| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Komischer Linkversuch zu grevolutionstore.itWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
07.10.2014, 14:57
| #1 |
| |  Komischer Linkversuch zu grevolutionstore.it Hallo, dachte bisher, ich könnte alle Probleme selber lösen, aber ich denke, diesmal bin ich auf Hilfe angewiesen. Toll, dass es dieses Board gibt! Zum Thema: Ein Bekannter rief mich an, er bekäme eine Warnmeldung für einen Trojaner, wenn er sich auf meiner Webseite eine 360°-Panorama-Aufnahme ansehen wolle. Da dies bei mir nicht der Fall war, schaute ich mir die Seite genauer an und stellte fest, dass beim Anklicken der Seite unten in der Statusleiste immer eine Verbindung steht: ...warten auf grevolutionstore.it (siehe Anhang). Beim scannen mit Baidu wurde in der Datei panoStudioViewer.js auf meinem Rechner der Virus / Trojaner Rce.Gen5 gefunden (siehe Anhang). Habe ihn mittlerweile eliminiert und die Datei mit einer neuen Version ersetzt. Aber die Meldung zu grevolutionstore.it steht immer noch in der Statusleiste (auch nach Leeren des Caches). Jetzt bin ich mir nicht sicher, ob das alles war, oder ich doch noch weitere Schritte unternehmen muss. Die Seite mit dem Link auf die 360° Aufnahme ist hier: hxxp://villadelsol.eu/Sol/ferienwohnung2.htm (mein privates Ferienhaus in Spanien), dort auf den mittleren 360° Button klicken. Die Logfiles lt. Anleitung habe ich beigefügt und freue mich auf weitere Hilfe und Anleitung zur Beseitigung des Problemes. Schon mal herzlichen Dank. Hubert |
|
07.10.2014, 15:45
| #2 |
| /// the machine /// TB-Ausbilder    | Komischer Linkversuch zu grevolutionstore.it Hi,
__________________Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen. Ich kann auf Arbeit keine Anhänge öffnen, danke.  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
07.10.2014, 15:48
| #3 |
| | Komischer Linkversuch zu grevolutionstore.it OK, hier die Logfiles:
__________________1. Addition.txt Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-10-2014 01 Ran by Hubert at 2014-10-07 15:04:00 Running from C:\Users\Hubert\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Ad-Aware Antivirus (Disabled - Out of date) {D87B6541-12A1-DAEA-0033-9B8057AAB996} AV: Baidu Antivirus (Enabled - Up to date) {10616E6C-0E20-8594-D377-A7D03F6128A6} AS: Ad-Aware Antivirus (Disabled - Out of date) {631A84A5-349B-D564-3A83-A0F22C2DF32B} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Baidu Antivirus (Enabled - Up to date) {AB008F88-281A-8A1A-E9C7-9CA244E6621B} FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 325 USB PC Camera (HKLM-x32\...\{F9466082-90E9-4BE4-92F0-CF0AF195B0CF}) (Version: 0.6.0.001 - Sonix) 6000E609_eDocs (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden 6000E609_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden 6000E609a (x32 Version: 50.0.165.000 - Hewlett-Packard) Hidden 64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) ABBYY FineReader 9.0 Professional Edition (HKLM-x32\...\{F9000000-0001-0000-0000-074957833700}) (Version: 9.00.453.55019 - ABBYY) Ad-Aware Antivirus (HKLM\...\{E39A80AE-0CC0-43EE-AB6B-BE11DC4F969F}_AdAwareUpdater) (Version: 11.3.6321.0 - Lavasoft) AdAwareInstaller (Version: 11.3.6321.0 - Lavasoft) Hidden AdAwareUpdater (Version: 11.3.6321.0 - Lavasoft) Hidden Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.5.0.1060 - Adobe Systems Incorporated) Adobe AIR (x32 Version: 3.5.0.1060 - Adobe Systems Incorporated) Hidden Adobe Anchor Service CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated) Adobe Community Help (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden Adobe CSI CS4 (x32 Version: 1 - Adobe Systems Incorporated) Hidden Adobe CSI CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.3 - Adobe Systems Incorporated) Adobe Download Assistant (x32 Version: 1.2.3 - Adobe Systems Incorporated) Hidden Adobe Dreamweaver CS4 (HKLM-x32\...\Adobe_acce07fd2c8fe7f9e3f26243e626578) (Version: 10.0 - Adobe Systems Incorporated) Adobe Dreamweaver CS4 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.5.502.146 - Adobe Systems Incorporated) Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated) Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated) Adobe Search for Help (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden Adobe Service Manager Extension (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden Adobe Setup (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Update Manager CS4 (x32 Version: 6.0.0 - Adobe Systems Incorporated) Hidden AllDup 3.4.24 (HKLM-x32\...\AllDup_is1) (Version: 3.4.24 - Michael Thummerer Software Design) Allway Sync version 12.16.9 (HKLM-x32\...\Allway Sync_is1) (Version: - Botkind Inc) ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden AntimalwareEngine (Version: 3.0.0.56 - Lavasoft) Hidden Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Arles Image Web Page Creator 7.4.3 (HKLM-x32\...\Arles Image Web Page Creator_is1) (Version: 7.4.3 - Digital Dutch) aTube Catcher (HKLM-x32\...\aTube Catcher) (Version: 2.9.1403 - DsNET Corp) AVS Update Manager 1.0 (HKLM-x32\...\AVS Update Manager_is1) (Version: - Online Media Technologies Ltd.) AVS Video Converter 8 (HKLM-x32\...\AVS4YOU Video Converter 7_is1) (Version: - Online Media Technologies Ltd.) AVS4YOU Software Navigator 1.4 (HKLM-x32\...\AVS4YOU Software Navigator_is1) (Version: - Online Media Technologies Ltd.) BackUp Maker (HKLM-x32\...\BackUp Maker_is1) (Version: 7.0.0.3 - ASCOMP Software GmbH) Baidu Antivirus (HKLM-x32\...\Baidu Antivirus) (Version: 4.4.4.73449 - Baidu, Inc.) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) BPDSoftware (x32 Version: 50.0.165.000 - Hewlett-Packard) Hidden BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden Cadia Version 5.10 (HKLM-x32\...\{D1751010-2A7E-4951-8F77-6380B71CE0F3}_is1) (Version: 5.10 - Langwald-EDV-Beratung) Camtasia Studio 8 (HKLM-x32\...\{8F6F7194-0734-4CDA-8C04-6B766F2241A6}) (Version: 8.0.4.1060 - TechSmith Corporation) CCleaner (HKLM\...\CCleaner) (Version: 4.01 - Piriform) Connect (x32 Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden CopyTrans Control Center deinstallieren (HKCU\...\CopyTrans Suite) (Version: 3.003 - WindSolutions) CorelDRAW Graphics Suite 12 (HKLM-x32\...\{505AFDC0-5E72-4928-8368-5DEA385E3647}) (Version: 12.0.0.458 - Corel Corporation) Crystal Button 2008 InMotion! (v.3.2) (HKLM-x32\...\Crystal Button 2008 InMotion! Pack_is1) (Version: - SWGSoft, Inc.) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{650DE870-ECA3-4E63-8D77-778512BE5D4C}) (Version: - Microsoft) Designer 2.0 (HKLM-x32\...\Designer 2.0_is1) (Version: 7.9.4 - Fomanu AG) DesignPro 5 (HKLM-x32\...\InstallShield_{F82C6574-AD88-4B40-A432-970BC77F1BD2}) (Version: 5.5.708 - Avery Dennison) DesignPro 5 (x32 Version: 5.5.708 - Avery Dennison) Hidden DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden devolo Cockpit (HKLM-x32\...\dlancockpit) (Version: 4.2.3.0 - devolo AG) DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.90 - DivX, LLC) DreamBoxEdit -- The one and only settings editor for your Dreambox (HKLM-x32\...\DreamBoxEdit) (Version: - ) Dropbox (HKCU\...\Dropbox) (Version: 2.0.22 - Dropbox, Inc.) EaseUS Partition Master 9.2.1 Home Edition (HKLM-x32\...\EaseUS Partition Master Home Edition_is1) (Version: - EaseUS) Elevated Installer (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}) (Version: 2.1.27.0 - MAGIX AG) FLV Player 2.0 (build 25) (HKLM-x32\...\FLV Player) (Version: 2.0 (build 25) - Martijn de Visser) FreePDF (Remove only) (HKLM-x32\...\FreePDF_XP) (Version: - ) Garmin BaseCamp (HKLM-x32\...\{CBB4288D-2D32-43BB-8FCE-3F102E385956}) (Version: 4.3.5 - Garmin Ltd or its subsidiaries) Garmin City Navigator Europe NT 2012.10 Update (HKLM-x32\...\{41A00174-B4EA-4E79-9CAF-DC118A878B92}) (Version: 15.10.0.0 - Garmin Ltd or its subsidiaries) Garmin City Navigator Europe NT 2014.40 Update (HKLM-x32\...\{45734B7D-FC19-4C0A-997F-6AFF6E1D29F8}) (Version: 17.40.0.0 - Garmin Ltd or its subsidiaries) Garmin Express (HKLM-x32\...\{b43ffffb-1adc-4bcb-b277-7844ebff94da}) (Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Garmin Express (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden Garmin Express Tray (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries) Garmin WebUpdater (HKLM-x32\...\{AE1EC58E-B2AC-4959-A4C2-C38202A25239}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries) GnuWin32: Wget version 1.10.1 (HKLM-x32\...\Wget-1.10.1_is1) (Version: 1.10.1 - GnuWin32) Google Earth (HKLM-x32\...\{3E8A20E1-223F-11E2-9116-B8AC6F98CCE3}) (Version: 7.0.1.8244 - Google) GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden GPL Ghostscript (HKLM\...\GPL Ghostscript 9.07) (Version: 9.07 - Artifex Software Inc.) GPL Ghostscript (HKLM-x32\...\GPL Ghostscript 9.09) (Version: 9.09 - Artifex Software Inc.) HandBrake 0.9.8 (HKLM-x32\...\HandBrake) (Version: 0.9.8 - ) Hide-My-Address (HKLM-x32\...\{01CCDA56-6D59-4915-8BE2-752376E80E82}) (Version: 1.00.0000 - Wolfgang Wirth) HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP) HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP) HP Officejet 6000 E609 Series (HKLM\...\{91DDAB49-487B-4649-93CE-81F6B3423051}) (Version: 13.0 - HP) HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP) HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP) HP Update (HKLM-x32\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard) HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden IB Updater 2.0.0.578 (HKLM\...\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1) (Version: 2.0.0.578 - IncrediBar) <==== ATTENTION ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!) INSTAR Camera Tool (HKLM-x32\...\{630473B5-3AA9-4477-B6DD-F9EA5BEEDD42}) (Version: 2.0.1.0 - INSTAR) Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2555 - Intel Corporation) IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan) iSpy (64 bit) (HKLM\...\{79AAFB4D-30FF-4999-9A16-322C4BB61E7C}) (Version: 5.5.8 - iSpy) iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.) Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle) Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden Kits Configuration Installer (x32 Version: 8.59.25584 - Microsoft) Hidden K-Lite Codec Pack 9.9.9 (64-bit) (HKLM\...\KLiteCodecPack64_is1) (Version: 9.9.9 - ) kuler (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden MAGIX 3D Maker (embedded MSI) (HKLM-x32\...\{80D4BACA-9012-49BC-B8F2-6777736F6380}) (Version: 6.0.0.10 - MAGIX AG) MAGIX Foto Manager 2006 (D) (HKLM-x32\...\MAGIX Foto Manager 2006 D) (Version: 3.0.1.78 - MAGIX AG) MAGIX Fotos auf CD & DVD 5.0 (D) (HKLM-x32\...\MAGIX Fotos auf CD & DVD 5.0 D) (Version: 5.0.2.0 - MAGIX AG) MAGIX Fotos auf CD & DVD 9 (HKLM-x32\...\MAGIX_MSI_Fotos_auf_CD_DVD_9) (Version: 9.0.4.5 - MAGIX AG) MAGIX Fotos auf CD & DVD 9 (x32 Version: 9.0.4.5 - MAGIX AG) Hidden MAGIX Music Manager (D) (HKLM-x32\...\MAGIX Music Manager D) (Version: 1.1.1.692 - MAGIX AG) MAGIX Online Druck Service (HKLM-x32\...\{151B2CCE-8296-4D6F-9F1A-7AFB1212B244}) (Version: 3.4.3.0 - MAGIX AG) MAGIX Online Druck Service (HKLM-x32\...\MAGIX Online Druck Service) (Version: - Silverwire Software GmbH) MAGIX Screenshare (HKLM-x32\...\{DAD6325D-55CF-4D30-9DB9-2ADFE02D0777}) (Version: 4.3.6.1987 - MAGIX AG) MAGIX Speed 2 (MSI) (HKLM-x32\...\{84BAAC2F-E676-4547-B098-A1C660902C8E}) (Version: 6.0.1.4 - MAGIX AG) MAGIX Speed burnR (MSI) (HKLM-x32\...\{494420A9-5F25-457B-9BBF-228E6A73B94B}) (Version: 7.0.2.6 - MAGIX AG) MAGIX Video deluxe 17 Plus (Designelemente) (HKLM-x32\...\{B1ED2C1F-0EA3-4C59-A901-A9EFEEB277A2}) (Version: 1.0.0.0 - MAGIX AG) MAGIX Video deluxe 17 Plus (Fotoshow Maker-Stile 1) (HKLM-x32\...\{7DFB8477-AF96-43AB-B634-7C4CFE03AECB}) (Version: 1.0.0.0 - MAGIX AG) MAGIX Video deluxe 17 Plus (Fotoshow Maker-Stile 2) (HKLM-x32\...\{6F67AA27-9A77-4B44-AA60-0DAE06EBD8A7}) (Version: 1.0.0.0 - MAGIX AG) MAGIX Video deluxe 17 Plus (Individuelle Menüvorlagen) (HKLM-x32\...\{435B4802-A7C1-40D3-A4AA-4B812AFEF876}) (Version: 1.0.0.0 - MAGIX AG) MAGIX Video deluxe 17 Plus (Menüvorlagen 1) (HKLM-x32\...\{AC2ADA73-BB6C-4B55-9CFD-F48257F4C346}) (Version: 1.1.0.0 - MAGIX AG) MAGIX Video deluxe 17 Plus (Menüvorlagen 2) (HKLM-x32\...\{EE525E77-8ED2-4EB3-AE86-AAFF0A097523}) (Version: 1.0.0.0 - MAGIX AG) MAGIX Video deluxe 17 Plus (Soundtrack Maker-Stile) (HKLM-x32\...\{8B76837F-1217-45DD-BD27-89D7A157A230}) (Version: 1.0.0.0 - MAGIX AG) MAGIX Video deluxe 17 Plus (Titeleffekte) (HKLM-x32\...\{8A32D2D3-56A1-4506-B59D-14DD1A82A200}) (Version: 1.0.0.0 - MAGIX AG) MAGIX Video deluxe 17 Plus (Überblendeffekte) (HKLM-x32\...\{FF53DAC1-948B-420D-B784-9B43003474C5}) (Version: 1.0.0.0 - MAGIX AG) MAGIX Video deluxe 17 Plus Download-Version (HKLM-x32\...\MAGIX_MSI_Videodeluxe17_plus) (Version: 10.0.1.14 - MAGIX AG) MAGIX Video deluxe 17 Plus Download-Version (x32 Version: 10.0.1.14 - MAGIX AG) Hidden MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}) (Version: 4.5.50709 - Microsoft Corporation) Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{1948E039-EC79-4591-951D-9867A8C14C90}) (Version: 4.5.50709 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft XML Parser (x32 Version: 8.0.7820.0 - Microsoft Corporation) Hidden Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden Mozilla Firefox 32.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 de)) (Version: 32.0.3 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MyFreeCodec (HKCU\...\MyFreeCodec) (Version: - ) MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.4 - F.J. Wechselberger) Namo WebEditor 8 (HKLM-x32\...\{D3507473-2CE3-4073-A6BA-A0846B5CC687}) (Version: 8.00.000 - Namo Interactive, Inc.) Nero 7 Premium (HKLM-x32\...\{CAFE6B40-C54C-4389-AE45-5F961C771031}) (Version: 7.02.8186 - Nero AG) neroxml (x32 Version: 1.0.0 - Nero AG) Hidden Network64 (Version: 130.0.579.000 - Hewlett-Packard) Hidden Nitro PDF Professional (HKLM\...\{853F9C53-2518-4AD0-ABA2-A72EDF4441A4}) (Version: 5.5.2.0 - Nitro PDF Software ) Nitro Reader 3 (HKLM\...\{47220B83-D895-4262-9227-E5D8FA7F7384}) (Version: 3.5.2.10 - Nitro) onlinebrief24.de (HKLM-x32\...\eBriefdienst-onlinebrief24) (Version: - ) PanoramaStudio 2.6 Pro ((deinstallieren)) (HKLM\...\PanoramaStudio2Pro) (Version: - ) Password Safe (HKLM-x32\...\Password Safe) (Version: - ) PC Wizard 2012.2.12 (HKLM-x32\...\PC Wizard 2012_is1) (Version: - CPUID) PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden Personal Ancestral File 5 (HKLM-x32\...\{D94A8E22-DF2B-4107-9E51-608A60A7671D}) (Version: - ) Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.7 - ) PowerChute Personal Edition 3.0.2 (HKLM-x32\...\{8ED262EE-FC73-47A9-BB86-D92223246881}) (Version: 3.0.2 - Schneider Electric) proDAD Mercalli Easy Video Stabilizer 2.0 (HKLM-x32\...\proDAD-MercalliEasy-2.0) (Version: 2.0.4319 - proDAD GmbH) ProductContext (x32 Version: 50.0.165.000 - Hewlett-Packard) Hidden QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.61.612.2012 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5919 - Realtek Semiconductor Corp.) RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: - ) Riot plugin (HKLM-x32\...\Riot-plugin) (Version: - ) RouterControl 2.0 (HKLM-x32\...\RouterControl) (Version: - ) Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.1.12123_2 - Samsung Electronics Co., Ltd.) Samsung Kies (x32 Version: 2.5.1.12123_2 - Samsung Electronics Co., Ltd.) Hidden Samsung Network PC Fax (HKLM-x32\...\{80078570-6C67-486C-8CF0-B0D778FC69B5}) (Version: 1.04.027 - Samsung) SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.16.0 - SAMSUNG Electronics Co., Ltd.) Schmaili 9.0 (HKLM-x32\...\Schmaili_is1) (Version: - ) Scribble Papers 2.7.1 (HKLM-x32\...\Scribble Papers_is1) (Version: - Jens Hoetger) Scribus 1.4.1 (HKLM-x32\...\Scribus 1.4.1) (Version: 1.4.1 - The Scribus Team) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden SimpleSYN 3.5 (HKLM-x32\...\{eb67e997-31f3-40c4-90f8-18775ef324f0}) (Version: 3.5.6924 - creativbox.net) SimpleSYN 3.5 (x32 Version: 3.5.6924 - creativbox.net) Hidden sipgate Faxdrucker (HKLM\...\{406C475B-F98F-4815-B996-7F403BCF14F3}) (Version: 1.0.3 - sipgate GmbH) Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.) SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden StarMoney (x32 Version: 3.0.5.8 - StarFinanz) Hidden StarMoney (x32 Version: 4.0.0.203 - StarFinanz) Hidden StarMoney Business 6.0 (HKLM-x32\...\{6C5C2899-D117-454B-934E-BE64065933D6}) (Version: 6.0 - Star Finanz GmbH) Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden Suite Shared Configuration CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden SWFPlayer 2.6.2.0 (HKLM-x32\...\SWFPlayer_is1) (Version: 2.6.2.0 - Michael Faust, Alpha Interactive) Syncios Version 4.1.0 (HKLM-x32\...\{068A5D84-8419-4BDE-9689-FE65F412EFBB}_is1) (Version: 4.1.0 - Anvsoft, Inc.) TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer) Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden TrafficMonitor 4.90 (HKLM-x32\...\TrafficMonitor) (Version: - ) TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden TSR Watermark Image software version 2.3.2.5 - Free version (HKLM-x32\...\TSR Watermark Image - Free version_is1) (Version: - ) Ulead GIF Animator 5 ESD (HKLM-x32\...\{8AF3E926-ED59-11D4-A44B-0000E86D2305}) (Version: - ) Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft) Update for Microsoft Excel 2010 (KB2889836) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9179FC17-97A8-4D98-9E09-05720AF5D44E}) (Version: - Microsoft) Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft) Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft) Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{EAD7BEF9-B28C-425F-B2C5-538CB27EF013}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft) Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft) Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version: - Microsoft) Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version: - Microsoft) Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version: - Microsoft) UseNeXT by Tangysoft (HKLM-x32\...\UseNeXT by Tangysoft_is1) (Version: - Tangysoft Ltd.) VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden Video Viewer (HKLM-x32\...\Video Viewer) (Version: 0.2.0.3 - AVTECH Corporation, Inc.) VisionGS BE (HKLM-x32\...\VisionGS BE_is1) (Version: - bluepath GmbH) VisualLightBox (HKLM-x32\...\VisualLightBox_is1) (Version: - ) VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN) Wartung Samsung SCX-4623FW Series (HKLM-x32\...\Samsung SCX-4623FW Series) (Version: - Samsung Electronics Co., Ltd.) Weather Display 10.37R Build 45 (HKLM-x32\...\Weather Display_is1) (Version: - ) Weather Display Live (HKLM-x32\...\Weather Display Live_is1) (Version: - Weather Display Ltd.) web control version 3.0.1.8 (HKLM-x32\...\{20779EFD-5A24-45F7-A133-132975478C4E}_is1) (Version: 3.0.1.8 - ) WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin) Windows Software Development Kit (HKLM-x32\...\{a3717ca4-b44e-422d-8268-ee4dabb332fd}) (Version: 8.59.25584 - Microsoft Corporation) Windows Software Development Kit EULA (x32 Version: 8.59.25584 - Microsoft Corporations) Hidden Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.) Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software) WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies) WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH) WinZip 18.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DF}) (Version: 18.0.10661 - WinZip Computing, S.L. ) WPanorama (HKCU\...