|
Plagegeister aller Art und deren Bekämpfung: sm.de virusbefallWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
04.10.2014, 13:11 | #1 |
| sm.de virusbefall Hallo, war schon einige Male bei Euch und genoss fantastische Hilfe. Habe vor ein paar Tagen den VLC player heruntergeladen und - offenbar durch Unachtsamkeit - einen falschen Haken gesetzt und prompt den sm.de browser hijak eingefangen, der sich bei Firefox eingenistet hat. Uebrigens, beim IE habe ich Bing, den ich ebenso wegschmeissen möchte. Habe gem. Anleitung den Defogger ausgeführt und poste anbei FRST64/addition64/Gmer logfiles Sonst läuft der PC gut und problemlos, scanne ihn regelmässig mit dem MS essentials, hin wieder mit dem von Euch empfohlenen Adware tool. Vielen Dank für Eure Profihilfe und Gruss Alfred Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-10-2014 Ran by Alfred (administrator) on DM12REP on 04-10-2014 09:04:33 Running from C:\Users\Alfred\Desktop Loaded Profile: Alfred (Available profiles: Alfred) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (AMD) C:\Windows\System32\atiesrxx.exe (Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (AMD) C:\Windows\System32\atieclxx.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (ArcSoft, Inc.) C:\Users\Alfred\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe (Dropbox, Inc.) C:\Users\Alfred\AppData\Roaming\Dropbox\bin\Dropbox.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (VMLite, Inc.) C:\VXP\VMLiteService.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_15_0_0_167_ActiveX.exe () C:\Users\Alfred\Desktop\Defogger.exe () C:\Program Files (x86)\Acronis\DriveMonitor\adm.exe () C:\Program Files (x86)\Acronis\DriveMonitor\adm.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-21-344976508-2612026722-1020238545-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-08-08] (Apple Inc.) HKU\S-1-5-21-344976508-2612026722-1020238545-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries) HKU\S-1-5-21-344976508-2612026722-1020238545-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6480664 2014-09-25] (Piriform Ltd) HKU\S-1-5-21-344976508-2612026722-1020238545-1000\...\MountPoints2: L - L:\HPLauncher.exe HKU\S-1-5-21-344976508-2612026722-1020238545-1000\...\MountPoints2: {63be18cd-1c39-11e2-87aa-20cf308e5960} - K:\HPLauncher.exe HKU\S-1-5-21-344976508-2612026722-1020238545-1000\...\MountPoints2: {aa142560-a0e7-11e2-b173-20cf308e5960} - K:\HPLauncher.exe HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries) Startup: C:\Users\Alfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Alfred\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alfred\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alfred\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alfred\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alfred\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) BootExecute: autocheck autochk * SBBD.exe /d \Device\HarddiskVolume2\Program Files (x86)\Ad-Aware Antivirus\Definitions ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ch.msn.com/default.aspx?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x2E20F8E641ADCD01 URLSearchHook: HKLM-x32 - Default Value = {CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D} SearchScopes: HKLM - {8A750DF0-FBD0-47C1-A1D7-5F6540A568AE} URL = hxxp://www.sm.de/?q={searchTerms} SearchScopes: HKCU - {8A750DF0-FBD0-47C1-A1D7-5F6540A568AE} URL = hxxp://www.sm.de/?q={searchTerms} BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Alfred\AppData\Roaming\Mozilla\Firefox\Profiles\f9e1lb4p.default-1397924871496 FF DefaultSearchEngine: SuchMaschine FF SearchEngineOrder.1: SuchMaschine FF SelectedSearchEngine: SuchMaschine FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF SearchPlugin: C:\Users\Alfred\AppData\Roaming\Mozilla\Firefox\Profiles\f9e1lb4p.default-1397924871496\searchplugins\search_engine.xml FF SearchPlugin: C:\Users\Alfred\AppData\Roaming\Mozilla\Firefox\Profiles\f9e1lb4p.default-1397924871496\searchplugins\startpage-https---deutsch.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: YouTube Unblocker - C:\Users\Alfred\AppData\Roaming\Mozilla\Firefox\Profiles\f9e1lb4p.default-1397924871496\Extensions\youtubeunblocker@unblocker.yt [2014-05-12] FF Extension: WOT - C:\Users\Alfred\AppData\Roaming\Mozilla\Firefox\Profiles\f9e1lb4p.default-1397924871496\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-06-18] FF Extension: DownloadHelper - C:\Users\Alfred\AppData\Roaming\Mozilla\Firefox\Profiles\f9e1lb4p.default-1397924871496\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-05] FF Extension: MEGA - C:\Users\Alfred\AppData\Roaming\Mozilla\Firefox\Profiles\f9e1lb4p.default-1397924871496\Extensions\firefox@mega.co.nz.xpi [2014-07-12] FF Extension: NoScript - C:\Users\Alfred\AppData\Roaming\Mozilla\Firefox\Profiles\f9e1lb4p.default-1397924871496\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-05-12] FF Extension: Adblock Plus - C:\Users\Alfred\AppData\Roaming\Mozilla\Firefox\Profiles\f9e1lb4p.default-1397924871496\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-12] FF Extension: DownThemAll! - C:\Users\Alfred\AppData\Roaming\Mozilla\Firefox\Profiles\f9e1lb4p.default-1397924871496\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2014-05-12] FF Extension: Adblock Edge - C:\Users\Alfred\AppData\Roaming\Mozilla\Firefox\Profiles\f9e1lb4p.default-1397924871496\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2014-04-23] FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-09-25] FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-07-26] FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-04-25] FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 Chrome: ======= CHR HomePage: Default -> hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_4&ent=hp&u=424CC20045927E4CBDC72C5234910BB4 CHR RestoreOnStartup: Default -> "hxxp://www.google.com" CHR NewTab: Default -> "chrome-extension://eooncjejnppfjjklapaamhcdmjbilmde/redirect.html" CHR DefaultSearchKeyword: Default -> SuchMaschine CHR DefaultSearchProvider: Default -> SuchMaschine CHR DefaultSearchURL: Default -> hxxp://www.sm.de/?q={searchTerms} CHR DefaultSuggestURL: Default -> CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll No File CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\pdf.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation) CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll No File CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll No File CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll No File CHR Plugin: (RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll No File CHR Plugin: (RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll No File CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll No File CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File CHR Profile: C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-26] CHR Extension: (Google Drive) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-26] CHR Extension: (WOT) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2013-06-30] CHR Extension: (YouTube) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-26] CHR Extension: (Google-Suche) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-26] CHR Extension: (RealDownloader) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-06-26] CHR Extension: (Skype Click to Call) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-06-26] CHR Extension: (Chrome In-App Payments service) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22] CHR Extension: (Mehr Leistung und Videoformate für dein HTML5 <video>) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2013-06-26] CHR Extension: (Google Mail) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-26] CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-05-06] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 BackupService; C:\Users\Alfred\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe [83512 2010-07-01] (ArcSoft, Inc.) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-08-07] (Garmin Ltd or its subsidiaries) R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed] R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed] S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed] R2 LPDSVC; C:\Windows\system32\lpdsvc.dll [45568 2009-07-14] (Microsoft Corporation) R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation) R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation) R2 VMLiteService; C:\VXP\VMLiteService.exe [426600 2010-08-21] (VMLite, Inc.) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13368 2009-04-06] () R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-09-14] (GFI Software) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-14] () R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation) R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.) S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed] R1 VBoxDrv; C:\Windows\System32\drivers\VBoxDrv.sys [204328 2010-08-11] (VMLite, Inc.) R3 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp.sys [146216 2010-08-11] (VMLite, Inc.) R3 VBoxNetFlt; C:\Windows\System32\DRIVERS\VBoxNetFlt.sys [165800 2010-08-11] (VMLite, Inc.) R1 vmlitedrv; C:\Windows\System32\drivers\vmlitedrv.sys [14952 2010-08-03] (VMLite, Inc.) R3 vmlitestor; C:\Windows\System32\DRIVERS\vmlitestor.sys [177768 2010-08-11] (VMLite, Inc.) S3 VMLiteUSB; C:\Windows\System32\Drivers\VMLiteUSB.sys [150120 2010-08-11] (VMLite, Inc.) R1 VMLiteUSBMon; C:\Windows\System32\drivers\vmliteusbmon.sys [135272 2010-08-18] (VMLite, Inc.) S3 ALSysIO; \??\C:\Users\Alfred\AppData\Local\Temp\ALSysIO64.sys [X] S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X] S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-04 09:04 - 2014-10-04 09:05 - 00024379 _____ () C:\Users\Alfred\Desktop\FRST.txt 2014-10-04 09:03 - 2014-10-04 09:03 - 02109440 _____ (Farbar) C:\Users\Alfred\Desktop\FRST64.exe 2014-10-04 09:02 - 2014-10-04 09:02 - 02109440 _____ (Farbar) C:\Users\Alfred\Downloads\FRST64.exe.4rrsf4c.partial 2014-10-04 09:01 - 2014-10-04 09:01 - 00000474 _____ () C:\Users\Alfred\Desktop\defogger_disable.log 2014-10-04 09:01 - 2014-10-04 09:01 - 00000000 _____ () C:\Users\Alfred\defogger_reenable 2014-10-04 08:59 - 2014-10-04 08:59 - 00050477 _____ () C:\Users\Alfred\Desktop\Defogger.exe 2014-10-03 20:30 - 2014-10-03 20:30 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-10-03 20:29 - 2014-10-03 20:29 - 02347384 _____ (ESET) C:\Users\Alfred\Desktop\esetsmartinstaller_deu.exe 2014-10-03 14:39 - 2014-10-03 14:39 - 00001165 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-10-03 13:44 - 2014-10-03 14:39 - 00244408 _____ () C:\Users\Alfred\Downloads\Firefox Setup Stub 32.0.3 (1).exe 2014-10-03 13:38 - 2014-10-03 13:39 - 00244408 _____ () C:\Users\Alfred\Downloads\Firefox Setup Stub 32.0.3.exe 2014-10-03 13:24 - 2014-10-03 13:24 - 01375089 _____ () C:\Users\Alfred\Downloads\adwcleaner_3.311(1).exe 2014-10-01 18:13 - 2014-10-01 18:13 - 01375089 _____ () C:\Users\Alfred\Downloads\adwcleaner_3.311.exe 2014-10-01 17:57 - 2014-10-01 17:58 - 00000000 ____D () C:\Users\Alfred\Documents\HANS 2014-10-01 07:36 - 2014-09-25 04:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2014-10-01 07:36 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll 2014-09-29 21:05 - 2014-09-29 21:06 - 00000368 _____ () C:\Users\Alfred\Desktop\fsx ctd forum hinweis problem gelöst..txt 2014-09-29 10:17 - 2014-09-29 10:19 - 00000000 ____D () C:\Users\Alfred\Documents\JAKOB TOFFEN CHEMINEE 2014-09-29 10:16 - 2014-09-29 10:16 - 00000000 ____D () C:\Users\Alfred\Documents\KÜPFER KAUFDORF 2014-09-28 13:18 - 2014-09-28 13:18 - 00001277 _____ () C:\Users\Alfred\Desktop\aerofly Flug Simulator 2013.lnk 2014-09-27 14:26 - 2014-09-27 14:30 - 00000000 ____D () C:\Users\Alfred\AppData\Local\Microsoft Games 2014-09-27 14:14 - 2014-09-27 14:14 - 00000000 ____D () C:\Users\Alfred\AppData\Roaming\QuickScan 2014-09-27 14:10 - 2014-09-27 14:10 - 00000000 ____D () C:\Program Files (x86)\OXXOGames 2014-09-27 14:10 - 2014-09-27 14:10 - 00000000 ____D () C:\Program Files (x86)\DEUTSCHLAND SPIELT 2014-09-27 14:07 - 2014-09-27 14:07 - 00366992 _____ (Softonic) C:\Users\Alfred\Downloads\SoftonicDownloader_fuer_das-haus-am-see-kinder-der-stille.exe 2014-09-27 13:41 - 2014-10-01 15:38 - 00021635 _____ () C:\Users\Alfred\Desktop\cmi performance 2002-2014-2017.ods 2014-09-27 08:54 - 2014-09-27 08:54 - 00000000 ____D () C:\Users\Alfred\Documents\CONRAD 2014-09-25 14:06 - 2014-09-25 14:06 - 00001092 _____ () C:\Users\Alfred\Desktop\Eigene Scans - Verknüpfung.lnk 2014-09-25 14:00 - 2014-09-25 14:00 - 00001108 _____ () C:\Users\Alfred\Desktop\LILO NACHLASS - Verknüpfung.lnk 2014-09-25 10:17 - 2014-10-03 14:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-09-24 09:35 - 2014-09-10 00:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-09-24 09:35 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2014-09-21 18:58 - 2014-09-21 18:58 - 00198295 _____ () C:\Users\Alfred\Desktop\90 Tg. Kap Choeng.eml 2014-09-21 11:40 - 2014-09-21 11:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud 2014-09-19 08:01 - 2014-09-19 18:40 - 00000000 ____D () C:\Users\Alfred\Desktop\JENS SCHNEIDER AKTUELL 2014-09-18 09:49 - 2014-09-18 09:49 - 00001423 _____ () C:\Users\Alfred\Desktop\JENS SCHNEIDER RA - Verknüpfung.lnk 2014-09-17 21:43 - 2014-09-17 21:43 - 00001789 _____ () C:\Users\Public\Desktop\iTunes.lnk 2014-09-17 21:43 - 2014-09-17 21:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2014-09-17 21:42 - 2014-09-17 21:43 - 00000000 ____D () C:\Program Files\iTunes 2014-09-17 21:42 - 2014-09-17 21:43 - 00000000 ____D () C:\Program Files (x86)\iTunes 2014-09-17 21:42 - 2014-09-17 21:42 - 00000000 ____D () C:\Program Files\iPod 2014-09-13 09:48 - 2014-09-13 10:04 - 04146701 _____ () C:\Users\Alfred\Documents\FLORIAN2014.odp 2014-09-11 21:21 - 2014-09-28 06:32 - 00000828 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-09-10 22:36 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-09-10 22:36 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-09-10 22:35 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-09-10 22:35 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-09-10 22:35 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-09-10 22:35 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-09-10 22:35 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-09-10 22:35 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-09-10 22:35 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-09-10 22:35 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-09-10 22:35 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-09-10 22:35 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-09-10 22:35 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-09-10 22:35 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-09-10 22:35 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-09-10 22:35 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-09-10 22:35 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-09-10 22:35 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-09-10 22:35 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-09-10 22:35 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-09-10 22:35 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-09-10 22:35 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-09-10 22:35 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-09-10 22:35 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-09-10 22:35 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-09-10 22:35 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-09-10 22:35 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-09-10 22:35 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-09-10 22:35 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-09-10 22:35 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-09-10 22:35 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-09-10 22:35 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-09-10 22:35 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-09-10 22:35 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-09-10 22:35 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-09-10 22:35 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-09-10 22:35 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-09-10 22:35 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-09-10 22:35 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-09-10 22:35 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-09-10 22:35 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-09-10 22:35 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-09-10 22:35 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-09-10 22:35 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-09-10 22:35 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-09-10 22:35 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-09-10 22:35 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-09-10 22:35 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-09-10 22:35 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-09-10 22:35 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-09-10 22:35 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-09-10 22:35 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-09-10 22:35 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-09-10 22:35 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-09-10 22:35 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-09-10 22:35 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-09-10 22:29 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll 2014-09-10 22:29 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll 2014-09-10 07:11 - 2014-09-05 04:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-09-10 07:11 - 2014-09-05 04:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-09-10 07:11 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll 2014-09-10 07:11 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll 2014-09-10 07:11 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-09-10 07:11 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-09-10 07:11 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-09-10 