|
Plagegeister aller Art und deren Bekämpfung: Optimizer Pro v3.2 incl. Crash Monitor enfernenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
08.10.2014, 17:53 | #1 |
| Optimizer Pro v3.2 incl. Crash Monitor enfernen Hallo, womit ich mir dieses Preogram "eingefangen" habe ist mir unbekannt. Eine plötzliche Häufung von Werbungen auf dem PC liesen mich stutzig werden und dabei stieß ich auf dieses unerwünschte Program. Nach dem Lesen von Beschreibungen im Internet ist dieses Program alles andere als harmlos. Zum Loswerden habe ich folgende Handlungen vorgenommen: - Deinstallieren des Programs in Systemsteuerung. Dies gelang. Aber es war weiterhin in: C:\Program Files (x86) präsent. Hier gelang es mir alle Dateien bis auf: OptPtoCrash.dll zu löschen. Beim "Klick" auf diese Datei kam der Hinweis: "Die Aktion kann nicht abgeschlossen werden, da die Datei in Optimizer Pro Crash Monitor geöffnet ist. Diesen ... Monitor habe ich in der Systemconfiguration unter Dienste gefunden. Ich habe ihn deaktiviert. Das System neu gestartet. Danach konnte ich den Ordner Optimizer Pro mit der o.g. Datei löschen. Soweit meine bisherigen Handlungen. Ich bin mir aber unsicher, ob ich dieses Program damit los bin oder ob noch weitere Handlungen erforderlich sind. Dies ist nun mein Anliegen an das Forum. Entsprechend den Hinweisen zur Vorbereitung von Informationen zur Eröffnung von Themen hier im Forum habe ich: - defogger herunter geladen. Aber leider nicht starten können. - Die anderen Systemscan`s habe ich mit den ang. Tools vor und nach meinen Aktionen durchgeführt. (Dateien ..-1.txt sind die Dateien nach meinen Aktionen). Mit diesem Stand nun meine Fragen: - In der Systemkonfiguration (Dienste) ist der Optimizer Pro Crash Monitor noch eingetragen aber auf beendet gesetzt. Kann das so bleiben oder soll er auch dort entfernt werden. Wenn Ja, wie mache ich das?? - In der Logdatei FRST-1.txt befindet sich noch der Eintrag: "c:\Program Files (x86)\Optimizer Pro\OptProCrash.dll",ENT. Diesen Eintrag gibt es aber nicht mehr im Program-Ordner "Program Files (x86). Gegenüber der Logdatei "FRST.txt ist hier der Eintrag "ENT". Was bedeutet das? Entfernt?? - In der Logdatei Addition-1.txt befindet sich noch der Eintrag: MSCONFIG\startupreg: Optimizer Pro => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe Diesen Eintrag finde ich nicht. - In den Logdateien GMER finde ich keine Einträge zu Optimizer. - Ich arbeite mit Kaspersky Internet Security. Über eine Antwort würde ich mich freuen. Was ist noch zu tun? Für eure Mühe möchte ich mich schon im Voraus bedanken. mfg Thomas |
08.10.2014, 18:12 | #2 |
/// the machine /// TB-Ausbilder | Optimizer Pro v3.2 incl. Crash Monitor enfernen Hi,
__________________Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen. Ich kann auf Arbeit keine Anhänge öffnen, danke. So funktioniert es: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
08.10.2014, 20:39 | #3 |
| Optimizer Pro v3.2 incl. Crash Monitor enfernen Hallo Schrauber,
__________________ich hoffe so klappt es jetzt. Ich muss die Files auf drei Antworten aufgrund der Länge aufteilen. Wenn etwas noch gebraucht wird, ich sitze momentan am PC. Gruß Thomas FRST.txt FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-10-2014 01 Ran by Gabi (administrator) on GABI-DIETER on 07-10-2014 20:56:38 Running from C:\Users\Gabi\Downloads Loaded Profiles: Gabi & _ocster_backup_ (Available profiles: Gabi & _ocster_backup_) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe (Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe () C:\Windows\System32\ipstrmgr.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Logitech Inc.) C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe () C:\Program Files\Ocster Backup\bin\backupService-ox.exe () C:\oracle10g\bin\TNSLSNR.EXE (Oracle Corporation) C:\oracle10g\bin\oracle.exe () C:\Program Files (x86)\Search\WebSearch.exe (TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE () C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 10\LiveTunerService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe () C:\Program Files\Ocster Backup\bin\backupClient-ox.exe (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe () C:\Program Files\Rainlendar2\Rainlendar2.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe () C:\Program Files\Ocster Backup\bin\oxHelper.exe (Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe () C:\Program Files\Ocster Backup\bin\oxHelper.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2460488 2014-09-17] (NVIDIA Corporation) HKLM\...\Run: [Ocster Backup] => C:\Program Files\Ocster Backup\bin\backupClient-ox.exe [312664 2014-02-04] () HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2249352 2013-06-27] (Microsoft Corp.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation) HKLM-x32\...\Run: [RegistryQuick.exe] => C:\Program Files (x86)\ReQuick\RegistryQuick.exe Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) HKU\S-1-5-21-3834002493-4226875369-3535069347-1000\...\Run: [Rainlendar2] => C:\Program Files\Rainlendar2\Rainlendar2.exe [3666944 2011-01-06] () HKU\S-1-5-21-3834002493-4226875369-3535069347-1000\...\Run: [Intermediate] => C:\Users\Gabi\AppData\Roaming\Intermediate\Intermediate.exe [37376 2013-12-09] () HKU\S-1-5-21-3834002493-4226875369-3535069347-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd) AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found AppInit_DLLs-x32: c:\progra~2\searchprotect\searchprotect\bin\spvc32loader.dll => "c:\progra~2\searchprotect\searchprotect\bin\spvc32loader.dll" File Not Found Startup: C:\Users\Gabi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled () Startup: C:\Users\Gabi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk ShortcutTarget: Logitech . Produktregistrierung.lnk -> C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyEnable: Internet Explorer proxy is enabled. ProxyServer: http=127.0.0.1:8897;https=127.0.0.1:8897 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://astromenda.com/?f=1&a=ast_file_14_40_ff&cd=2XzuyEtN2Y1L1QzuyC0C0FtDyEzytDyDtB0AtAtB0EtDzyzztN0D0Tzu0StCtDtDzztN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAtCtA0C0C0AtB0FtGtAyB0DzztG0D0AzytDtG0A0ByE0CtGyDyE0C0D0EtByEyEtC0D0B0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AtD0FzyzzyDyCyEtGyD0FtCtCtGyEtD0EtDtGzzzyyByBtGyCtDtCtDtA0EzztByDyBzytC2Q&cr=767382362&ir= HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x42F9AB638C96CA01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.t-online.de/ URLSearchHook: HKLM-x32 - (No Name) - {78e516ef-11de-47a1-8364-a99b917ec5ee} - No File URLSearchHook: HKLM-x32 - (No Name) - {04a8dd1a-4754-48fe-a703-99846646ef04} - No File StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = SearchScopes: HKLM - {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = SearchScopes: HKLM-x32 - DefaultScope value is missing. SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_file_14_40_ff&cd=2XzuyEtN2Y1L1QzuyC0C0FtDyEzytDyDtB0AtAtB0EtDzyzztN0D0Tzu0StCtDtDzztN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAtCtA0C0C0AtB0FtGtAyB0DzztG0D0AzytDtG0A0ByE0CtGyDyE0C0D0EtByEyEtC0D0B0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AtD0FzyzzyDyCyEtGyD0FtCtCtGyEtD0EtDtGzzzyyByBtGyCtDtCtDtA0EzztByDyBzytC2Q&cr=767382362&ir= SearchScopes: HKCU - F04F7B247D844F0287D289AC70C8FE43 URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3322287&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP14A054C4-1B01-4318-9C92-BF4D53219F89&q={searchTerms}&SSPV= SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_file_14_40_ff&cd=2XzuyEtN2Y1L1QzuyC0C0FtDyEzytDyDtB0AtAtB0EtDzyzztN0D0Tzu0StCtDtDzztN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAtCtA0C0C0AtB0FtGtAyB0DzztG0D0AzytDtG0A0ByE0CtGyDyE0C0D0EtByEyEtC0D0B0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AtD0FzyzzyDyCyEtGyD0FtCtCtGyEtD0EtDtGzzzyyByBtGyCtDtCtDtA0EzztByDyBzytC2Q&cr=767382362&ir= SearchScopes: HKCU - {0213547C-6002-469C-BA82-6863B3C1D7B8} URL = hxxp://search.softonic.com/MOY00009/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=da13e098000000000000000000000000&toi=16094&r=616 SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=SP_ss&mntrId=DA136CF049052A32&affID=128491&tsp=5182 SearchScopes: HKCU - {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} SearchScopes: HKCU - {31090377-0740-419E-BEFC-A56E50500D5B} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} SearchScopes: HKCU - {323B7DAE-1CB5-481C-9BF2-D059761CC05E} URL = hxxp://www.suchen.de/lokal?q={searchTerms}&partnerid=244&radius=10&sort=relevance&fedsearch=true SearchScopes: HKCU - {435E3E38-6768-4A61-81F0-266E2A1C793A} URL = hxxp://suche.t-online.de/fast-cgi/tsc?mandant=toi&device=html&portallanguage=de&userlanguage=de&dia=suche&context=wiki-tab&tpc=internet&ptl=std&classification=wiki-tab_internet_std&q={searchTerms}&br=ie10-toi SearchScopes: HKCU - {6408E1C5-FE7B-47BD-B907-6CBDC0CEA64E} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=interactivemesuche-21&index=blended&linkCode=ur2&camp=1638&creative=6742 SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKCU - {7234E9B8-551C-4612-AF57-BA7AC109CD0E} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3317892&CUI=UN29167070491981215&UM=2 SearchScopes: HKCU - {7FD7B429-EAF3-492F-9D0C-0F4DB93D2FE1} URL = hxxp://rover.ebay.com/rover/1/707-1403-27640-2/4?mpre=hxxp://search.ebay.de/search/search.dll?shortcut=4&query={searchTerms} SearchScopes: HKCU - {A8D32726-9FA5-4283-9A9F-4C9DB061ACE5} URL = hxxp://dict.leo.org/ende?lp=ende&lang=de&searchLoc=0&cmpType=relaxed§Hdr=on&spellToler=on&chinese=both&pinyin=diacritic&search={searchTerms}&relink=on SearchScopes: HKCU - {BCBC30E2-06B3-4F52-B0D5-B5C634DA9ACC} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd0101&cd=2XzuyEtN2Y1L1QzuyC0C0FtDyEzytDyDtB0AtAtB0EtDzyzztN0D0Tzu0SyByDtCtN1L2XzutBtFtBtFtCyDtFtCyDzytBtN1L1CzutDzytDtCtG1T&cr=1251611358&ir= SearchScopes: HKCU - {C43BBC1B-D6AA-459A-9D03-5284B44E912E} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=67bdf839-3107-4fcf-a915-433807fd60f1&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=30/03/2013&type=hp1000 SearchScopes: HKCU - {CC87724D-C5C9-4A4D-8650-67BCA2BDC37E} URL = hxxp://www.dict.cc/?s={searchTerms} BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKCU - No Name - {78E516EF-11DE-47A1-8364-A99B917EC5EE} - No File Toolbar: HKCU - No Name - {04A8DD1A-4754-48FE-A703-99846646EF04} - No File DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - No File Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\syswow64\urlmon.dll (Microsoft Corporation) Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\..\Interfaces\{11342DE6-C338-47B7-97FF-6E33D142D8E3}: [NameServer] 217.0.43.81 217.0.43.65 FireFox: ======== FF ProfilePath: C:\Users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\ugcbk2y8.default FF DefaultSearchEngine: Yahoo FF Homepage: hxxp://www.t-online.de/ FF Keyword.URL: hxxp://www.google.de/search?hl=de&gl=de&lr=&ie=UTF-8&oe=UTF-8&meta=lr=lang_de&q= FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll () FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3522.0110 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.updaterss.com/SaveSenseLive Update;version=3 -> C:\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\npGoogleUpdate3.dll No File FF Plugin-x32: @tools.updaterss.com/SaveSenseLive Update;version=9 -> C:\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\npGoogleUpdate3.dll No File FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF user.js: detected! => C:\Users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\ugcbk2y8.default\user.js FF SearchPlugin: C:\Users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\ugcbk2y8.default\searchplugins\buenosearch.xml FF SearchPlugin: C:\Users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\ugcbk2y8.default\searchplugins\google-default.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: ColorfulTabs - C:\Users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\ugcbk2y8.default\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2014-09-24] FF HKLM-x32\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox FF Extension: Freemake Video Converter Plugin - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox [2013-10-20] FF HKLM-x32\...\Firefox\Extensions: [lightningnewtab@gmail.com] - C:\Users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\ugcbk2y8.default\extensions\lightningnewtab@gmail.com.xpi FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com FF Extension: 卡巴斯基網址顧問 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-01-30] FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com FF Extension: 虛擬鍵盤 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-01-30] FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com FF Extension: 惡意網站攔截器 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-01-30] FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-01-30] FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-01-30] FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-02-26] FF HKLM-x32\...\Firefox\Extensions: [{8DD92AC3-72AA-4029-9B4C-ACB1FE81274F}] - C:\Windows\Installer\{8B8D7849-9AF5-42B5-A81C-B4CAEC25111C}\{8DD92AC3-72AA-4029-9B4C-ACB1FE81274F}.xpi FF Extension: Download Protect - C:\Windows\Installer\{8B8D7849-9AF5-42B5-A81C-B4CAEC25111C}\{8DD92AC3-72AA-4029-9B4C-ACB1FE81274F}.xpi [2014-05-25] FF HKLM-x32\...\Firefox\Extensions: [{20d1f7b3-7721-4da0-b6f3-78bb4d7248f4}] - C:\Program Files (x86)\Browser Guard\browserguard.xpi FF Extension: Browser Guard - C:\Program Files (x86)\Browser Guard\browserguard.xpi [2014-05-25] FF HKLM-x32\...\Firefox\Extensions: [termtutor@termtutor.com] - C:\Program Files (x86)\Mozilla Firefox\extensions\termtutor@termtutor.com Chrome: ======= CHR Profile: C:\Users\Gabi\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Download Protect) - C:\Users\Gabi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihebkfpbjdbhbnekngbddmpomamehomf [2014-01-30] CHR Extension: (Download Protect) - C:\Users\Gabi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhiphpjimdnggccdgbpbicflmkebpdao [2013-11-14] CHR Extension: (Download Protect) - C:\Users\Gabi\AppData\Local\Google\Chrome\User Data\Default\Extensions\okbdeepkmkpfklcpjcfcfnekhdehnnjj [2014-03-11] CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [] CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-10-17] CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2013-10-17] CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-10-17] CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-10-17] CHR HKLM-x32\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2013-10-20] CHR HKLM-x32\...\Chrome\Extension: [jljheddigenhleadfofeccneimcmlefp] - C:\Users\Gabi\AppData\Roaming\speedtest4354\speedtest4354.crx [2013-12-19] CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-10-17] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 70e6ca8c; c:\Program Files (x86)\Optimizer Pro\OptProCrash.dll [3541448 2014-10-04] () R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO) R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-27] (Microsoft Corp.) R2 credwizd; C:\Windows\system32\ipstrmgr.exe [114176 2013-02-18] () [File not signed] R2 DailytoolsUpdateService; C:\Windows\SysWOW64\update1.dll [352256 2014-07-31] (Dailytools GmbH) [File not signed] R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-09-17] (NVIDIA Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-09-17] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19439944 2014-09-17] (NVIDIA Corporation) R2 ocster_backup; c:\Program Files\Ocster Backup\bin\backupService-ox.exe [23896 2014-02-04] () S4 OracleDBConsoleSatdb10g; C:\oracle10g\bin\nmesrvc.exe [24064 2006-11-14] (Oracle Corporation) [File not signed] S4 OracleJobSchedulerSATDB10G; c:\oracle10g\Bin\extjob.exe [102400 2006-11-16] () [File not signed] S4 OracleORACLE_Home10giSQL*Plus; C:\oracle10g\bin\isqlplussvc.exe [53248 2006-10-12] (Oracle) [File not signed] R2 OracleServiceSATDB10G; c:\oracle10g\bin\ORACLE.EXE [60059648 2011-03-16] (Oracle Corporation) [File not signed] R2 Search; C:\Program Files (x86)\Search\WebSearch.exe [435696 2014-08-08] () R2 WO_LiveService; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 10\LiveTunerService.exe [885096 2013-11-19] () R2 OracleORACLE_Home10gTNSListener; C:\oracle10g\BIN\TNSLSNR [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-11-11] (AVG Technologies) S3 GrabsterSeries.C64; C:\Windows\System32\DRIVERS\GrabsterSeries.C64.SYS [262208 2010-01-22] () S3 HWHandSet; C:\Windows\System32\DRIVERS\hw_quusbmdm.sys [223232 2011-10-24] (Huawei Technologies Co., Ltd.) U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2011-10-24] (Huawei Technologies Co., Ltd.) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-01-30] (Kaspersky Lab ZAO) S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-03-20] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-03-20] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-17] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-02-12] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2014-01-30] (Kaspersky Lab ZAO) R2 LiveTunerPM; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 10\LiveTunerProcessMonitor64.sys [12824 2011-03-08] () R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] () S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] () S3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [15680 2006-10-31] () R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19272 2014-09-17] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation) R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [34544 2013-10-25] (Synaptics Incorporated) S1 StarOpen; No ImagePath S3 cpuz132; \??\C:\Users\Gabi\AppData\Local\Temp\cpuz132\cpuz132_x64.sys [X] S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X] S1 ttnfd; system32\drivers\ttnfd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-07 20:56 - 2014-10-07 20:57 - 00030450 _____ () C:\Users\Gabi\Downloads\FRST.txt 2014-10-07 20:56 - 2014-10-07 20:56 - 00000000 ____D () C:\FRST 2014-10-07 20:54 - 2014-10-07 20:54 - 02109952 _____ (Farbar) C:\Users\Gabi\Downloads\FRST64.exe 2014-10-07 20:49 - 2014-10-07 20:49 - 00000470 _____ () C:\Users\Gabi\Downloads\defogger_disable.log 2014-10-07 20:48 - 2014-10-07 20:48 - 00050477 _____ () C:\Users\Gabi\Downloads\Defogger.exe 2014-10-07 20:42 - 2014-10-07 20:44 - 00000000 _____ () C:\Users\Gabi\defogger_reenable 2014-10-07 17:28 - 2014-10-07 18:01 - 00000000 ____D () C:\Program Files (x86)\ReQuick 2014-10-07 17:26 - 2014-10-07 17:26 - 01220954 _____ (My Company, Inc. ) C:\Users\Gabi\Downloads\RegistryQuick_setup.exe 2014-10-06 11:09 - 2014-10-06 11:09 - 00003266 _____ () C:\Windows\System32\Tasks\{E6DCEF3E-6A5E-4CE0-AD4B-9DD326E93E71} 2014-10-06 10:44 - 2014-10-06 10:44 - 00001311 _____ () C:\Users\Gabi\Desktop\Revo Uninstaller.lnk 2014-10-06 10:44 - 2014-10-06 10:44 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-10-06 10:42 - 2014-10-06 10:43 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Gabi\Downloads\revosetup95.exe 2014-10-05 22:39 - 2014-10-05 22:39 - 04964600 _____ (Piriform Ltd) C:\Users\Gabi\Downloads\ccsetup418pro.exe 2014-10-05 10:36 - 2014-10-05 10:36 - 00011426 _____ () C:\Users\Gabi\Documents\cc_20141005_103621.reg 2014-10-04 21:08 - 2014-10-04 21:08 - 00000000 ____D () C:\Users\Gabi\AppData\Roaming\Astromenda 2014-10-04 20:32 - 2014-10-04 20:32 - 00000000 ____D () C:\Users\Gabi\AppData\Roaming\Optimizer Pro 2014-10-04 20:27 - 2014-10-06 21:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2 2014-10-04 20:26 - 2014-10-06 13:11 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro 2014-10-04 20:26 - 2014-10-06 10:58 - 00000000 ____D () C:\Users\Gabi\AppData\Roaming\WSE_Astromenda 2014-10-04 20:26 - 2014-10-04 20:26 - 06669808 _____ (Burnaware ) C:\Users\Gabi\Downloads\BurnAwareFree-P21423-Setup.exe 2014-10-03 19:37 - 2014-10-04 20:27 - 00000000 ____D () C:\Users\Gabi\AppData\Roaming\0F1L1I1PtF1F1C1N 2014-10-03 19:36 - 2014-10-04 19:52 - 00000000 ____D () C:\Program Files (x86)\PC Speed Maximizer 2014-10-03 19:36 - 2014-10-03 19:36 - 01898640 _____ (Irfan Skiljan) C:\Users\Gabi\Downloads\IrfanView-P1683-Setup.exe 2014-09-30 20:39 - 2014-09-25 04:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2014-09-30 20:39 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll 2014-09-23 20:42 - 2014-09-10 00:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-09-23 20:42 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2014-09-19 21:28 - 2014-09-17 04:13 - 01291280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll 2014-09-19 21:28 - 2014-09-17 04:12 - 01715224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll 2014-09-19 21:28 - 2014-09-04 21:14 - 00038048 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys 2014-09-19 21:28 - 2014-09-04 21:14 - 00032416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll 2014-09-14 00:01 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-09-14 00:01 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-09-14 00:01 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-09-14 00:01 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-09-14 00:01 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-09-14 00:01 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-09-14 00:01 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-09-14 00:01 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-09-14 00:01 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-09-14 00:01 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-09-14 00:01 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-09-14 00:01 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-09-14 00:01 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-09-14 00:01 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-09-14 00:01 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-09-14 00:01 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-09-14 00:01 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-09-14 00:01 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-09-14 00:01 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-09-14 00:01 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-09-14 00:01 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-09-14 00:01 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-09-14 00:01 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-09-14 00:01 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-09-14 00:01 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-09-14 00:01 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-09-14 00:01 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-09-14 00:01 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-09-14 00:01 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-09-14 00:01 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-09-14 00:01 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-09-14 00:01 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-09-14 00:01 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-09-14 00:01 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-09-14 00:01 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-09-14 00:01 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-09-14 00:01 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-09-14 00:01 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-09-14 00:01 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-09-14 00:01 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-09-14 00:01 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-09-14 00:01 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-09-14 00:01 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-09-14 00:01 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-09-14 00:01 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-09-14 00:01 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-09-14 00:01 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-09-14 00:01 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-09-14 00:01 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-09-14 00:01 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-09-14 00:01 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-09-14 00:01 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-09-14 00:01 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-09-14 00:01 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-09-14 00:01 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-09-14 00:01 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-09-13 23:47 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll 2014-09-13 23:47 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll 2014-09-13 14:27 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll 2014-09-13 14:27 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll 2014-09-13 14:27 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2014-09-13 14:27 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll 2014-09-13 14:26 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-09-13 14:26 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-09-13 14:26 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-09-13 14:26 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-09-13 14:26 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-09-13 14:25 - 2014-09-05 04:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-09-13 14:25 - 2014-09-05 04:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-09-13 14:25 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-09-13 14:25 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2014-09-13 14:25 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-07 20:53 - 2010-01-15 19:07 - 01307223 _____ () C:\Windows\WindowsUpdate.log 2014-10-07 20:44 - 2010-01-15 19:16 - 00000000 ____D () C:\Users\Gabi 2014-10-07 20:18 - 2010-02-25 00:24 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-10-07 20:18 - 2010-02-25 00:24 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-10-07 20:06 - 2014-01-23 12:01 - 00000928 _____ () C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineUA.job 2014-10-07 20:04 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing 2014-10-07 19:59 - 2012-04-02 19:52 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-10-07 19:51 - 2010-03-09 21:22 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs 2014-10-07 19:07 - 2010-01-14 12:56 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2014-10-07 17:47 - 2013-01-29 23:15 - 00003938 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{8C748547-F3A4-4FAD-B6F5-B8876C02A981} 2014-10-07 15:56 - 2009-07-14 06:45 - 00023392 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-10-07 15:56 - 2009-07-14 06:45 - 00023392 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-10-07 15:47 - 2011-01-26 19:26 - 00000000 ____D () C:\Users\Gabi\.rainlendar2 2014-10-07 15:46 - 2014-02-25 12:08 - 00000400 _____ () C:\Windows\Tasks\FreeFileViewerUpdateChecker.job 2014-10-07 15:45 - 2014-03-10 13:06 - 00000000 ____D () C:\Users\Gabi\AppData\Roaming\Fifth 2014-10-07 15:45 - 2014-01-23 12:01 - 00000924 _____ () C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineCore.job 2014-10-07 15:45 - 2010-01-20 20:47 - 00065536 _____ () C:\Windows\system32\Ikeext.etl 2014-10-07 15:45 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-10-06 21:46 - 2010-01-14 13:42 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-10-06 21:46 - 2006-11-03 14:39 - 00000000 ____D () C:\Users\Gabi\Documents\MP600 2014-10-06 20:45 - 2014-02-14 22:12 - 00002996 _____ () C:\Windows\System32\Tasks\{A8D91B62-F815-4F1D-A2DB-5D26AE327BC2} 2014-10-06 20:44 - 2014-02-14 22:12 - 00002996 _____ () C:\Windows\System32\Tasks\{E02CA656-60DC-425D-AABD-242A412B746E} 2014-10-06 20:44 - 2011-02-10 18:36 - 00003012 _____ () C:\Windows\System32\Tasks\{EE0E0267-9856-43FB-B84C-E310DC9A0704} 2014-10-06 20:44 - 2011-02-10 18:35 - 00003012 _____ () C:\Windows\System32\Tasks\{F3401210-6A4F-4340-8F3E-AB35C777A196} 2014-10-06 20:41 - 2014-02-14 22:13 - 00002996 _____ () C:\Windows\System32\Tasks\{2144E255-C3B4-470C-BDB5-929B9E4FF282} 2014-10-06 20:41 - 2014-02-14 22:12 - 00002996 _____ () C:\Windows\System32\Tasks\{1978A92C-F1CC-4F1D-864F-81F946E1AE1A} 2014-10-06 12:30 - 2014-02-23 12:29 - 00000000 ____D () C:\Users\_ocster_backup_ 2014-10-05 22:41 - 2012-11-03 12:56 - 00000825 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-10-05 22:41 - 2012-11-03 12:56 - 00000825 _____ () C:\ProgramData\Desktop\CCleaner.lnk 2014-10-05 22:41 - 2012-11-03 12:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2014-10-05 22:41 - 2012-11-03 12:56 - 00000000 ____D () C:\Program Files\CCleaner 2014-10-04 21:13 - 2014-03-04 20:51 - 00001194 _____ () C:\Users\Public\Desktop\Internet.lnk 2014-10-04 21:13 - 2014-03-04 20:51 - 00001194 _____ () C:\ProgramData\Desktop\Internet.lnk 2014-10-04 21:00 - 2013-03-19 22:30 - 00000000 ____D () C:\Users\Gabi\AppData\Local\Ocster Backup 2014-10-04 20:45 - 2014-06-17 11:57 - 00000000 ____D () C:\Users\Gabi\AppData\Roaming\Nico Mak Computing 2014-10-04 20:43 - 2014-03-04 20:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-10-04 20:28 - 2014-01-23 12:01 - 00000000 ____D () C:\Users\Gabi\AppData\Local\SaveSense 2014-10-04 09:03 - 2009-07-14 19:58 - 00703028 _____ () C:\Windows\system32\perfh007.dat 2014-10-04 09:03 - 2009-07-14 19:58 - 00150686 _____ () C:\Windows\system32\perfc007.dat 2014-10-04 09:03 - 2009-07-14 07:13 - 01629690 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-10-03 19:38 - 2011-10-10 09:59 - 00001937 _____ () C:\Users\Gabi\Desktop\IrfanView Thumbnails.lnk 2014-10-03 19:38 - 2010-01-18 21:26 - 00001045 _____ () C:\Users\Gabi\Desktop\IrfanView.lnk 2014-10-02 08:13 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-10-01 20:34 - 2014-02-08 21:34 - 00000288 _____ () C:\Windows\Tasks\AdvancedDriverUpdater_UPDATES.job 2014-09-30 10:33 - 2011-03-21 15:23 - 00053248 _____ () C:\Users\Gabi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-09-26 16:59 - 2014-01-26 15:19 - 00000408 _____ () C:\Windows\Tasks\One-Click Optimizer.job 2014-09-26 10:52 - 2012-04-24 21:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-09-24 20:59 - 2012-04-02 19:52 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-09-24 20:59 - 2012-04-02 19:52 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-09-24 20:59 - 2011-09-11 20:39 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-09-22 09:53 - 2010-01-18 11:17 - 00000000 ____D () C:\Users\Gabi\Dieter 2014-09-21 17:53 - 2010-01-17 12:17 - 00000000 ____D () C:\Users\Gabi\AppData\Roaming\Adobe 2014-09-19 22:43 - 2010-03-10 12:39 - 00000000 ____D () C:\Users\Gabi\AppData\Roaming\Skype 2014-09-19 21:43 - 2014-01-30 20:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2014-09-19 21:43 - 2010-01-14 13:42 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation 2014-09-19 21:29 - 2010-01-14 12:54 - 00000000 ____D () C:\Program Files\NVIDIA Corporation 2014-09-17 04:13 - 2014-01-30 20:31 - 02193560 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll 2014-09-17 04:12 - 2014-01-30 20:31 - 02799784 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll 2014-09-16 19:30 - 2013-03-13 22:44 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-09-15 09:06 - 2010-01-16 11:19 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-09-14 09:12 - 2009-07-14 06:45 - 00379408 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-09-14 00:01 - 2010-01-14 14:54 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-09-14 00:00 - 2014-01-16 13:28 - 01603034 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-09-13 23:58 - 2013-07-12 22:06 - 00000000 ____D () C:\Windows\system32\MRT 2014-09-13 23:48 - 2010-01-18 15:23 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-09-13 23:47 - 2014-05-06 11:51 - 00000000 ___SD () C:\Windows\system32\CompatTel Files to move or delete: ==================== C:\Users\Gabi\SSBCUninstall.exe C:\Users\Gabi\SSSDUninstall.exe C:\Users\Gabi\SS_Uninstall.exe C:\Users\Gabi\Start Ashampoo UnInstaller 5.bat Some content of TEMP: ==================== C:\Users\Gabi\AppData\Local\Temp\MovieStudioPro.exe C:\Users\Gabi\AppData\Local\Temp\optprosetup.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-02-21 19:39 ==================== End Of Log ============================ FRST-1.txt FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-10-2014 01 Ran by Gabi (administrator) on GABI-DIETER on 07-10-2014 22:04:45 Running from C:\Users\Gabi\Downloads Loaded Profiles: Gabi & _ocster_backup_ (Available profiles: Gabi & _ocster_backup_) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe (Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe () C:\Windows\System32\ipstrmgr.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Logitech Inc.) C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe () C:\Program Files\Ocster Backup\bin\backupService-ox.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe () C:\Program Files\Ocster Backup\bin\backupClient-ox.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe () C:\Program Files\Rainlendar2\Rainlendar2.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Oracle Corporation) C:\oracle10g\bin\oracle.exe () C:\Program Files\Ocster Backup\bin\oxHelper.exe (Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe () C:\Program Files\Ocster Backup\bin\oxHelper.exe (TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE () C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 10\LiveTunerService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2460488 2014-09-17] (NVIDIA Corporation) HKLM\...\Run: [Ocster Backup] => C:\Program Files\Ocster Backup\bin\backupClient-ox.exe [312664 2014-02-04] () HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2249352 2013-06-27] (Microsoft Corp.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation) HKLM-x32\...\Run: [RegistryQuick.exe] => C:\Program Files (x86)\ReQuick\RegistryQuick.exe Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) HKU\S-1-5-21-3834002493-4226875369-3535069347-1000\...\Run: [Rainlendar2] => C:\Program Files\Rainlendar2\Rainlendar2.exe [3666944 2011-01-06] () HKU\S-1-5-21-3834002493-4226875369-3535069347-1000\...\Run: [Intermediate] => C:\Users\Gabi\AppData\Roaming\Intermediate\Intermediate.exe [37376 2013-12-09] () HKU\S-1-5-21-3834002493-4226875369-3535069347-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd) AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found AppInit_DLLs-x32: c:\progra~2\searchprotect\searchprotect\bin\spvc32loader.dll => "c:\progra~2\searchprotect\searchprotect\bin\spvc32loader.dll" File Not Found Startup: C:\Users\Gabi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled () Startup: C:\Users\Gabi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk ShortcutTarget: Logitech . Produktregistrierung.lnk -> C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyEnable: Internet Explorer proxy is enabled. ProxyServer: http=127.0.0.1:8897;https=127.0.0.1:8897 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://astromenda.com/?f=1&a=ast_file_14_40_ff&cd=2XzuyEtN2Y1L1QzuyC0C0FtDyEzytDyDtB0AtAtB0EtDzyzztN0D0Tzu0StCtDtDzztN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAtCtA0C0C0AtB0FtGtAyB0DzztG0D0AzytDtG0A0ByE0CtGyDyE0C0D0EtByEyEtC0D0B0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AtD0FzyzzyDyCyEtGyD0FtCtCtGyEtD0EtDtGzzzyyByBtGyCtDtCtDtA0EzztByDyBzytC2Q&cr=767382362&ir= HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x42F9AB638C96CA01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.t-online.de/ URLSearchHook: HKLM-x32 - (No Name) - {78e516ef-11de-47a1-8364-a99b917ec5ee} - No File URLSearchHook: HKLM-x32 - (No Name) - {04a8dd1a-4754-48fe-a703-99846646ef04} - No File StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = SearchScopes: HKLM - {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = SearchScopes: HKLM-x32 - DefaultScope value is missing. SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_file_14_40_ff&cd=2XzuyEtN2Y1L1QzuyC0C0FtDyEzytDyDtB0AtAtB0EtDzyzztN0D0Tzu0StCtDtDzztN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAtCtA0C0C0AtB0FtGtAyB0DzztG0D0AzytDtG0A0ByE0CtGyDyE0C0D0EtByEyEtC0D0B0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AtD0FzyzzyDyCyEtGyD0FtCtCtGyEtD0EtDtGzzzyyByBtGyCtDtCtDtA0EzztByDyBzytC2Q&cr=767382362&ir= SearchScopes: HKCU - F04F7B247D844F0287D289AC70C8FE43 URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3322287&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP14A054C4-1B01-4318-9C92-BF4D53219F89&q={searchTerms}&SSPV= SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_file_14_40_ff&cd=2XzuyEtN2Y1L1QzuyC0C0FtDyEzytDyDtB0AtAtB0EtDzyzztN0D0Tzu0StCtDtDzztN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAtCtA0C0C0AtB0FtGtAyB0DzztG0D0AzytDtG0A0ByE0CtGyDyE0C0D0EtByEyEtC0D0B0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AtD0FzyzzyDyCyEtGyD0FtCtCtGyEtD0EtDtGzzzyyByBtGyCtDtCtDtA0EzztByDyBzytC2Q&cr=767382362&ir= SearchScopes: HKCU - {0213547C-6002-469C-BA82-6863B3C1D7B8} URL = hxxp://search.softonic.com/MOY00009/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=da13e098000000000000000000000000&toi=16094&r=616 SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=SP_ss&mntrId=DA136CF049052A32&affID=128491&tsp=5182 SearchScopes: HKCU - {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} SearchScopes: HKCU - {31090377-0740-419E-BEFC-A56E50500D5B} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} SearchScopes: HKCU - {323B7DAE-1CB5-481C-9BF2-D059761CC05E} URL = hxxp://www.suchen.de/lokal?q={searchTerms}&partnerid=244&radius=10&sort=relevance&fedsearch=true SearchScopes: HKCU - {435E3E38-6768-4A61-81F0-266E2A1C793A} URL = hxxp://suche.t-online.de/fast-cgi/tsc?mandant=toi&device=html&portallanguage=de&userlanguage=de&dia=suche&context=wiki-tab&tpc=internet&ptl=std&classification=wiki-tab_internet_std&q={searchTerms}&br=ie10-toi SearchScopes: HKCU - {6408E1C5-FE7B-47BD-B907-6CBDC0CEA64E} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=interactivemesuche-21&index=blended&linkCode=ur2&camp=1638&creative=6742 SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKCU - {7234E9B8-551C-4612-AF57-BA7AC109CD0E} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3317892&CUI=UN29167070491981215&UM=2 SearchScopes: HKCU - {7FD7B429-EAF3-492F-9D0C-0F4DB93D2FE1} URL = hxxp://rover.ebay.com/rover/1/707-1403-27640-2/4?mpre=hxxp://search.ebay.de/search/search.dll?shortcut=4&query={searchTerms} SearchScopes: HKCU - {A8D32726-9FA5-4283-9A9F-4C9DB061ACE5} URL = hxxp://dict.leo.org/ende?lp=ende&lang=de&searchLoc=0&cmpType=relaxed§Hdr=on&spellToler=on&chinese=both&pinyin=diacritic&search={searchTerms}&relink=on SearchScopes: HKCU - {BCBC30E2-06B3-4F52-B0D5-B5C634DA9ACC} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd0101&cd=2XzuyEtN2Y1L1QzuyC0C0FtDyEzytDyDtB0AtAtB0EtDzyzztN0D0Tzu0SyByDtCtN1L2XzutBtFtBtFtCyDtFtCyDzytBtN1L1CzutDzytDtCtG1T&cr=1251611358&ir= SearchScopes: HKCU - {C43BBC1B-D6AA-459A-9D03-5284B44E912E} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=67bdf839-3107-4fcf-a915-433807fd60f1&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=30/03/2013&type=hp1000 SearchScopes: HKCU - {CC87724D-C5C9-4A4D-8650-67BCA2BDC37E} URL = hxxp://www.dict.cc/?s={searchTerms} BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKCU - No Name - {78E516EF-11DE-47A1-8364-A99B917EC5EE} - No File Toolbar: HKCU - No Name - {04A8DD1A-4754-48FE-A703-99846646EF04} - No File DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - No File Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\syswow64\urlmon.dll (Microsoft Corporation) Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\..\Interfaces\{11342DE6-C338-47B7-97FF-6E33D142D8E3}: [NameServer] 217.0.43.81 217.0.43.65 FireFox: ======== FF ProfilePath: C:\Users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\ugcbk2y8.default FF DefaultSearchEngine: Yahoo FF Homepage: hxxp://www.t-online.de/ FF Keyword.URL: hxxp://www.google.de/search?hl=de&gl=de&lr=&ie=UTF-8&oe=UTF-8&meta=lr=lang_de&q= FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll () FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3522.0110 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.updaterss.com/SaveSenseLive Update;version=3 -> C:\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\npGoogleUpdate3.dll No File FF Plugin-x32: @tools.updaterss.com/SaveSenseLive Update;version=9 -> C:\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\npGoogleUpdate3.dll No File FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF user.js: detected! => C:\Users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\ugcbk2y8.default\user.js FF SearchPlugin: C:\Users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\ugcbk2y8.default\searchplugins\buenosearch.xml FF SearchPlugin: C:\Users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\ugcbk2y8.default\searchplugins\google-default.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: ColorfulTabs - C:\Users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\ugcbk2y8.default\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2014-09-24] FF HKLM-x32\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox FF Extension: Freemake Video Converter Plugin - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox [2013-10-20] FF HKLM-x32\...\Firefox\Extensions: [lightningnewtab@gmail.com] - C:\Users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\ugcbk2y8.default\extensions\lightningnewtab@gmail.com.xpi FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com FF Extension: 卡巴斯基網址顧問 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-01-30] FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com FF Extension: 虛擬鍵盤 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-01-30] FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com FF Extension: 惡意網站攔截器 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-01-30] FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-01-30] FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-01-30] FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-02-26] FF HKLM-x32\...\Firefox\Extensions: [{8DD92AC3-72AA-4029-9B4C-ACB1FE81274F}] - C:\Windows\Installer\{8B8D7849-9AF5-42B5-A81C-B4CAEC25111C}\{8DD92AC3-72AA-4029-9B4C-ACB1FE81274F}.xpi FF Extension: Download Protect - C:\Windows\Installer\{8B8D7849-9AF5-42B5-A81C-B4CAEC25111C}\{8DD92AC3-72AA-4029-9B4C-ACB1FE81274F}.xpi [2014-05-25] FF HKLM-x32\...\Firefox\Extensions: [{20d1f7b3-7721-4da0-b6f3-78bb4d7248f4}] - C:\Program Files (x86)\Browser Guard\browserguard.xpi FF Extension: Browser Guard - C:\Program Files (x86)\Browser Guard\browserguard.xpi [2014-05-25] FF HKLM-x32\...\Firefox\Extensions: [termtutor@termtutor.com] - C:\Program Files (x86)\Mozilla Firefox\extensions\termtutor@termtutor.com Chrome: ======= CHR Profile: C:\Users\Gabi\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Download Protect) - C:\Users\Gabi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihebkfpbjdbhbnekngbddmpomamehomf [2014-01-30] CHR Extension: (Download Protect) - C:\Users\Gabi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhiphpjimdnggccdgbpbicflmkebpdao [2013-11-14] CHR Extension: (Download Protect) - C:\Users\Gabi\AppData\Local\Google\Chrome\User Data\Default\Extensions\okbdeepkmkpfklcpjcfcfnekhdehnnjj [2014-03-11] CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [] CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-10-17] CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2013-10-17] CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-10-17] CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-10-17] CHR HKLM-x32\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2013-10-20] CHR HKLM-x32\...