\WPanorama) (Version: - ) WPT Redistributables (x32 Version: 8.59.25584 - Microsoft) Hidden WPTx64 (x32 Version: 8.59.25584 - Microsoft) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-106921944-1459413208-1379297083-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Hubert\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-106921944-1459413208-1379297083-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hubert\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-106921944-1459413208-1379297083-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hubert\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-106921944-1459413208-1379297083-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hubert\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-106921944-1459413208-1379297083-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hubert\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.) ==================== Restore Points ========================= 10-09-2014 06:26:34 AA11 10-09-2014 06:52:36 Windows Update 10-09-2014 14:20:42 SimpleSYN 3.5 13-09-2014 11:09:56 Windows Update 20-09-2014 22:00:02 Geplanter Prüfpunkt 24-09-2014 14:16:13 SimpleSYN 3.5 24-09-2014 14:18:45 SimpleSYN 3.5 24-09-2014 14:22:35 Windows Update 01-10-2014 22:00:02 Geplanter Prüfpunkt 03-10-2014 09:50:21 ape@map wird installiert 03-10-2014 11:00:19 ape@map wird entfernt 03-10-2014 11:03:57 ape@map wird entfernt 03-10-2014 19:50:02 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {30B27C33-2E41-47F8-9318-45A8EEA691B2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-04-23] (Piriform Ltd) Task: {4052A9A2-46CD-4F66-95D5-0E93ED154DF3} - System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633 => Cscript.exe "C:\ProgramData\Baidu Security\Duplicaterecord.js" Task: {4601B97B-A264-473C-A85C-52C9D24203F5} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-08-07] () Task: {AE1D4F63-450E-41FA-B9D8-F1F9683F708B} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation) Task: {BEABAF7D-CDF1-4A60-9C31-93BDC671DF9D} - System32\Tasks\RunAsStdUser Task => C:\Program Files\NetDrive\netdrive.exe ==================== Loaded Modules (whitelisted) ============= 2013-01-11 15:20 - 2010-06-17 22:56 - 00087040 _____ () C:\Windows\System32\redmonnt.dll 2013-01-10 14:32 - 2009-10-28 07:34 - 00027648 _____ () C:\Windows\System32\sso4ml6.dll 2014-08-27 12:52 - 2014-08-27 12:52 - 02745168 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareShellExtension.dll 2014-08-27 12:53 - 2014-08-27 12:53 - 03396400 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\RCF.dll 2014-08-27 12:53 - 2014-08-27 12:53 - 00123744 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\boost_filesystem-vc100-mt-1_55.dll 2014-08-27 12:53 - 2014-08-27 12:53 - 00024408 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\boost_system-vc100-mt-1_55.dll 2013-06-08 12:22 - 2007-05-10 13:18 - 00835584 _____ () C:\Windows\vsnp325.exe 2014-08-27 12:53 - 2014-08-27 12:53 - 08886592 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareTray.exe 2014-08-27 12:53 - 2014-08-27 12:53 - 00055648 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\boost_date_time-vc100-mt-1_55.dll 2014-08-27 12:53 - 2014-08-27 12:53 - 00103768 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\boost_thread-vc100-mt-1_55.dll 2014-08-27 12:53 - 2014-08-27 12:53 - 00033624 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\boost_chrono-vc100-mt-1_55.dll 2014-08-27 12:53 - 2014-08-27 12:53 - 00500056 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\boost_locale-vc100-mt-1_55.dll 2014-08-27 12:53 - 2014-08-27 12:53 - 02101568 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\HtmlFramework.dll 2014-08-27 12:53 - 2014-08-27 12:53 - 00066872 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\DllStorage.dll 2014-08-27 12:53 - 2014-08-27 12:53 - 00832848 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareTrayDefaultSkin.dll 2014-08-27 12:53 - 2014-08-27 12:53 - 00811328 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\Localization.dll 2013-06-08 12:22 - 2007-04-21 09:36 - 00270336 _____ () C:\Windows\tsnp325.exe 2014-02-13 15:27 - 2014-02-13 15:27 - 00692224 _____ () C:\Program Files (x86)\onlinebrief24.de\ebdhelper.exe 2014-09-09 15:07 - 2014-08-12 10:42 - 00736768 _____ () C:\Program Files (x86)\Syncios\SynciosDeviceService.exe 2014-08-27 12:32 - 2014-08-27 12:32 - 00706864 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareService.exe 2014-08-27 12:52 - 2014-08-27 12:52 - 11947856 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareServiceKernel.dll 2014-08-27 12:53 - 2014-08-27 12:53 - 00788824 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\boost_regex-vc100-mt-1_55.dll 2014-08-27 12:52 - 2014-08-27 12:52 - 00734536 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareActivation.dll 2014-08-27 12:52 - 2014-08-27 12:52 - 02167640 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareApplicationUpdater.dll 2014-08-27 12:52 - 2014-08-27 12:52 - 00813896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareGamingMode.dll 2014-08-27 12:52 - 2014-08-27 12:52 - 00098624 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareReset.dll 2014-08-27 12:53 - 2014-08-27 12:53 - 00120128 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareTime.dll 2014-08-27 12:52 - 2014-08-27 12:52 - 00943960 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareDefinitionsUpdater.dll 2014-08-27 12:52 - 2014-08-27 12:52 - 00869224 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareDefinitionsUpdaterScheduler.dll 2014-08-27 12:52 - 2014-08-27 12:52 - 01105224 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareIgnoreList.dll 2014-08-27 12:52 - 2014-08-27 12:52 - 00247624 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareQuarantine.dll 2014-08-27 12:52 - 2014-08-27 12:52 - 00988504 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareAntiMalwareEngine.dll 2014-08-27 12:52 - 2014-08-27 12:52 - 00212824 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareAntiRootkitEngine.dll 2014-08-27 12:52 - 2014-08-27 12:52 - 01172816 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareScannerHistory.dll 2014-08-27 12:52 - 2014-08-27 12:52 - 01277248 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareScanner.dll 2014-08-27 12:53 - 2014-08-27 12:53 - 00035160 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\boost_timer-vc100-mt-1_55.dll 2014-08-27 12:52 - 2014-08-27 12:52 - 00975192 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareScannerScheduler.dll 2014-08-27 12:52 - 2014-08-27 12:52 - 01109336 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareRealTimeProtection.dll 2014-08-27 12:52 - 2014-08-27 12:52 - 00229200 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareIncompatibles.dll 2014-08-27 12:52 - 2014-08-27 12:52 - 00891720 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareAntiSpam.dll 2014-08-27 12:52 - 2014-08-27 12:52 - 00843088 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareAntiPhishing.dll 2014-08-27 12:52 - 2014-08-27 12:52 - 03090768 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareParentalControl.dll 2014-08-27 12:53 - 2014-08-27 12:53 - 02624848 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareWebProtection.dll 2014-08-27 12:52 - 2014-08-27 12:52 - 01067344 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareEmailProtection.dll 2014-08-27 12:52 - 2014-08-27 12:52 - 01290584 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareNetworkProtection.dll 2014-08-27 12:52 - 2014-08-27 12:52 - 01004352 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwarePromo.dll 2014-08-27 12:52 - 2014-08-27 12:52 - 00343880 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareFeedback.dll 2014-08-27 12:53 - 2014-08-27 12:53 - 02787160 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareThreatWorkAlliance.dll 2014-08-27 12:52 - 2014-08-27 12:52 - 01238848 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwarePinCode.dll 2014-08-27 12:52 - 2014-08-27 12:52 - 01004864 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareNotice.dll 2014-08-27 12:52 - 2014-08-27 12:52 - 00928072 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareAvcEngine.dll 2014-08-27 12:53 - 2014-08-27 12:53 - 00154944 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\SecurityCenter.dll 2011-04-08 05:13 - 2011-04-08 05:13 - 00323072 _____ () C:\Windows\system32\SaMinDrv.dll 2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2014-05-19 05:20 - 2014-05-19 05:20 - 00208744 _____ () C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavDllFilter.dll 2014-04-08 11:53 - 2014-04-08 11:55 - 00541032 _____ () C:\Program Files (x86)\Baidu Security\Baidu Antivirus\sqlite.dll 2014-07-13 18:44 - 2014-02-19 20:21 - 00208896 ____N () C:\Program Files (x86)\VideoViewer\DatabaseOp.dll 2009-07-13 23:03 - 2009-07-14 03:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll 2014-07-13 18:44 - 2011-04-22 15:21 - 00040960 ____N () C:\Program Files (x86)\VideoViewer\DvrInitCom.dll 2013-01-10 17:35 - 2013-11-21 16:21 - 00031744 ____N () C:\Windows\SysWow64\AVC_JPEG.dll 2014-07-13 18:44 - 2013-11-20 15:54 - 02121216 ____N () C:\Windows\SysWow64\avcodec-55.40.801.dll 2014-07-13 18:44 - 2013-11-20 15:54 - 00399360 ____N () C:\Windows\SysWow64\avutil-52.49.800.dll 2014-07-13 18:44 - 2013-11-20 15:54 - 00310784 ____N () C:\Windows\SysWow64\avformat-55.21.800.dll 2014-07-13 18:44 - 2013-11-20 15:54 - 00368128 ____N () C:\Windows\SysWow64\swscale-2.5.801.dll 2013-01-10 17:35 - 2014-02-10 15:34 - 00196608 ____N () C:\Windows\SysWow64\AVC_H264.dll 2014-07-13 18:44 - 2014-02-19 20:20 - 00143360 ____N () C:\Program Files (x86)\VideoViewer\RecordOp.dll 2014-07-13 18:44 - 2014-02-19 20:21 - 00552960 ____N () C:\Program Files (x86)\VideoViewer\LiveVideo.dll 2014-07-13 18:44 - 2014-02-19 20:20 - 00098304 ____N () C:\Program Files (x86)\VideoViewer\PlaybackOp.dll 2014-07-13 18:44 - 2011-08-23 16:07 - 00065536 ____N () C:\Program Files (x86)\VideoViewer\NetMsgDLL.DLL 2014-09-09 20:44 - 2005-11-27 22:07 - 00491520 _____ () C:\Windows\SysWow64\CoolXPButton.ocx 2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf 2014-09-09 15:07 - 2014-08-12 10:42 - 00382464 _____ () C:\Program Files (x86)\Syncios\DuiLib.dll 2014-09-09 15:07 - 2013-03-01 10:30 - 00059904 _____ () C:\Program Files (x86)\Syncios\zlib.dll 2014-09-09 15:07 - 2013-03-01 10:30 - 00526848 _____ () C:\Program Files (x86)\Syncios\sqlite3.dll 2014-09-09 15:07 - 2014-04-29 17:11 - 00067072 _____ () C:\Program Files (x86)\Syncios\zlib1.dll 2014-09-09 15:07 - 2014-01-06 11:24 - 00671744 _____ () C:\Program Files (x86)\Syncios\hashab.dll 2014-01-20 14:16 - 2014-01-20 14:16 - 00237384 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll 2013-02-14 15:46 - 2013-02-14 15:46 - 01044048 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll 2014-10-05 18:18 - 2012-04-16 13:15 - 00004608 _____ () c:\program files (x86)\trafficmonitor\lgLcdLibWrapper.dll 2013-02-13 06:44 - 2013-02-13 06:44 - 00028160 _____ () C:\Program Files (x86)\Pidgin\libssp-0.dll 2013-02-13 06:44 - 2013-02-13 06:44 - 00671031 _____ () C:\Program Files (x86)\Pidgin\exchndl.dll 2013-05-09 14:32 - 2013-05-09 14:32 - 00904525 _____ () C:\Program Files (x86)\Pidgin\Gtk\bin\libcairo-2.dll 2013-05-09 14:32 - 2013-05-09 14:32 - 00279059 _____ () C:\Program Files (x86)\Pidgin\Gtk\bin\libfontconfig-1.dll 2013-05-09 14:32 - 2013-05-09 14:32 - 00177586 _____ () C:\Program Files (x86)\Pidgin\Gtk\bin\libexpat-1.dll 2013-05-09 14:32 - 2013-05-09 14:32 - 00553382 _____ () C:\Program Files (x86)\Pidgin\Gtk\bin\freetype6.dll 2013-05-09 14:32 - 2013-05-09 14:32 - 00216992 _____ () C:\Program Files (x86)\Pidgin\Gtk\bin\libpng14-14.dll 2013-05-09 14:32 - 2013-05-09 14:32 - 00100352 _____ () C:\Program Files (x86)\Pidgin\Gtk\bin\zlib1.dll 2013-02-13 06:43 - 2013-02-13 06:43 - 01274655 _____ () C:\Program Files (x86)\Pidgin\libxml2-2.dll 2013-02-13 06:44 - 2013-02-13 06:44 - 00475580 _____ () C:\Program Files (x86)\Pidgin\spellcheck\libgtkspell-0.dll 2013-02-13 06:45 - 2013-02-13 06:45 - 00020997 _____ () C:\Program Files (x86)\Pidgin\plugins\autoaccept.dll 2013-02-13 06:45 - 2013-02-13 06:45 - 00013253 _____ () C:\Program Files (x86)\Pidgin\plugins\buddynote.dll 2013-02-13 06:45 - 2013-02-13 06:45 - 00024924 _____ () C:\Program Files (x86)\Pidgin\plugins\convcolors.dll 2013-02-13 06:45 - 2013-02-13 06:45 - 00015702 _____ () C:\Program Files (x86)\Pidgin\plugins\extplacement.dll 2013-02-13 06:45 - 2013-02-13 06:45 - 00014147 _____ () C:\Program Files (x86)\Pidgin\plugins\gtkbuddynote.dll 2013-02-13 06:45 - 2013-02-13 06:45 - 00018882 _____ () C:\Program Files (x86)\Pidgin\plugins\history.dll 2013-02-13 06:45 - 2013-02-13 06:45 - 00012865 _____ () C:\Program Files (x86)\Pidgin\plugins\iconaway.dll 2013-02-13 06:45 - 2013-02-13 06:45 - 00019043 _____ () C:\Program Files (x86)\Pidgin\plugins\idle.dll 2013-02-13 06:45 - 2013-02-13 06:45 - 00018555 _____ () C:\Program Files (x86)\Pidgin\plugins\joinpart.dll 2013-02-13 06:45 - 2013-02-13 06:45 - 00015074 _____ () C:\Program Files (x86)\Pidgin\plugins\libaim.dll 2013-02-13 06:45 - 2013-02-13 06:45 - 00310491 _____ () C:\Program Files (x86)\Pidgin\liboscar.dll 2013-02-13 06:45 - 2013-02-13 06:45 - 00092874 _____ () C:\Program Files (x86)\Pidgin\plugins\libbonjour.dll 2013-02-13 06:45 - 2013-02-13 06:45 - 00209619 _____ () C:\Program Files (x86)\Pidgin\plugins\libgg.dll 2013-02-13 06:45 - 2013-02-13 06:45 - 00016005 _____ () C:\Program Files (x86)\Pidgin\plugins\libicq.dll 2013-02-13 06:45 - 2013-02-13 06:45 - 00105620 _____ () C:\Program Files (x86)\Pidgin\plugins\libirc.dll 2013-02-13 06:43 - 2013-02-13 06:43 - 00190464 _____ () C:\Program Files (x86)\Pidgin\libsasl.dll 2013-02-13 06:45 - 2013-02-13 06:45 - 00373657 _____ () C:\Program Files (x86)\Pidgin\plugins\libmsn.dll 2013-02-13 06:45 - 2013-02-13 06:45 - 00149933 _____ () C:\Program Files (x86)\Pidgin\plugins\libmxit.dll 2013-02-13 06:45 - 2013-02-13 06:45 - 00106670 _____ () C:\Program Files (x86)\Pidgin\plugins\libmyspace.dll 2013-02-13 06:45 - 2013-02-13 06:45 - 00123540 _____ () C:\Program Files (x86)\Pidgin\plugins\libnovell.dll 2013-02-13 06:45 - 2013-02-13 06:45 - 00116583 _____ () C:\Program Files (x86)\Pidgin\plugins\libsametime.dll 2013-02-13 06:43 - 2013-02-13 06:43 - 00152852 _____ () C:\Program Files (x86)\Pidgin\libmeanwhile-1.dll 2013-02-13 06:45 - 2013-02-13 06:45 - 00171090 _____ () C:\Program Files (x86)\Pidgin\plugins\libsilc.dll 2013-02-13 06:43 - 2013-02-13 06:43 - 02097721 _____ () C:\Program Files (x86)\Pidgin\libsilc-1-1-2.dll 2013-02-13 06:43 - 2013-02-13 06:43 - 00818985 _____ () C:\Program Files (x86)\Pidgin\libsilcclient-1-1-3.dll 2013-02-13 06:45 - 2013-02-13 06:45 - 00055758 _____ () C:\Program Files (x86)\Pidgin\plugins\libsimple.dll 2013-02-13 06:45 - 2013-02-13 06:45 - 00021337 _____ () C:\Program Files (x86)\Pidgin\plugins\libxmpp.dll 2013-02-13 06:45 - 2013-02-13 06:45 - 00415553 _____ () C:\Program Files (x86)\Pidgin\libjabber.dll 2013-02-13 06:45 - 2013-02-13 06:45 - 00022832 _____ () C:\Program Files (x86)\Pidgin\plugins\libyahoo.dll 2013-02-13 06:45 - 2013-02-13 06:45 - 00228908 _____ () C:\Program Files (x86)\Pidgin\libymsg.dll 2013-02-13 06:45 - 2013-02-13 06:45 - 00019793 _____ () C:\Program Files (x86)\Pidgin\plugins\libyahoojp.dll 2013-02-13 06:45 - 2013-02-13 06:45 - 00047391 _____ () C:\Program Files (x86)\Pidgin\plugins\log_reader.dll 2013-02-13 06:45 - 2013-02-13 06:45 - 00021795 _____ () C:\Program Files (x86)\Pidgin\plugins\markerline.dll 2013-02-13 06:45 - 2013-02-13 06:45 - 00013456 _____ () C:\Program Files (x86)\Pidgin\plugins\newline.dll 2013-02-13 06:45 - 2013-02-13 06:45 - 00029225 _____ () C:\Program Files (x86)\Pidgin\plugins\notify.dll 2013-02-13 06:45 - 2013-02-13 06:45 - 00017023 _____ () C:\Program Files (x86)\Pidgin\plugins\offlinemsg.dll 2013-02-13 06:45 - 2013-02-13 06:45 - 00029256 _____ () C:\Program Files (x86)\Pidgin\plugins\pidginrc.dll 2013-02-13 06:45 - 2013-02-13 06:45 - 00015380 _____ () C:\Program Files (x86)\Pidgin\plugins\psychic.dll 2013-02-13 06:45 - 2013-02-13 06:45 - 00015429 _____ () C:\Program Files (x86)\Pidgin\plugins\relnot.dll 2013-02-13 06:45 - 2013-02-13 06:45 - 00015045 _____ () C:\Program Files (x86)\Pidgin\plugins\sendbutton.dll 2013-02-13 06:45 - 2013-02-13 06:45 - 00069575 _____ () C:\Program Files (x86)\Pidgin\plugins\spellchk.dll 2013-02-13 06:45 - 2013-02-13 06:45 - 00027811 _____ () C:\Program Files (x86)\Pidgin\plugins\ssl-nss.dll 2013-02-13 06:45 - 2013-02-13 06:45 - 00012004 _____ () C:\Program Files (x86)\Pidgin\plugins\ssl.dll 2013-02-13 06:45 - 2013-02-13 06:45 - 00015978 _____ () C:\Program Files (x86)\Pidgin\plugins\statenotify.dll 2013-02-13 06:45 - 2013-02-13 06:45 - 00030353 _____ () C:\Program Files (x86)\Pidgin\plugins\themeedit.dll 2013-02-13 06:45 - 2013-02-13 06:45 - 00032020 _____ () C:\Program Files (x86)\Pidgin\plugins\ticker.dll 2013-02-13 06:45 - 2013-02-13 06:45 - 00018399 _____ () C:\Program Files (x86)\Pidgin\plugins\timestamp.dll 2013-02-13 06:45 - 2013-02-13 06:45 - 00023305 _____ () C:\Program Files (x86)\Pidgin\plugins\timestamp_format.dll 2013-02-13 06:45 - 2013-02-13 06:45 - 00029791 _____ () C:\Program Files (x86)\Pidgin\plugins\win2ktrans.dll 2013-02-13 06:45 - 2013-02-13 06:45 - 00030771 _____ () C:\Program Files (x86)\Pidgin\plugins\winprefs.dll 2013-02-13 06:45 - 2013-02-13 06:45 - 00037191 _____ () C:\Program Files (x86)\Pidgin\plugins\xmppconsole.dll 2013-02-13 06:45 - 2013-02-13 06:45 - 00044494 _____ () C:\Program Files (x86)\Pidgin\plugins\xmppdisco.dll 2013-02-13 06:43 - 2013-02-13 06:43 - 00102400 _____ () C:\Program Files (x86)\Pidgin\sasl2\saslANONYMOUS.dll 2013-02-13 06:43 - 2013-02-13 06:43 - 00115712 _____ () C:\Program Files (x86)\Pidgin\sasl2\saslCRAMMD5.dll 2013-02-13 06:43 - 2013-02-13 06:43 - 00140288 _____ () C:\Program Files (x86)\Pidgin\sasl2\saslDIGESTMD5.dll 2013-02-13 06:43 - 2013-02-13 06:43 - 00102912 _____ () C:\Program Files (x86)\Pidgin\sasl2\saslLOGIN.dll 2013-02-13 06:43 - 2013-02-13 06:43 - 00102912 _____ () C:\Program Files (x86)\Pidgin\sasl2\saslPLAIN.dll 2013-02-13 06:44 - 2013-02-13 06:44 - 00425984 _____ () C:\Program Files (x86)\Pidgin\sqlite3.dll 2013-05-09 14:32 - 2013-05-09 14:32 - 00090496 _____ () C:\Program Files (x86)\Pidgin\Gtk\lib\gtk-2.0\2.10.0\engines\libwimp.dll 2014-09-25 16:20 - 2014-09-25 16:21 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9 ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BavSvc => "Service"="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BavSvc => "Service"="" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupfolder: C:^Users^Hubert^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk => C:\Windows\pss\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk.Startup MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" MSCONFIG\startupreg: NetDrive => "C:\Program Files\NetDrive\netdrive.exe" -tray MSCONFIG\startupreg: OODefragTray => C:\Program Files\OO Software\Defrag\oodtray.exe MSCONFIG\startupreg: OODITRAY.EXE => C:\Program Files\OO Software\DiskImage\ooditray.exe MSCONFIG\startupreg: tsnp325 => C:\Windows\tsnp325.exe MSCONFIG\startupreg: VideoViewer => C:\Program Files (x86)\VideoViewer\VideoViewer.exe ========================= Accounts: ========================== Administrator (S-1-5-21-106921944-1459413208-1379297083-500 - Administrator - Disabled) fbwuser (S-1-5-21-106921944-1459413208-1379297083-1003 - Limited - Enabled) Gast (S-1-5-21-106921944-1459413208-1379297083-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-106921944-1459413208-1379297083-1002 - Limited - Enabled) Hubert (S-1-5-21-106921944-1459413208-1379297083-1000 - Administrator - Enabled) => C:\Users\Hubert ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (10/07/2014 10:27:17 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: ERROR: handle_resolve_request bad interfaceIndex 24 Error: (10/07/2014 10:27:17 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: ERROR: handle_resolve_request bad interfaceIndex 23 Error: (10/07/2014 10:27:17 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: ERROR: handle_resolve_request bad interfaceIndex 22 Error: (10/07/2014 10:27:17 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: ERROR: handle_resolve_request bad interfaceIndex 21 Error: (10/07/2014 10:27:17 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: ERROR: handle_resolve_request bad interfaceIndex 20 Error: (10/07/2014 10:27:17 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: ERROR: handle_resolve_request bad interfaceIndex 19 Error: (10/07/2014 10:27:17 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: ERROR: handle_resolve_request bad interfaceIndex 18 Error: (10/07/2014 10:27:17 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: ERROR: handle_resolve_request bad interfaceIndex 17 Error: (10/07/2014 10:27:17 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: ERROR: handle_resolve_request bad interfaceIndex 16 Error: (10/07/2014 10:27:17 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: ERROR: handle_resolve_request bad interfaceIndex 15 System errors: ============= Error: (10/04/2014 08:44:47 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst StarMoney Business 6.0 OnlineUpdate erreicht. Error: (10/04/2014 08:43:37 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Garmin Core Update Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (10/04/2014 08:43:37 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Garmin Core Update Service erreicht. Error: (10/04/2014 08:43:03 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (10/03/2014 09:50:39 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800f020b fehlgeschlagen: SAMSUNG Electronics Co., Ltd. - Other hardware - SAMSUNG Mobile MTP Device Error: (10/03/2014 05:44:09 AM) (Source: srv) (EventID: 2017) (User: ) Description: Der Server konnte keinen nicht-ausgelagerten Poolspeicher reservieren, da die konfigurierte Grenze für die Reservierung von nicht-ausgelagertem Poolspeicher erreicht wurde. Error: (10/03/2014 05:43:14 AM) (Source: Disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden. Error: (10/03/2014 05:43:14 AM) (Source: Disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden. Error: (09/29/2014 09:15:09 AM) (Source: srv) (EventID: 2017) (User: ) Description: Der Server konnte keinen nicht-ausgelagerten Poolspeicher reservieren, da die konfigurierte Grenze für die Reservierung von nicht-ausgelagertem Poolspeicher erreicht wurde. Error: (09/28/2014 05:11:10 PM) (Source: srv) (EventID: 2017) (User: ) Description: Der Server konnte keinen nicht-ausgelagerten Poolspeicher reservieren, da die konfigurierte Grenze für die Reservierung von nicht-ausgelagertem Poolspeicher erreicht wurde. Microsoft Office Sessions: ========================= Error: (10/07/2014 10:27:17 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: ERROR: handle_resolve_request bad interfaceIndex 24 Error: (10/07/2014 10:27:17 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: ERROR: handle_resolve_request bad interfaceIndex 23 Error: (10/07/2014 10:27:17 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: ERROR: handle_resolve_request bad interfaceIndex 22 Error: (10/07/2014 10:27:17 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: ERROR: handle_resolve_request bad interfaceIndex 21 Error: (10/07/2014 10:27:17 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: ERROR: handle_resolve_request bad interfaceIndex 20 Error: (10/07/2014 10:27:17 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: ERROR: handle_resolve_request bad interfaceIndex 19 Error: (10/07/2014 10:27:17 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: ERROR: handle_resolve_request bad interfaceIndex 18 Error: (10/07/2014 10:27:17 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: ERROR: handle_resolve_request bad interfaceIndex 17 Error: (10/07/2014 10:27:17 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: ERROR: handle_resolve_request bad interfaceIndex 16 Error: (10/07/2014 10:27:17 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: ERROR: handle_resolve_request bad interfaceIndex 15 ==================== Memory info =========================== Processor: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz Percentage of memory in use: 58% Total physical RAM: 8157.09 MB Available physical RAM: 3414.81 MB Total Pagefile: 18155.27 MB Available Pagefile: 14246.18 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:465.76 GB) (Free:116.28 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive e: (Video) (Fixed) (Total:298.09 GB) (Free:173.84 GB) NTFS Drive f: (Verbatim) (Fixed) (Total:465.76 GB) (Free:331.89 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 3AE71515) Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: D9D1075A) Partition 1: (Active) - (Size=298.1 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 6684C31F) Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS) ==================== End Of Log ============================ 2. FRST.txt FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-10-2014 01
Ran by Hubert (administrator) on HUBERT-PC on 07-10-2014 15:03:14