07:11 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-09-10 07:11 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-09-10 07:11 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2014-09-10 07:11 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll 2014-09-09 10:09 - 2014-09-09 10:09 - 00000916 _____ () C:\Users\Alfred\Desktop\Eigene Dokumente - Verknüpfung (3).lnk 2014-09-04 11:01 - 2014-09-28 06:31 - 00000000 ____D () C:\Program Files\CCleaner 2014-09-04 11:01 - 2014-09-04 11:01 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC 2014-09-04 11:01 - 2014-09-04 11:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-04 09:04 - 2014-07-07 12:22 - 00000000 ____D () C:\FRST 2014-10-04 09:01 - 2012-10-18 16:07 - 00000000 ____D () C:\Users\Alfred 2014-10-04 08:48 - 2013-04-10 04:17 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-10-04 08:44 - 2012-10-27 15:40 - 00000000 ____D () C:\Users\Alfred\AppData\Roaming\uTorrent 2014-10-04 08:31 - 2009-07-14 06:45 - 00028928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-10-04 08:31 - 2009-07-14 06:45 - 00028928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-10-04 08:28 - 2012-10-18 15:41 - 01560305 ____N () C:\Windows\WindowsUpdate.log 2014-10-04 08:26 - 2014-04-23 22:28 - 00000000 ___RD () C:\Users\Alfred\Dropbox 2014-10-04 08:26 - 2014-04-23 22:25 - 00000000 ____D () C:\Users\Alfred\AppData\Roaming\Dropbox 2014-10-04 08:24 - 2012-10-25 14:53 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-10-04 08:24 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-10-04 01:24 - 2012-10-25 14:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-10-04 01:23 - 2014-08-09 10:40 - 00000000 ____D () C:\AdwCleaner 2014-10-04 01:18 - 2012-10-25 14:53 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-10-03 11:42 - 2011-04-12 09:43 - 00699416 _____ () C:\Windows\system32\perfh007.dat 2014-10-03 11:42 - 2011-04-12 09:43 - 00149556 _____ () C:\Windows\system32\perfc007.dat 2014-10-03 11:42 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-10-02 16:13 - 2014-05-11 14:47 - 00000000 ____D () C:\Users\Alfred\AppData\Roaming\.minecraft 2014-10-01 18:11 - 2014-09-01 15:27 - 00000000 ____D () C:\Users\Alfred\Documents\LILO NACHLASS 2014-10-01 18:00 - 2012-12-03 12:12 - 00000000 ____D () C:\Users\Alfred\Documents\SCHAFERS 2014-10-01 15:16 - 2012-10-21 15:24 - 00000000 ____D () C:\Users\Alfred\AppData\Roaming\vlc 2014-09-29 14:27 - 2012-11-16 13:57 - 00000000 ____D () C:\Users\Alfred\Documents\0.AVIATION 2014-09-29 14:25 - 2013-04-14 09:40 - 00000000 ____D () C:\Users\Alfred\Documents\MEDIA 2014-09-29 07:38 - 2012-11-01 12:26 - 00000000 ____D () C:\Users\Alfred\Documents\PG 2014-09-27 14:47 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-09-25 18:48 - 2013-04-10 04:17 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-09-25 18:48 - 2012-10-22 08:20 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-09-25 18:48 - 2012-10-22 08:20 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-09-25 12:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-09-25 09:29 - 2014-06-03 09:50 - 00009283 _____ () C:\Users\Alfred\Desktop\PW.per 30.3.2014.txt 2014-09-22 08:42 - 2010-11-21 05:27 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-09-21 12:22 - 2012-10-26 08:24 - 00000000 ____D () C:\Users\Alfred\AppData\Local\Apple Computer 2014-09-19 09:39 - 2012-10-18 18:15 - 00000000 ____D () C:\Users\Alfred\AppData\Roaming\Adobe 2014-09-19 08:01 - 2014-04-23 22:26 - 00000000 ____D () C:\Users\Alfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-09-18 13:35 - 2012-11-01 11:06 - 01164800 ___SH () C:\Users\Alfred\Documents\Thumbs.db 2014-09-18 10:03 - 2013-04-12 06:31 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-09-17 21:43 - 2013-10-05 22:42 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-09-13 09:48 - 2014-06-08 18:48 - 00000000 ____D () C:\Users\Alfred\Documents\1.HOHENBERGREISE 2014-09-10 22:35 - 2012-10-18 18:18 - 01593956 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-09-10 22:34 - 2014-04-10 21:01 - 00001912 _____ () C:\Windows\epplauncher.mif 2014-09-10 22:33 - 2014-05-26 09:03 - 00002123 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk 2014-09-10 22:33 - 2014-05-26 09:02 - 00000000 ____D () C:\Program Files\Microsoft Security Client 2014-09-10 22:33 - 2014-05-26 09:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client 2014-09-10 22:33 - 2013-08-04 12:19 - 00000000 ____D () C:\Windows\system32\MRT 2014-09-10 22:30 - 2012-10-18 17:36 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-09-10 22:29 - 2014-05-06 21:30 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-09-10 21:20 - 2014-09-03 22:34 - 00000000 ____D () C:\Rollus RAFALE 2014-09-09 10:10 - 2012-11-16 13:56 - 00000000 ____D () C:\Users\Alfred\Documents\HUMOR KURIOSES 2014-09-09 08:59 - 2014-06-30 10:47 - 00000000 ____D () C:\Users\Alfred\AppData\Local\Adobe 2014-09-08 18:44 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-09-05 13:17 - 2014-08-26 20:27 - 00001591 _____ () C:\Users\Alfred\Desktop\Neuer FSX PC - Verknüpfung.lnk Some content of TEMP: ==================== C:\Users\Alfred\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnh0buf.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-09-26 08:56 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-10-2014 Ran by Alfred at 2014-10-04 09:05:51 Running from C:\Users\Alfred\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1} AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Acronis Drive Monitor (HKLM-x32\...\{706AE61D-40A4-4F50-8359-FE8F6F7FA461}) (Version: 1.0.566 - Acronis) Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated) Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated) Adobe Photoshop 7.0 (HKLM-x32\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.) Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated) aerofly Flug Simulator 2013 (HKLM-x32\...\aerofly Flug Simulator 2013_is1) (Version: 1.0.9.11 - IPACS) AMD Accelerated Video Transcoding (Version: 12.10.100.30328 - Advanced Micro Devices, Inc.) Hidden AMD APP SDK Runtime (Version: 10.0.898.1 - Advanced Micro Devices Inc.) Hidden AMD Catalyst Install Manager (HKLM\...\{2748FDE2-7BA8-1D20-11A2-FF01CEB009A5}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.) AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden AMD Media Foundation Decoders (Version: 1.0.80328.2204 - Advanced Micro Devices, Inc.) Hidden AMD Wireless Display v3.0 (Version: 1.0.0.10 - Advanced Micro Devices, Inc.) Hidden ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden calibre 64bit (HKLM\...\{4DF0BC01-6D8A-4D2D-B2D6-2BB5F3203B3E}) (Version: 1.41.0 - Kovid Goyal) Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center (x32 Version: 2013.0328.2218.38225 - Ihr Firmenname) Hidden Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center InstallProxy (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Localization All (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Standard (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Traditional (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Czech (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Danish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Dutch (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help English (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Finnish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help French (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help German (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Greek (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Hungarian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Italian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Japanese (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Korean (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Norwegian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Polish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Portuguese (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Russian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Spanish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Swedish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Thai (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Turkish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden ccc-utility64 (Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform) CheckDrive (HKLM-x32\...\{B83513EC-2E4D-4621-816D-4CCF397BE702}_is1) (Version: 4.4 - Abelssoft) CPUID HWMonitor 1.25 (HKLM\...\CPUID HWMonitor_is1) (Version: - ) D4300 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden Destinations (x32 Version: 140.0.0.0 - Hewlett-Packard) Hidden DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden DiskAid 5.45 (HKLM-x32\...\DiskAid_is1) (Version: 5.45 - DigiDNA) DiskAid 6.7.2.0 (HKLM\...\DiskAid_is1) (Version: 6.7.2.0 - DigiDNA) DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.44 - DivX, LLC) DJ_SF_03_D4300_Software_Min (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden doPDF 7.3 printer (HKLM\...\doPDF 7 printer_is1) (Version: - Softland) Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.) Elevated Installer (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) Evernote Sticky Notes (HKLM-x32\...\{4FC3ACD7-105C-42E2-9A48-4FFF58C76D19}) (Version: 1.5.9 - Evernote Sticky Notes) Garmin City Navigator Europe NTU 2015.10 (HKLM-x32\...\{FB96D8EF-1EC6-4548-A65C-9485261262CC}) (Version: 2.0.0.0 - Garmin Ltd or its subsidiaries) Garmin Express (HKLM-x32\...\{b43ffffb-1adc-4bcb-b277-7844ebff94da}) (Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Garmin Express (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden Garmin Express Tray (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries) Garmin WebUpdater (HKLM-x32\...\{AE1EC58E-B2AC-4959-A4C2-C38202A25239}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries) Google Earth (HKLM-x32\...\{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}) (Version: 7.1.1.1888 - Google) Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden Google+ Auto Backup (HKLM-x32\...\{D1D4D7EA-62B8-4665-9FF7-02A91B925CC9}) (Version: 1.0.18.74 - Google) GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP) HP Deskjet D4300 Printer Driver Software 13.0 Rel. 3 (HKLM\...\{382300D4-777B-4233-A98C-99EA0F6B881F}) (Version: 13.0 - HP) HP Imaging Device Functions 14.5 (HKLM\...\HP Imaging Device Functions) (Version: 14.5 - HP) HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP) HP Scanjet G4050 (HKLM\...\{27E19BA1-B30F-4E97-835B-1481803F54DC}) (Version: 14.5 - HP) HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP) HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP) HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.001 - Hewlett-Packard) HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden hpg4050 (x32 Version: 140.000.000.000 - Ihr Firmenname) Hidden HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.) Image Resizer for Windows (64 bit) (Version: 3.0.4802.35565 - Brice Lambson) Hidden Image Resizer for Windows (HKLM-x32\...\{69d72156-6582-4556-8637-06f40aa7f85b}) (Version: 3.0.4802.35565 - Brice Lambson) iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.) Java 7 Update 55 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417055FF}) (Version: 7.0.550 - Oracle) Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle) MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Antimalware Service DE-DE Language Pack (Version: 3.0.8107.0 - Microsoft Corporation) Hidden Microsoft Motocross Madness 2 (HKLM-x32\...\Motocross Madness 2) (Version: - ) Microsoft Security Client (Version: 4.6.0305.0 - Microsoft Corporation) Hidden Microsoft Security Client DE-DE Language Pack (Version: 2.0.0657.0 - Microsoft Corporation) Hidden Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation) Microsoft-Maus- und Tastatur-Center (Version: 2.3.188.0 - Microsoft Corporation) Hidden Mozilla Firefox 32.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 de)) (Version: 32.0.3 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.3 - Mozilla) Mozilla Thunderbird 24.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) OCR Software by I.R.I.S. 14.5 (HKLM\...\HPOCR) (Version: 14.5 - HP) OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation) PDF Editor 3 (HKLM-x32\...\PDF Editor 3) (Version: - ) PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.2 - pdfforge) Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.) QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.47.714.2011 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.) Scan (x32 Version: 14.0.1.0 - Hewlett-Packard) Hidden Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP) Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation) Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.) SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden TeamViewer 7 (HKLM-x32\...\TeamViewer 7) (Version: 7.0.17271 - TeamViewer) Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN) VMLite Workstation (HKLM\...\{197F2BEF-2705-406E-8CEB-8E404FFFE414}) (Version: 3.2.6 - VMLite) WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden Win2PDF 7 (HKLM\...\Win2PDF_is1) (Version: 7.0.46 - Dane Prairie Systems, LLC.) Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin) Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp) Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.) Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software) WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies) WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-344976508-2612026722-1020238545-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Alfred\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-344976508-2612026722-1020238545-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alfred\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-344976508-2612026722-1020238545-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alfred\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-344976508-2612026722-1020238545-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alfred\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-344976508-2612026722-1020238545-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alfred\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) ==================== Restore Points ========================= 21-09-2014 08:54:07 Windows Update 24-09-2014 19:46:46 Windows Update 27-09-2014 14:42:56 Installiert Microsoft Flight Simulator X 28-09-2014 11:16:34 Windows Update 01-10-2014 15:58:59 Windows Update 01-10-2014 19:44:46 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2013-09-14 20:29 - 00447822 ____N C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com 127.0.0.1 10sek.com 127.0.0.1 www.10sek.com 127.0.0.1 www.1-2005-search.com 127.0.0.1 1-2005-search.com 127.0.0.1 123fporn.info 127.0.0.1 www.123fporn.info 127.0.0.1 123haustiereundmehr.com 127.0.0.1 www.123haustiereundmehr.com 127.0.0.1 123moviedownload.com There are 1000 more lines. ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {000040EA-D13A-480E-815A-A08C46AE3B6E} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-344976508-2612026722-1020238545-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe Task: {0CCC0779-DB8C-444E-87A0-BEB43185DB23} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-344976508-2612026722-1020238545-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe Task: {1C792EC5-711C-4583-9183-B10F4AACF315} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation) Task: {1F4C70B3-EBFE-4423-95DC-579F15A4862F} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/test-pass.html?aaa=KICMNJGMJJHMLJJJGMLMCNHMNJJJMMCNLMPMKJMMCNGMLJOMKMCNMJMMNJMMMJKJGMGMJMKMLMMJJNJICMIMCNHMCNMMFMGMCNPMCNHMOMOMNMFMJMCNOMCNIMJMPMOMCNNMJNPI CMJMFMOMOMKJIJMIFMPMJNHICMOMOMKJIJMIJNBJCMOLDJJJNIKJLJJNKJCMJNNICMJNDJCMLJKJ" Task: {23099809-819F-469F-8DB5-3EFD2534E9B4} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-344976508-2612026722-1020238545-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe Task: {30204A1E-48CF-46A1-9EC3-8E82C0CD7B34} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation) Task: {332D6A73-4E79-4CA0-9C30-D2655B231956} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-344976508-2612026722-1020238545-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe Task: {3EC51B34-7AF9-4388-A9D0-D7A72FF654D4} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation) Task: {44656418-5D1E-492A-992A-B224072B7A81} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-25] (Adobe Systems Incorporated) Task: {64A0FCE7-883A-4863-A3F9-FC00CD06834E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-25] (Piriform Ltd) Task: {78C9B58F-51F0-40DD-9A04-A27497777A09} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-344976508-2612026722-1020238545-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe Task: {80D96612-4584-435D-AD96-3147652C439A} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation) Task: {824BD8CB-B6DD-446F-96BA-FE8507930347} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-344976508-2612026722-1020238545-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe Task: {95EB926D-69B0-44F2-9D5B-AFF786B57F10} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2014-08-25] (Apple Inc.) Task: {96A342E5-0908-498F-957D-5AD69E4B4EF0} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft) Task: {C31010AC-5310-4E13-AF62-AD4309F3D4AC} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: {CE999383-AEDF-4DEA-A2AF-988A1730AA8F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-25] (Google Inc.) Task: {D7CCB75D-1289-4754-9151-A5D5ECA0BB65} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {D9F4CB9B-2350-4982-9683-4050DC5D0BD0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-25] (Google Inc.) Task: {E6BE1A89-7142-4A29-B4F9-1D52A11FB7CF} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\PROGRA~2\AD-AWA~1\AdAwareLauncher.exe Task: {FDFABDEE-42AD-4B4A-9046-DAC95B2979DB} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-08-07] () Task: {FFC5DB78-D476-4DD5-AD76-459991BBBD4A} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-344976508-2612026722-1020238545-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2012-10-25 21:50 - 2011-06-07 10:35 - 00074016 _____ () C:\Windows\System32\win2pdfm.dll 2010-08-11 14:18 - 2010-08-11 14:18 - 00202344 _____ () C:\VXP\VBoxDDU.dll 2010-08-11 14:18 - 2010-08-11 14:18 - 02725480 _____ () C:\VXP\VBoxRT.dll 2009-03-26 22:03 - 2009-03-26 22:03 - 01289728 _____ () C:\VXP\LIBEAY32.dll 2014-09-25 20:44 - 2014-09-25 20:44 - 00053248 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll 2014-10-04 08:59 - 2014-10-04 08:59 - 00050477 _____ () C:\Users\Alfred\Desktop\Defogger.exe 2011-02-24 19:05 - 2011-02-24 19:05 - 03518032 _____ () C:\Program Files (x86)\Acronis\DriveMonitor\adm.exe 2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-01-20 13:16 - 2014-01-20 13:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2014-10-04 08:24 - 2014-10-04 08:24 - 00043008 _____ () c:\users\alfred\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnh0buf.dll 2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\Alfred\AppData\Roaming\Dropbox\bin\libcef.