| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: ebenfalls deutlicher LeistungsabfallWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
05.10.2014, 11:20
| #1 |
 |  ebenfalls deutlicher Leistungsabfall Liebes Trojaner-Board-Team, ich habe ähnliche Probleme wie Munich089. Da aber jeder PC anders ist, bitte ich auch mir zu helfen. Hier die Beschreibung : - langsames Hochfahren und runterfahren - langsames Öffnen von Fenstern, Dateien und Programmen - langsamer Browser Kaspersky Internet security lässt sich nicht mehr updaten, keine Verbindung zum Server LED der Festplatte zeigt an, dass sie andauernd arbeitet, auch wenn ich nichts am PC mache, Festplatten-Check war unauffällig, defogger gab keine Fehler aus Bin folglich etwas ratlos. Mir kommts so vor, als ob irgendwas im Hintergrund läuft, was die Leistung deutlich reduziert. Besten Dank vorab für Eure Hilfestellung! Waldschratt5 Hier das Ergebnis von FRST: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-10-2014 01 Ran by Waldmann (administrator) on WALDMANN-PC on 05-10-2014 11:48:35 Running from C:\Users\Waldmann\Desktop\Downloads Loaded Profiles: Waldmann & (Available profiles: Waldmann & UpdatusUser) Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Windows\System32\wisptis.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe (Microsoft Corporation) C:\Windows\System32\wisptis.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe (IVT Corporation) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe () C:\Windows\System32\WTMKM.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe () C:\Program Files (x86)\RocketDock\RocketDock.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Foxit Corporation) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe (Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe (SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIJCE.EXE (Improv Electronics) C:\Program Files (x86)\Improv Electronics\Virtual Desktop Companion\BoogieBoardRip.exe (TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\agent.exe (BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe (Petzl) C:\Program Files (x86)\Petzl\OSByPetzl\WinPetzlController.exe (Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (IVT Corporation) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe (Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe () C:\Program Files (x86)\DocFetcher\docfetcher-daemon-windows.exe (Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Dropbox, Inc.) C:\Users\Waldmann\AppData\Roaming\Dropbox\bin\Dropbox.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Christian Löbering - PC-WELT) C:\Users\Waldmann\AppData\Roaming\PC-WEL~1\PCWPER~1.EXE (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) C:\Windows\System32\PrintCtrl.exe () C:\Program Files\ProgDVB\ProgDvbService.exe () C:\Windows\SysWOW64\PSIService.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe () C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe (PacketVideo) C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe () C:\Program Files (x86)\Twonky\TwonkyServer\twonkywebdav.exe () C:\Program Files (x86)\Twonky\TwonkyServer\twonkyserver.exe () C:\Program Files (x86)\ASUS\Printer Utilities\UsbService64.exe () C:\Windows\System32\atwtusb.exe () C:\Windows\System32\atwtusb.exe (Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe (Microsoft Corporation) C:\Windows\System32\FXSSVC.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe (IVT Corporation) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (IVT Corporation) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe () C:\Users\Waldmann\Desktop\Downloads\Defogger.exe (Farbar) C:\Users\Waldmann\Desktop\Downloads\FRST64(1).exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [CmPCIaudio] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\CMICNFG3.dll,CMICtrlWnd HKLM\...\Run: [MacrokeyManager] => C:\Windows\system32\WTMKM.exe [10893312 2012-01-03] () HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [517912 2013-02-15] (Acronis) HKLM-x32\...\Run: [TrayServer] => C:\Program Files (x86)\MAGIX\Video_deluxe_MX\TrayServer_de.exe [90112 2008-08-07] (MAGIX AG) HKLM-x32\...\Run: [UpdatePPShortCut] => C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.) HKLM-x32\...\Run: [UpdatePSTShortCut] => C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe [222504 2010-12-23] (CyberLink Corp.) HKLM-x32\...\Run: [BtTray] => C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe [315478 2009-09-02] (IVT Corporation) HKLM-x32\...\Run: [AllShareAgent] => C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe [285072 2012-03-02] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [RUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe [106344 2011-05-17] (Renesas Electronics Corporation) HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [6405376 2013-03-28] (Acronis) HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1105848 2013-01-10] (Acronis) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.) HKLM-x32\...