32/Adware.Trymedia.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Manopost\Downloads\JewelQuestSolitaireSetup-dm.exe"
sh=9EA889A4E7B92AB5F2FE85A49F9A4394FF0AAF89 ft=1 fh=f70fea66ab3f997c vn="Variante von Win32/InstallCore.MZ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Manopost\Downloads\nero_setup.exe"
sh=FD36D8CB741325ADE0CA2D40A0833C565718FA6C ft=1 fh=7ef4a03c64850da1 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung" ac=I fn="C:\Users\Manopost\Downloads\Shockwave_Installer_Slim (1).exe"
sh=894DFE8FCB1A8E53F1222164B75F89F5E106EEC5 ft=1 fh=cc13cead9c6e9f3a vn="Variante von Win32/Agent.WGA Trojaner" ac=I fn="C:\Users\Public\29B3597AA0BC4491BC3F1A409CD7CF3F\plugin_0.0.4.exe"
sh=4B2E8508043C514D6135F7781E5711CB1B6754EA ft=1 fh=232577bd78ab41fc vn="Variante von Win32/Adware.Trymedia.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Public\Downloads\TopTenSolitaireSetup-dm[1].exe"
sh=B5B41E946960F17050C00A4891CFF46B08486A4D ft=1 fh=79895fd74f1827db vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung" ac=I fn="C:\Windows\System32\Adobe\Shockwave 11\gt.exe"
sh=B5B41E946960F17050C00A4891CFF46B08486A4D ft=1 fh=79895fd74f1827db vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung" ac=I fn="C:\Windows\SysWOW64\Adobe\Shockwave 11\gt.exe"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=52214efe42a7c0468d2926f2b9b16a93
# engine=20121
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-09-12 10:42:15
# local_time=2014-09-12 12:42:15 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1=''
# compatibility_mode=5892 16776573 100 100 86402 248042441 0 0
# scanned=90390
# found=14
# cleaned=0
# scan_time=3358
sh=844949940EDFA51D38C5FA3294892B92C8D3CF8E ft=1 fh=c71c00116efa4a17 vn="Win32/Toolbar.AskSBar evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskTBar\bar\1.bin\A5POPSWT.DLL.vir"
sh=BB975EE11563FEB8F5AE1EA682E97A00D689F4E9 ft=1 fh=e477418542ff9b15 vn="Win32/Toolbar.MyWebSearch evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FunWebProducts\Installr\1.bin\F3PLUGIN.DLL.vir"
sh=A4C84CDB3FF2839E3E634D8872F3FB1E6CC4FCD2 ft=1 fh=98329bfe943c52a7 vn="Variante von Win32/AdWare.AddLyrics.BJ Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ver1Re-markit\Uninstall.exe.vir"
sh=9DD0F7453F429A74EDA0C5519D70C91AF1EC6AA2 ft=0 fh=0000000000000000 vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Manopost\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie2.1.36.zip.vir"
sh=659E678C5D8CE742CC03A211C59AA57E6018FDC6 ft=0 fh=0000000000000000 vn="Variante von Android/Mobserv.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Manopost\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\MUServer.apk.vir"
sh=8E85D93BE859D28C3AD8F3F6B4D26E939D54B7F1 ft=1 fh=444194059f223716 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Manopost\AppData\Local\Smartbar\Application\SmartbarInternetExplorerBHO2.dll.vir"
sh=B0312E8AF5F085D4D7C4AC12A6C902CD3ACB799E ft=1 fh=1042727feb7509bb vn="Variante von MSIL/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Manopost\AppData\Local\Smartbar\Application\SmartbarInternetExplorerExtension2.dll.vir"
sh=70511E1DC237B11EB2DA47764E2F58D66884A8D4 ft=1 fh=8926dceffb73a01c vn="Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Manopost\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\GoogleChromeRemotePlugin.dll.vir"
sh=857CC3345A3822AF53B1929B8A2BBCF72BB1391E ft=1 fh=acc9f12da781c207 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Manopost\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_26.dll.vir"
sh=0414957AE0D2B342AB58CA7C0DEB191EB252F689 ft=1 fh=513fca58ac50a90d vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Manopost\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_27.dll.vir"
sh=2A78FC37034AA9C58B1B2D47929D23620D62C657 ft=1 fh=3d7c65ead160cf01 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Manopost\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_28.dll.vir"