\Chrome\Extension: [jljheddigenhleadfofeccneimcmlefp] - C:\Users\Gabi\AppData\Roaming\speedtest4354\speedtest4354.crx [2013-12-19] CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-10-17] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO) R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-27] (Microsoft Corp.) R2 credwizd; C:\Windows\system32\ipstrmgr.exe [114176 2013-02-18] () [File not signed] R2 DailytoolsUpdateService; C:\Windows\SysWOW64\update1.dll [352256 2014-07-31] (Dailytools GmbH) [File not signed] R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-09-17] (NVIDIA Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-09-17] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19439944 2014-09-17] (NVIDIA Corporation) R2 ocster_backup; c:\Program Files\Ocster Backup\bin\backupService-ox.exe [23896 2014-02-04] () S4 OracleDBConsoleSatdb10g; C:\oracle10g\bin\nmesrvc.exe [24064 2006-11-14] (Oracle Corporation) [File not signed] S4 OracleJobSchedulerSATDB10G; c:\oracle10g\Bin\extjob.exe [102400 2006-11-16] () [File not signed] S4 OracleORACLE_Home10giSQL*Plus; C:\oracle10g\bin\isqlplussvc.exe [53248 2006-10-12] (Oracle) [File not signed] R2 OracleServiceSATDB10G; c:\oracle10g\bin\ORACLE.EXE [60059648 2011-03-16] (Oracle Corporation) [File not signed] S2 Search; C:\Program Files (x86)\Search\WebSearch.exe [435696 2014-08-08] () R2 WO_LiveService; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 10\LiveTunerService.exe [885096 2013-11-19] () S4 70e6ca8c; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\Optimizer Pro\OptProCrash.dll",ENT S2 OracleORACLE_Home10gTNSListener; C:\oracle10g\BIN\TNSLSNR [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-11-11] (AVG Technologies) S3 GrabsterSeries.C64; C:\Windows\System32\DRIVERS\GrabsterSeries.C64.SYS [262208 2010-01-22] () S3 HWHandSet; C:\Windows\System32\DRIVERS\hw_quusbmdm.sys [223232 2011-10-24] (Huawei Technologies Co., Ltd.) U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2011-10-24] (Huawei Technologies Co., Ltd.) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-01-30] (Kaspersky Lab ZAO) S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-03-20] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-03-20] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-17] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-02-12] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2014-01-30] (Kaspersky Lab ZAO) R2 LiveTunerPM; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 10\LiveTunerProcessMonitor64.sys [12824 2011-03-08] () R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] () S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] () S3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [15680 2006-10-31] () R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19272 2014-09-17] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation) R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [34544 2013-10-25] (Synaptics Incorporated) S1 StarOpen; No ImagePath S3 cpuz132; \??\C:\Users\Gabi\AppData\Local\Temp\cpuz132\cpuz132_x64.sys [X] S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X] S1 ttnfd; system32\drivers\ttnfd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-07 21:32 - 2014-10-07 21:57 - 00000392 _____ () C:\Windows\setupact.log 2014-10-07 21:32 - 2014-10-07 21:55 - 00000592 _____ () C:\Windows\PFRO.log 2014-10-07 21:32 - 2014-10-07 21:32 - 00000000 _____ () C:\Windows\setuperr.log 2014-10-07 21:18 - 2014-10-07 21:18 - 00000193 _____ () C:\Windows\WORDPAD.INI 2014-10-07 21:11 - 2014-10-07 21:11 - 00014641 _____ () C:\Users\Gabi\Desktop\Gmer.txt 2014-10-07 21:03 - 2014-10-07 21:03 - 00380416 _____ () C:\Users\Gabi\Downloads\Gmer-19357.exe 2014-10-07 21:01 - 2014-10-07 21:01 - 00050238 _____ () C:\Users\Gabi\Desktop\FRST.txt 2014-10-07 21:00 - 2014-10-07 21:00 - 00060991 _____ () C:\Users\Gabi\Desktop\Addition.txt 2014-10-07 20:57 - 2014-10-07 21:00 - 00060992 _____ () C:\Users\Gabi\Downloads\Addition.txt 2014-10-07 20:56 - 2014-10-07 22:04 - 00030079 _____ () C:\Users\Gabi\Downloads\FRST.txt 2014-10-07 20:56 - 2014-10-07 22:04 - 00000000 ____D () C:\FRST 2014-10-07 20:54 - 2014-10-07 20:54 - 02109952 _____ (Farbar) C:\Users\Gabi\Downloads\FRST64.exe 2014-10-07 20:49 - 2014-10-07 22:03 - 00000470 _____ () C:\Users\Gabi\Downloads\defogger_disable.log 2014-10-07 20:48 - 2014-10-07 20:48 - 00050477 _____ () C:\Users\Gabi\Downloads\Defogger.exe 2014-10-07 20:42 - 2014-10-07 20:44 - 00000000 _____ () C:\Users\Gabi\defogger_reenable 2014-10-07 17:28 - 2014-10-07 18:01 - 00000000 ____D () C:\Program Files (x86)\ReQuick 2014-10-07 17:26 - 2014-10-07 17:26 - 01220954 _____ (My Company, Inc. ) C:\Users\Gabi\Downloads\RegistryQuick_setup.exe 2014-10-06 11:09 - 2014-10-06 11:09 - 00003266 _____ () C:\Windows\System32\Tasks\{E6DCEF3E-6A5E-4CE0-AD4B-9DD326E93E71} 2014-10-06 10:44 - 2014-10-06 10:44 - 00001311 _____ () C:\Users\Gabi\Desktop\Revo Uninstaller.lnk 2014-10-06 10:44 - 2014-10-06 10:44 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-10-06 10:42 - 2014-10-06 10:43 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Gabi\Downloads\revosetup95.exe 2014-10-05 22:39 - 2014-10-05 22:39 - 04964600 _____ (Piriform Ltd) C:\Users\Gabi\Downloads\ccsetup418pro.exe 2014-10-05 10:36 - 2014-10-05 10:36 - 00011426 _____ () C:\Users\Gabi\Documents\cc_20141005_103621.reg 2014-10-04 21:08 - 2014-10-04 21:08 - 00000000 ____D () C:\Users\Gabi\AppData\Roaming\Astromenda 2014-10-04 20:26 - 2014-10-06 10:58 - 00000000 ____D () C:\Users\Gabi\AppData\Roaming\WSE_Astromenda 2014-10-04 20:26 - 2014-10-04 20:26 - 06669808 _____ (Burnaware ) C:\Users\Gabi\Downloads\BurnAwareFree-P21423-Setup.exe 2014-10-03 19:37 - 2014-10-04 20:27 - 00000000 ____D () C:\Users\Gabi\AppData\Roaming\0F1L1I1PtF1F1C1N 2014-10-03 19:36 - 2014-10-04 19:52 - 00000000 ____D () C:\Program Files (x86)\PC Speed Maximizer 2014-10-03 19:36 - 2014-10-03 19:36 - 01898640 _____ (Irfan Skiljan) C:\Users\Gabi\Downloads\IrfanView-P1683-Setup.exe 2014-09-30 20:39 - 2014-09-25 04:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2014-09-30 20:39 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll 2014-09-23 20:42 - 2014-09-10 00:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-09-23 20:42 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2014-09-19 21:28 - 2014-09-17 04:13 - 01291280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll 2014-09-19 21:28 - 2014-09-17 04:12 - 01715224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll 2014-09-19 21:28 - 2014-09-04 21:14 - 00038048 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys 2014-09-19 21:28 - 2014-09-04 21:14 - 00032416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll 2014-09-14 00:01 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-09-14 00:01 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-09-14 00:01 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-09-14 00:01 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-09-14 00:01 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-09-14 00:01 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-09-14 00:01 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-09-14 00:01 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-09-14 00:01 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-09-14 00:01 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-09-14 00:01 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-09-14 00:01 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-09-14 00:01 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-09-14 00:01 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-09-14 00:01 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-09-14 00:01 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-09-14 00:01 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-09-14 00:01 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-09-14 00:01 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-09-14 00:01 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-09-14 00:01 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-09-14 00:01 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-09-14 00:01 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-09-14 00:01 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-09-14 00:01 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-09-14 00:01 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-09-14 00:01 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-09-14 00:01 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-09-14 00:01 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-09-14 00:01 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-09-14 00:01 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-09-14 00:01 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-09-14 00:01 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-09-14 00:01 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-09-14 00:01 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-09-14 00:01 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-09-14 00:01 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-09-14 00:01 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-09-14 00:01 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-09-14 00:01 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-09-14 00:01 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-09-14 00:01 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-09-14 00:01 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-09-14 00:01 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-09-14 00:01 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-09-14 00:01 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-09-14 00:01 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-09-14 00:01 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-09-14 00:01 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-09-14 00:01 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-09-14 00:01 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-09-14 00:01 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-09-14 00:01 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-09-14 00:01 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-09-14 00:01 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-09-14 00:01 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-09-13 23:47 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll 2014-09-13 23:47 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll 2014-09-13 14:27 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll 2014-09-13 14:27 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll 2014-09-13 14:27 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2014-09-13 14:27 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll 2014-09-13 14:26 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-09-13 14:26 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-09-13 14:26 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-09-13 14:26 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-09-13 14:26 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-09-13 14:25 - 2014-09-05 04:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-09-13 14:25 - 2014-09-05 04:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-09-13 14:25 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-09-13 14:25 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2014-09-13 14:25 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-07 22:06 - 2014-01-23 12:01 - 00000928 _____ () C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineUA.job 2014-10-07 22:00 - 2012-04-02 19:52 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-10-07 22:00 - 2010-01-14 12:56 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2014-10-07 21:58 - 2014-03-10 13:06 - 00000000 ____D () C:\Users\Gabi\AppData\Roaming\Fifth 2014-10-07 21:58 - 2011-01-26 19:26 - 00000000 ____D () C:\Users\Gabi\.rainlendar2 2014-10-07 21:58 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing 2014-10-07 21:56 - 2014-02-25 12:08 - 00000400 _____ () C:\Windows\Tasks\FreeFileViewerUpdateChecker.job 2014-10-07 21:56 - 2014-01-23 12:01 - 00000924 _____ () C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineCore.job 2014-10-07 21:56 - 2010-03-09 21:22 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs 2014-10-07 21:56 - 2010-02-25 00:24 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-10-07 21:56 - 2010-01-20 20:47 - 00065536 _____ () C:\Windows\system32\Ikeext.etl 2014-10-07 21:56 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-10-07 21:54 - 2010-01-15 19:07 - 01320962 _____ () C:\Windows\WindowsUpdate.log 2014-10-07 21:43 - 2009-07-14 06:45 - 00023392 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-10-07 21:43 - 2009-07-14 06:45 - 00023392 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-10-07 21:38 - 2013-01-29 23:15 - 00003938 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{8C748547-F3A4-4FAD-B6F5-B8876C02A981} 2014-10-07 21:32 - 2014-02-23 12:29 - 00000000 ____D () C:\Users\_ocster_backup_ 2014-10-07 21:18 - 2010-02-25 00:24 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-10-07 20:44 - 2010-01-15 19:16 - 00000000 ____D () C:\Users\Gabi 2014-10-06 21:46 - 2010-01-14 13:42 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-10-06 21:46 - 2006-11-03 14:39 - 00000000 ____D () C:\Users\Gabi\Documents\MP600 2014-10-06 20:45 - 2014-02-14 22:12 - 00002996 _____ () C:\Windows\System32\Tasks\{A8D91B62-F815-4F1D-A2DB-5D26AE327BC2} 2014-10-06 20:44 - 2014-02-14 22:12 - 00002996 _____ () C:\Windows\System32\Tasks\{E02CA656-60DC-425D-AABD-242A412B746E} 2014-10-06 20:44 - 2011-02-10 18:36 - 00003012 _____ () C:\Windows\System32\Tasks\{EE0E0267-9856-43FB-B84C-E310DC9A0704} 2014-10-06 20:44 - 2011-02-10 18:35 - 00003012 _____ () C:\Windows\System32\Tasks\{F3401210-6A4F-4340-8F3E-AB35C777A196} 2014-10-06 20:41 - 2014-02-14 22:13 - 00002996 _____ () C:\Windows\System32\Tasks\{2144E255-C3B4-470C-BDB5-929B9E4FF282} 2014-10-06 20:41 - 2014-02-14 22:12 - 00002996 _____ () C:\Windows\System32\Tasks\{1978A92C-F1CC-4F1D-864F-81F946E1AE1A} 2014-10-05 22:41 - 2012-11-03 12:56 - 00000825 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-10-05 22:41 - 2012-11-03 12:56 - 00000825 _____ () C:\ProgramData\Desktop\CCleaner.lnk 2014-10-05 22:41 - 2012-11-03 12:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2014-10-05 22:41 - 2012-11-03 12:56 - 00000000 ____D () C:\Program Files\CCleaner 2014-10-04 21:13 - 2014-03-04 20:51 - 00001194 _____ () C:\Users\Public\Desktop\Internet.lnk 2014-10-04 21:13 - 2014-03-04 20:51 - 00001194 _____ () C:\ProgramData\Desktop\Internet.lnk 2014-10-04 21:00 - 2013-03-19 22:30 - 00000000 ____D () C:\Users\Gabi\AppData\Local\Ocster Backup 2014-10-04 20:45 - 2014-06-17 11:57 - 00000000 ____D () C:\Users\Gabi\AppData\Roaming\Nico Mak Computing 2014-10-04 20:43 - 2014-03-04 20:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-10-04 20:28 - 2014-01-23 12:01 - 00000000 ____D () C:\Users\Gabi\AppData\Local\SaveSense 2014-10-04 09:03 - 2009-07-14 19:58 - 00703028 _____ () C:\Windows\system32\perfh007.dat 2014-10-04 09:03 - 2009-07-14 19:58 - 00150686 _____ () C:\Windows\system32\perfc007.dat 2014-10-04 09:03 - 2009-07-14 07:13 - 01629690 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-10-03 19:38 - 2011-10-10 09:59 - 00001937 _____ () C:\Users\Gabi\Desktop\IrfanView Thumbnails.lnk 2014-10-03 19:38 - 2010-01-18 21:26 - 00001045 _____ () C:\Users\Gabi\Desktop\IrfanView.lnk 2014-10-02 08:13 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-10-01 20:34 - 2014-02-08 21:34 - 00000288 _____ () C:\Windows\Tasks\AdvancedDriverUpdater_UPDATES.job 2014-09-30 10:33 - 2011-03-21 15:23 - 00053248 _____ () C:\Users\Gabi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-09-26 16:59 - 2014-01-26 15:19 - 00000408 _____ () C:\Windows\Tasks\One-Click Optimizer.job 2014-09-26 10:52 - 2012-04-24 21:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-09-24 20:59 - 2012-04-02 19:52 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-09-24 20:59 - 2012-04-02 19:52 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-09-24 20:59 - 2011-09-11 20:39 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-09-22 09:53 - 2010-01-18 11:17 - 00000000 ____D () C:\Users\Gabi\Dieter 2014-09-21 17:53 - 2010-01-17 12:17 - 00000000 ____D () C:\Users\Gabi\AppData\Roaming\Adobe 2014-09-19 22:43 - 2010-03-10 12:39 - 00000000 ____D () C:\Users\Gabi\AppData\Roaming\Skype 2014-09-19 21:43 - 2014-01-30 20:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2014-09-19 21:43 - 2010-01-14 13:42 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation 2014-09-19 21:29 - 2010-01-14 12:54 - 00000000 ____D () C:\Program Files\NVIDIA Corporation 2014-09-17 04:13 - 2014-01-30 20:31 - 02193560 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll 2014-09-17 04:12 - 2014-01-30 20:31 - 02799784 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll 2014-09-16 19:30 - 2013-03-13 22:44 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-09-15 09:06 - 2010-01-16 11:19 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-09-14 09:12 - 2009-07-14 06:45 - 00379408 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-09-14 00:01 - 2010-01-14 14:54 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-09-14 00:00 - 2014-01-16 13:28 - 01603034 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-09-13 23:58 - 2013-07-12 22:06 - 00000000 ____D () C:\Windows\system32\MRT 2014-09-13 23:48 - 2010-01-18 15:23 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-09-13 23:47 - 2014-05-06 11:51 - 00000000 ___SD () C:\Windows\system32\CompatTel Files to move or delete: ==================== C:\Users\Gabi\SSBCUninstall.exe C:\Users\Gabi\SSSDUninstall.exe C:\Users\Gabi\SS_Uninstall.exe C:\Users\Gabi\Start Ashampoo UnInstaller 5.bat Some content of TEMP: ==================== C:\Users\Gabi\AppData\Local\Temp\MovieStudioPro.exe C:\Users\Gabi\AppData\Local\Temp\optprosetup.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-02-21 19:39 ==================== End Of Log ============================ |
08.10.2014, 20:46 | #4 |
| Optimizer Pro v3.2 incl. Crash Monitor enfernen Teil 2 Addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-10-2014 01 Ran by Gabi at 2014-10-07 20:57:45 Running from C:\Users\Gabi\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886} AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) ACDSee Foto-Editor (HKLM-x32\...\{53AD87D3-72AE-4D07-8A7A-1F4D54E83777}) (Version: 4.00.208 - ACD Systems Ltd.) ACDSee Foto-Manager 2009 (HKLM-x32\...\{300578F9-9EFF-4B93-9AB1-C0E5707EF463}) (Version: 11.0.115 - ACD Systems International) ACDSee Image Decoder Update (HKLM-x32\...\{047A167B-0C6B-41F3-B5E6-E968F92468C1}) (Version: 2.0.5 - ACD Systems) Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated) Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated) Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated) Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated) Advanced Driver Updater (HKLM-x32\...\Advanced Driver Updater_is1) (Version: 2.1.1086.15131 - Systweak Inc) Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Ashampoo Burning Studio 14 v.14.0.5 (HKLM-x32\...\{91B33C97-7BCF-CDFE-4321-58EBF3E8641C}_is1) (Version: 14.0.5 - Ashampoo GmbH & Co. KG) Ashampoo Movie Studio Pro v.1.0.7 (HKLM-x32\...\{91B33C97-EC92-2CD7-E21F-4FEF6AA572AA}_is1) (Version: 1.0.7 - Ashampoo GmbH & Co. KG) Ashampoo WinOptimizer 10 v.10.3.0 (HKLM-x32\...\{4209F371-88D4-AB00-ED2B-D6520C84D9D5}_is1) (Version: 10.03.00 - Ashampoo GmbH & Co. KG) Avidemux 2.6 (32-bit) (HKLM-x32\...\Avidemux 2.6) (Version: 2.6.7.8981 - ) Bing-Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.174.0 - Microsoft Corporation) Browser Guard (HKLM-x32\...\Browser Guard) (Version: - ) BurnAware Free 6.9.3 (HKLM-x32\...\BurnAware Free_is1) (Version: - Burnaware) BurnAware Free Download Packages (HKCU\...\BurnAware Free Download Packages) (Version: - ) <==== ATTENTION Canon MP Navigator 3.0 (HKLM-x32\...\MP Navigator 3.0) (Version: - ) Canon MP600 (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP600) (Version: - ) Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.) Canon Utilities CameraWindow DC 8 (HKLM-x32\...\CameraWindowDC) (Version: 8.10.2.21 - Canon Inc.) CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform) Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{650DE870-ECA3-4E63-8D77-778512BE5D4C}) (Version: - Microsoft) Document Express DjVu Plug-in (HKLM-x32\...\{DB90B88C-DDA6-4831-B73D-58B4B8F3D349}) (Version: 6.1.27549 - Caminova, Inc.) ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 15.2.20140326 - Landesfinanzdirektion Thüringen) eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden erLT (x32 Version: 1.20.0137 - Logitech, Inc.) Hidden File Type Assistant (HKLM-x32\...\Trusted Software Assistant_is1) (Version: 2014.1.24.0 - ) <==== ATTENTION Fotogalerie (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden Free File Viewer 2014 (HKLM-x32\...\FreeFileViewer_is1) (Version: 2014.2.16.0 - Bitberry Software) <==== ATTENTION Free YouTube Download version 3.2.43.806 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.43.806 - DVDVideoSoft Ltd.) Freemake Video Converter Free Download Packages (HKCU\...\Freemake Video Converter Free Download Packages) (Version: - ) <==== ATTENTION Freemake Video Converter Version 4.1.4 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.4 - Ellora Assets Corporation) Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden Inpaint 5.2 (HKLM-x32\...\{2AEDC172-479F-47AE-8A48-A0524D4AED5B}_is1) (Version: - Teorex) IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan) IrfanView Download Packages (HKCU\...\IrfanView Download Packages) (Version: - ) <==== ATTENTION Java 7 Update 55 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417055FF}) (Version: 7.0.550 - Oracle) Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle) Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) Hidden Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab) Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden Lizardtech DjVu Control (HKLM-x32\...\{105CFC7C-6992-11D5-BD9D-000102C10FD8}) (Version: - ) Logitech SetPoint 6.61 (HKLM\...\sp6) (Version: 6.61.15 - Logitech) Logitech Vid HD (HKLM-x32\...\Logitech Vid) (Version: 7.2 (7248) - Logitech Inc..) Logitech Webcam Software (HKLM\...\{987FE247-4E69-4A2E-A961-D14F901FDBF6}) (Version: 12.10.1113 - Logitech Inc.) Logitech Webcam Software-Treiberpaket (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.) Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Image Composite Editor (HKLM\...\{B821CDAA-34DE-46FD-87C9-E6EE7158DB5D}) (Version: 1.4.4 - Microsoft Corporation) Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation) Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Windows Media Center SDK 6.0 (HKLM-x32\...\{E363B2CF-627B-492D-8881-702D0AE4F50C}) (Version: 7.0.0.0 - Microsoft Corporation) Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.) Movie Maker (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden Mozilla Firefox 32.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 de)) (Version: 32.0.3 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.6.0 - Mozilla) Mozilla Thunderbird 24.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla) MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) Nokia Connectivity Cable Driver (HKLM-x32\...\{A57025CC-5F2E-4D01-B387-06DB10500D43}) (Version: 7.1.78.0 - Nokia) Nokia PC Suite (HKLM-x32\...\Nokia PC Suite) (Version: 7.1.180.94 - Nokia) Nokia PC Suite (x32 Version: 7.1.180.94 - Nokia) Hidden NVIDIA 3D Vision Controller-Treiber 335.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 335.21 - NVIDIA Corporation) NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.11.9745 - NVIDIA Corporation) NVIDIA GeForce Experience 2.1.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.2 - NVIDIA Corporation) NVIDIA GeForce Experience Service (Version: 16.13.42 - NVIDIA Corporation) Hidden NVIDIA Grafiktreiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.162.1274 - NVIDIA Corporation) Hidden NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden NVIDIA Network Service (Version: 2.0 - NVIDIA Corporation) Hidden NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation) NVIDIA ShadowPlay 16.13.42 (Version: 16.13.42 - NVIDIA Corporation) Hidden NVIDIA Systemsteuerung 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden NVIDIA Update 16.13.42 (Version: 16.13.42 - NVIDIA Corporation) Hidden NVIDIA Update Core (Version: 16.13.42 - NVIDIA Corporation) Hidden NVIDIA Virtual Audio 1.2.25 (Version: 1.2.25 - NVIDIA Corporation) Hidden Ocster Backup Pro (HKLM\...\Ocster Backup) (Version: 8.15 - Ocster GmbH & Co. KG) Oracle Data Provider for .NET Help (HKLM-x32\...\{6AA003BF-73E5-4911-ADB7-71DD5674DDD4}) (Version: 10.2.020 - Oracle Corporation) PC Connectivity Solution (HKLM-x32\...\{644F4910-E812-49AD-93EC-86828CB81A0D}) (Version: 12.0.27.0 - Nokia) Photo Gallery (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden PIXELA AAC LC CODEC (HKLM-x32\...\PIXELA AAC LC CODEC) (Version: 1.1.0.1 - Canon Inc.) PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.) Rainlendar2 (remove only) (HKLM-x32\...\Rainlendar2) (Version: - ) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7084 - Realtek Semiconductor Corp.) Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden SHIELD Streaming (Version: 3.1.200 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 16.13.42 - NVIDIA Corporation) Hidden Skype Free Download Packages (HKCU\...\Skype Free Download Packages) (Version: - ) <==== ATTENTION Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.) TomTom HOME (HKLM-x32\...\{99072AB4-D795-44D5-9D65-E3C9F8322C97}) (Version: 2.9.7 - Ihr Firmenname) TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.) Transfer Utility LE (HKLM-x32\...\{F2C2709B-FB3D-458C-B12E-9AAA5EDCA670}) (Version: 1.00.004 - PIXELA) Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft) Update for Microsoft Excel 2010 (KB2889836) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9179FC17-97A8-4D98-9E09-05720AF5D44E}) (Version: - Microsoft) Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft) Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft) Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{4B93560B-F33D-4A67-A224-F5E1C329BD22}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{EAD7BEF9-B28C-425F-B2C5-538CB27EF013}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft) Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft) Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version: - Microsoft) Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version: - Microsoft) Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version: - Microsoft) VideoPad Video-Editor (HKLM-x32\...\VideoPad) (Version: 3.25 - NCH Software) Visual C++ 9.0 CRT (x86) WinSXS MSM (x32 Version: 9.0 - Microsoft Corporation) Hidden WavePad Audio-Editor (HKLM-x32\...\WavePad) (Version: 5.71 - NCH Software) Windows Internet Explorer 10 (x32 Version: 10.0 - Microsoft Corporation) Hidden Windows Live Communications Platform (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3522.0110 - Microsoft Corporation) Windows Live Essentials (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden Windows Live UX Platform (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp) Windows-Treiberpaket - Nokia Modem (02/25/2011 4.7) (HKLM\...\E0AC723A3DE3A04256288CADBBB011B112AED454) (Version: 02/25/2011 4.7 - Nokia) Windows-Treiberpaket - Nokia Modem (02/25/2011 7.01.0.9) (HKLM\...\72A50F48CC5601190B9C4E74D81161693133E7F7) (Version: 02/25/2011 7.01.0.9 - Nokia) Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 07-10-2014 15:56:41 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {02BAD771-29AE-4F87-86E2-66724A4AE0AD} - System32\Tasks\{EFE0F532-2A73-4D21-8AED-C0836875B018} => C:\Program Files (x86)\Axonic\click.to\clicktoapp.exe Task: {053A5F36-8158-460E-92F5-5269606A2376} - System32\Tasks\SaveSenseLiveUpdateTaskMachineCore => C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe <==== ATTENTION Task: {05792E62-12F2-44BE-89D2-47E5850BF6D2} - System32\Tasks\{A60B9513-5CA7-461C-B77C-9F1E2250410E} => C:\Program Files (x86)\SYBEX\Die große Druck-Box\Druckbox.exe Task: {068D666E-6AA6-44B3-8018-F9E7469CC7F1} - System32\Tasks\{DFB0BA80-18E0-4EEC-86C3-EAF7F33D5BB8} => C:\Program Files (x86)\Axonic\click.to\clicktoapp.exe Task: {06EB6EA9-685B-48A5-A88B-B17BA213A01C} - System32\Tasks\{2DAB612D-4CCC-4DAB-9F94-FB2B9EF0B9E3} => C:\Program Files (x86)\Axonic\click.to\clicktoapp.exe Task: {0B54D784-BADC-45E9-B85A-947E461A000C} - System32\Tasks\{D5D0C80E-CFBD-4E8E-A106-1038B1435F23} => C:\Program Files (x86)\Axonic\click.to\clicktoapp.exe Task: {0E601114-0C97-4CF7-8592-1FEBBD63B008} - System32\Tasks\{16930FA3-9E2F-41EF-A083-5F1D19AFE9D3} => C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE [2014-05-15] (Microsoft Corporation) Task: {0EB211BD-53FC-46B3-99D3-FFAF4B6E62DF} - System32\Tasks\{80E296E5-37D4-409E-9D44-F5E897EA8744} => C:\Program Files (x86)\Ashampoo\Ashampoo UnInstaller 5\UI5.exe Task: {106D5C8B-0887-4182-A073-558F6CC015AA} - System32\Tasks\{975DF8E9-A2F1-4163-9C55-8C0AA4FF8A3F} => C:\Program Files (x86)\Axonic\click.to\clicktoapp.exe Task: {1170F6B0-C61C-43A9-9453-514F9DEFC700} - System32\Tasks\{0E365111-C9A7-43CD-9015-AD0B4EDEC820} => Firefox.exe Task: {12177FBD-A7F7-454E-91C2-0FD4F20678E2} - System32\Tasks\{FE3E02D9-54EB-4A9C-A76D-D0F3CE15C9CC} => C:\Program Files (x86)\Axonic\click.to\clicktoapp.exe Task: {18A906B9-5326-4355-875E-83445512BAA2} - System32\Tasks\{748362AD-96C7-493C-8A0B-0EB4C75B3241} => C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSGuide.exe Task: {1A299CF4-EE5C-4645-8873-65819DBCBA09} - System32\Tasks\{8EB85395-6DF1-42D1-BCC9-6A2C39D0A06D} => C:\Program Files (x86)\Ashampoo\Ashampoo UnInstaller 5\UI5.exe Task: {1C99D807-C487-4F14-9A8D-1B92041FB628} - System32\Tasks\{C6B60480-C4B3-4B93-BF85-919436F9DCF1} => C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE Task: {22A1E30A-D0A8-4E63-BAB6-6658ECB5570F} - System32\Tasks\{AEE9FDE0-A111-4974-999F-B408490B8D8C} => C:\Program Files (x86)\Clarus\Samsung Auto Backup\ISFMgr.exe Task: {2413C613-3EEA-42A9-A9EE-4050623C5F7E} - System32\Tasks\{D7BE9AF5-D625-4F96-8078-C3E51416D6DD} => C:\Program Files (x86)\Wetterbox\Wetterbox.exe [2010-02-05] (t-online.de ) Task: {256667D3-6382-4C66-BC05-FE38C9A93824} - System32\Tasks\{B7573703-CF10-4CAD-9D0F-458B6E29B54A} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\starter_avp.exe Task: {284BB469-B242-4F40-AF2E-543E705B46D3} - System32\Tasks\{644C7C4C-8210-40F1-BEE8-A8BB25545919} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe [2014-03-20] (Kaspersky Lab ZAO) Task: {2856A28F-8AE5-481E-A0C2-069AA946DBF8} - System32\Tasks\{21DBD499-C613-48BA-A0F0-186C4F747769} => C:\Program Files (x86)\Clarus\Samsung Auto Backup\ISFMgr.exe Task: {33876F9F-A8EB-491D-8DBC-F14DD846CFE1} - System32\Tasks\{28DBB7A7-6CD0-4781-B081-10048E698970} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe [2014-03-20] (Kaspersky Lab ZAO) Task: {35A4AD38-C6FE-4CB1-956C-492E4FD00101} - System32\Tasks\{54516D7D-DE58-4952-BDB5-73924135CD01} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe [2014-03-20] (Kaspersky Lab ZAO) Task: {3CC6A791-14B7-4970-B342-9A3D349C78EE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated) Task: {3EF4827F-2181-45DB-99AF-C07C2DD54E7A} - System32\Tasks\{AB114C1D-7266-4AF7-A30E-11B26BE1615F} => C:\Program Files (x86)\Clarus\Samsung Auto Backup\ISFMgr.exe Task: {4F4374BC-3B7E-4A54-A1AA-8FD6ECA70275} - System32\Tasks\{105CE8C3-2ADC-430B-9358-49BB8319D8D3} => C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSGuide.exe Task: {53ACADDE-C9AF-4C03-86E9-CF2585090F4E} - System32\Tasks\{A8D91B62-F815-4F1D-A2DB-5D26AE327BC2} => C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2.exe Task: {558ECEFA-C5F8-4FC0-9B26-0615C0130AAC} - System32\Tasks\FreeFileViewerUpdateChecker => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2013-03-25] (Bitberry Software) <==== ATTENTION Task: {5598CCE9-982E-4477-A692-83B791D7C25D} - System32\Tasks\{BF9D57C8-4EB3-4197-B121-7DF9281C6E83} => C:\Program Files (x86)\Common Files\ACD Systems\DE\DevDetect.exe Task: {5FF0F40F-9D9C-4DDC-BF28-00EC30AF6836} - System32\Tasks\{F9E1DD75-D3E2-4306-A4E9-77AD1E3E440F} => C:\Program Files (x86)\Axonic\click.to\clicktoapp.exe Task: {661A0E7E-68C6-495E-A657-0315DE890E51} - System32\Tasks\AdvancedDriverUpdater_UPDATES => C:\Program Files (x86)\Advanced Driver Updater\adu.exe [2013-03-08] (Systweak Inc) Task: {670F6793-B7C9-46E0-88CC-001E8D22E252} - System32\Tasks\Ashampoo UnInstaller 5 => C:\Program Files (x86)\Ashampoo\Ashampoo UnInstaller 5\UI5.exe Task: {6BAB4395-D4C6-477B-9F19-2F6F6A337259} - System32\Tasks\{9E7A4809-517D-41C6-A7FA-F9E5DF7A8CDF} => C:\Program Files (x86)\DATA BECKER\Skat-Ass 3 - Gläserne Karten\skat.exe Task: {6DDAE403-6E11-4128-8F90-A2832FEA1DAB} - System32\Tasks\{338410F2-A2FB-4A54-BE0A-4F0DA5D119FE} => C:\Program Files (x86)\Ashampoo\Ashampoo UnInstaller 5\UI5.exe Task: {74A7EC1B-857B-4488-82AF-03DED0AB0BE0} - System32\Tasks\{9E010073-9998-45F1-A581-5125A55A7A68} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe [2014-03-20] (Kaspersky Lab ZAO) Task: {796B0B0F-B897-4953-B1B2-7E9EEBE90FE4} - System32\Tasks\ProgramRefresh-ATFST => C:\Program Files (x86)\File Type Assistant\tsasetup.exe <==== ATTENTION Task: {7B336E60-CD95-4216-9BCE-1C335774A8E7} - System32\Tasks\{BF75E81F-4726-488E-9F11-553D186A9250} => C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE Task: {7DF9475A-4849-4086-B12E-83014A46C879} - System32\Tasks\{CDB43B5A-D121-4DF5-A8DC-EF60D4BBE90A} => C:\Program Files (x86)\DATA BECKER\Skat-Ass 3 - Gläserne Karten\skat.exe Task: {7EEA12D3-BBBA-4E8F-A91B-469BB8627671} - System32\Tasks\{465C18D9-E052-47EA-8392-BA413D7901C4} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-05-08] (Skype Technologies S.A.) Task: {847A94C0-07D3-41E5-A581-33085976608B} - System32\Tasks\{43DAF3C9-689E-4D7D-85B9-95CFDB2B56C2} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe [2014-03-20] (Kaspersky Lab ZAO) Task: {85652B33-BBBA-4797-803B-01BD530137DC} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd) Task: {894AD76D-CC3B-46B3-924E-F0276E7B039D} - System32\Tasks\{D754773D-5842-4673-856C-06A2F649C881} => C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSGuide.exe Task: {8A4BF58B-94B6-48DA-BC69-967673A37364} - System32\Tasks\{2A6D5D12-AC3F-4F56-9629-72EA3F526508} => C:\Program Files (x86)\SYBEX\Die große Druck-Box\Druckbox.exe Task: {8F33458C-9E20-4AEF-A183-9F68E06DA86A} - System32\Tasks\{F3401210-6A4F-4340-8F3E-AB35C777A196} => C:\Program Files (x86)\DATA BECKER\Visitenkarten-Druckerei 10\BC05.exe Task: {8F8DB379-D692-4E24-9CEF-F2819BE786E2} - System32\Tasks\{3EB5B1CC-807D-4893-992D-30D23BD96179} => C:\Program Files\Netzmanager\netzmanager.exe Task: {90329D18-9C6D-455A-B027-4985FF013982} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-02-25] (Google Inc.) Task: {96987873-4F4F-4757-9B5C-58BAFCC841BE} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-08-21] (Adobe Systems Incorporated) Task: {971D492A-A3A0-4618-87C9-017E8472A04D} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-07-11] (Oracle Corporation) Task: {9B79E0AD-BB8B-483E-93F3-0D0CEF74C9DF} - System32\Tasks\Fifth => C:\Users\Gabi\AppData\Roaming\Fifth\Fifth.exe [2014-03-04] () <==== ATTENTION Task: {9E1DD50F-FC41-4E4F-9BFD-1EAD4F270FF7} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3834002493-4226875369-3535069347-1000 Task: {A05925C6-2CDE-40BF-A026-1BFCE77C1527} - System32\Tasks\{C048A249-E48A-4BC2-B15F-0656BF27CD91} => C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [2014-06-10] (Mozilla Corporation) Task: {A411E66A-04F8-4DC8-A593-7BEEE4FC8332} - System32\Tasks\{E02CA656-60DC-425D-AABD-242A412B746E} => C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2.exe Task: {A7AFD7CB-818A-4F4A-B457-2E056AA4F30C} - System32\Tasks\SaveSenseLiveUpdateTaskMachineUA => C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe <==== ATTENTION Task: {A7E6E67A-5808-49DF-9000-0677CD3FD176} - System32\Tasks\{082DAF34-EDA8-4AA9-A383-820499D2C4BE} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe [2014-03-20] (Kaspersky Lab ZAO) Task: {A94B14D7-E7B5-43CA-B0F4-1ECD9D8A6C51} - System32\Tasks\{263E2A6B-FA6C-49FB-9759-B42DDE9A1DE6} => Firefox.exe hxxp://ui.skype.com/ui/0/5.1.0.104.259/de/abandoninstall?page=tsChrome&installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:offered-installed;madedefault Task: {AE0ECA0A-9100-4606-B346-9533B0740B85} - System32\Tasks\OMESupervisor => C:\Users\Gabi\AppData\Local\omesuperv.exe [2014-03-04] () <==== ATTENTION Task: {AEE815BD-928E-4B21-BF78-46CF8A65685C} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: {B0DC6A06-C9EB-439A-9E53-A44B57FE51B8} - System32\Tasks\{A34CF5D2-DAC1-432A-81AF-6425F048C6FA} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe [2014-03-20] (Kaspersky Lab ZAO) Task: {B8987F0B-334B-44D1-A148-B40D5D8609CE} - System32\Tasks\{97F0DC32-C1D9-4A2B-9146-8537D344C587} => C:\Program Files (x86)\Ashampoo\Ashampoo UnInstaller 5\UI5.exe Task: {BA763B54-1804-4A7F-A217-A4B373ECDE60} - System32\Tasks\{A20E6AF9-41D6-405A-9C39-FF7DAC239F01} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe [2014-03-20] (Kaspersky Lab ZAO) Task: {BB3AFC41-279A-44CB-96B2-D6311FF68DE2} - System32\Tasks\{5CADFEFE-2B94-4C93-87C6-636B34D6999E} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe [2014-03-20] (Kaspersky Lab ZAO) Task: {BF4D038D-7799-4F95-B5EB-83FCCD4B1AC6} - System32\Tasks\{8A366ACA-B741-43B8-A420-7E8198D17C16} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe [2014-03-20] (Kaspersky Lab ZAO) Task: {C47F34BA-36CE-414F-8177-CA148D440196} - System32\Tasks\{EE0E0267-9856-43FB-B84C-E310DC9A0704} => C:\Program Files (x86)\DATA BECKER\Visitenkarten-Druckerei 10\BC05.exe Task: {CFEA226E-049F-42F2-ABCA-D61A7452E32C} - System32\Tasks\{4F3981A5-7150-42B7-92C3-DAF194629515} => C:\Program Files (x86)\Ashampoo\Ashampoo UnInstaller 5\UI5.exe Task: {D2169E60-748D-4B7A-8DC5-CEDB3C66EB10} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-02-25] (Google Inc.) Task: {D4272719-3868-4884-A970-831A6CA33768} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {D7182F84-461D-45E4-8FDC-129C38C5E621} - System32\Tasks\{105A440F-9E8E-42C5-A748-DD8EADA8806B} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-05-08] (Skype Technologies S.A.) Task: {DE954CDE-798E-4E69-B460-3A2F3127FF10} - System32\Tasks\{5DB777F1-762D-4651-BCA7-35B55C2265C6} => C:\Program Files (x86)\Axonic\click.to\clicktoapp.exe Task: {DEA23593-53A0-467E-AA02-6B5B42C82F1A} - System32\Tasks\{25E094D2-9767-42EC-90A0-892447BFE019} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe [2014-03-20] (Kaspersky Lab ZAO) Task: {DF628A14-5E6C-4E41-9B9A-0B0B788C22C9} - System32\Tasks\{FBAC92AE-D39B-4816-94CF-D8F2C22C0BAD} => C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2.exe Task: {E3ADE583-B6C3-4C4C-9E8C-0E748AECCC6D} - System32\Tasks\{A96C6382-D8C3-40AE-9E0A-FC4DB6A55BB5} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe [2014-03-20] (Kaspersky Lab ZAO) Task: {E49BEDBC-E14E-4857-B001-BBD40F81C7A9} - System32\Tasks\{BCBCB7CF-C380-4F68-8B5F-1C6B713DC81D} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe [2014-03-20] (Kaspersky Lab ZAO) Task: {E50AB573-B841-4E33-8140-A8D5FE95E0BA} - System32\Tasks\{317A7A4E-2D2E-4FE7-A2B8-E7CE255820D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe [2014-03-20] (Kaspersky Lab ZAO) Task: {E7E2BD4B-CAB0-4C67-8422-AA82F3B97B47} - System32\Tasks\ProgramUpdateCheck => C:\Program Files (x86)\File Type Assistant\TSAssist.exe [2014-03-04] (Trusted Software ApS) <==== ATTENTION Task: {EAE9BD8C-2D63-4F21-81DB-49ABF3E93CEB} - System32\Tasks\{61C6D3EB-D82F-423D-A8AA-A1E23C7910F6} => C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSGuide.exe Task: {EB265778-8AED-4C65-80E4-CF63880F14DB} - System32\Tasks\{2144E255-C3B4-470C-BDB5-929B9E4FF282} => C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2.exe Task: {ECFA4AA8-AB31-4D9D-AC60-5AF7A44ECE1D} - System32\Tasks\One-Click Optimizer => C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 10\WO10.exe [2013-11-19] (Ashampoo Development GmbH & Co. KG) Task: {F03BCAE4-B30D-40B2-A6FE-609D972EC20C} - System32\Tasks\{1978A92C-F1CC-4F1D-864F-81F946E1AE1A} => C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2.exe Task: {F7BF52E4-2A39-4AA7-8CC7-BC29A8EF610D} - System32\Tasks\{2F5112BB-3685-49A2-BAB6-1BAB4B641E39} => C:\Program Files (x86)\Axonic\click.to\clicktoapp.exe Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\AdvancedDriverUpdater_UPDATES.job => C:\Program Files (x86)\Advanced Driver Updater\adu.exe Task: C:\Windows\Tasks\FreeFileViewerUpdateChecker.job => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe <==== ATTENTION Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\One-Click Optimizer.job => C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 10\WO10.exe Task: C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineCore.job => C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe <==== ATTENTION Task: C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineUA.job => C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe <==== ATTENTION ==================== Loaded Modules (whitelisted) ============= 2012-11-05 20:51 - 2014-03-04 15:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2013-02-18 14:40 - 2013-02-18 14:40 - 00114176 _____ () C:\Windows\system32\ipstrmgr.exe 2014-02-04 15:27 - 2014-02-04 15:27 - 00023896 _____ () c:\Program Files\Ocster Backup\bin\backupService-ox.exe 2014-02-04 15:27 - 2014-02-04 15:27 - 00103256 _____ () c:\Program Files\Ocster Backup\bin\backupServiceLib.dll 2014-02-04 15:27 - 2014-02-04 15:27 - 11059032 _____ () c:\Program Files\Ocster Backup\bin\backupCore.dll 2014-02-04 15:27 - 2014-02-04 15:27 - 00156504 _____ () c:\Program Files\Ocster Backup\bin\deemon.dll 2014-02-04 15:27 - 2014-02-04 15:27 - 04862296 _____ () c:\Program Files\Ocster Backup\bin\ox.dll 2014-02-04 15:27 - 2014-02-04 15:27 - 00494424 _____ () c:\Program Files\Ocster Backup\bin\veem.dll 2014-02-04 15:27 - 2014-02-04 15:27 - 00060248 _____ () c:\Program Files\Ocster Backup\bin\minizutil.dll 2014-02-03 20:56 - 2014-02-03 20:56 - 00020992 _____ () c:\Program Files\Ocster Backup\bin\zlibutil.dll 2013-09-23 21:24 - 2013-09-23 21:24 - 00076288 _____ () c:\Program Files\Ocster Backup\bin\zdll.dll 2014-02-04 15:27 - 2014-02-04 15:27 - 00052568 _____ () c:\Program Files\Ocster Backup\bin\lzmaUtil.dll 2014-02-03 15:56 - 2014-02-03 15:56 - 00049664 _____ () c:\Program Files\Ocster Backup\bin\lzma.dll 2014-02-04 15:27 - 2014-02-04 15:27 - 00506200 _____ () c:\Program Files\Ocster Backup\bin\twirl.dll 2014-02-04 15:27 - 2014-02-04 15:27 - 00343896 _____ () c:\Program Files\Ocster Backup\bin\tomb.dll 2014-02-03 20:58 - 2014-02-03 20:58 - 00314880 _____ () c:\Program Files\Ocster Backup\bin\party.dll 2014-02-04 15:27 - 2014-02-04 15:27 - 00112984 _____ () c:\Program Files\Ocster Backup\bin\scoolite.dll 2014-02-03 15:55 - 2014-02-03 15:55 - 00626688 _____ () c:\Program Files\Ocster Backup\bin\sqlite.dll 2014-02-04 15:27 - 2014-02-04 15:27 - 00210264 _____ () c:\Program Files\Ocster Backup\bin\netutil.dll 2011-03-16 12:11 - 2006-10-10 06:03 - 00208896 _____ () C:\oracle10g\BIN\TNSLSNR.exe 2014-08-08 21:47 - 2014-08-08 21:47 - 00435696 _____ () C:\Program Files (x86)\Search\WebSearch.exe 2014-01-26 15:19 - 2013-11-19 10:11 - 00885096 _____ () C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 10\LiveTunerService.exe 2014-02-04 15:27 - 2014-02-04 15:27 - 00312664 _____ () C:\Program Files\Ocster Backup\bin\backupClient-ox.exe 2014-02-04 15:27 - 2014-02-04 15:27 - 06249816 _____ () C:\Program Files\Ocster