Running from C:\Users\Hubert\Downloads
Loaded Profile: Hubert (Available profiles: Hubert)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Baidu, Inc.) C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BAVSvc.exe
(Baidu, Inc.) C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BHipsSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(devolo AG) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Windows\vsnp325.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareTray.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(AVTECH) C:\Program Files (x86)\VideoViewer\VideoViewer.exe
(Marc Waesche Services) C:\Program Files (x86)\Schmaili90\schmaili.exe
(creativbox.net, Torsten Leithold & Georg von Kries GbR) C:\Program Files (x86)\creativbox.net\SimpleSYN\CBN.SimpleSYN.NET.exe
(ASCOMP Software GmbH) C:\Program Files (x86)\ASCOMP Software\BackUp Maker\bkmaker.exe
() C:\Windows\tsnp325.exe
() C:\Program Files (x86)\onlinebrief24.de\ebdhelper.exe
(Baidu, Inc.) C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavTray.exe
() C:\Program Files (x86)\Syncios\SynciosDeviceService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareService.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe
(Baidu, Inc.) C:\Program Files (x86)\Baidu Security\Baidu Antivirus\bavhm.exe
(Microsoft Corporation) C:\Windows\System32\Locator.exe
(Samsung Software Center, Moscow) C:\Windows\System32\spool\drivers\x64\3\NetFaxServer64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Mirko Böer) C:\Program Files (x86)\trafficmonitor\TrafficMonitor.exe
(Mirko Böer) C:\Program Files (x86)\trafficmonitor\TMPacketServiceInit.exe
(Mirko Böer) C:\Program Files (x86)\RouterControl\RouterControl.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
(The Pidgin developer community) C:\Program Files (x86)\Pidgin\pidgin.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [snp325] => C:\Windows\vsnp325.exe [835584 2007-05-10] ()
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareTray.exe [8886592 2014-08-27] ()
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Display] => C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe [284024 2012-01-24] (Schneider Electric)
HKLM-x32\...\Run: [SMB60StarMoneyRunEntry] => C:\Program Files (x86)\StarMoney Business 6.0\app\oflagent.exe [51856 2014-08-19] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
HKLM-x32\...\Run: [tsnp325] => C:\Windows\tsnp325.exe [270336 2007-04-21] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [onlinebrief24-ebdhelper] => C:\Program Files (x86)\onlinebrief24.de\ebdhelper.exe [692224 2014-02-13] ()
HKLM-x32\...\Run: [Baidu Antivirus] => C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavTray.exe [1704296 2014-06-13] (Baidu, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKLM-x32\...\Run: [Syncios device service] => C:\Program Files (x86)\Syncios\SynciosDeviceService.exe [736768 2014-08-12] ()
HKLM-x32\...\Run: [RouterControl] => C:\Program Files (x86)\RouterControl\ROUTERCONTROL.EXE [3449344 2009-05-19] (Mirko Böer)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-106921944-1459413208-1379297083-1000\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844296 2012-12-20] (Samsung)
HKU\S-1-5-21-106921944-1459413208-1379297083-1000\...\Run: [VideoViewer] => C:\Program Files (x86)\VideoViewer\VideoViewer.exe [286720 2014-02-19] (AVTECH)
HKU\S-1-5-21-106921944-1459413208-1379297083-1000\...\Run: [Schmaili] => C:\Program Files (x86)\Schmaili90\schmaili.exe [536576 2007-08-03] (Marc Waesche Services)
HKU\S-1-5-21-106921944-1459413208-1379297083-1000\...\Run: [SimpleSYN.NET] => C:\Program Files (x86)\creativbox.net\SimpleSYN\CBN.SimpleSYN.NET.exe [2561840 2014-09-24] (creativbox.net, Torsten Leithold & Georg von Kries GbR)
HKU\S-1-5-21-106921944-1459413208-1379297083-1000\...\Run: [RouterControl] => C:\Program Files (x86)\RouterControl\ROUTERCONTROL.EXE [3449344 2009-05-19] (Mirko Böer)
HKU\S-1-5-21-106921944-1459413208-1379297083-1000\...\Run: [TrafficMonitor] => C:\Program Files (x86)\trafficmonitor\TRAFFICMONITOR.EXE [5278576 2012-04-16] (Mirko Böer)
HKU\S-1-5-21-106921944-1459413208-1379297083-1000\...\Policies\Explorer: [NoThumbnailCache] 1
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-18\...\Run: [Schmaili] => C:\Program Files (x86)\Schmaili90\schmaili.exe [536576 2007-08-03] (Marc Waesche Services)
IFEO\DatamngrCoordinator.exe: [Debugger] tasklist.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\APC UPS Status.lnk
ShortcutTarget: APC UPS Status.lnk -> C:\Program Files (x86)\APC\PowerChute Personal Edition\Display.exe (Schneider Electric)
Startup: C:\Users\Hubert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BackUp Maker.lnk
ShortcutTarget: BackUp Maker.lnk -> C:\Program Files (x86)\ASCOMP Software\BackUp Maker\bkmaker.exe (ASCOMP Software GmbH)
Startup: C:\Users\Hubert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Easy2Sync für Outlook.lnk
ShortcutTarget: Easy2Sync für Outlook.lnk -> C:\Program Files (x86)\Easy2Sync für Outlook\E2S4Outlook.exe (No File)
Startup: C:\Users\Hubert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Pidgin.lnk
ShortcutTarget: Pidgin.lnk -> C:\Program Files (x86)\Pidgin\pidgin.exe (The Pidgin developer community)
Startup: C:\Users\HUES-Win7-old\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (No File)
Startup: C:\Users\HUES-Win7-old\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VisionGS.lnk
ShortcutTarget: VisionGS.lnk -> C:\Program Files (x86)\VisionGS BE\visiongsa.exe ()
ShellIconOverlayIdentifiers: [BaiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavShx64.dll (Baidu, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hubert\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hubert\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hubert\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hubert\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hubert\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hubert\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hubert\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hubert\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x8BD60F872F53CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://wittigmbh.de/
URLSearchHook: HKCU - (No Name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File
SearchScopes: HKLM - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=ES&userid=4240d956-60e3-4b16-a1b1-923f0c38cfc3&searchtype=ds&q={searchTerms}
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=ES&userid=4240d956-60e3-4b16-a1b1-923f0c38cfc3&searchtype=ds&q={searchTerms}
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3314932&octid=EB_ORIGINAL_CTID&ISID=F6585214-8D20-48CE-A463-0FDB8F0B972C&SearchSource=58&CUI=&UM=6&UP=SP9BCAED76-E471-4121-98C9-D0F9E9AFB3EC&q={searchTerms}&SSPV=
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=ES&userid=4240d956-60e3-4b16-a1b1-923f0c38cfc3&searchtype=ds&q={searchTerms}
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3314932&octid=EB_ORIGINAL_CTID&ISID=F6585214-8D20-48CE-A463-0FDB8F0B972C&SearchSource=58&CUI=&UM=6&UP=SP9BCAED76-E471-4121-98C9-D0F9E9AFB3EC&q={searchTerms}&SSPV=
SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL =
BHO: IB Updater -> {336D0C35-8A85-403a-B9D2-65C292C39087} -> C:\Program Files\IB Updater\Extension64.dll ()
BHO: No Name -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: No Name -> {84FF7BD6-B47F-46F8-9130-01B2696B36CB} -> No File
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\..\Interfaces\{1168590D-DC3D-47D2-AA9A-6EBC1A4FE8B3}: [NameServer] 8.8.8.8,217.71.192.3
FireFox:
========
FF ProfilePath: C:\Users\Hubert\AppData\Roaming\Mozilla\Firefox\Profiles\uaa5oomv.default-1406201691444
FF DefaultSearchEngine: user_pref("browser.search.defaultenginename", "");
FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", "");
FF Homepage: hxxp://www.cumbre-wetter.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF SearchPlugin: C:\Users\Hubert\AppData\Roaming\Mozilla\Firefox\Profiles\uaa5oomv.default-1406201691444\searchplugins\ixquick-https---deutsch.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ColorfulTabs - C:\Users\Hubert\AppData\Roaming\Mozilla\Firefox\Profiles\uaa5oomv.default-1406201691444\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2014-09-25]
FF Extension: DownloadHelper - C:\Users\Hubert\AppData\Roaming\Mozilla\Firefox\Profiles\uaa5oomv.default-1406201691444\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-05]
FF Extension: Saved Password Editor - C:\Users\Hubert\AppData\Roaming\Mozilla\Firefox\Profiles\uaa5oomv.default-1406201691444\Extensions\savedpasswordeditor@daniel.dawson.xpi [2014-07-24]
FF Extension: Capture & Print - C:\Users\Hubert\AppData\Roaming\Mozilla\Firefox\Profiles\uaa5oomv.default-1406201691444\Extensions\{146f1820-2b0d-49ef-acbf-d85a6986e10c}.xpi [2014-07-24]
FF Extension: FireFTP - C:\Users\Hubert\AppData\Roaming\Mozilla\Firefox\Profiles\uaa5oomv.default-1406201691444\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [2014-07-24]
FF Extension: Adblock Plus - C:\Users\Hubert\AppData\Roaming\Mozilla\Firefox\Profiles\uaa5oomv.default-1406201691444\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-24]
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\IB Updater\Firefox
FF Extension: IB Updater - C:\Program Files\IB Updater\Firefox [2013-01-25]
FF HKLM\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] - C:\Program Files\IB Updater\Firefox
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-01-18]
FF HKLM-x32\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\IB Updater\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] - C:\Program Files\IB Updater\Firefox
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx []
CHR HKLM-x32\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx []
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 ABBYY.Licensing.FineReader.Professional.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 APC Data Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe [21880 2012-01-24] (Schneider Electric)
R2 APC UPS Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe [705912 2012-01-24] (Schneider Electric)
R2 BAVSvc; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BAVSvc.exe [2038248 2014-06-13] (Baidu, Inc.)
R2 BHipsSvc; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BHipsSvc.exe [481432 2014-06-13] (Baidu, Inc.)
R2 DevoloNetworkService; C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe [3645432 2014-07-18] (devolo AG)
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1253376 2009-08-27] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®) [File not signed]
S2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-08-07] (Garmin Ltd or its subsidiaries)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-23] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-23] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1037824 2009-09-23] (Hewlett-Packard Co.) [File not signed]
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareService.exe [706864 2014-08-27] ()
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-03-26] (Nitro PDF Software)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [271920 2007-03-12] (Nero AG)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
R2 Samsung Network Fax Server; C:\Windows\system32\spool\drivers\x64\3\NetFaxServer64.exe [216576 2009-12-02] (Samsung Software Center, Moscow) [File not signed]
S2 StarMoney Business 6.0 OnlineUpdate; C:\Program Files (x86)\StarMoney Business 6.0\ouservice\StarMoneyOnlineUpdate.exe [697488 2014-07-04] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TMPService; c:\program files (x86)\trafficmonitor\TMPacketServiceInit.exe [692808 2012-04-16] (Mirko Böer)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-09-07] (VIA Technologies, Inc.)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
U3 BdApiUtil; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BdApiUtil64.sys [148288 2014-04-08] (Baidu, Inc.)
U3 BdCameraProtect; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BdCameraProtect64.sys [24704 2014-05-27] (Baidu, Inc.)
R1 Bfilter; C:\Windows\System32\drivers\Bfilter.sys [56640 2014-05-27] (Baidu, Inc.)
R1 Bfmon; C:\Windows\System32\drivers\Bfmon.sys [37696 2014-05-27] (Baidu, Inc.)
R1 Bnbase; C:\Windows\System32\drivers\bnbasex64.sys [91616 2014-05-27] (Baidu, Inc.)
R1 Bndef; C:\Windows\System32\drivers\bndef64.sys [70912 2014-05-27] (Baidu, Inc.)
R1 Bprotect; C:\Windows\System32\drivers\Bprotect.sys [144960 2014-06-13] (Baidu, Inc.)
S3 cpuz135; C:\Program Files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys [24368 2012-08-11] (CPUID)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2012-12-21] () [File not signed]
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14920 2012-12-21] () [File not signed]
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2012-12-21] () [File not signed]
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [9160 2012-12-21] () [File not signed]
R3 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
R2 NPF_devolo; C:\Windows\sysWOW64\drivers\npf_devolo.sys [34048 2014-07-18] (CACE Technologies)
S3 SNP325; C:\Windows\System32\DRIVERS\snp325.sys [10733184 2007-11-22] (Sonix Co. Ltd.)
S3 Spring; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Spring64.sys [110336 2014-06-13] ()
R2 SSPORT; C:\Windows\SysWOW64\Drivers\SSPORT.sys [11576 2009-10-22] (Samsung Electronics)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-04-24] (Anchorfree Inc.)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [389240 2014-04-22] (BitDefender S.R.L.)
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-07 15:03 - 2014-10-07 15:03 - 00024507 _____ () C:\Users\Hubert\Downloads\FRST.txt
2014-10-07 15:03 - 2014-10-07 15:03 - 00000000 ____D () C:\FRST
2014-10-07 15:02 - 2014-10-07 15:02 - 02109952 _____ (Farbar) C:\Users\Hubert\Downloads\FRST64.exe
2014-10-07 15:01 - 2014-10-07 15:01 - 00050477 _____ () C:\Users\Hubert\Downloads\Defogger.exe
2014-10-07 15:01 - 2014-10-07 15:01 - 00000474 _____ () C:\Windows\SysWOW64\defogger_disable.log
2014-10-07 15:01 - 2014-10-07 15:01 - 00000000 _____ () C:\Users\Hubert\defogger_reenable
2014-10-07 14:34 - 2014-10-07 14:42 - 00000000 ____D () C:\Users\Hubert\Desktop\Trojaner
2014-10-07 12:04 - 2014-10-07 12:04 - 19673112 _____ () C:\Users\Hubert\Downloads\PanoStudio2ProSetup.exe
2014-10-06 14:50 - 2014-10-06 14:51 - 00000000 ____D () C:\Users\Hubert\Desktop\LampeJuergen
2014-10-05 21:24 - 2014-10-06 00:00 - 00000000 ____D () C:\Users\Hubert\Documents\Trafic
2014-10-05 18:18 - 2014-10-05 18:18 - 00002927 ____R () C:\Windows\TrafficMonitor_Uninstall.in
2014-10-05 18:18 - 2014-10-05 18:18 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TrafficMonitor
2014-10-05 18:18 - 2014-10-05 18:18 - 00000000 ____D () C:\Program Files (x86)\trafficmonitor
2014-10-05 18:18 - 2012-04-16 13:15 - 00331136 _____ (Mirko Böer) C:\Windows\TraffUn.EXE
2014-10-05 18:17 - 2014-10-05 18:17 - 03469477 _____ () C:\Users\Hubert\Downloads\trafficmsw.zip
2014-10-05 17:49 - 2014-10-05 17:49 - 00002455 ____R () C:\Windows\RouterControl_Uninstall.in
2014-10-05 17:49 - 2014-10-05 17:49 - 00001025 _____ () C:\Users\Hubert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RouterControl.lnk
2014-10-05 17:49 - 2014-10-05 17:49 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RouterControl
2014-10-05 17:49 - 2014-10-05 17:49 - 00000000 ____D () C:\Program Files (x86)\RouterControl
2014-10-05 17:49 - 2009-05-19 13:49 - 00330344 _____ (Mirko Böer) C:\Windows\RCoUn.EXE
2014-10-05 17:48 - 2014-10-05 18:18 - 00000000 ____D () C:\Users\Hubert\Desktop\rc
2014-10-05 17:48 - 2014-10-05 17:48 - 03430645 _____ () C:\Users\Hubert\Downloads\rc.zip
2014-10-03 18:58 - 2014-10-03 18:58 - 00002400 _____ () C:\Users\Hubert\Downloads\planned_route(2).trp
2014-10-03 18:57 - 2014-10-03 18:57 - 00001336 _____ () C:\Users\Hubert\Downloads\planned_route(1).trp
2014-10-03 18:52 - 2014-10-03 18:52 - 00001336 _____ () C:\Users\Hubert\Downloads\planned_route.trp
2014-10-03 13:29 - 2014-10-03 13:29 - 00102121 _____ () C:\Users\Hubert\Downloads\planned_route.gpx
2014-10-03 13:10 - 2014-10-03 13:10 - 00001012 _____ () C:\Users\Hubert\Downloads\TEst.gpx
2014-10-03 11:53 - 2014-10-03 12:04 - 00000000 ____D () C:\Users\Hubert\Documents\apemap
2014-10-03 11:50 - 2014-10-03 13:04 - 00000000 ____D () C:\Program Files (x86)\apemap
2014-10-03 11:48 - 2014-10-03 11:49 - 28735216 _____ () C:\Users\Hubert\Downloads\apemapSetup.exe
2014-10-01 16:31 - 2014-10-01 16:39 - 00709023 ____H () C:\Users\Hubert\Documents\~WRL0713.tmp
2014-10-01 10:00 - 2014-09-25 04:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-01 10:00 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-29 12:13 - 2014-09-29 12:13 - 02415648 _____ () C:\Users\Hubert\Desktop\Kartenspiel.mp4
2014-09-25 16:20 - 2014-09-25 16:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-24 16:14 - 2014-09-24 16:15 - 18792168 _____ (creativbox.net) C:\Users\Hubert\Downloads\SimpleSYN(1).exe
2014-09-24 02:54 - 2014-09-10 00:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-24 02:54 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-14 21:47 - 2014-09-14 21:47 - 00000218 _____ () C:\Users\Hubert\.recently-used.xbel
2014-09-13 16:07 - 2014-10-01 08:53 - 00011328 _____ () C:\Users\Hubert\Desktop\Pool-Meschke.xlsx
2014-09-12 17:17 - 2014-09-12 17:18 - 02138500 _____ () C:\Users\Hubert\Downloads\themenbuttons.zip
2014-09-12 16:53 - 2014-09-12 16:53 - 06909160 _____ (Likno Software) C:\Users\Hubert\Downloads\LiknoWebButtonMakerSetup.exe
2014-09-12 16:53 - 2014-09-12 16:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Likno Software
2014-09-12 16:45 - 2014-09-12 16:54 - 00000000 ____D () C:\Program Files (x86)\LiknoWebButtonMakerFree
2014-09-12 16:43 - 2014-09-12 16:44 - 00367464 _____ () C:\Users\Hubert\Downloads\SoftonicDownloader_for_likno-web-button-maker.exe
2014-09-11 03:51 - 2014-01-09 04:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-09-11 03:51 - 2014-01-04 00:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-09-10 21:20 - 2014-09-10 21:20 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\Itsth
2014-09-10 21:18 - 2014-09-10 21:20 - 13513912 _____ (IT-Services Thomas Holz ) C:\Users\Hubert\Downloads\E2S4O_D_Freeware.exe
2014-09-10 16:26 - 2014-09-10 16:26 - 00000112 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2014-09-10 16:23 - 2014-09-10 16:23 - 00000000 ____D () C:\Users\Hubert\AppData\Local\SimpleSYN
2014-09-10 16:21 - 2014-09-24 16:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SimpleSYN
2014-09-10 16:21 - 2014-09-10 16:21 - 00002196 _____ () C:\Users\Public\Desktop\OutlookSync.lnk
2014-09-10 16:21 - 2014-09-10 16:21 - 00000000 ____D () C:\Program Files (x86)\creativbox.net
2014-09-10 16:18 - 2014-09-10 16:19 - 18796568 _____ (creativbox.net) C:\Users\Hubert\Downloads\SimpleSYN.exe