\Run: [DocFetcher-Daemon] => C:\Program Files (x86)\DocFetcher\docfetcher-daemon-windows.exe [563621 2014-03-03] () HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2117632 2014-07-06] (Dominik Reichl) HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.) HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2068856 2011-10-12] (Flexera Software LLC.) Winlogon\Notify\ScCertProp: wlnotify.dll [X] HKU\S-1-5-21-1982316411-69064254-2039899064-1000\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] () HKU\S-1-5-21-1982316411-69064254-2039899064-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [2068856 2011-10-12] (Flexera Software LLC.) HKU\S-1-5-21-1982316411-69064254-2039899064-1000\...\Run: [] => [X] HKU\S-1-5-21-1982316411-69064254-2039899064-1000\...\Run: [Firefox] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe [275568 2014-09-28] (Mozilla Corporation) HKU\S-1-5-21-1982316411-69064254-2039899064-1000\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIJCE.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-1982316411-69064254-2039899064-1000\...\Run: [Boogie Board Rip] => C:\Program Files (x86)\Improv Electronics\Virtual Desktop Companion\BoogieBoardRip.exe [1002496 2012-09-04] (Improv Electronics) HKU\S-1-5-21-1982316411-69064254-2039899064-1000\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248208 2013-08-27] (TomTom) HKU\S-1-5-21-1982316411-69064254-2039899064-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [496192 2014-02-25] (BillP Studios) HKU\S-1-5-21-1982316411-69064254-2039899064-1000\...\Run: [Run-OSByPetzl] => C:\Program Files (x86)\Petzl\OSByPetzl\WinPetzlController.exe [1178624 2014-06-04] (Petzl) HKU\S-1-5-21-1982316411-69064254-2039899064-1000\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [196608 2004-04-17] (InstallShield Software Corporation) HKU\S-1-5-21-1982316411-69064254-2039899064-1000\...\Policies\system: [DisableClock] 0 HKU\S-1-5-21-1982316411-69064254-2039899064-1000\...\Policies\Explorer: [NoNetworkConnections] 0 HKU\S-1-5-21-1982316411-69064254-2039899064-1000\...\Policies\Explorer: [NoChangeStartMenu] 0 HKU\S-1-5-21-1982316411-69064254-2039899064-1000\...\Policies\Explorer: [NoCommonGroups] 0 HKU\S-1-5-21-1982316411-69064254-2039899064-1000\...\Policies\Explorer: [NoSaveSettings] 0 HKU\S-1-5-21-1982316411-69064254-2039899064-1000\...\MountPoints2: D - D:\AutoRun\AutoRun.exe HKU\S-1-5-21-1982316411-69064254-2039899064-1000\...\MountPoints2: {7d1c8674-c94d-11e2-8f65-001d7d01386f} - K:\HTC_Sync_Manager_PC.exe HKU\S-1-5-21-1982316411-69064254-2039899064-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] () HKU\S-1-5-21-1982316411-69064254-2039899064-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [2068856 2011-10-12] (Flexera Software LLC.) HKU\S-1-5-21-1982316411-69064254-2039899064-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [] => [X] HKU\S-1-5-21-1982316411-69064254-2039899064-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Firefox] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe [275568 2014-09-28] (Mozilla Corporation) HKU\S-1-5-21-1982316411-69064254-2039899064-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIJCE.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-1982316411-69064254-2039899064-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Boogie Board Rip] => C:\Program Files (x86)\Improv Electronics\Virtual Desktop Companion\BoogieBoardRip.exe [1002496 2012-09-04] (Improv Electronics) HKU\S-1-5-21-1982316411-69064254-2039899064-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248208 2013-08-27] (TomTom) HKU\S-1-5-21-1982316411-69064254-2039899064-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [496192 2014-02-25] (BillP Studios) HKU\S-1-5-21-1982316411-69064254-2039899064-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Run-OSByPetzl] => C:\Program Files (x86)\Petzl\OSByPetzl\WinPetzlController.exe [1178624 2014-06-04] (Petzl) HKU\S-1-5-21-1982316411-69064254-2039899064-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [196608 2004-04-17] (InstallShield Software Corporation) HKU\S-1-5-21-1982316411-69064254-2039899064-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DisableClock] 0 HKU\S-1-5-21-1982316411-69064254-2039899064-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoNetworkConnections] 0 HKU\S-1-5-21-1982316411-69064254-2039899064-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoChangeStartMenu] 0 HKU\S-1-5-21-1982316411-69064254-2039899064-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoCommonGroups] 0 HKU\S-1-5-21-1982316411-69064254-2039899064-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoSaveSettings] 0 HKU\S-1-5-21-1982316411-69064254-2039899064-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: D - D:\AutoRun\AutoRun.exe HKU\S-1-5-21-1982316411-69064254-2039899064-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {7d1c8674-c94d-11e2-8f65-001d7d01386f} - K:\HTC_Sync_Manager_PC.exe Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\In PDF-Datei mit ScanSnap Organizer konvertieren.lnk ShortcutTarget: In PDF-Datei mit ScanSnap Organizer konvertieren.