Backup\bin\backupClientLib.dll 2014-02-04 15:27 - 2014-02-04 15:27 - 00389464 _____ () C:\Program Files\Ocster Backup\bin\updateman.dll 2014-02-04 15:27 - 2014-02-04 15:27 - 00506200 _____ () C:\Program Files\Ocster Backup\bin\twirl.dll 2014-02-04 15:27 - 2014-02-04 15:27 - 00343896 _____ () C:\Program Files\Ocster Backup\bin\tomb.dll 2014-02-04 15:27 - 2014-02-04 15:27 - 04862296 _____ () C:\Program Files\Ocster Backup\bin\ox.dll 2013-09-23 21:24 - 2013-09-23 21:24 - 00076288 _____ () C:\Program Files\Ocster Backup\bin\zdll.dll 2014-02-04 15:27 - 2014-02-04 15:27 - 11059032 _____ () C:\Program Files\Ocster Backup\bin\backupCore.dll 2014-02-04 15:27 - 2014-02-04 15:27 - 00156504 _____ () C:\Program Files\Ocster Backup\bin\deemon.dll 2014-02-04 15:27 - 2014-02-04 15:27 - 00494424 _____ () C:\Program Files\Ocster Backup\bin\veem.dll 2014-02-04 15:27 - 2014-02-04 15:27 - 00060248 _____ () C:\Program Files\Ocster Backup\bin\minizutil.dll 2014-02-03 20:56 - 2014-02-03 20:56 - 00020992 _____ () C:\Program Files\Ocster Backup\bin\zlibutil.dll 2014-02-04 15:27 - 2014-02-04 15:27 - 00052568 _____ () C:\Program Files\Ocster Backup\bin\lzmaUtil.dll 2014-02-03 15:56 - 2014-02-03 15:56 - 00049664 _____ () C:\Program Files\Ocster Backup\bin\lzma.dll 2014-02-03 20:58 - 2014-02-03 20:58 - 00314880 _____ () C:\Program Files\Ocster Backup\bin\party.dll 2014-02-04 15:27 - 2014-02-04 15:27 - 00112984 _____ () C:\Program Files\Ocster Backup\bin\scoolite.dll 2014-02-03 15:55 - 2014-02-03 15:55 - 00626688 _____ () C:\Program Files\Ocster Backup\bin\sqlite.dll 2014-02-04 15:27 - 2014-02-04 15:27 - 00210264 _____ () C:\Program Files\Ocster Backup\bin\netutil.dll 2014-02-04 15:27 - 2014-02-04 15:27 - 00147288 _____ () C:\Program Files\Ocster Backup\bin\featback.dll 2011-01-06 15:27 - 2011-01-06 15:27 - 03666944 _____ () C:\Program Files\Rainlendar2\Rainlendar2.exe 2010-05-23 19:24 - 2010-05-23 19:24 - 01282048 _____ () C:\Program Files\Rainlendar2\LIBEAY32.dll 2010-05-23 19:24 - 2010-05-23 19:24 - 00243712 _____ () C:\Program Files\Rainlendar2\SSLEAY32.dll 2010-05-23 19:30 - 2010-05-23 19:30 - 00160768 _____ () C:\Program Files\Rainlendar2\lua51.dll 2011-01-06 15:27 - 2011-01-06 15:27 - 00306688 _____ () C:\Program Files\Rainlendar2\plugins\iCalendarPlugin.dll 2010-05-23 19:30 - 2010-05-23 19:30 - 00013824 _____ () C:\Program Files\Rainlendar2\lfs.dll 2014-09-25 20:44 - 2014-09-25 20:44 - 00053248 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll 2014-04-14 21:41 - 2014-04-14 21:41 - 00039192 _____ () C:\Program Files\CCleaner\branding.dll 2014-02-03 20:19 - 2014-02-03 20:19 - 00045056 _____ () c:\Program Files\Ocster Backup\bin\oxHelper.exe 2014-02-03 20:19 - 2014-02-03 20:19 - 00045056 _____ () C:\Program Files\Ocster Backup\bin\oxHelper.exe 2014-10-04 20:27 - 2014-10-04 20:27 - 03541448 ____N () c:\Program Files (x86)\Optimizer Pro\OptProCrash.dll 2013-06-17 13:35 - 2013-06-17 13:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll 2013-05-08 15:52 - 2013-05-08 15:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll 2011-03-16 12:09 - 2006-10-10 07:47 - 00061440 _____ () C:\oracle10g\BIN\onsclient.dll 2011-03-16 12:11 - 2011-03-16 12:14 - 04743168 _____ () c:\oracle10g\bin\orajox10.dll 2014-03-04 20:50 - 2014-09-25 20:38 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:373E1720 AlternateDataStreams: C:\ProgramData\TEMP:AD022376 ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" MSCONFIG\startupreg: ApnUpdater => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" MSCONFIG\startupreg: Ashampoo Core Tuner 2 => C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2.exe -TRAY MSCONFIG\startupreg: Ashampoo WinOptimizer Live-Tuner => "C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 10\LiveTuner.exe" -TRAY MSCONFIG\startupreg: Logitech Vid => "C:\Program Files (x86)\Logitech\Vid HD\Vid.exe" -bootmode MSCONFIG\startupreg: LogitechQuickCamRibbon => "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide MSCONFIG\startupreg: NPSStartup => MSCONFIG\startupreg: Optimizer Pro => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe MSCONFIG\startupreg: PC Suite Tray => "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray MSCONFIG\startupreg: PCSuiteTrayApplication => C:\Program Files (x86)\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup MSCONFIG\startupreg: PDFPrint => C:\Program Files (x86)\pdf24\pdf24.exe MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: TomTomHOME.exe => "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" ========================= Accounts: ========================== Administrator (S-1-5-21-3834002493-4226875369-3535069347-500 - Administrator - Disabled) Gabi (S-1-5-21-3834002493-4226875369-3535069347-1000 - Administrator - Enabled) => C:\Users\Gabi Gast (S-1-5-21-3834002493-4226875369-3535069347-501 - Limited - Enabled) _ocster_backup_ (S-1-5-21-3834002493-4226875369-3535069347-1011 - Administrator - Enabled) => C:\Users\_ocster_backup_ ==================== Faulty Device Manager Devices ============= Name: ttnfd Description: ttnfd Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: ttnfd Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (10/07/2014 06:58:42 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Error: (10/05/2014 08:30:24 PM) (Source: Windows Backup) (EventID: 4103) (User: ) Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "I:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)" Error: (10/04/2014 09:13:03 AM) (Source: ThreadLib) (EventID: 0) (User: ) Description: ThreadLib::Thread Exception:: Error: (10/04/2014 09:08:49 AM) (Source: ThreadLib) (EventID: 0) (User: ) Description: ThreadLib::Thread Exception:: Error: (10/04/2014 09:08:01 AM) (Source: ThreadLib) (EventID: 0) (User: ) Description: ThreadLib::Thread Exception:: Error: (10/04/2014 09:07:19 AM) (Source: ThreadLib) (EventID: 0) (User: ) Description: ThreadLib::Thread Exception:: Error: (10/04/2014 09:06:55 AM) (Source: ThreadLib) (EventID: 0) (User: ) Description: ThreadLib::Thread Exception:: Error: (10/04/2014 09:05:48 AM) (Source: ThreadLib) (EventID: 0) (User: ) Description: ThreadLib::Thread Exception:: Error: (10/04/2014 09:04:02 AM) (Source: ThreadLib) (EventID: 0) (User: ) Description: ThreadLib::Thread Exception:: Error: (10/03/2014 07:17:17 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm thunderbird.exe, Version 24.6.0.5274 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1430 Startzeit: 01cfdf2d845b6af3 Endzeit: 0 Anwendungspfad: C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe Berichts-ID: System errors: ============= Error: (10/07/2014 04:28:35 PM) (Source: volsnap) (EventID: 36) (User: ) Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. Error: (10/07/2014 03:48:57 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: StarOpen ttnfd Error: (10/06/2014 11:59:09 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: StarOpen ttnfd Error: (10/06/2014 11:56:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Search" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (10/06/2014 11:56:55 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Search erreicht. Error: (10/06/2014 11:56:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "OracleORACLE_Home10gTNSListener" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (10/06/2014 11:56:19 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst OracleORACLE_Home10gTNSListener erreicht. Error: (10/06/2014 11:49:36 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (10/06/2014 11:49:36 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (10/06/2014 11:49:36 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Microsoft Office Sessions: ========================= Error: (10/07/2014 06:58:42 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Users\Gabi\Documents\SoftonicDownloader_fuer_internet-explorer-9.exe Error: (10/05/2014 08:30:24 PM) (Source: Windows Backup) (EventID: 4103) (User: ) Description: I:\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006) Error: (10/04/2014 09:13:03 AM) (Source: ThreadLib) (EventID: 0) (User: ) Description: ThreadLib::Thread Exception:: Error: (10/04/2014 09:08:49 AM) (Source: ThreadLib) (EventID: 0) (User: ) Description: ThreadLib::Thread Exception:: Error: (10/04/2014 09:08:01 AM) (Source: ThreadLib) (EventID: 0) (User: ) Description: ThreadLib::Thread Exception:: Error: (10/04/2014 09:07:19 AM) (Source: ThreadLib) (EventID: 0) (User: ) Description: ThreadLib::Thread Exception:: Error: (10/04/2014 09:06:55 AM) (Source: ThreadLib) (EventID: 0) (User: ) Description: ThreadLib::Thread Exception:: Error: (10/04/2014 09:05:48 AM) (Source: ThreadLib) (EventID: 0) (User: ) Description: ThreadLib::Thread Exception:: Error: (10/04/2014 09:04:02 AM) (Source: ThreadLib) (EventID: 0) (User: ) Description: ThreadLib::Thread Exception:: Error: (10/03/2014 07:17:17 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: thunderbird.exe24.6.0.5274143001cfdf2d845b6af30C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe CodeIntegrity Errors: =================================== Date: 2014-09-16 20:34:24.086 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-09-16 20:34:24.008 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-09-16 20:34:23.977 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-09-16 20:34:23.977 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-09-16 19:36:27.946 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-09-16 19:36:27.821 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-09-15 12:44:13.936 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-09-15 12:44:13.936 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-09-15 12:44:13.920 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-09-15 12:44:13.905 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5 CPU 750 @ 2.67GHz Percentage of memory in use: 51% Total physical RAM: 4091.49 MB Available physical RAM: 1980.7 MB Total Pagefile: 8181.16 MB Available Pagefile: 4372.71 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: (System) (Fixed) (Total:465.76 GB) (Free:235.84 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (30 Sep 2014) (CDROM) (Total:4.38 GB) (Free:4.38 GB) UDF ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 2B279F71) Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
08.10.2014, 20:49 | #5 |
| Optimizer Pro v3.2 incl. Crash Monitor enfernen Teil 3 (es kommt noch Teil 4) Addition-1.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-10-2014 01 Ran by Gabi at 2014-10-07 22:11:47 Running from C:\Users\Gabi\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886} AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) ACDSee Foto-Editor (HKLM-x32\...\{53AD87D3-72AE-4D07-8A7A-1F4D54E83777}) (Version: 4.00.208 - ACD Systems Ltd.) ACDSee Foto-Manager 2009 (HKLM-x32\...\{300578F9-9EFF-4B93-9AB1-C0E5707EF463}) (Version: 11.0.115 - ACD Systems International) ACDSee Image Decoder Update (HKLM-x32\...\{047A167B-0C6B-41F3-B5E6-E968F92468C1}) (Version: 2.0.5 - ACD Systems) Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated) Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated) Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated) Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated) Advanced Driver Updater (HKLM-x32\...\Advanced Driver Updater_is1) (Version: 2.1.1086.15131 - Systweak Inc) Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Ashampoo Burning Studio 14 v.14.0.5 (HKLM-x32\...\{91B33C97-7BCF-CDFE-4321-58EBF3E8641C}_is1) (Version: 14.0.5 - Ashampoo GmbH & Co. KG) Ashampoo Movie Studio Pro v.1.0.7 (HKLM-x32\...\{91B33C97-EC92-2CD7-E21F-4FEF6AA572AA}_is1) (Version: 1.0.7 - Ashampoo GmbH & Co. KG) Ashampoo WinOptimizer 10 v.10.3.0 (HKLM-x32\...\{4209F371-88D4-AB00-ED2B-D6520C84D9D5}_is1) (Version: 10.03.00 - Ashampoo GmbH & Co. KG) Avidemux 2.6 (32-bit) (HKLM-x32\...\Avidemux 2.6) (Version: 2.6.7.8981 - ) Bing-Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.174.0 - Microsoft Corporation) Browser Guard (HKLM-x32\...\Browser Guard) (Version: - ) BurnAware Free 6.9.3 (HKLM-x32\...\BurnAware Free_is1) (Version: - Burnaware) BurnAware Free Download Packages (HKCU\...\BurnAware Free Download Packages) (Version: - ) <==== ATTENTION Canon MP Navigator 3.0 (HKLM-x32\...\MP Navigator 3.0) (Version: - ) Canon MP600 (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP600) (Version: - ) Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.) Canon Utilities CameraWindow DC 8 (HKLM-x32\...\CameraWindowDC) (Version: 8.10.2.21 - Canon Inc.) CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform) Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{650DE870-ECA3-4E63-8D77-778512BE5D4C}) (Version: - Microsoft) Document Express DjVu Plug-in (HKLM-x32\...\{DB90B88C-DDA6-4831-B73D-58B4B8F3D349}) (Version: 6.1.27549 - Caminova, Inc.) ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 15.2.20140326 - Landesfinanzdirektion Thüringen) eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden erLT (x32 Version: 1.20.0137 - Logitech, Inc.) Hidden File Type Assistant (HKLM-x32\...\Trusted Software Assistant_is1) (Version: 2014.1.24.0 - ) <==== ATTENTION Fotogalerie (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden Free File Viewer 2014 (HKLM-x32\...\FreeFileViewer_is1) (Version: 2014.2.16.0 - Bitberry Software) <==== ATTENTION Free YouTube Download version 3.2.43.806 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.43.806 - DVDVideoSoft Ltd.) Freemake Video Converter Free Download Packages (HKCU\...\Freemake Video Converter Free Download Packages) (Version: - ) <==== ATTENTION Freemake Video Converter Version 4.1.4 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.4 - Ellora Assets Corporation) Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden Inpaint 5.2 (HKLM-x32\...\{2AEDC172-479F-47AE-8A48-A0524D4AED5B}_is1) (Version: - Teorex) IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan) IrfanView Download Packages (HKCU\...\IrfanView Download Packages) (Version: - ) <==== ATTENTION Java 7 Update 55 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417055FF}) (Version: 7.0.550 - Oracle) Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle) Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) Hidden Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab) Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden Lizardtech DjVu Control (HKLM-x32\...\{105CFC7C-6992-11D5-BD9D-000102C10FD8}) (Version: - ) Logitech SetPoint 6.61 (HKLM\...\sp6) (Version: 6.61.15 - Logitech) Logitech Vid HD (HKLM-x32\...\Logitech Vid) (Version: 7.2 (7248) - Logitech Inc..) Logitech Webcam Software (HKLM\...\{987FE247-4E69-4A2E-A961-D14F901FDBF6}) (Version: 12.10.1113 - Logitech Inc.) Logitech Webcam Software-Treiberpaket (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.) Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Image Composite Editor (HKLM\...\{B821CDAA-34DE-46FD-87C9-E6EE7158DB5D}) (Version: 1.4.4 - Microsoft Corporation) Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation) Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Windows Media Center SDK 6.0 (HKLM-x32\...\{E363B2CF-627B-492D-8881-702D0AE4F50C}) (Version: 7.0.0.0 - Microsoft Corporation) Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.) Movie Maker (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden Mozilla Firefox 32.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 de)) (Version: 32.0.3 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.6.0 - Mozilla) Mozilla Thunderbird 24.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla) MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) Nokia Connectivity Cable Driver (HKLM-x32\...\{A57025CC-5F2E-4D01-B387-06DB10500D43}) (Version: 7.1.78.0 - Nokia) Nokia PC Suite (HKLM-x32\...\Nokia PC Suite) (Version: 7.1.180.94 - Nokia) Nokia PC Suite (x32 Version: 7.1.180.94 - Nokia) Hidden NVIDIA 3D Vision Controller-Treiber 335.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 335.21 - NVIDIA Corporation) NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.11.9745 - NVIDIA Corporation) NVIDIA GeForce Experience 2.1.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.2 - NVIDIA Corporation) NVIDIA GeForce Experience Service (Version: 16.13.42 - NVIDIA Corporation) Hidden NVIDIA Grafiktreiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.162.1274 - NVIDIA Corporation) Hidden NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden NVIDIA Network Service (Version: 2.0 - NVIDIA Corporation) Hidden NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation) NVIDIA ShadowPlay 16.13.42 (Version: 16.13.42 - NVIDIA Corporation) Hidden NVIDIA Systemsteuerung 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden NVIDIA Update 16.13.42 (Version: 16.13.42 - NVIDIA Corporation) Hidden NVIDIA Update Core (Version: 16.13.42 - NVIDIA Corporation) Hidden NVIDIA Virtual Audio 1.2.25 (Version: 1.2.25 - NVIDIA Corporation) Hidden Ocster Backup Pro (HKLM\...\Ocster Backup) (Version: 8.15 - Ocster GmbH & Co. KG) Oracle Data Provider for .NET Help (HKLM-x32\...\{6AA003BF-73E5-4911-ADB7-71DD5674DDD4}) (Version: 10.2.020 - Oracle Corporation) PC Connectivity Solution (HKLM-x32\...\{644F4910-E812-49AD-93EC-86828CB81A0D}) (Version: 12.0.27.0 - Nokia) Photo Gallery (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden PIXELA AAC LC CODEC (HKLM-x32\...\PIXELA AAC LC CODEC) (Version: 1.1.0.1 - Canon Inc.) PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.) Rainlendar2 (remove only) (HKLM-x32\...\Rainlendar2) (Version: - ) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7084 - Realtek Semiconductor Corp.) Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden SHIELD Streaming (Version: 3.1.200 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 16.13.42 - NVIDIA Corporation) Hidden Skype Free Download Packages (HKCU\...\Skype Free Download Packages) (Version: - ) <==== ATTENTION Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.) TomTom HOME (HKLM-x32\...\{99072AB4-D795-44D5-9D65-E3C9F8322C97}) (Version: 2.9.7 - Ihr Firmenname) TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.) Transfer Utility LE (HKLM-x32\...\{F2C2709B-FB3D-458C-B12E-9AAA5EDCA670}) (Version: 1.00.004 - PIXELA) Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft) Update for Microsoft Excel 2010 (KB2889836) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9179FC17-97A8-4D98-9E09-05720AF5D44E}) (Version: - Microsoft) Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft) Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft) Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{4B93560B-F33D-4A67-A224-F5E1C329BD22}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{EAD7BEF9-B28C-425F-B2C5-538CB27EF013}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft) Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft) Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version: - Microsoft) Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version: - Microsoft) Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version: - Microsoft) VideoPad Video-Editor (HKLM-x32\...\VideoPad) (Version: 3.25 - NCH Software) Visual C++ 9.0 CRT (x86) WinSXS MSM (x32 Version: 9.0 - Microsoft Corporation) Hidden WavePad Audio-Editor (HKLM-x32\...\WavePad) (Version: 5.71 - NCH Software) Windows Internet Explorer 10 (x32 Version: 10.0 - Microsoft Corporation) Hidden Windows Live Communications Platform (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3522.0110 - Microsoft Corporation) Windows Live Essentials (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden Windows Live UX Platform (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp) Windows-Treiberpaket - Nokia Modem (02/25/2011 4.7) (HKLM\...\E0AC723A3DE3A04256288CADBBB011B112AED454) (Version: 02/25/2011 4.7 - Nokia) Windows-Treiberpaket - Nokia Modem (02/25/2011 7.01.0.9) (HKLM\...\72A50F48CC5601190B9C4E74D81161693133E7F7) (Version: 02/25/2011 7.01.0.9 - Nokia) Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 07-10-2014 15:56:41 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {02BAD771-29AE-4F87-86E2-66724A4AE0AD} - System32\Tasks\{EFE0F532-2A73-4D21-8AED-C0836875B018} => C:\Program Files (x86)\Axonic\click.to\clicktoapp.exe Task: {053A5F36-8158-460E-92F5-5269606A2376} - System32\Tasks\SaveSenseLiveUpdateTaskMachineCore => C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe <==== ATTENTION Task: {05792E62-12F2-44BE-89D2-47E5850BF6D2} - System32\Tasks\{A60B9513-5CA7-461C-B77C-9F1E2250410E} => C:\Program Files (x86)\SYBEX\Die große Druck-Box\Druckbox.exe Task: {068D666E-6AA6-44B3-8018-F9E7469CC7F1} - System32\Tasks\{DFB0BA80-18E0-4EEC-86C3-EAF7F33D5BB8} => C:\Program Files (x86)\Axonic\click.to\clicktoapp.exe Task: {06EB6EA9-685B-48A5-A88B-B17BA213A01C} - System32\Tasks\{2DAB612D-4CCC-4DAB-9F94-FB2B9EF0B9E3} => C:\Program Files (x86)\Axonic\click.to\clicktoapp.exe Task: {0B54D784-BADC-45E9-B85A-947E461A000C} - System32\Tasks\{D5D0C80E-CFBD-4E8E-A106-1038B1435F23} => C:\Program Files (x86)\Axonic\click.to\clicktoapp.exe Task: {0E601114-0C97-4CF7-8592-1FEBBD63B008} - System32\Tasks\{16930FA3-9E2F-41EF-A083-5F1D19AFE9D3} => C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE [2014-05-15] (Microsoft Corporation) Task: {0EB211BD-53FC-46B3-99D3-FFAF4B6E62DF} - System32\Tasks\{80E296E5-37D4-409E-9D44-F5E897EA8744} => C:\Program Files (x86)\Ashampoo\Ashampoo UnInstaller 5\UI5.exe Task: {106D5C8B-0887-4182-A073-558F6CC015AA} - System32\Tasks\{975DF8E9-A2F1-4163-9C55-8C0AA4FF8A3F} => C:\Program Files (x86)\Axonic\click.to\clicktoapp.exe Task: {1170F6B0-C61C-43A9-9453-514F9DEFC700} - System32\Tasks\{0E365111-C9A7-43CD-9015-AD0B4EDEC820} => Firefox.exe Task: {12177FBD-A7F7-454E-91C2-0FD4F20678E2} - System32\Tasks\{FE3E02D9-54EB-4A9C-A76D-D0F3CE15C9CC} => C:\Program Files (x86)\Axonic\click.to\clicktoapp.exe Task: {18A906B9-5326-4355-875E-83445512BAA2} - System32\Tasks\{748362AD-96C7-493C-8A0B-0EB4C75B3241} => C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSGuide.exe Task: {1A299CF4-EE5C-4645-8873-65819DBCBA09} - System32\Tasks\{8EB85395-6DF1-42D1-BCC9-6A2C39D0A06D} => C:\Program Files (x86)\Ashampoo\Ashampoo UnInstaller 5\UI5.exe Task: {1C99D807-C487-4F14-9A8D-1B92041FB628} - System32\Tasks\{C6B60480-C4B3-4B93-BF85-919436F9DCF1} => C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE Task: {22A1E30A-D0A8-4E63-BAB6-6658ECB5570F} - System32\Tasks\{AEE9FDE0-A111-4974-999F-B408490B8D8C} => C:\Program Files (x86)\Clarus\Samsung Auto Backup\ISFMgr.exe Task: {2413C613-3EEA-42A9-A9EE-4050623C5F7E} - System32\Tasks\{D7BE9AF5-D625-4F96-8078-C3E51416D6DD} => C:\Program Files (x86)\Wetterbox\Wetterbox.exe [2010-02-05] (t-online.de ) Task: {256667D3-6382-4C66-BC05-FE38C9A93824} - System32\Tasks\{B7573703-CF10-4CAD-9D0F-458B6E29B54A} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\starter_avp.exe Task: {284BB469-B242-4F40-AF2E-543E705B46D3} - System32\Tasks\{644C7C4C-8210-40F1-BEE8-A8BB25545919} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe [2014-03-20] (Kaspersky Lab ZAO) Task: {2856A28F-8AE5-481E-A0C2-069AA946DBF8} - System32\Tasks\{21DBD499-C613-48BA-A0F0-186C4F747769} => C:\Program Files (x86)\Clarus\Samsung Auto Backup\ISFMgr.exe Task: {33876F9F-A8EB-491D-8DBC-F14DD846CFE1} - System32\Tasks\{28DBB7A7-6CD0-4781-B081-10048E698970} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe [2014-03-20] (Kaspersky Lab ZAO) Task: {35A4AD38-C6FE-4CB1-956C-492E4FD00101} - System32\Tasks\{54516D7D-DE58-4952-BDB5-73924135CD01} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe [2014-03-20] (Kaspersky Lab ZAO) Task: {3CC6A791-14B7-4970-B342-9A3D349C78EE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated) Task: {3EF4827F-2181-45DB-99AF-C07C2DD54E7A} - System32\Tasks\{AB114C1D-7266-4AF7-A30E-11B26BE1615F} => C:\Program Files (x86)\Clarus\Samsung Auto Backup\ISFMgr.exe Task: {4F4374BC-3B7E-4A54-A1AA-8FD6ECA70275} - System32\Tasks\{105CE8C3-2ADC-430B-9358-49BB8319D8D3} => C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSGuide.exe Task: {53ACADDE-C9AF-4C03-86E9-CF2585090F4E} - System32\Tasks\{A8D91B62-F815-4F1D-A2DB-5D26AE327BC2} => C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2.exe Task: {558ECEFA-C5F8-4FC0-9B26-0615C0130AAC} - System32\Tasks\FreeFileViewerUpdateChecker => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2013-03-25] (Bitberry Software) <==== ATTENTION Task: {5598CCE9-982E-4477-A692-83B791D7C25D} - System32\Tasks\{BF9D57C8-4EB3-4197-B121-7DF9281C6E83} => C:\Program Files (x86)\Common Files\ACD Systems\DE\DevDetect.exe Task: {5FF0F40F-9D9C-4DDC-BF28-00EC30AF6836} - System32\Tasks\{F9E1DD75-D3E2-4306-A4E9-77AD1E3E440F} => C:\Program Files (x86)\Axonic\click.to\clicktoapp.exe Task: {661A0E7E-68C6-495E-A657-0315DE890E51} - System32\Tasks\AdvancedDriverUpdater_UPDATES => C:\Program Files (x86)\Advanced Driver Updater\adu.exe [2013-03-08] (Systweak Inc) Task: {670F6793-B7C9-46E0-88CC-001E8D22E252} - System32\Tasks\Ashampoo UnInstaller 5 => C:\Program Files (x86)\Ashampoo\Ashampoo UnInstaller 5\UI5.exe Task: {6BAB4395-D4C6-477B-9F19-2F6F6A337259} - System32\Tasks\{9E7A4809-517D-41C6-A7FA-F9E5DF7A8CDF} => C:\Program Files (x86)\DATA BECKER\Skat-Ass 3 - Gläserne Karten\skat.exe Task: {6DDAE403-6E11-4128-8F90-A2832FEA1DAB} - System32\Tasks\{338410F2-A2FB-4A54-BE0A-4F0DA5D119FE} => C:\Program Files (x86)\Ashampoo\Ashampoo UnInstaller 5\UI5.exe Task: {74A7EC1B-857B-4488-82AF-03DED0AB0BE0} - System32\Tasks\{9E010073-9998-45F1-A581-5125A55A7A68} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe [2014-03-20] (Kaspersky Lab ZAO) Task: {796B0B0F-B897-4953-B1B2-7E9EEBE90FE4} - System32\Tasks\ProgramRefresh-ATFST => C:\Program Files (x86)\File Type Assistant\tsasetup.exe <==== ATTENTION Task: {7B336E60-CD95-4216-9BCE-1C335774A8E7} - System32\Tasks\{BF75E81F-4726-488E-9F11-553D186A9250} => C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE Task: {7DF9475A-4849-4086-B12E-83014A46C879} - System32\Tasks\{CDB43B5A-D121-4DF5-A8DC-EF60D4BBE90A} => C:\Program Files (x86)\DATA BECKER\Skat-Ass 3 - Gläserne Karten\skat.exe Task: {7EEA12D3-BBBA-4E8F-A91B-469BB8627671} - System32\Tasks\{465C18D9-E052-47EA-8392-BA413D7901C4} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-05-08] (Skype Technologies S.A.) Task: {847A94C0-07D3-41E5-A581-33085976608B} - System32\Tasks\{43DAF3C9-689E-4D7D-85B9-95CFDB2B56C2} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe [2014-03-20] (Kaspersky Lab ZAO) Task: {85652B33-BBBA-4797-803B-01BD530137DC} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd) Task: {894AD76D-CC3B-46B3-924E-F0276E7B039D} - System32\Tasks\{D754773D-5842-4673-856C-06A2F649C881} => C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSGuide.exe Task: {8A4BF58B-94B6-48DA-BC69-967673A37364} - System32\Tasks\{2A6D5D12-AC3F-4F56-9629-72EA3F526508} => C:\Program Files (x86)\SYBEX\Die große Druck-Box\Druckbox.exe Task: {8F33458C-9E20-4AEF-A183-9F68E06DA86A} - System32\Tasks\{F3401210-6A4F-4340-8F3E-AB35C777A196} => C:\Program Files (x86)\DATA BECKER\Visitenkarten-Druckerei 10\BC05.exe Task: {8F8DB379-D692-4E24-9CEF-F2819BE786E2} - System32\Tasks\{3EB5B1CC-807D-4893-992D-30D23BD96179} => C:\Program Files\Netzmanager\netzmanager.exe Task: {90329D18-9C6D-455A-B027-4985FF013982} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-02-25] (Google Inc.) Task: {96987873-4F4F-4757-9B5C-58BAFCC841BE} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-08-21] (Adobe Systems Incorporated) Task: {971D492A-A3A0-4618-87C9-017E8472A04D} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-07-11] (Oracle Corporation) Task: {9B79E0AD-BB8B-483E-93F3-0D0CEF74C9DF} - System32\Tasks\Fifth => C:\Users\Gabi\AppData\Roaming\Fifth\Fifth.exe [2014-03-04] () <==== ATTENTION Task: {9E1DD50F-FC41-4E4F-9BFD-1EAD4F270FF7} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3834002493-4226875369-3535069347-1000 Task: {A05925C6-2CDE-40BF-A026-1BFCE77C1527} - System32\Tasks\{C048A249-E48A-4BC2-B15F-0656BF27CD91} => C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [2014-06-10] (Mozilla Corporation) Task: {A411E66A-04F8-4DC8-A593-7BEEE4FC8332} - System32\Tasks\{E02CA656-60DC-425D-AABD-242A412B746E} => C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2.exe Task: {A7AFD7CB-818A-4F4A-B457-2E056AA4F30C} - System32\Tasks\SaveSenseLiveUpdateTaskMachineUA => C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe <==== ATTENTION Task: {A7E6E67A-5808-49DF-9000-0677CD3FD176} - System32\Tasks\{082DAF34-EDA8-4AA9-A383-820499D2C4BE} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe [2014-03-20] (Kaspersky Lab ZAO) Task: {A94B14D7-E7B5-43CA-B0F4-1ECD9D8A6C51} - System32\Tasks\{263E2A6B-FA6C-49FB-9759-B42DDE9A1DE6} => Firefox.exe hxxp://ui.skype.com/ui/0/5.1.0.104.259/de/abandoninstall?page=tsChrome&installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:offered-installed;madedefault Task: {AE0ECA0A-9100-4606-B346-9533B0740B85} - System32\Tasks\OMESupervisor => C:\Users\Gabi\AppData\Local\omesuperv.exe [2014-03-04] () <==== ATTENTION Task: {AEE815BD-928E-4B21-BF78-46CF8A65685C} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: {B0DC6A06-C9EB-439A-9E53-A44B57FE51B8} - System32\Tasks\{A34CF5D2-DAC1-432A-81AF-6425F048C6FA} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe [2014-03-20] (Kaspersky Lab ZAO) Task: {B8987F0B-334B-44D1-A148-B40D5D8609CE} - System32\Tasks\{97F0DC32-C1D9-4A2B-9146-8537D344C587} => C:\Program Files (x86)\Ashampoo\Ashampoo UnInstaller 5\UI5.exe Task: {BA763B54-1804-4A7F-A217-A4B373ECDE60} - System32\Tasks\{A20E6AF9-41D6-405A-9C39-FF7DAC239F01} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe [2014-03-20] (Kaspersky Lab ZAO) Task: {BB3AFC41-279A-44CB-96B2-D6311FF68DE2} - System32\Tasks\{5CADFEFE-2B94-4C93-87C6-636B34D6999E} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe [2014-03-20] (Kaspersky Lab ZAO) Task: {BF4D038D-7799-4F95-B5EB-83FCCD4B1AC6} - System32\Tasks\{8A366ACA-B741-43B8-A420-7E8198D17C16} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe [2014-03-20] (Kaspersky Lab ZAO) Task: {C47F34BA-36CE-414F-8177-CA148D440196} - System32\Tasks\{EE0E0267-9856-43FB-B84C-E310DC9A0704} => C:\Program Files (x86)\DATA BECKER\Visitenkarten-Druckerei 10\BC05.exe Task: {CFEA226E-049F-42F2-ABCA-D61A7452E32C} - System32\Tasks\{4F3981A5-7150-42B7-92C3-DAF194629515} => C:\Program Files (x86)\Ashampoo\Ashampoo UnInstaller 5\UI5.exe Task: {D2169E60-748D-4B7A-8DC5-CEDB3C66EB10} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-02-25] (Google Inc.) Task: {D4272719-3868-4884-A970-831A6CA33768} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {D7182F84-461D-45E4-8FDC-129C38C5E621} - System32\Tasks\{105A440F-9E8E-42C5-A748-DD8EADA8806B} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-05-08] (Skype Technologies S.A.) Task: {DE954CDE-798E-4E69-B460-3A2F3127FF10} - System32\Tasks\{5DB777F1-762D-4651-BCA7-35B55C2265C6} => C:\Program Files (x86)\Axonic\click.to\clicktoapp.exe Task: {DEA23593-53A0-467E-AA02-6B5B42C82F1A} - System32\Tasks\{25E094D2-9767-42EC-90A0-892447BFE019} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe [2014-03-20] (Kaspersky Lab ZAO) Task: {DF628A14-5E6C-4E41-9B9A-0B0B788C22C9} - System32\Tasks\{FBAC92AE-D39B-4816-94CF-D8F2C22C0BAD} => C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2.exe Task: {E3ADE583-B6C3-4C4C-9E8C-0E748AECCC6D} - System32\Tasks\{A96C6382-D8C3-40AE-9E0A-FC4DB6A55BB5} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe [2014-03-20] (Kaspersky Lab ZAO) Task: {E49BEDBC-E14E-4857-B001-BBD40F81C7A9} - System32\Tasks\{BCBCB7CF-C380-4F68-8B5F-1C6B713DC81D} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe [2014-03-20] (Kaspersky Lab ZAO) Task: {E50AB573-B841-4E33-8140-A8D5FE95E0BA} - System32\Tasks\{317A7A4E-2D2E-4FE7-A2B8-E7CE255820D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe [2014-03-20] (Kaspersky Lab ZAO) Task: {E7E2BD4B-CAB0-4C67-8422-AA82F3B97B47} - System32\Tasks\ProgramUpdateCheck => C:\Program Files (x86)\File Type Assistant\TSAssist.exe [2014-03-04] (Trusted Software ApS) <==== ATTENTION Task: {EAE9BD8C-2D63-4F21-81DB-49ABF3E93CEB} - System32\Tasks\{61C6D3EB-D82F-423D-A8AA-A1E23C7910F6} => C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSGuide.exe Task: {EB265778-8AED-4C65-80E4-CF63880F14DB} - System32\Tasks\{2144E255-C3B4-470C-BDB5-929B9E4FF282} => C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2.exe Task: {ECFA4AA8-AB31-4D9D-AC60-5AF7A44ECE1D} - System32\Tasks\One-Click Optimizer => C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 10\WO10.exe [2013-11-19] (Ashampoo Development GmbH & Co. KG) Task: {F03BCAE4-B30D-40B2-A6FE-609D972EC20C} - System32\Tasks\{1978A92C-F1CC-4F1D-864F-81F946E1AE1A} => C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2.exe Task: {F7BF52E4-2A39-4AA7-8CC7-BC29A8EF610D} - System32\Tasks\{2F5112BB-3685-49A2-BAB6-1BAB4B641E39} => C:\Program Files (x86)\Axonic\click.to\clicktoapp.exe Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\AdvancedDriverUpdater_UPDATES.job => C:\Program Files (x86)\Advanced Driver Updater\adu.exe Task: C:\Windows\Tasks\FreeFileViewerUpdateChecker.job => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe <==== ATTENTION Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\One-Click Optimizer.job => C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 10\WO10.exe Task: C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineCore.job => C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe <==== ATTENTION Task: C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineUA.job => C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe <==== ATTENTION ==================== Loaded Modules (whitelisted) ============= 2012-11-05 20:51 - 2014-03-04 15:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2013-02-18 14:40 - 2013-02-18 14:40 - 00114176 _____ () C:\Windows\system32\ipstrmgr.exe 2014-02-04 15:27 - 2014-02-04 15:27 - 00023896 _____ () c:\Program Files\Ocster Backup\bin\backupService-ox.exe 2014-02-04 15:27 - 2014-02-04 15:27 - 00103256 _____ () c:\Program Files\Ocster Backup\bin\backupServiceLib.dll 2014-02-04 15:27 - 2014-02-04 15:27 - 11059032 _____ () c:\Program Files\Ocster Backup\bin\backupCore.dll 2014-02-04 15:27 - 2014-02-04 15:27 - 00156504 _____ () c:\Program Files\Ocster Backup\bin\deemon.dll 2014-02-04 15:27 - 2014-02-04 15:27 - 04862296 _____ () c:\Program Files\Ocster Backup\bin\ox.dll 2014-02-04 15:27 - 2014-02-04 15:27 - 00494424 _____ () c:\Program Files\Ocster Backup\bin\veem.dll 2014-02-04 15:27 - 2014-02-04 15:27 - 00060248 _____ () c:\Program Files\Ocster Backup\bin\minizutil.dll 2014-02-03 20:56 - 2014-02-03 20:56 - 00020992 _____ () c:\Program Files\Ocster Backup\bin\zlibutil.dll 2013-09-23 21:24 - 2013-09-23 21:24 - 00076288 _____ () c:\Program Files\Ocster Backup\bin\zdll.dll 2014-02-04 15:27 - 2014-02-04 15:27 - 00052568 _____ () c:\Program Files\Ocster Backup\bin\lzmaUtil.dll 2014-02-03 15:56 - 2014-02-03 15:56 - 00049664 _____ () c:\Program Files\Ocster Backup\bin\lzma.dll 2014-02-04 15:27 - 2014-02-04 15:27 - 00506200 _____ () c:\Program Files\Ocster Backup\bin\twirl.dll 2014-02-04 15:27 - 2014-02-04 15:27 - 00343896 _____ () c:\Program Files\Ocster Backup\bin\tomb.dll 2014-02-03 20:58 - 2014-02-03 20:58 - 00314880 _____ () c:\Program Files\Ocster Backup\bin\party.dll 2014-02-04 15:27 - 2014-02-04 15:27 - 00112984 _____ () c:\Program Files\Ocster Backup\bin\scoolite.dll 2014-02-03 15:55 - 2014-02-03 15:55 - 00626688 _____ () c:\Program Files\Ocster Backup\bin\sqlite.dll 2014-02-04 15:27 - 2014-02-04 15:27 - 00210264 _____ () c:\Program Files\Ocster Backup\bin\netutil.dll 2014-02-04 15:27 - 2014-02-04 15:27 - 00312664 _____ () C:\Program Files\Ocster Backup\bin\backupClient-ox.exe 2014-02-04 15:27 - 2014-02-04 15:27 - 06249816 _____ () C:\Program Files\Ocster Backup\bin\backupClientLib.dll 2014-02-04 15:27 - 2014-02-04 15:27 - 00389464 _____ () C:\Program Files\Ocster Backup\bin\updateman.dll 2014-02-04 15:27 - 2014-02-04 15:27 - 00506200 _____ () C:\Program Files\Ocster Backup\bin\twirl.dll 2014-02-04 15:27 - 2014-02-04 15:27 - 00343896 _____ () C:\Program Files\Ocster Backup\bin\tomb.dll 2014-02-04 15:27 - 2014-02-04 15:27 - 04862296 _____ () C:\Program Files\Ocster Backup\bin\ox.dll 2013-09-23 21:24 - 2013-09-23 21:24 - 00076288 _____ () C:\Program Files\Ocster Backup\bin\zdll.dll 2014-02-04 15:27 - 2014-02-04 15:27 - 11059032 _____ () C:\Program Files\Ocster Backup\bin\backupCore.dll 2014-02-04 15:27 - 2014-02-04 15:27 - 00156504 _____ () C:\Program Files\Ocster Backup\bin\deemon.dll 2014-02-04 15:27 - 2014-02-04 15:27 - 00494424 _____ () C:\Program Files\Ocster Backup\bin\veem.dll 2014-02-04 15:27 - 2014-02-04 15:27 - 00060248 _____ () C:\Program Files\Ocster Backup\bin\minizutil.dll 2014-02-03 20:56 - 2014-02-03 20:56 - 00020992 _____ () C:\Program Files\Ocster Backup\bin\zlibutil.dll 2014-02-04 15:27 - 2014-02-04 15:27 - 00052568 _____ () C:\Program Files\Ocster Backup\bin\lzmaUtil.dll 2014-02-03 15:56 - 2014-02-03 15:56 - 00049664 _____ () C:\Program Files\Ocster Backup\bin\lzma.dll 2014-02-03 20:58 - 2014-02-03 20:58 - 00314880 _____ () C:\Program Files\Ocster Backup\bin\party.dll 2014-02-04 15:27 - 2014-02-04 15:27 - 00112984 _____ () C:\Program Files\Ocster Backup\bin\scoolite.dll 2014-02-03 15:55 - 2014-02-03 15:55 - 00626688 _____ () C:\Program Files\Ocster Backup\bin\sqlite.dll 2014-02-04 15:27 - 2014-02-04 15:27 - 00210264 _____ () C:\Program Files\Ocster Backup\bin\netutil.dll 2014-02-04 15:27 - 2014-02-04 15:27 - 00147288 _____ () C:\Program Files\Ocster Backup\bin\featback.dll 2011-01-06 15:27 - 2011-01-06 15:27 - 03666944 _____ () C:\Program Files\Rainlendar2\Rainlendar2.exe 2010-05-23 19:24 - 2010-05-23 19:24 - 01282048 _____ () C:\Program Files\Rainlendar2\LIBEAY32.dll 2010-05-23 19:24 - 2010-05-23 19:24 - 00243712 _____ () C:\Program Files\Rainlendar2\SSLEAY32.dll 2010-05-23 19:30 - 2010-05-23 19:30 - 00160768 _____ () C:\Program Files\Rainlendar2\lua51.dll 2011-01-06 15:27 - 2011-01-06 15:27 - 00306688 _____ () C:\Program Files\Rainlendar2\plugins\iCalendarPlugin.dll 2010-05-23 19:30 - 2010-05-23 19:30 - 00013824 _____ () C:\Program Files\Rainlendar2\lfs.dll 2014-09-25 20:44 - 2014-09-25 20:44 - 00053248 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll 2014-04-14 21:41 - 2014-04-14 21:41 - 00039192 _____ () C:\Program Files\CCleaner\branding.dll 2014-02-03 20:19 - 2014-02-03 20:19 - 00045056 _____ () c:\Program Files\Ocster Backup\bin\oxHelper.exe 2014-02-03 20:19 - 2014-02-03 20:19 - 00045056 _____ () C:\Program Files\Ocster Backup\bin\oxHelper.exe 2014-01-26 15:19 - 2013-11-19 10:11 - 00885096 _____ () C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 10\LiveTunerService.exe 2013-06-17 13:35 - 2013-06-17 13:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll 2013-05-08 15:52 - 2013-05-08 15:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll 2011-03-16 12:11 - 2011-03-16 12:14 - 04743168 _____ () c:\oracle10g\bin\orajox10.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:373E1720 AlternateDataStreams: C:\ProgramData\TEMP:AD022376 ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\Services: 70e6ca8c => 2 MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" MSCONFIG\startupreg: ApnUpdater => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" MSCONFIG\startupreg: Ashampoo Core Tuner 2 => C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2.exe -TRAY MSCONFIG\startupreg: Ashampoo WinOptimizer Live-Tuner => "C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 10\LiveTuner.exe" -TRAY MSCONFIG\startupreg: Logitech Vid => "C:\Program Files (x86)\Logitech\Vid HD\Vid.exe" -bootmode MSCONFIG\startupreg: LogitechQuickCamRibbon => "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide MSCONFIG\startupreg: NPSStartup => MSCONFIG\startupreg: Optimizer Pro => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe MSCONFIG\startupreg: PC Suite Tray => "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray MSCONFIG\startupreg: PCSuiteTrayApplication => C:\Program Files (x86)\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup MSCONFIG\startupreg: PDFPrint => C:\Program Files (x86)\pdf24\pdf24.exe MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: TomTomHOME.exe => "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" ========================= Accounts: ========================== Administrator (S-1-5-21-3834002493-4226875369-3535069347-500 - Administrator - Disabled) Gabi (S-1-5-21-3834002493-4226875369-3535069347-1000 - Administrator - Enabled) => C:\Users\Gabi Gast (S-1-5-21-3834002493-4226875369-3535069347-501 - Limited - Enabled) _ocster_backup_ (S-1-5-21-3834002493-4226875369-3535069347-1011 - Administrator - Enabled) => C:\Users\_ocster_backup_ ==================== Faulty Device Manager Devices ============= Name: ttnfd Description: ttnfd Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: ttnfd Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (10/07/2014 06:58:42 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Error: (10/05/2014 08:30:24 PM) (Source: Windows Backup) (EventID: 4103) (User: ) Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "I:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)" Error: (10/04/2014 09:13:03 AM) (Source: ThreadLib) (EventID: 0) (User: ) Description: ThreadLib::Thread Exception:: Error: (10/04/2014 09:08:49 AM) (Source: ThreadLib) (EventID: 0) (User: ) Description: ThreadLib::Thread Exception:: Error: (10/04/2014 09:08:01 AM) (Source: ThreadLib) (EventID: 0) (User: ) Description: ThreadLib::Thread Exception:: Error: (10/04/2014 09:07:19 AM) (Source: ThreadLib) (EventID: 0) (User: ) Description: ThreadLib::Thread Exception:: Error: (10/04/2014 09:06:55 AM) (Source: ThreadLib) (EventID: 0) (User: ) Description: ThreadLib::Thread Exception:: Error: (10/04/2014 09:05:48 AM) (Source: ThreadLib) (EventID: 0) (User: ) Description: ThreadLib::Thread Exception:: Error: (10/04/2014 09:04:02 AM) (Source: ThreadLib) (EventID: 0) (User: ) Description: ThreadLib::Thread Exception:: Error: (10/03/2014 07:17:17 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm thunderbird.exe, Version 24.6.0.5274 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1430 Startzeit: 01cfdf2d845b6af3 Endzeit: 0 Anwendungspfad: C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe Berichts-ID: System errors: ============= Error: (10/07/2014 10:00:31 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: StarOpen ttnfd Error: (10/07/2014 09:58:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Search" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (10/07/2014 09:58:34 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Search erreicht. Error: (10/07/2014 09:57:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "OracleORACLE_Home10gTNSListener" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (10/07/2014 09:57:33 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst OracleORACLE_Home10gTNSListener erreicht. Error: (10/07/2014 09:36:12 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: StarOpen ttnfd Error: (10/07/2014 09:34:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Search" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (10/07/2014 09:34:46 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Search erreicht. Error: (10/07/2014 04:28:35 PM) (Source: volsnap) (EventID: 36) (User: ) Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. Error: (10/07/2014 03:48:57 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: StarOpen ttnfd Microsoft Office Sessions: ========================= Error: (10/07/2014 06:58:42 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Users\Gabi\Documents\SoftonicDownloader_fuer_internet-explorer-9.exe Error: (10/05/2014 08:30:24 PM) (Source: Windows Backup) (EventID: 4103) (User: ) Description: I:\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006) Error: (10/04/2014 09:13:03 AM) (Source: ThreadLib) (EventID: 0) (User: ) Description: ThreadLib::Thread Exception:: Error: (10/04/2014 09:08:49 AM) (Source: ThreadLib) (EventID: 0) (User: ) Description: ThreadLib::Thread Exception:: Error: (10/04/2014 09:08:01 AM) (Source: ThreadLib) (EventID: 0) (User: ) Description: ThreadLib::Thread Exception:: Error: (10/04/2014 09:07:19 AM) (Source: ThreadLib) (EventID: 0) (User: ) Description: ThreadLib::Thread Exception:: Error: (10/04/2014 09:06:55 AM) (Source: ThreadLib) (EventID: 0) (User: ) Description: ThreadLib::Thread Exception:: Error: (10/04/2014 09:05:48 AM) (Source: ThreadLib) (EventID: 0) (User: ) Description: ThreadLib::Thread Exception:: Error: (10/04/2014 09:04:02 AM) (Source: ThreadLib) (EventID: 0) (User: ) Description: ThreadLib::Thread Exception:: Error: (10/03/2014 07:17:17 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: thunderbird.exe24.6.0.5274143001cfdf2d845b6af30C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe CodeIntegrity Errors: =================================== Date: 2014-09-16 20:34:24.086 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-09-16 20:34:24.008 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-09-16 20:34:23.977 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-09-16 20:34:23.977 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-09-16 19:36:27.946 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-09-16 19:36:27.821 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-09-15 12:44:13.936 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-09-15 12:44:13.936 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-09-15 12:44:13.920 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-09-15 12:44:13.905 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5 CPU 750 @ 2.67GHz Percentage of memory in use: 49% Total physical RAM: 4091.49 MB Available physical RAM: 2083.32 MB Total Pagefile: 8181.16 MB Available Pagefile: 4794.86 MB Total Virtual: 8192 MB Available Virtual: 8191.85 MB ==================== Drives ================================ Drive c: (System) (Fixed) (Total:465.76 GB) (Free:235.78 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (30 Sep 2014) (CDROM) (Total:4.38 GB) (Free:4.38 GB) UDF ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 2B279F71) Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Gmer.txt Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2014-10-07 21:11:34 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 STM3500418AS rev.CC38 465,76GB Running: Gmer-19357.exe; Driver: C:\Users\Gabi\AppData\Local\Temp\kwtyaaod.