2014-09-10 08:53 - 2013-10-02 04:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-09-10 08:53 - 2013-10-02 04:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-09-10 08:53 - 2013-10-02 04:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-09-10 08:53 - 2013-10-02 03:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-09-10 08:53 - 2013-10-02 03:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-09-10 08:53 - 2013-10-02 03:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-09-10 08:53 - 2013-10-02 03:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-09-10 08:53 - 2013-10-02 02:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-09-10 08:53 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-09-10 08:53 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-09-10 08:53 - 2013-10-02 02:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-09-10 08:53 - 2013-10-02 02:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-09-10 08:53 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-09-10 08:53 - 2013-10-02 01:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-09-10 08:53 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-09-10 08:53 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-09-10 08:28 - 2014-09-10 08:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2014-09-10 08:27 - 2014-09-10 08:27 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-09-10 08:26 - 2014-09-10 08:26 - 02806920 _____ () C:\Users\Hubert\Downloads\Adaware_Installer.exe
2014-09-10 03:12 - 2014-08-17 06:00 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-10 03:12 - 2014-08-17 06:00 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-10 03:12 - 2014-08-17 05:59 - 19280384 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-10 03:12 - 2014-08-17 05:59 - 01407488 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-10 03:12 - 2014-08-17 05:59 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-10 03:12 - 2014-08-17 05:59 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-10 03:12 - 2014-08-17 05:59 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-10 03:12 - 2014-08-17 05:58 - 15399424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-10 03:12 - 2014-08-17 05:58 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-10 03:12 - 2014-08-17 05:58 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-10 03:12 - 2014-08-17 05:58 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-10 03:12 - 2014-08-17 05:58 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-09-10 03:12 - 2014-08-17 05:58 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-10 03:12 - 2014-08-17 05:58 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-10 03:12 - 2014-08-17 05:58 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-10 03:12 - 2014-08-17 05:58 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-10 03:12 - 2014-08-17 05:58 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-09-10 03:12 - 2014-08-17 05:58 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-10 03:12 - 2014-08-17 05:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-10 03:12 - 2014-08-17 05:58 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-10 03:12 - 2014-08-17 05:57 - 14369280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-10 03:12 - 2014-08-17 05:57 - 13757440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-10 03:12 - 2014-08-17 05:57 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-10 03:12 - 2014-08-17 05:57 - 02055168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-10 03:12 - 2014-08-17 05:57 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-10 03:12 - 2014-08-17 05:57 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-10 03:12 - 2014-08-17 05:57 - 01180672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-10 03:12 - 2014-08-17 05:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-09-10 03:12 - 2014-08-17 05:57 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-10 03:12 - 2014-08-17 05:57 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-10 03:12 - 2014-08-17 05:57 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-10 03:12 - 2014-08-17 05:57 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-10 03:12 - 2014-08-17 05:57 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-10 03:12 - 2014-08-17 05:57 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-10 03:12 - 2014-08-17 05:57 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-09-10 03:12 - 2014-08-17 05:57 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-10 03:12 - 2014-08-17 05:57 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-10 03:12 - 2014-08-17 05:57 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-10 03:12 - 2014-08-17 05:57 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-10 03:12 - 2014-08-16 09:25 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-10 03:12 - 2014-08-16 08:43 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-10 03:12 - 2014-08-16 08:34 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-09-10 03:12 - 2014-08-16 07:53 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-09-10 03:01 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-10 03:01 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-10 00:19 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-10 00:19 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-10 00:19 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 00:19 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-10 00:19 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-10 00:19 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-10 00:19 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-10 00:19 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-10 00:19 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-09 20:44 - 2014-09-09 20:44 - 03675017 _____ ( ) C:\Users\Hubert\Downloads\setup90.exe
2014-09-09 20:44 - 2014-09-09 20:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Schmaili
2014-09-09 20:44 - 2014-09-09 20:44 - 00000000 ____D () C:\Program Files (x86)\Schmaili90
2014-09-09 20:44 - 2005-11-27 22:07 - 00491520 _____ () C:\Windows\SysWOW64\CoolXPButton.ocx
2014-09-09 20:44 - 2001-05-24 12:20 - 00544256 _____ () C:\Windows\SysWOW64\janGraphics.dll
2014-09-09 15:07 - 2014-09-09 16:35 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\Syncios
2014-09-09 15:07 - 2014-09-09 15:07 - 00000000 ____D () C:\Users\Hubert\Documents\Syncios
2014-09-09 15:07 - 2014-09-09 15:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Syncios
2014-09-09 15:06 - 2014-09-09 15:07 - 00000000 ____D () C:\Program Files (x86)\Syncios
2014-09-09 14:59 - 2014-09-09 15:01 - 23386176 _____ (Anvsoft, Inc. ) C:\Users\Hubert\Downloads\syncios.exe
2014-09-09 14:49 - 2014-09-09 14:49 - 05102256 _____ (WindSolutions) C:\Users\Hubert\Downloads\Install_CopyTransControlCenter.exe
2014-09-09 14:49 - 2014-09-09 14:49 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CopyTrans Control Center
2014-09-09 14:46 - 2014-09-09 14:58 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\WindSolutions
2014-09-09 14:46 - 2014-09-09 14:54 - 00000000 ____D () C:\ProgramData\WindSolutions
2014-09-09 08:21 - 2014-09-09 19:53 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\HandBrake
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-07 15:01 - 2013-01-09 18:33 - 00000000 ____D () C:\Users\Hubert
2014-10-07 14:58 - 2013-10-20 13:34 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\.purple
2014-10-07 14:06 - 2013-01-11 12:11 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\Skype
2014-10-07 13:45 - 2013-01-09 18:26 - 01698014 _____ () C:\Windows\WindowsUpdate.log
2014-10-07 12:29 - 2013-01-09 22:08 - 00000000 ____D () C:\Users\Hubert\Documents\Outlook-Dateien
2014-10-07 10:28 - 2013-01-10 14:32 - 00000099 _____ () C:\Users\Public\LMDebug.log
2014-10-06 20:01 - 2014-05-14 08:48 - 00000000 ____D () C:\Users\Hubert\Desktop\Womo
2014-10-06 15:08 - 2013-04-15 09:26 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\vlc
2014-10-06 15:06 - 2013-01-09 15:16 - 00000000 ____D () C:\Users\Hubert\Desktop\Neue Dateien
2014-10-06 14:53 - 2009-07-14 19:58 - 00717144 _____ () C:\Windows\system32\perfh007.dat
2014-10-06 14:53 - 2009-07-14 19:58 - 00154760 _____ () C:\Windows\system32\perfc007.dat
2014-10-06 14:53 - 2009-07-14 07:13 - 01655992 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-06 12:32 - 2013-01-09 15:16 - 00000000 ____D () C:\Users\Hubert\Desktop\Bestellungen
2014-10-05 21:21 - 2013-07-31 14:44 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\TrafficMonitor
2014-10-05 18:20 - 2013-01-10 17:46 - 00000000 ____D () C:\Users\Hubert\AppData\Local\PasswordSafe
2014-10-05 18:20 - 2013-01-09 22:11 - 00000000 ____D () C:\Users\Hubert\Documents\Privat
2014-10-05 18:20 - 2013-01-09 15:16 - 00000000 ___RD () C:\Users\Hubert\Desktop\Sicherheits-Tools
2014-10-05 15:59 - 2013-01-12 16:46 - 00022528 _____ () C:\Users\Hubert\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-10-05 14:25 - 2013-01-09 21:00 - 00000000 ____D () C:\Users\Hubert\Documents\Corel User Files
2014-10-05 04:24 - 2009-07-14 06:45 - 00015488 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-05 04:24 - 2009-07-14 06:45 - 00015488 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-04 14:49 - 2013-01-12 20:44 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\Nitro PDF
2014-10-04 12:29 - 2013-01-11 21:25 - 00000021 _____ () C:\Windows\TemplateWizard.INI
2014-10-04 09:28 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-10-04 08:49 - 2013-01-10 19:51 - 00000000 _____ () C:\DebugTraceNormal.log
2014-10-04 08:45 - 2013-01-10 17:35 - 00000000 ____D () C:\Program Files (x86)\VideoViewer
2014-10-04 08:42 - 2013-01-18 19:51 - 00000106 _____ () C:\Windows\system32\mfilemon.log
2014-10-04 08:42 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-04 08:42 - 2009-07-14 06:51 - 00058733 _____ () C:\Windows\setupact.log
2014-10-04 08:41 - 2013-01-10 15:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-04 08:41 - 2013-01-09 19:20 - 00196880 _____ () C:\Windows\PFRO.log
2014-10-02 13:13 - 2013-01-13 15:06 - 00000000 ____D () C:\Users\Hubert\AppData\Local\CrashDumps
2014-10-02 11:56 - 2014-09-02 09:23 - 00000000 ____D () C:\Users\Hubert\Desktop\alarm
2014-10-02 09:51 - 2013-01-09 21:51 - 00000000 ____D () C:\Users\Hubert\Documents\Labels
2014-10-01 17:14 - 2013-05-20 19:10 - 00000000 ____D () C:\Users\Hubert\AppData\Local\gtk-2.0
2014-10-01 08:43 - 2013-04-04 10:04 - 00000000 ____D () C:\Users\Hubert\Documents\KasseSolventSL
2014-10-01 08:39 - 2013-06-04 16:12 - 00000000 ____D () C:\Program Files (x86)\StarMoney Business 6.0
2014-09-29 12:02 - 2014-04-18 18:14 - 00000000 ____D () C:\Users\Hubert\Desktop\Scans
2014-09-28 09:14 - 2013-01-11 20:16 - 00000437 _____ () C:\Windows\ULEAD32.INI
2014-09-28 09:07 - 2013-01-14 11:23 - 00000132 _____ () C:\Users\Hubert\AppData\Roaming\Adobe CS6-GIF-Format - Voreinstellungen
2014-09-27 17:29 - 2013-01-11 19:15 - 00000000 ____D () C:\Users\Hubert\Documents\Rezepte
2014-09-25 12:26 - 2013-01-11 15:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite 12
2014-09-25 12:13 - 2013-10-24 09:58 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\AllDup
2014-09-24 16:18 - 2013-02-11 17:30 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-23 17:08 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-09-23 17:07 - 2013-01-09 14:58 - 00000000 ____D () C:\cadia
2014-09-17 14:32 - 2014-08-16 16:01 - 00001104 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-09-15 09:06 - 2013-01-09 18:57 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-13 14:10 - 2013-01-09 20:59 - 00000000 ____D () C:\Users\Hubert\Documents\Audio-Tools
2014-09-12 19:43 - 2013-01-11 14:02 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\UseNeXT
2014-09-12 19:10 - 2013-01-09 22:17 - 00000000 ____D () C:\Users\Hubert\Documents\UseNeXT
2014-09-11 18:21 - 2013-01-09 15:00 - 00000000 ____D () C:\Users\Hubert\Documents\Rechtsanwalt
2014-09-11 15:33 - 2014-02-01 19:01 - 00033792 ___SH () C:\Users\Thumbs.db
2014-09-10 03:12 - 2013-01-10 12:46 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-10 03:10 - 2013-01-09 19:26 - 01629336 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-10 03:09 - 2013-07-11 16:40 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-10 03:02 - 2013-01-10 10:52 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-09 19:17 - 2014-01-31 17:12 - 00000000 ____D () C:\Users\Hubert\Documents\Iphone
2014-09-09 15:18 - 2013-01-09 21:20 - 00000000 ____D () C:\Users\Hubert\Documents\Eigene Webs
2014-09-09 14:45 - 2013-01-11 19:38 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\MAGIX
2014-09-09 14:18 - 2014-07-15 15:50 - 00000000 ____D () C:\Users\Hubert\Desktop\Hausboot2015
ZeroAccess:
C:\Users\HUES-Win7-old\AppData\Local\{3a965605-a8ea-b9a1-9525-1fa5e4ef38d9}
C:\Users\HUES-Win7-old\AppData\Local\{3a965605-a8ea-b9a1-9525-1fa5e4ef38d9}\@
Files to move or delete:
====================
C:\Users\HUES-Win7-old\en_res.dll
C:\Users\HUES-Win7-old\es_res.dll
C:\Users\HUES-Win7-old\fr_res.dll
C:\Users\HUES-Win7-old\grm_res.dll
C:\Users\HUES-Win7-old\it_res.dll
C:\Users\HUES-Win7-old\jp_res.dll
C:\Users\HUES-Win7-old\mfc80u.dll
C:\Users\HUES-Win7-old\msvcr80.dll
C:\Users\HUES-Win7-old\pt_res.dll
C:\Users\HUES-Win7-old\ResourceReader.dll
C:\Users\HUES-Win7-old\ru_res.dll
C:\Users\HUES-Win7-old\zh_res.dll
Some content of TEMP:
====================
C:\Users\Hubert\AppData\Local\Temp\AskSLib.dll
C:\Users\Hubert\AppData\Local\Temp\atl.exe
C:\Users\Hubert\AppData\Local\Temp\Baidu_PCAppStore_4.3.1.5732.exe
C:\Users\Hubert\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Hubert\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Hubert\AppData\Local\Temp\firefoxjre_exe-1.exe
C:\Users\Hubert\AppData\Local\Temp\firefoxjre_exe.exe
C:\Users\Hubert\AppData\Local\Temp\IminentSetup.exe
C:\Users\Hubert\AppData\Local\Temp\IminentSoftonicReady.exe
C:\Users\Hubert\AppData\Local\Temp\incredibar_installer.exe
C:\Users\Hubert\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe
C:\Users\Hubert\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Hubert\AppData\Local\Temp\lowproc.exe
C:\Users\Hubert\AppData\Local\Temp\lrqfpkgr.dll
C:\Users\Hubert\AppData\Local\Temp\mgxfonts.exe
C:\Users\Hubert\AppData\Local\Temp\NitroPDFpdrv6.dll
C:\Users\Hubert\AppData\Local\Temp\NitroPDFpdui6.dll
C:\Users\Hubert\AppData\Local\Temp\nitro_reader3_x64.exe
C:\Users\Hubert\AppData\Local\Temp\nsn8E21.exe
C:\Users\Hubert\AppData\Local\Temp\nsn9A04.exe
C:\Users\Hubert\AppData\Local\Temp\nss2212.exe
C:\Users\Hubert\AppData\Local\Temp\nsv8EE1.exe
C:\Users\Hubert\AppData\Local\Temp\nsx258C.exe
C:\Users\Hubert\AppData\Local\Temp\RealPlayer.exe
C:\Users\Hubert\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Hubert\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\Hubert\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Hubert\AppData\Local\Temp\stubhelper.dll
C:\Users\Hubert\AppData\Local\Temp\tmp6FCA.exe
C:\Users\Hubert\AppData\Local\Temp\UpdateCheckerSetup.exe
C:\Users\Hubert\AppData\Local\Temp\vlc-2.0.6-win64.exe
C:\Users\Hubert\AppData\Local\Temp\wmaudio.exe
C:\Users\Hubert\AppData\Local\Temp\wmf9.exe
C:\Users\Hubert\AppData\Local\Temp\wmpcdcs8.exe
C:\Users\Hubert\AppData\Local\Temp\wusetup.exE
C:\Users\Hubert\AppData\Local\Temp\_is334D.exe
C:\Users\Hubert\AppData\Local\Temp\_isFE1F.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-10-06 00:35
==================== End Of Log ============================
3. defogger_disable.log defogger_disable by jpshortstuff (23.02.10.1) Log created at 15:06 on 07/10/2014 (Hubert) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- 4. gmer.log GMER Logfile: Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-10-07 15:21:55
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 WDC_WD5000AZRX-00A8LB0 rev.01.01A01 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\Hubert\AppData\Local\Temp\kgdirpow.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80002809000 11 bytes [EB, 37, 2D, 10, 07, 3A, CA, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 540 fffff8000280900c 65 bytes [59, 7A, 1A, 84, B0, 31, 76, ...]
---- User code sections - GMER 2.1 ----
.text C:\Windows\Explorer.EXE[1796] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000077710650 6 bytes {JMP QWORD [RIP+0x890f9e0]}
.text C:\Windows\Explorer.EXE[1796] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd969055 3 bytes [B5, 6F, 19]
.text C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BHipsSvc.exe[2016] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076c71465 2 bytes [C7, 76]
.text C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BHipsSvc.exe[2016] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076c714bb 2 bytes [C7, 76]
.text ... * 2
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[2200] C:\Windows\SysWOW64\ntdll.dll!DbgBreakPoint 0000000077a0000c 1 byte [C3]
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[2200] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin 0000000077a8f8ea 5 bytes JMP 0000000177a3d5c1
.text C:\Program Files (x86)\creativbox.net\SimpleSYN\CBN.SimpleSYN.NET.exe[2292] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076c71465 2 bytes [C7, 76]
.text C:\Program Files (x86)\creativbox.net\SimpleSYN\CBN.SimpleSYN.NET.exe[2292] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076c714bb 2 bytes [C7, 76]
.text ... * 2
? C:\Windows\system32\mssprxy.dll [2292] entry point in ".rdata" section 000000006a0d71e6
.text C:\Program Files (x86)\Syncios\SynciosDeviceService.exe[2720] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076c71465 2 bytes [C7, 76]
.text C:\Program Files (x86)\Syncios\SynciosDeviceService.exe[2720] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076c714bb 2 bytes [C7, 76]
.text ... * 2
.text C:\Program Files (x86)\Baidu Security\Baidu Antivirus\bavhm.exe[660] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx + 626 000007fefd969ff2 3 bytes [0A, 60, 08]
.text C:\Windows\explorer.exe[6080] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000077710650 6 bytes {JMP QWORD [RIP+0x890f9e0]}
.text C:\Windows\explorer.exe[6080] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd969055 3 bytes [B5, 6F, 09]
.text C:\Windows\explorer.exe[7612] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000077710650 6 bytes {JMP QWORD [RIP+0x890f9e0]}
.text C:\Windows\explorer.exe[7612] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd969055 3 bytes [B5, 6F, 09]
---- Processes - GMER 2.1 ----
Library C:\ProgramData\AllDup\FEShlExt.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [1796] (Fast Explorer shell extension/Alex Yakovlev)(2013-10-24 07:58:53) 000000000fc00000
---- EOF - GMER 2.1 ----
Hoffe, das war so richtig! Gruß Hubert |
|
08.10.2014, 11:44
| #4 |
| /// the machine /// TB-Ausbilder | Komischer Linkversuch zu grevolutionstore.it Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
08.10.2014, 18:50
| #5 |