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Users\Alfred\Desktop\90 Tg. Kap Choeng.eml:OECustomProperty AlternateDataStreams: C:\Users\Alfred\Documents\- Alfred Gruetzner (a_gruetzner@yahoo.de) - 2014-02-23 0543.eml:OECustomProperty AlternateDataStreams: C:\Users\Alfred\Documents\Diesen Hai können Sie vom Büro aus jagen.eml:OECustomProperty AlternateDataStreams: C:\Users\Alfred\Documents\Mani Juerg mail 24.5.05. Re_ Swissair - Option 96_2000.eml:OECustomProperty AlternateDataStreams: C:\Users\Alfred\Documents\nico.eml:OECustomProperty AlternateDataStreams: C:\Users\Alfred\Documents\Rat vom Experten gegen Schnarchen.eml:OECustomProperty AlternateDataStreams: C:\Users\Alfred\Documents\Re Montag Hütedienst Wichtig!.eml:OECustomProperty ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk => C:\Windows\pss\Adobe Gamma Loader.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk => C:\Windows\pss\Secunia PSI Tray.lnk.CommonStartup MSCONFIG\startupfolder: C:^Users^Alfred^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Desktopnotes.lnk => C:\Windows\pss\Desktopnotes.lnk.Startup MSCONFIG\startupfolder: C:^Users^Alfred^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup MSCONFIG\startupfolder: C:^Users^Alfred^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^HP SimpleSave Monitor.lnk => C:\Windows\pss\HP SimpleSave Monitor.lnk.Startup MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" MSCONFIG\startupreg: Active Desktop Calendar => C:\Program Files (x86)\XemiComputers\Active Desktop Calendar\ADC.exe MSCONFIG\startupreg: adm_tray.exe => C:\Program Files (x86)\Acronis\DriveMonitor\adm_tray.exe MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: DivXMediaServer => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW MSCONFIG\startupreg: EDO-Soft Sticky Notes => C:\Program Files (x86)\Evernote Sticky Notes\StickyNotes.Wpf.exe MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe MSCONFIG\startupreg: hpqSRMon => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: MSC => "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s MSCONFIG\startupreg: SAFE14 Browser Monitor => "C:\Program Files (x86)\Steganos Safe 14\SteganosBrowserMonitor.exe" MSCONFIG\startupreg: SAFE14 File Redirection Starter => "C:\Program Files (x86)\Steganos Safe 14\fredirstarter.exe" MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun MSCONFIG\startupreg: Steganos HotKeys => "C:\Program Files (x86)\Steganos Safe 14\SteganosHotKeyService.exe" MSCONFIG\startupreg: WinPatrol => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot ========================= Accounts: ========================== Administrator (S-1-5-21-344976508-2612026722-1020238545-500 - Administrator - Disabled) Alfred (S-1-5-21-344976508-2612026722-1020238545-1000 - Administrator - Enabled) => C:\Users\Alfred Gast (S-1-5-21-344976508-2612026722-1020238545-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-344976508-2612026722-1020238545-1002 - Limited - Enabled) ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (10/04/2014 09:03:45 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (10/04/2014 09:03:43 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (10/04/2014 08:59:49 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (10/04/2014 08:24:31 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/04/2014 01:25:00 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/03/2014 09:08:39 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (10/03/2014 09:08:31 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (10/03/2014 09:08:31 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (10/03/2014 08:30:07 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (10/03/2014 08:30:02 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. System errors: ============= Error: (10/04/2014 08:26:32 AM) (Source: Disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR6 gefunden. Error: (10/04/2014 08:26:32 AM) (Source: Disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR6 gefunden. Error: (10/04/2014 08:26:31 AM) (Source: Disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR6 gefunden. Error: (10/04/2014 01:24:44 AM) (Source: Ntfs) (EventID: 55) (User: ) Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar. Führen Sie auf dem Volume "L:" den Befehl "chkdsk" aus. Error: (10/03/2014 01:30:20 PM) (Source: Disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR6 gefunden. Error: (10/03/2014 01:30:19 PM) (Source: Disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR6 gefunden. Error: (10/03/2014 01:28:21 PM) (Source: Disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR6 gefunden. Error: (10/03/2014 01:28:17 PM) (Source: Disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR6 gefunden. Error: (10/03/2014 11:59:28 AM) (Source: Disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR6 gefunden. Error: (10/03/2014 11:52:30 AM) (Source: Disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR6 gefunden. Microsoft Office Sessions: ========================= Error: (10/04/2014 09:03:45 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Alfred\Desktop\esetsmartinstaller_deu.exe Error: (10/04/2014 09:03:43 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Alfred\Downloads\SoftonicDownloader_fuer_das-haus-am-see-kinder-der-stille.exe Error: (10/04/2014 08:59:49 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Alfred\Downloads\SoftonicDownloader_fuer_das-haus-am-see-kinder-der-stille.exe Error: (10/04/2014 08:24:31 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/04/2014 01:25:00 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/03/2014 09:08:39 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Alfred\Desktop\esetsmartinstaller_deu.exe Error: (10/03/2014 09:08:31 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Alfred\Desktop\esetsmartinstaller_deu.exe Error: (10/03/2014 09:08:31 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Alfred\Desktop\esetsmartinstaller_deu.exe Error: (10/03/2014 08:30:07 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Alfred\Desktop\esetsmartinstaller_deu.exe Error: (10/03/2014 08:30:02 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Alfred\Desktop\esetsmartinstaller_deu.exe ==================== Memory info =========================== Processor: Intel(R) Core(TM) i3 CPU 540 @ 3.07GHz Percentage of memory in use: 26% Total physical RAM: 8119.05 MB Available physical RAM: 5992.41 MB Total Pagefile: 16236.28 MB Available Pagefile: 13813.64 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: (System) (Fixed) (Total:465.66 GB) (Free:48.74 GB) NTFS Drive d: (Daten2) (Fixed) (Total:232.88 GB) (Free:22.74 GB) NTFS Drive l: (Expansion Drive) (Fixed) (Total:1863.01 GB) (Free:668.56 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 6 (Size: 1863 GB) (Disk ID: B9D00F66) Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS) ==================== End Of Log ============================ GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2014-10-04 13:53:48 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP6T0L0-8 rev. 465.76GB Running: Gmer-19357.exe; Driver: C:\Users\Alfred\AppData\Local\Temp\kxtdapob.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe[1824] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075571465 2 bytes [57, 75] .text C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe[1824] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000755714bb 2 bytes [57, 75] .text ... * 2 .text C:\Users\Alfred\AppData\Roaming\Dropbox\bin\Dropbox.exe[2480] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000075571465 2 bytes [57, 75] .text C:\Users\Alfred\AppData\Roaming\Dropbox\bin\Dropbox.exe[2480] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 00000000755714bb 2 bytes [57, 75] .text ... * 2 .text C:\Users\Alfred\Desktop\Defogger.exe[1228] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075571465 2 bytes [57, 75] .text C:\Users\Alfred\Desktop\Defogger.exe[1228] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000755714bb 2 bytes [57, 75] .text ... * 2 ---- Threads - GMER 2.1 ---- Thread C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2188:2336] 000007fef6d1f5f8 Thread C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2188:2344] 000007fef682bc60 ---- Processes - GMER 2.1 ---- Library C:\Users\Alfred\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll (*** suspicious ***) @ C:\Users\Alfred\AppData\Roaming\Dropbox\bin\Dropbox.exe [2480](2014-09-13 00:20:58) 0000000003f30000 Library c:\users\alfred\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnh0buf.dll (*** suspicious ***) @ C:\Users\Alfred\AppData\Roaming\Dropbox\bin\Dropbox.exe [2480](2014-10-04 06:24:33) 0000000004380000 Library C:\Users\Alfred\AppData\Roaming\Dropbox\bin\libcef.dll (*** suspicious ***) @ C:\Users\Alfred\AppData\Roaming\Dropbox\bin\Dropbox.exe [2480](2013-08-23 19:01:44) 0000000066c20000 Library C:\Users\Alfred\AppData\Roaming\Dropbox\bin\icudt.dll (*** suspicious ***) @ C:\Users\Alfred\AppData\Roaming\Dropbox\bin\Dropbox.exe [2480] (ICU Data DLL/The ICU Project)(2013-08-23 19:01:42) 0000000073880000 Library C:\Windows\TEMP\dl1270746\snapapi.dll (*** suspicious ***) @ C:\Program Files (x86)\Acronis\DriveMonitor\adm.exe [2036] 0000000001040000 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 sector 0: rootkit-like behavior ---- EOF - GMER 2.1 ----
__________________ Suche nicht das Glueck - lebe es (Buddha) |
04.10.2014, 13:21 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | sm.de virusbefall Adware/Junkware/Toolbars entfernen
__________________1. Schritt: Malwarebytes Downloade Dir bitte Malwarebytes Anti-Malware
(alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!) 2. Schritt: adwCleaner Downloade Dir bitte AdwCleaner auf deinen Desktop.
3. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
4. Schritt: Frisches Log mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
04.10.2014, 17:13 | #3 |
| sm.de virusbefall Hallo Cosinus,
__________________Zwischenanfrage: das JRT programm lässt sich nicht starten. Wenn ich es downloade und installiere kommt die Meldung, update y/n und wenn ich mit y quittiere erscheint das JRT tool als JRT_NEW auf dem Desktop. Wenn ich es starte, kommt erneut die Aufforderung zum update usw usf. Gruss Alfred
__________________ Geändert von ikarus2557 (04.10.2014 um 17:57 Uhr) |
04.10.2014, 22:26 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | sm.de virusbefall Dann lass JRT erstmal weg
__________________ Logfiles bitte immer in CODE-Tags posten |
05.10.2014, 10:37 | #5 |
| sm.de virusbefall Hallo Cosinus, hier die 5 logs (JRT hat jetzt auch geklappt) Gruss u vielen Dank Alfred PS: sm.de ist nach diesen scans immer noch drin! Malwarebytes Anti-Malware Malwarebytes | Free Anti-Malware & Internet Security Software Suchlauf Datum: 04.10.2014 Suchlauf-Zeit: 14:37:31 Logdatei: mbam.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.10.04.08 Rootkit Datenbank: v2014.09.19.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Self-protection: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Alfred Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 325936 Verstrichene Zeit: 9 Min, 11 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 1 PUP.Optional.Softonic.A, C:\Users\Alfred\Downloads\SoftonicDownloader_fuer_das-haus-am-see-kinder-der-stille.exe, In Quarantäne, [2d58bc33106be94d8424e052a35edb25], Physische Sektoren: 0 (No malicious items detected) (end)AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.311 - Bericht erstellt am 04/10/2014 um 17:54:45 # Aktualisiert 30/09/2014 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzername : Alfred - DM12REP # Gestartet von : C:\Users\Alfred\Desktop\AdwCleaner_3.311.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\Users\Alfred\AppData\LocalLow\HPAppData ***** [ Tasks ] ***** ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** ***** [ Browser ] ***** -\\ Internet Explorer v11.0.9600.17280 -\\ Mozilla Firefox v32.0.3 (x86 de) [ Datei : C:\Users\Alfred\AppData\Roaming\Mozilla\Firefox\Profiles\3nxitfyj.default\prefs.js ] [ Datei : C:\Users\Alfred\AppData\Roaming\Mozilla\Firefox\Profiles\f9e1lb4p.default-1397924871496\prefs.js ] -\\ Google Chrome v [ Datei : C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [2389 octets] - [09/08/2014 10:40:24] AdwCleaner[R1].txt - [1479 octets] - [10/09/2014 08:45:38] AdwCleaner[R2].txt - [5597 octets] - [27/09/2014 14:44:30] AdwCleaner[R3].txt - [2790 octets] - [01/10/2014 18:13:43] AdwCleaner[R4].txt - [1559 octets] - [03/10/2014 13:24:35] AdwCleaner[R5].txt - [1741 octets] - [04/10/2014 01:21:48] AdwCleaner[R6].txt - [1856 octets] - [04/10/2014 17:53:55] AdwCleaner[S0].txt - [2404 octets] - [09/08/2014 10:53:39] AdwCleaner[S1].txt - [1558 octets] - [10/09/2014 09:33:57] AdwCleaner[S2].txt - [5154 octets] - [27/09/2014 14:46:05] AdwCleaner[S3].txt - [2653 octets] - [01/10/2014 18:14:31] AdwCleaner[S4].txt - [1620 octets] - [03/10/2014 13:26:08] AdwCleaner[S5].txt - [1802 octets] - [04/10/2014 01:23:04] AdwCleaner[S6].txt - [1777 octets] - [04/10/2014 17:54:45] ########## EOF - C:\AdwCleaner\AdwCleaner[S6].txt - [1837 octets] ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.2.8 (10.04.2014:1) OS: Windows 7 Home Premium x64 Ran by Alfred on 05.10.2014 at 11:14:53.83 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders Successfully deleted: [Folder] C:\ProgramData\Wondershare Video Converter Ultimate ~~~ FireFox Successfully deleted the following from C:\Users\Alfred\AppData\Roaming\mozilla\firefox\profiles\f9e1lb4p.default-1397924871496\prefs.js user_pref("browser.search.useDBForOrder", "false"); Emptied folder: C:\Users\Alfred\AppData\Roaming\mozilla\firefox\profiles\f9e1lb4p.default-1397924871496\minidumps [2 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 05.10.2014 at 11:16:54.35 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-10-2014 01 Ran by Alfred at 2014-10-05 09:25:38 Running from C:\Users\Alfred\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1} AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Acronis Drive Monitor (HKLM-x32\...\{706AE61D-40A4-4F50-8359-FE8F6F7FA461}) (Version: 1.0.566 - Acronis) Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated) Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated) Adobe Photoshop 7.0 (HKLM-x32\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.) Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated) aerofly Flug Simulator 2013 (HKLM-x32\...\aerofly Flug Simulator 2013_is1) (Version: 1.0.9.11 - IPACS) AMD Accelerated Video Transcoding (Version: 12.10.100.30328 - Advanced Micro Devices, Inc.) Hidden AMD APP SDK Runtime (Version: 10.0.898.1 - Advanced Micro Devices Inc.) Hidden AMD Catalyst Install Manager (HKLM\...\{2748FDE2-7BA8-1D20-11A2-FF01CEB009A5}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.) AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden AMD Media Foundation Decoders (Version: 1.0.80328.2204 - Advanced Micro Devices, Inc.) Hidden AMD Wireless Display v3.0 (Version: 1.0.0.10 - Advanced Micro Devices, Inc.) Hidden ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden calibre 64bit (HKLM\...\{4DF0BC01-6D8A-4D2D-B2D6-2BB5F3203B3E}) (Version: 1.41.0 - Kovid Goyal) Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center (x32 Version: 2013.0328.2218.38225 - Ihr Firmenname) Hidden Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center InstallProxy (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Localization All (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Standard (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Traditional (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Czech (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Danish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Dutch (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help English (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Finnish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help French (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help German (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Greek (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Hungarian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Italian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Japanese (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Korean (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Norwegian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Polish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Portuguese (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Russian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Spanish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Swedish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Thai (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Turkish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden ccc-utility64 (Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform) CheckDrive (HKLM-x32\...\{B83513EC-2E4D-4621-816D-4CCF397BE702}_is1) (Version: 4.4 - Abelssoft) CPUID HWMonitor 1.25 (HKLM\...\CPUID HWMonitor_is1) (Version: - ) D4300 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden Destinations (x32 Version: 140.0.0.0 - Hewlett-Packard) Hidden DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden DiskAid 5.45 (HKLM-x32\...