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800037b0000 45 bytes [00, 02, 04, 00, 00, 00, B6, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff800037b002f 16 bytes [00, 00, 00, 54, 0F, 00, 00, ...] ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe[1908] C:\Windows\SysWOW64\ntdll.dll!NtQueryValueKey 00000000775ffaa8 5 bytes JMP 0000000172b618dd .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe[1908] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077600038 5 bytes JMP 0000000172b61ed6 .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1716] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000072db13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1716] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000072db146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1716] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000072db16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1716] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 0000000072db16e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1716] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000072db19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1716] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000072db19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1716] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000072db1a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1716] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000072db1a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1716] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000072db1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1716] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000072db1a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000774011f5 8 bytes {JMP 0xd} .text C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 0000000077401390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007740143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 000000007740158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007740191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 0000000077401b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 0000000077401bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077401d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 0000000077401eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077401edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 0000000077401f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 0000000077401fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 0000000077401fd7 8 bytes {JMP 0xb} .text C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 0000000077402272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 0000000077402301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 0000000077402792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000774027b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000774027d2 8 bytes {JMP 0x10} .text C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007740282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 0000000077402890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077402d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 0000000077402d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 0000000077403023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007740323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000774033c0 16 bytes {JMP 0x4e} .text C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077403a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077403ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077403b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...] .text C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 0000000077403d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...] .text C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077404190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...] .text C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077451380 8 bytes {JMP QWORD [RIP-0x4d4cf]} .text C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077451500 8 bytes {JMP QWORD [RIP-0x4d498]} .text C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077451530 8 bytes {JMP QWORD [RIP-0x4d9b1]} .text C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077451650 8 bytes {JMP QWORD [RIP-0x4d7a7]} .text C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077451700 8 bytes {JMP QWORD [RIP-0x4d9e3]} .text C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077451d30 8 bytes {JMP QWORD [RIP-0x4dba6]} .text C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077451f80 8 bytes {JMP QWORD [RIP-0x4de55]} .text C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774527e0 8 bytes {JMP QWORD [RIP-0x4e770]} .text C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000072db13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000072db146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000072db16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 0000000072db16e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000072db19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000072db19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000072db1a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000072db1a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000072db1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000072db1a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] ---- Kernel IAT/EAT - GMER 2.1 ---- IAT C:\Windows\System32\win32k.sys[ntoskrnl.exe!KeUserModeCallback] [fffff88002146fb0] \SystemRoot\system32\DRIVERS\klif.sys [PAGE] ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Program Files\Windows Sidebar\sidebar.exe[3936] @ C:\Windows\system32\KERNELBASE.dll[ntdll.dll!NtClose] [6b03500] C:\Windows\TEMP\logishrd\LVPrcInj02.dll IAT C:\Program Files\Windows Sidebar\sidebar.exe[3936] @ C:\Windows\system32\KERNELBASE.dll[ntdll.dll!NtCreateFile] [6b03960] C:\Windows\TEMP\logishrd\LVPrcInj02.dll IAT C:\Program Files\Windows Sidebar\sidebar.exe[3936] @ C:\Windows\system32\KERNELBASE.dll[ntdll.dll!NtDeviceIoControlFile] [6b032f0] C:\Windows\TEMP\logishrd\LVPrcInj02.dll IAT C:\Program Files\Windows Sidebar\sidebar.exe[3936] @ C:\Windows\system32\KERNELBASE.dll[ntdll.dll!NtDuplicateObject] [6b033d0] C:\Windows\TEMP\logishrd\LVPrcInj02.dll ---- EOF - GMER 2.1 ---- Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2014-10-08 18:21:09 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 STM3500418AS rev.CC38 465,76GB Running: Gmer-19357(2).exe; Driver: C:\Users\Gabi\AppData\Local\Temp\kwtyaaod.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800037b2000 45 bytes [00, 00, 16, 02, 4E, 74, 66, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff800037b202f 10 bytes [00, 01, 00, 06, 00, 00, 00, ...] ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe[2016] C:\Windows\SysWOW64\ntdll.dll!NtQueryValueKey 0000000077e6faa8 5 bytes JMP 00000001732718dd .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe[2016] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077e70038 5 bytes JMP 0000000173271ed6 .text C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe[504] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075be1465 2 bytes [BE, 75] .text C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe[504] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075be14bb 2 bytes [BE, 75] .text ... * 2 .text C:\Windows\SysWOW64\svchost.exe[1580] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075be1465 2 bytes [BE, 75] .text C:\Windows\SysWOW64\svchost.exe[1580] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075be14bb 2 bytes [BE, 75] .text ... * 2 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2620] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075be1465 2 bytes [BE, 75] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2620] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075be14bb 2 bytes [BE, 75] .text ... * 2 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2456] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075be1465 2 bytes [BE, 75] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2456] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075be14bb 2 bytes [BE, 75] .text ... * 2 .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 0000000077c711f5 8 bytes {JMP 0xd} .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 0000000077c71390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000077c7143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 0000000077c7158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000077c7191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 0000000077c71b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 0000000077c71bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077c71d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 0000000077c71eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077c71edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 0000000077c71f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 0000000077c71fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 0000000077c71fd7 8 bytes {JMP 0xb} .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 0000000077c72272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 0000000077c72301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 0000000077c72792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 0000000077c727b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 0000000077c727d2 8 bytes {JMP 0x10} .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 0000000077c7282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 0000000077c72890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077c72d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 0000000077c72d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 0000000077c73023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 0000000077c7323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 0000000077c733c0 16 bytes {JMP 0x4e} .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077c73a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077c73ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077c73b85 8 bytes [10, 6A, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 0000000077c73d23 8 bytes [00, 6A, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077c74190 8 bytes [A0, 69, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077cc1380 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077cc1500 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077cc1530 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077cc1650 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077cc1700 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077cc1d30 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077cc1f80 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077cc27e0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000731413cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007314146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000731416d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 00000000731416e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000731419db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000731419fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000073141a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000073141a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073141a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000073141a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 0000000077c711f5 8 bytes {JMP 0xd} .text C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 0000000077c71390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000077c7143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 0000000077c7158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000077c7191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 0000000077c71b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 0000000077c71bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077c71d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 0000000077c71eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077c71edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 0000000077c71f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 0000000077c71fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 0000000077c71fd7 8 bytes {JMP 0xb} .text C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 0000000077c72272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 0000000077c72301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 0000000077c72792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 0000000077c727b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 0000000077c727d2 8 bytes {JMP 0x10} .text C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 0000000077c7282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 0000000077c72890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077c72d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 0000000077c72d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 0000000077c73023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 0000000077c7323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 0000000077c733c0 16 bytes {JMP 0x4e} .text C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077c73a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077c73ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077c73b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...] .text C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 0000000077c73d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...] .text C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077c74190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...] .text C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077cc1380 8 bytes {JMP QWORD [RIP-0x4d4cf]} .text C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077cc1500 8 bytes {JMP QWORD [RIP-0x4d498]} .text C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077cc1530 8 bytes {JMP QWORD [RIP-0x4d9b1]} .text C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077cc1650 8 bytes {JMP QWORD [RIP-0x4d7a7]} .text C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077cc1700 8 bytes {JMP QWORD [RIP-0x4d9e3]} .text C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077cc1d30 8 bytes {JMP QWORD [RIP-0x4dba6]} .text C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077cc1f80 8 bytes {JMP QWORD [RIP-0x4de55]} .text C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077cc27e0 8 bytes {JMP QWORD [RIP-0x4e770]} .text C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000731413cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007314146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000731416d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 00000000731416e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000731419db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000731419fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000073141a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000073141a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073141a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000073141a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] ---- EOF - GMER 2.1 ---- |
09.10.2014, 19:52 | #6 |
/// the machine /// TB-Ausbilder | Optimizer Pro v3.2 incl. Crash Monitor enfernen Lade Dir bitte von hier Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Scan mit Combofix
__________________ --> Optimizer Pro v3.2 incl. Crash Monitor enfernen |
09.10.2014, 22:04 | #7 |
| Optimizer Pro v3.2 incl. Crash Monitor enfernen Hallo Schrauber, anbei die Combofix.txt. Habe alles so gemacht, wie du geschrieben hast. mfg Thomas_5Combofix Logfile: Code:
ATTFilter ComboFix 14-10-04.01 - Gabi 09.10.2014 22:33:17.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4091.1754 [GMT 2:00] ausgeführt von:: c:\users\Gabi\Downloads\ComboFix.exe AV: Kaspersky Internet Security *Disabled/Updated* {179979E8-273D-D14E-0543-2861940E4886} FW: Kaspersky Internet Security *Disabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD} SP: Kaspersky Internet Security *Disabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . C:\END c:\programdata\SaveSenseLive c:\programdata\SaveSenseLive\Update\Log\SaveSenseLive.log c:\users\Gabi\AppData\Local\omesuperv.exe c:\users\Gabi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SaveSense c:\users\Gabi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SaveSense\SaveSense Help.url c:\users\Gabi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SaveSense\SaveSense.url c:\users\Gabi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SaveSense\Uninstall SaveSense.lnk c:\users\Gabi\AppData\Roaming\SaveSense c:\users\Gabi\AppData\Roaming\SaveSense\UpdateProc\config.dat c:\users\Gabi\AppData\Roaming\SaveSense\UpdateProc\STTL.DAT c:\users\Gabi\AppData\Roaming\SaveSense\UpdateProc\TTL.DAT c:\windows\TEMP\logishrd\LVPrcInj01.dll . . . . Nicht in der Lage zu löschen c:\windows\TEMP\logishrd\LVPrcInj02.dll . . . . Nicht in der Lage zu löschen . . ((((((((((((((((((((((((((((((((((((((( Treiber/Dienste ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_ACEDRV11 . . ((((((((((((((((((((((( Dateien erstellt von 2014-09-09 bis 2014-10-09 )))))))))))))))))))))))))))))) . . 2014-10-09 20:44 . 2014-10-09 20:50 -------- d-----w- c:\users\Gabi\AppData\Local\temp 2014-10-08 19:16 . 2014-09-09 02:05 11578928 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F3631A51-EC28-4AB8-9FE6-1C7211324054}\mpengine.dll 2014-10-07 18:56 . 2014-10-07 20:12 -------- d-----w- C:\FRST 2014-10-07 15:28 . 2014-10-07 16:01 -------- d-----w- c:\program files (x86)\ReQuick 2014-10-06 08:44 . 2014-10-06 08:44 -------- d-----w- c:\program files (x86)\VS Revo Group 2014-10-04 19:08 . 2014-10-04 19:08 -------- d-----w- c:\users\Gabi\AppData\Roaming\Astromenda 2014-10-04 18:26 . 2014-10-06 08:58 -------- d-----w- c:\users\Gabi\AppData\Roaming\WSE_Astromenda 2014-10-03 17:37 . 2014-10-09 20:25 -------- d-----w- c:\users\Gabi\AppData\Roaming\0F1L1I1PtF1F1C1N 2014-10-03 17:36 . 2014-10-04 17:52 -------- d-----w- c:\program files (x86)\PC Speed Maximizer 2014-09-30 18:39 . 2014-09-25 02:08 371712 ----a-w- c:\windows\system32\qdvd.dll 2014-09-23 18:42 . 2014-09-09 22:11 2048 ----a-w- c:\windows\system32\tzres.dll 2014-09-19 19:28 . 2014-09-17 02:12 1715224 ----a-w- c:\windows\system32\nvspbridge64.dll 2014-09-19 19:28 . 2014-09-04 19:14 38048 ----a-w- c:\windows\system32\drivers\nvvad64v.sys 2014-09-13 21:47 . 2014-06-27 02:08 2777088 ----a-w- c:\windows\system32\msmpeg2vdec.dll 2014-09-13 21:27 . 2014-09-13 21:27 3231696 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dcompiler_46.dll 2014-09-13 12:27 . 2014-08-01 11:53 1031168 ----a-w- c:\windows\system32\TSWorkspace.dll 2014-09-13 12:27 . 2014-06-24 03:29 2565120 ----a-w- c:\windows\system32\d3d10warp.dll 2014-09-13 12:27 . 2014-06-24 02:59 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll 2014-09-13 12:26 . 2014-07-07 02:06 728064 ----a-w- c:\windows\system32\kerberos.dll 2014-09-13 12:26 . 2014-07-07 02:06 1460736 ----a-w- c:\windows\system32\lsasrv.dll 2014-09-13 12:25 . 2014-08-23 02:07 404480 ----a-w- c:\windows\system32\gdi32.dll 2014-09-13 12:25 . 2014-08-23 01:45 311808 ----a-w- c:\windows\SysWow64\gdi32.dll 2014-09-13 12:25 . 2014-08-23 00:59 3163648 ----a-w- c:\windows\system32\win32k.sys 2014-09-13 12:25 . 2014-09-05 02:10 578048 ----a-w- c:\windows\system32\aepdu.dll 2014-09-13 12:25 . 2014-09-05 02:05 424448 ----a-w- c:\windows\system32\aeinv.dll 2014-09-12 09:43 . 2014-09-12 09:43 227728 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-10-09 14:22 . 2013-02-02 14:00 893552 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll 2014-10-09 14:22 . 2013-02-02 14:00 42168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll 2014-10-09 14:22 . 2013-02-09 10:38 1236816 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll 2014-10-04 07:19 . 2013-01-31 20:28 1236816 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2014-09-26 09:05 . 2013-01-31 20:28 893552 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2014-09-26 09:04 . 2013-01-31 20:28 42168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll 2014-09-25 01:40 . 2014-09-30 18:39 519680 ----a-w- c:\windows\SysWow64\qdvd.dll 2014-09-24 18:59 . 2012-04-02 17:52 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2014-09-24 18:59 . 2011-09-11 18:39 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2014-09-17 02:13 . 2014-09-19 19:28 1291280 ----a-w- c:\windows\SysWow64\nvspbridge.dll 2014-09-17 02:13 . 2014-01-30 18:31 2193560 ----a-w- c:\windows\SysWow64\nvspcap.dll 2014-09-17 02:12 . 2014-01-30 18:31 2799784 ----a-w- c:\windows\system32\nvspcap64.dll 2014-09-15 07:06 . 2010-01-16 09:19 278152 ------w- c:\windows\system32\MpSigStub.exe 2014-09-13 21:48 . 2010-01-18 13:23 101694776 ----a-w- c:\windows\system32\MRT.exe 2014-09-09 21:47 . 2014-09-23 18:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2014-09-04 19:14 . 2014-09-19 19:28 32416 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll 2014-09-04 19:14 . 2014-01-30 18:26 34976 ----a-w- c:\windows\system32\nvaudcap64v.dll 2014-08-18 21:57 . 2014-09-13 22:01 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb 2014-08-18 21:46 . 2014-09-13 22:01 454656 ----a-w- c:\windows\SysWow64\vbscript.dll 2014-08-18 21:44 . 2014-09-13 22:01 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll 2014-08-18 21:07 . 2014-09-13 22:01 1068032 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll 2014-08-18 20:46 . 2014-09-13 22:01 1812992 ----a-w- c:\windows\SysWow64\wininet.dll 2014-08-01 11:35 . 2014-09-13 12:27 793600 ----a-w- c:\windows\SysWow64\TSWorkspace.dll 2014-07-31 19:59 . 2014-07-31 19:59 352256 ----a-w- c:\windows\SysWow64\update1.dll 2014-07-25 00:35 . 2014-07-25 00:35 875688 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll 2014-07-24 21:47 . 2014-07-24 21:47 869544 ----a-w- c:\windows\system32\msvcr120_clr0400.dll 2014-07-14 02:02 . 2014-08-15 18:50 1216000 ----a-w- c:\windows\system32\rpcrt4.dll 2014-07-14 01:40 . 2014-08-15 18:50 664064 ----a-w- c:\windows\SysWow64\rpcrt4.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] "Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2011-01-06 3666944] "Intermediate"="c:\users\Gabi\AppData\Roaming\Intermediate\Intermediate.exe" [2013-12-09 37376] "CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2014-09-26 6482200] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720] "BingDesktop"="c:\program files (x86)\Microsoft\BingDesktop\BingDesktop.exe" [2013-06-27 2249352] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-11 256896] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] . c:\users\Gabi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Logitech . Produktregistrierung.lnk - c:\program files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe /remind /language=DEU /_WFM="." [2009-11-16 517384] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 . R1 ttnfd;ttnfd;c:\windows\system32\drivers\ttnfd.sys;c:\windows\SYSNATIVE\drivers\ttnfd.sys [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 GrabsterSeries.C64;GRABSTER SERIES, Service C64;c:\windows\system32\DRIVERS\GrabsterSeries.C64.SYS;c:\windows\SYSNATIVE\DRIVERS\GrabsterSeries.C64.SYS [x] R3 HWHandSet;HWUSBSERSP;c:\windows\system32\DRIVERS\hw_quusbmdm.sys;c:\windows\SYSNATIVE\DRIVERS\hw_quusbmdm.sys [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys;c:\windows\SYSNATIVE\DRIVERS\lvpopf64.sys [x] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x] R3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys;c:\windows\SYSNATIVE\Drivers\TFsExDisk.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R4 70e6ca8c;Optimizer Pro Crash Monitor;c:\windows\system32\rundll32.exe;c:\windows\SYSNATIVE\rundll32.exe [x] R4 klflt;klflt;c:\windows\system32\DRIVERS\klflt.sys;c:\windows\SYSNATIVE\DRIVERS\klflt.sys [x] R4 OracleDBConsoleSatdb10g;OracleDBConsoleSatdb10g;c:\oracle10g\bin\nmesrvc.exe;c:\oracle10g\bin\nmesrvc.exe [x] R4 OracleJobSchedulerSATDB10G;OracleJobSchedulerSATDB10G;c:\oracle10g\Bin\extjob.exe SATDB10G;c:\oracle10g\Bin\extjob.exe SATDB10G [x] R4 OracleORACLE_Home10giSQL*Plus;OracleORACLE_Home10giSQL*Plus;c:\oracle10g\bin\isqlplussvc.exe;c:\oracle10g\bin\isqlplussvc.exe [x] S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x] S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x] S1 klpd;klpd;c:\windows\system32\DRIVERS\klpd.sys;c:\windows\SYSNATIVE\DRIVERS\klpd.sys [x] S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x] S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x] S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [x] S2 credwizd;Miniporttreiber Lightweight Remotezugriff-IPv6-ARP-Treiber;c:\windows\system32\ipstrmgr.exe;c:\windows\SYSNATIVE\ipstrmgr.exe [x] S2 DailytoolsUpdateService;DailytoolsUpdateService;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x] S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x] S2 LiveTunerPM;Ashampoo LiveTuner ProcessMonitor Driver;c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 10\LiveTunerProcessMonitor64.sys;c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 10\LiveTunerProcessMonitor64.sys [x] S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [x] S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x] S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x] S2 ocster_backup;Ocster Backup;c:\program files\Ocster Backup\bin\backupService-ox.exe;c:\program files\Ocster Backup\bin\backupService-ox.exe [x] S2 OracleORACLE_Home10gTNSListener;OracleORACLE_Home10gTNSListener;c:\oracle10g\BIN\TNSLSNR ;c:\oracle10g\BIN\TNSLSNR [x] S2 OracleServiceSATDB10G;OracleServiceSATDB10G;c:\oracle10g\bin\ORACLE.EXE SATDB10G;c:\oracle10g\bin\ORACLE.EXE SATDB10G [x] S2 Search;Search;c:\program files (x86)\Search\WebSearch.exe;c:\program files (x86)\Search\WebSearch.exe [x] S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [x] S2 WO_LiveService;Ashampoo LiveTuner Service;c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 10\LiveTunerService.exe;c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 10\LiveTunerService.exe [x] S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x] S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x] S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys;c:\windows\SYSNATIVE\DRIVERS\LVPr2M64.sys [x] S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x] S3 LVUVC64;Logitech Webcam 300(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x] S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x] . . --- Andere Dienste/Treiber im Speicher --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] Update-Service-Installer-Service REG_MULTI_SZ Update-Service-Installer-Service DailytoolsInstallerService REG_MULTI_SZ DailytoolsInstallerService DailytoolsUpdateService REG_MULTI_SZ DailytoolsUpdateService . Inhalt des "geplante Tasks" Ordners . 2014-10-09 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 18:59] . 2014-10-08 c:\windows\Tasks\AdvancedDriverUpdater_UPDATES.job - c:\program files (x86)\Advanced Driver Updater\adu.exe [2014-02-08 14:02] . 2014-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-24 22:24] . 2014-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-24 22:24] . 2014-09-26 c:\windows\Tasks\One-Click Optimizer.job - c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 10\WO10.exe [2014-01-26 08:11] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-10-24 13662936] "ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-09-17 2799784] "NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-09-17 2460488] "Ocster Backup"="c:\program files\Ocster Backup\bin\backupClient-ox.exe" [2014-02-04 312664] "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2013-07-31 3091224] . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://astromenda.com/?f=1&a=ast_file_14_40_ff&cd=2XzuyEtN2Y1L1QzuyC0C0FtDyEzytDyDtB0AtAtB0EtDzyzztN0D0Tzu0StCtDtDzztN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAtCtA0C0C0AtB0FtGtAyB0DzztG0D0AzytDtG0A0ByE0CtGyDyE0C0D0EtByEyEtC0D0B0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AtD0FzyzzyDyCyEtGyD0FtCtCtGyEtD0EtDtGzzzyyByBtGyCtDtCtDtA0EzztByDyBzytC2Q&cr=767382362&ir= mStart Page = hxxp://www.google.com mDefault_Search_URL = hxxp://www.google.com mDefault_Page_URL = hxxp://www.google.com mLocal Page = c:\windows\SysWOW64\blank.htm mSearch Page = hxxp://www.google.com uInternet Settings,ProxyServer = http=127.0.0.1:8897;https=127.0.0.1:8897 uInternet Settings,ProxyOverride = <-loopback>;Download free software for Windows, Mac & Linux on Joosoft! uSearchAssistant = hxxp://www.google.com IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: Zu Anti-Banner hinzufügen - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ie_banner_deny.htm TCP: Interfaces\{11342DE6-C338-47B7-97FF-6E33D142D8E3}: NameServer = 217.0.43.81 217.0.43.65 FF - ProfilePath - c:\users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\ugcbk2y8.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.de/search?hl=de&gl=de&lr=&ie=UTF-8&oe=UTF-8&meta=lr=lang_de&q= FF - prefs.js: browser.startup.homepage - hxxp://www.t-online.de/ FF - prefs.js: keyword.URL - hxxp://www.google.de/search?hl=de&gl=de&lr=&ie=UTF-8&oe=UTF-8&meta=lr=lang_de&q= . . ------- Dateityp-Verknüpfung ------- . vbefile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %* vbsfile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %* jsefile\shell\open2\command=c:\windows\System32\CScript.exe "%1" %* . - - - - Entfernte verwaiste Registrierungseinträge - - - - . WebBrowser-{78E516EF-11DE-47A1-8364-A99B917EC5EE} - (no file) WebBrowser-{04A8DD1A-4754-48FE-A703-99846646EF04} - (no file) . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\OracleORACLE_Home10gTNSListener] "ImagePath"="c:\oracle10g\BIN\TNSLSNR " . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice] @Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000) @Denied: (2) (LocalSystem) "Progid"="ACDSee Foto-Manager 2009.032" . [HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice] @Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000) @Denied: (2) (LocalSystem) "Progid"="ACDSee Foto-Manager 2009.abr" . [HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ace\UserChoice] @Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000) @Denied: (2) (LocalSystem) "Progid"="ACDSee Foto-Manager 2009.ace" . [HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice] @Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000) @Denied: (2) (LocalSystem) "Progid"="ACDSeePhotoEditor.apd" . [HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arj\UserChoice] @Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000) @Denied: (2) (LocalSystem) "Progid"="ACDSee Foto-Manager 2009.arj" . [HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice] @Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000) @Denied: (2) (LocalSystem) "Progid"="ACDSee Foto-Manager 2009.arw" . [HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.b64\UserChoice] @Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000) @Denied: (2) (LocalSystem) "Progid"="ACDSee Foto-Manager 2009.b64" . [HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice] @Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000) @Denied: (2) (LocalSystem) "Progid"="ACDSee Foto-Manager 2009.bay" . [HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice] @Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000) @Denied: (2) (LocalSystem) "Progid"="ACDSee Foto-Manager 2009.bw" . [HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bz2\UserChoice] @Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000) @Denied: (2) (LocalSystem) "Progid"="ACDSee Foto-Manager 2009.bz2" . [HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cab\UserChoice] @Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000) @Denied: (2) (LocalSystem) "Progid"="ACDSee Foto-Manager 2009.cab" . [HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cbr\UserChoice] @Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000) @Denied: (2) (LocalSystem) "Progid"="ACDSee Foto-Manager 2009.cbr" . [HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cbz\UserChoice] @Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000) @Denied: (2) (LocalSystem) "Progid"="ACDSee Foto-Manager 2009.cbz" . [HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice] @Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000) @Denied: (2) (LocalSystem) "Progid"="ACDSee Foto-Manager 2009.cs1" . [HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice] @Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000) @Denied: (2) (LocalSystem) "Progid"="ACDSee Foto-Manager 2009.dcr" . [HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice] @Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000) @Denied: (2) (LocalSystem) "Progid"="ACDSee Foto-Manager 2009.djv" . [HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice] @Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000) @Denied: (2) (LocalSystem) "Progid"="ACDSee Foto-Manager 2009.dng" . [HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice] @Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000) @Denied: (2) (LocalSystem) "Progid"="ACDSee Foto-Manager 2009.erf" . [HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice] @Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000) @Denied: (2) (LocalSystem) "Progid"="ACDSee Foto-Manager 2009.fff" . [HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice] @Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000) @Denied: (2) (LocalSystem) "Progid"="ACDSee Foto-Manager 2009.hdr" . [HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice] @Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000) @Denied: (2) (LocalSystem) "Progid"="ACDSee Foto-Manager 2009.icn" . [HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice] @Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000) @Denied: (2) (LocalSystem) "Progid"="ACDSee Foto-Manager 2009.ilbm" . [HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice] @Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000) @Denied: (2) (LocalSystem) "Progid"="ACDSee Foto-Manager 2009.int" . [HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice] @Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000) @Denied: (2) (LocalSystem) "Progid"="ACDSee Foto-Manager 2009.inta" . [HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice] @Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000) @Denied: (2) (LocalSystem) "Progid"="ACDSee Foto-Manager 2009.iw4" . [HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice] @Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000) @Denied: (2) (LocalSystem) "Progid"="ACDSee Foto-Manager 2009.j2c" . [HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice] @Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000) @Denied: (2) (LocalSystem) "Progid"="ACDSee Foto-Manager 2009.jbr" . [HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice] @Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000) @Denied: (2) (LocalSystem) "Progid"="WindowsLive.PhotoGallery.jpg.16.4" . [HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice] @Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000) @Denied: (2) (LocalSystem) "Progid"="ACDSee Foto-Manager 2009.jif" . [HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice] @Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000) @Denied: (2) (LocalSystem) "Progid"="ACDSee Foto-Manager 2009.jpk" . [HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice] @Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000) @Denied: (2) (LocalSystem) "Progid"="ACDSee Foto-Manager 2009.jpx" . [HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lha\UserChoice] @Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000) @Denied: (2) (LocalSystem) "Progid"="ACDSee Foto-Manager 2009.lha" . [HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lzh\UserChoice] @Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000) @Denied: (2) (LocalSystem) "Progid"="ACDSee Foto-Manager 2009.lzh" . [HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice] @Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000) @Denied: (2) (LocalSystem) "Progid"="ACDSee Foto-Manager 2009.mef" . [HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mim\UserChoice] @Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000) @Denied: (2) (LocalSystem) "Progid"="ACDSee Foto-Manager 2009.mim" . [HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mme\UserChoice] @Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000) @Denied: (2) (LocalSystem) "Progid"="ACDSee Foto-Manager 2009.mme" . [HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice] @Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000) @Denied: (2) (LocalSystem) "Progid"="ACDSee Foto-Manager 2009.mos" . [HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice] @Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000) @Denied: (2) (LocalSystem) "Progid"="ACDSee Foto-Manager 2009.mrw" . [HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice] @Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000) @Denied: (2) (LocalSystem) "Progid"="ACDSee Foto-Manager 2009.nef" . [HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice] @Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000) @Denied: (2) (LocalSystem) "Progid"="ACDSee Foto-Manager 2009.nrw" . [HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice] @Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000) @Denied: (2) (LocalSystem) "Progid"="ACDSee Foto-Manager 2009.orf" . [HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice] @Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000) @Denied: (2) (LocalSystem) "Progid"="ACDSee Foto-Manager 2009.pbr" . [HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice] @Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000) @Denied: (2) (LocalSystem) "Progid"="ACDSee Foto-Manager 2009.pct" . [HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice] @Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000) @Denied: (2) (LocalSystem) "Progid"="ACDSee Foto-Manager 2009.pef" . [HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice] @Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000) @Denied: (2) (LocalSystem) "Progid"="ACDSee Foto-Manager 2009.pic" . [HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice] @Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000) @Denied: (2) (LocalSystem) "Progid"="ACDSee Foto-Manager 2009.pict" . [HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice] @Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000) @Denied: (2) (LocalSystem) "Progid"="ACDSee Foto-Manager 2009.pix" . [HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice] @Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000) @Denied: (2) (LocalSystem) "Progid"="ACDSee Foto-Manager 2009.pspbrush" . [HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice] @Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000) @Denied: (2) (LocalSystem) "Progid"="ACDSee Foto-Manager 2009.pspimage" . [HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice] @Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000) @Denied: (2) (LocalSystem) "Progid"="ACDSee Foto-Manager 2009.raf" . [HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice] @Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000) @Denied: (2) (LocalSystem) "Progid"="ACDSee Foto-Manager 2009.rgba" . [HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice] @Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000) @Denied: (2) (LocalSystem) "Progid"="ACDSee Foto-Manager 2009.rsb" . [HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice] @Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000) @Denied: (2) (LocalSystem) "Progid"="ACDSee Foto-Manager 2009.rw2" . [HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice] @Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000) @Denied: (2) (LocalSystem) "Progid"="ACDSee Foto-Manager 2009.rwl" . [HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sef\UserChoice] @Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000) @Denied: (2) (LocalSystem) "Progid"="ACDSee Foto-Manager 2009.sef" . [HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice] @Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000) @Denied: (2) (LocalSystem) "Progid"="ACDSee Foto-Manager 2009.sr2" . [HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice] @Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000) @Denied: (2) (LocalSystem) "Progid"="ACDSee Foto-Manager 2009.srf" . [HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.taz\UserChoice] @Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000) @Denied: (2) (LocalSystem) "Progid"="ACDSee Foto-Manager 2009.taz" . [HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tbz\UserChoice] @Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000) @Denied: (2) (LocalSystem) "Progid"="ACDSee Foto-Manager 2009.tbz" . [HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tgz\UserChoice] @Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000) @Denied: (2) (LocalSystem) "Progid"="ACDSee Foto-Manager 2009.tgz" . [HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice] @Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000) @Denied: (2) (LocalSystem) "Progid"="ACDSee Foto-Manager 2009.thm" . [HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice] @Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000) @Denied: (2) (LocalSystem) "Progid"="ACDSee Foto-Manager 2009.ttc" . [HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice] @Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000) @Denied: (2) (LocalSystem) "Progid"="ACDSee Foto-Manager 2009.ttf" . [HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.uue\UserChoice] @Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000) @Denied: (2) (LocalSystem) "Progid"="ACDSee Foto-Manager 2009.uue" . [HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice] @Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000) @Denied: (2) (LocalSystem) "Progid"="Applications\\FreeFileViewer.exe" . [HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice] @Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000) @Denied: (2) (LocalSystem) "Progid"="ACDSee Foto-Manager 2009.xif" . [HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.z\UserChoice] @Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000) @Denied: (2) (LocalSystem) "Progid"="ACDSee Foto-Manager 2009.z" . [HKEY_USERS\S-1-5-21-3834002493-4226875369-3535069347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.zip\UserChoice] @Denied: (2) (S-1-5-21-3834002493-4226875369-3535069347-1000) @Denied: (2) (LocalSystem) "Progid"="CompressedFolder" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.15" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Weitere laufende Prozesse ------------------------ . c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe c:\program files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe c:\oracle10g\BIN\TNSLSNR.exe c:\oracle10g\bin\ORACLE.EXE . ************************************************************************** . Zeit der Fertigstellung: 2014-10-09 22:58:07 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2014-10-09 20:58 . Vor Suchlauf: 23 Verzeichnis(se), 262.720.892.928 Bytes frei Nach Suchlauf: 28 Verzeichnis(se), 274.769.489.920 Bytes frei . - - End Of File - - 12F7CF03D86A54B0190C32D6FAB056C3 A36C5E4F47E84449FF07ED3517B43A31 |