| | Hier die neuen Logfiles 1. MBAM.txt Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 08.10.2014 Suchlauf-Zeit: 12:54:08 Logdatei: MBAM.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.10.08.03 Rootkit Datenbank: v2014.09.19.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Self-protection: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Hubert Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 382477 Verstrichene Zeit: 13 Min, 51 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 35 PUP.Optional.StartPage.A, HKLM\SOFTWARE\CLASSES\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}, In Quarantäne, [c38070a28def80b6bf5e6a2d31d1cf31], PUP.Optional.StartPage.A, HKLM\SOFTWARE\CLASSES\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}\INPROCSERVER32, In Quarantäne, [c38070a28def80b6bf5e6a2d31d1cf31], PUP.Optional.StartPage.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}, In Quarantäne, [c38070a28def80b6bf5e6a2d31d1cf31], PUP.Optional.StartPage.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}, In Quarantäne, [c38070a28def80b6bf5e6a2d31d1cf31], PUP.Optional.StartPage.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}, In Quarantäne, [c38070a28def80b6bf5e6a2d31d1cf31], PUP.Optional.StartPage.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}, In Quarantäne, [c38070a28def80b6bf5e6a2d31d1cf31], PUP.Optional.StartPage.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}, In Quarantäne, [c38070a28def80b6bf5e6a2d31d1cf31], PUP.Optional.StartPage.A, HKLM\SOFTWARE\CLASSES\Extension.ExtensionHelperObject.1, In Quarantäne, [c38070a28def80b6bf5e6a2d31d1cf31], PUP.Optional.StartPage.A, HKLM\SOFTWARE\CLASSES\Extension.ExtensionHelperObject, In Quarantäne, [c38070a28def80b6bf5e6a2d31d1cf31], PUP.Optional.StartPage.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Extension.ExtensionHelperObject, In Quarantäne, [c38070a28def80b6bf5e6a2d31d1cf31], PUP.Optional.StartPage.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{336D0C35-8A85-403A-B9D2-65C292C39087}, In Quarantäne, [c38070a28def80b6bf5e6a2d31d1cf31], PUP.Optional.StartPage.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Extension.ExtensionHelperObject.1, In Quarantäne, [c38070a28def80b6bf5e6a2d31d1cf31], PUP.Optional.StartPage.A, HKU\S-1-5-21-106921944-1459413208-1379297083-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{336D0C35-8A85-403A-B9D2-65C292C39087}, In Quarantäne, [c38070a28def80b6bf5e6a2d31d1cf31], PUP.Optional.StartPage.A, HKU\S-1-5-21-106921944-1459413208-1379297083-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{336D0C35-8A85-403A-B9D2-65C292C39087}, In Quarantäne, [c38070a28def80b6bf5e6a2d31d1cf31], PUP.Optional.Snapdo.T, HKU\S-1-5-21-106921944-1459413208-1379297083-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006ee092-9658-4fd6-bd8e-a21a348e59f5}, In Quarantäne, [281bf022a7d5c76f431ed9fba45ed32d], PUP.Optional.Snapdo.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006EE092-9658-4FD6-BD8E-A21A348E59F5}, In Quarantäne, [281bf022a7d5c76f431ed9fba45ed32d], PUP.Optional.SearchProtect.A, HKU\S-1-5-21-106921944-1459413208-1379297083-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, In Quarantäne, [f54e957db4c8092dd3d6494e20e2fa06], PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, In Quarantäne, [f54e957db4c8092dd3d6494e20e2fa06], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{68B81CCD-A80C-4060-8947-5AE69ED01199}, In Quarantäne, [be8528ea2d4fe5510d21646d1be7a45c], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}, In Quarantäne, [93b0769ca0dc231366c912bfa062d22e], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}, In Quarantäne, [46fd6ca6205ce84e4b78458b42c04fb1], PUP.Optional.Incredibar.A, HKLM\SOFTWARE\IB Updater, In Quarantäne, [f1526da5cfadb0864445f53f7390f010], PUP.Optional.Iminent.A, HKLM\SOFTWARE\Iminent, In Quarantäne, [99aa92804339ba7cf0cc50f7020140c0], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent, In Quarantäne, [76cd1ef42d4f39fd9c74cca69e6642be], PUP.Optional.Incredibar.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\dlnembnfbcpjnepmfjmngjenhhajpdfd, In Quarantäne, [55ee7e94027a3afc5d2bb38148bb0af6], PUP.Optional.DataMangr.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\DatamngrCoordinator.exe, In Quarantäne, [ec57977b097350e689dce53a6d967090], PUP.Optional.Incredibar.A, HKLM\SOFTWARE\WOW6432NODE\IB Updater, In Quarantäne, [093a62b05c202e084e3bd55f57ace917], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\Iminent, In Quarantäne, [70d354bef686c96d6b511c2bb35046ba], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent, In Quarantäne, [083bd43e93e9b185f719551d31d3e818], PUP.Optional.Incredibar.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\dlnembnfbcpjnepmfjmngjenhhajpdfd, In Quarantäne, [fb4819f9c7b55bdb840458dc897a867a], PUP.Optional.DataMangr.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\DatamngrCoordinator.exe, In Quarantäne, [6bd8b35fa5d7d5611a4b4bd4c04359a7], PUP.Optional.MySafeProxy.A, HKLM\SOFTWARE\WOW6432NODE\XTRM GROUP LTD.\MySafeProxy, In Quarantäne, [4ff4868c700cb185927759b73ac96799], PUP.Optional.PriceGong.A, HKU\S-1-5-21-106921944-1459413208-1379297083-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\PriceGong, In Quarantäne, [82c159b95f1dc4724cfdff42cd3655ab], PUP.Optional.Softonic.A, HKU\S-1-5-21-106921944-1459413208-1379297083-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, In Quarantäne, [b093da381c606fc7e82150e659aa9e62], PUP.Optional.IBUpdater, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1, In Quarantäne, [81c243cfbbc146f0f23bdf1939c9c937], Registrierungswerte: 10 PUP.Optional.StartPage.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|{336D0C35-8A85-403A-B9D2-65C292C39087}, C:\Program Files\IB Updater\Firefox, In Quarantäne, [c38070a28def80b6bf5e6a2d31d1cf31] PUP.Optional.StartPage.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|{336D0C35-8A85-403A-B9D2-65C292C39087}, C:\Program Files\IB Updater\Firefox, In Quarantäne, [c38070a28def80b6bf5e6a2d31d1cf31] PUP.Optional.Iminent.A, HKU\S-1-5-21-106921944-1459413208-1379297083-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{84FF7BD6-B47F-46F8-9130-01B2696B36CB}, In Quarantäne, [46fd6ca6205ce84e4b78458b42c04fb1], PUP.Optional.Iminent.A, HKU\S-1-5-21-106921944-1459413208-1379297083-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}, In Quarantäne, [8eb5050d68142f079b28e8e8cb371de3], PUP.Optional.StartPage.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS\{336D0C35-8A85-403a-B9D2-65C292C39087}, In Quarantäne, [b3909181e09ceb4bc5587720738f5fa1], PUP.Optional.StartPage.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS\{336D0C35-8A85-403a-B9D2-65C292C39087}, In Quarantäne, [1c27cf43fd7fd75fa37a1780db27fc04], PUP.Optional.SmartBar, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{ae07101b-46d4-4a98-af68-0333ea26e113}, Smartbar, In Quarantäne, [ab9869a983f946f0f8c5a0756b98e818] PUP.Optional.Incredibar, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}, C:\Program Files\IB Updater\Firefox, In Quarantäne, [3f04080a027ab87ee1a2a3c54abae020] PUP.Optional.SmartBar, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{ae07101b-46d4-4a98-af68-0333ea26e113}, Smartbar, In Quarantäne, [e16237dbbfbd73c328954cc9cf34c13f] PUP.Optional.Incredibar, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}, C:\Program Files\IB Updater\Firefox, In Quarantäne, [251ef919631965d1651e016751b301ff] Registrierungsdaten: 0 (No malicious items detected) Ordner: 30 PUP.Optional.SweetIM.A, C:\Windows\SysWOW64\jmdp, In Quarantäne, [1f24ec26067686b0f300f62fb64d9868], PUP.Optional.OpenCandy, C:\Users\Hubert\AppData\Roaming\OpenCandy, In Quarantäne, [400310021c601f174e0936ae669c8e72], PUP.Optional.OpenCandy, C:\Users\Hubert\AppData\Roaming\OpenCandy\50F79FE2AA58433F8C5C52A87B9CDE43, In Quarantäne, [400310021c601f174e0936ae669c8e72], PUP.Optional.Iminent.A, C:\Users\Hubert\AppData\Local\Temp\Iminent, In Quarantäne, [c47f5ab88bf1e74f1060a93b6999d030], PUP.Optional.Conduit.A, C:\Users\Hubert\AppData\Local\Temp\ct3288691, In Quarantäne, [c0838d852a52a1955f6dde06fc068878], PUP.Optional.Conduit.A, C:\Users\Hubert\AppData\Local\Temp\ct3297265, In Quarantäne, [51f2b16184f85dd978547d6745bd738d], PUP.Optional.Conduit.A, C:\Users\Hubert\AppData\Local\Temp\ct3297861, In Quarantäne, [0340b75bafcd290dfbd135afd82a5da3], PUP.Optional.Conduit.A, C:\Users\Hubert\AppData\Local\Temp\CT3314932, In Quarantäne, [7fc4759da4d82b0b04c86b79d72bf40c], PUP.Optional.IBUpdater, C:\Program Files\IB Updater\Firefox, In Quarantäne, [d56e8290fa82ac8adbbecf169c6605fb], PUP.Optional.IBUpdater, C:\Program Files\IB Updater\Firefox\chrome, In Quarantäne, [d56e8290fa82ac8adbbecf169c6605fb], PUP.Optional.IBUpdater, C:\Program Files\IB Updater\Firefox\chrome\content, In Quarantäne, [d56e8290fa82ac8adbbecf169c6605fb], PUP.Optional.IBUpdater, C:\Program Files\IB Updater\Firefox\chrome\content\libraries, In Quarantäne, [d56e8290fa82ac8adbbecf169c6605fb], PUP.Optional.IBUpdater, C:\Program Files\IB Updater\Firefox\chrome\content\resources, In Quarantäne, [d56e8290fa82ac8adbbecf169c6605fb], PUP.Optional.IBUpdater, C:\Program Files\IB Updater\Firefox\chrome\locale, In Quarantäne, [d56e8290fa82ac8adbbecf169c6605fb], PUP.Optional.IBUpdater, C:\Program Files\IB Updater\Firefox\chrome\locale\en-US, In Quarantäne, [d56e8290fa82ac8adbbecf169c6605fb], PUP.Optional.IBUpdater, C:\Program Files\IB Updater\Firefox\chrome\skin, In Quarantäne, [d56e8290fa82ac8adbbecf169c6605fb], PUP.Optional.IBUpdater, C:\Program Files\IB Updater\Firefox\defaults, In Quarantäne, [d56e8290fa82ac8adbbecf169c6605fb], PUP.Optional.IBUpdater, C:\Program Files\IB Updater\Firefox\defaults\preferences, In Quarantäne, [d56e8290fa82ac8adbbecf169c6605fb], PUP.Optional.PriceGong.A, C:\Users\Hubert\AppData\LocalLow\PriceGong, In Quarantäne, [142fc949abd1989ed2ffd215ce34ed13], PUP.Optional.PriceGong.A, C:\Users\Hubert\AppData\LocalLow\PriceGong\Data, In Quarantäne, [142fc949abd1989ed2ffd215ce34ed13], PUP.Optional.Incredibar.A, C:\Users\Hubert\AppData\Local\Temp\mt_ffx\Incredibar.com, In Quarantäne, [9ca72fe348349d9968d7c825f90952ae], PUP.Optional.Incredibar.A, C:\Users\Hubert\AppData\Local\Temp\mt_ffx\Incredibar.com\incredibar, In Quarantäne, [9ca72fe348349d9968d7c825f90952ae], PUP.Optional.Incredibar.A, C:\Users\Hubert\AppData\Local\Temp\mt_ffx\Incredibar.com\incredibar\1.5.11.14, In Quarantäne, [9ca72fe348349d9968d7c825f90952ae], PUP.Optional.IBUpdater, C:\Program Files\IB Updater, In Quarantäne, [81c243cfbbc146f0f23bdf1939c9c937], PUP.Optional.IBUpdater, C:\Program Files\IB Updater\libraries, In Quarantäne, [81c243cfbbc146f0f23bdf1939c9c937], PUP.Optional.IBUpdater, C:\Program Files\IB Updater\resources, In Quarantäne, [81c243cfbbc146f0f23bdf1939c9c937], PUP.Optional.MySafeProxy.A, C:\Windows\Temp\XTRM Group Ltd, In Quarantäne, [380ba969502cd561e0650806996a13ed], PUP.Optional.MySafeProxy.A, C:\Windows\Temp\XTRM Group Ltd\MySafeProxy, In Quarantäne, [380ba969502cd561e0650806996a13ed], PUP.Optional.MySafeProxy.A, C:\Windows\Temp\XTRM Group Ltd\MySafeProxy\1.0.7.0, In Quarantäne, [380ba969502cd561e0650806996a13ed], PUP.Optional.MySafeProxy.A, C:\Windows\Temp\XTRM Group Ltd\MySafeProxy\1.0.7.0\rollback, In Quarantäne, [380ba969502cd561e0650806996a13ed], Dateien: 80 PUP.Optional.StartPage.A, C:\Program Files\IB Updater\Extension64.dll, In Quarantäne, [c38070a28def80b6bf5e6a2d31d1cf31], PUP.Optional.StartPage.A, C:\Program Files\IB Updater\Extension32.dll, In Quarantäne, [c38070a28def80b6bf5e6a2d31d1cf31], PUP.Optional.Somoto, C:\Program Files (x86)\SARDU_2.0.6.3\SARDU_1, In Quarantäne, [ea5923ef1f5d1620d1d5e95218ed3cc4], PUP.Optional.SearchProtect.A, C:\Users\Hubert\AppData\Local\Temp\nshEAFA.tmp, In Quarantäne, [2d16b55d82faa4920a83bfe0639ef50b], PUP.Optional.Conduit.A, C:\Users\Hubert\AppData\Local\Temp\nsn8E21.exe, In Quarantäne, [70d380926c10a492e38a4a4b0cf51de3], PUP.Optional.Conduit.A, C:\Users\Hubert\AppData\Local\Temp\nsn9A04.exe, In Quarantäne, [212271a1106c9f97c8a58f0635cc9e62], PUP.Optional.Conduit.A, C:\Users\Hubert\AppData\Local\Temp\nss2212.exe, In Quarantäne, [271c5db5e399979f4d20068f6f9223dd], PUP.Optional.Conduit.A, C:\Users\Hubert\AppData\Local\Temp\nsv8EE1.exe, In Quarantäne, [5be8a46e205c1f17482531643ac751af], PUP.Optional.Conduit.A, C:\Users\Hubert\AppData\Local\Temp\nsx258C.exe, In Quarantäne, [043ffe14730975c18de0c3d253ae837d], PUP.Optional.Iminent.A, C:\Users\Hubert\AppData\Local\Temp\IminentSetup.exe, In Quarantäne, [c182f41e0f6d71c52a89d36de0219a66], PUP.Optional.Wajam.A, C:\Users\Hubert\AppData\Local\Temp\InstallShare12518\wajam.exe, In Quarantäne, [da692ee4c9b3e84ee248c97ed0300df3], PUP.Optional.Conduit.A, C:\Users\Hubert\AppData\Local\Temp\ct3297265\ism.exe, In Quarantäne, [5de6e72b522a8fa70cc9900a49b8b54b], PUP.Optional.ClientConnect, C:\Users\Hubert\AppData\Local\Temp\nsxF787.tmp\DownloadACC.dll, In Quarantäne, [2122878b91ebf73f6e08efc361a07789], PUP.Optional.ClientConnect, C:\Users\Hubert\AppData\Local\Temp\nsxF787.tmp\webapphost.dll, In Quarantäne, [cb78967c34487eb8cbab832f43be26da], PUP.Optional.ClientConnect, C:\Users\Hubert\AppData\Local\Temp\nsxF787.tmp\ProxyInstallerDir\ProxyInstaller.exe, In Quarantäne, [a0a371a1adcfd5614b2bf5bd54ad1de3], PUP.Optional.Inredibar.A, C:\Windows\Temp\INJ001\ExtensionUpdate.exe, In Quarantäne, [b2911ff3304cda5c0fc5f88e0ff2ee12], PUP.Optional.Softonic, C:\Users\Hubert\Downloads\SoftonicDownloader_for_likno-web-button-maker.exe, In Quarantäne, [c083a969522a0333183b279313eefc04], PUP.Optional.SweetIM.A, C:\Windows\SysWOW64\jmdp\SweetNT.crx, In Quarantäne, [1f24ec26067686b0f300f62fb64d9868], PUP.Optional.SweetIM.A, C:\Windows\SysWOW64\jmdp\lmrn.dll, In Quarantäne, [1f24ec26067686b0f300f62fb64d9868], PUP.Optional.SweetIM.A, C:\Windows\SysWOW64\jmdp\msvcp100.dll, In Quarantäne, [1f24ec26067686b0f300f62fb64d9868], PUP.Optional.SweetIM.A, C:\Windows\SysWOW64\jmdp\msvcr100.dll, In Quarantäne, [1f24ec26067686b0f300f62fb64d9868], PUP.Optional.SweetIM.A, C:\Windows\SysWOW64\jmdp\pnte.crx, In Quarantäne, [1f24ec26067686b0f300f62fb64d9868], PUP.Optional.SweetIM.A, C:\Windows\SysWOW64\jmdp\sqlite3.dll, In Quarantäne, [1f24ec26067686b0f300f62fb64d9868], PUP.Optional.SweetIM.A, C:\Windows\SysWOW64\jmdp\stij.exe, In Quarantäne, [1f24ec26067686b0f300f62fb64d9868], PUP.Optional.Iminent.A, C:\Program Files (x86)\Mozilla Firefox\defaults\pref\all-iminent.js, In Quarantäne, [d46f16fc2557ad896023ed6df4105aa6], PUP.Optional.CrossRider.A, C:\Windows\System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633, In Quarantäne, [76cd52c0bdbfbb7b72b8e0a0c3413dc3], PUP.Optional.OpenCandy, C:\Users\Hubert\AppData\Roaming\OpenCandy\50F79FE2AA58433F8C5C52A87B9CDE43\winzip180mul-64.msi, In Quarantäne, [400310021c601f174e0936ae669c8e72], PUP.Optional.OpenCandy, C:\Users\Hubert\AppData\Roaming\OpenCandy\50F79FE2AA58433F8C5C52A87B9CDE43\wzstarter.exe, In Quarantäne, [400310021c601f174e0936ae669c8e72], PUP.Optional.Conduit.A, C:\Users\Hubert\AppData\Local\Temp\ct3288691\chromeid.txt, In Quarantäne, [c0838d852a52a1955f6dde06fc068878], PUP.Optional.Conduit.A, C:\Users\Hubert\AppData\Local\Temp\ct3288691\setup.ini.txt, In Quarantäne, [c0838d852a52a1955f6dde06fc068878], PUP.Optional.Conduit.A, C:\Users\Hubert\AppData\Local\Temp\ct3297861\chromeid.txt, In Quarantäne, [0340b75bafcd290dfbd135afd82a5da3], PUP.Optional.Conduit.A, C:\Users\Hubert\AppData\Local\Temp\ct3297861\setup.ini.txt, In Quarantäne, [0340b75bafcd290dfbd135afd82a5da3], PUP.Optional.Conduit.A, C:\Users\Hubert\AppData\Local\Temp\CT3314932\ddt.csf, In Quarantäne, [7fc4759da4d82b0b04c86b79d72bf40c], PUP.Optional.IBUpdater, C:\Program Files\IB Updater\Firefox\chrome.manifest, In Quarantäne, [d56e8290fa82ac8adbbecf169c6605fb], PUP.Optional.IBUpdater, C:\Program Files\IB Updater\Firefox\install.rdf, In Quarantäne, [d56e8290fa82ac8adbbecf169c6605fb], PUP.Optional.IBUpdater, C:\Program Files\IB Updater\Firefox\chrome\content\main.js, In Quarantäne, [d56e8290fa82ac8adbbecf169c6605fb], PUP.Optional.IBUpdater, C:\Program Files\IB Updater\Firefox\chrome\content\main.xul, In Quarantäne, [d56e8290fa82ac8adbbecf169c6605fb], PUP.Optional.IBUpdater, C:\Program Files\IB Updater\Firefox\chrome\content\libraries\DataExchangeScript.js, In Quarantäne, [d56e8290fa82ac8adbbecf169c6605fb], PUP.Optional.IBUpdater, C:\Program Files\IB Updater\Firefox\chrome\content\resources\localscript.js, In Quarantäne, [d56e8290fa82ac8adbbecf169c6605fb], PUP.Optional.IBUpdater, C:\Program Files\IB Updater\Firefox\chrome\locale\en-US\overlay.dtd, In Quarantäne, [d56e8290fa82ac8adbbecf169c6605fb], PUP.Optional.IBUpdater, C:\Program Files\IB Updater\Firefox\chrome\skin\overlay.css, In Quarantäne, [d56e8290fa82ac8adbbecf169c6605fb], PUP.Optional.IBUpdater, C:\Program Files\IB Updater\Firefox\defaults\preferences\defaults.js, In Quarantäne, [d56e8290fa82ac8adbbecf169c6605fb], PUP.Optional.PriceGong.A, C:\Users\Hubert\AppData\LocalLow\PriceGong\Data\1.txt, In Quarantäne, [142fc949abd1989ed2ffd215ce34ed13], PUP.Optional.PriceGong.A, C:\Users\Hubert\AppData\LocalLow\PriceGong\Data\16175.txt, In Quarantäne, [142fc949abd1989ed2ffd215ce34ed13], PUP.Optional.PriceGong.A, C:\Users\Hubert\AppData\LocalLow\PriceGong\Data\2229.txt, In Quarantäne, [142fc949abd1989ed2ffd215ce34ed13], PUP.Optional.PriceGong.A, C:\Users\Hubert\AppData\LocalLow\PriceGong\Data\2365.txt, In Quarantäne, [142fc949abd1989ed2ffd215ce34ed13], PUP.Optional.PriceGong.A, C:\Users\Hubert\AppData\LocalLow\PriceGong\Data\a.txt, In Quarantäne, [142fc949abd1989ed2ffd215ce34ed13], PUP.Optional.PriceGong.A, C:\Users\Hubert\AppData\LocalLow\PriceGong\Data\b.txt, In Quarantäne, [142fc949abd1989ed2ffd215ce34ed13], PUP.Optional.PriceGong.A, C:\Users\Hubert\AppData\LocalLow\PriceGong\Data\c.txt, In Quarantäne, [142fc949abd1989ed2ffd215ce34ed13], PUP.Optional.PriceGong.A, C:\Users\Hubert\AppData\LocalLow\PriceGong\Data\d.txt, In Quarantäne, [142fc949abd1989ed2ffd215ce34ed13], PUP.Optional.PriceGong.A, C:\Users\Hubert\AppData\LocalLow\PriceGong\Data\e.txt, In Quarantäne, [142fc949abd1989ed2ffd215ce34ed13], PUP.Optional.PriceGong.A, C:\Users\Hubert\AppData\LocalLow\PriceGong\Data\f.txt, In Quarantäne, [142fc949abd1989ed2ffd215ce34ed13], PUP.Optional.PriceGong.A, C:\Users\Hubert\AppData\LocalLow\PriceGong\Data\g.txt, In Quarantäne, [142fc949abd1989ed2ffd215ce34ed13], PUP.Optional.PriceGong.A, C:\Users\Hubert\AppData\LocalLow\PriceGong\Data\h.txt, In Quarantäne, [142fc949abd1989ed2ffd215ce34ed13], PUP.Optional.PriceGong.A, C:\Users\Hubert\AppData\LocalLow\PriceGong\Data\i.txt, In Quarantäne, [142fc949abd1989ed2ffd215ce34ed13], PUP.Optional.PriceGong.A, C:\Users\Hubert\AppData\LocalLow\PriceGong\Data\j.txt, In Quarantäne, [142fc949abd1989ed2ffd215ce34ed13], PUP.Optional.PriceGong.A, C:\Users\Hubert\AppData\LocalLow\PriceGong\Data\k.txt, In Quarantäne, [142fc949abd1989ed2ffd215ce34ed13], PUP.Optional.PriceGong.A, C:\Users\Hubert\AppData\LocalLow\PriceGong\Data\l.txt, In Quarantäne, [142fc949abd1989ed2ffd215ce34ed13], PUP.Optional.PriceGong.A, C:\Users\Hubert\AppData\LocalLow\PriceGong\Data\m.txt, In Quarantäne, [142fc949abd1989ed2ffd215ce34ed13], PUP.Optional.PriceGong.A, C:\Users\Hubert\AppData\LocalLow\PriceGong\Data\mru.xml, In Quarantäne, [142fc949abd1989ed2ffd215ce34ed13], PUP.Optional.PriceGong.A, C:\Users\Hubert\AppData\LocalLow\PriceGong\Data\n.txt, In Quarantäne, [142fc949abd1989ed2ffd215ce34ed13], PUP.Optional.PriceGong.A, C:\Users\Hubert\AppData\LocalLow\PriceGong\Data\o.txt, In Quarantäne, [142fc949abd1989ed2ffd215ce34ed13], PUP.Optional.PriceGong.A, C:\Users\Hubert\AppData\LocalLow\PriceGong\Data\p.txt, In Quarantäne, [142fc949abd1989ed2ffd215ce34ed13], PUP.Optional.PriceGong.A, C:\Users\Hubert\AppData\LocalLow\PriceGong\Data\q.txt, In Quarantäne, [142fc949abd1989ed2ffd215ce34ed13], PUP.Optional.PriceGong.A, C:\Users\Hubert\AppData\LocalLow\PriceGong\Data\r.txt, In Quarantäne, [142fc949abd1989ed2ffd215ce34ed13], PUP.Optional.PriceGong.A, C:\Users\Hubert\AppData\LocalLow\PriceGong\Data\s.txt, In Quarantäne, [142fc949abd1989ed2ffd215ce34ed13], PUP.Optional.PriceGong.A, C:\Users\Hubert\AppData\LocalLow\PriceGong\Data\t.txt, In Quarantäne, [142fc949abd1989ed2ffd215ce34ed13], PUP.Optional.PriceGong.A, C:\Users\Hubert\AppData\LocalLow\PriceGong\Data\u.txt, In Quarantäne, [142fc949abd1989ed2ffd215ce34ed13], PUP.Optional.PriceGong.A, C:\Users\Hubert\AppData\LocalLow\PriceGong\Data\v.txt, In Quarantäne, [142fc949abd1989ed2ffd215ce34ed13], PUP.Optional.PriceGong.A, C:\Users\Hubert\AppData\LocalLow\PriceGong\Data\w.txt, In Quarantäne, [142fc949abd1989ed2ffd215ce34ed13], PUP.Optional.PriceGong.A, C:\Users\Hubert\AppData\LocalLow\PriceGong\Data\wlu.txt, In Quarantäne, [142fc949abd1989ed2ffd215ce34ed13], PUP.Optional.PriceGong.A, C:\Users\Hubert\AppData\LocalLow\PriceGong\Data\x.txt, In Quarantäne, [142fc949abd1989ed2ffd215ce34ed13], PUP.Optional.PriceGong.A, C:\Users\Hubert\AppData\LocalLow\PriceGong\Data\y.txt, In Quarantäne, [142fc949abd1989ed2ffd215ce34ed13], PUP.Optional.PriceGong.A, C:\Users\Hubert\AppData\LocalLow\PriceGong\Data\z.txt, In Quarantäne, [142fc949abd1989ed2ffd215ce34ed13], PUP.Optional.IBUpdater, C:\Program Files\IB Updater\DGChrome.exe, In Quarantäne, [81c243cfbbc146f0f23bdf1939c9c937], PUP.Optional.IBUpdater, C:\Program Files\IB Updater\InstallerHelper.dll, In Quarantäne, [81c243cfbbc146f0f23bdf1939c9c937], PUP.Optional.IBUpdater, C:\Program Files\IB Updater\unins000.dat, In Quarantäne, [81c243cfbbc146f0f23bdf1939c9c937], PUP.Optional.IBUpdater, C:\Program Files\IB Updater\unins000.exe, In Quarantäne, [81c243cfbbc146f0f23bdf1939c9c937], PUP.Optional.IBUpdater, C:\Program Files\IB Updater\libraries\DataExchangeScript.js, In Quarantäne, [81c243cfbbc146f0f23bdf1939c9c937], PUP.Optional.IBUpdater, C:\Program Files\IB Updater\resources\localscript.js, In Quarantäne, [81c243cfbbc146f0f23bdf1939c9c937], Physische Sektoren: 0 (No malicious items detected) (end) 2. AdwCleanerAdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.311 - Bericht erstellt am 08/10/2014 um 19:24:18
# Aktualisiert 30/09/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : Hubert - HUBERT-PC
# Gestartet von : C:\Users\Hubert\Desktop\Sicherheits-Tools\AdwCleaner_3.311.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\baidu
Ordner Gelöscht : C:\Windows\SysWOW64\ARFC
Ordner Gelöscht : C:\Windows\SysWOW64\WNLT
Ordner Gelöscht : C:\Windows\System32\ARFC
Ordner Gelöscht : C:\Users\Hubert\AppData\Local\Temp\mt_ffx
Ordner Gelöscht : C:\Users\Hubert\AppData\Local\Temp\OCS
Ordner Gelöscht : C:\Users\Hubert\AppData\Roaming\baidu
Ordner Gelöscht : C:\Users\HUES-Win7-old\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Public\Documents\baidu
Datei Gelöscht : C:\Users\HUES-Win7-old\AppData\Roaming\Mozilla\Firefox\Profiles\ddp24mia.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\HUES-Win7-old\AppData\Roaming\Mozilla\Firefox\Profiles\ddp24mia.default\user.js
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\pricegong_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\pricegong_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A1CCCE0D-AE21-42A2-BE58-8E6109410995}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht : HKCU\Software\anchorfree
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\Myfree Codec
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\powerpack
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\adawarebp
Schlüssel Gelöscht : HKLM\SOFTWARE\Myfree Codec
Schlüssel Gelöscht : HKLM\SOFTWARE\PIP
Schlüssel Gelöscht : HKLM\SOFTWARE\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\XTRM Group Ltd.