\DiskAid_is1) (Version: 5.45 - DigiDNA) DiskAid 6.7.2.0 (HKLM\...\DiskAid_is1) (Version: 6.7.2.0 - DigiDNA) DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.44 - DivX, LLC) DJ_SF_03_D4300_Software_Min (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden doPDF 7.3 printer (HKLM\...\doPDF 7 printer_is1) (Version: - Softland) Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.) Elevated Installer (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) Evernote Sticky Notes (HKLM-x32\...\{4FC3ACD7-105C-42E2-9A48-4FFF58C76D19}) (Version: 1.5.9 - Evernote Sticky Notes) Garmin City Navigator Europe NTU 2015.10 (HKLM-x32\...\{FB96D8EF-1EC6-4548-A65C-9485261262CC}) (Version: 2.0.0.0 - Garmin Ltd or its subsidiaries) Garmin Express (HKLM-x32\...\{b43ffffb-1adc-4bcb-b277-7844ebff94da}) (Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Garmin Express (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden Garmin Express Tray (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries) Garmin WebUpdater (HKLM-x32\...\{AE1EC58E-B2AC-4959-A4C2-C38202A25239}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries) Google Earth (HKLM-x32\...\{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}) (Version: 7.1.1.1888 - Google) Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden Google+ Auto Backup (HKLM-x32\...\{D1D4D7EA-62B8-4665-9FF7-02A91B925CC9}) (Version: 1.0.18.74 - Google) GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP) HP Deskjet D4300 Printer Driver Software 13.0 Rel. 3 (HKLM\...\{382300D4-777B-4233-A98C-99EA0F6B881F}) (Version: 13.0 - HP) HP Imaging Device Functions 14.5 (HKLM\...\HP Imaging Device Functions) (Version: 14.5 - HP) HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP) HP Scanjet G4050 (HKLM\...\{27E19BA1-B30F-4E97-835B-1481803F54DC}) (Version: 14.5 - HP) HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP) HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP) HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.001 - Hewlett-Packard) HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden hpg4050 (x32 Version: 140.000.000.000 - Ihr Firmenname) Hidden HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.) Image Resizer for Windows (64 bit) (Version: 3.0.4802.35565 - Brice Lambson) Hidden Image Resizer for Windows (HKLM-x32\...\{69d72156-6582-4556-8637-06f40aa7f85b}) (Version: 3.0.4802.35565 - Brice Lambson) iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.) Java 7 Update 55 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417055FF}) (Version: 7.0.550 - Oracle) Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle) Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Antimalware Service DE-DE Language Pack (Version: 3.0.8107.0 - Microsoft Corporation) Hidden Microsoft Motocross Madness 2 (HKLM-x32\...\Motocross Madness 2) (Version: - ) Microsoft Security Client (Version: 4.6.0305.0 - Microsoft Corporation) Hidden Microsoft Security Client DE-DE Language Pack (Version: 2.0.0657.0 - Microsoft Corporation) Hidden Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation) Microsoft-Maus- und Tastatur-Center (Version: 2.3.188.0 - Microsoft Corporation) Hidden Mozilla Firefox 32.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 de)) (Version: 32.0.3 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.3 - Mozilla) Mozilla Thunderbird 24.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) OCR Software by I.R.I.S. 14.5 (HKLM\...\HPOCR) (Version: 14.5 - HP) OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation) PDF Editor 3 (HKLM-x32\...\PDF Editor 3) (Version: - ) PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.2 - pdfforge) Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.) QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.47.714.2011 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.) Scan (x32 Version: 14.0.1.0 - Hewlett-Packard) Hidden Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP) Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation) Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.) SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden TeamViewer 7 (HKLM-x32\...\TeamViewer 7) (Version: 7.0.17271 - TeamViewer) Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN) VMLite Workstation (HKLM\...\{197F2BEF-2705-406E-8CEB-8E404FFFE414}) (Version: 3.2.6 - VMLite) WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden Win2PDF 7 (HKLM\...\Win2PDF_is1) (Version: 7.0.46 - Dane Prairie Systems, LLC.) Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin) Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp) Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.) Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software) WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies) WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-344976508-2612026722-1020238545-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Alfred\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-344976508-2612026722-1020238545-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alfred\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-344976508-2612026722-1020238545-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alfred\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-344976508-2612026722-1020238545-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alfred\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-344976508-2612026722-1020238545-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alfred\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) ==================== Restore Points ========================= 21-09-2014 08:54:07 Windows Update 24-09-2014 19:46:46 Windows Update 27-09-2014 14:42:56 Installiert Microsoft Flight Simulator X 28-09-2014 11:16:34 Windows Update 01-10-2014 15:58:59 Windows Update 01-10-2014 19:44:46 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2013-09-14 20:29 - 00447822 ____N C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 1001namen.com - Informationen zum Thema 1001namen. Diese Website steht zum Verkauf! 127.0.0.1 100888290cs.com 127.0.0.1 ²©²Êͨ,²©²ÊÍø,½ð±¦²©188,²©²ÊͨÆÀ¼¶,°Ù¼ÒÀÖ,°ÂÃî°Ù¼ÒÀÖ 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com 127.0.0.1 10sek.com 127.0.0.1 Gadgets And More 127.0.0.1 www.1-2005-search.com 127.0.0.1 1-2005-search.com 127.0.0.1 123fporn.info 127.0.0.1 www.123fporn.info 127.0.0.1 123haustiereundmehr.com 127.0.0.1 www.123haustiereundmehr.com 127.0.0.1 123moviedownload.com There are 1000 more lines. ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {000040EA-D13A-480E-815A-A08C46AE3B6E} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-344976508-2612026722-1020238545-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe Task: {0CCC0779-DB8C-444E-87A0-BEB43185DB23} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-344976508-2612026722-1020238545-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe Task: {1C792EC5-711C-4583-9183-B10F4AACF315} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation) Task: {1F4C70B3-EBFE-4423-95DC-579F15A4862F} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/test-pass.html?aaa=KICMNJGMJJHMLJJJGMLMCNHMNJJJMMCNLMPMKJMMCNGMLJOMKMCNMJMMNJMMMJKJGMGMJMKMLMMJJNJICMIMCNHMCNMMFMGMCNPMCNHMOMOMNMFMJMCNOMCNIMJMPMOMCNNMJNPICMJMFMOMOMKJIJMIFMPMJNHICMOMOMKJIJMIJNBJCMOLDJJJNIKJLJJNKJCMJNNICMJNDJCMLJKJ" Task: {23099809-819F-469F-8DB5-3EFD2534E9B4} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-344976508-2612026722-1020238545-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe Task: {30204A1E-48CF-46A1-9EC3-8E82C0CD7B34} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation) Task: {332D6A73-4E79-4CA0-9C30-D2655B231956} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-344976508-2612026722-1020238545-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe Task: {3EC51B34-7AF9-4388-A9D0-D7A72FF654D4} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation) Task: {44656418-5D1E-492A-992A-B224072B7A81} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-25] (Adobe Systems Incorporated) Task: {64A0FCE7-883A-4863-A3F9-FC00CD06834E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-25] (Piriform Ltd) Task: {78C9B58F-51F0-40DD-9A04-A27497777A09} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-344976508-2612026722-1020238545-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe Task: {80D96612-4584-435D-AD96-3147652C439A} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation) Task: {824BD8CB-B6DD-446F-96BA-FE8507930347} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-344976508-2612026722-1020238545-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe Task: {95EB926D-69B0-44F2-9D5B-AFF786B57F10} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2014-08-25] (Apple Inc.) Task: {96A342E5-0908-498F-957D-5AD69E4B4EF0} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft) Task: {C31010AC-5310-4E13-AF62-AD4309F3D4AC} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: {CE999383-AEDF-4DEA-A2AF-988A1730AA8F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-25] (Google Inc.) Task: {D7CCB75D-1289-4754-9151-A5D5ECA0BB65} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {D9F4CB9B-2350-4982-9683-4050DC5D0BD0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-25] (Google Inc.) Task: {E6BE1A89-7142-4A29-B4F9-1D52A11FB7CF} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\PROGRA~2\AD-AWA~1\AdAwareLauncher.exe Task: {FDFABDEE-42AD-4B4A-9046-DAC95B2979DB} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-08-07] () Task: {FFC5DB78-D476-4DD5-AD76-459991BBBD4A} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-344976508-2612026722-1020238545-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2012-10-25 21:50 - 2011-06-07 10:35 - 00074016 _____ () C:\Windows\System32\win2pdfm.dll 2010-08-11 14:18 - 2010-08-11 14:18 - 00202344 _____ () C:\VXP\VBoxDDU.dll 2010-08-11 14:18 - 2010-08-11 14:18 - 02725480 _____ () C:\VXP\VBoxRT.dll 2009-03-26 22:03 - 2009-03-26 22:03 - 01289728 _____ () C:\VXP\LIBEAY32.dll 2014-09-25 20:44 - 2014-09-25 20:44 - 00053248 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll 2011-02-24 19:05 - 2011-02-24 19:05 - 03518032 _____ () C:\Program Files (x86)\Acronis\DriveMonitor\adm.exe 2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-01-20 13:16 - 2014-01-20 13:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2014-10-05 09:16 - 2014-10-05 09:16 - 00043008 _____ () c:\users\alfred\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpsgkm0p.dll 2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\Alfred\AppData\Roaming\Dropbox\bin\libcef.dll 2014-06-15 18:14 - 2014-06-15 18:14 - 03022960 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll 2014-06-15 18:14 - 2014-06-15 18:14 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll 2014-06-15 18:14 - 2014-06-15 18:14 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll 2014-10-03 14:39 - 2014-09-24 07:09 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Users\Alfred\Desktop\90 Tg. Kap Choeng.eml:OECustomProperty AlternateDataStreams: C:\Users\Alfred\Documents\- Alfred Gruetzner (a_gruetzner@yahoo.de) - 2014-02-23 0543.eml:OECustomProperty AlternateDataStreams: C:\Users\Alfred\Documents\Diesen Hai können Sie vom Büro aus jagen.eml:OECustomProperty AlternateDataStreams: C:\Users\Alfred\Documents\Mani Juerg mail 24.5.05. Re_ Swissair - Option 96_2000.eml:OECustomProperty AlternateDataStreams: C:\Users\Alfred\Documents\nico.eml:OECustomProperty AlternateDataStreams: C:\Users\Alfred\Documents\Rat vom Experten gegen Schnarchen.eml:OECustomProperty AlternateDataStreams: C:\Users\Alfred\Documents\Re Montag Hütedienst Wichtig!.eml:OECustomProperty ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk => C:\Windows\pss\Adobe Gamma Loader.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk => C:\Windows\pss\Secunia PSI Tray.lnk.CommonStartup MSCONFIG\startupfolder: C:^Users^Alfred^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Desktopnotes.lnk => C:\Windows\pss\Desktopnotes.lnk.Startup MSCONFIG\startupfolder: C:^Users^Alfred^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup MSCONFIG\startupfolder: C:^Users^Alfred^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^HP SimpleSave Monitor.lnk => C:\Windows\pss\HP SimpleSave Monitor.lnk.Startup MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" MSCONFIG\startupreg: Active Desktop Calendar => C:\Program Files (x86)\XemiComputers\Active Desktop Calendar\ADC.exe MSCONFIG\startupreg: adm_tray.exe => C:\Program Files (x86)\Acronis\DriveMonitor\adm_tray.exe MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: DivXMediaServer => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW MSCONFIG\startupreg: EDO-Soft Sticky Notes => C:\Program Files (x86)\Evernote Sticky Notes\StickyNotes.Wpf.exe MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe MSCONFIG\startupreg: hpqSRMon => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: MSC => "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s MSCONFIG\startupreg: SAFE14 Browser Monitor => "C:\Program Files (x86)\Steganos Safe 14\SteganosBrowserMonitor.exe" MSCONFIG\startupreg: SAFE14 File Redirection Starter => "C:\Program Files (x86)\Steganos Safe 14\fredirstarter.exe" MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun MSCONFIG\startupreg: Steganos HotKeys => "C:\Program Files (x86)\Steganos Safe 14\SteganosHotKeyService.exe" MSCONFIG\startupreg: WinPatrol => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot ========================= Accounts: ========================== Administrator (S-1-5-21-344976508-2612026722-1020238545-500 - Administrator - Disabled) Alfred (S-1-5-21-344976508-2612026722-1020238545-1000 - Administrator - Enabled) => C:\Users\Alfred Gast (S-1-5-21-344976508-2612026722-1020238545-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-344976508-2612026722-1020238545-1002 - Limited - Enabled) ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (10/05/2014 09:16:14 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/04/2014 05:56:30 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/04/2014 05:50:21 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1". Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (10/04/2014 05:50:21 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1". Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (10/04/2014 03:10:06 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1". Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (10/04/2014 03:00:56 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/04/2014 03:00:40 PM) (Source: Windows Search Service) (EventID: 7010) (User: ) Description: Der Index kann nicht initialisiert werden. Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Error: (10/04/2014 03:00:40 PM) (Source: Windows Search Service) (EventID: 3058) (User: ) Description: Die Anwendung kann nicht initialisiert werden. Kontext: Windows Anwendung Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Error: (10/04/2014 03:00:40 PM) (Source: Windows Search Service) (EventID: 3028) (User: ) Description: Das Gatherer-Objekt kann nicht initialisiert werden. Kontext: Windows Anwendung, SystemIndex Katalog Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Error: (10/04/2014 03:00:40 PM) (Source: Windows Search Service) (EventID: 3029) (User: ) Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden. Kontext: Windows Anwendung, SystemIndex Katalog Details: Element nicht gefunden. (HRESULT : 0x80070490) (0x80070490) System errors: ============= Error: (10/04/2014 07:09:05 PM) (Source: Disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR6 gefunden. Error: (10/04/2014 03:01:10 PM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: %%1056 Error: (10/04/2014 03:00:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts. Error: (10/04/2014 03:00:40 PM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073473535. Error: (10/04/2014 08:26:32 AM) (Source: Disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR6 gefunden. Error: (10/04/2014 08:26:32 AM) (Source: Disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR6 gefunden. Error: (10/04/2014 08:26:31 AM) (Source: Disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR6 gefunden. Error: (10/04/2014 01:24:44 AM) (Source: Ntfs) (EventID: 55) (User: ) Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar. Führen Sie auf dem Volume "L:" den Befehl "chkdsk" aus. Error: (10/03/2014 01:30:20 PM) (Source: Disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR6 gefunden. Error: (10/03/2014 01:30:19 PM) (Source: Disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR6 gefunden. Microsoft Office Sessions: ========================= Error: (10/05/2014 09:16:14 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/04/2014 05:56:30 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/04/2014 05:50:21 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll Error: (10/04/2014 05:50:21 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll Error: (10/04/2014 03:10:06 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll Error: (10/04/2014 03:00:56 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/04/2014 03:00:40 PM) (Source: Windows Search Service) (EventID: 7010) (User: ) Description: Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Error: (10/04/2014 03:00:40 PM) (Source: Windows Search Service) (EventID: 3058) (User: ) Description: Kontext: Windows Anwendung Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Error: (10/04/2014 03:00:40 PM) (Source: Windows Search Service) (EventID: 3028) (User: ) Description: Kontext: Windows Anwendung, SystemIndex Katalog Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Error: (10/04/2014 03:00:40 PM) (Source: Windows Search Service) (EventID: 3029) (User: ) Description: Kontext: Windows Anwendung, SystemIndex Katalog Details: Element nicht gefunden. (HRESULT : 0x80070490) (0x80070490) Search.TripoliIndexer ==================== Memory info =========================== Processor: Intel(R) Core(TM) i3 CPU 540 @ 3.07GHz Percentage of memory in use: 26% Total physical RAM: 8119.05 MB Available physical RAM: 6006.81 MB Total Pagefile: 16236.28 MB Available Pagefile: 14016.24 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: (System) (Fixed) (Total:465.66 GB) (Free:48.17 GB) NTFS Drive d: (Daten2) (Fixed) (Total:232.88 GB) (Free:22.74 GB) NTFS Drive e: (KINGSTON) (Removable) (Total:14.4 GB) (Free:3.6 GB) FAT32 Drive l: (Expansion Drive) (Fixed) (Total:1863.01 GB) (Free:668.56 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: C4CD6244) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 232.9 GB) (Disk ID: D20CD20C) Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS) ======================================================== Disk: 6 (Size: 1863 GB) (Disk ID: B9D00F66) Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS) ======================================================== Disk: 7 (Size: 14.4 GB) (Disk ID: 4E6F2201) Partition 1: (Active) - (Size=14.4 GB) - (Type=0B) ==================== End Of Log ============================ Hallo Cosinus, hier die 5 logs (JRT hat jetzt auch geklappt) Gruss u vielen Dank Alfred Malwarebytes Anti-Malware Malwarebytes | Free Anti-Malware & Internet Security Software Suchlauf Datum: 04.10.2014 Suchlauf-Zeit: 14:37:31 Logdatei: mbam.