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Organizer\PfuSsOrgOcrChk.exe (PFU LIMITED) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Quicken 2015 Zahlungserinnerung.lnk ShortcutTarget: Quicken 2015 Zahlungserinnerung.lnk -> C:\Windows\Installer\{44A9A647-0BBA-4776-8B61-1092EDFEA0C2}\BillMinder.8C5DA79E_7079_4AB3_81F7_712153351D0D.exe (Macrovision Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ScanSnap Manager.lnk ShortcutTarget: ScanSnap Manager.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe (PFU LIMITED) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia) Startup: C:\Users\Waldmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Waldmann\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Waldmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\Waldmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pcwPerfectSearch.LNK ShortcutTarget: pcwPerfectSearch.LNK -> C:\Users\Waldmann\AppData\Roaming\PC-WELT-PerfectSearch\pcwPerfectSearch.exe (Christian Löbering - PC-WELT) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll (Acronis) ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll (Acronis) ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll (Acronis) BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?rd=1&ucc=DE&dcc=DE&opt=0 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC1159ADF4534CD01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.msn.com/?pc=AV01 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKLM-x32 - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 SearchScopes: HKCU - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 SearchScopes: HKCU - {D762D0F5-A284-4FB8-866B-4D3665FD1CCE} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE9SRC BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit) BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\x64\dgnriaie_x64.dll (Nuance Communications, Inc.) BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\dgnriaie.dll (Nuance Communications, Inc.) BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: DNS Error Helper -> {9B6B03F1-16CF-4491-BBBB-E872802DD717} -> No File BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Waldmann\AppData\Roaming\Mozilla\Firefox\Profiles\bnw3j0un.default-1410462397457 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: nuance.com/DgnRia2_x86_64 -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\x64\npDgnRia2_x64.dll (Nuance Communications, Inc.) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll No File FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com () FF Plugin-x32: @kaspersky.com/online_banking -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com () FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com () FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: nuance.com/DgnRia2 -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\npDgnRia2.dll (Nuance Communications, Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Waldmann\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Waldmann\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF user.js: detected! => C:\Users\Waldmann\AppData\Roaming\Mozilla\Firefox\Profiles\bnw3j0un.default-1410462397457\user.js FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-09-28] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-09-28] FF Extension: ELO Archiv-Transfer - C:\Program Files (x86)\Mozilla Firefox\extensions\EloFirefoxAddon.xpi [2014-09-28] FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com FF Extension: Modul zum Sperren von gefährlichen Webseiten - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2014-09-28] FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com FF Extension: Virtuelle Tastatur - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-09-28] FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com FF Extension: 卡巴斯基網址過濾 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com [2014-09-28] FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com [2014-09-28] FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com FF Extension: Sicherer Zahlungsverkehr - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2014-09-28] Chrome: ======= CHR Profile: C:\Users\Waldmann\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\Waldmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-28] CHR Extension: (Google Drive) - C:\Users\Waldmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-28] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Waldmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-07] CHR Extension: (YouTube) - C:\Users\Waldmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-28] CHR Extension: (Google-Suche) - C:\Users\Waldmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-28] CHR Extension: (Kaspersky Protection) - C:\Users\Waldmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2014-09-30] CHR Extension: (DNSHelper) - C:\Users\Waldmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaffpnfojcdkcdimoobneboagdnnenbo [2014-02-06] CHR Extension: (Ghostery) - C:\Users\Waldmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2014-01-26] CHR Extension: (Google Wallet) - C:\Users\Waldmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-28] CHR Extension: (Google Mail) - C:\Users\Waldmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-28] CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [] CHR HKLM-x32\...