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FLV Player
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
***** [ Browser ] *****
-\\ Internet Explorer v10.0.9200.17088
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]
-\\ Mozilla Firefox v32.0.3 (x86 de)
[ Datei : C:\Users\Hubert\AppData\Roaming\Mozilla\Firefox\Profiles\uaa5oomv.default-1406201691444\prefs.js ]
Zeile gelöscht : user_pref("iminent.BirthDate", "1410533160");
[ Datei : C:\Users\HUES-Win7-old\AppData\Roaming\Mozilla\Firefox\Profiles\ddp24mia.default\prefs.js ]
Zeile gelöscht : user_pref("iminent.BirthDate", "1410533160");
*************************
AdwCleaner[R0].txt - [8019 octets] - [08/10/2014 19:01:02]
AdwCleaner[S0].txt - [7016 octets] - [08/10/2014 19:24:18]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7076 octets] ##########
3. JRT.txt ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.3.1 (10.06.2014:1) OS: Windows 7 Professional x64 Ran by Hubert on 08.10.2014 at 19:36:15,47 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\baidu" Successfully deleted: [Folder] "C:\Program Files (x86)\myfree codec" ~~~ FireFox Successfully deleted: [File] C:\user.js Successfully deleted the following from C:\Users\Hubert\AppData\Roaming\mozilla\firefox\profiles\uaa5oomv.default-1406201691444\prefs.js user_pref("browser.search.useDBForOrder", "false"); Emptied folder: C:\Users\Hubert\AppData\Roaming\mozilla\firefox\profiles\uaa5oomv.default-1406201691444\minidumps [9 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 08.10.2014 at 19:40:25,99 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 4. frisches FRST FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-10-2014 01
Ran by Hubert (administrator) on HUBERT-PC on 08-10-2014 19:42:29
Running from C:\Users\Hubert\Desktop\Sicherheits-Tools
Loaded Profile: Hubert (Available profiles: Hubert)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Baidu, Inc.) C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BAVSvc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Windows\vsnp325.exe
(Baidu, Inc.) C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BHipsSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareTray.exe
(devolo AG) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Marc Waesche Services) C:\Program Files (x86)\Schmaili90\schmaili.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(creativbox.net, Torsten Leithold & Georg von Kries GbR) C:\Program Files (x86)\creativbox.net\SimpleSYN\CBN.SimpleSYN.NET.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareService.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(Microsoft Corporation) C:\Windows\System32\Locator.exe
(Samsung Software Center, Moscow) C:\Windows\System32\spool\drivers\x64\3\NetFaxServer64.exe
(Baidu, Inc.) C:\Program Files (x86)\Baidu Security\Baidu Antivirus\bavhm.exe
(Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney Business 6.0\ouservice\StarMoneyOnlineUpdate.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Mirko Böer) C:\Program Files (x86)\trafficmonitor\TMPacketServiceInit.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
(ASCOMP Software GmbH) C:\Program Files (x86)\ASCOMP Software\BackUp Maker\bkmaker.exe
() C:\Windows\tsnp325.exe
() C:\Program Files (x86)\onlinebrief24.de\ebdhelper.exe
(The Pidgin developer community) C:\Program Files (x86)\Pidgin\pidgin.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
() C:\Program Files (x86)\Syncios\SynciosDeviceService.exe
(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [snp325] => C:\Windows\vsnp325.exe [835584 2007-05-10] ()
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareTray.exe [8886592 2014-08-27] ()
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Display] => C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe [284024 2012-01-24] (Schneider Electric)
HKLM-x32\...\Run: [SMB60StarMoneyRunEntry] => C:\Program Files (x86)\StarMoney Business 6.0\app\oflagent.exe [51856 2014-08-19] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
HKLM-x32\...\Run: [tsnp325] => C:\Windows\tsnp325.exe [270336 2007-04-21] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [onlinebrief24-ebdhelper] => C:\Program Files (x86)\onlinebrief24.de\ebdhelper.exe [692224 2014-02-13] ()
HKLM-x32\...\Run: [Baidu Antivirus] => C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavTray.exe [1704296 2014-06-13] (Baidu, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKLM-x32\...\Run: [Syncios device service] => C:\Program Files (x86)\Syncios\SynciosDeviceService.exe [736768 2014-08-12] ()
HKLM-x32\...\Run: [RouterControl] => C:\Program Files (x86)\RouterControl\ROUTERCONTROL.EXE [3449344 2009-05-19] (Mirko Böer)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-106921944-1459413208-1379297083-1000\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844296 2012-12-20] (Samsung)
HKU\S-1-5-21-106921944-1459413208-1379297083-1000\...\Run: [VideoViewer] => C:\Program Files (x86)\VideoViewer\VideoViewer.exe [286720 2014-02-19] (AVTECH)
HKU\S-1-5-21-106921944-1459413208-1379297083-1000\...\Run: [Schmaili] => C:\Program Files (x86)\Schmaili90\schmaili.exe [536576 2007-08-03] (Marc Waesche Services)
HKU\S-1-5-21-106921944-1459413208-1379297083-1000\...\Run: [SimpleSYN.NET] => C:\Program Files (x86)\creativbox.net\SimpleSYN\CBN.SimpleSYN.NET.exe [2561840 2014-09-24] (creativbox.net, Torsten Leithold & Georg von Kries GbR)
HKU\S-1-5-21-106921944-1459413208-1379297083-1000\...\Run: [RouterControl] => C:\Program Files (x86)\RouterControl\ROUTERCONTROL.EXE [3449344 2009-05-19] (Mirko Böer)
HKU\S-1-5-21-106921944-1459413208-1379297083-1000\...\Run: [TrafficMonitor] => C:\Program Files (x86)\trafficmonitor\TRAFFICMONITOR.EXE [5278576 2012-04-16] (Mirko Böer)
HKU\S-1-5-21-106921944-1459413208-1379297083-1000\...\Policies\Explorer: [NoThumbnailCache] 1
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-18\...\Run: [Schmaili] => C:\Program Files (x86)\Schmaili90\schmaili.exe [536576 2007-08-03] (Marc Waesche Services)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\APC UPS Status.lnk
ShortcutTarget: APC UPS Status.lnk -> C:\Program Files (x86)\APC\PowerChute Personal Edition\Display.exe (Schneider Electric)
Startup: C:\Users\Hubert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BackUp Maker.lnk
ShortcutTarget: BackUp Maker.lnk -> C:\Program Files (x86)\ASCOMP Software\BackUp Maker\bkmaker.exe (ASCOMP Software GmbH)
Startup: C:\Users\Hubert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Easy2Sync für Outlook.lnk
ShortcutTarget: Easy2Sync für Outlook.lnk -> C:\Program Files (x86)\Easy2Sync für Outlook\E2S4Outlook.exe (No File)
Startup: C:\Users\Hubert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Pidgin.lnk
ShortcutTarget: Pidgin.lnk -> C:\Program Files (x86)\Pidgin\pidgin.exe (The Pidgin developer community)
Startup: C:\Users\HUES-Win7-old\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (No File)
Startup: C:\Users\HUES-Win7-old\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VisionGS.lnk
ShortcutTarget: VisionGS.lnk -> C:\Program Files (x86)\VisionGS BE\visiongsa.exe ()
ShellIconOverlayIdentifiers: [BaiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavShx64.dll (Baidu, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hubert\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hubert\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hubert\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hubert\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hubert\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hubert\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hubert\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hubert\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x8BD60F872F53CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://wittigmbh.de/
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\..\Interfaces\{1168590D-DC3D-47D2-AA9A-6EBC1A4FE8B3}: [NameServer] 8.8.8.8,217.71.192.3
FireFox:
========
FF ProfilePath: C:\Users\Hubert\AppData\Roaming\Mozilla\Firefox\Profiles\uaa5oomv.default-1406201691444
FF DefaultSearchEngine: user_pref("browser.search.defaultenginename", "");
FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", "");
FF Homepage: hxxp://www.cumbre-wetter.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF SearchPlugin: C:\Users\Hubert\AppData\Roaming\Mozilla\Firefox\Profiles\uaa5oomv.default-1406201691444\searchplugins\ixquick-https---deutsch.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ColorfulTabs - C:\Users\Hubert\AppData\Roaming\Mozilla\Firefox\Profiles\uaa5oomv.default-1406201691444\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2014-09-25]
FF Extension: DownloadHelper - C:\Users\Hubert\AppData\Roaming\Mozilla\Firefox\Profiles\uaa5oomv.default-1406201691444\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-05]
FF Extension: Saved Password Editor - C:\Users\Hubert\AppData\Roaming\Mozilla\Firefox\Profiles\uaa5oomv.default-1406201691444\Extensions\savedpasswordeditor@daniel.dawson.xpi [2014-07-24]
FF Extension: Capture & Print - C:\Users\Hubert\AppData\Roaming\Mozilla\Firefox\Profiles\uaa5oomv.default-1406201691444\Extensions\{146f1820-2b0d-49ef-acbf-d85a6986e10c}.xpi [2014-07-24]
FF Extension: FireFTP - C:\Users\Hubert\AppData\Roaming\Mozilla\Firefox\Profiles\uaa5oomv.default-1406201691444\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [2014-07-24]
FF Extension: Adblock Plus - C:\Users\Hubert\AppData\Roaming\Mozilla\Firefox\Profiles\uaa5oomv.default-1406201691444\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-24]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-01-18]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
Chrome:
=======
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 ABBYY.Licensing.FineReader.Professional.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
S2 APC Data Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe [21880 2012-01-24] (Schneider Electric)
R2 APC UPS Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe [705912 2012-01-24] (Schneider Electric)
R2 BAVSvc; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BAVSvc.exe [2038248 2014-06-13] (Baidu, Inc.)
R2 BHipsSvc; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BHipsSvc.exe [481432 2014-06-13] (Baidu, Inc.)
R2 DevoloNetworkService; C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe [3645432 2014-07-18] (devolo AG)
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1253376 2009-08-27] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®) [File not signed]
S2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-08-07] (Garmin Ltd or its subsidiaries)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-23] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-23] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1037824 2009-09-23] (Hewlett-Packard Co.) [File not signed]
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareService.exe [706864 2014-08-27] ()
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-03-26] (Nitro PDF Software)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [271920 2007-03-12] (Nero AG)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
R2 Samsung Network Fax Server; C:\Windows\system32\spool\drivers\x64\3\NetFaxServer64.exe [216576 2009-12-02] (Samsung Software Center, Moscow) [File not signed]
R2 StarMoney Business 6.0 OnlineUpdate; C:\Program Files (x86)\StarMoney Business 6.0\ouservice\StarMoneyOnlineUpdate.exe [697488 2014-07-04] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TMPService; c:\program files (x86)\trafficmonitor\TMPacketServiceInit.exe [692808 2012-04-16] (Mirko Böer)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-09-07] (VIA Technologies, Inc.)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
U3 BdApiUtil; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BdApiUtil64.sys [148288 2014-04-08] (Baidu, Inc.)
U3 BdCameraProtect; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BdCameraProtect64.sys [24704 2014-05-27] (Baidu, Inc.)
R1 Bfilter; C:\Windows\System32\drivers\Bfilter.sys [56640 2014-05-27] (Baidu, Inc.)
R1 Bfmon; C:\Windows\System32\drivers\Bfmon.sys [37696 2014-05-27] (Baidu, Inc.)
R1 Bnbase; C:\Windows\System32\drivers\bnbasex64.sys [91616 2014-05-27] (Baidu, Inc.)
R1 Bndef; C:\Windows\System32\drivers\bndef64.sys [70912 2014-05-27] (Baidu, Inc.)
R1 Bprotect; C:\Windows\System32\drivers\Bprotect.sys [144960 2014-06-13] (Baidu, Inc.)
S3 cpuz135; C:\Program Files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys [24368 2012-08-11] (CPUID)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2012-12-21] () [File not signed]
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14920 2012-12-21] () [File not signed]
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2012-12-21] () [File not signed]
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [9160 2012-12-21] () [File not signed]
R3 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
R2 NPF_devolo; C:\Windows\sysWOW64\drivers\npf_devolo.sys [34048 2014-07-18] (CACE Technologies)
S3 SNP325; C:\Windows\System32\DRIVERS\snp325.sys [10733184 2007-11-22] (Sonix Co. Ltd.)
S3 Spring; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Spring64.sys [110336 2014-06-13] ()
R2 SSPORT; C:\Windows\SysWOW64\Drivers\SSPORT.sys [11576 2009-10-22] (Samsung Electronics)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-04-24] (Anchorfree Inc.)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [389240 2014-04-22] (BitDefender S.R.L.)
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-08 19:40 - 2014-10-08 19:40 - 00001133 _____ () C:\Users\Hubert\Desktop\JRT.txt
2014-10-08 19:36 - 2014-10-08 19:36 - 00000000 ____D () C:\Windows\ERUNT
2014-10-08 19:27 - 2014-10-08 19:27 - 00000000 ____D () C:\Users\Public\Documents\Baidu
2014-10-08 19:00 - 2014-10-08 19:24 - 00000000 ____D () C:\AdwCleaner
2014-10-08 13:12 - 2014-10-08 13:12 - 00000000 ____D () C:\ApcTempReg
2014-10-08 12:52 - 2014-10-08 13:14 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-08 12:52 - 2014-10-08 12:52 - 00001104 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-10-08 12:52 - 2014-10-08 12:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-10-08 12:52 - 2014-10-08 12:52 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-10-08 12:52 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-08 12:52 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-08 12:52 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-08 12:51 - 2014-10-08 12:52 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Hubert\Downloads\mbam-setup-2.0.2.1012.exe
2014-10-07 15:03 - 2014-10-08 19:42 - 00000000 ____D () C:\FRST
2014-10-07 15:01 - 2014-10-07 15:01 - 00000474 _____ () C:\Windows\SysWOW64\defogger_disable.log
2014-10-07 15:01 - 2014-10-07 15:01 - 00000000 _____ () C:\Users\Hubert\defogger_reenable
2014-10-07 14:34 - 2014-10-08 19:42 - 00000000 ____D () C:\Users\Hubert\Desktop\Trojaner
2014-10-07 12:04 - 2014-10-07 12:04 - 19673112 _____ () C:\Users\Hubert\Downloads\PanoStudio2ProSetup.exe
2014-10-06 14:50 - 2014-10-06 14:51 - 00000000 ____D () C:\Users\Hubert\Desktop\LampeJuergen
2014-10-05 21:24 - 2014-10-08 13:14 - 00000000 ____D () C:\Users\Hubert\Documents\Trafic
2014-10-05 18:18 - 2014-10-05 18:18 - 00002927 ____R () C:\Windows\TrafficMonitor_Uninstall.in
2014-10-05 18:18 - 2014-10-05 18:18 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TrafficMonitor
2014-10-05 18:18 - 2014-10-05 18:18 - 00000000 ____D () C:\Program Files (x86)\trafficmonitor
2014-10-05 18:18 - 2012-04-16 13:15 - 00331136 _____ (Mirko Böer) C:\Windows\TraffUn.EXE
2014-10-05 18:17 - 2014-10-05 18:17 - 03469477 _____ () C:\Users\Hubert\Downloads\trafficmsw.zip
2014-10-05 17:49 - 2014-10-05 17:49 - 00002455 ____R () C:\Windows\RouterControl_Uninstall.in
2014-10-05 17:49 - 2014-10-05 17:49 - 00001025 _____ () C:\Users\Hubert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RouterControl.lnk
2014-10-05 17:49 - 2014-10-05 17:49 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RouterControl
2014-10-05 17:49 - 2014-10-05 17:49 - 00000000 ____D () C:\Program Files (x86)\RouterControl
2014-10-05 17:49 - 2009-05-19 13:49 - 00330344 _____ (Mirko Böer) C:\Windows\RCoUn.EXE
2014-10-05 17:48 - 2014-10-05 18:18 - 00000000 ____D () C:\Users\Hubert\Desktop\rc
2014-10-05 17:48 - 2014-10-05 17:48 - 03430645 _____ () C:\Users\Hubert\Downloads\rc.zip
2014-10-03 18:58 - 2014-10-03 18:58 - 00002400 _____ () C:\Users\Hubert\Downloads\planned_route(2).trp
2014-10-03 18:57 - 2014-10-03 18:57 - 00001336 _____ () C:\Users\Hubert\Downloads\planned_route(1).trp
2014-10-03 18:52 - 2014-10-03 18:52 - 00001336 _____ () C:\Users\Hubert\Downloads\planned_route.trp
2014-10-03 13:29 - 2014-10-03 13:29 - 00102121 _____ () C:\Users\Hubert\Downloads\planned_route.gpx
2014-10-03 13:10 - 2014-10-03 13:10 - 00001012 _____ () C:\Users\Hubert\Downloads\TEst.gpx
2014-10-03 11:53 - 2014-10-03 12:04 - 00000000 ____D () C:\Users\Hubert\Documents\apemap
2014-10-03 11:50 - 2014-10-03 13:04 - 00000000 ____D () C:\Program Files (x86)\apemap
2014-10-03 11:48 - 2014-10-03 11:49 - 28735216 _____ () C:\Users\Hubert\Downloads\apemapSetup.exe
2014-10-01 16:31 - 2014-10-01 16:39 - 00709023 ____H () C:\Users\Hubert\Documents\~WRL0713.tmp
2014-10-01 10:00 - 2014-09-25 04:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-01 10:00 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-29 12:13 - 2014-09-29 12:13 - 02415648 _____ () C:\Users\Hubert\Desktop\Kartenspiel.mp4
2014-09-25 16:20 - 2014-09-25 16:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-24 16:14 - 2014-09-24 16:15 - 18792168 _____ (creativbox.net) C:\Users\Hubert\Downloads\SimpleSYN(1).exe
2014-09-24 02:54 - 2014-09-10 00:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-24 02:54 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-14 21:47 - 2014-09-14 21:47 - 00000218 _____ () C:\Users\Hubert\.recently-used.xbel
2014-09-13 16:07 - 2014-10-08 12:24 - 00011377 _____ () C:\Users\Hubert\Desktop\Pool-Meschke.xlsx
2014-09-12 17:17 - 2014-09-12 17:18 - 02138500 _____ () C:\Users\Hubert\Downloads\themenbuttons.zip
2014-09-12 16:53 - 2014-09-12 16:53 - 06909160 _____ (Likno Software) C:\Users\Hubert\Downloads\LiknoWebButtonMakerSetup.exe
2014-09-12 16:53 - 2014-09-12 16:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Likno Software
2014-09-12 16:45 - 2014-09-12 16:54 - 00000000 ____D () C:\Program Files (x86)\LiknoWebButtonMakerFree
2014-09-11 03:51 - 2014-01-09 04:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-09-11 03:51 - 2014-01-04 00:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-09-10 21:20 - 2014-09-10 21:20 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\Itsth
2014-09-10 21:18 - 2014-09-10 21:20 - 13513912 _____ (IT-Services Thomas Holz ) C:\Users\Hubert\Downloads\E2S4O_D_Freeware.exe
2014-09-10 16:26 - 2014-09-10 16:26 - 00000112 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2014-09-10 16:23 - 2014-09-10 16:23 - 00000000 ____D () C:\Users\Hubert\AppData\Local\SimpleSYN
2014-09-10 16:21 - 2014-09-24 16:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SimpleSYN
2014-09-10 16:21 - 2014-09-10 16:21 - 00002196 _____ () C:\Users\Public\Desktop\OutlookSync.lnk
2014-09-10 16:21 - 2014-09-10 16:21 - 00000000 ____D () C:\Program Files (x86)\creativbox.net
2014-09-10 16:18 - 2014-09-10 16:19 - 18796568 _____ (creativbox.net) C:\Users\Hubert\Downloads\SimpleSYN.exe
2014-09-10 08:53 - 2013-10-02 04:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-09-10 08:53 - 2013-10-02 04:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-09-10 08:53 - 2013-10-02 04:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-09-10 08:53 - 2013-10-02 03:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-09-10 08:53 - 2013-10-02 03:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-09-10 08:53 - 2013-10-02 03:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-09-10 08:53 - 2013-10-02 03:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-09-10 08:53 - 2013-10-02 02:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-09-10 08:53 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-09-10 08:53 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-09-10 08:53 - 2013-10-02 02:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-09-10 08:53 - 2013-10-02 02:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-09-10 08:53 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-09-10 08:53 - 2013-10-02 01:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-09-10 08:53 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-09-10 08:53 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-09-10 08:28 - 2014-09-10 08:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2014-09-10 08:27 - 2014-09-10 08:27 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-09-10 08:26 - 2014-09-10 08:26 - 02806920 _____ () C:\Users\Hubert\Downloads\Adaware_Installer.exe
2014-09-10 03:12 - 2014-08-17 06:00 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-10 03:12 - 2014-08-17 06:00 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-10 03:12 - 2014-08-17 05:59 - 19280384 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-10 03:12 - 2014-08-17 05:59 - 01407488 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-10 03:12 - 2014-08-17 05:59 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-10 03:12 - 2014-08-17 05:59 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-10 03:12 - 2014-08-17 05:59 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-10 03:12 - 2014-08-17 05:58 - 15399424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-10 03:12 - 2014-08-17 05:58 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-10 03:12 - 2014-08-17 05:58 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-10 03:12 - 2014-08-17 05:58 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-10 03:12 - 2014-08-17 05:58 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-09-10 03:12 - 2014-08-17 05:58 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-10 03:12 - 2014-08-17 05:58 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-10 03:12 - 2014-08-17 05:58 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-10 03:12 - 2014-08-17 05:58 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-10 03:12 - 2014-08-17 05:58 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-09-10 03:12 - 2014-08-17 05:58 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-10 03:12 - 2014-08-17 05:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-10 03:12 - 2014-08-17 05:58 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-10 03:12 - 2014-08-17 05:57 - 14369280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-10 03:12 - 2014-08-17 05:57 - 13757440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-10 03:12 - 2014-08-17 05:57 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-10 03:12 - 2014-08-17 05:57 - 02055168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-10 03:12 - 2014-08-17 05:57 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-10 03:12 - 2014-08-17 05:57 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-10 03:12 - 2014-08-17 05:57 - 01180672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-10 03:12 - 2014-08-17 05:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-09-10 03:12 - 2014-08-17 05:57 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-10 03:12 - 2014-08-17 05:57 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-10 03:12 - 2014-08-17 05:57 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-10 03:12 - 2014-08-17 05:57 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-10 03:12 - 2014-08-17 05:57 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-10 03:12 - 2014-08-17 05:57 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-10 03:12 - 2014-08-17 05:57 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-09-10 03:12 - 2014-08-17 05:57 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-10 03:12 - 2014-08-17 05:57 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-10 03:12 - 2014-08-17 05:57 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-10 03:12 - 2014-08-17 05:57 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-10 03:12 - 2014-08-16 09:25 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-10 03:12 - 2014-08-16 08:43 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-10 03:12 - 2014-08-16 08:34 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-09-10 03:12 - 2014-08-16 07:53 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-09-10 03:01 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-10 03:01 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-10 00:19 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-10 00:19 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-10 00:19 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 00:19 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-10 00:19 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-10 00:19 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-10 00:19 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-10 00:19 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-10 00:19 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-09 20:44 - 2014-09-09 20:44 - 03675017 _____ ( ) C:\Users\Hubert\Downloads\setup90.exe
2014-09-09 20:44 - 2014-09-09 20:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Schmaili
2014-09-09 20:44 - 2014-09-09 20:44 - 00000000 ____D () C:\Program Files (x86)\Schmaili90
2014-09-09 20:44 - 2005-11-27 22:07 - 00491520 _____ () C:\Windows\SysWOW64\CoolXPButton.ocx
2014-09-09 20:44 - 2001-05-24 12:20 - 00544256 _____ () C:\Windows\SysWOW64\janGraphics.dll
2014-09-09 15:07 - 2014-09-09 16:35 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\Syncios
2014-09-09 15:07 - 2014-09-09 15:07 - 00000000 ____D () C:\Users\Hubert\Documents\Syncios
2014-09-09 15:07 - 2014-09-09 15:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Syncios
2014-09-09 15:06 - 2014-09-09 15:07 - 00000000 ____D () C:\Program Files (x86)\Syncios
2014-09-09 14:59 - 2014-09-09 15:01 - 23386176 _____ (Anvsoft, Inc. ) C:\Users\Hubert\Downloads\syncios.exe
2014-09-09 14:49 - 2014-09-09 14:49 - 05102256 _____ (WindSolutions) C:\Users\Hubert\Downloads\Install_CopyTransControlCenter.exe
2014-09-09 14:49 - 2014-09-09 14:49 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CopyTrans Control Center
2014-09-09 14:46 - 2014-09-09 14:58 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\WindSolutions
2014-09-09 14:46 - 2014-09-09 14:54 - 00000000 ____D () C:\ProgramData\WindSolutions
2014-09-09 08:21 - 2014-09-09 19:53 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\HandBrake
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-08 19:42 - 2013-10-20 13:34 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\.purple
2014-10-08 19:42 - 2013-01-09 15:16 - 00000000 ___RD () C:\Users\Hubert\Desktop\Sicherheits-Tools
2014-10-08 19:38 - 2009-07-14 06:45 - 00015488 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-08 19:38 - 2009-07-14 06:45 - 00015488 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-08 19:34 - 2013-01-09 18:26 - 01743049 _____ () C:\Windows\WindowsUpdate.log
2014-10-08 19:30 - 2013-01-10 19:51 - 00000000 _____ () C:\DebugTraceNormal.log
2014-10-08 19:30 - 2013-01-09 22:08 - 00000000 ____D () C:\Users\Hubert\Documents\Outlook-Dateien
2014-10-08 19:28 - 2013-01-10 17:35 - 00000000 ____D () C:\Program Files (x86)\VideoViewer
2014-10-08 19:26 - 2013-01-18 19:51 - 00000106 _____ () C:\Windows\system32\mfilemon.log
2014-10-08 19:26 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-08 19:25 - 2013-01-09 19:20 - 00225028 _____ () C:\Windows\PFRO.log
2014-10-08 19:25 - 2009-07-14 06:51 - 00058845 _____ () C:\Windows\setupact.log
2014-10-08 13:20 - 2013-01-10 14:32 - 00000099 _____ () C:\Users\Public\LMDebug.log
2014-10-08 13:08 - 2013-04-07 18:50 - 00000000 ____D () C:\Program Files (x86)\SARDU_2.0.6.3
2014-10-08 12:52 - 2013-10-20 11:51 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-08 12:22 - 2013-01-09 15:16 - 00000000 ____D () C:\Users\Hubert\Desktop\Neue Dateien
2014-10-07 15:23 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-07 15:09 - 2013-01-11 12:11 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\Skype
2014-10-07 15:01 - 2013-01-09 18:33 - 00000000 ____D () C:\Users\Hubert
2014-10-06 20:01 - 2014-05-14 08:48 - 00000000 ____D () C:\Users\Hubert\Desktop\Womo
2014-10-06 15:08 - 2013-04-15 09:26 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\vlc
2014-10-06 14:53 - 2009-07-14 19:58 - 00717144 _____ () C:\Windows\system32\perfh007.dat
2014-10-06 14:53 - 2009-07-14 19:58 - 00154760 _____ () C:\Windows\system32\perfc007.dat
2014-10-06 14:53 - 2009-07-14 07:13 - 01655992 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-06 12:32 - 2013-01-09 15:16 - 00000000 ____D () C:\Users\Hubert\Desktop\Bestellungen
2014-10-05 21:21 - 2013-07-31 14:44 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\TrafficMonitor
2014-10-05 18:20 - 2013-01-10 17:46 - 00000000 ____D () C:\Users\Hubert\AppData\Local\PasswordSafe
2014-10-05 18:20 - 2013-01-09 22:11 - 00000000 ____D () C:\Users\Hubert\Documents\Privat
2014-10-05 15:59 - 2013-01-12 16:46 - 00022528 _____ () C:\Users\Hubert\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-10-05 14:25 - 2013-01-09 21:00 - 00000000 ____D () C:\Users\Hubert\Documents\Corel User Files
2014-10-04 14:49 - 2013-01-12 20:44 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\Nitro PDF
2014-10-04 12:29 - 2013-01-11 21:25 - 00000021 _____ () C:\Windows\TemplateWizard.INI
2014-10-04 09:28 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-10-04 08:41 - 2013-01-10 15:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-02 13:13 - 2013-01-13 15:06 - 00000000 ____D () C:\Users\Hubert\AppData\Local\CrashDumps
2014-10-02 11:56 - 2014-09-02 09:23 - 00000000 ____D () C:\Users\Hubert\Desktop\alarm
2014-10-02 09:51 - 2013-01-09 21:51 - 00000000 ____D () C:\Users\Hubert\Documents\Labels
2014-10-01 17:14 - 2013-05-20 19:10 - 00000000 ____D () C:\Users\Hubert\AppData\Local\gtk-2.0
2014-10-01 08:43 - 2013-04-04 10:04 - 00000000 ____D () C:\Users\Hubert\Documents\KasseSolventSL
2014-10-01 08:39 - 2013-06-04 16:12 - 00000000 ____D () C:\Program Files (x86)\StarMoney Business 6.0
2014-09-29 12:02 - 2014-04-18 18:14 - 00000000 ____D () C:\Users\Hubert\Desktop\Scans
2014-09-28 09:14 - 2013-01-11 20:16 - 00000437 _____ () C:\Windows\ULEAD32.INI
2014-09-28 09:07 - 2013-01-14 11:23 - 00000132 _____ () C:\Users\Hubert\AppData\Roaming\Adobe CS6-GIF-Format - Voreinstellungen
2014-09-27 17:29 - 2013-01-11 19:15 - 00000000 ____D () C:\Users\Hubert\Documents\Rezepte
2014-09-25 12:26 - 2013-01-11 15:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite 12
2014-09-25 12:13 - 2013-10-24 09:58 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\AllDup
2014-09-24 16:18 - 2013-02-11 17:30 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-23 17:08 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-09-23 17:07 - 2013-01-09 14:58 - 00000000 ____D () C:\cadia
2014-09-17 14:32 - 2014-08-16 16:01 - 00001104 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-09-15 09:06 - 2013-01-09 18:57 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-13 14:10 - 2013-01-09 20:59 - 00000000 ____D () C:\Users\Hubert\Documents\Audio-Tools
2014-09-12 19:43 - 2013-01-11 14:02 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\UseNeXT
2014-09-12 19:10 - 2013-01-09 22:17 - 00000000 ____D () C:\Users\Hubert\Documents\UseNeXT
2014-09-11 18:21 - 2013-01-09 15:00 - 00000000 ____D () C:\Users\Hubert\Documents\Rechtsanwalt
2014-09-11 15:33 - 2014-02-01 19:01 - 00033792 ___SH () C:\Users\Thumbs.db
2014-09-10 03:12 - 2013-01-10 12:46 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-10 03:10 - 2013-01-09 19:26 - 01629336 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-10 03:09 - 2013-07-11 16:40 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-10 03:02 - 2013-01-10 10:52 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-09 19:17 - 2014-01-31 17:12 - 00000000 ____D () C:\Users\Hubert\Documents\Iphone
2014-09-09 15:18 - 2013-01-09 21:20 - 00000000 ____D () C:\Users\Hubert\Documents\Eigene Webs
2014-09-09 14:45 - 2013-01-11 19:38 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\MAGIX
2014-09-09 14:18 - 2014-07-15 15:50 - 00000000 ____D () C:\Users\Hubert\Desktop\Hausboot2015
ZeroAccess:
C:\Users\HUES-Win7-old\AppData\Local\{3a965605-a8ea-b9a1-9525-1fa5e4ef38d9}
C:\Users\HUES-Win7-old\AppData\Local\{3a965605-a8ea-b9a1-9525-1fa5e4ef38d9}\@
Files to move or delete:
====================
C:\Users\HUES-Win7-old\en_res.dll
C:\Users\HUES-Win7-old\es_res.dll
C:\Users\HUES-Win7-old\fr_res.dll
C:\Users\HUES-Win7-old\grm_res.dll
C:\Users\HUES-Win7-old\it_res.dll
C:\Users\HUES-Win7-old\jp_res.dll
C:\Users\HUES-Win7-old\mfc80u.dll
C:\Users\HUES-Win7-old\msvcr80.dll
C:\Users\HUES-Win7-old\pt_res.dll
C:\Users\HUES-Win7-old\ResourceReader.dll
C:\Users\HUES-Win7-old\ru_res.dll
C:\Users\HUES-Win7-old\zh_res.dll
Some content of TEMP:
====================
C:\Users\Hubert\AppData\Local\Temp\AskSLib.dll
C:\Users\Hubert\AppData\Local\Temp\atl.exe
C:\Users\Hubert\AppData\Local\Temp\Baidu_PCAppStore_4.3.1.5732.exe
C:\Users\Hubert\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Hubert\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Hubert\AppData\Local\Temp\firefoxjre_exe-1.exe
C:\Users\Hubert\AppData\Local\Temp\firefoxjre_exe.exe
C:\Users\Hubert\AppData\Local\Temp\IminentSoftonicReady.exe
C:\Users\Hubert\AppData\Local\Temp\incredibar_installer.exe
C:\Users\Hubert\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe
C:\Users\Hubert\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Hubert\AppData\Local\Temp\lowproc.exe
C:\Users\Hubert\AppData\Local\Temp\lrqfpkgr.dll
C:\Users\Hubert\AppData\Local\Temp\mgxfonts.exe
C:\Users\Hubert\AppData\Local\Temp\NitroPDFpdrv6.dll
C:\Users\Hubert\AppData\Local\Temp\NitroPDFpdui6.dll
C:\Users\Hubert\AppData\Local\Temp\nitro_reader3_x64.exe
C:\Users\Hubert\AppData\Local\Temp\Quarantine.exe
C:\Users\Hubert\AppData\Local\Temp\RealPlayer.exe
C:\Users\Hubert\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Hubert\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\Hubert\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Hubert\AppData\Local\Temp\stubhelper.dll
C:\Users\Hubert\AppData\Local\Temp\tmp6FCA.exe
C:\Users\Hubert\AppData\Local\Temp\UpdateCheckerSetup.exe
C:\Users\Hubert\AppData\Local\Temp\vlc-2.0.6-win64.exe
C:\Users\Hubert\AppData\Local\Temp\wmaudio.exe
C:\Users\Hubert\AppData\Local\Temp\wmf9.exe
C:\Users\Hubert\AppData\Local\Temp\wmpcdcs8.exe
C:\Users\Hubert\AppData\Local\Temp\wusetup.exE
C:\Users\Hubert\AppData\Local\Temp\_is334D.exe
C:\Users\Hubert\AppData\Local\Temp\_isFE1F.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-10-06 00:35
==================== End Of Log ============================
--- --- --- Ich hoffe, das war alles richtig, was ich gemacht habe!? Vielen Dank schon mal für die Hilfe. Gruß Hubert |
|
09.10.2014, 10:58
| #6 |
| /// the machine /// TB-Ausbilder | Komischer Linkversuch zu grevolutionstore.itESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ --> Komischer Linkversuch zu grevolutionstore.it |
|
09.10.2014, 14:35
| #7 |
| | Feedback nach Eset und Sec.check 1. Eset ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=1befd254a29f92458ec9c3373eacadef # engine=20514 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2014-10-09 12:36:45 # local_time=2014-10-09 02:36:45 (+0100, Mitteleuropäische Sommerzeit ) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='' # compatibility_mode=5893 16776573 100 94 0 164488055 0 0 # compatibility_mode_1='Baidu Antivirus' # compatibility_mode=15105 16777213 100 99 8179 23241375 0 0 # scanned=435764 # found=14 # cleaned=0 # scan_time=7904 sh=67A75BAA7A5BBB2EEEBB99D490F00F82D0BB1E09 ft=1 fh=5d5a0ac2ab2c0a85 vn="Variante von Win32/Systweak evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe" sh=ABA32A0BF4960B1AB88953C36CF160625C78AC9B ft=1 fh=47eacc88b34b8f30 vn="MSIL/AdvancedSystemProtector.D evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\CPUID\PC Wizard 2012\systweakasp_c.exe" sh=4913E0F9EDA9B9C39B019445A84D65892CB1AFE8 ft=1 fh=9ae7f7a1d7f35279 vn="Variante von Win32/InstallShare.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Hubert\AppData\Local\InstallShare\2_14128_installer.exe" sh=843A425231EE9364C6EF6FA859E252F30809E388 ft=1 fh=01b038883fb048b7 vn="Variante von Win32/Toolbar.Iminent.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Hubert\AppData\Local\Temp\IminentSoftonicReady.exe" sh=2E521200ADA9DA5D36C0581D3F501604313B46CD ft=1 fh=070b7b4e75471fe4 vn="Win32/DownWare.L evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Hubert\AppData\Local\Temp\UpdateCheckerSetup.exe" sh=94808FCF0748C437F4D7FFA4D540E054CB014FAB ft=1 fh=70ddbdf0d299bc56 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Hubert\AppData\Local\Temp\nsxF787.tmp\System.dll" sh=CAC3F5217C8FEB6BDC25AE772C94D751FA90A8E5 ft=1 fh=94d2ec36ff7da8ba vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Hubert\AppData\Local\Temp\RarSFX0\Binaries\IExploreInstaller.exe" sh=13287F94C77CE22E0C11855F6DD07512CC74C105 ft=1 fh=080273d70ec48dd3 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Hubert\Documents\Tools\DVDFreeStudio590.exe" sh=7F0A0674E9522BFCF7CBA33DED49AAEBAF36F614 ft=1 fh=2f70aa409cdbff5b vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Hubert\Documents\Tools\HSS-2.90.exe" sh=5543317AB6CC3C84B018F7262CD7F6048CA22C4B ft=1 fh=1b57474b1411cddc vn="Win32/InstallMonetizer.AH evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Hubert\Documents\Tools\MyPhoneExplorer_Setup_1.8.4.exe" sh=7B2237C35AD29E31A729CC19A081EE77F87C4F09 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Conduit.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\HUES-Win7-old\AppData\Roaming\Thunderbird\Profiles\klcfq0fq.default\extensions\{94817c02-feac-4aa8-99d8-1cb47bf4d4c0}\chrome\spesoft.jar" sh=23A8AD9A547A04515A095AD30A92081316A9BEC3 ft=0 fh=0000000000000000 vn="Variante von Win32/Systweak evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\673322e.msi" sh=FA6B38AAAC213F1FBB6D46BC286C5AF66048C392 ft=1 fh=a5f88c48a94033ea vn="Variante von Win32/Toolbar.Perion.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KPTZNJWD\update[1]" sh=FA6B38AAAC213F1FBB6D46BC286C5AF66048C392 ft=1 fh=a5f88c48a94033ea vn="Variante von Win32/Toolbar.Perion.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KPTZNJWD\update[1]" 2. SecurityCheck läuft nicht mit folgender Meldung: UNSUPPORTED OPERATING SYSTEM! ABORTED! 3. FRST FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-10-2014 01
Ran by Hubert (administrator) on HUBERT-PC on 09-10-2014 14:45:39
Running from C:\Users\Hubert\Desktop\Sicherheits-Tools
Loaded Profile: Hubert (Available profiles: Hubert)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Baidu, Inc.) C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BAVSvc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Windows\vsnp325.exe
(Baidu, Inc.) C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BHipsSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareTray.exe
(devolo AG) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Marc Waesche Services) C:\Program Files (x86)\Schmaili90\schmaili.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(creativbox.net, Torsten Leithold & Georg von Kries GbR) C:\Program Files (x86)\creativbox.net\SimpleSYN\CBN.SimpleSYN.NET.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareService.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(Microsoft Corporation) C:\Windows\System32\Locator.exe
(Samsung Software Center, Moscow) C:\Windows\System32\spool\drivers\x64\3\NetFaxServer64.exe
(Baidu, Inc.) C:\Program Files (x86)\Baidu Security\Baidu Antivirus\bavhm.exe
(Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney Business 6.0\ouservice\StarMoneyOnlineUpdate.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Mirko Böer) C:\Program Files (x86)\trafficmonitor\TMPacketServiceInit.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
(ASCOMP Software GmbH) C:\Program Files (x86)\ASCOMP Software\BackUp Maker\bkmaker.exe
() C:\Windows\tsnp325.exe
() C:\Program Files (x86)\onlinebrief24.de\ebdhelper.exe
(The Pidgin developer community) C:\Program Files (x86)\Pidgin\pidgin.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
() C:\Program Files (x86)\Syncios\SynciosDeviceService.exe
(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Mirko Böer) C:\Program Files (x86)\trafficmonitor\TrafficMonitor.exe
(Mirko Böer) C:\Program Files (x86)\RouterControl\RouterControl.exe
(Baidu, Inc.) C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavTray.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
() C:\Users\Hubert\Desktop\SecurityCheck.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [snp325] => C:\Windows\vsnp325.exe [835584 2007-05-10] ()
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareTray.exe [8886592 2014-08-27] ()
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Display] => C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe [284024 2012-01-24] (Schneider Electric)
HKLM-x32\...\Run: [SMB60StarMoneyRunEntry] => C:\Program Files (x86)\StarMoney Business 6.0\app\oflagent.exe [51856 2014-08-19] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
HKLM-x32\...\Run: [tsnp325] => C:\Windows\tsnp325.exe [270336 2007-04-21] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [onlinebrief24-ebdhelper] => C:\Program Files (x86)\onlinebrief24.de\ebdhelper.exe [692224 2014-02-13] ()
HKLM-x32\...\Run: [Baidu Antivirus] => C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavTray.exe [1704296 2014-06-13] (Baidu, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKLM-x32\...\Run: [Syncios device service] => C:\Program Files (x86)\Syncios\SynciosDeviceService.exe [736768 2014-08-12] ()
HKLM-x32\...\Run: [RouterControl] => C:\Program Files (x86)\RouterControl\ROUTERCONTROL.EXE [3449344 2009-05-19] (Mirko Böer)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-106921944-1459413208-1379297083-1000\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844296 2012-12-20] (Samsung)
HKU\S-1-5-21-106921944-1459413208-1379297083-1000\...\Run: [VideoViewer] => C:\Program Files (x86)\VideoViewer\VideoViewer.exe [286720 2014-02-19] (AVTECH)
HKU\S-1-5-21-106921944-1459413208-1379297083-1000\...\Run: [Schmaili] => C:\Program Files (x86)\Schmaili90\schmaili.exe [536576 2007-08-03] (Marc Waesche Services)
HKU\S-1-5-21-106921944-1459413208-1379297083-1000\...\Run: [SimpleSYN.NET] => C:\Program Files (x86)\creativbox.net\SimpleSYN\CBN.SimpleSYN.NET.exe [2561840 2014-09-24] (creativbox.net, Torsten Leithold & Georg von Kries GbR)
HKU\S-1-5-21-106921944-1459413208-1379297083-1000\...\Run: [RouterControl] => C:\Program Files (x86)\RouterControl\ROUTERCONTROL.EXE [3449344 2009-05-19] (Mirko Böer)
HKU\S-1-5-21-106921944-1459413208-1379297083-1000\...\Run: [TrafficMonitor] => C:\Program Files (x86)\trafficmonitor\TRAFFICMONITOR.EXE [5278576 2012-04-16] (Mirko Böer)
HKU\S-1-5-21-106921944-1459413208-1379297083-1000\...\Run: [bandmon] => C:\Program Files (x86)\Rokario\Bandwidth Monitor\bandmon.exe
HKU\S-1-5-21-106921944-1459413208-1379297083-1000\...\Policies\Explorer: [NoThumbnailCache] 1
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-18\...\Run: [Schmaili] => C:\Program Files (x86)\Schmaili90\schmaili.exe [536576 2007-08-03] (Marc Waesche Services)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\APC UPS Status.lnk
ShortcutTarget: APC UPS Status.lnk -> C:\Program Files (x86)\APC\PowerChute Personal Edition\Display.exe (Schneider Electric)
Startup: C:\Users\Hubert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BackUp Maker.lnk
ShortcutTarget: BackUp Maker.lnk -> C:\Program Files (x86)\ASCOMP Software\BackUp Maker\bkmaker.exe (ASCOMP Software GmbH)
Startup: C:\Users\Hubert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Easy2Sync für Outlook.lnk
ShortcutTarget: Easy2Sync für Outlook.lnk -> C:\Program Files (x86)\Easy2Sync für Outlook\E2S4Outlook.exe (No File)
Startup: C:\Users\Hubert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Pidgin.lnk
ShortcutTarget: Pidgin.lnk -> C:\Program Files (x86)\Pidgin\pidgin.exe (The Pidgin developer community)
Startup: C:\Users\HUES-Win7-old\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (No File)
Startup: C:\Users\HUES-Win7-old\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VisionGS.lnk
ShortcutTarget: VisionGS.lnk -> C:\Program Files (x86)\VisionGS BE\visiongsa.exe ()
ShellIconOverlayIdentifiers: [BaiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavShx64.dll (Baidu, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hubert\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hubert\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hubert\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hubert\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hubert\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hubert\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hubert\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hubert\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x8BD60F872F53CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://wittigmbh.de/
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\..\Interfaces\{1168590D-DC3D-47D2-AA9A-6EBC1A4FE8B3}: [NameServer] 8.8.8.8,217.71.192.3
FireFox:
========
FF ProfilePath: C:\Users\Hubert\AppData\Roaming\Mozilla\Firefox\Profiles\uaa5oomv.default-1406201691444
FF DefaultSearchEngine: user_pref("browser.search.defaultenginename", "");
FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", "");
FF Homepage: hxxp://www.cumbre-wetter.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF SearchPlugin: C:\Users\Hubert\AppData\Roaming\Mozilla\Firefox\Profiles\uaa5oomv.default-1406201691444\searchplugins\ixquick-https---deutsch.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ColorfulTabs - C:\Users\Hubert\AppData\Roaming\Mozilla\Firefox\Profiles\uaa5oomv.default-1406201691444\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2014-09-25]
FF Extension: DownloadHelper - C:\Users\Hubert\AppData\Roaming\Mozilla\Firefox\Profiles\uaa5oomv.default-1406201691444\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-05]
FF Extension: Saved Password Editor - C:\Users\Hubert\AppData\Roaming\Mozilla\Firefox\Profiles\uaa5oomv.default-1406201691444\Extensions\savedpasswordeditor@daniel.dawson.xpi [2014-07-24]
FF Extension: Capture & Print - C:\Users\Hubert\AppData\Roaming\Mozilla\Firefox\Profiles\uaa5oomv.default-1406201691444\Extensions\{146f1820-2b0d-49ef-acbf-d85a6986e10c}.xpi [2014-07-24]
FF Extension: FireFTP - C:\Users\Hubert\AppData\Roaming\Mozilla\Firefox\Profiles\uaa5oomv.default-1406201691444\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [2014-07-24]
FF Extension: Adblock Plus - C:\Users\Hubert\AppData\Roaming\Mozilla\Firefox\Profiles\uaa5oomv.default-1406201691444\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-24]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-01-18]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
Chrome:
=======
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 ABBYY.Licensing.FineReader.Professional.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
S2 APC Data Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe [21880 2012-01-24] (Schneider Electric)
R2 APC UPS Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe [705912 2012-01-24] (Schneider Electric)
R2 BAVSvc; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BAVSvc.exe [2038248 2014-06-13] (Baidu, Inc.)
R2 BHipsSvc; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BHipsSvc.exe [481432 2014-06-13] (Baidu, Inc.)
R2 DevoloNetworkService; C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe [3645432 2014-07-18] (devolo AG)
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1253376 2009-08-27] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®) [File not signed]
S2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-08-07] (Garmin Ltd or its subsidiaries)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-23] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-23] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1037824 2009-09-23] (Hewlett-Packard Co.) [File not signed]
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareService.exe [706864 2014-08-27] ()
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-03-26] (Nitro PDF Software)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [271920 2007-03-12] (Nero AG)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
R2 Samsung Network Fax Server; C:\Windows\system32\spool\drivers\x64\3\NetFaxServer64.exe [216576 2009-12-02] (Samsung Software Center, Moscow) [File not signed]
R2 StarMoney Business 6.0 OnlineUpdate; C:\Program Files (x86)\StarMoney Business 6.0\ouservice\StarMoneyOnlineUpdate.exe [697488 2014-07-04] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TMPService; c:\program files (x86)\trafficmonitor\TMPacketServiceInit.exe [692808 2012-04-16] (Mirko Böer)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-09-07] (VIA Technologies, Inc.)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
U3 BdApiUtil; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BdApiUtil64.sys [148288 2014-04-08] (Baidu, Inc.)
U3 BdCameraProtect; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BdCameraProtect64.sys [24704 2014-05-27] (Baidu, Inc.)
R1 Bfilter; C:\Windows\System32\drivers\Bfilter.sys [56640 2014-05-27] (Baidu, Inc.)
R1 Bfmon; C:\Windows\System32\drivers\Bfmon.sys [37696 2014-05-27] (Baidu, Inc.)
R1 Bnbase; C:\Windows\System32\drivers\bnbasex64.sys [91616 2014-05-27] (Baidu, Inc.)
R1 Bndef; C:\Windows\System32\drivers\bndef64.sys [70912 2014-05-27] (Baidu, Inc.)
R1 Bprotect; C:\Windows\System32\drivers\Bprotect.sys [144960 2014-06-13] (Baidu, Inc.)
S3 cpuz135; C:\Program Files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys [24368 2012-08-11] (CPUID)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2012-12-21] () [File not signed]
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14920 2012-12-21] () [File not signed]
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2012-12-21] () [File not signed]
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [9160 2012-12-21] () [File not signed]
R3 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
R2 NPF_devolo; C:\Windows\sysWOW64\drivers\npf_devolo.sys [34048 2014-07-18] (CACE Technologies)
S3 SNP325; C:\Windows\System32\DRIVERS\snp325.sys [10733184 2007-11-22] (Sonix Co. Ltd.)
S3 Spring; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Spring64.sys [110336 2014-06-13] ()
R2 SSPORT; C:\Windows\SysWOW64\Drivers\SSPORT.sys [11576 2009-10-22] (Samsung Electronics)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-04-24] (Anchorfree Inc.)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [389240 2014-04-22] (BitDefender S.R.L.)