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.10.04.08 Rootkit Datenbank: v2014.09.19.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Self-protection: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Alfred Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 325936 Verstrichene Zeit: 9 Min, 11 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 1 PUP.Optional.Softonic.A, C:\Users\Alfred\Downloads\SoftonicDownloader_fuer_das-haus-am-see-kinder-der-stille.exe, In Quarantäne, [2d58bc33106be94d8424e052a35edb25], Physische Sektoren: 0 (No malicious items detected) (end)AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.311 - Bericht erstellt am 04/10/2014 um 17:54:45 # Aktualisiert 30/09/2014 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzername : Alfred - DM12REP # Gestartet von : C:\Users\Alfred\Desktop\AdwCleaner_3.311.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\Users\Alfred\AppData\LocalLow\HPAppData ***** [ Tasks ] ***** ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** ***** [ Browser ] ***** -\\ Internet Explorer v11.0.9600.17280 -\\ Mozilla Firefox v32.0.3 (x86 de) [ Datei : C:\Users\Alfred\AppData\Roaming\Mozilla\Firefox\Profiles\3nxitfyj.default\prefs.js ] [ Datei : C:\Users\Alfred\AppData\Roaming\Mozilla\Firefox\Profiles\f9e1lb4p.default-1397924871496\prefs.js ] -\\ Google Chrome v [ Datei : C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [2389 octets] - [09/08/2014 10:40:24] AdwCleaner[R1].txt - [1479 octets] - [10/09/2014 08:45:38] AdwCleaner[R2].txt - [5597 octets] - [27/09/2014 14:44:30] AdwCleaner[R3].txt - [2790 octets] - [01/10/2014 18:13:43] AdwCleaner[R4].txt - [1559 octets] - [03/10/2014 13:24:35] AdwCleaner[R5].txt - [1741 octets] - [04/10/2014 01:21:48] AdwCleaner[R6].txt - [1856 octets] - [04/10/2014 17:53:55] AdwCleaner[S0].txt - [2404 octets] - [09/08/2014 10:53:39] AdwCleaner[S1].txt - [1558 octets] - [10/09/2014 09:33:57] AdwCleaner[S2].txt - [5154 octets] - [27/09/2014 14:46:05] AdwCleaner[S3].txt - [2653 octets] - [01/10/2014 18:14:31] AdwCleaner[S4].txt - [1620 octets] - [03/10/2014 13:26:08] AdwCleaner[S5].txt - [1802 octets] - [04/10/2014 01:23:04] AdwCleaner[S6].txt - [1777 octets] - [04/10/2014 17:54:45] ########## EOF - C:\AdwCleaner\AdwCleaner[S6].txt - [1837 octets] ########## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.2.8 (10.04.2014:1) OS: Windows 7 Home Premium x64 Ran by Alfred on 05.10.2014 at 11:14:53.83 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders Successfully deleted: [Folder] C:\ProgramData\Wondershare Video Converter Ultimate ~~~ FireFox Successfully deleted the following from C:\Users\Alfred\AppData\Roaming\mozilla\firefox\profiles\f9e1lb4p.default-1397924871496\prefs.js user_pref("browser.search.useDBForOrder", "false"); Emptied folder: C:\Users\Alfred\AppData\Roaming\mozilla\firefox\profiles\f9e1lb4p.default-1397924871496\minidumps [2 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 05.10.2014 at 11:16:54.35 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-10-2014 01 Ran by Alfred at 2014-10-05 09:25:38 Running from C:\Users\Alfred\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1} AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Acronis Drive Monitor (HKLM-x32\...\{706AE61D-40A4-4F50-8359-FE8F6F7FA461}) (Version: 1.0.566 - Acronis) Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated) Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated) Adobe Photoshop 7.0 (HKLM-x32\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.) Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated) aerofly Flug Simulator 2013 (HKLM-x32\...\aerofly Flug Simulator 2013_is1) (Version: 1.0.9.11 - IPACS) AMD Accelerated Video Transcoding (Version: 12.10.100.30328 - Advanced Micro Devices, Inc.) Hidden AMD APP SDK Runtime (Version: 10.0.898.1 - Advanced Micro Devices Inc.) Hidden AMD Catalyst Install Manager (HKLM\...\{2748FDE2-7BA8-1D20-11A2-FF01CEB009A5}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.) AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden AMD Media Foundation Decoders (Version: 1.0.80328.2204 - Advanced Micro Devices, Inc.) Hidden AMD Wireless Display v3.0 (Version: 1.0.0.10 - Advanced Micro Devices, Inc.) Hidden ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden calibre 64bit (HKLM\...\{4DF0BC01-6D8A-4D2D-B2D6-2BB5F3203B3E}) (Version: 1.41.0 - Kovid Goyal) Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center (x32 Version: 2013.0328.2218.38225 - Ihr Firmenname) Hidden Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center InstallProxy (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Localization All (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Standard (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Traditional (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Czech (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Danish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Dutch (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help English (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Finnish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help French (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help German (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Greek (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Hungarian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Italian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Japanese (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Korean (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Norwegian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Polish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Portuguese (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Russian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Spanish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Swedish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Thai (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Turkish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden ccc-utility64 (Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform) CheckDrive (HKLM-x32\...\{B83513EC-2E4D-4621-816D-4CCF397BE702}_is1) (Version: 4.4 - Abelssoft) CPUID HWMonitor 1.25 (HKLM\...\CPUID HWMonitor_is1) (Version: - ) D4300 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden Destinations (x32 Version: 140.0.0.0 - Hewlett-Packard) Hidden DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden DiskAid 5.45 (HKLM-x32\...\DiskAid_is1) (Version: 5.45 - DigiDNA) DiskAid 6.7.2.0 (HKLM\...\DiskAid_is1) (Version: 6.7.2.0 - DigiDNA) DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.44 - DivX, LLC) DJ_SF_03_D4300_Software_Min (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden doPDF 7.3 printer (HKLM\...\doPDF 7 printer_is1) (Version: - Softland) Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.) Elevated Installer (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) Evernote Sticky Notes (HKLM-x32\...\{4FC3ACD7-105C-42E2-9A48-4FFF58C76D19}) (Version: 1.5.9 - Evernote Sticky Notes) Garmin City Navigator Europe NTU 2015.10 (HKLM-x32\...\{FB96D8EF-1EC6-4548-A65C-9485261262CC}) (Version: 2.0.0.0 - Garmin Ltd or its subsidiaries) Garmin Express (HKLM-x32\...\{b43ffffb-1adc-4bcb-b277-7844ebff94da}) (Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Garmin Express (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden Garmin Express Tray (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries) Garmin WebUpdater (HKLM-x32\...\{AE1EC58E-B2AC-4959-A4C2-C38202A25239}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries) Google Earth (HKLM-x32\...\{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}) (Version: 7.1.1.1888 - Google) Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden Google+ Auto Backup (HKLM-x32\...\{D1D4D7EA-62B8-4665-9FF7-02A91B925CC9}) (Version: 1.0.18.74 - Google) GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP) HP Deskjet D4300 Printer Driver Software 13.0 Rel. 3 (HKLM\...\{382300D4-777B-4233-A98C-99EA0F6B881F}) (Version: 13.0 - HP) HP Imaging Device Functions 14.5 (HKLM\...\HP Imaging Device Functions) (Version: 14.5 - HP) HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP) HP Scanjet G4050 (HKLM\...\{27E19BA1-B30F-4E97-835B-1481803F54DC}) (Version: 14.5 - HP) HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP) HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP) HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.001 - Hewlett-Packard) HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden hpg4050 (x32 Version: 140.000.000.000 - Ihr Firmenname) Hidden HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.) Image Resizer for Windows (64 bit) (Version: 3.0.4802.35565 - Brice Lambson) Hidden Image Resizer for Windows (HKLM-x32\...\{69d72156-6582-4556-8637-06f40aa7f85b}) (Version: 3.0.4802.35565 - Brice Lambson) iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.) Java 7 Update 55 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417055FF}) (Version: 7.0.550 - Oracle) Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle) Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Antimalware Service DE-DE Language Pack (Version: 3.0.8107.0 - Microsoft Corporation) Hidden Microsoft Motocross Madness 2 (HKLM-x32\...\Motocross Madness 2) (Version: - ) Microsoft Security Client (Version: 4.6.0305.0 - Microsoft Corporation) Hidden Microsoft Security Client DE-DE Language Pack (Version: 2.0.0657.0 - Microsoft Corporation) Hidden Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation) Microsoft-Maus- und Tastatur-Center (Version: 2.3.188.0 - Microsoft Corporation) Hidden Mozilla Firefox 32.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 de)) (Version: 32.0.3 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.3 - Mozilla) Mozilla Thunderbird 24.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) OCR Software by I.R.I.S. 14.5 (HKLM\...\HPOCR) (Version: 14.5 - HP) OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation) PDF Editor 3 (HKLM-x32\...\PDF Editor 3) (Version: - ) PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.2 - pdfforge) Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.) QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.47.714.2011 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.) Scan (x32 Version: 14.0.1.0 - Hewlett-Packard) Hidden Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP) Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation) Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.) SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden TeamViewer 7 (HKLM-x32\...\TeamViewer 7) (Version: 7.0.17271 - TeamViewer) Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN) VMLite Workstation (HKLM\...\{197F2BEF-2705-406E-8CEB-8E404FFFE414}) (Version: 3.2.6 - VMLite) WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden Win2PDF 7 (HKLM\...\Win2PDF_is1) (Version: 7.0.46 - Dane Prairie Systems, LLC.) Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin) Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp) Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.) Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software) WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies) WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-344976508-2612026722-1020238545-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Alfred\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-344976508-2612026722-1020238545-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alfred\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-344976508-2612026722-1020238545-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alfred\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-344976508-2612026722-1020238545-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alfred\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-344976508-2612026722-1020238545-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alfred\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) ==================== Restore Points ========================= 21-09-2014 08:54:07 Windows Update 24-09-2014 19:46:46 Windows Update 27-09-2014 14:42:56 Installiert Microsoft Flight Simulator X 28-09-2014 11:16:34 Windows Update 01-10-2014 15:58:59 Windows Update 01-10-2014 19:44:46 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2013-09-14 20:29 - 00447822 ____N C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 1001namen.com - Informationen zum Thema 1001namen. Diese Website steht zum Verkauf! 127.0.0.1 100888290cs.com 127.0.0.1 ²©²Êͨ,²©²ÊÍø,½ð±¦²©188,²©²ÊͨÆÀ¼¶,°Ù¼ÒÀÖ,°ÂÃî°Ù¼ÒÀÖ 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com 127.0.0.1 10sek.com 127.0.0.1 Gadgets And More 127.0.0.1 1-2005-search.com 127.0.0.1 1-2005-search.com 127.0.0.1 123fporn.info 127.0.0.1 www.123fporn.info 127.0.0.1 123haustiereundmehr.com 127.0.0.1 www.123haustiereundmehr.com 127.0.0.1 123moviedownload.com There are 1000 more lines. ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {000040EA-D13A-480E-815A-A08C46AE3B6E} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-344976508-2612026722-1020238545-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe Task: {0CCC0779-DB8C-444E-87A0-BEB43185DB23} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-344976508-2612026722-1020238545-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe Task: {1C792EC5-711C-4583-9183-B10F4AACF315} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation) Task: {1F4C70B3-EBFE-4423-95DC-579F15A4862F} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/test-pass.html?aaa=KICMNJGMJJHMLJJJGMLMCNHMNJJJMMCNLMPMKJMMCNGMLJOMKMCNMJMMNJMMMJKJGMGMJMKMLMMJJNJICMIMCNHMCNMMFMGMCNPMCNHMOMOMNMFMJMCNOMCNIMJMPMOMCNNMJNPICMJMFMOMOMKJIJMIFMPMJNHICMOMOMKJIJMIJNBJCMOLDJJJNIKJLJJNKJCMJNNICMJNDJCMLJKJ" Task: {23099809-819F-469F-8DB5-3EFD2534E9B4} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-344976508-2612026722-1020238545-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe Task: {30204A1E-48CF-46A1-9EC3-8E82C0CD7B34} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation) Task: {332D6A73-4E79-4CA0-9C30-D2655B231956} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-344976508-2612026722-1020238545-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe Task: {3EC51B34-7AF9-4388-A9D0-D7A72FF654D4} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation) Task: {44656418-5D1E-492A-992A-B224072B7A81} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-25] (Adobe Systems Incorporated) Task: {64A0FCE7-883A-4863-A3F9-FC00CD06834E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-25] (Piriform Ltd) Task: {78C9B58F-51F0-40DD-9A04-A27497777A09} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-344976508-2612026722-1020238545-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe Task: {80D96612-4584-435D-AD96-3147652C439A} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation) Task: {824BD8CB-B6DD-446F-96BA-FE8507930347} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-344976508-2612026722-1020238545-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe Task: {95EB926D-69B0-44F2-9D5B-AFF786B57F10} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2014-08-25] (Apple Inc.) Task: {96A342E5-0908-498F-957D-5AD69E4B4EF0} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft) Task: {C31010AC-5310-4E13-AF62-AD4309F3D4AC} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: {CE999383-AEDF-4DEA-A2AF-988A1730AA8F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-25] (Google Inc.) Task: {D7CCB75D-1289-4754-9151-A5D5ECA0BB65} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {D9F4CB9B-2350-4982-9683-4050DC5D0BD0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-25] (Google Inc.) Task: {E6BE1A89-7142-4A29-B4F9-1D52A11FB7CF} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\PROGRA~2\AD-AWA~1\AdAwareLauncher.exe Task: {FDFABDEE-42AD-4B4A-9046-DAC95B2979DB} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-08-07] () Task: {FFC5DB78-D476-4DD5-AD76-459991BBBD4A} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-344976508-2612026722-1020238545-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2012-10-25 21:50 - 2011-06-07 10:35 - 00074016 _____ () C:\Windows\System32\win2pdfm.dll 2010-08-11 14:18 - 2010-08-11 14:18 - 00202344 _____ () C:\VXP\VBoxDDU.dll 2010-08-11 14:18 - 2010-08-11 14:18 - 02725480 _____ () C:\VXP\VBoxRT.dll 2009-03-26 22:03 - 2009-03-26 22:03 - 01289728 _____ () C:\VXP\LIBEAY32.dll 2014-09-25 20:44 - 2014-09-25 20:44 - 00053248 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll 2011-02-24 19:05 - 2011-02-24 19:05 - 03518032 _____ () C:\Program Files (x86)\Acronis\DriveMonitor\adm.exe 2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-01-20 13:16 - 2014-01-20 13:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2014-10-05 09:16 - 2014-10-05 09:16 - 00043008 _____ () c:\users\alfred\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpsgkm0p.dll 2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\Alfred\AppData\Roaming\Dropbox\bin\libcef.dll 2014-06-15 18:14 - 2014-06-15 18:14 - 03022960 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll 2014-06-15 18:14 - 2014-06-15 18:14 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll 2014-06-15 18:14 - 2014-06-15 18:14 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll 2014-10-03 14:39 - 2014-09-24 07:09 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Users\Alfred\Desktop\90 Tg. Kap Choeng.eml:OECustomProperty AlternateDataStreams: C:\Users\Alfred\Documents\- Alfred Gruetzner (a_gruetzner@yahoo.de) - 2014-02-23 0543.eml:OECustomProperty AlternateDataStreams: C:\Users\Alfred\Documents\Diesen Hai können Sie vom Büro aus jagen.eml:OECustomProperty AlternateDataStreams: C:\Users\Alfred\Documents\Mani Juerg mail 24.5.05. Re_ Swissair - Option 96_2000.eml:OECustomProperty AlternateDataStreams: C:\Users\Alfred\Documents\nico.eml:OECustomProperty AlternateDataStreams: C:\Users\Alfred\Documents\Rat vom Experten gegen Schnarchen.eml:OECustomProperty AlternateDataStreams: C:\Users\Alfred\Documents\Re Montag Hütedienst Wichtig!.eml:OECustomProperty ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk => C:\Windows\pss\Adobe Gamma Loader.