sh=D0E111B46081B7F29F5F97BBD27826BE7FF2D100 ft=1 fh=8fb3d533241ad012 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Manopost\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_29.dll.vir"
sh=DA8A32C2FC62802F155C7B8DC2B3DFBB58672098 ft=1 fh=6e51ce951b902f0d vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Manopost\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_30.dll.vir"
sh=FA63E2B986E0D6F5312E74B7AFFF49030529B199 ft=1 fh=5eb8c17bce0f839a vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Manopost\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_31.dll.vir"
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=52214efe42a7c0468d2926f2b9b16a93
# engine=20121
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-09-12 09:44:34
# local_time=2014-09-12 11:44:34 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1=''
# compatibility_mode=5892 16776573 100 100 82941 248038980 0 0
# scanned=206169
# found=26
# cleaned=0
# scan_time=4176
sh=844949940EDFA51D38C5FA3294892B92C8D3CF8E ft=1 fh=c71c00116efa4a17 vn="Win32/Toolbar.AskSBar evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskTBar\bar\1.bin\A5POPSWT.DLL.vir"
sh=BB975EE11563FEB8F5AE1EA682E97A00D689F4E9 ft=1 fh=e477418542ff9b15 vn="Win32/Toolbar.MyWebSearch evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FunWebProducts\Installr\1.bin\F3PLUGIN.DLL.vir"
sh=A4C84CDB3FF2839E3E634D8872F3FB1E6CC4FCD2 ft=1 fh=98329bfe943c52a7 vn="Variante von Win32/AdWare.AddLyrics.BJ Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ver1Re-markit\Uninstall.exe.vir"
sh=8E85D93BE859D28C3AD8F3F6B4D26E939D54B7F1 ft=1 fh=444194059f223716 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Manopost\AppData\Local\Smartbar\Application\SmartbarInternetExplorerBHO2.dll.vir"
sh=B0312E8AF5F085D4D7C4AC12A6C902CD3ACB799E ft=1 fh=1042727feb7509bb vn="Variante von MSIL/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Manopost\AppData\Local\Smartbar\Application\SmartbarInternetExplorerExtension2.dll.vir"
sh=70511E1DC237B11EB2DA47764E2F58D66884A8D4 ft=1 fh=8926dceffb73a01c vn="Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Manopost\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\GoogleChromeRemotePlugin.dll.vir"
sh=857CC3345A3822AF53B1929B8A2BBCF72BB1391E ft=1 fh=acc9f12da781c207 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Manopost\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_26.dll.vir"
sh=0414957AE0D2B342AB58CA7C0DEB191EB252F689 ft=1 fh=513fca58ac50a90d vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Manopost\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_27.dll.vir"
sh=2A78FC37034AA9C58B1B2D47929D23620D62C657 ft=1 fh=3d7c65ead160cf01 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Manopost\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_28.dll.vir"
sh=D0E111B46081B7F29F5F97BBD27826BE7FF2D100 ft=1 fh=8fb3d533241ad012 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Manopost\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_29.dll.vir"
sh=DA8A32C2FC62802F155C7B8DC2B3DFBB58672098 ft=1 fh=6e51ce951b902f0d vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Manopost\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_30.dll.vir"
sh=FA63E2B986E0D6F5312E74B7AFFF49030529B199 ft=1 fh=5eb8c17bce0f839a vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Manopost\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_31.dll.vir"
sh=857CC3345A3822AF53B1929B8A2BBCF72BB1391E ft=1 fh=acc9f12da781c207 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Manopost\AppData\Roaming\Mozilla\Firefox\Profiles\rjmb4qdq.default\extensions\{dd6584dc-e4dc-64c2-eaa6-c04952c01f05}\components\SmartbarFireFoxRemotePlugin_26.dll"
sh=0414957AE0D2B342AB58CA7C0DEB191EB252F689 ft=1 fh=513fca58ac50a90d vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Manopost\AppData\Roaming\Mozilla\Firefox\Profiles\rjmb4qdq.default\extensions\{dd6584dc-e4dc-64c2-eaa6-c04952c01f05}\components\SmartbarFireFoxRemotePlugin_27.dll"