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-09 12:18 - 2014-10-09 12:19 - 00854417 _____ () C:\Users\Hubert\Desktop\SecurityCheck.exe
2014-10-08 20:10 - 2014-10-09 11:02 - 00000000 ____D () C:\Program Files (x86)\Codebox
2014-10-08 20:09 - 2014-10-08 20:09 - 01433942 _____ () C:\Users\Hubert\Downloads\BitMeterInstaller.exe
2014-10-08 20:01 - 2014-10-08 20:01 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\Rokario
2014-10-08 20:00 - 2014-10-08 20:00 - 00878075 _____ (Rokario Software ) C:\Users\Hubert\Downloads\bandmonsetup.exe
2014-10-08 20:00 - 2014-10-08 20:00 - 00878075 _____ (Rokario Software ) C:\Users\Hubert\Downloads\bandmonsetup(1).exe
2014-10-08 19:36 - 2014-10-08 19:36 - 00000000 ____D () C:\Windows\ERUNT
2014-10-08 19:27 - 2014-10-08 19:27 - 00000000 ____D () C:\Users\Public\Documents\Baidu
2014-10-08 19:00 - 2014-10-08 19:24 - 00000000 ____D () C:\AdwCleaner
2014-10-08 13:12 - 2014-10-08 13:12 - 00000000 ____D () C:\ApcTempReg
2014-10-08 12:52 - 2014-10-08 13:14 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-08 12:52 - 2014-10-08 12:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-10-08 12:52 - 2014-10-08 12:52 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-10-08 12:52 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-08 12:52 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-08 12:52 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-08 12:51 - 2014-10-08 12:52 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Hubert\Desktop\mbam-setup-2.0.2.1012.exe
2014-10-07 15:03 - 2014-10-09 14:45 - 00000000 ____D () C:\FRST
2014-10-07 15:01 - 2014-10-07 15:01 - 00000474 _____ () C:\Windows\SysWOW64\defogger_disable.log
2014-10-07 15:01 - 2014-10-07 15:01 - 00000000 _____ () C:\Users\Hubert\defogger_reenable
2014-10-07 14:34 - 2014-10-09 14:39 - 00000000 ____D () C:\Users\Hubert\Desktop\Trojaner
2014-10-07 12:04 - 2014-10-07 12:04 - 19673112 _____ () C:\Users\Hubert\Downloads\PanoStudio2ProSetup.exe
2014-10-06 14:50 - 2014-10-06 14:51 - 00000000 ____D () C:\Users\Hubert\Desktop\LampeJuergen
2014-10-05 21:24 - 2014-10-08 20:02 - 00000000 ____D () C:\Users\Hubert\Documents\Trafic
2014-10-05 18:18 - 2014-10-05 18:18 - 00002927 ____R () C:\Windows\TrafficMonitor_Uninstall.in
2014-10-05 18:18 - 2014-10-05 18:18 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TrafficMonitor
2014-10-05 18:18 - 2014-10-05 18:18 - 00000000 ____D () C:\Program Files (x86)\trafficmonitor
2014-10-05 18:18 - 2012-04-16 13:15 - 00331136 _____ (Mirko Böer) C:\Windows\TraffUn.EXE
2014-10-05 18:17 - 2014-10-05 18:17 - 03469477 _____ () C:\Users\Hubert\Downloads\trafficmsw.zip
2014-10-05 17:49 - 2014-10-05 17:49 - 00002455 ____R () C:\Windows\RouterControl_Uninstall.in
2014-10-05 17:49 - 2014-10-05 17:49 - 00001025 _____ () C:\Users\Hubert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RouterControl.lnk
2014-10-05 17:49 - 2014-10-05 17:49 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RouterControl
2014-10-05 17:49 - 2014-10-05 17:49 - 00000000 ____D () C:\Program Files (x86)\RouterControl
2014-10-05 17:49 - 2009-05-19 13:49 - 00330344 _____ (Mirko Böer) C:\Windows\RCoUn.EXE
2014-10-05 17:48 - 2014-10-05 18:18 - 00000000 ____D () C:\Users\Hubert\Desktop\rc
2014-10-05 17:48 - 2014-10-05 17:48 - 03430645 _____ () C:\Users\Hubert\Downloads\rc.zip
2014-10-03 18:58 - 2014-10-03 18:58 - 00002400 _____ () C:\Users\Hubert\Downloads\planned_route(2).trp
2014-10-03 18:57 - 2014-10-03 18:57 - 00001336 _____ () C:\Users\Hubert\Downloads\planned_route(1).trp
2014-10-03 18:52 - 2014-10-03 18:52 - 00001336 _____ () C:\Users\Hubert\Downloads\planned_route.trp
2014-10-03 13:29 - 2014-10-03 13:29 - 00102121 _____ () C:\Users\Hubert\Downloads\planned_route.gpx
2014-10-03 13:10 - 2014-10-03 13:10 - 00001012 _____ () C:\Users\Hubert\Downloads\TEst.gpx
2014-10-03 11:53 - 2014-10-03 12:04 - 00000000 ____D () C:\Users\Hubert\Documents\apemap
2014-10-03 11:50 - 2014-10-03 13:04 - 00000000 ____D () C:\Program Files (x86)\apemap
2014-10-03 11:48 - 2014-10-03 11:49 - 28735216 _____ () C:\Users\Hubert\Downloads\apemapSetup.exe
2014-10-01 16:31 - 2014-10-01 16:39 - 00709023 ____H () C:\Users\Hubert\Documents\~WRL0713.tmp
2014-10-01 10:00 - 2014-09-25 04:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-01 10:00 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-29 12:13 - 2014-09-29 12:13 - 02415648 _____ () C:\Users\Hubert\Desktop\Kartenspiel.mp4
2014-09-25 16:20 - 2014-09-25 16:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-24 16:14 - 2014-09-24 16:15 - 18792168 _____ (creativbox.net) C:\Users\Hubert\Downloads\SimpleSYN(1).exe
2014-09-24 02:54 - 2014-09-10 00:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-24 02:54 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-14 21:47 - 2014-09-14 21:47 - 00000218 _____ () C:\Users\Hubert\.recently-used.xbel
2014-09-13 16:07 - 2014-10-08 12:24 - 00011377 _____ () C:\Users\Hubert\Desktop\Pool-Meschke.xlsx
2014-09-12 17:17 - 2014-09-12 17:18 - 02138500 _____ () C:\Users\Hubert\Downloads\themenbuttons.zip
2014-09-12 16:53 - 2014-09-12 16:53 - 06909160 _____ (Likno Software) C:\Users\Hubert\Downloads\LiknoWebButtonMakerSetup.exe
2014-09-12 16:53 - 2014-09-12 16:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Likno Software
2014-09-12 16:45 - 2014-09-12 16:54 - 00000000 ____D () C:\Program Files (x86)\LiknoWebButtonMakerFree
2014-09-11 03:51 - 2014-01-09 04:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-09-11 03:51 - 2014-01-04 00:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-09-10 21:20 - 2014-09-10 21:20 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\Itsth
2014-09-10 21:18 - 2014-09-10 21:20 - 13513912 _____ (IT-Services Thomas Holz ) C:\Users\Hubert\Downloads\E2S4O_D_Freeware.exe
2014-09-10 16:26 - 2014-09-10 16:26 - 00000112 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2014-09-10 16:23 - 2014-09-10 16:23 - 00000000 ____D () C:\Users\Hubert\AppData\Local\SimpleSYN
2014-09-10 16:21 - 2014-09-24 16:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SimpleSYN
2014-09-10 16:21 - 2014-09-10 16:21 - 00002196 _____ () C:\Users\Public\Desktop\OutlookSync.lnk
2014-09-10 16:21 - 2014-09-10 16:21 - 00000000 ____D () C:\Program Files (x86)\creativbox.net
2014-09-10 16:18 - 2014-09-10 16:19 - 18796568 _____ (creativbox.net) C:\Users\Hubert\Downloads\SimpleSYN.exe
2014-09-10 08:53 - 2013-10-02 04:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-09-10 08:53 - 2013-10-02 04:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-09-10 08:53 - 2013-10-02 04:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-09-10 08:53 - 2013-10-02 03:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-09-10 08:53 - 2013-10-02 03:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-09-10 08:53 - 2013-10-02 03:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-09-10 08:53 - 2013-10-02 03:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-09-10 08:53 - 2013-10-02 02:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-09-10 08:53 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-09-10 08:53 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-09-10 08:53 - 2013-10-02 02:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-09-10 08:53 - 2013-10-02 02:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-09-10 08:53 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-09-10 08:53 - 2013-10-02 01:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-09-10 08:53 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-09-10 08:53 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-09-10 08:28 - 2014-09-10 08:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2014-09-10 08:27 - 2014-09-10 08:27 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-09-10 08:26 - 2014-09-10 08:26 - 02806920 _____ () C:\Users\Hubert\Downloads\Adaware_Installer.exe
2014-09-10 03:12 - 2014-08-17 06:00 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-10 03:12 - 2014-08-17 06:00 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-10 03:12 - 2014-08-17 05:59 - 19280384 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-10 03:12 - 2014-08-17 05:59 - 01407488 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-10 03:12 - 2014-08-17 05:59 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-10 03:12 - 2014-08-17 05:59 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-10 03:12 - 2014-08-17 05:59 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-10 03:12 - 2014-08-17 05:58 - 15399424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-10 03:12 - 2014-08-17 05:58 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-10 03:12 - 2014-08-17 05:58 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-10 03:12 - 2014-08-17 05:58 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-10 03:12 - 2014-08-17 05:58 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-09-10 03:12 - 2014-08-17 05:58 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-10 03:12 - 2014-08-17 05:58 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-10 03:12 - 2014-08-17 05:58 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-10 03:12 - 2014-08-17 05:58 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-10 03:12 - 2014-08-17 05:58 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-09-10 03:12 - 2014-08-17 05:58 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-10 03:12 - 2014-08-17 05:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-10 03:12 - 2014-08-17 05:58 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-10 03:12 - 2014-08-17 05:57 - 14369280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-10 03:12 - 2014-08-17 05:57 - 13757440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-10 03:12 - 2014-08-17 05:57 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-10 03:12 - 2014-08-17 05:57 - 02055168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-10 03:12 - 2014-08-17 05:57 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-10 03:12 - 2014-08-17 05:57 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-10 03:12 - 2014-08-17 05:57 - 01180672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-10 03:12 - 2014-08-17 05:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-09-10 03:12 - 2014-08-17 05:57 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-10 03:12 - 2014-08-17 05:57 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-10 03:12 - 2014-08-17 05:57 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-10 03:12 - 2014-08-17 05:57 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-10 03:12 - 2014-08-17 05:57 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-10 03:12 - 2014-08-17 05:57 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-10 03:12 - 2014-08-17 05:57 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-09-10 03:12 - 2014-08-17 05:57 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-10 03:12 - 2014-08-17 05:57 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-10 03:12 - 2014-08-17 05:57 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-10 03:12 - 2014-08-17 05:57 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-10 03:12 - 2014-08-16 09:25 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-10 03:12 - 2014-08-16 08:43 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-10 03:12 - 2014-08-16 08:34 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-09-10 03:12 - 2014-08-16 07:53 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-09-10 03:01 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-10 03:01 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-10 00:19 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-10 00:19 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-10 00:19 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 00:19 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-10 00:19 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-10 00:19 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-10 00:19 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-10 00:19 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-10 00:19 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-09 20:44 - 2014-09-09 20:44 - 03675017 _____ ( ) C:\Users\Hubert\Downloads\setup90.exe
2014-09-09 20:44 - 2014-09-09 20:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Schmaili
2014-09-09 20:44 - 2014-09-09 20:44 - 00000000 ____D () C:\Program Files (x86)\Schmaili90
2014-09-09 20:44 - 2005-11-27 22:07 - 00491520 _____ () C:\Windows\SysWOW64\CoolXPButton.ocx
2014-09-09 20:44 - 2001-05-24 12:20 - 00544256 _____ () C:\Windows\SysWOW64\janGraphics.dll
2014-09-09 15:07 - 2014-09-09 16:35 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\Syncios
2014-09-09 15:07 - 2014-09-09 15:07 - 00000000 ____D () C:\Users\Hubert\Documents\Syncios
2014-09-09 15:07 - 2014-09-09 15:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Syncios
2014-09-09 15:06 - 2014-09-09 15:07 - 00000000 ____D () C:\Program Files (x86)\Syncios
2014-09-09 14:59 - 2014-09-09 15:01 - 23386176 _____ (Anvsoft, Inc. ) C:\Users\Hubert\Downloads\syncios.exe
2014-09-09 14:49 - 2014-09-09 14:49 - 05102256 _____ (WindSolutions) C:\Users\Hubert\Downloads\Install_CopyTransControlCenter.exe
2014-09-09 14:49 - 2014-09-09 14:49 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CopyTrans Control Center
2014-09-09 14:46 - 2014-09-09 14:58 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\WindSolutions
2014-09-09 14:46 - 2014-09-09 14:54 - 00000000 ____D () C:\ProgramData\WindSolutions
2014-09-09 08:21 - 2014-09-09 19:53 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\HandBrake
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-09 14:45 - 2013-01-09 15:16 - 00000000 ___RD () C:\Users\Hubert\Desktop\Sicherheits-Tools
2014-10-09 14:37 - 2013-10-20 13:34 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\.purple
2014-10-09 13:49 - 2013-01-09 22:08 - 00000000 ____D () C:\Users\Hubert\Documents\Outlook-Dateien
2014-10-09 13:46 - 2013-01-09 18:26 - 01772157 _____ () C:\Windows\WindowsUpdate.log
2014-10-09 12:17 - 2013-01-10 14:32 - 00000099 _____ () C:\Users\Public\LMDebug.log
2014-10-08 19:38 - 2009-07-14 06:45 - 00015488 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-08 19:38 - 2009-07-14 06:45 - 00015488 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-08 19:30 - 2013-01-10 19:51 - 00000000 _____ () C:\DebugTraceNormal.log
2014-10-08 19:28 - 2013-01-10 17:35 - 00000000 ____D () C:\Program Files (x86)\VideoViewer
2014-10-08 19:26 - 2013-01-18 19:51 - 00000106 _____ () C:\Windows\system32\mfilemon.log
2014-10-08 19:26 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-08 19:25 - 2013-01-09 19:20 - 00225028 _____ () C:\Windows\PFRO.log
2014-10-08 19:25 - 2009-07-14 06:51 - 00058845 _____ () C:\Windows\setupact.log
2014-10-08 13:08 - 2013-04-07 18:50 - 00000000 ____D () C:\Program Files (x86)\SARDU_2.0.6.3
2014-10-08 12:52 - 2013-10-20 11:51 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-08 12:22 - 2013-01-09 15:16 - 00000000 ____D () C:\Users\Hubert\Desktop\Neue Dateien
2014-10-07 15:23 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-07 15:09 - 2013-01-11 12:11 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\Skype
2014-10-07 15:01 - 2013-01-09 18:33 - 00000000 ____D () C:\Users\Hubert
2014-10-06 20:01 - 2014-05-14 08:48 - 00000000 ____D () C:\Users\Hubert\Desktop\Womo
2014-10-06 15:08 - 2013-04-15 09:26 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\vlc
2014-10-06 14:53 - 2009-07-14 19:58 - 00717144 _____ () C:\Windows\system32\perfh007.dat
2014-10-06 14:53 - 2009-07-14 19:58 - 00154760 _____ () C:\Windows\system32\perfc007.dat
2014-10-06 14:53 - 2009-07-14 07:13 - 01655992 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-06 12:32 - 2013-01-09 15:16 - 00000000 ____D () C:\Users\Hubert\Desktop\Bestellungen
2014-10-05 21:21 - 2013-07-31 14:44 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\TrafficMonitor
2014-10-05 18:20 - 2013-01-10 17:46 - 00000000 ____D () C:\Users\Hubert\AppData\Local\PasswordSafe
2014-10-05 18:20 - 2013-01-09 22:11 - 00000000 ____D () C:\Users\Hubert\Documents\Privat
2014-10-05 15:59 - 2013-01-12 16:46 - 00022528 _____ () C:\Users\Hubert\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-10-05 14:25 - 2013-01-09 21:00 - 00000000 ____D () C:\Users\Hubert\Documents\Corel User Files
2014-10-04 14:49 - 2013-01-12 20:44 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\Nitro PDF
2014-10-04 12:29 - 2013-01-11 21:25 - 00000021 _____ () C:\Windows\TemplateWizard.INI
2014-10-04 09:28 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-10-04 08:41 - 2013-01-10 15:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-02 13:13 - 2013-01-13 15:06 - 00000000 ____D () C:\Users\Hubert\AppData\Local\CrashDumps
2014-10-02 11:56 - 2014-09-02 09:23 - 00000000 ____D () C:\Users\Hubert\Desktop\alarm
2014-10-02 09:51 - 2013-01-09 21:51 - 00000000 ____D () C:\Users\Hubert\Documents\Labels
2014-10-01 17:14 - 2013-05-20 19:10 - 00000000 ____D () C:\Users\Hubert\AppData\Local\gtk-2.0
2014-10-01 08:43 - 2013-04-04 10:04 - 00000000 ____D () C:\Users\Hubert\Documents\KasseSolventSL
2014-10-01 08:39 - 2013-06-04 16:12 - 00000000 ____D () C:\Program Files (x86)\StarMoney Business 6.0
2014-09-29 12:02 - 2014-04-18 18:14 - 00000000 ____D () C:\Users\Hubert\Desktop\Scans
2014-09-28 09:14 - 2013-01-11 20:16 - 00000437 _____ () C:\Windows\ULEAD32.INI
2014-09-28 09:07 - 2013-01-14 11:23 - 00000132 _____ () C:\Users\Hubert\AppData\Roaming\Adobe CS6-GIF-Format - Voreinstellungen
2014-09-27 17:29 - 2013-01-11 19:15 - 00000000 ____D () C:\Users\Hubert\Documents\Rezepte
2014-09-25 12:26 - 2013-01-11 15:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite 12
2014-09-25 12:13 - 2013-10-24 09:58 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\AllDup
2014-09-24 16:18 - 2013-02-11 17:30 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-23 17:08 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-09-23 17:07 - 2013-01-09 14:58 - 00000000 ____D () C:\cadia
2014-09-17 14:32 - 2014-08-16 16:01 - 00001104 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-09-15 09:06 - 2013-01-09 18:57 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-13 14:10 - 2013-01-09 20:59 - 00000000 ____D () C:\Users\Hubert\Documents\Audio-Tools
2014-09-12 19:43 - 2013-01-11 14:02 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\UseNeXT
2014-09-12 19:10 - 2013-01-09 22:17 - 00000000 ____D () C:\Users\Hubert\Documents\UseNeXT
2014-09-11 18:21 - 2013-01-09 15:00 - 00000000 ____D () C:\Users\Hubert\Documents\Rechtsanwalt
2014-09-11 15:33 - 2014-02-01 19:01 - 00033792 ___SH () C:\Users\Thumbs.db
2014-09-10 03:12 - 2013-01-10 12:46 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-10 03:10 - 2013-01-09 19:26 - 01629336 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-10 03:09 - 2013-07-11 16:40 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-10 03:02 - 2013-01-10 10:52 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-09 19:17 - 2014-01-31 17:12 - 00000000 ____D () C:\Users\Hubert\Documents\Iphone
2014-09-09 15:18 - 2013-01-09 21:20 - 00000000 ____D () C:\Users\Hubert\Documents\Eigene Webs
2014-09-09 14:45 - 2013-01-11 19:38 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\MAGIX
2014-09-09 14:18 - 2014-07-15 15:50 - 00000000 ____D () C:\Users\Hubert\Desktop\Hausboot2015
ZeroAccess:
C:\Users\HUES-Win7-old\AppData\Local\{3a965605-a8ea-b9a1-9525-1fa5e4ef38d9}
C:\Users\HUES-Win7-old\AppData\Local\{3a965605-a8ea-b9a1-9525-1fa5e4ef38d9}\@
Files to move or delete:
====================
C:\Users\HUES-Win7-old\en_res.dll
C:\Users\HUES-Win7-old\es_res.dll
C:\Users\HUES-Win7-old\fr_res.dll
C:\Users\HUES-Win7-old\grm_res.dll
C:\Users\HUES-Win7-old\it_res.dll
C:\Users\HUES-Win7-old\jp_res.dll
C:\Users\HUES-Win7-old\mfc80u.dll
C:\Users\HUES-Win7-old\msvcr80.dll
C:\Users\HUES-Win7-old\pt_res.dll
C:\Users\HUES-Win7-old\ResourceReader.dll
C:\Users\HUES-Win7-old\ru_res.dll
C:\Users\HUES-Win7-old\zh_res.dll
Some content of TEMP:
====================
C:\Users\Hubert\AppData\Local\Temp\AskSLib.dll
C:\Users\Hubert\AppData\Local\Temp\atl.exe
C:\Users\Hubert\AppData\Local\Temp\Baidu_PCAppStore_4.3.1.5732.exe
C:\Users\Hubert\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Hubert\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Hubert\AppData\Local\Temp\firefoxjre_exe-1.exe
C:\Users\Hubert\AppData\Local\Temp\firefoxjre_exe.exe
C:\Users\Hubert\AppData\Local\Temp\IminentSoftonicReady.exe
C:\Users\Hubert\AppData\Local\Temp\incredibar_installer.exe
C:\Users\Hubert\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe
C:\Users\Hubert\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Hubert\AppData\Local\Temp\lowproc.exe
C:\Users\Hubert\AppData\Local\Temp\lrqfpkgr.dll
C:\Users\Hubert\AppData\Local\Temp\mgxfonts.exe
C:\Users\Hubert\AppData\Local\Temp\NitroPDFpdrv6.dll
C:\Users\Hubert\AppData\Local\Temp\NitroPDFpdui6.dll
C:\Users\Hubert\AppData\Local\Temp\nitro_reader3_x64.exe
C:\Users\Hubert\AppData\Local\Temp\Quarantine.exe
C:\Users\Hubert\AppData\Local\Temp\RealPlayer.exe
C:\Users\Hubert\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Hubert\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\Hubert\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Hubert\AppData\Local\Temp\stubhelper.dll
C:\Users\Hubert\AppData\Local\Temp\tmp6FCA.exe
C:\Users\Hubert\AppData\Local\Temp\UpdateCheckerSetup.exe
C:\Users\Hubert\AppData\Local\Temp\vlc-2.0.6-win64.exe
C:\Users\Hubert\AppData\Local\Temp\wmaudio.exe
C:\Users\Hubert\AppData\Local\Temp\wmf9.exe
C:\Users\Hubert\AppData\Local\Temp\wmpcdcs8.exe
C:\Users\Hubert\AppData\Local\Temp\wusetup.exE
C:\Users\Hubert\AppData\Local\Temp\_is334D.exe
C:\Users\Hubert\AppData\Local\Temp\_isFE1F.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-10-06 00:35
==================== End Of Log ============================
--- --- --- Die Meldung: "Warten auf grevolutionstore.it" ist immer noch da. Habe FF mal im privaten Modus gestartet, da kommt die Meldung nicht. Sollte das ganze an FF hängen? Gruß Hubert Hab den Rechner mal neu gestartet und nochmal Securitycheck probiert, jetzt gings, hier den Inhalt der checkup.txt Results of screen317's Security Check version 0.99.87 Windows 7 Service Pack 1 x64 (UAC is disabled!) Internet Explorer 10 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Ad-Aware Antivirus Baidu Antivirus Antivirus out of date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Java 7 Update 51 Java version out of Date! Adobe Flash Player 14.0.0.179 Mozilla Firefox (32.0.3) ````````Process Check: objlist.exe by Laurent```````` Baidu Security Baidu Antivirus BAVSvc.exe Baidu Security Baidu Antivirus BHipsSvc.exe Lavasoft Ad-Aware Antivirus Ad-Aware Antivirus 11.3.6321.0\AdAwareTray.exe Lavasoft Ad-Aware Antivirus Ad-Aware Antivirus 11.3.6321.0\AdAwareService.exe Baidu Security Baidu Antivirus bavhm.exe Baidu Security Baidu Antivirus BavTray.exe StarMoney Business 6.0 ouservice StarMoneyOnlineUpdate.exe onlinebrief24.de ebdhelper.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` |
|
09.10.2014, 23:55
| #8 |
| /// the machine /// TB-Ausbilder | Komischer Linkversuch zu grevolutionstore.it Java updaten. Revo Uninstaller - Download - Filepony damit Firefox deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren. Dann: https://support.mozilla.org/de/kb/fi...einfach-loesen Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKLM\...\Run: [snp325] => C:\Windows\vsnp325.exe [835584 2007-05-10] ()
HKLM\...\Run: [] => [X]
Emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
10.10.2014, 08:33
| #9 |
| | fixlog.txt Hallo schrauber, hier der Inhalt: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-10-2014 01 Ran by Hubert at 2014-10-10 09:22:05 Run:1 Running from C:\Users\Hubert\Desktop\Sicherheits-Tools Loaded Profile: Hubert (Available profiles: Hubert) Boot Mode: Normal ============================================== Content of fixlist: ***************** HKLM\...\Run: [snp325] => C:\Windows\vsnp325.exe [835584 2007-05-10] () HKLM\...\Run: [] => [X] Emptytemp: ***************** HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\snp325 => value deleted successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully. EmptyTemp: => Removed 8.1 GB temporary data. The system needed a reboot. ==== End of Fixlog ==== Gruß Hubert |
|
10.10.2014, 19:26
| #10 |
| /// the machine /// TB-Ausbilder | Komischer Linkversuch zu grevolutionstore.it Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
Linear-Darstellung