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk => C:\Windows\pss\Secunia PSI Tray.lnk.CommonStartup MSCONFIG\startupfolder: C:^Users^Alfred^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Desktopnotes.lnk => C:\Windows\pss\Desktopnotes.lnk.Startup MSCONFIG\startupfolder: C:^Users^Alfred^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup MSCONFIG\startupfolder: C:^Users^Alfred^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^HP SimpleSave Monitor.lnk => C:\Windows\pss\HP SimpleSave Monitor.lnk.Startup MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" MSCONFIG\startupreg: Active Desktop Calendar => C:\Program Files (x86)\XemiComputers\Active Desktop Calendar\ADC.exe MSCONFIG\startupreg: adm_tray.exe => C:\Program Files (x86)\Acronis\DriveMonitor\adm_tray.exe MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: DivXMediaServer => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW MSCONFIG\startupreg: EDO-Soft Sticky Notes => C:\Program Files (x86)\Evernote Sticky Notes\StickyNotes.Wpf.exe MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe MSCONFIG\startupreg: hpqSRMon => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: MSC => "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s MSCONFIG\startupreg: SAFE14 Browser Monitor => "C:\Program Files (x86)\Steganos Safe 14\SteganosBrowserMonitor.exe" MSCONFIG\startupreg: SAFE14 File Redirection Starter => "C:\Program Files (x86)\Steganos Safe 14\fredirstarter.exe" MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun MSCONFIG\startupreg: Steganos HotKeys => "C:\Program Files (x86)\Steganos Safe 14\SteganosHotKeyService.exe" MSCONFIG\startupreg: WinPatrol => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot ========================= Accounts: ========================== Administrator (S-1-5-21-344976508-2612026722-1020238545-500 - Administrator - Disabled) Alfred (S-1-5-21-344976508-2612026722-1020238545-1000 - Administrator - Enabled) => C:\Users\Alfred Gast (S-1-5-21-344976508-2612026722-1020238545-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-344976508-2612026722-1020238545-1002 - Limited - Enabled) ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (10/05/2014 09:16:14 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/04/2014 05:56:30 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/04/2014 05:50:21 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1". Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (10/04/2014 05:50:21 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1". Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (10/04/2014 03:10:06 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1". Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (10/04/2014 03:00:56 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/04/2014 03:00:40 PM) (Source: Windows Search Service) (EventID: 7010) (User: ) Description: Der Index kann nicht initialisiert werden. Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Error: (10/04/2014 03:00:40 PM) (Source: Windows Search Service) (EventID: 3058) (User: ) Description: Die Anwendung kann nicht initialisiert werden. Kontext: Windows Anwendung Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Error: (10/04/2014 03:00:40 PM) (Source: Windows Search Service) (EventID: 3028) (User: ) Description: Das Gatherer-Objekt kann nicht initialisiert werden. Kontext: Windows Anwendung, SystemIndex Katalog Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Error: (10/04/2014 03:00:40 PM) (Source: Windows Search Service) (EventID: 3029) (User: ) Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden. Kontext: Windows Anwendung, SystemIndex Katalog Details: Element nicht gefunden. (HRESULT : 0x80070490) (0x80070490) System errors: ============= Error: (10/04/2014 07:09:05 PM) (Source: Disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR6 gefunden. Error: (10/04/2014 03:01:10 PM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: %%1056 Error: (10/04/2014 03:00:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts. Error: (10/04/2014 03:00:40 PM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073473535. Error: (10/04/2014 08:26:32 AM) (Source: Disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR6 gefunden. Error: (10/04/2014 08:26:32 AM) (Source: Disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR6 gefunden. Error: (10/04/2014 08:26:31 AM) (Source: Disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR6 gefunden. Error: (10/04/2014 01:24:44 AM) (Source: Ntfs) (EventID: 55) (User: ) Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar. Führen Sie auf dem Volume "L:" den Befehl "chkdsk" aus. Error: (10/03/2014 01:30:20 PM) (Source: Disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR6 gefunden. Error: (10/03/2014 01:30:19 PM) (Source: Disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR6 gefunden. Microsoft Office Sessions: ========================= Error: (10/05/2014 09:16:14 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/04/2014 05:56:30 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/04/2014 05:50:21 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll Error: (10/04/2014 05:50:21 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll Error: (10/04/2014 03:10:06 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll Error: (10/04/2014 03:00:56 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/04/2014 03:00:40 PM) (Source: Windows Search Service) (EventID: 7010) (User: ) Description: Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Error: (10/04/2014 03:00:40 PM) (Source: Windows Search Service) (EventID: 3058) (User: ) Description: Kontext: Windows Anwendung Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Error: (10/04/2014 03:00:40 PM) (Source: Windows Search Service) (EventID: 3028) (User: ) Description: Kontext: Windows Anwendung, SystemIndex Katalog Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Error: (10/04/2014 03:00:40 PM) (Source: Windows Search Service) (EventID: 3029) (User: ) Description: Kontext: Windows Anwendung, SystemIndex Katalog Details: Element nicht gefunden. (HRESULT : 0x80070490) (0x80070490) Search.TripoliIndexer ==================== Memory info =========================== Processor: Intel(R) Core(TM) i3 CPU 540 @ 3.07GHz Percentage of memory in use: 26% Total physical RAM: 8119.05 MB Available physical RAM: 6006.81 MB Total Pagefile: 16236.28 MB Available Pagefile: 14016.24 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: (System) (Fixed) (Total:465.66 GB) (Free:48.17 GB) NTFS Drive d: (Daten2) (Fixed) (Total:232.88 GB) (Free:22.74 GB) NTFS Drive e: (KINGSTON) (Removable) (Total:14.4 GB) (Free:3.6 GB) FAT32 Drive l: (Expansion Drive) (Fixed) (Total:1863.01 GB) (Free:668.56 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: C4CD6244) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 232.9 GB) (Disk ID: D20CD20C) Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS) ======================================================== Disk: 6 (Size: 1863 GB) (Disk ID: B9D00F66) Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS) ======================================================== Disk: 7 (Size: 14.4 GB) (Disk ID: 4E6F2201) Partition 1: (Active) - (Size=14.4 GB) - (Type=0B) ==================== End Of Log ============================
__________________ Suche nicht das Glueck - lebe es (Buddha) |
05.10.2014, 14:16 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | sm.de virusbefall Neue FRST.txt fehlt. Du hast 2x die Addition.txt gepostet
__________________ --> sm.de virusbefall |
05.10.2014, 15:23 | #7 |
| sm.de virusbefall hier das FRST log FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-10-2014 01 Ran by Alfred (administrator) on DM12REP on 05-10-2014 09:24:34 Running from C:\Users\Alfred\Desktop Loaded Profile: Alfred (Available profiles: Alfred) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (AMD) C:\Windows\System32\atiesrxx.exe (Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (AMD) C:\Windows\System32\atieclxx.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (ArcSoft, Inc.) C:\Users\Alfred\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe (Dropbox, Inc.) C:\Users\Alfred\AppData\Roaming\Dropbox\bin\Dropbox.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (VMLite, Inc.) C:\VXP\VMLiteService.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe () C:\Program Files (x86)\Acronis\DriveMonitor\adm.exe () C:\Program Files (x86)\Acronis\DriveMonitor\adm.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-21-344976508-2612026722-1020238545-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-08-08] (Apple Inc.) HKU\S-1-5-21-344976508-2612026722-1020238545-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries) HKU\S-1-5-21-344976508-2612026722-1020238545-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6480664 2014-09-25] (Piriform Ltd) HKU\S-1-5-21-344976508-2612026722-1020238545-1000\...\MountPoints2: L - L:\HPLauncher.exe HKU\S-1-5-21-344976508-2612026722-1020238545-1000\...\MountPoints2: {63be18cd-1c39-11e2-87aa-20cf308e5960} - K:\HPLauncher.exe HKU\S-1-5-21-344976508-2612026722-1020238545-1000\...\MountPoints2: {aa142560-a0e7-11e2-b173-20cf308e5960} - K:\HPLauncher.exe HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries) Startup: C:\Users\Alfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Alfred\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alfred\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alfred\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alfred\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alfred\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) BootExecute: autocheck autochk * SBBD.exe /d \Device\HarddiskVolume2\Program Files (x86)\Ad-Aware Antivirus\Definitions ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ch.msn.com/default.aspx?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x2E20F8E641ADCD01 URLSearchHook: HKLM-x32 - Default Value = {CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D} SearchScopes: HKLM - {8A750DF0-FBD0-47C1-A1D7-5F6540A568AE} URL = hxxp://www.sm.de/?q={searchTerms} SearchScopes: HKCU - {8A750DF0-FBD0-47C1-A1D7-5F6540A568AE} URL = hxxp://www.sm.de/?q={searchTerms} BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Alfred\AppData\Roaming\Mozilla\Firefox\Profiles\f9e1lb4p.default-1397924871496 FF DefaultSearchEngine: SuchMaschine FF SearchEngineOrder.1: SuchMaschine FF SelectedSearchEngine: SuchMaschine FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF SearchPlugin: C:\Users\Alfred\AppData\Roaming\Mozilla\Firefox\Profiles\f9e1lb4p.default-1397924871496\searchplugins\search_engine.xml FF SearchPlugin: C:\Users\Alfred\AppData\Roaming\Mozilla\Firefox\Profiles\f9e1lb4p.default-1397924871496\searchplugins\startpage-https---deutsch.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: YouTube Unblocker - C:\Users\Alfred\AppData\Roaming\Mozilla\Firefox\Profiles\f9e1lb4p.default-1397924871496\Extensions\youtubeunblocker@unblocker.yt [2014-05-12] FF Extension: WOT - C:\Users\Alfred\AppData\Roaming\Mozilla\Firefox\Profiles\f9e1lb4p.default-1397924871496\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-06-18] FF Extension: DownloadHelper - C:\Users\Alfred\AppData\Roaming\Mozilla\Firefox\Profiles\f9e1lb4p.default-1397924871496\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-05] FF Extension: MEGA - C:\Users\Alfred\AppData\Roaming\Mozilla\Firefox\Profiles\f9e1lb4p.default-1397924871496\Extensions\firefox@mega.co.nz.xpi [2014-07-12] FF Extension: NoScript - C:\Users\Alfred\AppData\Roaming\Mozilla\Firefox\Profiles\f9e1lb4p.default-1397924871496\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-05-12] FF Extension: Adblock Plus - C:\Users\Alfred\AppData\Roaming\Mozilla\Firefox\Profiles\f9e1lb4p.default-1397924871496\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-12] FF Extension: DownThemAll! - C:\Users\Alfred\AppData\Roaming\Mozilla\Firefox\Profiles\f9e1lb4p.default-1397924871496\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2014-05-12] FF Extension: Adblock Edge - C:\Users\Alfred\AppData\Roaming\Mozilla\Firefox\Profiles\f9e1lb4p.default-1397924871496\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2014-04-23] FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-09-25] FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-07-26] FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-04-25] FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 Chrome: ======= CHR HomePage: Default -> hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_4&ent=hp&u=424CC20045927E4CBDC72C5234910BB4 CHR RestoreOnStartup: Default -> "hxxp://www.google.com" CHR NewTab: Default -> "chrome-extension://eooncjejnppfjjklapaamhcdmjbilmde/redirect.html" CHR DefaultSearchKeyword: Default -> SuchMaschine CHR DefaultSearchProvider: Default -> SuchMaschine CHR DefaultSearchURL: Default -> hxxp://www.sm.de/?q={searchTerms} CHR DefaultSuggestURL: Default -> CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll No File CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\pdf.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation) CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll No File CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll No File CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll No File CHR Plugin: (RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll No File CHR Plugin: (RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll No File CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll No File CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File CHR Profile: C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-26] CHR Extension: (Google Drive) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-26] CHR Extension: (WOT) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2013-06-30] CHR Extension: (YouTube) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-26] CHR Extension: (Google-Suche) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-26] CHR Extension: (RealDownloader) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-06-26] CHR Extension: (Skype Click to Call) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-06-26] CHR Extension: (Chrome In-App Payments service) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22] CHR Extension: (Mehr Leistung und Videoformate für dein HTML5 <video>) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2013-06-26] CHR Extension: (Google Mail) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-26] CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-05-06] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 BackupService; C:\Users\Alfred\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe [83512 2010-07-01] (ArcSoft, Inc.) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-08-07] (Garmin Ltd or its subsidiaries) R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed] R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed] S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed] R2 LPDSVC; C:\Windows\system32\lpdsvc.dll [45568 2009-07-14] (Microsoft Corporation) R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation) R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation) R2 VMLiteService; C:\VXP\VMLiteService.exe [426600 2010-08-21] (VMLite, Inc.) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13368 2009-04-06] () R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-09-14] (GFI Software) S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-10-04] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-14] () R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation) R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.) S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed] R1 VBoxDrv; C:\Windows\System32\drivers\VBoxDrv.sys [204328 2010-08-11] (VMLite, Inc.) R3 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp.sys [146216 2010-08-11] (VMLite, Inc.) R3 VBoxNetFlt; C:\Windows\System32\DRIVERS\VBoxNetFlt.sys [165800 2010-08-11] (VMLite, Inc.) R1 vmlitedrv; C:\Windows\System32\drivers\vmlitedrv.sys [14952 2010-08-03] (VMLite, Inc.) R3 vmlitestor; C:\Windows\System32\DRIVERS\vmlitestor.sys [177768 2010-08-11] (VMLite, Inc.) S3 VMLiteUSB; C:\Windows\System32\Drivers\VMLiteUSB.sys [150120 2010-08-11] (VMLite, Inc.) R1 VMLiteUSBMon; C:\Windows\System32\drivers\vmliteusbmon.sys [135272 2010-08-18] (VMLite, Inc.) S3 ALSysIO; \??