sh=2A78FC37034AA9C58B1B2D47929D23620D62C657 ft=1 fh=3d7c65ead160cf01 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Manopost\AppData\Roaming\Mozilla\Firefox\Profiles\rjmb4qdq.default\extensions\{dd6584dc-e4dc-64c2-eaa6-c04952c01f05}\components\SmartbarFireFoxRemotePlugin_28.dll"
sh=D0E111B46081B7F29F5F97BBD27826BE7FF2D100 ft=1 fh=8fb3d533241ad012 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Manopost\AppData\Roaming\Mozilla\Firefox\Profiles\rjmb4qdq.default\extensions\{dd6584dc-e4dc-64c2-eaa6-c04952c01f05}\components\SmartbarFireFoxRemotePlugin_29.dll"
sh=DA8A32C2FC62802F155C7B8DC2B3DFBB58672098 ft=1 fh=6e51ce951b902f0d vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Manopost\AppData\Roaming\Mozilla\Firefox\Profiles\rjmb4qdq.default\extensions\{dd6584dc-e4dc-64c2-eaa6-c04952c01f05}\components\SmartbarFireFoxRemotePlugin_30.dll"
sh=FA63E2B986E0D6F5312E74B7AFFF49030529B199 ft=1 fh=5eb8c17bce0f839a vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Manopost\AppData\Roaming\Mozilla\Firefox\Profiles\rjmb4qdq.default\extensions\{dd6584dc-e4dc-64c2-eaa6-c04952c01f05}\components\SmartbarFireFoxRemotePlugin_31.dll"
sh=4073DB60355D23C0B264619DE291A9860E26ED9C ft=1 fh=15dba066dc8bc1b4 vn="Variante von MSIL/DownloadGuide.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Manopost\Downloads\chromesetup(2).exe"
sh=771B12AB94CBB0E497C3450804AA6CC4019AC67A ft=1 fh=16d4b30a78ab41fc vn="Variante von Win32/Adware.Trymedia.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Manopost\Downloads\JewelQuestSolitaireSetup-dm.exe"
sh=9EA889A4E7B92AB5F2FE85A49F9A4394FF0AAF89 ft=1 fh=f70fea66ab3f997c vn="Variante von Win32/InstallCore.MZ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Manopost\Downloads\nero_setup.exe"
sh=FD36D8CB741325ADE0CA2D40A0833C565718FA6C ft=1 fh=7ef4a03c64850da1 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung" ac=I fn="C:\Users\Manopost\Downloads\Shockwave_Installer_Slim (1).exe"
sh=894DFE8FCB1A8E53F1222164B75F89F5E106EEC5 ft=1 fh=cc13cead9c6e9f3a vn="Variante von Win32/Agent.WGA Trojaner" ac=I fn="C:\Users\Public\29B3597AA0BC4491BC3F1A409CD7CF3F\plugin_0.0.4.exe"
sh=4B2E8508043C514D6135F7781E5711CB1B6754EA ft=1 fh=232577bd78ab41fc vn="Variante von Win32/Adware.Trymedia.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Public\Downloads\TopTenSolitaireSetup-dm[1].exe"
sh=B5B41E946960F17050C00A4891CFF46B08486A4D ft=1 fh=79895fd74f1827db vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung" ac=I fn="C:\Windows\System32\Adobe\Shockwave 11\gt.exe"
sh=B5B41E946960F17050C00A4891CFF46B08486A4D ft=1 fh=79895fd74f1827db vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung" ac=I fn="C:\Windows\SysWOW64\Adobe\Shockwave 11\gt.exe"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=52214efe42a7c0468d2926f2b9b16a93
# engine=20121
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-09-12 10:42:15
# local_time=2014-09-12 12:42:15 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1=''
# compatibility_mode=5892 16776573 100 100 86402 248042441 0 0
# scanned=90390
# found=14
# cleaned=0
# scan_time=3358
sh=844949940EDFA51D38C5FA3294892B92C8D3CF8E ft=1 fh=c71c00116efa4a17 vn="Win32/Toolbar.AskSBar evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskTBar\bar\1.bin\A5POPSWT.DLL.vir"
sh=BB975EE11563FEB8F5AE1EA682E97A00D689F4E9 ft=1 fh=e477418542ff9b15 vn="Win32/Toolbar.MyWebSearch evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FunWebProducts\Installr\1.bin\F3PLUGIN.DLL.vir"
sh=A4C84CDB3FF2839E3E634D8872F3FB1E6CC4FCD2 ft=1 fh=98329bfe943c52a7 vn="Variante von Win32/AdWare.AddLyrics.BJ Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ver1Re-markit\Uninstall.exe.vir"
sh=9DD0F7453F429A74EDA0C5519D70C91AF1EC6AA2 ft=0 fh=0000000000000000 vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Manopost\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie2.1.36.zip.vir"