10.10.2014, 19:04 | #8 |
/// the machine /// TB-Ausbilder | Optimizer Pro v3.2 incl. Crash Monitor enfernen Downloade Dir bitte Malwarebytes Anti-Malware
Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
11.10.2014, 17:18 | #9 |
| Optimizer Pro v3.2 incl. Crash Monitor enfernen Hallo Schrauber, gemäß deiner Anleitung habe ich mir Malwarebytes Anti-Malware gedownloadet. Im weiteren verfahren wie beschrieben .Es hat auch alles funktioniert. Nun will ich das Suchlauf-Protoll exportieren und da kommt vom Programm der Hinweis: "Malwarebytes Anti-MMalware funktioniert nicht mehr. Das Programm wird auf Grund eines Problems nicht richtig ausgeführt. Das Programm wird geschlossen und sie werden benachrichtigt, wenn eine Lösung verfügbar ist." Im xml-Format funkioniert der Export. Kannst du damit etwas anfangen? Wenn Ja schickte ich diesen dir . mfg Thomas_5 Hallo Schrauber, ich schicke dir jetzt die 4 Files. Bezüglich des xml-Formates habe ich noch einmal genauer "hin geschaut" auch damit gibt es kein Problem. 1. mbam 2014/10/11 15:28:04 +0200 mbam-log-2014-10-11 (15-27-59).xml yes 2.00.2.1012 v2014.10.11.04 v2014.10.08.01 free disabled disabled disabled Windows 7 Service Pack 1 x64 Gabi NTFS threat completed 396492 1174 1 0 44 10 2 61 274 0 enabled enabled enabled enabled disabled disabled enabled enabled enabled C:\Windows\System32\ipstrmgr.exeAdware.Agentdelete-on-reboot1712de924dc67a02f04665990213e818f20e HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\credwizdAdware.Agentsuccessde924dc67a02f04665990213e818f20e HKLM\SOFTWARE\CLASSES\APPID\{A2D3FB7A-6873-45E8-AF96-57092D721828}PUP.Optional.SaveSense.Asuccessd799b063aece9a9c47022d7248bae31d HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.OnDemandCOMClassSvcPUP.Optional.SaveSense.Asuccessd799b063aece9a9c47022d7248bae31d HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.OnDemandCOMClassSvc.1.0PUP.Optional.SaveSense.Asuccessd799b063aece9a9c47022d7248bae31d HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.OnDemandCOMClassSvcPUP.Optional.SaveSense.Asuccessd799b063aece9a9c47022d7248bae31d HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.OnDemandCOMClassSvc.1.0PUP.Optional.SaveSense.Asuccessd799b063aece9a9c47022d7248bae31d HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{A2D3FB7A-6873-45E8-AF96-57092D721828}PUP.Optional.SaveSense.Asuccessd799b063aece9a9c47022d7248bae31d HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{A2D3FB7A-6873-45E8-AF96-57092D721828}PUP.Optional.SaveSense.Asuccessd799b063aece9a9c47022d7248bae31d HKLM\SOFTWARE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}PUP.Optional.DynConIE.Asuccess026ec54ecfad1d193edb910e2fd3b34d HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}PUP.Optional.DynConIE.Asuccess026ec54ecfad1d193edb910e2fd3b34d HKU\S-1-5-21-3834002493-4226875369-3535069347-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}PUP.Optional.SearchProtect.Asuccess2b4528ebc5b70b2b1a162377699907f9 HKU\S-1-5-21-3834002493-4226875369-3535069347-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}PUP.Optional.Babylon.Asuccess462a28eb2c50ef471de436648e74c040 HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.CoreClassPUP.Optional.SaveSense.Asuccess9fd10d061d5f2214ecc9333c0afa9868 HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.CoreClass.1PUP.Optional.SaveSense.Asuccess7cf4e72c87f55fd74471f877d43060a0 HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.Update3COMClassServicePUP.Optional.SaveSense.Asuccess0868a96a2f4d76c02f869fd0040003fd HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.Update3COMClassService.1.0PUP.Optional.SaveSense.Asuccess1c5414fffa82e254af061857e222cb35 HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.Update3WebSvcPUP.Optional.SaveSense.Asuccessf080e92aa6d639fd2c89442bf70d926e HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.Update3WebSvc.1.0PUP.Optional.SaveSense.Asuccesscda325ee017b1c1a13a22d4249bb20e0 HKLM\SOFTWARE\CLASSES\APPID\SaveSenseLive.exePUP.Optional.SaveSense.Asuccess94dcca495527eb4b2a8a8ae52ed6a35d HKLM\SOFTWARE\WOW6432NODE\ResultsAlphaPUP.Optional.ResultsAlpha.Asuccessc7a9b85b285475c147a3452a28dc5aa6 HKLM\SOFTWARE\WOW6432NODE\SaveSenseLivePUP.Optional.SaveSense.Asuccessb2be24ef304c3df9caf07af57e865ba5 HKLM\SOFTWARE\WOW6432NODE\supWPMPUP.Optional.SupTab.Asuccess472917fc8bf1bb7b41cb8e8dc93a0bf5 HKLM\SOFTWARE\WOW6432NODE\sweet-pageSoftwarePUP.Optional.SweetPage.Asuccesse28e888ba2da37ffd0a582f3a4602dd3 HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.CoreClassPUP.Optional.SaveSense.Asuccess0a66878c84f893a308adc2adad5719e7 HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.CoreClass.1PUP.Optional.SaveSense.Asuccess016fed26a6d6d85ebafbd897cd370af6 HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.Update3COMClassServicePUP.Optional.SaveSense.Asuccess1759de357ffde353f5c02649f1139d63 HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.Update3COMClassService.1.0PUP.Optional.SaveSense.Asuccess224e6da64b3150e6952027481be9d62a HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.Update3WebSvcPUP.Optional.SaveSense.Asuccess016fe1323d3f53e3f0c5b9b6bc48f808 HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.Update3WebSvc.1.0PUP.Optional.SaveSense.Asuccess313fb95ad3a99b9b9a1b0b648e76e917 HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\SaveSenseLive.exePUP.Optional.SaveSense.Asuccess561a0b08502c02344371551aa06447b9 HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\jljheddigenhleadfofeccneimcmlefpPUP.Optional.SpeedTest.Asuccess97d92de6e5976ec8d18ab695a65de719 HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@tools.updaterss.com/SaveSenseLive Update;version=3PUP.Optional.SaveSense.Asuccess135df3201a625bdba513d897ba4af60a HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@tools.updaterss.com/SaveSenseLive Update;version=9PUP.Optional.SaveSense.Asuccess97d9749fa3d91a1cd2e699d6f41018e8 HKLM\SOFTWARE\WOW6432NODE\SEARCHPROTECTPUP.Optional.SearchProtect.Asuccessee8232e1215b6ccaef83cf58cc37b54b HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TTNFDPUP.Optional.TermTutor.Asuccessd39d9e759fdd4fe74c3582966c971ee2 HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Plus-HD-5.0PUP.Optional.PlusHD.Asuccess234d18fb116b9e98f22bf44ae81be41c HKU\S-1-5-21-3834002493-4226875369-3535069347-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Conduit_Search_ProtectPUP.Optional.SearchProtect.Asuccessda9645ce7efeb680c501176813f154ac HKU\S-1-5-21-3834002493-4226875369-3535069347-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\ResultsAlphaPUP.Optional.ResultsAlpha.Asuccess79f728eb5f1d54e27279244bcf35b54b HKU\S-1-5-21-3834002493-4226875369-3535069347-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SaveSensePUP.Optional.SaveSense.Asuccess610ff61d49332b0b13a391dea65e659b HKU\S-1-5-21-3834002493-4226875369-3535069347-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SaveSenseLivePUP.Optional.SaveSense.Asuccess2749cb48daa2eb4be3d49ed15ba9966a HKU\S-1-5-21-3834002493-4226875369-3535069347-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1SPUP.Optional.InstallCore.Asuccessb5bb6aa9017ba492634d01492cd716ea HKU\S-1-5-21-3834002493-4226875369-3535069347-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCOREPUP.Optional.InstallCore.Asuccess551ba370710bec4ae41864fcef1550b0 HKU\S-1-5-21-3834002493-4226875369-3535069347-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal DownloaderPUP.Optional.Softonic.Asuccessc8a8799a0676c67034bab287798aa35d HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Browser GuardPUP.Optional.BrowserGuard.Asuccessf37dba59205c999d57ffd0352dd6c53b HKU\S-1-5-21-3834002493-4226875369-3535069347-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER\{78E516EF-11DE-47A1-8364-A99B917EC5EE}PUP.Optional.FileConverter.Asuccess214f977c80fc80b66ac78e0a2dd544bc HKU\S-1-5-21-3834002493-4226875369-3535069347-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER{78E516EF-11DE-47A1-8364-A99B917EC5EE}PUP.Optional.FileConverter.Asuccess 2. AdwCleanerAdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.311 - Bericht erstellt am 11/10/2014 um 17:46:21 # Aktualisiert 30/09/2014 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzername : Gabi - GABI-DIETER # Gestartet von : C:\Users\Gabi\Downloads\AdwCleaner_3.311(1).exe # Option : Löschen ***** [ Dienste ] ***** [#] Dienst Gelöscht : 70e6ca8c Dienst Gelöscht : DailytoolsUpdateService [#] Dienst Gelöscht : Search ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\ProgramData\DNSErrorHelper Ordner Gelöscht : C:\ProgramData\NCH Software Ordner Gelöscht : C:\ProgramData\simplitec Ordner Gelöscht : C:\ProgramData\Uniblue Ordner Gelöscht : C:\ProgramData\WinMaximizer Ordner Gelöscht : C:\ProgramData\WPM Ordner Gelöscht : C:\Program Files (x86)\NCH Software Ordner Gelöscht : C:\Program Files (x86)\PC Speed Maximizer Ordner Gelöscht : C:\Program Files (x86)\Search Ordner Gelöscht : C:\Windows\Installer\{8B8D7849-9AF5-42B5-A81C-B4CAEC25111C} Ordner Gelöscht : C:\Users\Gabi\AppData\Local\FileTypeAssistant Ordner Gelöscht : C:\Users\Gabi\AppData\Local\genienext Ordner Gelöscht : C:\Users\Gabi\AppData\Roaming\Common\LuaRT Ordner Gelöscht : C:\Users\Gabi\AppData\Roaming\Fifth Ordner Gelöscht : C:\Users\Gabi\AppData\Roaming\Intermediate Ordner Gelöscht : C:\Users\Gabi\AppData\Roaming\NCH Software Ordner Gelöscht : C:\Users\Gabi\AppData\Roaming\OCS Ordner Gelöscht : C:\Users\Gabi\AppData\Roaming\simplitec Ordner Gelöscht : C:\Users\Gabi\AppData\Roaming\Solvusoft Ordner Gelöscht : C:\Users\Gabi\AppData\Roaming\Systweak Ordner Gelöscht : C:\Users\Gabi\Documents\Mobogenie Ordner Gelöscht : C:\Users\Gabi\Documents\PC Speed Maximizer Ordner Gelöscht : C:\Users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\dpj49px8.default-1361432713879\Extensions\staged\{ad7ce998-a77b-4062-9ffb-1d0b7cb23183} Ordner Gelöscht : C:\Users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\e6v11obw.default\Extensions\staged\{ad7ce998-a77b-4062-9ffb-1d0b7cb23183} Ordner Gelöscht : C:\Users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\mData\Extensions\staged\{ad7ce998-a77b-4062-9ffb-1d0b7cb23183} Datei Gelöscht : C:\Windows\SysWOW64\update1.dll Datei Gelöscht : C:\Users\Gabi\daemonprocess.txt Datei Gelöscht : C:\Users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\ugcbk2y8.default\invalidprefs.js Datei Gelöscht : C:\Users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\dpj49px8.default-1361432713879\user.js Datei Gelöscht : C:\Users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\e6v11obw.default\user.js Datei Gelöscht : C:\Users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\mData\user.js Datei Gelöscht : C:\Users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\ugcbk2y8.default\user.js ***** [ Tasks ] ***** Task Gelöscht : Fifth Task Gelöscht : OMESupervisor ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{8DD92AC3-72AA-4029-9B4C-ACB1FE81274F}] Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj Schlüssel Gelöscht : HKCU\Software\Classes\pokki Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Intermediate] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\YontooDesktop_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\YontooDesktop_RASMANCS Wert Gelöscht : HKLM\SOFTWARE\microsoft\windows nt\currentversion\svchost [DailytoolsInstallerService] Wert Gelöscht : HKLM\SOFTWARE\microsoft\windows nt\currentversion\svchost [DailytoolsUpdateService] Wert Gelöscht : HKLM\SOFTWARE\microsoft\windows nt\currentversion\svchost [Update-Service-Installer-Service] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{997E3BFB-F821-411C-8B96-D61D415EC8FA} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{44FC7A33-2E5C-48DC-B6F5-B81E8005D122} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{997E3BFB-F821-411C-8B96-D61D415EC8FA} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9B6B03F1-16CF-4491-BBBB-E872802DD717} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F4B8D46C-4EEE-401B-8607-DC03025F34B1} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{721061FB-EB79-4568-A03C-3CE26D68DAE9} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A18D16ED-27B2-4B83-B70C-15E73F099546} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BEE7E029-5037-4DAD-A2DB-82E397AB1A44} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{27CE191D-733B-4450-AFCD-096D105288C3} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A18D16ED-27B2-4B83-B70C-15E73F099546} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BEE7E029-5037-4DAD-A2DB-82E397AB1A44} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9} Schlüssel Gelöscht : HKCU\Software\Bitberry Software Schlüssel Gelöscht : HKCU\Software\Bitberry Schlüssel Gelöscht : HKCU\Software\BRS Schlüssel Gelöscht : HKCU\Software\Conduit Schlüssel Gelöscht : HKCU\Software\OfferMosquito Schlüssel Gelöscht : HKCU\Software\pc speed maximizer Schlüssel Gelöscht : HKCU\Software\Softonic Schlüssel Gelöscht : HKCU\Software\systweak Schlüssel Gelöscht : HKCU\Software\WinMaximizer Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F} Schlüssel Gelöscht : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F} Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} Schlüssel Gelöscht : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C} Schlüssel Gelöscht : HKLM\SOFTWARE\Conduit Schlüssel Gelöscht : HKLM\SOFTWARE\IePlugin Schlüssel Gelöscht : HKLM\SOFTWARE\systweak Schlüssel Gelöscht : HKLM\SOFTWARE\Uniblue Schlüssel Gelöscht : HKLM\SOFTWARE\WinMaximizer Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Joosoft.com Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Speedchecker Limited Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467 ***** [ Browser ] ***** -\\ Internet Explorer v11.0.9600.17280 -\\ Mozilla Firefox v32.0.3 (x86 de) [ Datei : C:\Users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\dpj49px8.default-1361432713879\prefs.js ] Zeile gelöscht : user_pref("browser.search.selectedEngine", "Astromenda"); [ Datei : C:\Users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\e6v11obw.default\prefs.js ] Zeile gelöscht : user_pref("browser.search.selectedEngine", "Astromenda"); [ Datei : C:\Users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\mData\prefs.js ] Zeile gelöscht : user_pref("browser.search.selectedEngine", "Astromenda"); [ Datei : C:\Users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\ugcbk2y8.default\prefs.js ] Zeile gelöscht : user_pref("extensions.buenosearch.admin", false); Zeile gelöscht : user_pref("extensions.buenosearch.aflt", "babsst"); Zeile gelöscht : user_pref("extensions.buenosearch.appId", "{37EB75F2-7392-4DBE-B5AD-147EC6D7BF5F}"); Zeile gelöscht : user_pref("extensions.buenosearch.autoRvrt", "false"); Zeile gelöscht : user_pref("extensions.buenosearch.bbDpng", "10"); Zeile gelöscht : user_pref("extensions.buenosearch.cntry", "DE"); Zeile gelöscht : user_pref("extensions.buenosearch.dfltLng", "en"); Zeile gelöscht : user_pref("extensions.buenosearch.excTlbr", false); Zeile gelöscht : user_pref("extensions.buenosearch.ffxUnstlRst", true); Zeile gelöscht : user_pref("extensions.buenosearch.hdrMd5", "24F2CA3B407F9F1E6246F7303079CE00"); Zeile gelöscht : user_pref("extensions.buenosearch.id", "da13e098000000000000000000000000"); Zeile gelöscht : user_pref("extensions.buenosearch.instlDay", "16139"); Zeile gelöscht : user_pref("extensions.buenosearch.instlRef", "sst"); Zeile gelöscht : user_pref("extensions.buenosearch.lastVrsnTs", "1.8.28.712:04:41"); Zeile gelöscht : user_pref("extensions.buenosearch.newTab", false); Zeile gelöscht : user_pref("extensions.buenosearch.prdct", "buenosearch"); Zeile gelöscht : user_pref("extensions.buenosearch.prtnrId", "buenosearch"); Zeile gelöscht : user_pref("extensions.buenosearch.rvrt", "false"); Zeile gelöscht : user_pref("extensions.buenosearch.sg", "azb"); Zeile gelöscht : user_pref("extensions.buenosearch.smplGrp", "none"); Zeile gelöscht : user_pref("extensions.buenosearch.tb_url", "hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=TB_ss&mntrId=DA136CF049052A32&affID=128491&tsp=5182"); Zeile gelöscht : user_pref("extensions.buenosearch.tlbrId", "base"); Zeile gelöscht : user_pref("extensions.buenosearch.tlbrSrchUrl", "hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=TB_ss&mntrId=DA136CF049052A32&affID=128491&tsp=5182"); Zeile gelöscht : user_pref("extensions.buenosearch.vrsn", "1.8.28.7"); Zeile gelöscht : user_pref("extensions.buenosearch.vrsnTs", "1.8.28.712:04:41"); Zeile gelöscht : user_pref("extensions.buenosearch.vrsni", "1.8.28.7"); Zeile gelöscht : user_pref("extensions.irmysearch.aflt", "irmsd0101"); Zeile gelöscht : user_pref("extensions.irmysearch.cd", "2XzuyEtN2Y1L1QzuyC0C0FtDyEzytDyDtB0AtAtB0EtDzyzztN0D0Tzu0SyByDtCtN1L2XzutBtFtBtFtCyDtFtCyDzytBtN1L1CzutDzytDtCtG1T"); Zeile gelöscht : user_pref("extensions.irmysearch.cr", "1251611358"); Zeile gelöscht : user_pref("extensions.irmysearch.instlRef", ""); -\\ Google Chrome v [ Datei : C:\Users\Gabi\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [68123 octets] - [05/02/2014 17:01:59] AdwCleaner[R1].txt - [1327 octets] - [05/02/2014 17:24:20] AdwCleaner[R2].txt - [1387 octets] - [05/02/2014 17:39:24] AdwCleaner[R3].txt - [17677 octets] - [25/05/2014 10:47:08] AdwCleaner[R4].txt - [20687 octets] - [17/06/2014 12:09:33] AdwCleaner[R5].txt - [19524 octets] - [29/06/2014 09:19:25] AdwCleaner[R6].txt - [19585 octets] - [29/06/2014 10:01:31] AdwCleaner[R7].txt - [12819 octets] - [11/10/2014 17:45:26] AdwCleaner[S0].txt - [64697 octets] - [05/02/2014 17:07:32] AdwCleaner[S1].txt - [11986 octets] - [11/10/2014 17:46:21] ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [12047 octets] ########## 3. JRTJRT Logfile: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.3.2 (10.09.2014:1) OS: Windows 7 Home Premium x64 Ran by Gabi on 11.10.2014 at 18:00:51,73 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\update resultsalpha Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\util resultsalpha Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updateResultsAlpha_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updateResultsAlpha_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\utilResultsAlpha_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\utilResultsAlpha_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\updateResultsAlpha_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\updateResultsAlpha_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\utilResultsAlpha_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\utilResultsAlpha_RASMANCS Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0213547C-6002-469C-BA82-6863B3C1D7B8} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{7234E9B8-551C-4612-AF57-BA7AC109CD0E} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{BCBC30E2-06B3-4F52-B0D5-B5C634DA9ACC} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C43BBC1B-D6AA-459A-9D03-5284B44E912E} ~~~ Files Successfully deleted: [File] "C:\Users\Gabi\appdata\locallow\microsoft\silverlight\outofbrowser\index\portal.qtrax.com" ~~~ Folders Successfully deleted: [Folder] "C:\Users\Gabi\music\qtrax media library" ~~~ FireFox Emptied folder: C:\Users\Gabi\AppData\Roaming\mozilla\firefox\profiles\ugcbk2y8.default\minidumps [16 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 11.10.2014 at 18:04:01,35 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 4 FRST vom 11.10. FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-10-2014 01 Ran by Gabi (administrator) on GABI-DIETER on 11-10-2014 18:05:53 Running from C:\Users\Gabi\Downloads Loaded Profiles: Gabi & _ocster_backup_ (Available profiles: Gabi & _ocster_backup_) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe (Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe () C:\Program Files\Ocster Backup\bin\backupService-ox.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe () C:\Program Files\Ocster Backup\bin\backupClient-ox.exe (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe () C:\Program Files\Rainlendar2\Rainlendar2.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Oracle Corporation) C:\oracle10g\bin\oracle.exe () C:\Program Files\Ocster Backup\bin\oxHelper.exe (Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe (TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE () C:\Program Files\Ocster Backup\bin\oxHelper.exe () C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 10\LiveTunerService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\wmi64.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2460488 2014-09-17] (NVIDIA Corporation) HKLM\...\Run: [Ocster Backup] => C:\Program Files\Ocster Backup\bin\backupClient-ox.exe [312664 2014-02-04] () HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2249352 2013-06-27] (Microsoft Corp.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation) Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) HKU\S-1-5-21-3834002493-4226875369-3535069347-1000\...\Run: [Rainlendar2] => C:\Program Files\Rainlendar2\Rainlendar2.exe [3666944 2011-01-06] () HKU\S-1-5-21-3834002493-4226875369-3535069347-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd) Startup: C:\Users\Gabi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled () Startup: C:\Users\Gabi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk ShortcutTarget: Logitech . Produktregistrierung.lnk -> C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyEnable: Internet Explorer proxy is enabled. ProxyServer: http=127.0.0.1:8897;https=127.0.0.1:8897 HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x42F9AB638C96CA01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = News - Service - Shopping bei t-online.de URLSearchHook: HKLM-x32 - (No Name) - {04a8dd1a-4754-48fe-a703-99846646ef04} - No File StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKCU - F04F7B247D844F0287D289AC70C8FE43 URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3322287&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP14A054C4-1B01-4318-9C92-BF4D53219F89&q={searchTerms}&SSPV= SearchScopes: HKCU - {323B7DAE-1CB5-481C-9BF2-D059761CC05E} URL = hxxp://www.suchen.de/lokal?q={searchTerms}&partnerid=244&radius=10&sort=relevance&fedsearch=true SearchScopes: HKCU - {435E3E38-6768-4A61-81F0-266E2A1C793A} URL = hxxp://suche.t-online.de/fast-cgi/tsc?mandant=toi&device=html&portallanguage=de&userlanguage=de&dia=suche&context=wiki-tab&tpc=internet&ptl=std&classification=wiki-tab_internet_std&q={searchTerms}&br=ie10-toi SearchScopes: HKCU - {6408E1C5-FE7B-47BD-B907-6CBDC0CEA64E} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=interactivemesuche-21&index=blended&linkCode=ur2&camp=1638&creative=6742 SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKCU - {7FD7B429-EAF3-492F-9D0C-0F4DB93D2FE1} URL = hxxp://rover.ebay.com/rover/1/707-1403-27640-2/4?mpre=hxxp://search.ebay.de/search/search.dll?shortcut=4&query={searchTerms} SearchScopes: HKCU - {A8D32726-9FA5-4283-9A9F-4C9DB061ACE5} URL = hxxp://dict.leo.org/ende?lp=ende&lang=de&searchLoc=0&cmpType=relaxed§Hdr=on&spellToler=on&chinese=both&pinyin=diacritic&search={searchTerms}&relink=on SearchScopes: HKCU - {CC87724D-C5C9-4A4D-8650-67BCA2BDC37E} URL = hxxp://www.dict.cc/?s={searchTerms} BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKCU - No Name - {04A8DD1A-4754-48FE-A703-99846646EF04} - No File DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - No File Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\syswow64\urlmon.dll (Microsoft Corporation) Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\..\Interfaces\{11342DE6-C338-47B7-97FF-6E33D142D8E3}: [NameServer] 217.0.43.81 217.0.43.65 FireFox: ======== FF ProfilePath: C:\Users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\ugcbk2y8.default FF DefaultSearchEngine: Yahoo FF Homepage: hxxp://www.t-online.de/ FF Keyword.URL: hxxp://www.google.de/search?hl=de&gl=de&lr=&ie=UTF-8&oe=UTF-8&meta=lr=lang_de&q= FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll () FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3522.0110 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\ugcbk2y8.default\searchplugins\google-default.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: ColorfulTabs - C:\Users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\ugcbk2y8.default\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2014-09-24] FF HKLM-x32\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox FF Extension: Freemake Video Converter Plugin - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox [2013-10-20] FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com FF Extension: 卡巴斯基網址顧問 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-01-30] FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com FF Extension: 虛擬鍵盤 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-01-30] FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com FF Extension: 惡意網站攔截器 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-01-30] FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-01-30] FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-01-30] FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-02-26] Chrome: ======= CHR Profile: C:\Users\Gabi\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Download Protect) - C:\Users\Gabi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihebkfpbjdbhbnekngbddmpomamehomf [2014-01-30] CHR Extension: (Download Protect) - C:\Users\Gabi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhiphpjimdnggccdgbpbicflmkebpdao [2013-11-14] CHR Extension: (Download Protect) - C:\Users\Gabi\AppData\Local\Google\Chrome\User Data\Default\Extensions\okbdeepkmkpfklcpjcfcfnekhdehnnjj [2014-03-11] CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [] CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-10-17] CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2013-10-17] CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-10-17] CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-10-17] CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-10-17] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO) R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-27] (Microsoft Corp.) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-09-17] (NVIDIA Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-09-17] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19439944 2014-09-17] (NVIDIA Corporation) R2 ocster_backup; c:\Program Files\Ocster Backup\bin\backupService-ox.exe [23896 2014-02-04] () S4 OracleDBConsoleSatdb10g; C:\oracle10g\bin\nmesrvc.exe [24064 2006-11-14] (Oracle Corporation) [File not signed] S4 OracleJobSchedulerSATDB10G; c:\oracle10g\Bin\extjob.exe [102400 2006-11-16] () [File not signed] S4 OracleORACLE_Home10giSQL*Plus; C:\oracle10g\bin\isqlplussvc.exe [53248 2006-10-12] (Oracle) [File not signed] R2 OracleServiceSATDB10G; c:\oracle10g\bin\ORACLE.EXE [60059648 2011-03-16] (Oracle Corporation) [File not signed] R2 WO_LiveService; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 10\LiveTunerService.exe [885096 2013-11-19] () S2 OracleORACLE_Home10gTNSListener; C:\oracle10g\BIN\TNSLSNR [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-11-11] (AVG Technologies) S3 GrabsterSeries.C64; C:\Windows\System32\DRIVERS\GrabsterSeries.C64.SYS [262208 2010-01-22] () S3 HWHandSet; C:\Windows\System32\DRIVERS\hw_quusbmdm.sys [223232 2011-10-24] (Huawei Technologies Co., Ltd.) U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2011-10-24] (Huawei Technologies Co., Ltd.) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-01-30] (Kaspersky Lab ZAO) S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-03-20] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-03-20] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-17] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-02-12] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2014-01-30] (Kaspersky Lab ZAO) R2 LiveTunerPM; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 10\LiveTunerProcessMonitor64.sys [12824 2011-03-08] () R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] () S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] () S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-10-11] (Malwarebytes Corporation) S3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [15680 2006-10-31] () R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19272 2014-09-17] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation) R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [34544 2013-10-25] (Synaptics Incorporated) S1 StarOpen; No ImagePath S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 cpuz132; \??\C:\Users\Gabi\AppData\Local\Temp\cpuz132\cpuz132_x64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-11 18:04 - 2014-10-11 18:04 - 00002734 _____ () C:\Users\Gabi\Desktop\JRT.txt 2014-10-11 17:58 - 2014-10-11 17:58 - 00000000 ____D () C:\Windows\ERUNT 2014-10-11 17:57 - 2014-10-11 17:57 - 01705755 _____ (Thisisu) C:\Users\Gabi\Downloads\JRT.exe 2014-10-11 17:51 - 2014-10-11 17:51 - 00012164 _____ () C:\Users\Gabi\Desktop\AdwCleaner[S1].txt 2014-10-11 17:44 - 2014-10-11 17:44 - 01375089 _____ () C:\Users\Gabi\Downloads\AdwCleaner_3.311(1).exe 2014-10-11 17:40 - 2014-10-11 17:40 - 01375089 _____ () C:\Users\Gabi\Downloads\AdwCleaner_3.311.exe 2014-10-11 17:33 - 2014-10-11 17:33 - 00099000 _____ () C:\Users\Gabi\Desktop\mbam.xml 2014-10-11 15:56 - 2014-10-11 17:10 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys 2014-10-11 15:25 - 2014-10-11 17:33 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-10-11 15:25 - 2014-10-11 17:20 - 00001149 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-10-11 15:25 - 2014-10-11 17:20 - 00001149 _____ () C:\ProgramData\Desktop\ Malwarebytes Anti-Malware .lnk 2014-10-11 15:25 - 2014-10-11 17:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-10-11 15:25 - 2014-10-11 17:20 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-10-11 15:25 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-10-11 15:25 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-10-11 15:25 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-10-11 15:24 - 2014-10-11 15:24 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Gabi\Downloads\mbam-setup-2.0.2.1012(1).exe 2014-10-09 22:59 - 2014-10-09 22:59 - 00045453 _____ () C:\Users\Gabi\Desktop\Combofix.txt 2014-10-09 22:58 - 2014-10-09 22:58 - 00045453 _____ () C:\ComboFix.txt 2014-10-09 22:31 - 2014-10-09 22:58 - 00000000 ____D () C:\ComboFix 2014-10-09 22:31 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-10-09 22:31 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-10-09 22:31 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-10-09 22:31 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-10-09 22:31 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-10-09 22:31 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe 2014-10-09 22:31 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe 2014-10-09 22:31 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe 2014-10-09 22:29 - 2014-10-09 22:58 - 00000000 ____D () C:\Qoobox 2014-10-09 22:29 - 2014-10-09 22:54 - 00000000 ____D () C:\Windows\erdnt 2014-10-09 22:27 - 2014-10-09 22:28 - 05582481 ____R (Swearware) C:\Users\Gabi\Downloads\ComboFix.exe 2014-10-08 18:21 - 2014-10-08 18:21 - 00023688 _____ () C:\Users\Gabi\Desktop\GMER-1.txt 2014-10-08 18:11 - 2014-10-08 18:11 - 00380416 _____ () C:\Users\Gabi\Downloads\Gmer-19357(2).exe 2014-10-08 18:09 - 2014-10-08 18:09 - 00380416 _____ () C:\Users\Gabi\Downloads\Gmer-19357(1).exe 2014-10-07 22:13 - 2014-10-07 22:13 - 00050468 _____ () C:\Users\Gabi\Desktop\FRST-2.txt 2014-10-07 22:12 - 2014-10-07 22:12 - 00060408 _____ () C:\Users\Gabi\Desktop\Addition-1.txt 2014-10-07 22:08 - 2014-10-07 22:08 - 00050320 _____ () C:\Users\Gabi\Desktop\FRST-1.txt 2014-10-07 21:32 - 2014-10-11 17:50 - 00002408 _____ () C:\Windows\setupact.log 2014-10-07 21:32 - 2014-10-11 17:49 - 00107454 _____ () C:\Windows\PFRO.log 2014-10-07 21:32 - 2014-10-07 21:32 - 00000000 _____ () C:\Windows\setuperr.log 2014-10-07 21:18 - 2014-10-11 17:53 - 00000193 _____ () C:\Windows\WORDPAD.INI 2014-10-07 21:11 - 2014-10-07 21:11 - 00014641 _____ () C:\Users\Gabi\Desktop\Gmer.txt 2014-10-07 21:03 - 2014-10-07 21:03 - 00380416 _____ () C:\Users\Gabi\Downloads\Gmer-19357.exe 2014-10-07 21:01 - 2014-10-07 21:01 - 00050238 _____ () C:\Users\Gabi\Desktop\FRST.txt 2014-10-07 21:00 - 2014-10-07 21:00 - 00060991 _____ () C:\Users\Gabi\Desktop\Addition.txt 2014-10-07 20:57 - 2014-10-07 22:12 - 00060408 _____ () C:\Users\Gabi\Downloads\Addition.txt 2014-10-07 20:56 - 2014-10-11 18:05 - 00024354 _____ () C:\Users\Gabi\Downloads\FRST.txt 2014-10-07 20:56 - 2014-10-11 18:05 - 00000000 ____D () C:\FRST 2014-10-07 20:54 - 2014-10-07 20:54 - 02109952 _____ (Farbar) C:\Users\Gabi\Downloads\FRST64.exe 2014-10-07 20:49 - 2014-10-07 22:03 - 00000470 _____ () C:\Users\Gabi\Downloads\defogger_disable.log 2014-10-07 20:48 - 2014-10-07 20:48 - 00050477 _____ () C:\Users\Gabi\Downloads\Defogger.exe 2014-10-07 20:42 - 2014-10-07 20:44 - 00000000 _____ () C:\Users\Gabi\defogger_reenable 2014-10-07 17:28 - 2014-10-07 18:01 - 00000000 ____D () C:\Program Files (x86)\ReQuick 2014-10-07 17:26 - 2014-10-07 17:26 - 01220954 _____ (My Company, Inc. ) C:\Users\Gabi\Downloads\RegistryQuick_setup.exe 2014-10-06 11:09 - 2014-10-06 11:09 - 00003266 _____ () C:\Windows\System32\Tasks\{E6DCEF3E-6A5E-4CE0-AD4B-9DD326E93E71} 2014-10-06 10:44 - 2014-10-06 10:44 - 00001311 _____ () C:\Users\Gabi\Desktop\Revo Uninstaller.lnk 2014-10-06 10:44 - 2014-10-06 10:44 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-10-06 10:42 - 2014-10-06 10:43 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Gabi\Downloads\revosetup95.exe 2014-10-05 22:39 - 2014-10-05 22:39 - 04964600 _____ (Piriform Ltd) C:\Users\Gabi\Downloads\ccsetup418pro.exe 2014-10-05 10:36 - 2014-10-05 10:36 - 00011426 _____ () C:\Users\Gabi\Documents\cc_20141005_103621.reg 2014-10-04 20:26 - 2014-10-04 20:26 - 06669808 _____ (Burnaware ) C:\Users\Gabi\Downloads\BurnAwareFree-P21423-Setup.exe 2014-10-03 19:37 - 2014-10-09 22:25 - 00000000 ____D () C:\Users\Gabi\AppData\Roaming\0F1L1I1PtF1F1C1N 2014-10-03 19:36 - 2014-10-03 19:36 - 01898640 _____ (Irfan Skiljan) C:\Users\Gabi\Downloads\IrfanView-P1683-Setup.exe 2014-09-30 20:39 - 2014-09-25 04:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2014-09-30 20:39 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll 2014-09-23 20:42 - 2014-09-10 00:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-09-23 20:42 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2014-09-19 21:28 - 2014-09-17 04:13 - 01291280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll 2014-09-19 21:28 - 2014-09-17 04:12 - 01715224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll 2014-09-19 21:28 - 2014-09-04 21:14 - 00038048 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys 2014-09-19 21:28 - 2014-09-04 21:14 - 00032416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll 2014-09-14 00:01 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-09-14 00:01 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-09-14 00:01 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-09-14 00:01 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-09-14 00:01 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-09-14 00:01 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-09-14 00:01 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-09-14 00:01 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-09-14 00:01 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-09-14 00:01 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-09-14 00:01 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-09-14 00:01 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-09-14 00:01 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-09-14 00:01 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-09-14 00:01 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-09-14 00:01 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-09-14 00:01 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-09-14 00:01 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-09-14 00:01 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-09-14 00:01 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-09-14 00:01 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-09-14 00:01 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-09-14 00:01 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-09-14 00:01 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-09-14 00:01 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-09-14 00:01 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-09-14 00:01 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-09-14 00:01 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-09-14 00:01 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-09-14 00:01 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-09-14 00:01 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-09-14 00:01 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-09-14 00:01 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-09-14 00:01 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-09-14 00:01 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-09-14 00:01 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-09-14 00:01 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-09-14 00:01 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-09-14 00:01 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-09-14 00:01 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-09-14 00:01 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-09-14 00:01 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-09-14 00:01 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-09-14 00:01 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-09-14 00:01 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-09-14 00:01 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-09-14 00:01 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-09-14 00:01 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-09-14 00:01 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-09-14 00:01 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-09-14 00:01 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-09-14 00:01 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-09-14 00:01 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-09-14 00:01 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-09-14 00:01 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-09-14 00:01 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-09-13 23:47 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll 2014-09-13 23:47 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll 2014-09-13 14:27 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll 2014-09-13 14:27 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll 2014-09-13 14:27 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2014-09-13 14:27 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll 2014-09-13 14:26 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-09-13 14:26 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-09-13 14:26 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-09-13 14:26 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-09-13 14:26 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-09-13 14:25 - 2014-09-05 04:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-09-13 14:25 - 2014-09-05 04:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-09-13 14:25 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-09-13 14:25 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2014-09-13 14:25 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-11 18:06 - 2010-01-14 12:56 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2014-10-11 18:00 - 2009-07-14 06:45 - 00023392 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-10-11 18:00 - 2009-07-14 06:45 - 00023392 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-10-11 17:59 - 2012-04-02 19:52 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-10-11 17:53 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing 2014-10-11 17:51 - 2011-01-26 19:26 - 00000000 ____D () C:\Users\Gabi\.rainlendar2 2014-10-11 17:50 - 2010-01-20 20:47 - 00065536 _____ () C:\Windows\system32\Ikeext.etl 2014-10-11 17:49 - 2010-03-09 21:22 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs 2014-10-11 17:49 - 2010-02-25 00:24 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-10-11 17:49 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-10-11 17:48 - 2010-01-15 19:07 - 01521137 _____ () C:\Windows\WindowsUpdate.log 2014-10-11 17:46 - 2014-02-05 17:01 - 00000000 ____D () C:\AdwCleaner 2014-10-11 17:46 - 2010-01-15 19:16 - 00000000 ____D () C:\Users\Gabi 2014-10-11 17:18 - 2010-02-25 00:24 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-10-11 15:57 - 2013-01-29 23:15 - 00003938 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{8C748547-F3A4-4FAD-B6F5-B8876C02A981} 2014-10-09 22:58 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default 2014-10-09 22:49 - 2009-07-14 04:34 - 00000248 _____ () C:\Windows\system.ini 2014-10-09 22:47 - 2014-02-23 12:29 - 00000000 ____D () C:\Users\_ocster_backup_ 2014-10-09 22:45 - 2009-07-14 04:34 - 85983232 _____ () C:\Windows\system32\config\software.bak 2014-10-09 22:45 - 2009-07-14 04:34 - 25690112 _____ () C:\Windows\system32\config\system.bak 2014-10-09 22:45 - 2009-07-14 04:34 - 01310720 _____ () C:\Windows\system32\config\default.bak 2014-10-09 22:45 - 2009-07-14 04:34 - 00057344 _____ () C:\Windows\system32\config\sam.bak 2014-10-09 22:45 - 2009-07-14 04:34 - 00032768 _____ () C:\Windows\system32\config\security.bak 2014-10-09 22:23 - 2014-01-20 22:49 - 00000000 ____D () C:\Users\Gabi\AppData\Roaming\1O1L1I1PtF1F1C1N 2014-10-08 20:34 - 2014-02-08 21:34 - 00000288 _____ () C:\Windows\Tasks\AdvancedDriverUpdater_UPDATES.job 2014-10-08 16:52 - 2014-02-06 20:35 - 00000000 ____D () C:\Windows\pss 2014-10-06 21:46 - 2010-01-14 13:42 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-10-06 21:46 - 2006-11-03 14:39 - 00000000 ____D () C:\Users\Gabi\Documents\MP600 2014-10-06 20:45 - 2014-02-14 22:12 - 00002996 _____ () C:\Windows\System32\Tasks\{A8D91B62-F815-4F1D-A2DB-5D26AE327BC2} 2014-10-06 20:44 - 2014-02-14 22:12 - 00002996 _____ () C:\Windows\System32\Tasks\{E02CA656-60DC-425D-AABD-242A412B746E} 2014-10-06 20:44 - 2011-02-10 18:36 - 00003012 _____ () C:\Windows\System32\Tasks\{EE0E0267-9856-43FB-B84C-E310DC9A0704} 2014-10-06 20:44 - 2011-02-10 18:35 - 00003012 _____ () C:\Windows\System32\Tasks\{F3401210-6A4F-4340-8F3E-AB35C777A196} 2014-10-06 20:41 - 2014-02-14 22:13 - 00002996 _____ () C:\Windows\System32\Tasks\{2144E255-C3B4-470C-BDB5-929B9E4FF282} 2014-10-06 20:41 - 2014-02-14 22:12 - 00002996 _____ () C:\Windows\System32\Tasks\{1978A92C-F1CC-4F1D-864F-81F946E1AE1A} 2014-10-05 22:41 - 2012-11-03 12:56 - 00000825 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-10-05 22:41 - 2012-11-03 12:56 - 00000825 _____ () C:\ProgramData\Desktop\CCleaner.lnk 2014-10-05 22:41 - 2012-11-03 12:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2014-10-05 22:41 - 2012-11-03 12:56 - 00000000 ____D () C:\Program Files\CCleaner 2014-10-04 21:13 - 2014-03-04 20:51 - 00001194 _____ () C:\Users\Public\Desktop\Internet.lnk 2014-10-04 21:13 - 2014-03-04 20:51 - 00001194 _____ () C:\ProgramData\Desktop\Internet.lnk 2014-10-04 21:00 - 2013-03-19 22:30 - 00000000 ____D () C:\Users\Gabi\AppData\Local\Ocster Backup 2014-10-04 20:45 - 2014-06-17 11:57 - 00000000 ____D () C:\Users\Gabi\AppData\Roaming\Nico Mak Computing 2014-10-04 20:43 - 2014-03-04 20:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-10-04 09:03 - 2009-07-14 19:58 - 00703028 _____ () C:\Windows\system32\perfh007.dat 2014-10-04 09:03 - 2009-07-14 19:58 - 00150686 _____ () C:\Windows\system32\perfc007.dat 2014-10-04 09:03 - 2009-07-14 07:13 - 01629690 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-10-03 19:38 - 2011-10-10 09:59 - 00001937 _____ () C:\Users\Gabi\Desktop\IrfanView Thumbnails.lnk 2014-10-03 19:38 - 2010-01-18 21:26 - 00001045 _____ () C:\Users\Gabi\Desktop\IrfanView.lnk 2014-10-02 08:13 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-09-30 10:33 - 2011-03-21 15:23 - 00053248 _____ () C:\Users\Gabi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-09-26 10:52 - 2012-04-24 21:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-09-24 20:59 - 2012-04-02 19:52 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-09-24 20:59 - 2012-04-02 19:52 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-09-24 20:59 - 2011-09-11 20:39 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-09-22 09:53 - 2010-01-18 11:17 - 00000000 ____D () C:\Users\Gabi\Dieter 2014-09-21 17:53 - 2010-01-17 12:17 - 00000000 ____D () C:\Users\Gabi\AppData\Roaming\Adobe 2014-09-19 22:43 - 2010-03-10 12:39 - 00000000 ____D () C:\Users\Gabi\AppData\Roaming\Skype 2014-09-19 21:43 - 2014-01-30 20:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2014-09-19 21:43 - 2010-01-14 13:42 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation 2014-09-19 21:29 - 2010-01-14 12:54 - 00000000 ____D () C:\Program Files\NVIDIA Corporation 2014-09-17 04:13 - 2014-01-30 20:31 - 02193560 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll 2014-09-17 04:12 - 2014-01-30 20:31 - 02799784 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll 2014-09-16 19:30 - 2013-03-13 22:44 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-09-15 09:06 - 2010-01-16 11:19 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-09-14 09:12 - 2009-07-14 06:45 - 00379408 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-09-14 00:01 - 2010-01-14 14:54 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-09-14 00:00 - 2014-01-16 13:28 - 01603034 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-09-13 23:58 - 2013-07-12 22:06 - 00000000 ____D () C:\Windows\system32\MRT 2014-09-13 23:48 - 2010-01-18 15:23 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-09-13 23:47 - 2014-05-06 11:51 - 00000000 ___SD () C:\Windows\system32\CompatTel Files to move or delete: ==================== C:\Users\Gabi\SSBCUninstall.exe C:\Users\Gabi\SSSDUninstall.exe C:\Users\Gabi\SS_Uninstall.exe C:\Users\Gabi\Start Ashampoo UnInstaller 5.bat Some content of TEMP: ==================== C:\Users\Gabi\AppData\Local\temp\Quarantine.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-02-21 19:39 ==================== End Of Log ============================ --- --- --- mfg Thomas_5 |