\C:\Users\Alfred\AppData\Local\Temp\ALSysIO64.sys [X] S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-05 09:24 - 2014-10-05 09:25 - 00024260 _____ () C:\Users\Alfred\Desktop\FRST.txt 2014-10-05 09:22 - 2014-10-05 09:22 - 02109440 _____ (Farbar) C:\Users\Alfred\Desktop\FRST64.exe 2014-10-04 18:04 - 2014-10-04 18:04 - 01694116 _____ (Thisisu) C:\Users\Alfred\Downloads\JRT(1).exe 2014-10-04 18:04 - 2014-10-04 17:46 - 01694116 _____ (Thisisu) C:\Users\Alfred\Desktop\JRT_NEW.exe 2014-10-04 17:57 - 2014-10-04 17:57 - 00001917 _____ () C:\Users\Alfred\Desktop\AdwCleaner[S6].txt 2014-10-04 17:47 - 2014-10-04 17:47 - 01375089 _____ () C:\Users\Alfred\Desktop\AdwCleaner_3.311.exe 2014-10-04 17:46 - 2014-10-04 17:47 - 00000000 ____D () C:\Users\Alfred\Desktop\trojaner-board.de 4.10.14 2014-10-04 17:43 - 2014-10-04 17:43 - 00000259 _____ () C:\Users\Alfred\Desktop\mbam2.txt 2014-10-04 17:42 - 2014-10-04 17:42 - 00001293 _____ () C:\Users\Alfred\Desktop\mbam.txt 2014-10-04 15:00 - 2014-10-05 09:16 - 00000168 _____ () C:\Windows\setupact.log 2014-10-04 15:00 - 2014-10-04 17:56 - 00000974 _____ () C:\Windows\PFRO.log 2014-10-04 15:00 - 2014-10-04 15:00 - 00000000 _____ () C:\Windows\setuperr.log 2014-10-04 14:36 - 2014-10-04 17:38 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-10-04 14:36 - 2014-10-04 17:38 - 00001108 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-10-04 14:36 - 2014-10-04 17:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-10-04 14:35 - 2014-10-04 17:38 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-10-04 14:35 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-10-04 14:35 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-10-04 14:35 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-10-04 14:34 - 2014-10-04 14:34 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Alfred\Desktop\mbam-setup-2.0.2.1012.exe 2014-10-04 13:40 - 2014-10-04 13:40 - 00380416 _____ () C:\Users\Alfred\Desktop\Gmer-19357.exe 2014-10-04 09:02 - 2014-10-04 09:02 - 02109440 _____ (Farbar) C:\Users\Alfred\Downloads\FRST64.exe.4rrsf4c.partial 2014-10-04 09:01 - 2014-10-04 09:01 - 00000474 _____ () C:\Users\Alfred\Desktop\defogger_disable.log 2014-10-04 09:01 - 2014-10-04 09:01 - 00000000 _____ () C:\Users\Alfred\defogger_reenable 2014-10-04 08:59 - 2014-10-04 08:59 - 00050477 _____ () C:\Users\Alfred\Desktop\Defogger.exe 2014-10-03 20:30 - 2014-10-03 20:30 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-10-03 20:29 - 2014-10-03 20:29 - 02347384 _____ (ESET) C:\Users\Alfred\Desktop\esetsmartinstaller_deu.exe 2014-10-03 14:39 - 2014-10-03 14:39 - 00001165 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-10-03 13:44 - 2014-10-03 14:39 - 00244408 _____ () C:\Users\Alfred\Downloads\Firefox Setup Stub 32.0.3 (1).exe 2014-10-03 13:38 - 2014-10-03 13:39 - 00244408 _____ () C:\Users\Alfred\Downloads\Firefox Setup Stub 32.0.3.exe 2014-10-01 17:57 - 2014-10-01 17:58 - 00000000 ____D () C:\Users\Alfred\Documents\HANS 2014-10-01 07:36 - 2014-09-25 04:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2014-10-01 07:36 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll 2014-09-29 21:05 - 2014-09-29 21:06 - 00000368 _____ () C:\Users\Alfred\Desktop\fsx ctd forum hinweis problem gelöst..txt 2014-09-29 10:17 - 2014-09-29 10:19 - 00000000 ____D () C:\Users\Alfred\Documents\JAKOB TOFFEN CHEMINEE 2014-09-29 10:16 - 2014-09-29 10:16 - 00000000 ____D () C:\Users\Alfred\Documents\KÜPFER KAUFDORF 2014-09-28 13:18 - 2014-09-28 13:18 - 00001277 _____ () C:\Users\Alfred\Desktop\aerofly Flug Simulator 2013.lnk 2014-09-27 14:26 - 2014-09-27 14:30 - 00000000 ____D () C:\Users\Alfred\AppData\Local\Microsoft Games 2014-09-27 14:14 - 2014-09-27 14:14 - 00000000 ____D () C:\Users\Alfred\AppData\Roaming\QuickScan 2014-09-27 14:10 - 2014-09-27 14:10 - 00000000 ____D () C:\Program Files (x86)\OXXOGames 2014-09-27 14:10 - 2014-09-27 14:10 - 00000000 ____D () C:\Program Files (x86)\DEUTSCHLAND SPIELT 2014-09-27 13:41 - 2014-10-01 15:38 - 00021635 _____ () C:\Users\Alfred\Desktop\cmi performance 2002-2014-2017.ods 2014-09-27 08:54 - 2014-09-27 08:54 - 00000000 ____D () C:\Users\Alfred\Documents\CONRAD 2014-09-25 14:06 - 2014-09-25 14:06 - 00001092 _____ () C:\Users\Alfred\Desktop\Eigene Scans - Verknüpfung.lnk 2014-09-25 14:00 - 2014-09-25 14:00 - 00001108 _____ () C:\Users\Alfred\Desktop\LILO NACHLASS - Verknüpfung.lnk 2014-09-25 10:17 - 2014-10-03 14:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-09-24 09:35 - 2014-09-10 00:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-09-24 09:35 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2014-09-21 18:58 - 2014-09-21 18:58 - 00198295 _____ () C:\Users\Alfred\Desktop\90 Tg. Kap Choeng.eml 2014-09-21 11:40 - 2014-09-21 11:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud 2014-09-19 08:01 - 2014-09-19 18:40 - 00000000 ____D () C:\Users\Alfred\Desktop\JENS SCHNEIDER AKTUELL 2014-09-18 09:49 - 2014-09-18 09:49 - 00001423 _____ () C:\Users\Alfred\Desktop\JENS SCHNEIDER RA - Verknüpfung.lnk 2014-09-17 21:43 - 2014-09-17 21:43 - 00001789 _____ () C:\Users\Public\Desktop\iTunes.lnk 2014-09-17 21:43 - 2014-09-17 21:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2014-09-17 21:42 - 2014-09-17 21:43 - 00000000 ____D () C:\Program Files\iTunes 2014-09-17 21:42 - 2014-09-17 21:43 - 00000000 ____D () C:\Program Files (x86)\iTunes 2014-09-17 21:42 - 2014-09-17 21:42 - 00000000 ____D () C:\Program Files\iPod 2014-09-13 09:48 - 2014-09-13 10:04 - 04146701 _____ () C:\Users\Alfred\Documents\FLORIAN2014.odp 2014-09-11 21:21 - 2014-09-28 06:32 - 00000828 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-09-10 22:36 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-09-10 22:36 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-09-10 22:35 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-09-10 22:35 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-09-10 22:35 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-09-10 22:35 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-09-10 22:35 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-09-10 22:35 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-09-10 22:35 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-09-10 22:35 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-09-10 22:35 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-09-10 22:35 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-09-10 22:35 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-09-10 22:35 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-09-10 22:35 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-09-10 22:35 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-09-10 22:35 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-09-10 22:35 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-09-10 22:35 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-09-10 22:35 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-09-10 22:35 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-09-10 22:35 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-09-10 22:35 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-09-10 22:35 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-09-10 22:35 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-09-10 22:35 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-09-10 22:35 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-09-10 22:35 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-09-10 22:35 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-09-10 22:35 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-09-10 22:35 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-09-10 22:35 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-09-10 22:35 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-09-10 22:35 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-09-10 22:35 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-09-10 22:35 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-09-10 22:35 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-09-10 22:35 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-09-10 22:35 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-09-10 22:35 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-09-10 22:35 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-09-10 22:35 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-09-10 22:35 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-09-10 22:35 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-09-10 22:35 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-09-10 22:35 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-09-10 22:35 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-09-10 22:35 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-09-10 22:35 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-09-10 22:35 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-09-10 22:35 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-09-10 22:35 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-09-10 22:35 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-09-10 22:35 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-09-10 22:35 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-09-10 22:35 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-09-10 22:29 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll 2014-09-10 22:29 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll 2014-09-10 07:11 - 2014-09-05 04:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-09-10 07:11 - 2014-09-05 04:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-09-10 07:11 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll 2014-09-10 07:11 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll 2014-09-10 07:11 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-09-10 07:11 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-09-10 07:11 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-09-10 07:11 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-09-10 07:11 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-09-10 07:11 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2014-09-10 07:11 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll 2014-09-09 10:09 - 2014-09-09 10:09 - 00000916 _____ () C:\Users\Alfred\Desktop\Eigene Dokumente - Verknüpfung (3).lnk ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-05 09:24 - 2014-07-07 12:22 - 00000000 ____D () C:\FRST 2014-10-05 09:23 - 2009-07-14 06:45 - 00028928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-10-05 09:23 - 2009-07-14 06:45 - 00028928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-10-05 09:19 - 2012-10-18 15:41 - 01620010 _____ () C:\Windows\WindowsUpdate.log 2014-10-05 09:18 - 2014-04-23 22:28 - 00000000 ___RD () C:\Users\Alfred\Dropbox 2014-10-05 09:18 - 2014-04-23 22:25 - 00000000 ____D () C:\Users\Alfred\AppData\Roaming\Dropbox 2014-10-05 09:18 - 2012-10-25 14:53 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-10-05 09:16 - 2012-10-25 14:53 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-10-05 09:16 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-10-04 20:48 - 2013-04-10 04:17 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-10-04 19:10 - 2011-04-12 09:43 - 00699416 _____ () C:\Windows\system32\perfh007.dat 2014-10-04 19:10 - 2011-04-12 09:43 - 00149556 _____ () C:\Windows\system32\perfc007.dat 2014-10-04 19:10 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-10-04 17:54 - 2014-08-09 10:40 - 00000000 ____D () C:\AdwCleaner 2014-10-04 09:01 - 2012-10-18 16:07 - 00000000 ____D () C:\Users\Alfred 2014-10-04 08:44 - 2012-10-27 15:40 - 00000000 ____D () C:\Users\Alfred\AppData\Roaming\uTorrent 2014-10-04 01:24 - 2012-10-25 14:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-10-02 16:13 - 2014-05-11 14:47 - 00000000 ____D () C:\Users\Alfred\AppData\Roaming\.minecraft 2014-10-01 18:11 - 2014-09-01 15:27 - 00000000 ____D () C:\Users\Alfred\Documents\LILO NACHLASS 2014-10-01 18:00 - 2012-12-03 12:12 - 00000000 ____D () C:\Users\Alfred\Documents\SCHAFERS 2014-10-01 15:16 - 2012-10-21 15:24 - 00000000 ____D () C:\Users\Alfred\AppData\Roaming\vlc 2014-09-29 14:27 - 2012-11-16 13:57 - 00000000 ____D () C:\Users\Alfred\Documents\0.AVIATION 2014-09-29 14:25 - 2013-04-14 09:40 - 00000000 ____D () C:\Users\Alfred\Documents\MEDIA 2014-09-29 07:38 - 2012-11-01 12:26 - 00000000 ____D () C:\Users\Alfred\Documents\PG 2014-09-28 06:31 - 2014-09-04 11:01 - 00000000 ____D () C:\Program Files\CCleaner 2014-09-27 14:47 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-09-25 18:48 - 2013-04-10 04:17 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-09-25 18:48 - 2012-10-22 08:20 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-09-25 18:48 - 2012-10-22 08:20 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-09-25 12:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-09-25 09:29 - 2014-06-03 09:50 - 00009283 _____ () C:\Users\Alfred\Desktop\PW.per 30.3.2014.txt 2014-09-22 08:42 - 2010-11-21 05:27 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-09-21 12:22 - 2012-10-26 08:24 - 00000000 ____D () C:\Users\Alfred\AppData\Local\Apple Computer 2014-09-19 09:39 - 2012-10-18 18:15 - 00000000 ____D () C:\Users\Alfred\AppData\Roaming\Adobe 2014-09-19 08:01 - 2014-04-23 22:26 - 00000000 ____D () C:\Users\Alfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-09-18 13:35 - 2012-11-01 11:06 - 01164800 ___SH () C:\Users\Alfred\Documents\Thumbs.db 2014-09-18 10:03 - 2013-04-12 06:31 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-09-17 21:43 - 2013-10-05 22:42 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-09-13 09:48 - 2014-06-08 18:48 - 00000000 ____D () C:\Users\Alfred\Documents\1.HOHENBERGREISE 2014-09-10 22:35 - 2012-10-18 18:18 - 01593956 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-09-10 22:34 - 2014-04-10 21:01 - 00001912 _____ () C:\Windows\epplauncher.mif 2014-09-10 22:33 - 2014-05-26 09:03 - 00002123 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk 2014-09-10 22:33 - 2014-05-26 09:02 - 00000000 ____D () C:\Program Files\Microsoft Security Client 2014-09-10 22:33 - 2014-05-26 09:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client 2014-09-10 22:33 - 2013-08-04 12:19 - 00000000 ____D () C:\Windows\system32\MRT 2014-09-10 22:30 - 2012-10-18 17:36 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-09-10 22:29 - 2014-05-06 21:30 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-09-10 21:20 - 2014-09-03 22:34 - 00000000 ____D () C:\Rollus RAFALE 2014-09-09 10:10 - 2012-11-16 13:56 - 00000000 ____D () C:\Users\Alfred\Documents\HUMOR KURIOSES 2014-09-09 08:59 - 2014-06-30 10:47 - 00000000 ____D () C:\Users\Alfred\AppData\Local\Adobe 2014-09-08 18:44 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-09-05 13:17 - 2014-08-26 20:27 - 00001591 _____ () C:\Users\Alfred\Desktop\Neuer FSX PC - Verknüpfung.lnk Some content of TEMP: ==================== C:\Users\Alfred\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpsgkm0p.dll C:\Users\Alfred\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-09-26 08:56 ==================== End Of Log ============================
__________________ Suche nicht das Glueck - lebe es (Buddha) |
05.10.2014, 15:53 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | sm.de virusbefall Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter URLSearchHook: HKLM-x32 - Default Value = {CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D} SearchScopes: HKLM - {8A750DF0-FBD0-47C1-A1D7-5F6540A568AE} URL = http://www.sm.de/?q={searchTerms} SearchScopes: HKCU - {8A750DF0-FBD0-47C1-A1D7-5F6540A568AE} URL = http://www.sm.de/?q={searchTerms} FF DefaultSearchEngine: SuchMaschine FF SearchEngineOrder.1: SuchMaschine FF SelectedSearchEngine: SuchMaschine FF SearchPlugin: C:\Users\Alfred\AppData\Roaming\Mozilla\Firefox\Profiles\f9e1lb4p.default-1397924871496\searchplugins\search_engine.xml FF SearchPlugin: C:\Users\Alfred\AppData\Roaming\Mozilla\Firefox\Profiles\f9e1lb4p.default-1397924871496\searchplugins\startpage-https---deutsch.xml CHR NewTab: Default -> "chrome-extension://eooncjejnppfjjklapaamhcdmjbilmde/redirect.html" CHR DefaultSearchKeyword: Default -> SuchMaschine CHR DefaultSearchProvider: Default -> SuchMaschine CHR DefaultSearchURL: Default -> http://www.sm.de/?q={searchTerms} CHR DefaultSuggestURL: Default -> EmptyTemp: Hosts: Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ Logfiles bitte immer in CODE-Tags posten |
06.10.2014, 09:21 | #9 |
| sm.de virusbefall Hallo Cosinus, hier das FRST fixlog. Jetzt bleibt noch der Defogger. Gruss und tausend Dank Alfred Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-10-2014 Ran by Alfred at 2014-10-06 10:01:46 Run:3 Running from C:\Users\Alfred\Desktop Loaded Profile: Alfred (Available profiles: Alfred) Boot Mode: Normal ============================================== Content of fixlist: ***************** URLSearchHook: HKLM-x32 - Default Value = {CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D} SearchScopes: HKLM - {8A750DF0-FBD0-47C1-A1D7-5F6540A568AE} URL = hxxp://www.sm.de/?q={searchTerms} SearchScopes: HKCU - {8A750DF0-FBD0-47C1-A1D7-5F6540A568AE} URL = hxxp://www.sm.de/?q={searchTerms} FF DefaultSearchEngine: SuchMaschine FF SearchEngineOrder.1: SuchMaschine FF SelectedSearchEngine: SuchMaschine FF SearchPlugin: C:\Users\Alfred\AppData\Roaming\Mozilla\Firefox\Profiles\f9e1lb4p.default-1397924871496\searchplugins\search_engine.xml FF SearchPlugin: C:\Users\Alfred\AppData\Roaming\Mozilla\Firefox\Profiles\f9e1lb4p.default-1397924871496\searchplugins\startpage-https---deutsch.xml CHR NewTab: Default -> "chrome-extension://eooncjejnppfjjklapaamhcdmjbilmde/redirect.html" CHR DefaultSearchKeyword: Default -> SuchMaschine CHR DefaultSearchProvider: Default -> SuchMaschine CHR DefaultSearchURL: Default -> hxxp://www.sm.de/?q={searchTerms} CHR DefaultSuggestURL: Default -> EmptyTemp: Hosts: ***************** HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\ => Value not found. "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A750DF0-FBD0-47C1-A1D7-5F6540A568AE}" => Key not found. "HKCR\CLSID\{8A750DF0-FBD0-47C1-A1D7-5F6540A568AE}" => Key not found. "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A750DF0-FBD0-47C1-A1D7-5F6540A568AE}" => Key not found. "HKCR\CLSID\{8A750DF0-FBD0-47C1-A1D7-5F6540A568AE}" => Key not found. Firefox DefaultSearchEngine deleted successfully. Firefox SearchEngineOrder.1 deleted successfully. Firefox SelectedSearchEngine deleted successfully. "C:\Users\Alfred\AppData\Roaming\Mozilla\Firefox\Profiles\f9e1lb4p.default-1397924871496\searchplugins\search_engine.xml" => not found. "C:\Users\Alfred\AppData\Roaming\Mozilla\Firefox\Profiles\f9e1lb4p.default-1397924871496\searchplugins\startpage-https---deutsch.xml" => not found. Chrome NewTab deleted successfully. Chrome DefaultSearchKeyword deleted successfully. CHR DefaultSearchProvider: Default -> SuchMaschine ==> The Chrome "Settings" can be used to fix the entry. Chrome DefaultSearchURL deleted successfully. Chrome DefaultSuggestURL deleted successfully. C:\Windows\System32\Drivers\etc\hosts => Moved successfully. Hosts was reset successfully.