sh=659E678C5D8CE742CC03A211C59AA57E6018FDC6 ft=0 fh=0000000000000000 vn="Variante von Android/Mobserv.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Manopost\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\MUServer.apk.vir"
sh=8E85D93BE859D28C3AD8F3F6B4D26E939D54B7F1 ft=1 fh=444194059f223716 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Manopost\AppData\Local\Smartbar\Application\SmartbarInternetExplorerBHO2.dll.vir"
sh=B0312E8AF5F085D4D7C4AC12A6C902CD3ACB799E ft=1 fh=1042727feb7509bb vn="Variante von MSIL/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Manopost\AppData\Local\Smartbar\Application\SmartbarInternetExplorerExtension2.dll.vir"
sh=70511E1DC237B11EB2DA47764E2F58D66884A8D4 ft=1 fh=8926dceffb73a01c vn="Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Manopost\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\GoogleChromeRemotePlugin.dll.vir"
sh=857CC3345A3822AF53B1929B8A2BBCF72BB1391E ft=1 fh=acc9f12da781c207 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Manopost\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_26.dll.vir"
sh=0414957AE0D2B342AB58CA7C0DEB191EB252F689 ft=1 fh=513fca58ac50a90d vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Manopost\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_27.dll.vir"
sh=2A78FC37034AA9C58B1B2D47929D23620D62C657 ft=1 fh=3d7c65ead160cf01 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Manopost\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_28.dll.vir"
sh=D0E111B46081B7F29F5F97BBD27826BE7FF2D100 ft=1 fh=8fb3d533241ad012 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Manopost\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_29.dll.vir"
sh=DA8A32C2FC62802F155C7B8DC2B3DFBB58672098 ft=1 fh=6e51ce951b902f0d vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Manopost\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_30.dll.vir"
sh=FA63E2B986E0D6F5312E74B7AFFF49030529B199 ft=1 fh=5eb8c17bce0f839a vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Manopost\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_31.dll.vir"
|
|
12.09.2014, 12:21
| #43 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | lrcnta + srptm, graue Felder Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Users\Manopost\AppData\Roaming\Mozilla\Firefox\Profiles\rjmb4qdq.default\extensions\{dd6584dc-e4dc-64c2-eaa6-c04952c01f05}
C:\Windows\System32\Adobe\Shockwave 11\gt.exe
C:\Users\Manopost\Downloads\*.exe
C:\Users\Public\Downloads\*.exe
C:\Users\Public\29B3597AA0BC4491BC3F1A409CD7CF3F
EmptyTemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.09.2014, 13:10
| #44 |
| | lrcnta + srptm, graue FelderCode:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-09-2014
Ran by Ute at 2014-09-12 14:09:06 Run:3
Running from C:\Users\Ute\Downloads
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
C:\Users\Manopost\AppData\Roaming\Mozilla\Firefox\Profiles\rjmb4qdq.default\extensions\{dd6584dc-e4dc-64c2-eaa6-c04952c01f05} C:\Windows\System32\Adobe\Shockwave 11\gt.exe C:\Users\Manopost\Downloads\*.exe C:\Users\Public\Downloads\*.exe C:\Users\Public\29B3597AA0BC4491BC3F1A409CD7CF3F EmptyTemp:
*****************
"C:\Users\Manopost\AppData\Roaming\Mozilla\Firefox\Profiles\rjmb4qdq.default\extensions\{dd6584dc-e4dc-64c2-eaa6-c04952c01f05} C:\Windows\System32\Adobe\Shockwave 11\gt.exe C:\Users\Manopost\Downloads\*.exe C:\Users\Public\Downloads\*.exe C:\Users\Public\29B3597AA0BC4491BC3F1A409CD7CF3F EmptyTemp:" => File/Directory not found.
==== End of Fixlog ====
|
|
12.09.2014, 13:29
| #45 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | lrcnta + srptm, graue Felder Du hast den Fix falsch gemacht. Mein Fix ist mehrzeilig und du hast alle Zeilen in eine kopiert. Das geht nicht.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
Linear-Darstellung