11.10.2014, 17:25 | #10 |
| Optimizer Pro v3.2 incl. Crash Monitor enfernen Hallo Schrauber, jetzt wo die Antwort weg ist, merke ich, dass ich die Files nicht in den Code gersetzt habe. Deshalb das Ganze noch einmal. Sorry!! Code:
ATTFilter 2014/10/11 15:28:04 +0200 mbam-log-2014-10-11 (15-27-59).xml yes 2.00.2.1012 v2014.10.11.04 v2014.10.08.01 free disabled disabled disabled Windows 7 Service Pack 1 x64 Gabi NTFS threat completed 396492 1174 1 0 44 10 2 61 274 0 enabled enabled enabled enabled disabled disabled enabled enabled enabled C:\Windows\System32\ipstrmgr.exeAdware.Agentdelete-on-reboot1712de924dc67a02f04665990213e818f20e HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\credwizdAdware.Agentsuccessde924dc67a02f04665990213e818f20e HKLM\SOFTWARE\CLASSES\APPID\{A2D3FB7A-6873-45E8-AF96-57092D721828}PUP.Optional.SaveSense.Asuccessd799b063aece9a9c47022d7248bae31d HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.OnDemandCOMClassSvcPUP.Optional.SaveSense.Asuccessd799b063aece9a9c47022d7248bae31d HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.OnDemandCOMClassSvc.1.0PUP.Optional.SaveSense.Asuccessd799b063aece9a9c47022d7248bae31d HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.OnDemandCOMClassSvcPUP.Optional.SaveSense.Asuccessd799b063aece9a9c47022d7248bae31d HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.OnDemandCOMClassSvc.1.0PUP.Optional.SaveSense.Asuccessd799b063aece9a9c47022d7248bae31d HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{A2D3FB7A-6873-45E8-AF96-57092D721828}PUP.Optional.SaveSense.Asuccessd799b063aece9a9c47022d7248bae31d HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{A2D3FB7A-6873-45E8-AF96-57092D721828}PUP.Optional.SaveSense.Asuccessd799b063aece9a9c47022d7248bae31d HKLM\SOFTWARE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}PUP.Optional.DynConIE.Asuccess026ec54ecfad1d193edb910e2fd3b34d HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}PUP.Optional.DynConIE.Asuccess026ec54ecfad1d193edb910e2fd3b34d HKU\S-1-5-21-3834002493-4226875369-3535069347-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}PUP.Optional.SearchProtect.Asuccess2b4528ebc5b70b2b1a162377699907f9 HKU\S-1-5-21-3834002493-4226875369-3535069347-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}PUP.Optional.Babylon.Asuccess462a28eb2c50ef471de436648e74c040 HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.CoreClassPUP.Optional.SaveSense.Asuccess9fd10d061d5f2214ecc9333c0afa9868 HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.CoreClass.1PUP.Optional.SaveSense.Asuccess7cf4e72c87f55fd74471f877d43060a0 HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.Update3COMClassServicePUP.Optional.SaveSense.Asuccess0868a96a2f4d76c02f869fd0040003fd HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.Update3COMClassService.1.0PUP.Optional.SaveSense.Asuccess1c5414fffa82e254af061857e222cb35 HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.Update3WebSvcPUP.Optional.SaveSense.Asuccessf080e92aa6d639fd2c89442bf70d926e HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.Update3WebSvc.1.0PUP.Optional.SaveSense.Asuccesscda325ee017b1c1a13a22d4249bb20e0 HKLM\SOFTWARE\CLASSES\APPID\SaveSenseLive.exePUP.Optional.SaveSense.Asuccess94dcca495527eb4b2a8a8ae52ed6a35d HKLM\SOFTWARE\WOW6432NODE\ResultsAlphaPUP.Optional.ResultsAlpha.Asuccessc7a9b85b285475c147a3452a28dc5aa6 HKLM\SOFTWARE\WOW6432NODE\SaveSenseLivePUP.Optional.SaveSense.Asuccessb2be24ef304c3df9caf07af57e865ba5 HKLM\SOFTWARE\WOW6432NODE\supWPMPUP.Optional.SupTab.Asuccess472917fc8bf1bb7b41cb8e8dc93a0bf5 HKLM\SOFTWARE\WOW6432NODE\sweet-pageSoftwarePUP.Optional.SweetPage.Asuccesse28e888ba2da37ffd0a582f3a4602dd3 HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.CoreClassPUP.Optional.SaveSense.Asuccess0a66878c84f893a308adc2adad5719e7 HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.CoreClass.1PUP.Optional.SaveSense.Asuccess016fed26a6d6d85ebafbd897cd370af6 HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.Update3COMClassServicePUP.Optional.SaveSense.Asuccess1759de357ffde353f5c02649f1139d63 HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.Update3COMClassService.1.0PUP.Optional.SaveSense.Asuccess224e6da64b3150e6952027481be9d62a HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.Update3WebSvcPUP.Optional.SaveSense.Asuccess016fe1323d3f53e3f0c5b9b6bc48f808 HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.Update3WebSvc.1.0PUP.Optional.SaveSense.Asuccess313fb95ad3a99b9b9a1b0b648e76e917 HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\SaveSenseLive.exePUP.Optional.SaveSense.Asuccess561a0b08502c02344371551aa06447b9 HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\jljheddigenhleadfofeccneimcmlefpPUP.Optional.SpeedTest.Asuccess97d92de6e5976ec8d18ab695a65de719 HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@tools.updaterss.com/SaveSenseLive Update;version=3PUP.Optional.SaveSense.Asuccess135df3201a625bdba513d897ba4af60a HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@tools.updaterss.com/SaveSenseLive Update;version=9PUP.Optional.SaveSense.Asuccess97d9749fa3d91a1cd2e699d6f41018e8 HKLM\SOFTWARE\WOW6432NODE\SEARCHPROTECTPUP.Optional.SearchProtect.Asuccessee8232e1215b6ccaef83cf58cc37b54b HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TTNFDPUP.Optional.TermTutor.Asuccessd39d9e759fdd4fe74c3582966c971ee2 HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Plus-HD-5.0PUP.Optional.PlusHD.Asuccess234d18fb116b9e98f22bf44ae81be41c HKU\S-1-5-21-3834002493-4226875369-3535069347-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Conduit_Search_ProtectPUP.Optional.SearchProtect.Asuccessda9645ce7efeb680c501176813f154ac HKU\S-1-5-21-3834002493-4226875369-3535069347-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\ResultsAlphaPUP.Optional.ResultsAlpha.Asuccess79f728eb5f1d54e27279244bcf35b54b HKU\S-1-5-21-3834002493-4226875369-3535069347-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SaveSensePUP.Optional.SaveSense.Asuccess610ff61d49332b0b13a391dea65e659b HKU\S-1-5-21-3834002493-4226875369-3535069347-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SaveSenseLivePUP.Optional.SaveSense.Asuccess2749cb48daa2eb4be3d49ed15ba9966a HKU\S-1-5-21-3834002493-4226875369-3535069347-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1SPUP.Optional.InstallCore.Asuccessb5bb6aa9017ba492634d01492cd716ea HKU\S-1-5-21-3834002493-4226875369-3535069347-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCOREPUP.Optional.InstallCore.Asuccess551ba370710bec4ae41864fcef1550b0 HKU\S-1-5-21-3834002493-4226875369-3535069347-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal DownloaderPUP.Optional.Softonic.Asuccessc8a8799a0676c67034bab287798aa35d HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Browser GuardPUP.Optional.BrowserGuard.Asuccessf37dba59205c999d57ffd0352dd6c53b HKU\S-1-5-21-3834002493-4226875369-3535069347-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER\{78E516EF-11DE-47A1-8364-A99B917EC5EE}PUP.Optional.FileConverter.Asuccess214f977c80fc80b66ac78e0a2dd544bc HKU\S-1-5-21-3834002493-4226875369-3535069347-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER{78E516EF-11DE-47A1-8364-A99B917EC5EE}PUP.Optional.FileConverter.Asuccess Code:
ATTFilter # AdwCleaner v3.311 - Bericht erstellt am 11/10/2014 um 17:46:21 # Aktualisiert 30/09/2014 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzername : Gabi - GABI-DIETER # Gestartet von : C:\Users\Gabi\Downloads\AdwCleaner_3.311(1).exe # Option : Löschen ***** [ Dienste ] ***** [#] Dienst Gelöscht : 70e6ca8c Dienst Gelöscht : DailytoolsUpdateService [#] Dienst Gelöscht : Search ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\ProgramData\DNSErrorHelper Ordner Gelöscht : C:\ProgramData\NCH Software Ordner Gelöscht : C:\ProgramData\simplitec Ordner Gelöscht : C:\ProgramData\Uniblue Ordner Gelöscht : C:\ProgramData\WinMaximizer Ordner Gelöscht : C:\ProgramData\WPM Ordner Gelöscht : C:\Program Files (x86)\NCH Software Ordner Gelöscht : C:\Program Files (x86)\PC Speed Maximizer Ordner Gelöscht : C:\Program Files (x86)\Search Ordner Gelöscht : C:\Windows\Installer\{8B8D7849-9AF5-42B5-A81C-B4CAEC25111C} Ordner Gelöscht : C:\Users\Gabi\AppData\Local\FileTypeAssistant Ordner Gelöscht : C:\Users\Gabi\AppData\Local\genienext Ordner Gelöscht : C:\Users\Gabi\AppData\Roaming\Common\LuaRT Ordner Gelöscht : C:\Users\Gabi\AppData\Roaming\Fifth Ordner Gelöscht : C:\Users\Gabi\AppData\Roaming\Intermediate Ordner Gelöscht : C:\Users\Gabi\AppData\Roaming\NCH Software Ordner Gelöscht : C:\Users\Gabi\AppData\Roaming\OCS Ordner Gelöscht : C:\Users\Gabi\AppData\Roaming\simplitec Ordner Gelöscht : C:\Users\Gabi\AppData\Roaming\Solvusoft Ordner Gelöscht : C:\Users\Gabi\AppData\Roaming\Systweak Ordner Gelöscht : C:\Users\Gabi\Documents\Mobogenie Ordner Gelöscht : C:\Users\Gabi\Documents\PC Speed Maximizer Ordner Gelöscht : C:\Users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\dpj49px8.default-1361432713879\Extensions\staged\{ad7ce998-a77b-4062-9ffb-1d0b7cb23183} Ordner Gelöscht : C:\Users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\e6v11obw.default\Extensions\staged\{ad7ce998-a77b-4062-9ffb-1d0b7cb23183} Ordner Gelöscht : C:\Users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\mData\Extensions\staged\{ad7ce998-a77b-4062-9ffb-1d0b7cb23183} Datei Gelöscht : C:\Windows\SysWOW64\update1.dll Datei Gelöscht : C:\Users\Gabi\daemonprocess.txt Datei Gelöscht : C:\Users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\ugcbk2y8.default\invalidprefs.js Datei Gelöscht : C:\Users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\dpj49px8.default-1361432713879\user.js Datei Gelöscht : C:\Users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\e6v11obw.default\user.js Datei Gelöscht : C:\Users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\mData\user.js Datei Gelöscht : C:\Users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\ugcbk2y8.default\user.js ***** [ Tasks ] ***** Task Gelöscht : Fifth Task Gelöscht : OMESupervisor ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{8DD92AC3-72AA-4029-9B4C-ACB1FE81274F}] Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj Schlüssel Gelöscht : HKCU\Software\Classes\pokki Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Intermediate] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\YontooDesktop_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\YontooDesktop_RASMANCS Wert Gelöscht : HKLM\SOFTWARE\microsoft\windows nt\currentversion\svchost [DailytoolsInstallerService] Wert Gelöscht : HKLM\SOFTWARE\microsoft\windows nt\currentversion\svchost [DailytoolsUpdateService] Wert Gelöscht : HKLM\SOFTWARE\microsoft\windows nt\currentversion\svchost [Update-Service-Installer-Service] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{997E3BFB-F821-411C-8B96-D61D415EC8FA} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{44FC7A33-2E5C-48DC-B6F5-B81E8005D122} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{997E3BFB-F821-411C-8B96-D61D415EC8FA} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9B6B03F1-16CF-4491-BBBB-E872802DD717} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F4B8D46C-4EEE-401B-8607-DC03025F34B1} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{721061FB-EB79-4568-A03C-3CE26D68DAE9} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A18D16ED-27B2-4B83-B70C-15E73F099546} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BEE7E029-5037-4DAD-A2DB-82E397AB1A44} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{27CE191D-733B-4450-AFCD-096D105288C3} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A18D16ED-27B2-4B83-B70C-15E73F099546} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BEE7E029-5037-4DAD-A2DB-82E397AB1A44} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9} Schlüssel Gelöscht : HKCU\Software\Bitberry Software Schlüssel Gelöscht : HKCU\Software\Bitberry Schlüssel Gelöscht : HKCU\Software\BRS Schlüssel Gelöscht : HKCU\Software\Conduit Schlüssel Gelöscht : HKCU\Software\OfferMosquito Schlüssel Gelöscht : HKCU\Software\pc speed maximizer Schlüssel Gelöscht : HKCU\Software\Softonic Schlüssel Gelöscht : HKCU\Software\systweak Schlüssel Gelöscht : HKCU\Software\WinMaximizer Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F} Schlüssel Gelöscht : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F} Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} Schlüssel Gelöscht : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C} Schlüssel Gelöscht : HKLM\SOFTWARE\Conduit Schlüssel Gelöscht : HKLM\SOFTWARE\IePlugin Schlüssel Gelöscht : HKLM\SOFTWARE\systweak Schlüssel Gelöscht : HKLM\SOFTWARE\Uniblue Schlüssel Gelöscht : HKLM\SOFTWARE\WinMaximizer Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Joosoft.com Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Speedchecker Limited Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467 ***** [ Browser ] ***** -\\ Internet Explorer v11.0.9600.17280 -\\ Mozilla Firefox v32.0.3 (x86 de) [ Datei : C:\Users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\dpj49px8.default-1361432713879\prefs.js ] Zeile gelöscht : user_pref("browser.search.selectedEngine", "Astromenda"); [ Datei : C:\Users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\e6v11obw.default\prefs.js ] Zeile gelöscht : user_pref("browser.search.selectedEngine", "Astromenda"); [ Datei : C:\Users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\mData\prefs.js ] Zeile gelöscht : user_pref("browser.search.selectedEngine", "Astromenda"); [ Datei : C:\Users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\ugcbk2y8.default\prefs.js ] Zeile gelöscht : user_pref("extensions.buenosearch.admin", false); Zeile gelöscht : user_pref("extensions.buenosearch.aflt", "babsst"); Zeile gelöscht : user_pref("extensions.buenosearch.appId", "{37EB75F2-7392-4DBE-B5AD-147EC6D7BF5F}"); Zeile gelöscht : user_pref("extensions.buenosearch.autoRvrt", "false"); Zeile gelöscht : user_pref("extensions.buenosearch.bbDpng", "10"); Zeile gelöscht : user_pref("extensions.buenosearch.cntry", "DE"); Zeile gelöscht : user_pref("extensions.buenosearch.dfltLng", "en"); Zeile gelöscht : user_pref("extensions.buenosearch.excTlbr", false); Zeile gelöscht : user_pref("extensions.buenosearch.ffxUnstlRst", true); Zeile gelöscht : user_pref("extensions.buenosearch.hdrMd5", "24F2CA3B407F9F1E6246F7303079CE00"); Zeile gelöscht : user_pref("extensions.buenosearch.id", "da13e098000000000000000000000000"); Zeile gelöscht : user_pref("extensions.buenosearch.instlDay", "16139"); Zeile gelöscht : user_pref("extensions.buenosearch.instlRef", "sst"); Zeile gelöscht : user_pref("extensions.buenosearch.lastVrsnTs", "1.8.28.712:04:41"); Zeile gelöscht : user_pref("extensions.buenosearch.newTab", false); Zeile gelöscht : user_pref("extensions.buenosearch.prdct", "buenosearch"); Zeile gelöscht : user_pref("extensions.buenosearch.prtnrId", "buenosearch"); Zeile gelöscht : user_pref("extensions.buenosearch.rvrt", "false"); Zeile gelöscht : user_pref("extensions.buenosearch.sg", "azb"); Zeile gelöscht : user_pref("extensions.buenosearch.smplGrp", "none"); Zeile gelöscht : user_pref("extensions.buenosearch.tb_url", "hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=TB_ss&mntrId=DA136CF049052A32&affID=128491&tsp=5182"); Zeile gelöscht : user_pref("extensions.buenosearch.tlbrId", "base"); Zeile gelöscht : user_pref("extensions.buenosearch.tlbrSrchUrl", "hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=TB_ss&mntrId=DA136CF049052A32&affID=128491&tsp=5182"); Zeile gelöscht : user_pref("extensions.buenosearch.vrsn", "1.8.28.7"); Zeile gelöscht : user_pref("extensions.buenosearch.vrsnTs", "1.8.28.712:04:41"); Zeile gelöscht : user_pref("extensions.buenosearch.vrsni", "1.8.28.7"); Zeile gelöscht : user_pref("extensions.irmysearch.aflt", "irmsd0101"); Zeile gelöscht : user_pref("extensions.irmysearch.cd", "2XzuyEtN2Y1L1QzuyC0C0FtDyEzytDyDtB0AtAtB0EtDzyzztN0D0Tzu0SyByDtCtN1L2XzutBtFtBtFtCyDtFtCyDzytBtN1L1CzutDzytDtCtG1T"); Zeile gelöscht : user_pref("extensions.irmysearch.cr", "1251611358"); Zeile gelöscht : user_pref("extensions.irmysearch.instlRef", ""); -\\ Google Chrome v [ Datei : C:\Users\Gabi\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [68123 octets] - [05/02/2014 17:01:59] AdwCleaner[R1].txt - [1327 octets] - [05/02/2014 17:24:20] AdwCleaner[R2].txt - [1387 octets] - [05/02/2014 17:39:24] AdwCleaner[R3].txt - [17677 octets] - [25/05/2014 10:47:08] AdwCleaner[R4].txt - [20687 octets] - [17/06/2014 12:09:33] AdwCleaner[R5].txt - [19524 octets] - [29/06/2014 09:19:25] AdwCleaner[R6].txt - [19585 octets] - [29/06/2014 10:01:31] AdwCleaner[R7].txt - [12819 octets] - [11/10/2014 17:45:26] AdwCleaner[S0].txt - [64697 octets] - [05/02/2014 17:07:32] AdwCleaner[S1].txt - [11986 octets] - [11/10/2014 17:46:21] ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [12047 octets] ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.3.2 (10.09.2014:1) OS: Windows 7 Home Premium x64 Ran by Gabi on 11.10.2014 at 18:00:51,73 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\update resultsalpha Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\util resultsalpha Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updateResultsAlpha_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updateResultsAlpha_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\utilResultsAlpha_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\utilResultsAlpha_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\updateResultsAlpha_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\updateResultsAlpha_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\utilResultsAlpha_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\utilResultsAlpha_RASMANCS Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0213547C-6002-469C-BA82-6863B3C1D7B8} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{7234E9B8-551C-4612-AF57-BA7AC109CD0E} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{BCBC30E2-06B3-4F52-B0D5-B5C634DA9ACC} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C43BBC1B-D6AA-459A-9D03-5284B44E912E} ~~~ Files Successfully deleted: [File] "C:\Users\Gabi\appdata\locallow\microsoft\silverlight\outofbrowser\index\portal.qtrax.com" ~~~ Folders Successfully deleted: [Folder] "C:\Users\Gabi\music\qtrax media library" ~~~ FireFox Emptied folder: C:\Users\Gabi\AppData\Roaming\mozilla\firefox\profiles\ugcbk2y8.default\minidumps [16 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 11.10.2014 at 18:04:01,35 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-10-2014 01 Ran by Gabi (administrator) on GABI-DIETER on 11-10-2014 18:05:53 Running from C:\Users\Gabi\Downloads Loaded Profiles: Gabi & _ocster_backup_ (Available profiles: Gabi & _ocster_backup_) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe (Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe () C:\Program Files\Ocster Backup\bin\backupService-ox.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe () C:\Program Files\Ocster Backup\bin\backupClient-ox.exe (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe () C:\Program Files\Rainlendar2\Rainlendar2.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Oracle Corporation) C:\oracle10g\bin\oracle.exe () C:\Program Files\Ocster Backup\bin\oxHelper.exe (Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe (TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE () C:\Program Files\Ocster Backup\bin\oxHelper.exe () C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 10\LiveTunerService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\wmi64.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2460488 2014-09-17] (NVIDIA Corporation) HKLM\...\Run: [Ocster Backup] => C:\Program Files\Ocster Backup\bin\backupClient-ox.exe [312664 2014-02-04] () HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2249352 2013-06-27] (Microsoft Corp.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation) Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) HKU\S-1-5-21-3834002493-4226875369-3535069347-1000\...\Run: [Rainlendar2] => C:\Program Files\Rainlendar2\Rainlendar2.exe [3666944 2011-01-06] () HKU\S-1-5-21-3834002493-4226875369-3535069347-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd) Startup: C:\Users\Gabi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled () Startup: C:\Users\Gabi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk ShortcutTarget: Logitech . Produktregistrierung.lnk -> C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyEnable: Internet Explorer proxy is enabled. ProxyServer: http=127.0.0.1:8897;https=127.0.0.1:8897 HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x42F9AB638C96CA01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.t-online.de/ URLSearchHook: HKLM-x32 - (No Name) - {04a8dd1a-4754-48fe-a703-99846646ef04} - No File StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKCU - F04F7B247D844F0287D289AC70C8FE43 URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3322287&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP14A054C4-1B01-4318-9C92-BF4D53219F89&q={searchTerms}&SSPV= SearchScopes: HKCU - {323B7DAE-1CB5-481C-9BF2-D059761CC05E} URL = hxxp://www.suchen.de/lokal?q={searchTerms}&partnerid=244&radius=10&sort=relevance&fedsearch=true SearchScopes: HKCU - {435E3E38-6768-4A61-81F0-266E2A1C793A} URL = hxxp://suche.t-online.de/fast-cgi/tsc?mandant=toi&device=html&portallanguage=de&userlanguage=de&dia=suche&context=wiki-tab&tpc=internet&ptl=std&classification=wiki-tab_internet_std&q={searchTerms}&br=ie10-toi SearchScopes: HKCU - {6408E1C5-FE7B-47BD-B907-6CBDC0CEA64E} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=interactivemesuche-21&index=blended&linkCode=ur2&camp=1638&creative=6742 SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKCU - {7FD7B429-EAF3-492F-9D0C-0F4DB93D2FE1} URL = hxxp://rover.ebay.com/rover/1/707-1403-27640-2/4?mpre=hxxp://search.ebay.de/search/search.dll?shortcut=4&query={searchTerms} SearchScopes: HKCU - {A8D32726-9FA5-4283-9A9F-4C9DB061ACE5} URL = hxxp://dict.leo.org/ende?lp=ende&lang=de&searchLoc=0&cmpType=relaxed§Hdr=on&spellToler=on&chinese=both&pinyin=diacritic&search={searchTerms}&relink=on SearchScopes: HKCU - {CC87724D-C5C9-4A4D-8650-67BCA2BDC37E} URL = hxxp://www.dict.cc/?s={searchTerms} BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKCU - No Name - {04A8DD1A-4754-48FE-A703-99846646EF04} - No File DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - No File Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\syswow64\urlmon.dll (Microsoft Corporation) Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\..\Interfaces\{11342DE6-C338-47B7-97FF-6E33D142D8E3}: [NameServer] 217.0.43.81 217.0.43.65 FireFox: ======== FF ProfilePath: C:\Users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\ugcbk2y8.default FF DefaultSearchEngine: Yahoo FF Homepage: hxxp://www.t-online.de/ FF Keyword.URL: hxxp://www.google.de/search?hl=de&gl=de&lr=&ie=UTF-8&oe=UTF-8&meta=lr=lang_de&q= FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll () FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3522.0110 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\ugcbk2y8.default\searchplugins\google-default.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: ColorfulTabs - C:\Users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\ugcbk2y8.default\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2014-09-24] FF HKLM-x32\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox FF Extension: Freemake Video Converter Plugin - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox [2013-10-20] FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com FF Extension: 卡巴斯基網址顧問 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-01-30] FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com FF Extension: 虛擬鍵盤 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-01-30] FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com FF Extension: 惡意網站攔截器 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-01-30] FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-01-30] FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-01-30] FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-02-26] Chrome: ======= CHR Profile: C:\Users\Gabi\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Download Protect) - C:\Users\Gabi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihebkfpbjdbhbnekngbddmpomamehomf [2014-01-30] CHR Extension: (Download Protect) - C:\Users\Gabi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhiphpjimdnggccdgbpbicflmkebpdao [2013-11-14] CHR Extension: (Download Protect) - C:\Users\Gabi\AppData\Local\Google\Chrome\User Data\Default\Extensions\okbdeepkmkpfklcpjcfcfnekhdehnnjj [2014-03-11] CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [] CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-10-17] CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2013-10-17] CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-10-17] CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-10-17] CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-10-17] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO) R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-27] (Microsoft Corp.) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-09-17] (NVIDIA Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-09-17] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19439944 2014-09-17] (NVIDIA Corporation) R2 ocster_backup; c:\Program Files\Ocster Backup\bin\backupService-ox.exe [23896 2014-02-04] () S4 OracleDBConsoleSatdb10g; C:\oracle10g\bin\nmesrvc.exe [24064 2006-11-14] (Oracle Corporation) [File not signed] S4 OracleJobSchedulerSATDB10G; c:\oracle10g\Bin\extjob.exe [102400 2006-11-16] () [File not signed] S4 OracleORACLE_Home10giSQL*Plus; C:\oracle10g\bin\isqlplussvc.exe [53248 2006-10-12] (Oracle) [File not signed] R2 OracleServiceSATDB10G; c:\oracle10g\bin\ORACLE.EXE [60059648 2011-03-16] (Oracle Corporation) [File not signed] R2 WO_LiveService; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 10\LiveTunerService.exe [885096 2013-11-19] () S2 OracleORACLE_Home10gTNSListener; C:\oracle10g\BIN\TNSLSNR [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-11-11] (AVG Technologies) S3 GrabsterSeries.C64; C:\Windows\System32\DRIVERS\GrabsterSeries.C64.SYS [262208 2010-01-22] () S3 HWHandSet; C:\Windows\System32\DRIVERS\hw_quusbmdm.sys [223232 2011-10-24] (Huawei Technologies Co., Ltd.) U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2011-10-24] (Huawei Technologies Co., Ltd.) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-01-30] (Kaspersky Lab ZAO) S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-03-20] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-03-20] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-17] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-02-12] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2014-01-30] (Kaspersky Lab ZAO) R2 LiveTunerPM; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 10\LiveTunerProcessMonitor64.sys [12824 2011-03-08] () R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] () S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] () S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-10-11] (Malwarebytes Corporation) S3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [15680 2006-10-31] () R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19272 2014-09-17] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation) R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [34544 2013-10-25] (Synaptics Incorporated) S1 StarOpen; No ImagePath S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 cpuz132; \??\C:\Users\Gabi\AppData\Local\Temp\cpuz132\cpuz132_x64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-11 18:04 - 2014-10-11 18:04 - 00002734 _____ () C:\Users\Gabi\Desktop\JRT.txt 2014-10-11 17:58 - 2014-10-11 17:58 - 00000000 ____D () C:\Windows\ERUNT 2014-10-11 17:57 - 2014-10-11 17:57 - 01705755 _____ (Thisisu) C:\Users\Gabi\Downloads\JRT.exe 2014-10-11 17:51 - 2014-10-11 17:51 - 00012164 _____ () C:\Users\Gabi\Desktop\AdwCleaner[S1].txt 2014-10-11 17:44 - 2014-10-11 17:44 - 01375089 _____ () C:\Users\Gabi\Downloads\AdwCleaner_3.311(1).exe 2014-10-11 17:40 - 2014-10-11 17:40 - 01375089 _____ () C:\Users\Gabi\Downloads\AdwCleaner_3.311.exe 2014-10-11 17:33 - 2014-10-11 17:33 - 00099000 _____ () C:\Users\Gabi\Desktop\mbam.xml 2014-10-11 15:56 - 2014-10-11 17:10 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys 2014-10-11 15:25 - 2014-10-11 17:33 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-10-11 15:25 - 2014-10-11 17:20 - 00001149 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-10-11 15:25 - 2014-10-11 17:20 - 00001149 _____ () C:\ProgramData\Desktop\ Malwarebytes Anti-Malware .lnk 2014-10-11 15:25 - 2014-10-11 17:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-10-11 15:25 - 2014-10-11 17:20 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-10-11 15:25 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-10-11 15:25 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-10-11 15:25 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-10-11 15:24 - 2014-10-11 15:24 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Gabi\Downloads\mbam-setup-2.0.2.1012(1).exe 2014-10-09 22:59 - 2014-10-09 22:59 - 00045453 _____ () C:\Users\Gabi\Desktop\Combofix.txt 2014-10-09 22:58 - 2014-10-09 22:58 - 00045453 _____ () C:\ComboFix.txt 2014-10-09 22:31 - 2014-10-09 22:58 - 00000000 ____D () C:\ComboFix 2014-10-09 22:31 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-10-09 22:31 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-10-09 22:31 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-10-09 22:31 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-10-09 22:31 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-10-09 22:31 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe 2014-10-09 22:31 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe 2014-10-09 22:31 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe 2014-10-09 22:29 - 2014-10-09 22:58 - 00000000 ____D () C:\Qoobox 2014-10-09 22:29 - 2014-10-09 22:54 - 00000000 ____D () C:\Windows\erdnt 2014-10-09 22:27 - 2014-10-09 22:28 - 05582481 ____R (Swearware) C:\Users\Gabi\Downloads\ComboFix.exe 2014-10-08 18:21 - 2014-10-08 18:21 - 00023688 _____ () C:\Users\Gabi\Desktop\GMER-1.txt 2014-10-08 18:11 - 2014-10-08 18:11 - 00380416 _____ () C:\Users\Gabi\Downloads\Gmer-19357(2).exe 2014-10-08 18:09 - 2014-10-08 18:09 - 00380416 _____ () C:\Users\Gabi\Downloads\Gmer-19357(1).exe 2014-10-07 22:13 - 2014-10-07 22:13 - 00050468 _____ () C:\Users\Gabi\Desktop\FRST-2.txt 2014-10-07 22:12 - 2014-10-07 22:12 - 00060408 _____ () C:\Users\Gabi\Desktop\Addition-1.txt 2014-10-07 22:08 - 2014-10-07 22:08 - 00050320 _____ () C:\Users\Gabi\Desktop\FRST-1.txt 2014-10-07 21:32 - 2014-10-11 17:50 - 00002408 _____ () C:\Windows\setupact.log 2014-10-07 21:32 - 2014-10-11 17:49 - 00107454 _____ () C:\Windows\PFRO.log 2014-10-07 21:32 - 2014-10-07 21:32 - 00000000 _____ () C:\Windows\setuperr.log 2014-10-07 21:18 - 2014-10-11 17:53 - 00000193 _____ () C:\Windows\WORDPAD.INI 2014-10-07 21:11 - 2014-10-07 21:11 - 00014641 _____ () C:\Users\Gabi\Desktop\Gmer.txt 2014-10-07 21:03 - 2014-10-07 21:03 - 00380416 _____ () C:\Users\Gabi\Downloads\Gmer-19357.exe 2014-10-07 21:01 - 2014-10-07 21:01 - 00050238 _____ () C:\Users\Gabi\Desktop\FRST.txt 2014-10-07 21:00 - 2014-10-07 21:00 - 00060991 _____ () C:\Users\Gabi\Desktop\Addition.txt 2014-10-07 20:57 - 2014-10-07 22:12 - 00060408 _____ () C:\Users\Gabi\Downloads\Addition.txt 2014-10-07 20:56 - 2014-10-11 18:05 - 00024354 _____ () C:\Users\Gabi\Downloads\FRST.txt 2014-10-07 20:56 - 2014-10-11 18:05 - 00000000 ____D () C:\FRST 2014-10-07 20:54 - 2014-10-07 20:54 - 02109952 _____ (Farbar) C:\Users\Gabi\Downloads\FRST64.exe 2014-10-07 20:49 - 2014-10-07 22:03 - 00000470 _____ () C:\Users\Gabi\Downloads\defogger_disable.log 2014-10-07 20:48 - 2014-10-07 20:48 - 00050477 _____ () C:\Users\Gabi\Downloads\Defogger.exe 2014-10-07 20:42 - 2014-10-07 20:44 - 00000000 _____ () C:\Users\Gabi\defogger_reenable 2014-10-07 17:28 - 2014-10-07 18:01 - 00000000 ____D () C:\Program Files (x86)\ReQuick 2014-10-07 17:26 - 2014-10-07 17:26 - 01220954 _____ (My Company, Inc. ) C:\Users\Gabi\Downloads\RegistryQuick_setup.exe 2014-10-06 11:09 - 2014-10-06 11:09 - 00003266 _____ () C:\Windows\System32\Tasks\{E6DCEF3E-6A5E-4CE0-AD4B-9DD326E93E71} 2014-10-06 10:44 - 2014-10-06 10:44 - 00001311 _____ () C:\Users\Gabi\Desktop\Revo Uninstaller.lnk 2014-10-06 10:44 - 2014-10-06 10:44 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-10-06 10:42 - 2014-10-06 10:43 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Gabi\Downloads\revosetup95.exe 2014-10-05 22:39 - 2014-10-05 22:39 - 04964600 _____ (Piriform Ltd) C:\Users\Gabi\Downloads\ccsetup418pro.exe 2014-10-05 10:36 - 2014-10-05 10:36 - 00011426 _____ () C:\Users\Gabi\Documents\cc_20141005_103621.reg 2014-10-04 20:26 - 2014-10-04 20:26 - 06669808 _____ (Burnaware ) C:\Users\Gabi\Downloads\BurnAwareFree-P21423-Setup.exe 2014-10-03 19:37 - 2014-10-09 22:25 - 00000000 ____D () C:\Users\Gabi\AppData\Roaming\0F1L1I1PtF1F1C1N 2014-10-03 19:36 - 2014-10-03 19:36 - 01898640 _____ (Irfan Skiljan) C:\Users\Gabi\Downloads\IrfanView-P1683-Setup.exe 2014-09-30 20:39 - 2014-09-25 04:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2014-09-30 20:39 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll 2014-09-23 20:42 - 2014-09-10 00:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-09-23 20:42 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2014-09-19 21:28 - 2014-09-17 04:13 - 01291280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll 2014-09-19 21:28 - 2014-09-17 04:12 - 01715224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll 2014-09-19 21:28 - 2014-09-04 21:14 - 00038048 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys 2014-09-19 21:28 - 2014-09-04 21:14 - 00032416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll 2014-09-14 00:01 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-09-14 00:01 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-09-14 00:01 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-09-14 00:01 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-09-14 00:01 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-09-14 00:01 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-09-14 00:01 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-09-14 00:01 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-09-14 00:01 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-09-14 00:01 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-09-14 00:01 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-09-14 00:01 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-09-14 00:01 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-09-14 00:01 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-09-14 00:01 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-09-14 00:01 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-09-14 00:01 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-09-14 00:01 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-09-14 00:01 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-09-14 00:01 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-09-14 00:01 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-09-14 00:01 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-09-14 00:01 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-09-14 00:01 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-09-14 00:01 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-09-14 00:01 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-09-14 00:01 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-09-14 00:01 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-09-14 00:01 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-09-14 00:01 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-09-14 00:01 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-09-14 00:01 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-09-14 00:01 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-09-14 00:01 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-09-14 00:01 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-09-14 00:01 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-09-14 00:01 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-09-14 00:01 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-09-14 00:01 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-09-14 00:01 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-09-14 00:01 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-09-14 00:01 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-09-14 00:01 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-09-14 00:01 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-09-14 00:01 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-09-14 00:01 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-09-14 00:01 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-09-14 00:01 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-09-14 00:01 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-09-14 00:01 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-09-14 00:01 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-09-14 00:01 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-09-14 00:01 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-09-14 00:01 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-09-14 00:01 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-09-14 00:01 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-09-13 23:47 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll 2014-09-13 23:47 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll 2014-09-13 14:27 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll 2014-09-13 14:27 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll 2014-09-13 14:27 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2014-09-13 14:27 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll 2014-09-13 14:26 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-09-13 14:26 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-09-13 14:26 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-09-13 14:26 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-09-13 14:26 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-09-13 14:25 - 2014-09-05 04:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-09-13 14:25 - 2014-09-05 04:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-09-13 