\Chrome\Extension: [gaffpnfojcdkcdimoobneboagdnnenbo] - C:\Users\Waldmann\AppData\Roaming\DNSHelper Chrome\DNSHelper.crx [2014-02-06] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 AcfXAudioService; C:\Windows\SysWOW64\ACFXAU64.dll [436736 2009-04-29] (Conexant Systems, Inc.) R2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO) R2 BlueSoleilCS; C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe [1466476 2009-09-02] (IVT Corporation) [File not signed] R3 BsHelpCS; C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe [192000 2009-09-02] (IVT Corporation) [File not signed] R2 DragonLoggerService; C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe [137280 2014-07-23] (Nuance Communications, Inc.) R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed] R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation) R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed] S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed] R2 FoxitCloudUpdateService; C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\Foxit Cloud\FCUpdateService.exe [242216 2014-06-17] (Foxit Corporation) R2 HauppaugeTVServer; C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe [576512 2012-01-25] (Hauppauge Computer Works) [File not signed] S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed] S2 Lexware_Update_Service; C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe [61992 2014-02-18] (Haufe-Lexware GmbH & Co. KG) R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-11-22] (Hewlett-Packard Company) [File not signed] S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2175264 2014-07-09] (IObit) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2014-04-28] (Hewlett-Packard) [File not signed] R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2014-04-28] (Hewlett-Packard) [File not signed] R2 Printer Control; C:\Windows\system32\PrintCtrl.exe [79360 2011-11-11] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) [File not signed] R2 ProgDVBService; C:\Program Files\ProgDVB\ProgDVBService.exe [60864 2012-01-13] () R2 ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [177704 2007-06-05] () R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia) R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia) R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2145080 2014-07-16] (TuneUp Software) R2 TwonkyProxy; C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe [545608 2012-09-24] () R2 TwonkyServer; C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe [553800 2012-09-24] (PacketVideo) R2 TwonkyWebDav; C:\Program Files (x86)\Twonky\TwonkyServer\twonkywebdav.exe [275272 2012-09-24] () R2 UsbService; C:\Program Files (x86)\ASUS\Printer Utilities\UsbService64.exe [334848 2010-08-10] () [File not signed] R2 WTService; C:\Windows\system32\atwtusb.exe [582144 2012-01-03] () [File not signed] S4 x; C:\Program Files (x86)\abylonsoft\SAKeySafe\SATCtrlSerX64.exe [551976 2011-09-09] () S2 HPSLPSVC; C:\Users\Waldmann\AppData\Local\Temp\7zS1CC4\hpslpsvc64.dll [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-14] (Microsoft Corporation) R3 acfva; C:\Windows\System32\DRIVERS\ACFVA64.sys [123008 2009-09-02] (Conexant Systems Inc.) S1 ASPI32; C:\Windows\SysWow64\Drivers\ASPI32.sys [25244 1999-09-10] (Adaptec) [File not signed] S3 BlueletAudio; C:\Windows\System32\DRIVERS\blueletaudio.sys [36360 2009-06-17] (IVT Corporation.) S3 BlueletAudio; C:\Windows\SysWOW64\DRIVERS\blueletaudio.sys [36360 2009-06-17] (IVT Corporation.) S3 BlueletSCOAudio; C:\Windows\System32\DRIVERS\BlueletSCOAudio.sys [36872 2009-06-17] (IVT Corporation.) R3 BT; C:\Windows\System32\DRIVERS\btnetdrv.sys [20488 2009-06-17] (IVT Corporation.) R3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [47880 2009-08-28] (IVT Corporation.) R0 BtHidBus; C:\Windows\System32\Drivers\BtHidBus.sys [24840 2009-08-26] (IVT Corporation.) R3 btnetBUs; C:\Windows\System32\Drivers\btnetBus.sys [34440 2009-08-26] () R3 cmuda3; C:\Windows\System32\drivers\cmudax3.sys [1155072 2010-04-27] (C-Media Inc) R3 dgcfltr; C:\Windows\System32\DRIVERS\ACFDCP64.sys [34944 2009-04-29] (Conexant Systems, Inc.) R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [23464 2008-12-09] (EldoS Corporation) S3 hcwAVD2; C:\Windows\System32\drivers\HCWUSB264.sys [197632 2007-07-24] (Conexant Systems, Inc.) R3 IvtBtBUs; C:\Windows\System32\Drivers\IvtBtBus.sys [30344 2009-08-26] (IVT Corporation.) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO) R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [140352 2014-09-28] (Kaspersky Lab ZAO) R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [792128 2014-09-28] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2014-03-25] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-10-05] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation) R2 mdmxsdk; C:\Windows\System32\DRIVERS\ACFSDK64.sys [17024 2007-03-15] (Conexant) R3 MODEMCSA; C:\Windows\System32\drivers\MODEMCSA.sys [24064 2009-07-14] (Microsoft Corporation) R3 moufiltr; C:\Windows\System32\DRIVERS\moufiltr.sys [7680 2009-03-08] (Windows (R) Codename Longhorn DDK provider) S3 NTIOLib_1_0_4; C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [14136 2010-10-22] (MSI) S3 PcaSp50; C:\Windows\System32\Drivers\PcaSp50.sys [45624 2009-08-24] (Printing Communications Assoc., Inc. (PCAUSA)) S3 PcaSp50; C:\Windows\SysWOW64\Drivers\PcaSp50.sys [52800 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA)) S3 PcaSp60; C:\Windows\SysWOW64\DRIVERS\PcaSp60.sys [38912 2010-09-07] (Printing Communications Assoc., Inc. (PCAUSA)) R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia) R3 rusb3hub; C:\Windows\System32\DRIVERS\rusb3hub.sys [102912 2012-03-15] (Renesas Electronics Corporation) R3 rusb3xhc; C:\Windows\System32\DRIVERS\rusb3xhc.sys [220672 2012-03-15] (Renesas Electronics Corporation) R3 S332x64; C:\Windows\System32\DRIVERS\S332x64.sys [78080 2012-02-27] (Identive ) R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) S3 STCFUx64; C:\Windows\System32\DRIVERS\STCFUx64.SYS [10368 2008-11-13] (SCM Microsystems Inc.) R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2013-08-04] (Acronis International GmbH) R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [183224 2013-08-04] (Acronis) R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-08-21] (TuneUp Software) R3 VComm; C:\Windows\System32\DRIVERS\VComm.sys [17032 2009-08-26] (IVT Corporation.) R3 VcommMgr; C:\Windows\System32\Drivers\VcommMgr.sys [43912 2009-08-28] (IVT Corporation.) R3 vhidmini; C:\Windows\System32\DRIVERS\walvhid.sys [7552 2009-08-26] (Windows (R) Win 7 DDK provider) R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2013-08-04] (Acronis International GmbH) R3 vuhub; C:\Windows\System32\DRIVERS\vuhub.sys [47616 2007-12-17] () R2 XAudio; C:\Windows\System32\DRIVERS\ACFXAU64.sys [10240 2009-04-29] (Conexant Systems, Inc.) S0 BTHidEnum; System32\Drivers\vbtenum.sys [X] S0 BTHidMgr; System32\Drivers\BTHidMgr.sys [X] S3 MSI_MSIBIOS_010507; \??\C:\Program Files (x86)\MSI\Live Update 5\msibios64_100507.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-05 11:47 - 2014-10-05 11:48 - 00000000 ____D () C:\FRST 2014-10-05 11:44 - 2014-10-05 11:44 - 00000000 _____ () C:\Users\Waldmann\defogger_reenable 2014-10-03 18:37 - 2014-10-03 18:37 - 00000000 ____D () C:\Users\Waldmann\AppData\Roaming\26057 2014-10-01 08:06 - 2014-09-25 04:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2014-10-01 08:06 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll 2014-09-28 17:24 - 2014-09-29 08:48 - 00002349 _____ () C:\Users\Waldmann\Desktop\Sicherer Zahlungsverkehr.lnk 2014-09-28 13:50 - 2014-09-29 08:35 - 00001215 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security.lnk 2014-09-28 13:49 - 2014-09-28 13:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2014-09-28 13:40 - 2014-09-28 18:07 - 00792128 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys 2014-09-28 13:40 - 2014-09-28 18:07 - 00140352 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys 2014-09-28 13:37 - 2014-09-28 13:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-09-25 13:52 - 2014-09-25 13:52 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\354F2ED7.sys 2014-09-24 15:11 - 2014-09-24 15:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo 2014-09-24 15:11 - 2014-09-24 15:11 - 00000000 ____D () C:\Program Files (x86)\CrystalDiskInfo 2014-09-24 14:44 - 2014-09-24 14:44 - 00000000 ____D () C:\Program Files (x86)\MemoMaster5 2014-09-24 13:14 - 2014-09-10 00:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-09-24 13:14 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2014-09-23 20:10 - 2014-09-23 20:10 - 00000000 ____D () C:\Users\Waldmann\AppData\Roaming\hdbADS 2014-09-23 18:21 - 2014-09-23 18:21 - 00003194 _____ () C:\Windows\System32\Tasks\{DDFD18B3-A314-4F67-A409-1CBFA38834A3} 2014-09-23 13:02 - 2014-09-23 18:30 - 00000000 ____D () C:\Users\Waldmann\Documents\NetObjects Fusion 2013 2014-09-23 13:01 - 2014-09-23 13:01 - 00001403 _____ () C:\Users\Public\Desktop\NetObjects Fusion 2013.lnk 2014-09-23 12:45 - 2014-09-23 13:01 - 00000000 ____D () C:\Users\Public\Documents\NetObjects Fusion 2013 2014-09-17 13:42 - 2014-09-17 13:42 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\30922D86.sys 2014-09-16 23:00 - 2014-09-16 23:00 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\5725369C.sys 2014-09-15 18:52 - 2014-09-15 18:52 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\777239C1.sys 2014-09-15 18:04 - 2014-09-15 18:04 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\1B1076D8.sys 2014-09-15 16:59 - 2014-09-15 16:59 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\4D5A7B3D.sys 2014-09-15 15:53 - 2014-09-15 15:53 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\7F0C2A79.sys 2014-09-15 14:35 - 2014-09-21 15:27 - 00000000 ____D () C:\Users\Waldmann\Desktop\Weidendamm 2014-09-14 12:27 - 2014-09-14 12:27 - 00262144 _____ () C:\Windows\system32\config\elam 2014-09-13 20:03 - 2014-09-13 20:03 - 00002898 