__________________ Suche nicht das Glueck - lebe es (Buddha) |
06.10.2014, 15:54 | #10 |
/// Winkelfunktion /// TB-Süch-Tiger™ | sm.de virusbefall Okay, dann Kontrollscans mit MBAM und ESET bitte: Downloade Dir bitte Malwarebytes Anti-Malware
ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
06.10.2014, 19:58 | #11 |
| sm.de virusbefall Hallo Cosinus, hier die logfiles mbam und eset. Danke für Deine umfassende Hilfe! Gruss alfred Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 06.10.2014 Suchlauf-Zeit: 18:00:44 Logdatei: mbam.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.10.06.06 Rootkit Datenbank: v2014.09.19.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Self-protection: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Alfred Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 325410 Verstrichene Zeit: 8 Min, 7 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 0 (No malicious items detected) Physische Sektoren: 0 (No malicious items detected) (end) ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=5e088eb22d545b43b5b3b88971637d99 # engine=20427 # end=stopped # remove_checked=false # archives_checked=false # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2014-10-03 06:55:45 # local_time=2014-10-03 08:55:45 (+0100, Mitteleuropäische Sommerzeit) # country="Switzerland" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='Microsoft Security Essentials' # compatibility_mode=5895 16777213 100 100 1981317 35346539 0 0 # scanned=13725 # found=0 # cleaned=0 # scan_time=1340 ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=5e088eb22d545b43b5b3b88971637d99 # engine=20427 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2014-10-03 11:15:53 # local_time=2014-10-04 01:15:53 (+0100, Mitteleuropäische Sommerzeit) # country="Switzerland" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='Microsoft Security Essentials' # compatibility_mode=5895 16777213 100 100 1996925 35362147 0 0 # scanned=615095 # found=8 # cleaned=8 # scan_time=14812 sh=72F6E46D998332E8033A587E64801A96E9839F29 ft=0 fh=0000000000000000 vn="JS/Kryptik.I Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Alfred\Documents\0.AVIATION\1.FSX payware optionen\Just Flight - Ground Environment X North America - WORLD EDITION-Dateien\mo.js" sh=FA39AC60DA9788CEE848E31DC5FCE5AE3BDA745C ft=0 fh=0000000000000000 vn="JS/Kryptik.I Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Alfred\Documents\0.AVIATION\1.FSX payware optionen\MegaSceneryEarth-Dateien\mo.js" sh=9FEDDA5E2FBD7A1C43BA2D924AB1475AE96690C3 ft=1 fh=3daaad025b8f03d2 vn="NSIS/StartPage.CC Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Alfred\Downloads\vlc-2.1.5-win32.exe" sh=72F6E46D998332E8033A587E64801A96E9839F29 ft=0 fh=0000000000000000 vn="JS/Kryptik.I Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="D:\DOCS\DOCS 2014\0.AVIATION\1.FSX payware optionen\Just Flight - Ground Environment X North America - WORLD EDITION-Dateien\mo.js" sh=FA39AC60DA9788CEE848E31DC5FCE5AE3BDA745C ft=0 fh=0000000000000000 vn="JS/Kryptik.I Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="D:\DOCS\DOCS 2014\0.AVIATION\1.FSX payware optionen\MegaSceneryEarth-Dateien\mo.js" sh=72F6E46D998332E8033A587E64801A96E9839F29 ft=0 fh=0000000000000000 vn="JS/Kryptik.I Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="L:\AVIATION 71GB\0.AVIATION\1.FSX payware optionen\Just Flight - Ground Environment X North America - WORLD EDITION-Dateien\mo.js" sh=FA39AC60DA9788CEE848E31DC5FCE5AE3BDA745C ft=0 fh=0000000000000000 vn="JS/Kryptik.I Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="L:\AVIATION 71GB\0.AVIATION\1.FSX payware optionen\MegaSceneryEarth-Dateien\mo.js" sh=FA39AC60DA9788CEE848E31DC5FCE5AE3BDA745C ft=0 fh=0000000000000000 vn="JS/Kryptik.I Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="L:\DOCS 51GB\DOCS 2014 BUP\0.AVIATION\1.FSX payware optionen\MegaSceneryEarth-Dateien\mo.js" ESETSmartInstaller@High as downloader log: all ok ESETSmartInstaller@High as downloader log: all ok ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=5e088eb22d545b43b5b3b88971637d99 # engine=20466 # end=finished # remove_checked=false # archives_checked=false # unwanted_checked=true # unsafe_checked=true # antistealth_checked=false # utc_time=2014-10-06 06:30:04 # local_time=2014-10-06 08:30:04 (+0100, Mitteleuropäische Sommerzeit) # country="Switzerland" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='Microsoft Security Essentials' # compatibility_mode=5895 16777213 100 100 2238976 35604198 0 0 # scanned=423676 # found=48 # cleaned=0 # scan_time=6102 sh=ECCAC05AC1B234C920664876442DF3EFD776DE60 ft=1 fh=e9325afa081f4f27 vn="Variante von Win32/Toolbar.SearchSuite.U evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alfred\AppData\Local\Linkey\IEExtension\iedll.dll.vir" sh=27F3722103AE0B59E452584BAC372AF8753ACD00 ft=1 fh=1e0c2baa3d38a164 vn="Variante von Win32/Toolbar.SearchSuite.U evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alfred\AppData\Local\Linkey\IEExtension\iedll64.dll.vir" sh=A887C00C7DF0610DDF015090458983949DACF62F ft=1 fh=650f854b97068ad8 vn="Variante von Win32/Toolbar.SearchSuite.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alfred\AppData\Local\Linkey\Helper.dll.vir" sh=7A07C9FFD3B45E851F52442C3343AA339BD03C0C ft=1 fh=24d2104baf36fd5f vn="Variante von Win32/Toolbar.SearchSuite.U evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alfred\AppData\Local\Linkey\LinkeyDeals.exe.vir" sh=B080AAEAF9189DF473A999399EC7B9D61A04C174 ft=1 fh=2ec70266168a4340 vn="Variante von Win32/Toolbar.SearchSuite.U evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alfred\AppData\Local\Linkey\Uninstall.exe.vir" sh=6BD92EAE74718BEC012A9D22CF249E11FB2DFB6C ft=1 fh=57cfc1434fb9eb96 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alfred\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF10.dll.vir" sh=EDC7610B1A77F044EEA881ABDB97F23BCCFDF119 ft=1 fh=381f14d7b10ee582 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alfred\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF11.dll.vir" sh=2212CF6366CEFEDC93C0800EE191349CCC7D3E19 ft=1 fh=8134fcbb9285f98c vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alfred\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF12.dll.vir" sh=399AFB22F7A717C669ECA28912A0CB2D1FFF1E14 ft=1 fh=b4f162fd7e41aa23 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alfred\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF13.dll.vir" sh=DDE86B212D8E3EBFF9C022F48234C5595C598857 ft=1 fh=9e978f61ab1fa991 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alfred\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF14.dll.vir" sh=596513198C454FC06E59747EB11FC08C92A0B7E2 ft=1 fh=8873e1ded419a654 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alfred\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF15.dll.vir" sh=4B953659E7AD1F852EF2C8018E7B343ADD726277 ft=1 fh=c8179fcbca2c7ecf vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alfred\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF16.dll.vir" sh=5CEF401CA4DA8FC052BA8DB1493406BCFEF25DCA ft=1 fh=66f56f38c52982ff vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alfred\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF17.dll.vir" sh=2EEBDB07F175B65FD4C787C64AEC26ACEEDFDA4A ft=1 fh=5e9ba4df2cb0a6b6 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alfred\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF18.dll.vir" sh=01009E63D2425FE46EF027462C6DF99AE407C343 ft=1 fh=aaa33064341c1ce1 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alfred\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF19.dll.vir" sh=116D1B4DC10B852CADD736CA8CFE600063775A48 ft=1 fh=d1af23177174a2a8 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alfred\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF2.dll.vir" sh=DEF642E8636F195453F1E08ACB828731EFA36B01 ft=1 fh=3e8d77e0d5c81aee vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alfred\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF20.dll.vir" sh=0FC92B853CA8C66683087D67A23C5251992B0779 ft=1 fh=76f97bb0ce51ab8f vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alfred\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF21.dll.vir" sh=D9B326DD751E094BFB2C7BB3A769D9FE176AEB38 ft=1 fh=5f64c6409e74a725 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alfred\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF22.dll.vir" sh=925C923F9E92E4361679CC920F03CF96F84FC603 ft=1 fh=16c2bf5f285bc7ca vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alfred\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF23.dll.vir" sh=318D48D3271FAA1EA5258ED505A1E321BF4BA08B ft=1 fh=840f9cf54442e506 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alfred\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF24.dll.vir" sh=777798DF5469896293063999F4639A9DB9B9A9C7 ft=1 fh=c33991462a487e33 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alfred\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF25.dll.vir" sh=E911B8875CD1FC85CD2697049A8D0D7A0F778B3A ft=1 fh=233eaa646b03b554 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alfred\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF26.dll.vir" sh=CD6020F4D3F37CF04D4ED9D0FEDB9E8D7898DA77 ft=1 fh=8de39f537110fe08 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alfred\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF27.dll.vir" sh=15C98FD010AAFF94E029F0B7FA6AE51A59D1217F ft=1 fh=be029954e40aa726 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alfred\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF28.dll.vir" sh=56C37BA98CB9271317C98BDEE6EC4A46EACE4453 ft=1 fh=f2dd6dc07f77b488 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alfred\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF29.dll.vir" sh=904958EBDE8EF6B98DB0E117C64B467037896448 ft=1 fh=4a101d4a68c69e11 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alfred\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF30.dll.vir" sh=0321BA784F228586696430F2FF5B4B19718A2D94 ft=1 fh=d8e25d56f30245ed vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alfred\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF31.dll.vir" sh=C21123C075E67EE2501842B656B99A1C07631440 ft=1 fh=aeba3972b0c8c3e3 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alfred\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF32.dll.vir" sh=11D49C6CDB2399194426C960C1E8034F8ECBA48C ft=1 fh=071585ba14067989 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alfred\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF4.dll.vir" sh=7744985834CA96FA1A6EB2C69BF2CA248F3729E1 ft=1 fh=51c9ea7b8ba27d97 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alfred\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF5.dll.vir" sh=864024725BC0096C79D5F69A3544DE65D264846A ft=1 fh=e10d9ad0600fcc22 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alfred\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF6.dll.vir" sh=4C0AD601E7DD1214490142A8309B489C8B3155E8 ft=1 fh=444d935aead97832 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alfred\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF7.dll.vir" sh=BFB89B217543905C2C07E4573B1E2CBE6515D8D4 ft=1 fh=823237f313d12529 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alfred\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF8.dll.vir" sh=1BCAA50D85AA6302BF6C114DCB8FE03066231BB2 ft=1 fh=915a73415b7d9ab8 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alfred\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF9.dll.vir" sh=DA6C33F52B033C18868FB6D20119748D92EC8BC7 ft=1 fh=9a7ec952657e646a vn="Variante von Win32/Bundled.Toolbar.Ask.A potenziell unsichere Anwendung" ac=I fn="C:\Daten\Alfred Grützner\System C\Eigene Dateien\Desktop files\PROGRAMMS DONWLOADS\pc wizard.pcw2010_v194.exe" sh=0149DEE684DF9D15C786C8EE737D514146932BFD ft=1 fh=cee74214f9a53f48 vn="Variante von Win32/HackTool.Patcher.T potenziell unsichere Anwendung" ac=I fn="C:\Daten\Alfred Grützner\System C\Eigene Dateien\Downloads\fsdt. .cloud9.fsx.generic.crack.(cracked.by.komu)-v7.exe" sh=DA6C33F52B033C18868FB6D20119748D92EC8BC7 ft=1 fh=9a7ec952657e646a vn="Variante von Win32/Bundled.Toolbar.Ask.A potenziell unsichere Anwendung" ac=I fn="C:\Daten\Alfred Grützner\System C\Eigene Dateien\Downloads\pcw2010_v194.exe" sh=05949CDBCCD0782A06B5389BF47E4F2DD596995E ft=1 fh=8b4096449ac5c770 vn="Variante von Win32/HackTool.Patcher.T potenziell unsichere Anwendung" ac=I fn="C:\Daten\Alfred Grützner\System C\Eigene Dateien\Vuze Downloads\Walk and Follow FSX\dbs.walk.and.follow.for.fsx.(cracked.by.komu)-patch.exe" sh=3FC75D7EC85B4B4766AE1195896F0C2C5FB3E6FE ft=1 fh=f3111313b4ad1f30 vn="Win32/Bundled.Toolbar.Google.E potenziell unsichere Anwendung" ac=I fn="C:\Daten\Eigene von C\2011\ccsetup314.exe" sh=DA6C33F52B033C18868FB6D20119748D92EC8BC7 ft=1 fh=9a7ec952657e646a vn="Variante von Win32/Bundled.Toolbar.Ask.A potenziell unsichere Anwendung" ac=I fn="C:\Daten\Eigene von C\Desktop files\PROGRAMMS DONWLOADS\pc wizard.pcw2010_v194.exe" sh=B876F5F15137EF8A1680C2AC04DC786D2A191DC9 ft=1 fh=850ac12ce80cbbb1 vn="Win32/Bundled.Toolbar.Google.E potenziell unsichere Anwendung" ac=I fn="C:\Daten\Eigene von C\Downloads\ccsetup322.exe" sh=30B843D04116D79B8CA789AA5774B025805348CF ft=1 fh=f8c0307fdde4b037 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Daten\Eigene von C\Downloads\FoxitReader514.0104_enu_Setup.exe" sh=EEBFC04D6B8FDE9B014214CC83DFBEFBF545D437 ft=1 fh=386346820fc68a16 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Daten\Eigene von C\Downloads\PDFCreator-1_3_2_setup (1).exe" sh=EEBFC04D6B8FDE9B014214CC83DFBEFBF545D437 ft=1 fh=386346820fc68a16 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Daten\Eigene von C\Downloads\PDFCreator-1_3_2_setup.exe" sh=D95D9D4C326367E108067C058CE51E1D5C451024 ft=1 fh=024c3d07e0e16c54 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Daten\Eigene von C\Downloads\PDFCreator-1_4_1_setup.exe" sh=3FC75D7EC85B4B4766AE1195896F0C2C5FB3E6FE ft=1 fh=f3111313b4ad1f30 vn="Win32/Bundled.Toolbar.Google.E potenziell unsichere Anwendung" ac=I fn="C:\Users\Alfred\Documents\2011\ccsetup314.exe" sh=0149DEE684DF9D15C786C8EE737D514146932BFD ft=1 fh=cee74214f9a53f48 vn="Variante von Win32/HackTool.Patcher.T potenziell unsichere Anwendung" ac=I fn="D:\RECYCLER\S-1-5-21-1454471165-179605362-1177238915-1004\De2.exe"
__________________ Suche nicht das Glueck - lebe es (Buddha) |
06.10.2014, 21:01 | #12 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | sm.de virusbefallZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
07.10.2014, 10:48 | #13 |
| sm.de virusbefall Hallo Cosinus, oha, peinlich, peinlich, jetzt hast es mich erwischt!! Der giftige Müll stammt von bösen Flugsimulator files! Teile diesen Simulator mit einem Neffen von mir hier in Thailand und habe nicht immer den Ueberblick....Damit aber werde ich wohl keinen Support mehr erhalten. Aber es bleibt mir die Spende für Deine gute Hilfe, die ich hiermit nochmals bestens verdanke! Gruss alfred
__________________ Suche nicht das Glueck - lebe es (Buddha) |
07.10.2014, 16:10 | #14 |
/// Winkelfunktion /// TB-Süch-Tiger™ | sm.de virusbefall Bitte lesen => http://www.trojaner-board.de/95393-c...-software.html Es geht weiter wenn du alles Illegale entfernt hast. Bei wiederholten Crack/Keygen Verstößen behalte ich es mir vor, den Support einzustellen, d.h. Hilfe nur noch bei der Datensicherung und Neuinstallation des Betriebssystems.
__________________ Logfiles bitte immer in CODE-Tags posten |
09.10.2014, 20:42 | #15 |
| sm.de virusbefall Hallo Cosinus, Habe jetzt meinen PC auf böse files durchgesucht und nichts mehr gefunden. Somit wäre ich Dir dankbar, wenn Du mich noch inbezug auf den defogger, den ich disabled habe, beraten könntest, was jetzt noch zu tun wäre. Sonst läuft alles wie geschmiert und der sm.de virus ist weg. Vielen Dank und Gruss Alfred
__________________ Suche nicht das Glueck - lebe es (Buddha) |