14:25 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-09-13 14:25 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2014-09-13 14:25 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-11 18:06 - 2010-01-14 12:56 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2014-10-11 18:00 - 2009-07-14 06:45 - 00023392 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-10-11 18:00 - 2009-07-14 06:45 - 00023392 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-10-11 17:59 - 2012-04-02 19:52 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-10-11 17:53 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing 2014-10-11 17:51 - 2011-01-26 19:26 - 00000000 ____D () C:\Users\Gabi\.rainlendar2 2014-10-11 17:50 - 2010-01-20 20:47 - 00065536 _____ () C:\Windows\system32\Ikeext.etl 2014-10-11 17:49 - 2010-03-09 21:22 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs 2014-10-11 17:49 - 2010-02-25 00:24 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-10-11 17:49 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-10-11 17:48 - 2010-01-15 19:07 - 01521137 _____ () C:\Windows\WindowsUpdate.log 2014-10-11 17:46 - 2014-02-05 17:01 - 00000000 ____D () C:\AdwCleaner 2014-10-11 17:46 - 2010-01-15 19:16 - 00000000 ____D () C:\Users\Gabi 2014-10-11 17:18 - 2010-02-25 00:24 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-10-11 15:57 - 2013-01-29 23:15 - 00003938 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{8C748547-F3A4-4FAD-B6F5-B8876C02A981} 2014-10-09 22:58 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default 2014-10-09 22:49 - 2009-07-14 04:34 - 00000248 _____ () C:\Windows\system.ini 2014-10-09 22:47 - 2014-02-23 12:29 - 00000000 ____D () C:\Users\_ocster_backup_ 2014-10-09 22:45 - 2009-07-14 04:34 - 85983232 _____ () C:\Windows\system32\config\software.bak 2014-10-09 22:45 - 2009-07-14 04:34 - 25690112 _____ () C:\Windows\system32\config\system.bak 2014-10-09 22:45 - 2009-07-14 04:34 - 01310720 _____ () C:\Windows\system32\config\default.bak 2014-10-09 22:45 - 2009-07-14 04:34 - 00057344 _____ () C:\Windows\system32\config\sam.bak 2014-10-09 22:45 - 2009-07-14 04:34 - 00032768 _____ () C:\Windows\system32\config\security.bak 2014-10-09 22:23 - 2014-01-20 22:49 - 00000000 ____D () C:\Users\Gabi\AppData\Roaming\1O1L1I1PtF1F1C1N 2014-10-08 20:34 - 2014-02-08 21:34 - 00000288 _____ () C:\Windows\Tasks\AdvancedDriverUpdater_UPDATES.job 2014-10-08 16:52 - 2014-02-06 20:35 - 00000000 ____D () C:\Windows\pss 2014-10-06 21:46 - 2010-01-14 13:42 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-10-06 21:46 - 2006-11-03 14:39 - 00000000 ____D () C:\Users\Gabi\Documents\MP600 2014-10-06 20:45 - 2014-02-14 22:12 - 00002996 _____ () C:\Windows\System32\Tasks\{A8D91B62-F815-4F1D-A2DB-5D26AE327BC2} 2014-10-06 20:44 - 2014-02-14 22:12 - 00002996 _____ () C:\Windows\System32\Tasks\{E02CA656-60DC-425D-AABD-242A412B746E} 2014-10-06 20:44 - 2011-02-10 18:36 - 00003012 _____ () C:\Windows\System32\Tasks\{EE0E0267-9856-43FB-B84C-E310DC9A0704} 2014-10-06 20:44 - 2011-02-10 18:35 - 00003012 _____ () C:\Windows\System32\Tasks\{F3401210-6A4F-4340-8F3E-AB35C777A196} 2014-10-06 20:41 - 2014-02-14 22:13 - 00002996 _____ () C:\Windows\System32\Tasks\{2144E255-C3B4-470C-BDB5-929B9E4FF282} 2014-10-06 20:41 - 2014-02-14 22:12 - 00002996 _____ () C:\Windows\System32\Tasks\{1978A92C-F1CC-4F1D-864F-81F946E1AE1A} 2014-10-05 22:41 - 2012-11-03 12:56 - 00000825 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-10-05 22:41 - 2012-11-03 12:56 - 00000825 _____ () C:\ProgramData\Desktop\CCleaner.lnk 2014-10-05 22:41 - 2012-11-03 12:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2014-10-05 22:41 - 2012-11-03 12:56 - 00000000 ____D () C:\Program Files\CCleaner 2014-10-04 21:13 - 2014-03-04 20:51 - 00001194 _____ () C:\Users\Public\Desktop\Internet.lnk 2014-10-04 21:13 - 2014-03-04 20:51 - 00001194 _____ () C:\ProgramData\Desktop\Internet.lnk 2014-10-04 21:00 - 2013-03-19 22:30 - 00000000 ____D () C:\Users\Gabi\AppData\Local\Ocster Backup 2014-10-04 20:45 - 2014-06-17 11:57 - 00000000 ____D () C:\Users\Gabi\AppData\Roaming\Nico Mak Computing 2014-10-04 20:43 - 2014-03-04 20:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-10-04 09:03 - 2009-07-14 19:58 - 00703028 _____ () C:\Windows\system32\perfh007.dat 2014-10-04 09:03 - 2009-07-14 19:58 - 00150686 _____ () C:\Windows\system32\perfc007.dat 2014-10-04 09:03 - 2009-07-14 07:13 - 01629690 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-10-03 19:38 - 2011-10-10 09:59 - 00001937 _____ () C:\Users\Gabi\Desktop\IrfanView Thumbnails.lnk 2014-10-03 19:38 - 2010-01-18 21:26 - 00001045 _____ () C:\Users\Gabi\Desktop\IrfanView.lnk 2014-10-02 08:13 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-09-30 10:33 - 2011-03-21 15:23 - 00053248 _____ () C:\Users\Gabi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-09-26 10:52 - 2012-04-24 21:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-09-24 20:59 - 2012-04-02 19:52 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-09-24 20:59 - 2012-04-02 19:52 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-09-24 20:59 - 2011-09-11 20:39 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-09-22 09:53 - 2010-01-18 11:17 - 00000000 ____D () C:\Users\Gabi\Dieter 2014-09-21 17:53 - 2010-01-17 12:17 - 00000000 ____D () C:\Users\Gabi\AppData\Roaming\Adobe 2014-09-19 22:43 - 2010-03-10 12:39 - 00000000 ____D () C:\Users\Gabi\AppData\Roaming\Skype 2014-09-19 21:43 - 2014-01-30 20:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2014-09-19 21:43 - 2010-01-14 13:42 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation 2014-09-19 21:29 - 2010-01-14 12:54 - 00000000 ____D () C:\Program Files\NVIDIA Corporation 2014-09-17 04:13 - 2014-01-30 20:31 - 02193560 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll 2014-09-17 04:12 - 2014-01-30 20:31 - 02799784 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll 2014-09-16 19:30 - 2013-03-13 22:44 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-09-15 09:06 - 2010-01-16 11:19 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-09-14 09:12 - 2009-07-14 06:45 - 00379408 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-09-14 00:01 - 2010-01-14 14:54 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-09-14 00:00 - 2014-01-16 13:28 - 01603034 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-09-13 23:58 - 2013-07-12 22:06 - 00000000 ____D () C:\Windows\system32\MRT 2014-09-13 23:48 - 2010-01-18 15:23 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-09-13 23:47 - 2014-05-06 11:51 - 00000000 ___SD () C:\Windows\system32\CompatTel Files to move or delete: ==================== C:\Users\Gabi\SSBCUninstall.exe C:\Users\Gabi\SSSDUninstall.exe C:\Users\Gabi\SS_Uninstall.exe C:\Users\Gabi\Start Ashampoo UnInstaller 5.bat Some content of TEMP: ==================== C:\Users\Gabi\AppData\Local\temp\Quarantine.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-02-21 19:39 ==================== End Of Log ============================ Gruß Thomas_5 |
12.10.2014, 13:50 | #11 |
/// the machine /// TB-Ausbilder | Optimizer Pro v3.2 incl. Crash Monitor enfernenESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
13.10.2014, 11:44 | #12 |
| Optimizer Pro v3.2 incl. Crash Monitor enfernen Hallo Schrauber, nun brauche ich deine Hilfe beim Starten des Programms "Eset Online Scanner". Das Herunterladen funkioniert. Ich setze den Haken bei "Ja, ich bin ... ", klicke auf Starten und nun kommt der Hinweis:" Update funktioniert nicht. Ist ein Proxy eingerichtet? Alle bisherigen Programme konnte ich problemlos starten und nun "meckert" dieses. Was ist zu tun?? Ich arbeite seit Jahr und Tag ohne Proxy. Gruß Thomas_5 Hallo Schrauber, den Download von ESET habe ich "hinbekommen". Ursache für Problem mir unbekannt. Hier die gewünschten 3 Files. Gruß Thomas_5 Code:
ATTFilter ESETSmartInstaller@High as downloader log: Can not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: Can not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: Can not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: Can not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: Can not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: Can not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: Can not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: Can not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: Can not open internetESETSmartInstaller@High as downloader log: Can not open internetESETSmartInstaller@High as downloader log: Can not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: Can not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: Can not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: Can not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: all ok ESETSmartInstaller@High as downloader log: all ok ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=ca2c659edce862408b5bac9dd66197fd # engine=20562 # end=stopped # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=false # utc_time=2014-10-12 09:18:55 # local_time=2014-10-12 11:18:55 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='Kaspersky Internet Security' # compatibility_mode=1292 16777213 100 100 1532 44623157 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776573 100 94 3143 164778585 0 0 # scanned=28079 # found=8 # cleaned=0 # scan_time=537 sh=8F18725F30CEEE19ECF630C1F875F93027BA22AA ft=0 fh=0000000000000000 vn="OSX/ChatZum.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ChatZum Toolbar\Chrome_softonic.zip.vir" sh=94741394B9205CB7641E85A94FBF186CE1D6341D ft=1 fh=b19299ec75509629 vn="Variante von Win32/SpeedingUpMyPC Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\PC Speed Maximizer\PCSpeedMaximizer.exe.vir" sh=1426B95F2619E462F812F6807C88694DF9FBECE7 ft=1 fh=a10496de67a69999 vn="Win32/Toolbar.Conduit.S evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gabi\AppData\Local\DownloadGuide\Offers\mconduitinstaller.exe.vir" sh=95D1E596ACC1912879100C54027750C1772027C7 ft=1 fh=212faf0536ad9d68 vn="Win32/BrowseFox.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gabi\AppData\Local\DownloadGuide\Offers\ResultsAlphaSetup.exe.vir" sh=B2FD7C8BFF05AF139FBB175A889B19441CE3A42A ft=1 fh=c71c00119e74ec86 vn="Variante von Win32/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gabi\AppData\Roaming\OpenCandy\4A543930705E42B892061F39BD54555D\Installer.exe.vir" sh=6FA2A2D98EF6B2CAA336F01CCCCF025D4F2E7CB9 ft=1 fh=16ae7ef5a70a6d29 vn="Win32/Toolbar.Montiera.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gabi\AppData\Roaming\OpenCandy\A3E58D174B36487CA12E4F465AF97ACD\Setupsft_chr_p1v5.exe.vir" sh=C4420C6E94B8CAACCB3811384280D8A93CB0A37D ft=1 fh=25f111c507a31a21 vn="Win32/Toolbar.Conduit.R evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gabi\AppData\Roaming\OpenCandy\D3530CF196934EECAA8CD959EBBFBCB8\sp-downloader.exe.vir" sh=9CE5F659BDD89907624541CB98681224CA75D886 ft=1 fh=9b9a5086efdbb0a1 vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir" ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=ca2c659edce862408b5bac9dd66197fd # engine=20562 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=false # utc_time=2014-10-13 09:43:30 # local_time=2014-10-13 11:43:30 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='Kaspersky Internet Security' # compatibility_mode=1292 16777213 100 100 46207 44667832 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776573 100 94 47818 164823260 0 0 # scanned=702858 # found=228 # cleaned=0 # scan_time=44467 sh=8F18725F30CEEE19ECF630C1F875F93027BA22AA ft=0 fh=0000000000000000 vn="OSX/ChatZum.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ChatZum Toolbar\Chrome_softonic.zip.vir" sh=7CE7298D509A1065506D526BBDDFE4D1340CF9D2 ft=1 fh=a1a858753285fc75 vn="Variante von Win32/Bundled.Toolbar.Google.C potenziell unsichere Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\WavePad\wavepad.exe.vir" sh=1B239A5C8B868F9BE8D85EB8FE5D94290B1098F6 ft=1 fh=9a4954e6f7732eeb vn="Variante von Win32/Bundled.Toolbar.Google.C potenziell unsichere Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\WavePad\wavepadsetup_v5.71.exe.vir" sh=94741394B9205CB7641E85A94FBF186CE1D6341D ft=1 fh=b19299ec75509629 vn="Variante von Win32/SpeedingUpMyPC Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\PC Speed Maximizer\PCSpeedMaximizer.exe.vir" sh=1426B95F2619E462F812F6807C88694DF9FBECE7 ft=1 fh=a10496de67a69999 vn="Win32/Toolbar.Conduit.S evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gabi\AppData\Local\DownloadGuide\Offers\mconduitinstaller.exe.vir" sh=95D1E596ACC1912879100C54027750C1772027C7 ft=1 fh=212faf0536ad9d68 vn="Win32/BrowseFox.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gabi\AppData\Local\DownloadGuide\Offers\ResultsAlphaSetup.exe.vir" sh=B2FD7C8BFF05AF139FBB175A889B19441CE3A42A ft=1 fh=c71c00119e74ec86 vn="Variante von Win32/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gabi\AppData\Roaming\OpenCandy\4A543930705E42B892061F39BD54555D\Installer.exe.vir" sh=818EB70506F0C2CE0936CE66E6E5E5286317E70A ft=1 fh=23b2c0ba60867e14 vn="Variante von Win32/OpenCandy.A potenziell unsichere Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gabi\AppData\Roaming\OpenCandy\4A543930705E42B892061F39BD54555D\OCBrowserHelper_1.0.5.112.dll.vir" sh=6FA2A2D98EF6B2CAA336F01CCCCF025D4F2E7CB9 ft=1 fh=16ae7ef5a70a6d29 vn="Win32/Toolbar.Montiera.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gabi\AppData\Roaming\OpenCandy\A3E58D174B36487CA12E4F465AF97ACD\Setupsft_chr_p1v5.exe.vir" sh=C4420C6E94B8CAACCB3811384280D8A93CB0A37D ft=1 fh=25f111c507a31a21 vn="Win32/Toolbar.Conduit.R evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gabi\AppData\Roaming\OpenCandy\D3530CF196934EECAA8CD959EBBFBCB8\sp-downloader.exe.vir" sh=9CE5F659BDD89907624541CB98681224CA75D886 ft=1 fh=9b9a5086efdbb0a1 vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir" sh=B9276CCB99D02DF2AB5E3B289230782ACE0901CE ft=0 fh=0000000000000000 vn="JS/GFilter.A Trojaner" ac=I fn="C:\Documents and Settings\Gabi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihebkfpbjdbhbnekngbddmpomamehomf\2.1_0\g.js" sh=B9276CCB99D02DF2AB5E3B289230782ACE0901CE ft=0 fh=0000000000000000 vn="JS/GFilter.A Trojaner" ac=I fn="C:\Documents and Settings\Gabi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhiphpjimdnggccdgbpbicflmkebpdao\2.1_0\g.js" sh=B9276CCB99D02DF2AB5E3B289230782ACE0901CE ft=0 fh=0000000000000000 vn="JS/GFilter.A Trojaner" ac=I fn="C:\Documents and Settings\Gabi\AppData\Local\Google\Chrome\User Data\Default\Extensions\okbdeepkmkpfklcpjcfcfnekhdehnnjj\2.1_0\g.js" sh=0370B6AD0DBA8328E67A307235F717A3A1B22FA5 ft=1 fh=ad0a89014f15914b vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\Documents and Settings\Gabi\AppData\LocalLow\DVDvideoSoft_2.0\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.8\bin\PriceGongIE.dll" sh=34FF8E2D281CBFECE71100A04C0FF4436818382E ft=1 fh=7b66b1ed06cb1b80 vn="Variante von Win64/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Documents and Settings\Gabi\AppData\LocalLow\DVDvideoSoft_2.0\hk64tbDVDv.dll" sh=AE7B8F3BB6E040CE20B02DE558471FAA4C58386E ft=1 fh=6a41a8d0046fd7b4 vn="Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung" ac=I fn="C:\Documents and Settings\Gabi\AppData\LocalLow\DVDvideoSoft_2.0\hktbDVDv.dll" sh=87BE5F13318AC3BA3F403A73E332E1784304C21D ft=1 fh=3e5cd6b65c184efc vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\Documents and Settings\Gabi\AppData\LocalLow\DVDvideoSoft_2.0\ldrtbDVDv.dll" sh=1E6279D9317A709616211812CCA5AB8B26EB4AB2 ft=1 fh=dd2582521ac42eea vn="Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung" ac=I fn="C:\Documents and Settings\Gabi\AppData\LocalLow\DVDvideoSoft_2.0\tbDVDv.dll" sh=4D61862340A8C252665F1927CACB3038D474F2EA ft=1 fh=6d632a397799bb5e vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="C:\Documents and Settings\Gabi\Documents\MAGIX Downloads\Installationsmanager\Foto_Grafik_Designer_9_DLV_de-DE_130611_10-14_9_1_2_28274.exe" sh=60C77FF66F63F585FCE95C78FF44B513E2AAB9F9 ft=1 fh=17494879e4339ab3 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung" ac=I fn="C:\Documents and Settings\Gabi\Documents\ccsetup400.exe" sh=D0CE83917D9F3670BF8CCE801D4AFFB9B90ED2E8 ft=1 fh=3868d62c138980e6 vn="Variante von Win32/Toolbar.Conduit.H evtl. unerwünschte Anwendung" ac=I fn="C:\Documents and Settings\Gabi\Downloads\wpsetup\wpsetup.exe" sh=A0A0FFAF1199DF0D6D012403936E102804C09915 ft=1 fh=e0392d3244478bd1 vn="Variante von Win32/Downloader.JooSoft.A evtl. unerwünschte Anwendung" ac=I fn="C:\Documents and Settings\Gabi\Downloads\AdbeRdr1010_de_DE.exe" sh=8A3DA8FB53582A141FA6E789414FF85925FCB49B ft=1 fh=3d4517e6bcadc197 vn="Variante von Win32/Systweak.H evtl. unerwünschte Anwendung" ac=I fn="C:\Documents and Settings\Gabi\Downloads\adusetup_ashampoo(1).exe" sh=8A3DA8FB53582A141FA6E789414FF85925FCB49B ft=1 fh=3d4517e6bcadc197 vn="Variante von Win32/Systweak.H evtl. unerwünschte Anwendung" ac=I fn="C:\Documents and Settings\Gabi\Downloads\adusetup_ashampoo(2).exe" sh=8A3DA8FB53582A141FA6E789414FF85925FCB49B ft=1 fh=3d4517e6bcadc197 vn="Variante von Win32/Systweak.H evtl. unerwünschte Anwendung" ac=I fn="C:\Documents and Settings\Gabi\Downloads\adusetup_ashampoo(3).exe" sh=8A3DA8FB53582A141FA6E789414FF85925FCB49B ft=1 fh=3d4517e6bcadc197 vn="Variante von Win32/Systweak.H evtl. unerwünschte Anwendung" ac=I fn="C:\Documents and Settings\Gabi\Downloads\adusetup_ashampoo.exe" sh=523AC0C97F0CA0AABCEA49E382FA5875ECA22532 ft=1 fh=77b67014f90e4fbe vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Documents and Settings\Gabi\Downloads\AutoStitch Installer.exe" sh=33C156DAFA1DBE4B18D63F939808E66AA739DD4E ft=1 fh=f8e9d5f1e23b398c vn="Variante von MSIL/DownloadGuide.D evtl. unerwünschte Anwendung" ac=I fn="C:\Documents and Settings\Gabi\Downloads\AVSCoverEditor-Downloader.exe" sh=5F724434F8D9B3B4C2EAF89DA5832413F631260F ft=1 fh=c65a73dc622a46c5 vn="Variante von Win32/OpenCandy.A potenziell unsichere Anwendung" ac=I fn="C:\Documents and Settings\Gabi\Downloads\BurnAwareFree-P21423-Setup.exe" sh=69FB071437A3FF3433496C9C3F03D11A11F23B07 ft=1 fh=1a690280c4a03c18 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Documents and Settings\Gabi\Downloads\burnaware_free(1).exe" sh=69FB071437A3FF3433496C9C3F03D11A11F23B07 ft=1 fh=1a690280c4a03c18 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Documents and Settings\Gabi\Downloads\burnaware_free(2).exe" sh=69FB071437A3FF3433496C9C3F03D11A11F23B07 ft=1 fh=1a690280c4a03c18 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Documents and Settings\Gabi\Downloads\burnaware_free(3).exe" sh=EB48A11299E0F34EEDB37FC39D42AFBA99975719 ft=1 fh=2cfff8032124ba83 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Documents and Settings\Gabi\Downloads\burnaware_free.exe" sh=9EBEEAD23C136B3C8E6CC0220B4F47C3D67B9B4D ft=1 fh=f7cfbc4528e170a2 vn="Win32/Bundled.Toolbar.Google.E potenziell unsichere Anwendung" ac=I fn="C:\Documents and Settings\Gabi\Downloads\ccsetup324.exe" sh=3D84C7C0E316EAD02DD7A59E746EC798DAB8BC0C ft=1 fh=ce50a11e70bad71c vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung" ac=I fn="C:\Documents and Settings\Gabi\Downloads\ccsetup328(1).exe" sh=99664055220D4F09E225DCCF4F182BD0B06B195F ft=1 fh=ecb8dbce1ac05612 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung" ac=I fn="C:\Documents and Settings\Gabi\Downloads\ccsetup328.exe" sh=932E042070F1567ED5A116E98E3C04D7D07E0681 ft=1 fh=3bf8f6c29b1c29c3 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung" ac=I fn="C:\Documents and Settings\Gabi\Downloads\ccsetup409.exe" sh=C8B96034415ABE6FDBA82FF60E8157E97DED8CC6 ft=1 fh=afea4f88be0404c6 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung" ac=I fn="C:\Documents and Settings\Gabi\Downloads\ccsetup410pro.exe" sh=0D2AEDE3737ACD0D4701BA4F0CE0BEBF80124F8E ft=1 fh=c3a7601a9745b7e9 vn="Variante von Win32/Downloader.JooSoft.A evtl. unerwünschte Anwendung" ac=I fn="C:\Documents and Settings\Gabi\Downloads\Downloader_fuer_Adobe_Flash_Player_11.exe" sh=FDE3D7E13260CD75D7523F0B02BC06C16419C026 ft=1 fh=3918cb108fedf547 vn="Variante von Win32/Hao123.A evtl. unerwünschte Anwendung" ac=I fn="C:\Documents and Settings\Gabi\Downloads\FFSetup3.3.1.0.exe" sh=09E3EE81144BB6A313F1C30C7023FF769D58E6D5 ft=1 fh=8f036bf2e82b8625 vn="Variante von Win32/FileTypeAssistant.A evtl. unerwünschte Anwendung" ac=I fn="C:\Documents and Settings\Gabi\Downloads\FinalMediaPlayerSetup [1].exe" sh=4D0C46103536F5093C6C1899A94B334167B6E908 ft=1 fh=c71c00112c3d0546 vn="Variante von Win32/InstallCore.BY evtl. unerwünschte Anwendung" ac=I fn="C:\Documents and Settings\Gabi\Downloads\FinalMediaPlayerSetup.exe" sh=13C544B7DA0456DED2BFC12B0DBD1161DA40EC8F ft=1 fh=bc0c0ed0924d8ab6 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Documents and Settings\Gabi\Downloads\FreeAudioConverter.exe" sh=28AD0E23DA209D15383FC55410949A8042DCA20E ft=1 fh=8b366d204d2ca43c vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Documents and Settings\Gabi\Downloads\FreeAudioConverter5.0.32.1230.exe" sh=7B6D18765E8C2EA5D4F245ABD08EC7A124F4B841 ft=1 fh=7539a155083a225f vn="Variante von Win32/FileTypeAssistant.A evtl. unerwünschte Anwendung" ac=I fn="C:\Documents and Settings\Gabi\Downloads\FreeFileViewerSetup [1].exe" sh=7B6D18765E8C2EA5D4F245ABD08EC7A124F4B841 ft=1 fh=7539a155083a225f vn="Variante von Win32/FileTypeAssistant.A evtl. unerwünschte Anwendung" ac=I fn="C:\Documents and Settings\Gabi\Downloads\FreeFileViewerSetup.exe" sh=3AB435FCF59A46DF0272F814BF2020AF97063F31 ft=1 fh=14cbd1b40b619cb5 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Documents and Settings\Gabi\Downloads\FreemakeVideoConverterSetup.exe" sh=1766C79CA8A20B82C34BA1BA5BAAEB3A698526BA ft=1 fh=e63a415f32acf189 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Documents and Settings\Gabi\Downloads\FreeStudio.exe" sh=8B60106E155E5D494E19F4EBBE1235A3192A45BD ft=1 fh=f1be99378e868e35 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Documents and Settings\Gabi\Downloads\FreeVideoToFlashConverter.exe" sh=07EE3E60EC1B67CAF607C8F3A7D06A25BC3B9188 ft=1 fh=1b408f34e6ce86b7 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Documents and Settings\Gabi\Downloads\FreeVideoToMP3Converter5.0.32.1230.exe" sh=3ACF281884D8980B042A3E5B8CC35F3A4E12E5DE ft=1 fh=6f437b95318384a6 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Documents and Settings\Gabi\Downloads\FreeYouTubeDownload(1).exe" sh=3ACF281884D8980B042A3E5B8CC35F3A4E12E5DE ft=1 fh=6f437b95318384a6 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Documents and Settings\Gabi\Downloads\FreeYouTubeDownload(2).exe" sh=3ACF281884D8980B042A3E5B8CC35F3A4E12E5DE ft=1 fh=6f437b95318384a6 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Documents and Settings\Gabi\Downloads\FreeYouTubeDownload(3).exe" sh=3ACF281884D8980B042A3E5B8CC35F3A4E12E5DE ft=1 fh=6f437b95318384a6 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Documents and Settings\Gabi\Downloads\FreeYouTubeDownload(4).exe" sh=3ACF281884D8980B042A3E5B8CC35F3A4E12E5DE ft=1 fh=6f437b95318384a6 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Documents and Settings\Gabi\Downloads\FreeYouTubeDownload(5).exe" sh=8C153BD9AA9D3EE8DAF7C4223291526762706350 ft=1 fh=b4892d09c9365a50 vn="Variante von Win32/OpenCandy.A potenziell unsichere Anwendung" ac=I fn="C:\Documents and Settings\Gabi\Downloads\FreeYouTubeDownload(6).exe" sh=3ACF281884D8980B042A3E5B8CC35F3A4E12E5DE ft=1 fh=6f437b95318384a6 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Documents and Settings\Gabi\Downloads\FreeYouTubeDownload.exe" sh=EC38A071476860D3DA681052AF62B3BE377FEC73 ft=1 fh=68c299741b777df3 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Documents and Settings\Gabi\Downloads\FreeYouTubeToMP3Converter.exe" sh=F1FF4C66F2A78F9A8924ACA586194FE5ADAB95F1 ft=1 fh=eef64f293070a205 vn="Variante von Win32/InstallCore.AT evtl. unerwünschte Anwendung" ac=I fn="C:\Documents and Settings\Gabi\Downloads\MozillaFirefox-Setup-Yahoo!Edition.exe" sh=BBE22BFCCFA4F1925C27F15059218F8A4B317D79 ft=1 fh=1a5b77bbc2cc4044 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Documents and Settings\Gabi\Downloads\mp3Boy_Setup-Downloader.exe" sh=0F54393B810C70696781CFD0276C2F03458E7925 ft=1 fh=bdc70ffc8bcd907c vn="Variante von Win32/Adware.RegistryQuick Anwendung" ac=I fn="C:\Documents and Settings\Gabi\Downloads\RegistryQuick_setup.exe" sh=CB20DFD703B61B9470BBB3B1BE157D47A8C0849A ft=1 fh=63788d9fe9c2f077 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung" ac=I fn="C:\Documents and Settings\Gabi\Downloads\Shockwave_Installer_Slim(1).exe" sh=CB20DFD703B61B9470BBB3B1BE157D47A8C0849A ft=1 fh=63788d9fe9c2f077 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung" ac=I fn="C:\Documents and Settings\Gabi\Downloads\Shockwave_Installer_Slim(2).exe" sh=4867331E1509834282B9A6AEA88DA00ADE1BEAF9 ft=1 fh=fde805e1ec63c8e6 vn="Variante von Win32/Bundled.Toolbar.Google.C potenziell unsichere Anwendung" ac=I fn="C:\Documents and Settings\Gabi\Downloads\switchsetup.exe" sh=D06F678AD8F7484DFFDBBE9B800DDE3D13883096 ft=1 fh=d800ec798443bb76 vn="Variante von Win32/SlowPCfighter evtl. unerwünschte Anwendung" ac=I fn="C:\Documents and Settings\Gabi\Downloads\WinMaximizer.exe" sh=C0E28878041F7708BC82DD28153719E88A91C1BA ft=1 fh=0e746c2d3c3fdba6 vn="Variante von Win32/Systweak evtl. unerwünschte Anwendung" ac=I fn="C:\Documents and Settings\Gabi\Downloads\WinThruster_2013.exe" sh=331A922692EDD90B9E1368260F4F25B4CB25DDA3 ft=1 fh=df93e0f9bcb74eee vn="Variante von Win32/Downloader.JooSoft.A evtl. unerwünschte Anwendung" ac=I fn="C:\Documents and Settings\Gabi\Downloads\wmp11-windowsxp-x86-DE-DE(1).exe" sh=01139627DD8462E0CAEDF3531323925CAEA0CD16 ft=1 fh=1f6a5914bcb74eee vn="Variante von Win32/Downloader.JooSoft.A evtl. unerwünschte Anwendung" ac=I fn="C:\Documents and Settings\Gabi\Downloads\wmp11-windowsxp-x86-DE-DE.exe" sh=1B239A5C8B868F9BE8D85EB8FE5D94290B1098F6 ft=1 fh=9a4954e6f7732eeb vn="Variante von Win32/Bundled.Toolbar.Google.C potenziell unsichere Anwendung" ac=I fn="C:\Documents and Settings\Gabi\Downloads\wpsetup(1).exe" sh=1B239A5C8B868F9BE8D85EB8FE5D94290B1098F6 ft=1 fh=9a4954e6f7732eeb vn="Variante von Win32/Bundled.Toolbar.Google.C potenziell unsichere Anwendung" ac=I fn="C:\Documents and Settings\Gabi\Downloads\wpsetup(2).exe" sh=A981E3D6F03D3BD57D1472F33A4093A01533F8A8 ft=1 fh=7aaf7b3d0491af48 vn="Variante von MSIL/AdvancedSystemProtector.F evtl. unerwünschte Anwendung" ac=I fn="C:\Documents and Settings\Gabi\Downloads\wzmp_8.exe" sh=B9276CCB99D02DF2AB5E3B289230782ACE0901CE ft=0 fh=0000000000000000 vn="JS/GFilter.A Trojaner" ac=I fn="C:\Dokumente und Einstellungen\Gabi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihebkfpbjdbhbnekngbddmpomamehomf\2.1_0\g.js" sh=B9276CCB99D02DF2AB5E3B289230782ACE0901CE ft=0 fh=0000000000000000 vn="JS/GFilter.A Trojaner" ac=I fn="C:\Dokumente und Einstellungen\Gabi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhiphpjimdnggccdgbpbicflmkebpdao\2.1_0\g.js" sh=B9276CCB99D02DF2AB5E3B289230782ACE0901CE ft=0 fh=0000000000000000 vn="JS/GFilter.A Trojaner" ac=I fn="C:\Dokumente und Einstellungen\Gabi\AppData\Local\Google\Chrome\User Data\Default\Extensions\okbdeepkmkpfklcpjcfcfnekhdehnnjj\2.1_0\g.js" sh=0370B6AD0DBA8328E67A307235F717A3A1B22FA5 ft=1 fh=ad0a89014f15914b vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Gabi\AppData\LocalLow\DVDvideoSoft_2.0\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.8\bin\PriceGongIE.dll" sh=34FF8E2D281CBFECE71100A04C0FF4436818382E ft=1 fh=7b66b1ed06cb1b80 vn="Variante von Win64/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Gabi\AppData\LocalLow\DVDvideoSoft_2.0\hk64tbDVDv.dll" sh=AE7B8F3BB6E040CE20B02DE558471FAA4C58386E ft=1 fh=6a41a8d0046fd7b4 vn="Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Gabi\AppData\LocalLow\DVDvideoSoft_2.0\hktbDVDv.dll" sh=87BE5F13318AC3BA3F403A73E332E1784304C21D ft=1 fh=3e5cd6b65c184efc vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Gabi\AppData\LocalLow\DVDvideoSoft_2.0\ldrtbDVDv.dll" sh=1E6279D9317A709616211812CCA5AB8B26EB4AB2 ft=1 fh=dd2582521ac42eea vn="Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Gabi\AppData\LocalLow\DVDvideoSoft_2.0\tbDVDv.dll" sh=4D61862340A8C252665F1927CACB3038D474F2EA ft=1 fh=6d632a397799bb5e vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Gabi\Documents\MAGIX Downloads\Installationsmanager\Foto_Grafik_Designer_9_DLV_de-DE_130611_10-14_9_1_2_28274.exe" sh=60C77FF66F63F585FCE95C78FF44B513E2AAB9F9 ft=1 fh=17494879e4339ab3 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Gabi\Documents\ccsetup400.exe" sh=D0CE83917D9F3670BF8CCE801D4AFFB9B90ED2E8 ft=1 fh=3868d62c138980e6 vn="Variante von Win32/Toolbar.Conduit.H evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Gabi\Downloads\wpsetup\wpsetup.exe" sh=A0A0FFAF1199DF0D6D012403936E102804C09915 ft=1 fh=e0392d3244478bd1 vn="Variante von Win32/Downloader.JooSoft.A evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Gabi\Downloads\AdbeRdr1010_de_DE.exe" sh=8A3DA8FB53582A141FA6E789414FF85925FCB49B ft=1 fh=3d4517e6bcadc197 vn="Variante von Win32/Systweak.H evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Gabi\Downloads\adusetup_ashampoo(1).exe" sh=8A3DA8FB53582A141FA6E789414FF85925FCB49B ft=1 fh=3d4517e6bcadc197 vn="Variante von Win32/Systweak.H evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Gabi\Downloads\adusetup_ashampoo(2).exe" sh=8A3DA8FB53582A141FA6E789414FF85925FCB49B ft=1 fh=3d4517e6bcadc197 vn="Variante von Win32/Systweak.H evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Gabi\Downloads\adusetup_ashampoo(3).exe" sh=8A3DA8FB53582A141FA6E789414FF85925FCB49B ft=1 fh=3d4517e6bcadc197 vn="Variante von Win32/Systweak.H evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Gabi\Downloads\adusetup_ashampoo.exe" sh=523AC0C97F0CA0AABCEA49E382FA5875ECA22532 ft=1 fh=77b67014f90e4fbe vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Gabi\Downloads\AutoStitch Installer.exe" sh=33C156DAFA1DBE4B18D63F939808E66AA739DD4E ft=1 fh=f8e9d5f1e23b398c vn="Variante von MSIL/DownloadGuide.D evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Gabi\Downloads\AVSCoverEditor-Downloader.exe" sh=5F724434F8D9B3B4C2EAF89DA5832413F631260F ft=1 fh=c65a73dc622a46c5 vn="Variante von Win32/OpenCandy.A potenziell unsichere Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Gabi\Downloads\BurnAwareFree-P21423-Setup.exe" sh=69FB071437A3FF3433496C9C3F03D11A11F23B07 ft=1 fh=1a690280c4a03c18 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Gabi\Downloads\burnaware_free(1).exe" sh=69FB071437A3FF3433496C9C3F03D11A11F23B07 ft=1 fh=1a690280c4a03c18 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Gabi\Downloads\burnaware_free(2).exe" sh=69FB071437A3FF3433496C9C3F03D11A11F23B07 ft=1 fh=1a690280c4a03c18 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Gabi\Downloads\burnaware_free(3).exe" sh=EB48A11299E0F34EEDB37FC39D42AFBA99975719 ft=1 fh=2cfff8032124ba83 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Gabi\Downloads\burnaware_free.exe" sh=9EBEEAD23C136B3C8E6CC0220B4F47C3D67B9B4D ft=1 fh=f7cfbc4528e170a2 vn="Win32/Bundled.Toolbar.Google.E potenziell unsichere Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Gabi\Downloads\ccsetup324.exe" sh=3D84C7C0E316EAD02DD7A59E746EC798DAB8BC0C ft=1 fh=ce50a11e70bad71c vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Gabi\Downloads\ccsetup328(1).exe" sh=99664055220D4F09E225DCCF4F182BD0B06B195F ft=1 fh=ecb8dbce1ac05612 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Gabi\Downloads\ccsetup328.exe" sh=932E042070F1567ED5A116E98E3C04D7D07E0681 ft=1 fh=3bf8f6c29b1c29c3 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Gabi\Downloads\ccsetup409.exe" sh=C8B96034415ABE6FDBA82FF60E8157E97DED8CC6 ft=1 fh=afea4f88be0404c6 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Gabi\Downloads\ccsetup410pro.exe" sh=0D2AEDE3737ACD0D4701BA4F0CE0BEBF80124F8E ft=1 fh=c3a7601a9745b7e9 vn="Variante von Win32/Downloader.JooSoft.A evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Gabi\Downloads\Downloader_fuer_Adobe_Flash_Player_11.exe" sh=FDE3D7E13260CD75D7523F0B02BC06C16419C026 ft=1 fh=3918cb108fedf547 vn="Variante von Win32/Hao123.A evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Gabi\Downloads\FFSetup3.3.1.0.exe" sh=09E3EE81144BB6A313F1C30C7023FF769D58E6D5 ft=1 fh=8f036bf2e82b8625 vn="Variante von Win32/FileTypeAssistant.A evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Gabi\Downloads\FinalMediaPlayerSetup [1].exe" sh=4D0C46103536F5093C6C1899A94B334167B6E908 ft=1 fh=c71c00112c3d0546 vn="Variante von Win32/InstallCore.BY evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Gabi\Downloads\FinalMediaPlayerSetup.exe" sh=13C544B7DA0456DED2BFC12B0DBD1161DA40EC8F ft=1 fh=bc0c0ed0924d8ab6 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Gabi\Downloads\FreeAudioConverter.exe" sh=28AD0E23DA209D15383FC55410949A8042DCA20E ft=1 fh=8b366d204d2ca43c vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Gabi\Downloads\FreeAudioConverter5.0.32.1230.exe" sh=7B6D18765E8C2EA5D4F245ABD08EC7A124F4B841 ft=1 fh=7539a155083a225f vn="Variante von Win32/FileTypeAssistant.A evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Gabi\Downloads\FreeFileViewerSetup [1].exe" sh=7B6D18765E8C2EA5D4F245ABD08EC7A124F4B841 ft=1 fh=7539a155083a225f vn="Variante von Win32/FileTypeAssistant.A evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Gabi\Downloads\FreeFileViewerSetup.exe" sh=3AB435FCF59A46DF0272F814BF2020AF97063F31 ft=1 fh=14cbd1b40b619cb5 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Gabi\Downloads\FreemakeVideoConverterSetup.exe" sh=1766C79CA8A20B82C34BA1BA5BAAEB3A698526BA ft=1 fh=e63a415f32acf189 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Gabi\Downloads\FreeStudio.exe" sh=8B60106E155E5D494E19F4EBBE1235A3192A45BD ft=1 fh=f1be99378e868e35 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Gabi\Downloads\FreeVideoToFlashConverter.exe" sh=07EE3E60EC1B67CAF607C8F3A7D06A25BC3B9188 ft=1 fh=1b408f34e6ce86b7 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Gabi\Downloads\FreeVideoToMP3Converter5.0.32.1230.exe" sh=3ACF281884D8980B042A3E5B8CC35F3A4E12E5DE ft=1 fh=6f437b95318384a6 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Gabi\Downloads\FreeYouTubeDownload(1).exe" sh=3ACF281884D8980B042A3E5B8CC35F3A4E12E5DE ft=1 fh=6f437b95318384a6 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Gabi\Downloads\FreeYouTubeDownload(2).exe" sh=3ACF281884D8980B042A3E5B8CC35F3A4E12E5DE ft=1 fh=6f437b95318384a6 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Gabi\Downloads\FreeYouTubeDownload(3).exe" sh=3ACF281884D8980B042A3E5B8CC35F3A4E12E5DE ft=1 fh=6f437b95318384a6 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Gabi\Downloads\FreeYouTubeDownload(4).exe" sh=3ACF281884D8980B042A3E5B8CC35F3A4E12E5DE ft=1 fh=6f437b95318384a6 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Gabi\Downloads\FreeYouTubeDownload(5).exe" sh=8C153BD9AA9D3EE8DAF7C4223291526762706350 ft=1 fh=b4892d09c9365a50 vn="Variante von Win32/OpenCandy.A potenziell unsichere Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Gabi\Downloads\FreeYouTubeDownload(6).exe" sh=3ACF281884D8980B042A3E5B8CC35F3A4E12E5DE ft=1 fh=6f437b95318384a6 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Gabi\Downloads\FreeYouTubeDownload.exe" sh=EC38A071476860D3DA681052AF62B3BE377FEC73 ft=1 fh=68c299741b777df3 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Gabi\Downloads\FreeYouTubeToMP3Converter.exe" sh=F1FF4C66F2A78F9A8924ACA586194FE5ADAB95F1 ft=1 fh=eef64f293070a205 vn="Variante von Win32/InstallCore.AT evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Gabi\Downloads\MozillaFirefox-Setup-Yahoo!Edition.exe" sh=BBE22BFCCFA4F1925C27F15059218F8A4B317D79 ft=1 fh=1a5b77bbc2cc4044 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Gabi\Downloads\mp3Boy_Setup-Downloader.exe" sh=0F54393B810C70696781CFD0276C2F03458E7925 ft=1 fh=bdc70ffc8bcd907c vn="Variante von Win32/Adware.RegistryQuick Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Gabi\Downloads\RegistryQuick_setup.exe" sh=CB20DFD703B61B9470BBB3B1BE157D47A8C0849A ft=1 fh=63788d9fe9c2f077 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Gabi\Downloads\Shockwave_Installer_Slim(1).exe" sh=CB20DFD703B61B9470BBB3B1BE157D47A8C0849A ft=1 fh=63788d9fe9c2f077 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Gabi\Downloads\Shockwave_Installer_Slim(2).exe" sh=4867331E1509834282B9A6AEA88DA00ADE1BEAF9 ft=1 fh=fde805e1ec63c8e6 vn="Variante von Win32/Bundled.Toolbar.Google.C potenziell unsichere Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Gabi\Downloads\switchsetup.exe" sh=D06F678AD8F7484DFFDBBE9B800DDE3D13883096 ft=1 fh=d800ec798443bb76 vn="Variante von Win32/SlowPCfighter evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Gabi\Downloads\WinMaximizer.exe" sh=C0E28878041F7708BC82DD28153719E88A91C1BA ft=1 fh=0e746c2d3c3fdba6 vn="Variante von Win32/Systweak evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Gabi\Downloads\WinThruster_2013.exe" sh=331A922692EDD90B9E1368260F4F25B4CB25DDA3 ft=1 fh=df93e0f9bcb74eee vn="Variante von Win32/Downloader.JooSoft.A evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Gabi\Downloads\wmp11-windowsxp-x86-DE-DE(1).exe" sh=01139627DD8462E0CAEDF3531323925CAEA0CD16 ft=1 fh=1f6a5914bcb74eee vn="Variante von Win32/Downloader.JooSoft.A evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Gabi\Downloads\wmp11-windowsxp-x86-DE-DE.exe" sh=1B239A5C8B868F9BE8D85EB8FE5D94290B1098F6 ft=1 fh=9a4954e6f7732eeb vn="Variante von Win32/Bundled.Toolbar.Google.C potenziell unsichere Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Gabi\Downloads\wpsetup(1).exe" sh=1B239A5C8B868F9BE8D85EB8FE5D94290B1098F6 ft=1 fh=9a4954e6f7732eeb vn="Variante von Win32/Bundled.Toolbar.Google.C potenziell unsichere Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Gabi\Downloads\wpsetup(2).exe" sh=A981E3D6F03D3BD57D1472F33A4093A01533F8A8 ft=1 fh=7aaf7b3d0491af48 vn="Variante von MSIL/AdvancedSystemProtector.F evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Gabi\Downloads\wzmp_8.exe" sh=0B668FB944E12DF552E44B9081DCB9946DBCAEE4 ft=1 fh=66a967231e0799d1 vn="Variante von Win32/Systweak.H evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Advanced Driver Updater\adu.exe" sh=B9276CCB99D02DF2AB5E3B289230782ACE0901CE ft=0 fh=0000000000000000 vn="JS/GFilter.A Trojaner" ac=I fn="C:\Users\Gabi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihebkfpbjdbhbnekngbddmpomamehomf\2.1_0\g.js" sh=B9276CCB99D02DF2AB5E3B289230782ACE0901CE ft=0 fh=0000000000000000 vn="JS/GFilter.A Trojaner" ac=I fn="C:\Users\Gabi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhiphpjimdnggccdgbpbicflmkebpdao\2.1_0\g.js" sh=B9276CCB99D02DF2AB5E3B289230782ACE0901CE ft=0 fh=0000000000000000 vn="JS/GFilter.A Trojaner" ac=I fn="C:\Users\Gabi\AppData\Local\Google\Chrome\User Data\Default\Extensions\okbdeepkmkpfklcpjcfcfnekhdehnnjj\2.1_0\g.js" sh=0370B6AD0DBA8328E67A307235F717A3A1B22FA5 ft=1 fh=ad0a89014f15914b vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Gabi\AppData\LocalLow\DVDvideoSoft_2.0\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.8\bin\PriceGongIE.dll" sh=34FF8E2D281CBFECE71100A04C0FF4436818382E ft=1 fh=7b66b1ed06cb1b80 vn="Variante von Win64/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Gabi\AppData\LocalLow\DVDvideoSoft_2.0\hk64tbDVDv.dll" sh=AE7B8F3BB6E040CE20B02DE558471FAA4C58386E ft=1 fh=6a41a8d0046fd7b4 vn="Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Gabi\AppData\LocalLow\DVDvideoSoft_2.0\hktbDVDv.dll" sh=87BE5F13318AC3BA3F403A73E332E1784304C21D ft=1 fh=3e5cd6b65c184efc vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Gabi\AppData\LocalLow\DVDvideoSoft_2.0\ldrtbDVDv.dll" sh=1E6279D9317A709616211812CCA5AB8B26EB4AB2 ft=1 fh=dd2582521ac42eea vn="Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Gabi\AppData\LocalLow\DVDvideoSoft_2.0\tbDVDv.dll" sh=4D61862340A8C252665F1927CACB3038D474F2EA ft=1 fh=6d632a397799bb5e vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="C:\Users\Gabi\Documents\MAGIX Downloads\Installationsmanager\Foto_Grafik_Designer_9_DLV_de-DE_130611_10-14_9_1_2_28274.exe" sh=60C77FF66F63F585FCE95C78FF44B513E2AAB9F9 ft=1 fh=17494879e4339ab3 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung" ac=I fn="C:\Users\Gabi\Documents\ccsetup400.exe" sh=D0CE83917D9F3670BF8CCE801D4AFFB9B90ED2E8 ft=1 fh=3868d62c138980e6 vn="Variante von Win32/Toolbar.Conduit.H evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Gabi\Downloads\wpsetup\wpsetup.exe" sh=A0A0FFAF1199DF0D6D012403936E102804C09915 ft=1 fh=e0392d3244478bd1 vn="Variante von Win32/Downloader.JooSoft.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Gabi\Downloads\AdbeRdr1010_de_DE.exe" sh=8A3DA8FB53582A141FA6E789414FF85925FCB49B ft=1 fh=3d4517e6bcadc197 vn="Variante von Win32/Systweak.H evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Gabi\Downloads\adusetup_ashampoo(1).exe" sh=8A3DA8FB53582A141FA6E789414FF85925FCB49B ft=1 fh=3d4517e6bcadc197 vn="Variante von Win32/Systweak.H evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Gabi\Downloads\adusetup_ashampoo(2).exe" sh=8A3DA8FB53582A141FA6E789414FF85925FCB49B ft=1 fh=3d4517e6bcadc197 vn="Variante von Win32/Systweak.H evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Gabi\Downloads\adusetup_ashampoo(3).exe" sh=8A3DA8FB53582A141FA6E789414FF85925FCB49B ft=1 fh=3d4517e6bcadc197 vn="Variante von Win32/Systweak.H evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Gabi\Downloads\adusetup_ashampoo.exe" sh=523AC0C97F0CA0AABCEA49E382FA5875ECA22532 ft=1 fh=77b67014f90e4fbe vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Gabi\Downloads\AutoStitch Installer.exe" sh=33C156DAFA1DBE4B18D63F939808E66AA739DD4E ft=1 fh=f8e9d5f1e23b398c vn="Variante von MSIL/DownloadGuide.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Gabi\Downloads\AVSCoverEditor-Downloader.exe" sh=5F724434F8D9B3B4C2EAF89DA5832413F631260F ft=1 fh=c65a73dc622a46c5 vn="Variante von Win32/OpenCandy.A potenziell unsichere Anwendung" ac=I fn="C:\Users\Gabi\Downloads\BurnAwareFree-P21423-Setup.exe" sh=69FB071437A3FF3433496C9C3F03D11A11F23B07 ft=1 fh=1a690280c4a03c18 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Users\Gabi\Downloads\burnaware_free(1).exe" sh=69FB071437A3FF3433496C9C3F03D11A11F23B07 ft=1 fh=1a690280c4a03c18 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Users\Gabi\Downloads\burnaware_free(2).exe" sh=69FB071437A3FF3433496C9C3F03D11A11F23B07 ft=1 fh=1a690280c4a03c18 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Users\Gabi\Downloads\burnaware_free(3).exe" sh=EB48A11299E0F34EEDB37FC39D42AFBA99975719 ft=1 fh=2cfff8032124ba83 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Users\Gabi\Downloads\burnaware_free.exe" sh=9EBEEAD23C136B3C8E6CC0220B4F47C3D67B9B4D ft=1 fh=f7cfbc4528e170a2 vn="Win32/Bundled.Toolbar.Google.E potenziell unsichere Anwendung" ac=I fn="C:\Users\Gabi\Downloads\ccsetup324.exe" sh=3D84C7C0E316EAD02DD7A59E746EC798DAB8BC0C ft=1 fh=ce50a11e70bad71c vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung" ac=I fn="C:\Users\Gabi\Downloads\ccsetup328(1).exe" sh=99664055220D4F09E225DCCF4F182BD0B06B195F ft=1 fh=ecb8dbce1ac05612 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung" ac=I fn="C:\Users\Gabi\Downloads\ccsetup328.exe" sh=932E042070F1567ED5A116E98E3C04D7D07E0681 ft=1 fh=3bf8f6c29b1c29c3 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung" ac=I fn="C:\Users\Gabi\Downloads\ccsetup409.exe" sh=C8B96034415ABE6FDBA82FF60E8157E97DED8CC6 ft=1 fh=afea4f88be0404c6 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung" ac=I fn="C:\Users\Gabi\Downloads\ccsetup410pro.exe" sh=0D2AEDE3737ACD0D4701BA4F0CE0BEBF80124F8E ft=1 fh=c3a7601a9745b7e9 vn="Variante von Win32/Downloader.JooSoft.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Gabi\Downloads\Downloader_fuer_Adobe_Flash_Player_11.exe" sh=FDE3D7E13260CD75D7523F0B02BC06C16419C026 ft=1 fh=3918cb108fedf547 vn="Variante von Win32/Hao123.