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-09-13 18:16 - 2014-09-28 13:49 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab 2014-09-13 10:26 - 2014-09-13 10:31 - 06386309 _____ () C:\Windows\SysWOW64\kavremvr 2014-09-13 10-26-49 (pid 8972).log 2014-09-12 21:21 - 2014-09-12 21:21 - 00000000 ____D () C:\Users\Waldmann\AppData\Roaming\KC Softwares 2014-09-12 21:21 - 2014-09-12 21:21 - 00000000 ____D () C:\Program Files (x86)\KC Softwares 2014-09-12 21:15 - 2014-09-16 18:07 - 00000000 ____D () C:\ProgramData\Informer Technologies, Inc 2014-09-12 20:50 - 2014-09-12 21:14 - 00000000 ____D () C:\Program Files (x86)\Software Informer 2014-09-12 20:22 - 2014-09-12 20:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2014-09-12 20:21 - 2014-09-12 20:22 - 00000000 ____D () C:\Program Files\iTunes 2014-09-12 20:21 - 2014-09-12 20:22 - 00000000 ____D () C:\Program Files (x86)\iTunes 2014-09-12 20:21 - 2014-09-12 20:21 - 00000000 ____D () C:\Program Files\iPod 2014-09-12 20:18 - 2014-09-12 20:19 - 00001721 _____ () C:\Users\Waldmann\Documents\Neue Datenbank1.odb 2014-09-12 20:16 - 2014-09-12 20:17 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1 2014-09-12 20:01 - 2014-09-12 20:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2014-09-11 03:56 - 2014-09-16 22:59 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys 2014-09-11 03:23 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-09-11 03:23 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-09-11 03:23 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-09-11 03:23 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-09-11 03:23 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-09-11 03:23 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-09-11 03:23 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-09-11 03:23 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-09-11 03:23 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-09-11 03:23 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-09-11 03:23 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-09-11 03:23 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-09-11 03:23 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-09-11 03:23 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-09-11 03:23 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-09-11 03:23 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-09-11 03:23 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-09-11 03:23 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-09-11 03:23 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-09-11 03:23 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-09-11 03:23 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-09-11 03:23 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-09-11 03:23 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-09-11 03:23 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-09-11 03:23 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-09-11 03:23 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-09-11 03:23 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-09-11 03:23 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-09-11 03:23 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-09-11 03:23 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-09-11 03:23 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-09-11 03:23 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-09-11 03:23 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-09-11 03:23 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-09-11 03:23 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-09-11 03:23 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-09-11 03:23 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-09-11 03:23 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-09-11 03:23 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-09-11 03:23 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-09-11 03:23 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-09-11 03:23 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-09-11 03:23 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-09-11 03:23 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-09-11 03:23 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-09-11 03:23 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-09-11 03:23 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-09-11 03:23 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-09-11 03:23 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-09-11 03:23 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-09-11 03:23 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-09-11 03:23 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-09-11 03:23 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-09-11 03:23 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-09-11 03:23 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-09-11 03:23 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-09-11 03:05 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll 2014-09-11 03:05 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll 2014-09-10 13:18 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll 2014-09-10 13:18 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll 2014-09-10 13:18 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-09-10 13:18 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-09-10 13:18 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-09-10 13:18 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-09-10 13:18 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-09-10 13:18 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2014-09-10 13:18 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll 2014-09-09 14:15 - 2014-09-09 14:15 - 02273432 _____ (DataDesign AG) C:\Windows\SysWOW64\DDBACCPL.CPL 2014-09-09 14:15 - 2014-09-09 14:15 - 01659544 _____ (DataDesign AG) C:\Windows\SysWOW64\ddBACCTM.cpl ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-05 11:48 - 2012-06-10 21:27 - 00001132 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1982316411-69064254-2039899064-1000UA.job 2014-10-05 11:48 - 2011-11-16 20:57 - 00003954 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{2C033427-CB53-4FBD-9F43-42FCC0E9E66B} 2014-10-05 11:46 - 2014-07-09 17:48 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2014-10-05 11:44 - 2014-07-05 11:22 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-10-05 11:44 - 2011-10-09 15:59 - 00000000 ____D () C:\Users\Waldmann 2014-10-05 11:42 - 2013-02-16 18:36 - 00000000 ____D () C:\ProgramData\twonkyserver 2014-10-05 11:42 - 2012-04-01 20:32 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-10-05 11:39 - 2014-07-30 17:13 - 00000000 ____D () C:\Users\Waldmann\AppData\Roaming\KeePass 2014-10-05 11:39 - 2009-07-14 06:45 - 00027152 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-10-05 11:39 - 2009-07-14 06:45 - 00027152 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-10-05 11:38 - 2011-10-09 15:52 - 01427557 _____ () C:\Windows\WindowsUpdate.log 2014-10-05 11:33 - 2013-12-28 12:42 - 00001114 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-10-05 11:30 - 2014-08-02 12:03 - 00000000 ___RD () C:\Users\Waldmann\Dropbox 2014-10-05 11:30 - 2014-08-02 11:58 - 00000000 ____D () C:\Users\Waldmann\AppData\Roaming\Dropbox 2014-10-05 11:29 - 2009-07-14 04:34 - 00000593 _____ () C:\Windows\win.ini 2014-10-05 11:28 - 2012-12-10 14:30 - 00000000 ___RD () C:\Users\Waldmann\Desktop\FAX 2014-10-05 11:28 - 2012-10-12 17:14 - 00005063 _____ () C:\Windows\SysWOW64\LOCALSERVICE.INI 2014-10-05 11:28 - 2012-10-12 17:14 - 00000092 _____ () C:\Windows\SysWOW64\LOCALDEVICE.INI 2014-10-05 11:28 - 2009-09-07 15:42 - 00001001 _____ () C:\Windows\SysWOW64\bscs.ini 2014-10-05 11:27 - 2013-12-25 14:00 - 00000000 ____D () C:\ProgramData\ProductData 2014-10-05 11:25 - 2013-12-28 12:42 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-10-05 11:24 - 2014-07-13 14:40 - 00005533 _____ () C:\Windows\setupact.log 2014-10-05 11:24 - 2013-08-22 17:23 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-10-05 11:24 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-10-05 10:58 - 2012-06-10 21:27 - 00001080 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1982316411-69064254-2039899064-1000Core.job 2014-10-03 19:19 - 2011-11-06 14:11 - 00000000 ____D () C:\Users\Waldmann\Documents\Outlook-Dateien 2014-10-03 19:00 - 2014-01-19 12:29 - 00000000 ____D () C:\Users\Waldmann\AppData\Local\CrashDumps 2014-10-03 18:46 - 2014-07-11 16:21 - 00000000 ____D () C:\Program Files (x86)\DVDFab 9 2014-10-03 18:41 - 2014-08-18 10:47 - 00000000 ____D () C:\Users\Waldmann\AppData\Roaming\Skype 2014-10-03 18:40 - 2014-07-11 16:21 - 00001014 _____ () C:\Users\Public\Desktop\DVDFab 9.lnk 2014-10-03 18:40 - 2014-07-11 16:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDFab 9 2014-10-03 15:15 - 2012-02-06 20:10 - 05051904 ___SH () C:\Users\Waldmann\Desktop\Thumbs.db 2014-10-03 14:57 - 2012-11-24 23:23 - 00000000 ____D () C:\Users\Waldmann\AppData\Roaming\vlc 2014-10-03 12:56 - 2013-02-03 15:45 - 00000000 ____D () C:\Users\Waldmann\Desktop\ELO scan 2014-10-03 12:26 - 2011-10-10 20:19 - 00000000 ____D () C:\ProgramData\Lexware 2014-10-02 18:25 - 2011-04-12 09:43 - 00702942 _____ () C:\Windows\system32\perfh007.dat 2014-10-02 18:25 - 2011-04-12 09:43 - 00150582 _____ () C:\Windows\system32\perfc007.dat 2014-10-02 18:25 - 2009-07-14 07:13 - 01629348 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-09-29 08:42 - 2014-07-30 13:01 - 00471932 _____ () C:\Windows\PFRO.log 2014-09-29 08:42 - 2012-05-13 16:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-09-28 17:20 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\L2Schemas 2014-09-27 12:02 - 2012-09-16 16:05 - 00000000 ____D () C:\Users\Waldmann\Desktop\Büro 2014-09-27 12:01 - 2011-10-21 18:17 - 00000000 ____D () C:\Users\Waldmann\Documents\MemoMaster 2014-09-27 11:49 - 2012-08-15 11:33 - 00000000 ____D () C:\Users\Waldmann\Desktop\PSVB 2014-09-27 11:45 - 2011-11-01 12:03 - 00000000 ____D () C:\Users\Waldmann\Desktop\Security 2014-09-27 11:25 - 2012-10-09 12:53 - 00003830 _____ () C:\Windows\System32\Tasks\InstallShield Software-Online-Aktualisierungsprogramm 2014-09-27 11:23 - 2011-10-21 18:16 - 00000000 ____D () C:\Users\Waldmann\AppData\Local\Downloaded Installations 2014-09-25 14:47 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-09-24 14:44 - 2011-10-21 18:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MemoMaster 2014-09-24 14:19 - 2011-10-21 18:16 - 00000000 ____D () C:\Program Files (x86)\MemoMaster4 2014-09-24 14:09 - 2011-12-23 15:38 - 00000000 ___RD () C:\Users\Waldmann\Desktop\E-Praxis 2014-09-24 13:02 - 2012-04-01 20:32 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-09-24 13:02 - 2012-04-01 20:32 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-09-24 13:02 - 2011-10-25 18:19 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-09-23 13:40 - 2014-08-02 12:00 - 00000000 ____D () C:\Users\Waldmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-09-23 13:10 - 2011-10-09 16:44 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-09-23 13:01 - 2011-10-16 13:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetObjects 2014-09-23 12:52 - 2011-10-16 12:58 - 00000000 ____D () C:\Program Files (x86)\NetObjects 2014-09-19 12:53 - 2014-06-27 16:29 - 00002759 _____ () C:\Users\Public\Desktop\Quicken 2015.lnk 2014-09-18 12:29 - 2014-08-19 18:48 - 00000000 ____D () C:\Users\Waldmann\AppData\Local\Adobe 2014-09-16 18:08 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Help 2014-09-15 09:06 - 2010-11-21 05:27 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-09-14 12:58 - 2014-07-05 11:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-09-14 12:58 - 2014-07-05 11:19 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-09-14 12:43 - 2012-06-24 17:18 - 00000000 ___RD () C:\Users\Waldmann\Desktop\Foto-Video-Bearbeitung 2014-09-13 18:16 - 2014-07-09 17:49 - 00000000 ____D () C:\Windows\ELAMBKUP 2014-09-13 01:11 - 2009-07-14 06:45 - 00765304 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-09-12 21:30 - 2012-01-03 14:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bonjour-Druckdienste 2014-09-12 21:30 - 2012-01-03 14:51 - 00000000 ____D () C:\Program Files\Bonjour Print Services 2014-09-12 21:27 - 2014-01-26 14:35 - 00000000 ____D () C:\Program Files (x86)\Artweaver Free 4 2014-09-12 21:27 - 2012-02-05 15:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Artweaver Free 2014-09-12 21:17 - 2012-04-06 12:17 - 00001918 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk 2014-09-12 21:17 - 2012-04-06 12:17 - 00000000 ____D () C:\Program Files (x86)\CDBurnerXP 2014-09-12 21:16 - 2013-02-16 16:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2014-09-12 21:16 - 2013-02-16 16:50 - 00000000 ____D () C:\Program Files\CCleaner 2014-09-12 20:59 - 2011-10-12 18:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro 2014-09-12 20:49 - 2011-10-09 16:29 - 00229480 _____ () C:\Users\Waldmann\AppData\Local\GDIPFONTCACHEV1.DAT 2014-09-12 20:30 - 2014-01-26 14:14 - 00001088 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk 2014-09-12 20:22 - 2013-08-19 10:00 - 00001802 _____ () C:\Users\Public\Desktop\iTunes.lnk 2014-09-12 20:22 - 2012-09-15 12:33 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-09-12 20:17 - 2014-02-02 14:14 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4 2014-09-12 19:59 - 2013-01-12 15:31 - 00000000 ____D () C:\Program Files\MySQL 2014-09-12 19:59 - 2012-02-05 22:01 - 00000449 _____ () C:\Windows\ODBCINST.INI 2014-09-12 19:58 - 2013-01-12 15:26 - 00000000 ____D () C:\Program Files (x86)\Realify PaperOffice 2014-09-11 03:22 - 2011-11-01 13:26 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-09-11 03:20 - 2011-11-21 17:51 - 01602692 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-09-11 03:18 - 2013-08-15 03:01 - 00000000 ____D () C:\Windows\system32\MRT 2014-09-11 03:06 - 2011-10-10 13:04 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-09-09 17:22 - 2011-10-21 17:22 - 00000000 ____D () C:\Users\Waldmann\AppData\Roaming\apm 2014-09-08 20:07 - 2014-01-28 19:58 - 00000000 ____D () C:\Users\Waldmann\Desktop\Fotoordner 2014-09-08 20:06 - 2011-11-01 11:48 - 00000000 ____D () C:\Users\Waldmann\Desktop\outdoor 2014-09-07 14:18 - 2014-05-13 12:40 - 00000000 ____D () C:\Users\Waldmann\AppData\Roaming\DocFetcher Files to move or delete: ==================== C:\Users\Waldmann\30593-8-CutOut-4-Pro.exe C:\Users\Waldmann\ATIH2013PP_de-DE.exe C:\Users\Waldmann\JavaSetup7u25.exe C:\Users\Waldmann\Lightroom_5_LS11_win_5_2.exe C:\Users\Waldmann\Setup (1).exe C:\Users\Waldmann\TuneUpUtilities2014 (1).exe C:\Users\Waldmann\TuneUpUtilities2014 (2).exe C:\Users\Waldmann\TuneUpUtilities2014.exe C:\Users\Waldmann\weprintwin.exe Some content of TEMP: ==================== C:\Users\Waldmann\AppData\Local\Temp\5x2hic0_.dll C:\Users\Waldmann\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp0eoul0.dll C:\Users\Waldmann\AppData\Local\Temp\Foxit Reader Updater.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-09-26 15:58 ==================== End Of Log ============================ Geändert von Waldschratt5 (05.10.2014 um 11:26 Uhr) |
Baum-Darstellung