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Gabi\Downloads\FFSetup3.3.1.0.exe" sh=09E3EE81144BB6A313F1C30C7023FF769D58E6D5 ft=1 fh=8f036bf2e82b8625 vn="Variante von Win32/FileTypeAssistant.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Gabi\Downloads\FinalMediaPlayerSetup [1].exe" sh=4D0C46103536F5093C6C1899A94B334167B6E908 ft=1 fh=c71c00112c3d0546 vn="Variante von Win32/InstallCore.BY evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Gabi\Downloads\FinalMediaPlayerSetup.exe" sh=13C544B7DA0456DED2BFC12B0DBD1161DA40EC8F ft=1 fh=bc0c0ed0924d8ab6 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Users\Gabi\Downloads\FreeAudioConverter.exe" sh=28AD0E23DA209D15383FC55410949A8042DCA20E ft=1 fh=8b366d204d2ca43c vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Users\Gabi\Downloads\FreeAudioConverter5.0.32.1230.exe" sh=7B6D18765E8C2EA5D4F245ABD08EC7A124F4B841 ft=1 fh=7539a155083a225f vn="Variante von Win32/FileTypeAssistant.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Gabi\Downloads\FreeFileViewerSetup [1].exe" sh=7B6D18765E8C2EA5D4F245ABD08EC7A124F4B841 ft=1 fh=7539a155083a225f vn="Variante von Win32/FileTypeAssistant.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Gabi\Downloads\FreeFileViewerSetup.exe" sh=3AB435FCF59A46DF0272F814BF2020AF97063F31 ft=1 fh=14cbd1b40b619cb5 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Users\Gabi\Downloads\FreemakeVideoConverterSetup.exe" sh=1766C79CA8A20B82C34BA1BA5BAAEB3A698526BA ft=1 fh=e63a415f32acf189 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Users\Gabi\Downloads\FreeStudio.exe" sh=8B60106E155E5D494E19F4EBBE1235A3192A45BD ft=1 fh=f1be99378e868e35 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Users\Gabi\Downloads\FreeVideoToFlashConverter.exe" sh=07EE3E60EC1B67CAF607C8F3A7D06A25BC3B9188 ft=1 fh=1b408f34e6ce86b7 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Users\Gabi\Downloads\FreeVideoToMP3Converter5.0.32.1230.exe" sh=3ACF281884D8980B042A3E5B8CC35F3A4E12E5DE ft=1 fh=6f437b95318384a6 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Users\Gabi\Downloads\FreeYouTubeDownload(1).exe" sh=3ACF281884D8980B042A3E5B8CC35F3A4E12E5DE ft=1 fh=6f437b95318384a6 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Users\Gabi\Downloads\FreeYouTubeDownload(2).exe" sh=3ACF281884D8980B042A3E5B8CC35F3A4E12E5DE ft=1 fh=6f437b95318384a6 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Users\Gabi\Downloads\FreeYouTubeDownload(3).exe" sh=3ACF281884D8980B042A3E5B8CC35F3A4E12E5DE ft=1 fh=6f437b95318384a6 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Users\Gabi\Downloads\FreeYouTubeDownload(4).exe" sh=3ACF281884D8980B042A3E5B8CC35F3A4E12E5DE ft=1 fh=6f437b95318384a6 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Users\Gabi\Downloads\FreeYouTubeDownload(5).exe" sh=8C153BD9AA9D3EE8DAF7C4223291526762706350 ft=1 fh=b4892d09c9365a50 vn="Variante von Win32/OpenCandy.A potenziell unsichere Anwendung" ac=I fn="C:\Users\Gabi\Downloads\FreeYouTubeDownload(6).exe" sh=3ACF281884D8980B042A3E5B8CC35F3A4E12E5DE ft=1 fh=6f437b95318384a6 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Users\Gabi\Downloads\FreeYouTubeDownload.exe" sh=EC38A071476860D3DA681052AF62B3BE377FEC73 ft=1 fh=68c299741b777df3 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Users\Gabi\Downloads\FreeYouTubeToMP3Converter.exe" sh=F1FF4C66F2A78F9A8924ACA586194FE5ADAB95F1 ft=1 fh=eef64f293070a205 vn="Variante von Win32/InstallCore.AT evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Gabi\Downloads\MozillaFirefox-Setup-Yahoo!Edition.exe" sh=BBE22BFCCFA4F1925C27F15059218F8A4B317D79 ft=1 fh=1a5b77bbc2cc4044 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Gabi\Downloads\mp3Boy_Setup-Downloader.exe" sh=0F54393B810C70696781CFD0276C2F03458E7925 ft=1 fh=bdc70ffc8bcd907c vn="Variante von Win32/Adware.RegistryQuick Anwendung" ac=I fn="C:\Users\Gabi\Downloads\RegistryQuick_setup.exe" sh=CB20DFD703B61B9470BBB3B1BE157D47A8C0849A ft=1 fh=63788d9fe9c2f077 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung" ac=I fn="C:\Users\Gabi\Downloads\Shockwave_Installer_Slim(1).exe" sh=CB20DFD703B61B9470BBB3B1BE157D47A8C0849A ft=1 fh=63788d9fe9c2f077 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung" ac=I fn="C:\Users\Gabi\Downloads\Shockwave_Installer_Slim(2).exe" sh=4867331E1509834282B9A6AEA88DA00ADE1BEAF9 ft=1 fh=fde805e1ec63c8e6 vn="Variante von Win32/Bundled.Toolbar.Google.C potenziell unsichere Anwendung" ac=I fn="C:\Users\Gabi\Downloads\switchsetup.exe" sh=D06F678AD8F7484DFFDBBE9B800DDE3D13883096 ft=1 fh=d800ec798443bb76 vn="Variante von Win32/SlowPCfighter evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Gabi\Downloads\WinMaximizer.exe" sh=C0E28878041F7708BC82DD28153719E88A91C1BA ft=1 fh=0e746c2d3c3fdba6 vn="Variante von Win32/Systweak evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Gabi\Downloads\WinThruster_2013.exe" sh=331A922692EDD90B9E1368260F4F25B4CB25DDA3 ft=1 fh=df93e0f9bcb74eee vn="Variante von Win32/Downloader.JooSoft.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Gabi\Downloads\wmp11-windowsxp-x86-DE-DE(1).exe" sh=01139627DD8462E0CAEDF3531323925CAEA0CD16 ft=1 fh=1f6a5914bcb74eee vn="Variante von Win32/Downloader.JooSoft.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Gabi\Downloads\wmp11-windowsxp-x86-DE-DE.exe" sh=1B239A5C8B868F9BE8D85EB8FE5D94290B1098F6 ft=1 fh=9a4954e6f7732eeb vn="Variante von Win32/Bundled.Toolbar.Google.C potenziell unsichere Anwendung" ac=I fn="C:\Users\Gabi\Downloads\wpsetup(1).exe" sh=1B239A5C8B868F9BE8D85EB8FE5D94290B1098F6 ft=1 fh=9a4954e6f7732eeb vn="Variante von Win32/Bundled.Toolbar.Google.C potenziell unsichere Anwendung" ac=I fn="C:\Users\Gabi\Downloads\wpsetup(2).exe" sh=A981E3D6F03D3BD57D1472F33A4093A01533F8A8 ft=1 fh=7aaf7b3d0491af48 vn="Variante von MSIL/AdvancedSystemProtector.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Gabi\Downloads\wzmp_8.exe" sh=129C160A9EFDC0DFA369F49A43B062CCAF0F2162 ft=1 fh=c0a8075e318a7835 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll" sh=02382D0B4814A1E9F1F1C56896DFC4864677B1F8 ft=0 fh=0000000000000000 vn="JS/GFilter.A Trojaner" ac=I fn="C:\Windows\Installer\{26CBEE4A-5677-43D3-8396-967C3586A67E}\cbfcceanddjkajopbmadknohiibmckebhrx" sh=E8E4A46C02AE392DDA05CDCB368EDA5E3901557A ft=0 fh=0000000000000000 vn="Variante von Win32/Systweak.H evtl. unerwünschte Anwendung" ac=I fn="I:\GABI-DIETER\Backup Set 2014-02-04 210001\Backup Files 2014-02-04 225211\Backup files 10.zip" sh=4B4312F113A8D2C5F3451ECABEEDC019FCAA987F ft=0 fh=0000000000000000 vn="Win32/FileTypeAssistant.A evtl. unerwünschte Anwendung" ac=I fn="I:\GABI-DIETER\Backup Set 2014-02-04 210001\Backup Files 2014-02-04 225211\Backup files 14.zip" sh=8434F230B42DA117A468D4B9CED2621B099C7EF1 ft=0 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.A evtl. unerwünschte Anwendung" ac=I fn="I:\GABI-DIETER\Backup Set 2014-02-04 210001\Backup Files 2014-02-04 225211\Backup files 15.zip" sh=7DA1380BB695DD41C9C1200FFA4D200A1F0E0A28 ft=0 fh=0000000000000000 vn="Win32/SaveSense.A evtl. unerwünschte Anwendung" ac=I fn="I:\GABI-DIETER\Backup Set 2014-02-04 210001\Backup Files 2014-02-04 225211\Backup files 16.zip" sh=8B8FDA785BD185FC2BFC5C3595B5F79F2CD0E58A ft=0 fh=0000000000000000 vn="OSX/ChatZum.A evtl. unerwünschte Anwendung" ac=I fn="I:\GABI-DIETER\Backup Set 2014-02-04 210001\Backup Files 2014-02-08 213226\Backup files 1.zip" sh=A8578ADCAA795EA8C274B667976468918FF75BFC ft=0 fh=0000000000000000 vn="Win32/InstallCore.AZ evtl. unerwünschte Anwendung" ac=I fn="I:\GABI-DIETER\Backup Set 2014-02-04 210001\Backup Files 2014-02-08 213226\Backup files 10.zip" sh=ADEE02BECFF5457EEDA256ECDC57C8C830471D21 ft=0 fh=0000000000000000 vn="Variante von Win32/bProtector.H evtl. unerwünschte Anwendung" ac=I fn="I:\GABI-DIETER\Backup Set 2014-02-04 210001\Backup Files 2014-02-08 213226\Backup files 11.zip" sh=4E725EC2EF80C2E5137E3F27E068EF321A3FF551 ft=0 fh=0000000000000000 vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="I:\GABI-DIETER\Backup Set 2014-02-04 210001\Backup Files 2014-02-08 213226\Backup files 128.zip" sh=2A18B1A295A97B12FAAE245AF62B33EB0781B144 ft=0 fh=0000000000000000 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung" ac=I fn="I:\GABI-DIETER\Backup Set 2014-02-04 210001\Backup Files 2014-02-08 213226\Backup files 15.zip" sh=C2C9733A1A62E5ED9FFC43B9BFF74EF5B8933B04 ft=0 fh=0000000000000000 vn="MSIL/Solimba evtl. unerwünschte Anwendung" ac=I fn="I:\GABI-DIETER\Backup Set 2014-02-04 210001\Backup Files 2014-02-08 213226\Backup files 16.zip" sh=7F40D1BE460F4CD9947BA30C6C435313EF0BE3B3 ft=0 fh=0000000000000000 vn="Variante von Win32/Downloader.JooSoft.A evtl. unerwünschte Anwendung" ac=I fn="I:\GABI-DIETER\Backup Set 2014-02-04 210001\Backup Files 2014-02-08 213226\Backup files 19.zip" sh=FE24856E741E26F835EC7400C23D6011F8DBEA1F ft=0 fh=0000000000000000 vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="I:\GABI-DIETER\Backup Set 2014-02-04 210001\Backup Files 2014-02-08 213226\Backup files 20.zip" sh=43F5C9687CFCE09F6701C397B3BA57842369951C ft=0 fh=0000000000000000 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="I:\GABI-DIETER\Backup Set 2014-02-04 210001\Backup Files 2014-02-08 213226\Backup files 21.zip" sh=F44BA06939F819FE9E0D1C67131523C0ADEA2C86 ft=0 fh=0000000000000000 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="I:\GABI-DIETER\Backup Set 2014-02-04 210001\Backup Files 2014-02-08 213226\Backup files 22.zip" sh=A0D3BF697DB3939D3D1D03ACFEF95D8189660336 ft=0 fh=0000000000000000 vn="Variante von Win32/Downloader.JooSoft.A evtl. unerwünschte Anwendung" ac=I fn="I:\GABI-DIETER\Backup Set 2014-02-04 210001\Backup Files 2014-02-08 213226\Backup files 23.zip" sh=5F55016AE1CDE9334FA7518C3F4A28C9F47F452B ft=0 fh=0000000000000000 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="I:\GABI-DIETER\Backup Set 2014-02-04 210001\Backup Files 2014-02-08 213226\Backup files 24.zip" sh=F67A7C497C50E6A993FEFC1EE75EEF06A60FEAEB ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="I:\GABI-DIETER\Backup Set 2014-02-04 210001\Backup Files 2014-02-08 213226\Backup files 25.zip" sh=9623652A01E51EF39BF52ED6E3346FD884070367 ft=0 fh=0000000000000000 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="I:\GABI-DIETER\Backup Set 2014-02-04 210001\Backup Files 2014-02-08 213226\Backup files 26.zip" sh=E16F92540D10B89256FD83D9500195C7A80073F9 ft=0 fh=0000000000000000 vn="Variante von Win32/InstallCore.AT evtl. unerwünschte Anwendung" ac=I fn="I:\GABI-DIETER\Backup Set 2014-02-04 210001\Backup Files 2014-02-08 213226\Backup files 28.zip" sh=57A9CD094B47F3775CB450F93258A7AF8CF7EF9F ft=0 fh=0000000000000000 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung" ac=I fn="I:\GABI-DIETER\Backup Set 2014-02-04 210001\Backup Files 2014-02-08 213226\Backup files 30.zip" sh=71AA1AA9C6D1401DA87C2F82828349B93E6DABEC ft=0 fh=0000000000000000 vn="Variante von Win32/SoftonicDownloader.F evtl. unerwünschte Anwendung" ac=I fn="I:\GABI-DIETER\Backup Set 2014-02-04 210001\Backup Files 2014-02-08 213226\Backup files 31.zip" sh=246490FD9813A65B9D7381CD815378CF7942DF34 ft=0 fh=0000000000000000 vn="Variante von Win32/SlowPCfighter evtl. unerwünschte Anwendung" ac=I fn="I:\GABI-DIETER\Backup Set 2014-02-04 210001\Backup Files 2014-02-08 213226\Backup files 34.zip" sh=7FBD54C8FD252944B35C0DD3BFF0DBD1F739F9BF ft=0 fh=0000000000000000 vn="JS/GFilter.A Trojaner" ac=I fn="I:\GABI-DIETER\Backup Set 2014-02-04 210001\Backup Files 2014-02-08 213226\Backup files 5.zip" sh=D2BDDF00A4EEA7EA11394AF690C3A7D30359CA4D ft=0 fh=0000000000000000 vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="I:\GABI-DIETER\Backup Set 2014-02-04 210001\Backup Files 2014-02-08 213226\Backup files 6.zip" sh=4B649464C71575FE53F2F1D33999E72CA1231B55 ft=0 fh=0000000000000000 vn="Variante von Win32/Hao123.A evtl. unerwünschte Anwendung" ac=I fn="I:\GABI-DIETER\Backup Set 2014-02-04 210001\Backup Files 2014-02-08 213226\Backup files 86.zip" sh=9CD72C778DAC6487A422B2DD73E74B72175879ED ft=0 fh=0000000000000000 vn="OSX/ChatZum.A evtl. unerwünschte Anwendung" ac=I fn="I:\GABI-DIETER\Backup Set 2014-02-04 210001\Backup Files 2014-09-14 194814\Backup files 1.zip" sh=C87DB8C7B7A3394DEF404414A12F9F82FE8B3154 ft=0 fh=0000000000000000 vn="Variante von Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="I:\GABI-DIETER\Backup Set 2014-02-04 210001\Backup Files 2014-09-14 194814\Backup files 12.zip" sh=60B59526F9ED83F54D59F84F6C3922E9CE8686BE ft=0 fh=0000000000000000 vn="JS/GFilter.A Trojaner" ac=I fn="I:\GABI-DIETER\Backup Set 2014-02-04 210001\Backup Files 2014-09-14 194814\Backup files 18.zip" sh=C3B531821AE6B08A31D12F1009E6222A078FE15C ft=0 fh=0000000000000000 vn="Variante von Win32/DealPly.M evtl. unerwünschte Anwendung" ac=I fn="I:\GABI-DIETER\Backup Set 2014-02-04 210001\Backup Files 2014-09-14 194814\Backup files 20.zip" sh=0106C8E3000B58AA966129A4BC5FFEBDCCE191BA ft=0 fh=0000000000000000 vn="Variante von Win32/Systweak.H evtl. unerwünschte Anwendung" ac=I fn="I:\GABI-DIETER\Backup Set 2014-02-04 210001\Backup Files 2014-09-14 194814\Backup files 5.zip" sh=73A4C1AF826D9217DCAB34B91AB2FF48A4E25FB2 ft=0 fh=0000000000000000 vn="Win32/FileTypeAssistant.A evtl. unerwünschte Anwendung" ac=I fn="I:\GABI-DIETER\Backup Set 2014-02-04 210001\Backup Files 2014-09-14 194814\Backup files 9.zip" Code:
ATTFilter Results of screen317's Security Check version 0.99.87 Windows 7 Service Pack 1 x64 (UAC is disabled!) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Kaspersky Internet Security Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Java 7 Update 60 Java version out of Date! Adobe Flash Player 15.0.0.152 Adobe Reader XI Mozilla Firefox (32.0.3) Mozilla Thunderbird (24.6.0) ````````Process Check: objlist.exe by Laurent```````` Kaspersky Lab Kaspersky Internet Security 14.0.0 avp.exe Kaspersky Lab Kaspersky Internet Security 14.0.0 avpui.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-10-2014 02 Ran by Gabi (administrator) on GABI-DIETER on 13-10-2014 12:36:04 Running from C:\Users\Gabi\Downloads Loaded Profiles: Gabi & _ocster_backup_ (Available profiles: Gabi & _ocster_backup_) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe (Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Logitech Inc.) C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe () C:\Program Files\Ocster Backup\bin\backupService-ox.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe () C:\oracle10g\bin\TNSLSNR.EXE (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe () C:\Program Files\Ocster Backup\bin\backupClient-ox.exe (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe () C:\Program Files\Rainlendar2\Rainlendar2.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Oracle Corporation) C:\oracle10g\bin\oracle.exe (TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe () C:\Program Files\Ocster Backup\bin\oxHelper.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe () C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 10\LiveTunerService.exe () C:\Program Files\Ocster Backup\bin\oxHelper.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2460488 2014-09-17] (NVIDIA Corporation) HKLM\...\Run: [Ocster Backup] => C:\Program Files\Ocster Backup\bin\backupClient-ox.exe [312664 2014-02-04] () HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2249352 2013-06-27] (Microsoft Corp.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation) Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) HKU\S-1-5-21-3834002493-4226875369-3535069347-1000\...\Run: [Rainlendar2] => C:\Program Files\Rainlendar2\Rainlendar2.exe [3666944 2011-01-06] () HKU\S-1-5-21-3834002493-4226875369-3535069347-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd) Startup: C:\Users\Gabi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled () Startup: C:\Users\Gabi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk ShortcutTarget: Logitech . Produktregistrierung.lnk -> C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyServer: 127.0.0.1:8897 HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x42F9AB638C96CA01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.t-online.de/ URLSearchHook: HKLM-x32 - (No Name) - {04a8dd1a-4754-48fe-a703-99846646ef04} - No File StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKCU - F04F7B247D844F0287D289AC70C8FE43 URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3322287&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP14A054C4-1B01-4318-9C92-BF4D53219F89&q={searchTerms}&SSPV= SearchScopes: HKCU - {323B7DAE-1CB5-481C-9BF2-D059761CC05E} URL = hxxp://www.suchen.de/lokal?q={searchTerms}&partnerid=244&radius=10&sort=relevance&fedsearch=true SearchScopes: HKCU - {435E3E38-6768-4A61-81F0-266E2A1C793A} URL = hxxp://suche.t-online.de/fast-cgi/tsc?mandant=toi&device=html&portallanguage=de&userlanguage=de&dia=suche&context=wiki-tab&tpc=internet&ptl=std&classification=wiki-tab_internet_std&q={searchTerms}&br=ie10-toi SearchScopes: HKCU - {6408E1C5-FE7B-47BD-B907-6CBDC0CEA64E} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=interactivemesuche-21&index=blended&linkCode=ur2&camp=1638&creative=6742 SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKCU - {7FD7B429-EAF3-492F-9D0C-0F4DB93D2FE1} URL = hxxp://rover.ebay.com/rover/1/707-1403-27640-2/4?mpre=hxxp://search.ebay.de/search/search.dll?shortcut=4&query={searchTerms} SearchScopes: HKCU - {A8D32726-9FA5-4283-9A9F-4C9DB061ACE5} URL = hxxp://dict.leo.org/ende?lp=ende&lang=de&searchLoc=0&cmpType=relaxed§Hdr=on&spellToler=on&chinese=both&pinyin=diacritic&search={searchTerms}&relink=on SearchScopes: HKCU - {CC87724D-C5C9-4A4D-8650-67BCA2BDC37E} URL = hxxp://www.dict.cc/?s={searchTerms} BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKCU - No Name - {04A8DD1A-4754-48FE-A703-99846646EF04} - No File DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - No File Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\syswow64\urlmon.dll (Microsoft Corporation) Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\..\Interfaces\{11342DE6-C338-47B7-97FF-6E33D142D8E3}: [NameServer] 217.0.43.81 217.0.43.65 FireFox: ======== FF ProfilePath: C:\Users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\ugcbk2y8.default FF DefaultSearchEngine: Yahoo FF Homepage: hxxp://www.t-online.de/ FF Keyword.URL: hxxp://www.google.de/search?hl=de&gl=de&lr=&ie=UTF-8&oe=UTF-8&meta=lr=lang_de&q= FF NetworkProxy: "autoconfig_url", "hxxp://filepony.de/" FF NetworkProxy: "http", "127.0.0.1" FF NetworkProxy: "http_port", 8897 FF NetworkProxy: "no_proxies_on", "localhost,127.0.0.1" FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll () FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3522.0110 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\ugcbk2y8.default\searchplugins\google-default.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: ColorfulTabs - C:\Users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\ugcbk2y8.default\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2014-09-24] FF HKLM-x32\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox FF Extension: Freemake Video Converter Plugin - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox [2013-10-20] FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com FF Extension: 卡巴斯基網址顧問 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-01-30] FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com FF Extension: 虛擬鍵盤 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-01-30] FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com FF Extension: 惡意網站攔截器 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-01-30] FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-01-30] FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-01-30] FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-02-26] Chrome: ======= CHR Profile: C:\Users\Gabi\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Download Protect) - C:\Users\Gabi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihebkfpbjdbhbnekngbddmpomamehomf [2014-01-30] CHR Extension: (Download Protect) - C:\Users\Gabi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhiphpjimdnggccdgbpbicflmkebpdao [2013-11-14] CHR Extension: (Download Protect) - C:\Users\Gabi\AppData\Local\Google\Chrome\User Data\Default\Extensions\okbdeepkmkpfklcpjcfcfnekhdehnnjj [2014-03-11] CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [] CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-10-17] CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2013-10-17] CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-10-17] CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-10-17] CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-10-17] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO) R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-27] (Microsoft Corp.) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-09-17] (NVIDIA Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-09-17] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19439944 2014-09-17] (NVIDIA Corporation) R2 ocster_backup; c:\Program Files\Ocster Backup\bin\backupService-ox.exe [23896 2014-02-04] () S4 OracleDBConsoleSatdb10g; C:\oracle10g\bin\nmesrvc.exe [24064 2006-11-14] (Oracle Corporation) [File not signed] S4 OracleJobSchedulerSATDB10G; c:\oracle10g\Bin\extjob.exe [102400 2006-11-16] () [File not signed] S4 OracleORACLE_Home10giSQL*Plus; C:\oracle10g\bin\isqlplussvc.exe [53248 2006-10-12] (Oracle) [File not signed] R2 OracleServiceSATDB10G; c:\oracle10g\bin\ORACLE.EXE [60059648 2011-03-16] (Oracle Corporation) [File not signed] R2 WO_LiveService; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 10\LiveTunerService.exe [885096 2013-11-19] () R2 OracleORACLE_Home10gTNSListener; C:\oracle10g\BIN\TNSLSNR [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-11-11] (AVG Technologies) S3 GrabsterSeries.C64; C:\Windows\System32\DRIVERS\GrabsterSeries.C64.SYS [262208 2010-01-22] () S3 HWHandSet; C:\Windows\System32\DRIVERS\hw_quusbmdm.sys [223232 2011-10-24] (Huawei Technologies Co., Ltd.) U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2011-10-24] (Huawei Technologies Co., Ltd.) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-01-30] (Kaspersky Lab ZAO) S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-03-20] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-03-20] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-17] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-02-12] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2014-01-30] (Kaspersky Lab ZAO) R2 LiveTunerPM; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 10\LiveTunerProcessMonitor64.sys [12824 2011-03-08] () R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] () S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] () S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-10-11] (Malwarebytes Corporation) S3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [15680 2006-10-31] () R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19272 2014-09-17] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation) R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [34544 2013-10-25] (Synaptics Incorporated) S1 StarOpen; No ImagePath S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 cpuz132; \??\C:\Users\Gabi\AppData\Local\Temp\cpuz132\cpuz132_x64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-13 12:35 - 2014-10-13 12:35 - 00000000 ____D () C:\Users\Gabi\Downloads\FRST-OlderVersion 2014-10-13 12:25 - 2014-10-13 12:25 - 00000957 _____ () C:\Users\Gabi\Desktop\checkup.txt 2014-10-13 12:20 - 2014-10-13 12:20 - 00854417 _____ () C:\Users\Gabi\Downloads\SecurityCheck.exe 2014-10-12 22:47 - 2014-10-12 22:47 - 00001568 _____ () C:\Users\Gabi\Desktop\iexplore.exe.lnk 2014-10-12 22:41 - 2014-10-12 22:41 - 02347384 _____ (ESET) C:\Users\Gabi\Downloads\esetsmartinstaller_deu.exe 2014-10-12 21:07 - 2014-10-12 21:07 - 00001194 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-10-12 21:07 - 2014-10-12 21:07 - 00001194 _____ () C:\ProgramData\Desktop\Mozilla Firefox.lnk 2014-10-12 20:43 - 2014-10-12 20:44 - 00001383 _____ () C:\Windows\IE10_main.log 2014-10-11 18:07 - 2014-10-11 18:07 - 00048043 _____ () C:\Users\Gabi\Desktop\FRST-11-10.txt 2014-10-11 18:04 - 2014-10-11 18:04 - 00002734 _____ () C:\Users\Gabi\Desktop\JRT.txt 2014-10-11 17:58 - 2014-10-11 17:58 - 00000000 ____D () C:\Windows\ERUNT 2014-10-11 17:57 - 2014-10-11 17:57 - 01705755 _____ (Thisisu) C:\Users\Gabi\Downloads\JRT.exe 2014-10-11 17:51 - 2014-10-11 17:51 - 00012164 _____ () C:\Users\Gabi\Desktop\AdwCleaner[S1].txt 2014-10-11 17:44 - 2014-10-11 17:44 - 01375089 _____ () C:\Users\Gabi\Downloads\AdwCleaner_3.311(1).exe 2014-10-11 17:40 - 2014-10-11 17:40 - 01375089 _____ () C:\Users\Gabi\Downloads\AdwCleaner_3.311.exe 2014-10-11 17:33 - 2014-10-11 17:33 - 00099000 _____ () C:\Users\Gabi\Desktop\mbam.xml 2014-10-11 15:56 - 2014-10-11 17:10 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys 2014-10-11 15:25 - 2014-10-11 17:33 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-10-11 15:25 - 2014-10-11 17:20 - 00001149 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-10-11 15:25 - 2014-10-11 17:20 - 00001149 _____ () C:\ProgramData\Desktop\ Malwarebytes Anti-Malware .lnk 2014-10-11 15:25 - 2014-10-11 17:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-10-11 15:25 - 2014-10-11 17:20 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-10-11 15:25 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-10-11 15:25 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-10-11 15:25 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-10-11 15:24 - 2014-10-11 15:24 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Gabi\Downloads\mbam-setup-2.0.2.1012(1).exe 2014-10-09 22:59 - 2014-10-09 22:59 - 00045453 _____ () C:\Users\Gabi\Desktop\Combofix.txt 2014-10-09 22:58 - 2014-10-09 22:58 - 00045453 _____ () C:\ComboFix.txt 2014-10-09 22:31 - 2014-10-09 22:58 - 00000000 ____D () C:\ComboFix 2014-10-09 22:31 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-10-09 22:31 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-10-09 22:31 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-10-09 22:31 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-10-09 22:31 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-10-09 22:31 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe 2014-10-09 22:31 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe 2014-10-09 22:31 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe 2014-10-09 22:29 - 2014-10-09 22:58 - 00000000 ____D () C:\Qoobox 2014-10-09 22:29 - 2014-10-09 22:54 - 00000000 ____D () C:\Windows\erdnt 2014-10-09 22:27 - 2014-10-09 22:28 - 05582481 ____R (Swearware) C:\Users\Gabi\Downloads\ComboFix.exe 2014-10-08 18:21 - 2014-10-08 18:21 - 00023688 _____ () C:\Users\Gabi\Desktop\GMER-1.txt 2014-10-08 18:11 - 2014-10-08 18:11 - 00380416 _____ () C:\Users\Gabi\Downloads\Gmer-19357(2).exe 2014-10-08 18:09 - 2014-10-08 18:09 - 00380416 _____ () C:\Users\Gabi\Downloads\Gmer-19357(1).exe 2014-10-07 22:13 - 2014-10-07 22:13 - 00050468 _____ () C:\Users\Gabi\Desktop\FRST-2.txt 2014-10-07 22:12 - 2014-10-07 22:12 - 00060408 _____ () C:\Users\Gabi\Desktop\Addition-1.txt 2014-10-07 22:08 - 2014-10-07 22:08 - 00050320 _____ () C:\Users\Gabi\Desktop\FRST-1.txt 2014-10-07 21:32 - 2014-10-12 23:05 - 00004379 _____ () C:\Windows\setupact.log 2014-10-07 21:32 - 2014-10-12 22:52 - 00109262 _____ () C:\Windows\PFRO.log 2014-10-07 21:32 - 2014-10-07 21:32 - 00000000 _____ () C:\Windows\setuperr.log 2014-10-07 21:18 - 2014-10-11 17:53 - 00000193 _____ () C:\Windows\WORDPAD.INI 2014-10-07 21:11 - 2014-10-07 21:11 - 00014641 _____ () C:\Users\Gabi\Desktop\Gmer.txt 2014-10-07 21:03 - 2014-10-07 21:03 - 00380416 _____ () C:\Users\Gabi\Downloads\Gmer-19357.exe 2014-10-07 21:01 - 2014-10-07 21:01 - 00050238 _____ () C:\Users\Gabi\Desktop\FRST.txt 2014-10-07 21:00 - 2014-10-07 21:00 - 00060991 _____ () C:\Users\Gabi\Desktop\Addition.txt 2014-10-07 20:57 - 2014-10-07 22:12 - 00060408 _____ () C:\Users\Gabi\Downloads\Addition.txt 2014-10-07 20:56 - 2014-10-13 12:36 - 00025037 _____ () C:\Users\Gabi\Downloads\FRST.txt 2014-10-07 20:56 - 2014-10-13 12:36 - 00000000 ____D () C:\FRST 2014-10-07 20:54 - 2014-10-13 12:35 - 02110464 _____ (Farbar) C:\Users\Gabi\Downloads\FRST64.exe 2014-10-07 20:49 - 2014-10-07 22:03 - 00000470 _____ () C:\Users\Gabi\Downloads\defogger_disable.log 2014-10-07 20:48 - 2014-10-07 20:48 - 00050477 _____ () C:\Users\Gabi\Downloads\Defogger.exe 2014-10-07 20:42 - 2014-10-07 20:44 - 00000000 _____ () C:\Users\Gabi\defogger_reenable 2014-10-07 17:28 - 2014-10-07 18:01 - 00000000 ____D () C:\Program Files (x86)\ReQuick 2014-10-07 17:26 - 2014-10-07 17:26 - 01220954 _____ (My Company, Inc. ) C:\Users\Gabi\Downloads\RegistryQuick_setup.exe 2014-10-06 11:09 - 2014-10-06 11:09 - 00003266 _____ () C:\Windows\System32\Tasks\{E6DCEF3E-6A5E-4CE0-AD4B-9DD326E93E71} 2014-10-06 10:44 - 2014-10-06 10:44 - 00001311 _____ () C:\Users\Gabi\Desktop\Revo Uninstaller.lnk 2014-10-06 10:44 - 2014-10-06 10:44 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-10-06 10:42 - 2014-10-06 10:43 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Gabi\Downloads\revosetup95.exe 2014-10-05 22:39 - 2014-10-05 22:39 - 04964600 _____ (Piriform Ltd) C:\Users\Gabi\Downloads\ccsetup418pro.exe 2014-10-05 10:36 - 2014-10-05 10:36 - 00011426 _____ () C:\Users\Gabi\Documents\cc_20141005_103621.reg 2014-10-04 20:26 - 2014-10-04 20:26 - 06669808 _____ (Burnaware ) C:\Users\Gabi\Downloads\BurnAwareFree-P21423-Setup.exe 2014-10-03 19:37 - 2014-10-09 22:25 - 00000000 ____D () C:\Users\Gabi\AppData\Roaming\0F1L1I1PtF1F1C1N 2014-10-03 19:36 - 2014-10-03 19:36 - 01898640 _____ (Irfan Skiljan) C:\Users\Gabi\Downloads\IrfanView-P1683-Setup.exe 2014-09-30 20:39 - 2014-09-25 04:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2014-09-30 20:39 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll 2014-09-23 20:42 - 2014-09-10 00:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-09-23 20:42 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2014-09-19 21:28 - 2014-09-17 04:13 - 01291280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll 2014-09-19 21:28 - 2014-09-17 04:12 - 01715224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll 2014-09-19 21:28 - 2014-09-04 21:14 - 00038048 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys 2014-09-19 21:28 - 2014-09-04 21:14 - 00032416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll 2014-09-14 00:01 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-09-14 00:01 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-09-14 00:01 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-09-14 00:01 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-09-14 00:01 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-09-14 00:01 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-09-14 00:01 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-09-14 00:01 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-09-14 00:01 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-09-14 00:01 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-09-14 00:01 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-09-14 00:01 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-09-14 00:01 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-09-14 00:01 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-09-14 00:01 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-09-14 00:01 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-09-14 00:01 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-09-14 00:01 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-09-14 00:01 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-09-14 00:01 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-09-14 00:01 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-09-14 00:01 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-09-14 00:01 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-09-14 00:01 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-09-14 00:01 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-09-14 00:01 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-09-14 00:01 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-09-14 00:01 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-09-14 00:01 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-09-14 00:01 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-09-14 00:01 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-09-14 00:01 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-09-14 00:01 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-09-14 00:01 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-09-14 00:01 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-09-14 00:01 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-09-14 00:01 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-09-14 00:01 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-09-14 00:01 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-09-14 00:01 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-09-14 00:01 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-09-14 00:01 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-09-14 00:01 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-09-14 00:01 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-09-14 00:01 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-09-14 00:01 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-09-14 00:01 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-09-14 00:01 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-09-14 00:01 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-09-14 00:01 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-09-14 00:01 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-09-14 00:01 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-09-14 00:01 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-09-14 00:01 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-09-14 00:01 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-09-14 00:01 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-09-13 23:47 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll 2014-09-13 23:47 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll 2014-09-13 14:27 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll 2014-09-13 14:27 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll 2014-09-13 14:27 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2014-09-13 14:27 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll 2014-09-13 14:26 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-09-13 14:26 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-09-13 14:26 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-09-13 14:26 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-09-13 14:26 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-09-13 14:25 - 2014-09-05 04:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-09-13 14:25 - 2014-09-05 04:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-09-13 14:25 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-09-13 14:25 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2014-09-13 14:25 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-13 12:26 - 2010-01-14 12:56 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2014-10-13 12:18 - 2010-02-25 00:24 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-10-13 11:59 - 2012-04-02 19:52 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-10-13 10:45 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing 2014-10-13 10:03 - 2010-01-15 19:07 - 01612614 _____ () C:\Windows\WindowsUpdate.log 2014-10-13 06:55 - 2009-07-14 06:45 - 00023392 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-10-13 06:55 - 2009-07-14 06:45 - 00023392 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-10-12 23:08 - 2009-07-14 19:58 - 00703028 _____ () C:\Windows\system32\perfh007.dat 2014-10-12 23:08 - 2009-07-14 19:58 - 00150686 _____ () C:\Windows\system32\perfc007.dat 2014-10-12 23:08 - 2009-07-14 07:13 - 01629690 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-10-12 22:54 - 2011-01-26 19:26 - 00000000 ____D () C:\Users\Gabi\.rainlendar2 2014-10-12 22:53 - 2010-02-25 00:24 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-10-12 22:53 - 2010-01-20 20:47 - 00065536 _____ () C:\Windows\system32\Ikeext.etl 2014-10-12 22:52 - 2010-03-09 21:22 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs 2014-10-12 22:52 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-10-12 22:24 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-10-12 20:47 - 2014-03-04 14:56 - 00001428 _____ () C:\Users\Gabi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-10-12 20:28 - 2010-01-14 14:54 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-10-12 18:50 - 2013-01-29 23:15 - 00003938 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{8C748547-F3A4-4FAD-B6F5-B8876C02A981} 2014-10-11 17:46 - 2014-03-10 13:04 - 00000000 ____D () C:\Users\Gabi\AppData\Roaming\Common 2014-10-11 17:46 - 2014-02-05 17:01 - 00000000 ____D () C:\AdwCleaner 2014-10-11 17:46 - 2010-01-15 19:16 - 00000000 ____D () C:\Users\Gabi 2014-10-09 22:58 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default 2014-10-09 22:49 - 2009-07-14 04:34 - 00000248 _____ () C:\Windows\system.ini 2014-10-09 22:47 - 2014-02-23 12:29 - 00000000 ____D () C:\Users\_ocster_backup_ 2014-10-09 22:45 - 2009-07-14 04:34 - 85983232 _____ () C:\Windows\system32\config\software.bak 2014-10-09 22:45 - 2009-07-14 04:34 - 25690112 _____ () C:\Windows\system32\config\system.bak 2014-10-09 22:45 - 2009-07-14 04:34 - 01310720 _____ () C:\Windows\system32\config\default.bak 2014-10-09 22:45 - 2009-07-14 04:34 - 00057344 _____ () C:\Windows\system32\config\sam.bak 2014-10-09 22:45 - 2009-07-14 04:34 - 00032768 _____ () C:\Windows\system32\config\security.bak 2014-10-09 22:23 - 2014-01-20 22:49 - 00000000 ____D () C:\Users\Gabi\AppData\Roaming\1O1L1I1PtF1F1C1N 2014-10-08 20:34 - 2014-02-08 21:34 - 00000288 _____ () C:\Windows\Tasks\AdvancedDriverUpdater_UPDATES.job 2014-10-08 16:52 - 2014-02-06 20:35 - 00000000 ____D () C:\Windows\pss 2014-10-06 21:46 - 2010-01-14 13:42 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-10-06 21:46 - 2006-11-03 14:39 - 00000000 ____D () C:\Users\Gabi\Documents\MP600 2014-10-06 20:45 - 2014-02-14 22:12 - 00002996 _____ () C:\Windows\System32\Tasks\{A8D91B62-F815-4F1D-A2DB-5D26AE327BC2} 2014-10-06 20:44 - 2014-02-14 22:12 - 00002996 _____ () C:\Windows\System32\Tasks\{E02CA656-60DC-425D-AABD-242A412B746E} 2014-10-06 20:44 - 2011-02-10 18:36 - 00003012 _____ () C:\Windows\System32\Tasks\{EE0E0267-9856-43FB-B84C-E310DC9A0704} 2014-10-06 20:44 - 2011-02-10 18:35 - 00003012 _____ () C:\Windows\System32\Tasks\{F3401210-6A4F-4340-8F3E-AB35C777A196} 2014-10-06 20:41 - 2014-02-14 22:13 - 00002996 _____ () C:\Windows\System32\Tasks\{2144E255-C3B4-470C-BDB5-929B9E4FF282} 2014-10-06 20:41 - 2014-02-14 22:12 - 00002996 _____ () C:\Windows\System32\Tasks\{1978A92C-F1CC-4F1D-864F-81F946E1AE1A} 2014-10-05 22:41 - 2012-11-03 12:56 - 00000825 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-10-05 22:41 - 2012-11-03 12:56 - 00000825 _____ () C:\ProgramData\Desktop\CCleaner.lnk 2014-10-05 22:41 - 2012-11-03 12:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2014-10-05 22:41 - 2012-11-03 12:56 - 00000000 ____D () C:\Program Files\CCleaner 2014-10-04 21:13 - 2014-03-04 20:51 - 00001194 _____ () C:\Users\Public\Desktop\Internet.lnk 2014-10-04 21:13 - 2014-03-04 20:51 - 00001194 _____ () C:\ProgramData\Desktop\Internet.lnk 2014-10-04 21:00 - 2013-03-19 22:30 - 00000000 ____D () C:\Users\Gabi\AppData\Local\Ocster Backup 2014-10-04 20:45 - 2014-06-17 11:57 - 00000000 ____D () C:\Users\Gabi\AppData\Roaming\Nico Mak Computing 2014-10-04 20:43 - 2014-03-04 20:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-10-03 19:38 - 2011-10-10 09:59 - 00001937 _____ () C:\Users\Gabi\Desktop\IrfanView Thumbnails.lnk 2014-10-03 19:38 - 2010-01-18 21:26 - 00001045 _____ () C:\Users\Gabi\Desktop\IrfanView.lnk 2014-10-02 08:13 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-09-30 10:33 - 2011-03-21 15:23 - 00053248 _____ () C:\Users\Gabi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-09-26 10:52 - 2012-04-24 21:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-09-24 20:59 - 2012-04-02 19:52 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-09-24 20:59 - 2012-04-02 19:52 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-09-24 20:59 - 2011-09-11 20:39 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-09-22 09:53 - 2010-01-18 11:17 - 00000000 ____D () C:\Users\Gabi\Dieter 2014-09-21 17:53 - 2010-01-17 12:17 - 00000000 ____D () C:\Users\Gabi\AppData\Roaming\Adobe 2014-09-19 22:43 - 2010-03-10 12:39 - 00000000 ____D () C:\Users\Gabi\AppData\Roaming\Skype 2014-09-19 21:43 - 2014-01-30 20:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2014-09-19 21:43 - 2010-01-14 13:42 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation 2014-09-19 21:29 - 2010-01-14 12:54 - 00000000 ____D () C:\Program Files\NVIDIA Corporation 2014-09-17 04:13 - 2014-01-30 20:31 - 02193560 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll 2014-09-17 04:12 - 2014-01-30 20:31 - 02799784 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll 2014-09-16 19:30 - 2013-03-13 22:44 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-09-15 09:06 - 2010-01-16 11:19 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-09-14 09:12 - 2009-07-14 06:45 - 00379408 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-09-14 00:00 - 2014-01-16 13:28 - 01603034 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-09-13 23:58 - 2013-07-12 22:06 - 00000000 ____D () C:\Windows\system32\MRT 2014-09-13 23:48 - 2010-01-18 15:23 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-09-13 23:47 - 2014-05-06 11:51 - 00000000 ___SD () C:\Windows\system32\CompatTel Files to move or delete: ==================== C:\Users\Gabi\SSBCUninstall.exe C:\Users\Gabi\SSSDUninstall.exe C:\Users\Gabi\SS_Uninstall.exe C:\Users\Gabi\Start Ashampoo UnInstaller 5.bat Some content of TEMP: ==================== C:\Users\Gabi\AppData\Local\temp\Quarantine.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-02-21 19:39 ==================== End Of Log ============================ --- --- --- |
14.10.2014, 08:06 | #13 |
/// the machine /// TB-Ausbilder | Optimizer Pro v3.2 incl. Crash Monitor enfernen Java updaten. Alle Backups auf Laufwerk I löschen. Download Ordner leeren. Noch probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
15.10.2014, 19:32 | #14 |
| Optimizer Pro v3.2 incl. Crash Monitor enfernen Hallo Schrauber, vielen, vielen Dank für die zielstregige Unterstützung. Selten habe ich in einem Forum dergleichen erlebt. Ich werde jetzt entsprechend deines Hinweises die Backups im LW I löschen und den Downloadordner leeren. Kann ich davon ausgehen, dass damit das von mir gesetzte Thema abgeschlossen ist? Nochmals herzlichen Dank. Grüße Thomas_5 Hallo Schrauber, nun habe ich doch noch eine Frage. Ich habe den Downloadordner komplett gelöscht bis auf vier unten genannten Dateien. Hier kommt der Hinweis:"Das Element wurde nicht gefunden. Es befindet sich nicht mehr in C:\Benutzer\ ... \Downloads. Überprüfen Sie den Ort des Elements und wiederholen Sie den Vorgang." Ich finde diese Dateien nicht mehr auf dem PC. Was kann/muss ich tun um diese Einträge zu löschen?? 2011-11-10-1201790136_04-RG.PDF 2011-10-11-1191347648_04-RG.PDF 2011-09-12-1180996156_04-RG(1).PDF 2011-09-12-1180996156_04-RG.PDF Gruß Thomas_5 |
16.10.2014, 16:08 | #15 |
/// the machine /// TB-Ausbilder | Optimizer Pro v3.2 incl. Crash Monitor enfernen UNd wo genau siehst du die Dateien dann?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |