| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: gefälschte Vodafone-RechnungWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
10.11.2014, 15:20
| #1 |
 |  gefälschte Vodafone-Rechnung Hallo Ich habe heute eine gefälschte Vodafone-Rechnung erhalten: Ihre neue Rechnung als PDF Ihre Kundennummer: 24862224 10.11.2014 Guten Tag! Ihre Rechnung vom 10.11.2014 ist hier im Anhang als PDF-Datei für Sie. Falls Sie die Datei auf Ihrem Handy nicht öffnen können, versuchen Sie es bitte an Ihrem PC. Ihre neue Rechnung als PDF, 2452824_M_24528242_L_24_8622.pdf. Die Gesamtsumme beträgt 324,98 Euro und ist am 17.11.2014 fällig Jetzt noch übersichtlicher: Ihre Online-Rechnung im neuen Design. Sie finden Ihre Rechnung in MeinVodafone unter Rechnung > Aktuelle Rechnung. Dort können Sie Ihre Rechnung auch als PDF herunterladen und drucken. Ihre Rechnungen der letzten 24 Monate finden Sie unter "Alle Rechnungen". Viele freundliche Grüße Ihr Vodafone-Team Dummerweise habe ich den Link sowohl auf meinem PC als auch auf meinem Smartphone angeklickt. Geöffnet wurde nichts. Mein Virenscanner von Avira hat nichts gemeldet. Wie kann ich feststellen, ob meine Rechner nicht doch befallen wurden. Danke für die Hilfe |
|
10.11.2014, 15:23
| #2 |
| /// the machine /// TB-Ausbilder    | gefälschte Vodafone-Rechnung hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
10.11.2014, 17:37
| #3 |
| | gefälschte Vodafone-RechnungFRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-11-2014 01
Ran by Max Mengelberg (administrator) on CAD4 on 10-11-2014 16:19:03
Running from C:\Users\Max Mengelberg\Downloads
Loaded Profile: Max Mengelberg (Available profiles: Max Mengelberg)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvwmi64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvwmi64.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(O2Micro International) C:\Windows\System32\drivers\o2flash.exe
() C:\Windows\SysWOW64\srvany.exe
(O2Micro.) C:\Windows\SysWOW64\SDIOAssist.exe
() C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
() C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
(Dell Computer Corporation) C:\dell\DBRM\Reminder\DbrmTrayicon.exe
(Tobit.Software) C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
({StringFileInfo_CompanyName}) C:\Program Files (x86)\Ask.com\Updater\Updater.exe
(ACD Systems, Ltd.) C:\Program Files (x86)\Common Files\ACD Systems\DE\DevDetect.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Apple Inc.) C:\Program Files (x86)\QuickTime\QTTask.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Dell Inc.) C:\Program Files\Dell\Dell System Manager\PanelHelper32.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Dassault Systèmes SolidWorks Corp.) C:\Program Files\SolidWorks Corp\SolidWorks (3)\sldworks_fs.exe
(Dassault Systèmes SolidWorks Corp.) C:\Program Files\SolidWorks Corp\SolidWorks (4)\sldworks_fs.exe
(Dassault Systèmes SolidWorks Corp.) C:\Program Files (x86)\Common Files\SolidWorks Installations-Manager\BackgroundDownloading\sldBgDwld.exe
(BUFFALO INC.) C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe
(Dropbox, Inc.) C:\Users\Max Mengelberg\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(BUFFALO INC.) C:\Program Files (x86)\BUFFALO\NASNAVI\nassche.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Dassault Systèmes SolidWorks Corp.) C:\Program Files\SolidWorks Corp\SolidWorks (4)\SLDWORKS.exe
(Dassault Systèmes SolidWorks Corp.) C:\Program Files\SolidWorks Corp\SolidWorks (4)\sldProcMon.exe
(Flexera Software, Inc.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
(Dassault Systèmes SolidWorks Corp.) C:\Program Files\SolidWorks Corp\SolidWorks (4)\swVBAServer\swvbaserver.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Dassault Systèmes SolidWorks Corp.) C:\Program Files (x86)\DWGeditor\DWGEditor.exe
(Tobit.Software) C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-client.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_15_0_0_167_ActiveX.exe
(Nico Mak Computing) C:\Program Files (x86)\WinZip Malware Protector\WinZipMalwareProtector.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [608112 2011-04-05] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-07] (IDT, Inc.)
HKLM\...\Run: [IntelPROSet] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1934608 2010-12-23] (Intel(R) Corporation)
HKLM\...\Run: [FreeFallProtection] => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2011-04-22] ()
HKLM\...\Run: [TdmNotify] => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe [257392 2011-05-27] (Wave Systems Corp.)
HKLM\...\Run: [DBRMTray] => C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe [227328 2011-03-08] (Dell Computer Corporation)
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2747680 2013-12-04] ()
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [112152 2011-01-17] (Intel Corporation)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [462993 2010-03-12] (Creative Technology Ltd)
HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2009-07-06] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-04-29] (CyberLink Corp.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [ApnUpdater] => C:\Program Files (x86)\Ask.com\Updater\Updater.exe [888488 2011-09-08] ({StringFileInfo_CompanyName})
HKLM-x32\...\Run: [Device Detector] => DevDetect.exe -autorun
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-10-09] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1942424 2014-10-10] (APN)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [165168 2014-09-23] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\RunOnce: [DBRMTray] => C:\Dell\DBRM\Reminder\TrayApp.exe [7168 2010-02-05] (Microsoft)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
HKU\S-1-5-21-3300202761-1955330803-1272055055-1001\...\Run: [rfxsrvtray] => C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe [1838872 2013-02-07] (Tobit.Software)
HKU\S-1-5-21-3300202761-1955330803-1272055055-1001\...\Run: [DriverTurbo] => C:\Program Files (x86)\DriverTurbo\DriverTurbo.exe
HKU\S-1-5-21-3300202761-1955330803-1272055055-1001\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-3300202761-1955330803-1272055055-1001\...\MountPoints2: {222c1d9d-f0fc-11e0-b5ca-60d819f8740c} - E:\unlock.exe autoplay=true
HKU\S-1-5-21-3300202761-1955330803-1272055055-1001\...\MountPoints2: {b4e2fa40-f1cb-11e0-82ce-60d819f8740c} - E:\HPLauncher.exe
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [184048 2013-12-04] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [156256 2013-12-04] (NVIDIA Corporation)
Lsa: [Authentication Packages] msv1_0 wvauth
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell System Manager.lnk
ShortcutTarget: Dell System Manager.lnk -> C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe (Dell Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Radio.fx.LNK
ShortcutTarget: Radio.fx.LNK -> C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-client.exe (Tobit.Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SolidWorks 2013 Schnellstart.lnk
ShortcutTarget: SolidWorks 2013 Schnellstart.lnk -> C:\Windows\Installer\{B6B5EA7E-B91F-443D-A958-B0062FB53804}\NewShortcut2_87EDF6C81D0A4B7B84F42FE0C6A9D608.exe (Flexera Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SolidWorks 2014 Schnellstart.lnk
ShortcutTarget: SolidWorks 2014 Schnellstart.lnk -> C:\Windows\Installer\{4FFA60C4-9A8B-4C9E-8265-2241B266304C}\NewShortcut2_87EDF6C81D0A4B7B84F42FE0C6A9D608.exe (Flexera Software LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SolidWorks Hintergrund-Downloader.lnk
ShortcutTarget: SolidWorks Hintergrund-Downloader.lnk -> C:\Program Files (x86)\Common Files\SolidWorks Installations-Manager\BackgroundDownloading\sldBgDwld.exe (Dassault Systèmes SolidWorks Corp.)
Startup: C:\Users\Max Mengelberg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BUFFALO NAS Navigator2.lnk
ShortcutTarget: BUFFALO NAS Navigator2.lnk -> C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe (BUFFALO INC.)
Startup: C:\Users\Max Mengelberg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Max Mengelberg\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Max Mengelberg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NAS Scheduler.lnk
ShortcutTarget: NAS Scheduler.lnk -> C:\Program Files (x86)\BUFFALO\NASNAVI\nassche.exe (BUFFALO INC.)
Startup: C:\Users\Max Mengelberg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SolidWorks Taskplaner Modul.lnk
ShortcutTarget: SolidWorks Taskplaner Modul.lnk -> C:\Program Files\SolidWorks Corp\SolidWorks (3)\swScheduler\swBOEngine.exe (Dassault Systèmes SolidWorks Corp.)
ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)
ShellIconOverlayIdentifiers: [UninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/USREL/8
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USREL/8
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {4D4B8109-E280-4844-BB98-CEDFA9107175} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=foxysecurity
SearchScopes: HKCU - {4D4B8109-E280-4844-BB98-CEDFA9107175} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=foxysecurity
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
SearchScopes: HKCU - {F63A9EB9-6C59-4C4E-8AEA-6594ED04EF11} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-IDW&o=APN10023&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=LL&apn_dtid=YYYYYYYYDE&apn_uid=1bb34d7f-a1f9-4890-94c2-5db083edefed&apn_sauid=C4FBD2B9-1190-40A3-B230-3589D18FFA34
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: No Name -> {0025320D-4D37-4C73-9A5C-0C28F04068A3} -> C:\Users\Max Mengelberg\AppData\LocalLow\IE-BHO\bho.dll ()
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Ask Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Max Mengelberg\AppData\Roaming\Mozilla\Firefox\Profiles\kil6doe5.default
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF DefaultSearchEngine: Ask Search
FF SearchEngineOrder.1: Ask.com Search
FF SelectedSearchEngine: Ask Search
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Max Mengelberg\AppData\Roaming\Mozilla\Firefox\Profiles\kil6doe5.default\user.js
FF SearchPlugin: C:\Users\Max Mengelberg\AppData\Roaming\Mozilla\Firefox\Profiles\kil6doe5.default\searchplugins\11-suche.xml
FF SearchPlugin: C:\Users\Max Mengelberg\AppData\Roaming\Mozilla\Firefox\Profiles\kil6doe5.default\searchplugins\ask-search.xml
FF SearchPlugin: C:\Users\Max Mengelberg\AppData\Roaming\Mozilla\Firefox\Profiles\kil6doe5.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\Max Mengelberg\AppData\Roaming\Mozilla\Firefox\Profiles\kil6doe5.default\searchplugins\askcomsearch.xml
FF SearchPlugin: C:\Users\Max Mengelberg\AppData\Roaming\Mozilla\Firefox\Profiles\kil6doe5.default\searchplugins\avira-safesearch.xml
FF SearchPlugin: C:\Users\Max Mengelberg\AppData\Roaming\Mozilla\Firefox\Profiles\kil6doe5.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Max Mengelberg\AppData\Roaming\Mozilla\Firefox\Profiles\kil6doe5.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Max Mengelberg\AppData\Roaming\Mozilla\Firefox\Profiles\kil6doe5.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\Max Mengelberg\AppData\Roaming\Mozilla\Firefox\Profiles\kil6doe5.default\searchplugins\google-maps.xml
FF SearchPlugin: C:\Users\Max Mengelberg\AppData\Roaming\Mozilla\Firefox\Profiles\kil6doe5.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Max Mengelberg\AppData\Roaming\Mozilla\Firefox\Profiles\kil6doe5.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira Browser Safety - C:\Users\Max Mengelberg\AppData\Roaming\Mozilla\Firefox\Profiles\kil6doe5.default\Extensions\abs@avira.com [2014-10-10]
FF Extension: Amazon-Icon - C:\Users\Max Mengelberg\AppData\Roaming\Mozilla\Firefox\Profiles\kil6doe5.default\Extensions\amazon-icon@giga.de [2014-10-23]
FF Extension: Fox Sec 7 - C:\Users\Max Mengelberg\AppData\Roaming\Mozilla\Firefox\Profiles\kil6doe5.default\Extensions\fx@foxysecureKDJJHVLSDUVFU.com [2014-10-23]
FF Extension: Avira SafeSearch - C:\Users\Max Mengelberg\AppData\Roaming\Mozilla\Firefox\Profiles\kil6doe5.default\Extensions\safesearch@avira.com [2014-09-29]
FF Extension: SparPilot - Gutscheine & mehr... - C:\Users\Max Mengelberg\AppData\Roaming\Mozilla\Firefox\Profiles\kil6doe5.default\Extensions\sparpilot@sparpilot.com [2014-10-23]
FF Extension: Ask Toolbar - C:\Users\Max Mengelberg\AppData\Roaming\Mozilla\Firefox\Profiles\kil6doe5.default\Extensions\toolbar@ask.com [2011-10-07]
FF Extension: WEB.DE MailCheck - C:\Users\Max Mengelberg\AppData\Roaming\Mozilla\Firefox\Profiles\kil6doe5.default\Extensions\toolbar@web.de [2014-10-29]
FF Extension: ReminderFox - C:\Users\Max Mengelberg\AppData\Roaming\Mozilla\Firefox\Profiles\kil6doe5.default\Extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae} [2014-04-19]
FF Extension: Bitdefender QuickScan - C:\Users\Max Mengelberg\AppData\Roaming\Mozilla\Firefox\Profiles\kil6doe5.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2014-11-10]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Max Mengelberg\AppData\Roaming\Mozilla\Firefox\Profiles\kil6doe5.default\Extensions\adblockpopups@jessehakanen.net.xpi [2011-10-08]
FF Extension: Cliqz Beta - C:\Users\Max Mengelberg\AppData\Roaming\Mozilla\Firefox\Profiles\kil6doe5.default\Extensions\cliqz@cliqz.com.xpi [2014-10-08]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\Max Mengelberg\AppData\Roaming\Mozilla\Firefox\Profiles\kil6doe5.default\Extensions\elemhidehelper@adblockplus.org.xpi [2012-02-11]
FF Extension: Ask Toolbar - C:\Users\Max Mengelberg\AppData\Roaming\Mozilla\Firefox\Profiles\kil6doe5.default\Extensions\toolbar_ORJ-V7C@apn.ask.com.xpi [2014-03-26]
FF Extension: {90ee036b-00a5-4e72-a613-6a5a024926d1} - C:\Users\Max Mengelberg\AppData\Roaming\Mozilla\Firefox\Profiles\kil6doe5.default\Extensions\{90ee036b-00a5-4e72-a613-6a5a024926d1}.xpi [2014-11-10]
FF Extension: Adblock Plus - C:\Users\Max Mengelberg\AppData\Roaming\Mozilla\Firefox\Profiles\kil6doe5.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-11-09]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-05-10]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-05-10]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-05-10]
FF Extension: UITBAutoInstaller - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{edd7fc99-d65c-4979-85c2-ddeed30c50c7} [2014-10-23]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-10-09]
Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.msn.com/?pc=BDT3&ocid=BDT3DHP"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U29) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (NPCIG.dll) - C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Profile: C:\Users\Max Mengelberg\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Max Mengelberg\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-01-12]
CHR Extension: (Amazon) - C:\Users\Max Mengelberg\AppData\Local\Google\Chrome\User Data\Default\Extensions\caeaobpemokdfnidgaebncaooofnbfha [2014-10-30]
CHR Extension: (Google-Suche) - C:\Users\Max Mengelberg\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-01-12]
CHR Extension: (Avira Browser Safety) - C:\Users\Max Mengelberg\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-10-30]
CHR Extension: (Google Wallet) - C:\Users\Max Mengelberg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-30]
CHR Extension: (Google Mail) - C:\Users\Max Mengelberg\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-01-12]
CHR HKLM-x32\...\Chrome\Extension: [caeaobpemokdfnidgaebncaooofnbfha] - C:\Users\Max Mengelberg\ChromeExtensions\caeaobpemokdfnidgaebncaooofnbfha\amazon-icon-fwde.crx [2014-10-23]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-10-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-10-09] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166296 2014-10-30] (APN LLC.)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [160560 2014-09-23] (Avira Operations GmbH & Co. KG)
S3 CoordinatorServiceHost; C:\Program Files\SolidWorks Corp\SolidWorks (4)\swScheduler\DTSCoordinatorService.exe [76328 2014-06-12] (Dassault Systèmes SolidWorks Corp.)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-23] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-23] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NVWMI; C:\Windows\system32\nvwmi64.exe [1290016 2013-12-04] (NVIDIA Corporation)
R2 O2SDIOAssist; c:\Windows\SysWOW64\srvany.exe [8192 2003-04-19] () [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Radio.fx; C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe [3999512 2013-06-03] ()
S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2011-10-08] (SolidWorks) [File not signed]
S2 tcsd_win32.exe; C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1633280 2011-02-17] () [File not signed]
R2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1600000 2011-07-01] (Wave Systems Corp.) [File not signed]
R2 ZcfgSvc7; C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe [992256 2010-12-23] (Intel(R) Corporation) [File not signed]
S2 Disaster Recovery Imaging; "C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP Professional\DR\x64\drdiag.exe" [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
S3 GenericMount; C:\Windows\System32\DRIVERS\GenericMount.sys [54320 2009-09-21] (Symantec Corporation)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [300320 2013-12-04] (NVIDIA Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-05-02] (Corel Corporation)
U2 V2iMount; No ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-10 16:19 - 2014-11-10 16:19 - 00036177 _____ () C:\Users\Max Mengelberg\Downloads\FRST.txt
2014-11-10 16:19 - 2014-11-10 16:18 - 02116096 _____ (Farbar) C:\Users\Max Mengelberg\Desktop\FRST64.exe
2014-11-10 16:18 - 2014-11-10 16:19 - 00000000 ____D () C:\FRST
2014-11-10 16:18 - 2014-11-10 16:18 - 02116096 _____ (Farbar) C:\Users\Max Mengelberg\Downloads\FRST64.exe
2014-11-10 16:16 - 2014-11-10 16:16 - 00006710 _____ () C:\Users\Max Mengelberg\Desktop\log.xml
2014-11-10 15:27 - 2014-11-10 15:27 - 00003116 _____ () C:\Windows\System32\Tasks\WinZip Malware Protector_startup
2014-11-10 15:27 - 2014-11-10 15:27 - 00001195 _____ () C:\Users\Public\Desktop\WinZip Malware Protector.lnk
2014-11-10 15:27 - 2014-11-10 15:27 - 00000000 ____D () C:\Users\Max Mengelberg\AppData\Roaming\Nico Mak Computing
2014-11-10 15:27 - 2014-11-10 15:27 - 00000000 ____D () C:\ProgramData\Nico Mak Computing
2014-11-10 15:27 - 2014-11-10 15:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Malware Protector
2014-11-10 15:27 - 2014-11-10 15:27 - 00000000 ____D () C:\Program Files (x86)\WinZip Malware Protector
2014-11-10 15:27 - 2013-03-15 17:10 - 00020480 _____ () C:\Windows\system32\wsusnative64.exe
2014-11-10 14:26 - 2014-11-10 14:26 - 00000000 ____D () C:\Users\Max Mengelberg\AppData\Roaming\QuickScan
2014-11-10 14:24 - 2014-11-10 14:24 - 00000000 ____D () C:\Users\Max Mengelberg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte
2014-11-09 15:42 - 2014-11-09 15:42 - 00000479 _____ () C:\Users\Max Mengelberg\Desktop\Max Mengelberg (Galaxy - Verknüpfung.lnk
2014-11-02 18:33 - 2014-11-02 18:33 - 00104769 _____ () C:\Users\Max Mengelberg\Downloads\141102_Konto 444546204 _ A(1).zip
2014-11-02 18:32 - 2014-11-02 18:32 - 00104769 _____ () C:\Users\Max Mengelberg\Downloads\141102_Konto 444546204 _ A.zip
2014-11-02 18:10 - 2014-11-02 18:11 - 00000960 _____ () C:\Users\Max Mengelberg\Desktop\Inteco_13-234_Frisa_MeM.lnk
2014-11-01 09:55 - 2014-11-01 09:56 - 00001309 _____ () C:\Users\Max Mengelberg\Desktop\11.lnk
2014-10-30 09:28 - 2014-10-30 09:28 - 00000000 ____D () C:\Program Files\Google
2014-10-30 09:27 - 2014-10-30 09:28 - 00000000 ____D () C:\ProgramData\Google
2014-10-27 18:50 - 2014-10-27 18:53 - 365364423 _____ () C:\Users\Max Mengelberg\Downloads\Andalusien.zip
2014-10-26 14:10 - 2014-10-26 14:10 - 00001847 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-10-26 14:10 - 2014-10-26 14:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-10-26 14:10 - 2014-10-26 14:10 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-10-26 14:10 - 2014-10-26 14:10 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-10-23 19:03 - 2014-10-23 19:10 - 00000368 _____ () C:\Users\Max Mengelberg\Desktop\Visitenkarte.v2m
2014-10-23 19:03 - 2014-10-23 19:05 - 00000368 _____ () C:\Users\Max Mengelberg\Desktop\Visitenkarte.bak
2014-10-23 19:02 - 2014-10-23 19:02 - 00000368 _____ () C:\Users\Max Mengelberg\Documents\Visitenkarte.v2m
2014-10-23 18:51 - 2014-10-23 18:51 - 00000000 ____D () C:\Users\Max Mengelberg\AppData\Roaming\Avery
2014-10-23 18:50 - 2014-10-23 18:50 - 00002061 _____ () C:\Users\Public\Desktop\DesignPro 5.lnk
2014-10-23 18:50 - 2014-10-23 18:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avery
2014-10-23 18:50 - 2014-10-23 18:50 - 00000000 ____D () C:\ProgramData\Avery
2014-10-23 18:50 - 2014-10-23 18:50 - 00000000 ____D () C:\Program Files (x86)\Avery
2014-10-23 18:49 - 2014-10-23 18:49 - 00000000 ____D () C:\Users\Max Mengelberg\AppData\Local\Temp32ce20853bcb874bd0a9e2d387ad366c__
2014-10-23 18:49 - 2014-10-23 18:49 - 00000000 ____D () C:\Users\Max Mengelberg\AppData\Local\Temp24786dc9db3b9947f69c21b2e1854d76__
2014-10-23 18:49 - 2014-10-23 18:49 - 00000000 ____D () C:\Program Files (x86)\WEB.DE MailCheck
2014-10-23 18:48 - 2014-10-23 18:48 - 01048928 _____ () C:\Users\Max Mengelberg\Downloads\Avery-Zweckform-DesignPro-lnstall.exe
2014-10-23 17:43 - 2014-10-23 17:43 - 00000000 ____D () C:\Users\Max Mengelberg\AppData\Local\Tempad8d4e78ba2d6a4719c524a41c9ad285
2014-10-23 17:43 - 2014-10-23 17:43 - 00000000 ____D () C:\Users\Max Mengelberg\AppData\Local\Temp32ce20853bcb874bd0a9e2d387ad366c_
2014-10-23 17:43 - 2014-10-23 17:43 - 00000000 ____D () C:\Users\Max Mengelberg\AppData\Local\Temp24786dc9db3b9947f69c21b2e1854d76_
2014-10-23 17:42 - 2014-10-23 17:43 - 00000000 ____D () C:\Users\Max Mengelberg\AppData\Roaming\WHService
2014-10-23 17:42 - 2014-10-23 17:42 - 00000989 _____ () C:\Users\Max Mengelberg\Desktop\STvcard.lnk
2014-10-23 17:42 - 2014-10-23 17:42 - 00000000 ____D () C:\Users\Max Mengelberg\ChromeExtensions
2014-10-23 17:42 - 2014-10-23 17:42 - 00000000 ____D () C:\Users\Max Mengelberg\AppData\Roaming\Security Systems
2014-10-23 17:42 - 2014-10-23 17:42 - 00000000 ____D () C:\Users\Max Mengelberg\AppData\Local\Tempdde92f4c4349613f7dc464a8b6d44229
2014-10-23 17:42 - 2014-10-23 17:42 - 00000000 ____D () C:\Users\Max Mengelberg\AppData\Local\Temp32ce20853bcb874bd0a9e2d387ad366c
2014-10-23 17:42 - 2014-10-23 17:42 - 00000000 ____D () C:\Users\Max Mengelberg\AppData\Local\Temp24786dc9db3b9947f69c21b2e1854d76
2014-10-23 17:42 - 2014-10-23 17:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\STvcard gold
2014-10-23 17:42 - 2014-10-23 17:42 - 00000000 ____D () C:\Program Files (x86)\STvcard gold
2014-10-23 17:42 - 2001-07-20 20:18 - 00063488 _____ () C:\Windows\SysWOW64\EZTW32.DLL
2014-10-23 17:41 - 2014-10-23 17:41 - 01048928 _____ () C:\Users\Max Mengelberg\Downloads\STvcard-GOLD-lnstall.exe
2014-10-23 17:26 - 2014-10-23 17:26 - 00001193 _____ () C:\Users\Max Mengelberg\Desktop\Visitenkarten In 2 Minuten.lnk
2014-10-23 17:26 - 2014-10-23 17:26 - 00000000 ____D () C:\Users\Max Mengelberg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sigel
2014-10-23 17:26 - 2014-10-23 17:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sigel
2014-10-23 17:26 - 2014-10-23 17:26 - 00000000 ____D () C:\Program Files (x86)\Sigel
2014-10-23 17:25 - 2014-10-25 10:17 - 00000000 ____D () C:\Windows\System32\Tasks\Abelssoft
2014-10-23 17:25 - 2014-10-25 10:17 - 00000000 ____D () C:\Program Files (x86)\CHIP Updater
2014-10-23 17:25 - 2014-10-23 17:26 - 00000000 ____D () C:\Users\Max Mengelberg\AppData\Local\Abelssoft
2014-10-23 17:25 - 2014-10-23 17:25 - 01125200 _____ () C:\Users\Max Mengelberg\Downloads\Visitenkarten in 2 Minuten - CHIP-Installer.exe
2014-10-23 17:25 - 2014-10-23 17:25 - 00000000 ____D () C:\Users\Max Mengelberg\AppData\Roaming\DesktopIconForAmazon
2014-10-23 17:25 - 2014-10-23 17:25 - 00000000 ____D () C:\Users\Max Mengelberg\AppData\Roaming\Abelssoft
2014-10-23 17:25 - 2014-10-23 17:25 - 00000000 ____D () C:\ProgramData\XDMessagingv4
2014-10-21 10:38 - 2014-10-21 10:38 - 00168453 _____ () C:\Users\Max Mengelberg\Downloads\EO_Banjo_elbow_SWVE08LMCF.stp
2014-10-21 10:34 - 2014-10-21 10:34 - 00133081 _____ () C:\Users\Max Mengelberg\Downloads\EO_Banjo_elbow_SWVE08LMOMDCF.stp
2014-10-21 09:42 - 2014-10-21 09:42 - 00174790 _____ () C:\Users\Max Mengelberg\Downloads\EO_Union_elbow_W08ZL71.stp
2014-10-21 09:39 - 2014-10-21 09:39 - 00130075 _____ () C:\Users\Max Mengelberg\Downloads\EO_Union_elbow_W08S71X.stp
2014-10-20 16:37 - 2014-10-20 16:37 - 00143451 _____ () C:\Users\Max Mengelberg\Downloads\EO_Swivel_connector_GAI08LM71.stp
2014-10-20 16:26 - 2014-10-20 16:27 - 00157723 _____ () C:\Users\Max Mengelberg\Downloads\EO_Male_Stud_connector_GEO08LMCF.stp
2014-10-20 14:27 - 2014-10-20 14:27 - 00149634 _____ () C:\Users\Max Mengelberg\Downloads\EO_Swivel_union_GZ08LCF.stp
2014-10-20 09:04 - 2014-10-20 09:04 - 00000000 ____D () C:\Users\Max Mengelberg\AppData\Roaming\Oracle
2014-10-20 09:02 - 2014-10-20 09:01 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-10-20 09:01 - 2014-10-20 09:01 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-10-20 09:01 - 2014-10-20 09:01 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-10-20 09:01 - 2014-10-20 09:01 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-10-20 09:01 - 2014-10-20 09:01 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-16 17:54 - 2014-10-07 03:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-16 17:54 - 2014-10-07 03:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-16 17:54 - 2014-09-29 01:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-16 17:54 - 2014-09-25 23:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-16 17:54 - 2014-09-25 23:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-16 17:54 - 2014-09-25 23:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-16 17:54 - 2014-09-25 23:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-16 17:54 - 2014-09-25 23:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-16 17:54 - 2014-09-25 23:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-16 17:54 - 2014-09-19 02:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-16 17:54 - 2014-09-19 02:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-16 17:54 - 2014-09-19 02:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-16 17:54 - 2014-09-19 02:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-16 17:54 - 2014-09-19 02:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-16 17:54 - 2014-09-19 02:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-16 17:54 - 2014-09-19 02:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-16 17:54 - 2014-09-19 02:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-16 17:54 - 2014-09-19 02:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-16 17:54 - 2014-09-19 02:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-16 17:54 - 2014-09-19 02:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-16 17:54 - 2014-09-19 02:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-16 17:54 - 2014-09-19 02:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-16 17:54 - 2014-09-19 02:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-16 17:54 - 2014-09-19 02:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-16 17:54 - 2014-09-19 01:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-16 17:54 - 2014-09-19 01:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-16 17:54 - 2014-09-19 01:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-16 17:54 - 2014-09-19 01:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-16 17:54 - 2014-09-19 01:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-16 17:54 - 2014-09-19 01:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-16 17:54 - 2014-09-19 01:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-16 17:54 - 2014-09-19 01:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-16 17:54 - 2014-09-19 01:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-16 17:54 - 2014-09-19 01:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-16 17:54 - 2014-09-19 01:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-16 17:54 - 2014-09-19 01:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-16 17:54 - 2014-09-19 00:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-16 17:54 - 2014-09-19 00:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-16 17:54 - 2014-09-19 00:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-16 17:54 - 2014-09-18 03:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-16 17:54 - 2014-09-18 02:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-16 17:54 - 2014-09-13 02:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-16 17:54 - 2014-09-13 02:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-16 17:54 - 2014-09-04 06:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-16 17:54 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-16 17:54 - 2014-07-17 03:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-16 17:54 - 2014-07-17 03:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-16 17:54 - 2014-07-17 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-16 17:54 - 2014-07-17 03:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-16 17:54 - 2014-07-17 03:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-16 17:54 - 2014-07-17 03:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-16 17:54 - 2014-07-17 03:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-16 17:54 - 2014-07-17 03:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-16 17:54 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-16 17:54 - 2014-07-17 02:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-16 17:54 - 2014-07-17 02:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-16 17:54 - 2014-07-17 02:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-16 17:54 - 2014-07-17 02:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-16 17:54 - 2014-07-17 02:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-16 17:54 - 2014-07-17 02:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-16 17:54 - 2014-07-17 02:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-16 17:54 - 2014-06-18 23:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-16 17:54 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-16 17:54 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-16 17:54 - 2014-06-18 23:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-16 17:54 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-16 17:54 - 2014-06-18 23:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-16 17:53 - 2014-09-25 23:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-16 17:53 - 2014-09-19 03:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-16 17:53 - 2014-09-19 02:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-16 17:53 - 2014-09-19 02:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-16 17:53 - 2014-09-19 02:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-16 17:53 - 2014-09-19 02:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-16 17:53 - 2014-09-19 02:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-16 17:53 - 2014-09-19 02:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-16 17:53 - 2014-09-19 02:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-16 17:53 - 2014-09-19 02:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-16 17:53 - 2014-09-19 02:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-16 17:53 - 2014-09-19 02:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-16 17:53 - 2014-09-19 01:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-16 17:53 - 2014-09-19 01:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-16 17:53 - 2014-09-19 01:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-16 17:53 - 2014-09-19 01:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-16 17:53 - 2014-09-19 01:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-16 17:53 - 2014-09-19 00:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-16 17:40 - 2014-10-10 03:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-16 17:40 - 2014-10-10 03:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-16 17:40 - 2014-10-10 03:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-10 16:19 - 2012-01-12 19:44 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-10 16:04 - 2012-03-31 17:14 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-10 14:26 - 2011-10-04 00:16 - 01594275 _____ () C:\Windows\WindowsUpdate.log
2014-11-10 14:24 - 2009-07-14 05:51 - 00172683 _____ () C:\Windows\setupact.log
2014-11-10 12:24 - 2011-10-17 13:05 - 00000000 ____D () C:\temp
2014-11-10 11:48 - 2011-10-08 17:52 - 00000000 ____D () C:\Program Files\Common Files\SolidWorks Shared
2014-11-10 11:19 - 2012-01-12 19:44 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-10 10:54 - 2011-10-08 17:40 - 00000000 ____D () C:\Users\Max Mengelberg\AppData\Roaming\SolidWorks
2014-11-09 15:15 - 2009-07-14 05:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-09 15:15 - 2009-07-14 05:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-09 10:41 - 2010-11-21 07:50 - 00714458 _____ () C:\Windows\system32\perfh007.dat
2014-11-09 10:41 - 2010-11-21 07:50 - 00154510 _____ () C:\Windows\system32\perfc007.dat
2014-11-09 10:41 - 2009-07-14 06:13 - 01649592 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-09 10:40 - 2013-11-01 08:34 - 00000000 ___RD () C:\Users\Max Mengelberg\Dropbox
2014-11-09 10:40 - 2013-11-01 08:27 - 00000000 ____D () C:\Users\Max Mengelberg\AppData\Roaming\Dropbox
2014-11-09 10:35 - 2014-08-01 15:39 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-11-09 10:35 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-07 10:07 - 2012-02-17 13:12 - 00000000 ____D () C:\Users\Max Mengelberg\AppData\Local\CutePDF Writer
2014-11-06 19:48 - 2011-10-04 08:00 - 00000000 ____D () C:\ProgramData\Sonic
2014-11-02 18:55 - 2011-10-09 13:44 - 00000000 ____D () C:\Program Files (x86)\ElsterFormular
2014-11-02 18:55 - 2011-10-07 19:58 - 00000000 ____D () C:\Users\Max Mengelberg
2014-11-01 20:28 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-30 19:31 - 2010-11-21 04:47 - 00287752 _____ () C:\Windows\PFRO.log
2014-10-30 09:28 - 2014-08-17 12:05 - 00000000 ____D () C:\Users\Max Mengelberg\AppData\Local\Adobe
2014-10-30 09:28 - 2012-01-12 19:44 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-30 09:27 - 2012-03-31 17:14 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-30 09:27 - 2012-03-31 17:14 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-10-30 09:27 - 2011-10-04 07:24 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-29 09:46 - 2012-01-12 19:44 - 00002177 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-28 06:34 - 2010-11-21 04:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-25 10:14 - 2012-01-12 19:44 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-25 10:14 - 2012-01-12 19:44 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-24 09:23 - 2011-10-07 19:59 - 00111824 _____ () C:\Users\Max Mengelberg\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-24 09:21 - 2009-07-14 05:45 - 00405416 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-23 18:50 - 2011-10-04 07:35 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-10-23 18:49 - 2014-05-10 13:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-20 12:17 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-10-20 10:41 - 2011-10-09 12:10 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-10-20 10:40 - 2011-10-15 10:58 - 00000000 ____D () C:\ProgramData\Symantec
2014-10-20 10:40 - 2011-10-15 10:58 - 00000000 ____D () C:\ProgramData\{1C6FDDD8-FC9E-4C12-9FA5-1AAD377097B3}
2014-10-20 10:40 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Registration
2014-10-20 09:02 - 2013-10-20 12:09 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-17 08:16 - 2014-05-06 23:35 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-16 23:11 - 2013-07-13 18:28 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-16 23:09 - 2011-10-09 11:33 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-15 18:18 - 2014-08-05 08:14 - 00001139 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-10-15 18:18 - 2014-08-05 08:14 - 00000000 ____D () C:\ProgramData\Package Cache
2014-10-15 18:18 - 2013-03-29 13:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-10-15 18:18 - 2012-12-21 08:57 - 00000000 ____D () C:\Program Files (x86)\Avira
Some content of TEMP:
====================
C:\Users\Max Mengelberg\AppData\Local\Temp\amazonicon_fwde.exe
C:\Users\Max Mengelberg\AppData\Local\Temp\amazoninstallernircmdc.exe
C:\Users\Max Mengelberg\AppData\Local\Temp\APNSetup.exe
C:\Users\Max Mengelberg\AppData\Local\Temp\APNStub.exe
C:\Users\Max Mengelberg\AppData\Local\Temp\avgnt.exe
C:\Users\Max Mengelberg\AppData\Local\Temp\DE_de_DP5_DL_20131125.exe
C:\Users\Max Mengelberg\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpo8pn7y.dll
C:\Users\Max Mengelberg\AppData\Local\Temp\Fx6_FF_IE_Setup-freeware-de-german.exe
C:\Users\Max Mengelberg\AppData\Local\Temp\GfxDbMash.dll
C:\Users\Max Mengelberg\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Max Mengelberg\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Max Mengelberg\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Max Mengelberg\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Max Mengelberg\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Max Mengelberg\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Max Mengelberg\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Max Mengelberg\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Max Mengelberg\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Max Mengelberg\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Max Mengelberg\AppData\Local\Temp\nvStInst.exe
C:\Users\Max Mengelberg\AppData\Local\Temp\sdan.exe
C:\Users\Max Mengelberg\AppData\Local\Temp\sdapk.exe
C:\Users\Max Mengelberg\AppData\Local\Temp\sdaspwn.exe
C:\Users\Max Mengelberg\AppData\Local\Temp\setup.exe
C:\Users\Max Mengelberg\AppData\Local\Temp\stvcard_gold_free_setup.exe
C:\Users\Max Mengelberg\AppData\Local\Temp\TOBITCLT.DLL
C:\Users\Max Mengelberg\AppData\Local\Temp\WEB.DE_MailCheck_FF_Setup_2.10.1.1735.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-11-05 10:21
==================== End Of Log ============================
--- --- --- --- --- --- --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-11-2014 01
Ran by Max Mengelberg at 2014-11-10 16:19:50
Running from C:\Users\Max Mengelberg\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
8000A809 (x32 Version: 50.0.165.000 - Hewlett-Packard) Hidden
8000A809_eDocs (x32 Version: 50.0.165.000 - Hewlett-Packard) Hidden
8000A809_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
AccelerometerP11 (HKLM-x32\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 2.00.10.26 - STMicroelectronics)
ACDSee 8 (HKLM-x32\...\{AA2E6BFE-4351-481C-A720-47CB3506570B}) (Version: 8.0.41 - ACD Systems Ltd.)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ask Toolbar (HKLM-x32\...\{4F524A2D-5637-4300-76A7-A758B70C1300}) (Version: 12.19.0.105 - APN, LLC) <==== ATTENTION
Ask Toolbar (HKLM-x32\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.15.31.0 - Ask.com) <==== ATTENTION
Audiograbber 1.83 SE (HKLM-x32\...\Audiograbber) (Version: 1.83 SE - Audiograbber Deutschland)
Avira (HKLM-x32\...\{9bd9b85e-7792-483b-a318-cc51ff0877ed}) (Version: 1.1.22.50000 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.22.50000 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.306 - Avira)
BioAPI Framework (Version: 1.0.2 - Dell Inc.) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BPDSoftware (x32 Version: 50.0.165.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
BROCKHAUS DIE ENZYKLOPÄDIE (HKLM-x32\...\{6AF3D486-C45C-472F-A5C1-99C7A4C18127}) (Version: - )
BUFFALO LinkStation(LX-WXL) Setup Guide (HKLM-x32\...\UN090928) (Version: - )
BUFFALO NAS Navigator2 (HKLM-x32\...\UN060501) (Version: - )
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
Camera Window DS (x32 Version: 5.1 - Canon) Hidden
Canon Camera WIA Driver (x32 Version: 5.6 - Canon) Hidden
Canon Camera Window DS for ZoomBrowser EX (HKLM-x32\...\InstallShield_{7B847C9D-6758-45E6-B598-3BD8F43EAE9E}) (Version: 5.1 - Canon)
Canon EOS Kiss_N REBEL_XT 350D WIA-Treiber (HKLM-x32\...\InstallShield_{33CF7CDF-9805-4500-9CC7-D19D52AD63C4}) (Version: 5.6 - Canon)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\CANON iMAGE GATEWAY Task) (Version: 1.7.2.11 - Canon Inc.)
Canon Internet Library for ZoomBrowser EX (HKLM-x32\...\Canon Internet Library for ZoomBrowser EX) (Version: 1.6.3.9 - Canon Inc.)
Canon MOV Decoder (HKLM-x32\...\Canon MOV Decoder) (Version: 1.5.0.7 - Canon Inc.)
Canon MOV Encoder (HKLM-x32\...\Canon MOV Encoder) (Version: 1.3.1.3 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.4.1.9 - Canon Inc.)
Canon PhotoRecord (HKLM-x32\...\{862983D7-FA08-493E-A9ED-6B7859E069D3}) (Version: 02.02.01000 - Cisra)
Canon RAW Image Task for ZoomBrowser EX (HKLM-x32\...\InstallShield_{A0F34E4E-25F0-4B68-AE8F-EF0C15CB1FED}) (Version: 2.0 - Canon)
Canon RemoteCapture Task for ZoomBrowser EX (HKLM-x32\...\InstallShield_{28291BD5-92D2-4685-82DC-CCA925C53CCA}) (Version: 1.1 - Canon)
Canon Utilities CameraWindow (HKLM-x32\...\CameraWindowLauncher) (Version: 7.4.0.7 - Canon Inc.)
Canon Utilities CameraWindow DC 8 (HKLM-x32\...\CameraWindowDC8) (Version: 8.1.0.11 - Canon Inc.)
Canon Utilities Digital Photo Professional 1.6.1 (HKLM-x32\...\InstallShield_{789CF5F1-3326-4B7B-9D01-31047E0F5651}) (Version: 1.6.1 - Canon)
Canon Utilities Digital Photo Professional 1.6.1 (x32 Version: 1.6.1 - Canon) Hidden
Canon Utilities EOS Capture 1.3 (HKLM-x32\...\InstallShield_{16480125-0428-4097-9A2A-74464004D169}) (Version: 1.3 - Canon)
Canon Utilities MyCamera (HKLM-x32\...\MyCamera) (Version: 7.3.0.5 - Canon Inc.)
Canon Utilities PhotoStitch 3.1 (HKLM-x32\...\InstallShield_{218BBBE3-FE63-4BB2-81A8-7435575A84FA}) (Version: 3.1.14 - Canon)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.5.1.15 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.3.0.4 - Canon Inc.)
Cliqz (HKLM-x32\...\{5A0C0737-6AFE-4DC6-A8B4-6DFE509ACD75}_is1) (Version: 0.5.22 - Cliqz.com)
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Custom (Version: 01.00.00.000 - Wave Systems Corp.) Hidden
CutePDF Writer 2.7 (HKLM\...\CutePDF Writer Installation) (Version: - )
CyberLink PowerDVD 9.5 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.5.1.3225 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Datenbank (HKLM-x32\...\ST6UNST #1) (Version: - )
Dell Backup and Recovery Manager (HKLM\...\{50B4B603-A4C6-4739-AE96-6C76A0F8A388}) (Version: 1.3.1 - Dell Inc.)
Dell ControlVault Host Components Installer 64 bit (Version: 2.1.6.214 - Broadcom Corporation) Hidden
Dell Data Protection | Access (HKLM-x32\...\{A7D91856-258D-4C87-8041-B170851CE432}) (Version: 2.1.00001.002 - Dell Inc.)
Dell Data Protection | Access (Version: 02.01.01.002 - Wave Systems Corp) Hidden
Dell Data Protection | Access | Drivers (HKLM-x32\...\{4E4E65EE-C456-45AC-B5AD-C62C3A325BD0}) (Version: 2.01.018 - Dell Inc.)
Dell Data Protection | Access | Middleware (HKLM-x32\...\{841CBDD5-4BB5-403E-AEE3-2FADC3890BE8}) (Version: 2.01.010 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell System Manager (HKLM\...\{FDF509ED-9624-4FDE-9BAA-9566C186AB96}) (Version: 1.6.00000 - Dell Inc.)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1208.101.118 - ALPS ELECTRIC CO., LTD.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.28 - Creative Technology Ltd)
DellAccess (Version: 01.01.00.072 - Wave Systems Corp.) Hidden
DesignPro 5 (HKLM-x32\...\InstallShield_{F82C6574-AD88-4B40-A432-970BC77F1BD2}) (Version: 5.5.708 - Avery)
DesignPro 5 (x32 Version: 5.5.708 - Avery) Hidden
Desktop Icon für Amazon (HKLM\...\DesktopIconAmazon) (Version: 1.0.1 (de) - CHIP.de)
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
Dropbox (HKU\S-1-5-21-3300202761-1955330803-1272055055-1001\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
DWGeditor (HKLM-x32\...\{56DCD20A-E558-4396-AF59-14D15AA737BB}) (Version: 18.00.5035 - SolidWorks)
ElsterFormular (HKLM-x32\...\ElsterFormular 13.0.0.8086u) (Version: 15.1.13904 - Landesfinanzdirektion Thüringen)
EMBASSY Security Center (Version: 04.03.00.121 - Wave Systems Corp.) Hidden
EOS Capture 1.3 (x32 Version: 1.3 - Canon) Hidden
Epson Copy Utility 3.5 (HKLM-x32\...\{AA72FB28-73B4-49E5-B6B4-E78F44BBD0AD}) (Version: 3.5.0.0 - )
EPSON CopyFactory (HKLM-x32\...\{52B4C42B-A110-4236-95C8-AA4B137C16AC}) (Version: 4.2.9.0 - Seiko Epson Corporation)
EPSON TWAIN 5 (HKLM-x32\...\{9A3EABC0-CA06-11D4-BF77-00104B130C19}) (Version: - )
Foxy Secure (HKLM-x32\...\Foxy Secure) (Version: 6 - )
Gemalto (Version: 01.64.01.0010 - Wave Systems Corp) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Hewlett-Packard ACLM.NET v1.1.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Officejet Pro 8000 A809 Series (HKLM\...\{7B69FE75-3AF9-4714-89EE-D3F64CB08F90}) (Version: 13.0 - HP)
HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Network Connections 15.7.176.1 (HKLM\...\PROSetDX) (Version: 15.7.176.1 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2418 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{4C1CCA11-0D08-4D5E-8444-2D9FB48BCABF}) (Version: 14.00.20110 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
IPIX ActiveX Viewer (HKLM-x32\...\IPIX ActiveX Viewer) (Version: - )
IPIX Netscape Plugin Viewer (HKLM-x32\...\IPIX Netscape Plugin Viewer) (Version: - )
IPIX Viewer (HKLM-x32\...\IPIX Viewer) (Version: - )
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Java(TM) 6 Update 27 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416027FF}) (Version: 6.0.270 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2000 Premium (HKLM-x32\...\{00000407-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2816 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU) (Version: - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Applications - ENU (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Applications - ENU) (Version: - Microsoft Corporation)
MOTORRAD Tourenplaner 2008/2009 (HKLM-x32\...\{089B1349-BA53-43B1-A2C9-DBF9A7F8FD30}) (Version: 12.5 - PTV Planung Transport Verkehr AG)
Mozilla Firefox 32.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 de)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
myPrintMileage (Officejet Pro 8000 A809) (HKLM-x32\...\{B10A30CF-CCFF-4056-9ABC-F8D42BDF141F}) (Version: 1.00.0000 - Hewlett-Packard)
Network64 (Version: 130.0.579.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
NTRU TCG Software Stack (Version: 2.1.36 - Security Innovation, Inc.) Hidden
NVIDIA 3D Vision Treiber 327.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 327.62 - NVIDIA Corporation)
NVIDIA Grafiktreiber 327.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.62 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA nView 140.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 140.75 - NVIDIA Corporation)
NVIDIA WMI 2.14.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVWMI) (Version: 2.14.0 - NVIDIA Corporation)
O2Micro Flash Memory Card Windows Driver (HKLM-x32\...\InstallShield_{0CB3B7EE-52C7-4136-AF40-605567D90318}) (Version: 3.0.07.23 - O2Micro International LTD.)
O2Micro Flash Memory Card Windows Driver (x32 Version: 3.0.07.23 - O2Micro International LTD.) Hidden
PC-CCID (Version: 2.0.0 - Gemalto) Hidden
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
PhotoStitch (x32 Version: 3.1.14 - Canon) Hidden
Preboot Manager (Version: 03.03.00.074 - Wave Systems Corp.) Hidden
Private Information Manager (Version: 07.01.00.022 - Wave Systems Corp.) Hidden
ProductContext (x32 Version: 50.0.165.000 - Hewlett-Packard) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Radio.fx (HKLM-x32\...\Tobit Radio.fx Server) (Version: - Tobit.Software)
RAW Image Task 2.0 (x32 Version: 2.0 - Canon) Hidden
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
RemoteCapture Task 1.1 (x32 Version: 1.1 - Canon) Hidden
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
Solid Edge ST6 (HKLM\...\{132B6ABB-431A-4DDA-8861-914AB7B0325A}) (Version: 106.00.00100 - Siemens)
Solid Edge Standard Parts Machinery Library (HKLM-x32\...\{A63F5E47-5080-4D35-AF37-C0BC6EAD0A73}) (Version: 106.00.00100 - Siemens)
Solid Edge Standard Parts Piping Library (HKLM-x32\...\{E272134E-9D53-4E6F-BA86-4CD173D1DF80}) (Version: 106.00.00100 - Siemens)
SolidWorks 2010 x64 Edition SP04 (HKLM-x32\...\SolidWorks Installation Manager 20100-40400-1100-100) (Version: 18.4.0.57 - SolidWorks Corporation)
SolidWorks 2010 x64 Edition SP05 (HKLM-x32\...\SolidWorks Installation Manager 20100-40500-1100-100) (Version: 18.5.0.128 - SolidWorks Corporation)
SolidWorks 2010 x64 Edition SP05 (Version: 18.150.128 - SolidWorks) Hidden
SolidWorks 2012 x64 Edition SP04 (HKLM-x32\...\SolidWorks Installation Manager 20120-40400-1100-100) (Version: 20.4.0.64 - SolidWorks Corporation)
SolidWorks 2012 x64 Edition SP05 (HKLM-x32\...\SolidWorks Installation Manager 20120-40500-1100-100) (Version: 20.5.0.80 - SolidWorks Corporation)
SolidWorks 2012 x64 Edition SP05 (Version: 20.150.80 - SolidWorks) Hidden
SolidWorks 2012 x64 German Resources (Version: 20.150.80 - SolidWorks Corporation) Hidden
SolidWorks 2013 x64 Edition SP05 (HKLM-x32\...\SolidWorks Installation Manager 20130-40500-1100-100) (Version: 21.5.0.76 - SolidWorks Corporation)
SolidWorks 2013 x64 Edition SP05 (Version: 21.150.76 - SolidWorks) Hidden
SolidWorks 2013 x64 German Resources (Version: 21.150.76 - SolidWorks Corporation) Hidden
SolidWorks 2014 x64 Edition SP04 (HKLM-x32\...\SolidWorks Installation Manager 20140-40400-1100-100) (Version: 22.4.0.54 - SolidWorks Corporation)
SolidWorks 2014 x64 Edition SP04 (Version: 22.140.54 - SolidWorks) Hidden
SolidWorks 2014 x64 German Resources (Version: 22.140.54 - SolidWorks Corporation) Hidden
SolidWorks Composer Player 2014 SP04 x64 Edition (Version: 22.40.54 - Dassault Systemes SolidWorks) Hidden
SolidWorks eDrawings 2010 (x32 Version: 10.5.132 - Dassault Systèmes SolidWorks Corp.) Hidden
SolidWorks eDrawings 2013 x64 Edition SP05 (Version: 13.5.111 - Dassault Systèmes SolidWorks Corp) Hidden
SolidWorks eDrawings 2014 x64 Edition SP04 (Version: 14.4.105 - Dassault Systèmes SolidWorks Corp) Hidden
SolidWorks Explorer 2010 SP05 x64 Edition (Version: 18.50.128 - SolidWorks Corporation) Hidden
SolidWorks Explorer 2012 SP04 x64 Edition (Version: 20.40.64 - SolidWorks Corporation) Hidden
SolidWorks Explorer 2013 SP05 x64 Edition (Version: 21.50.76 - SolidWorks Corporation) Hidden
SolidWorks Explorer 2014 SP04 x64 Edition (Version: 22.40.54 - SolidWorks Corporation) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
SPBA 5.9 (Version: 5.9.4.6686 - UPEK Inc.) Hidden
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
STvcard 4.0.0 gold (HKLM-x32\...\STvcard gold_is1) (Version: - )
Timken Tapered Roller Bearing Catalog v7.5.9 (HKLM-x32\...\STA.tx6_ENU) (Version: - )
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
Total Commander (Remove or Repair) (HKLM-x32\...\Totalcmd) (Version: 7.56a - Ghisler Software GmbH)
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
Trusted Drive Manager (Version: 4.1.1.312 - Wave Systems Corp.) Hidden
Upek Touchchip Fingerprint Reader (Version: 1.2.004 - Dell Inc.) Hidden
Visitenkarten in 2 Minuten (HKLM-x32\...\Visitenkarten in 2 Minuten) (Version: - )
Wave Infrastructure Installer (Version: 07.67.17.0010 - Wave Systems Corp) Hidden
Wave Support Software Installer (Version: 05.13.00.033 - Wave Systems Corp) Hidden
WEB.DE MailCheck für Mozilla Firefox (HKLM-x32\...\1&1 Mail & Media GmbH Toolbar FF) (Version: 2.10.1.1735 - 1&1 Mail & Media GmbH)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.7900 - Broadcom Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows-Treiberpaket - Dell Inc. PBADRV System (09/11/2009 1.0.1.6) (HKLM\...\9512AA21B791B05A54E27065C45BBC417AB282DF) (Version: 09/11/2009 1.0.1.6 - Dell Inc.)
WinZip Malware Protector (HKLM-x32\...\WinZip Malware Protector_is1) (Version: 2.1.1000.10798 - WinZip International LLC)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-3300202761-1955330803-1272055055-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Max Mengelberg\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3300202761-1955330803-1272055055-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Max Mengelberg\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3300202761-1955330803-1272055055-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Max Mengelberg\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3300202761-1955330803-1272055055-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Max Mengelberg\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3300202761-1955330803-1272055055-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Max Mengelberg\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3300202761-1955330803-1272055055-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Max Mengelberg\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3300202761-1955330803-1272055055-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Max Mengelberg\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3300202761-1955330803-1272055055-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Max Mengelberg\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3300202761-1955330803-1272055055-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Max Mengelberg\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
==================== Restore Points =========================
07-11-2014 08:49:11 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {03F0FA27-6142-4480-8246-DDE3D722F671} - System32\Tasks\{0A7938B8-A83E-479C-9805-13FD08461333} => D:\SETUP.EXE
Task: {2CDA5E53-425C-4A80-980F-FD1DE772C57C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-30] (Adobe Systems Incorporated)
Task: {53433E4F-09E5-4280-ACEF-E50B7D8EC512} - System32\Tasks\{1CEEBFAE-C391-4B76-A5AE-9C4D0E8EA3CF} => C:\Program Files (x86)\MOTORRAD Tourenplaner 2008 2009\bin\tcstart.exe [2008-01-23] (PTV AG)
Task: {56771067-F3C5-49AF-AEC7-96EDCFE3403B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.)
Task: {894FF2A0-9B85-4054-BBDD-A2C859625248} - System32\Tasks\{9BAD77CB-96EC-4A63-B07B-3D4161D75F92} => C:\Program Files (x86)\MOTORRAD Tourenplaner 2008 2009\bin\tcstart.exe [2008-01-23] (PTV AG)
Task: {AA125844-A2DD-46F6-A46C-71E056F76E43} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {B11998A1-8386-47E2-A043-D526059AEA30} - System32\Tasks\WinZip Malware Protector_startup => C:\Program Files (x86)\WinZip Malware Protector\WinZipMalwareProtector.exe [2013-07-15] (Nico Mak Computing)
Task: {B2488636-7211-4696-9314-74C27185647F} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {D7E9F0E1-69F2-4364-B178-DDB3F4A00A78} - System32\Tasks\{1BF76954-26B6-4F1B-B7CD-106AE876A0B8} => D:\SETUP.EXE
Task: {E396D94E-F19B-4518-9765-7EA4F69363D6} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2014-01-31] () <==== ATTENTION
Task: {E74EAB12-1BD5-41A3-B0BD-28FD7D6804F3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.)
Task: {F75D9595-BE31-4215-9128-30E85DEBE2F7} - System32\Tasks\{E9818D4B-EC23-43BB-BA15-9E56DE3213E3} => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2010-12-23 19:33 - 2010-12-23 19:33 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2014-08-01 15:39 - 2013-10-29 00:38 - 00097568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-11-14 12:21 - 2007-07-12 22:37 - 00085504 _____ () C:\Windows\System32\cpwmon64.dll
2011-10-04 07:35 - 2003-04-19 03:06 - 00008192 _____ () c:\Windows\SysWOW64\srvany.exe
2013-12-04 11:39 - 2013-06-03 13:06 - 03999512 _____ () C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe
2014-08-01 15:40 - 2013-12-04 01:22 - 02384672 _____ () C:\Program Files\NVIDIA Corporation\nView\nview64.dll
2011-02-08 07:41 - 2011-02-08 07:41 - 00173856 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2010-12-23 19:33 - 2010-12-23 19:33 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2011-10-04 07:39 - 2011-04-22 17:59 - 00686704 _____ () C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
2010-11-17 16:35 - 2010-11-17 16:35 - 00514544 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
2014-08-01 15:40 - 2013-12-04 01:22 - 00518432 _____ () C:\Program Files\NVIDIA Corporation\nview\nvshell.dll
2013-10-01 22:25 - 2013-10-01 22:25 - 00276008 _____ () C:\Program Files\SolidWorks Corp\SolidWorks (3)\sldBodyDiffu.dll
2014-06-12 12:30 - 2014-06-12 12:30 - 00276008 _____ () C:\Program Files\SolidWorks Corp\SolidWorks (4)\sldBodyDiffu.dll
2013-09-20 20:06 - 2013-09-20 20:06 - 00133912 _____ () C:\Program Files\SolidWorks Corp\SolidWorks (4)\swaxplan.dll
2014-06-12 12:29 - 2014-06-12 12:29 - 00257064 _____ () C:\Program Files\SolidWorks Corp\SolidWorks (4)\featurecplu.dll
2014-06-12 12:29 - 2014-06-12 12:29 - 01104424 _____ () C:\Program Files\SolidWorks Corp\SolidWorks (4)\CouplingBase.dll
2014-10-19 09:10 - 2014-10-19 09:10 - 00312832 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\featurecplu\b08fcd1c4cf9c7922d53a61518301cc4\featurecplu.ni.dll
2014-10-19 09:09 - 2014-10-19 09:09 - 01719296 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\couplingBase\1dd0facf25b45eac77fb14302c4bff7f\couplingBase.ni.dll
2014-06-12 12:30 - 2014-06-12 12:30 - 05767208 _____ () C:\Program Files\SolidWorks Corp\SolidWorks (4)\sldcoreu.dll
2014-06-12 12:32 - 2014-06-12 12:32 - 00201256 _____ () C:\Program Files\SolidWorks Corp\SolidWorks (4)\wpfsupport.dll
2014-06-12 12:28 - 2014-06-12 12:28 - 00238120 _____ () C:\Program Files\SolidWorks Corp\SolidWorks (4)\annotationcplu.dll
2014-06-12 12:28 - 2014-06-12 12:28 - 00407592 _____ () C:\Program Files\SolidWorks Corp\SolidWorks (4)\asmfeaturecplu.dll
2014-06-12 12:29 - 2014-06-12 12:29 - 00452648 _____ () C:\Program Files\SolidWorks Corp\SolidWorks (4)\contentcplu.dll
2014-06-12 12:29 - 2014-06-12 12:29 - 00107048 _____ () C:\Program Files\SolidWorks Corp\SolidWorks (4)\environmentcplu.dll
2014-06-12 12:30 - 2014-06-12 12:30 - 00170024 _____ () C:\Program Files\SolidWorks Corp\SolidWorks (4)\refgeomcplu.dll
2014-06-12 12:30 - 2014-06-12 12:30 - 00417320 _____ () C:\Program Files\SolidWorks Corp\SolidWorks (4)\sheetmetalcplu.dll
2014-06-12 12:30 - 2014-06-12 12:30 - 00748072 _____ () C:\Program Files\SolidWorks Corp\SolidWorks (4)\Sketchcplu.dll
2014-06-12 12:29 - 2014-06-12 12:29 - 00097320 _____ () C:\Program Files\SolidWorks Corp\SolidWorks (4)\clrloadu.dll
2014-08-01 15:12 - 2014-08-01 15:12 - 00134656 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\clrloadu\fe33d39fe342c9f055383eb69a9c6b4a\clrloadu.ni.dll
2014-10-19 09:09 - 2014-10-19 09:09 - 00366080 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\annotationcplu\60f78cc7f6121d36591a5fc1236b86bb\annotationcplu.ni.dll
2014-10-19 09:10 - 2014-10-19 09:10 - 00719360 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\asmfeaturecplu\066ad06a2074e9d7e47e12644ee224fc\asmfeaturecplu.ni.dll
2014-10-19 09:09 - 2014-10-19 09:09 - 00731136 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\contentcplu\82e8ab72f8965561a4ac51b3bc53329d\contentcplu.ni.dll
2014-10-19 09:10 - 2014-10-19 09:10 - 00238080 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\refgeomcplu\065d2f00fe22db8e823badc2c5378484\refgeomcplu.ni.dll
2014-10-19 09:10 - 2014-10-19 09:10 - 00737792 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\sheetmetalcplu\bf4b5db9dfdbe9a9b721b542387e9e26\sheetmetalcplu.ni.dll
2014-10-19 09:09 - 2014-10-19 09:09 - 01085440 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Sketchcplu\9288b2a086e70495ea5757d23b26217f\Sketchcplu.ni.dll
2014-06-12 12:30 - 2014-06-12 12:30 - 00201256 _____ () C:\Program Files\SolidWorks Corp\SolidWorks (4)\partcplu.dll
2014-06-12 12:29 - 2014-06-12 12:29 - 00902184 _____ () C:\Program Files\SolidWorks Corp\SolidWorks (4)\doccplu.dll
2014-10-19 09:09 - 2014-10-19 09:09 - 11246080 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\sldcoreu\a0ac61d8d1d8575670fa03dd99c4c893\sldcoreu.ni.dll
2014-10-19 09:09 - 2014-10-19 09:09 - 00300544 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\wpfsupport\db40bc5f2e157b21774c17229390b136\wpfsupport.ni.dll
2014-06-12 12:28 - 2014-06-12 12:28 - 00211496 _____ () C:\Program Files\SolidWorks Corp\SolidWorks (4)\assemblycplu.dll
2014-08-01 15:40 - 2013-12-04 01:22 - 02056480 _____ () C:\Program Files\NVIDIA Corporation\nView\nview.dll
2013-12-04 11:39 - 2013-06-03 13:06 - 09907712 _____ () C:\Program Files (x86)\Tobit Radio.fx\Client\TOBITCLT.dll
2013-12-04 11:39 - 2013-05-16 14:28 - 00242688 _____ () C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-client$.ger
2010-11-25 04:44 - 2010-11-25 04:44 - 00375280 _____ () C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll
2014-11-09 10:40 - 2014-11-09 10:40 - 00043008 _____ () c:\Users\Max Mengelberg\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpo8pn7y.dll
2013-08-23 20:01 - 2013-08-23 20:01 - 25100288 _____ () C:\Users\Max Mengelberg\AppData\Roaming\Dropbox\bin\libcef.dll
2014-10-17 22:18 - 2014-10-17 22:18 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\93182e9779b8be0f688fd0784df6d7fb\IsdiInterop.ni.dll
2011-10-04 07:36 - 2010-11-06 05:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2014-06-11 20:25 - 2014-06-11 20:25 - 03022960 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2014-06-11 20:25 - 2014-06-11 20:25 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2014-06-11 20:25 - 2014-06-11 20:25 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
2013-09-20 20:41 - 2013-09-20 20:41 - 00059160 _____ () C:\Program Files\SolidWorks Corp\SolidWorks (4)\swVBAServer\zlib.dll
2009-07-13 22:03 - 2009-07-14 02:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2014-05-08 14:48 - 2014-05-08 14:48 - 14588632 _____ () C:\Program Files (x86)\Adobe\Reader 11.0\Reader\NPSWF32.dll
2012-09-23 19:43 - 2012-09-23 19:43 - 00313992 _____ () C:\Program Files (x86)\Adobe\Reader 11.0\Reader\sqlite.dll
2014-05-10 13:28 - 2014-09-25 10:55 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-11-10 15:27 - 2013-02-28 16:53 - 00886272 _____ () C:\Program Files (x86)\WinZip Malware Protector\System.Data.SQLite.dll
2014-11-10 15:27 - 2013-07-15 16:53 - 01717936 _____ () C:\Program Files (x86)\WinZip Malware Protector\aspsys.dll
2014-11-10 15:27 - 2013-02-28 16:53 - 00168448 _____ () C:\Program Files (x86)\WinZip Malware Protector\UNRAR.DLL
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-3300202761-1955330803-1272055055-500 - Administrator - Disabled)
Gast (S-1-5-21-3300202761-1955330803-1272055055-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3300202761-1955330803-1272055055-1003 - Limited - Enabled)
Max Mengelberg (S-1-5-21-3300202761-1955330803-1272055055-1001 - Administrator - Enabled) => C:\Users\Max Mengelberg
==================== Faulty Device Manager Devices =============
Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Officejet Pro 8000 A809
Description: Officejet Pro 8000 A809
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (11/10/2014 11:59:32 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005
Error: (11/09/2014 05:25:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: sldworks.exe, Version: 18.5.0.128, Zeitstempel: 0x4cf7461f
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521eaf24
Ausnahmecode: 0xc0000374
Fehleroffset: 0x00000000000c4102
ID des fehlerhaften Prozesses: 0x283c
Startzeit der fehlerhaften Anwendung: 0xsldworks.exe0
Pfad der fehlerhaften Anwendung: sldworks.exe1
Pfad des fehlerhaften Moduls: sldworks.exe2
Berichtskennung: sldworks.exe3
Error: (11/09/2014 04:33:14 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005
Error: (11/09/2014 11:30:21 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005
Error: (11/09/2014 10:35:53 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/08/2014 11:07:21 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005
Error: (11/07/2014 10:05:47 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005
Error: (11/07/2014 09:40:52 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/06/2014 07:47:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/06/2014 00:53:59 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005
System errors:
=============
Error: (11/09/2014 04:01:01 PM) (Source: BTHUSB) (EventID: 16) (User: )
Description: Die beiderseitige Authentifizierung zwischen dem lokalen Bluetooth-Adapter und einem Gerät mit Bluetooth-Adapteradresse (20:6e:9c:75:fb:eb) ist fehlgeschlagen.
Error: (11/09/2014 04:00:50 PM) (Source: BTHUSB) (EventID: 5) (User: )
Description: Der Bluetooth-Treiber hat ein HCI-Ereignis mit einer bestimmten Größe erwartet, das aber nicht empfangen wurde.
Error: (11/09/2014 03:25:23 PM) (Source: BTHUSB) (EventID: 16) (User: )
Description: Die beiderseitige Authentifizierung zwischen dem lokalen Bluetooth-Adapter und einem Gerät mit Bluetooth-Adapteradresse (20:6e:9c:75:fb:eb) ist fehlgeschlagen.
Error: (11/09/2014 10:38:50 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {10DA4F3C-CC99-4190-BE4D-58330754E882}
Error: (11/09/2014 10:36:13 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Disaster Recovery Imaging" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (11/09/2014 10:35:54 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "NTRU TSS v1.2.1.36 TCS" ist vom Dienst "TPM-Basisdienste" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%0
Error: (11/07/2014 09:41:02 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Disaster Recovery Imaging" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (11/07/2014 09:40:51 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "NTRU TSS v1.2.1.36 TCS" ist vom Dienst "TPM-Basisdienste" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%0
Error: (11/06/2014 07:50:24 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {10DA4F3C-CC99-4190-BE4D-58330754E882}
Error: (11/06/2014 07:48:48 PM) (Source: iaStor) (EventID: 9) (User: )
Description: Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet.
Microsoft Office Sessions:
=========================
Error: (11/10/2014 11:59:32 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005
Error: (11/09/2014 05:25:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: sldworks.exe18.5.0.1284cf7461fntdll.dll6.1.7601.18247521eaf24c000037400000000000c4102283c01cffc328b7bce06C:\Program Files\SolidWorks Corp\SolidWorks\sldworks.exeC:\Windows\SYSTEM32\ntdll.dllf7526241-682c-11e4-a0db-60d819f8740c
Error: (11/09/2014 04:33:14 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005
Error: (11/09/2014 11:30:21 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005
Error: (11/09/2014 10:35:53 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/08/2014 11:07:21 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005
Error: (11/07/2014 10:05:47 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005
Error: (11/07/2014 09:40:52 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/06/2014 07:47:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/06/2014 00:53:59 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-2920XM CPU @ 2.50GHz
Percentage of memory in use: 36%
Total physical RAM: 16340.9 MB
Available physical RAM: 10395 MB
Total Pagefile: 32679.98 MB
Available Pagefile: 25668.26 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:246.37 GB) (Free:68.92 GB) NTFS
Drive f: (Volume) (Fixed) (Total:100 GB) (Free:16.72 GB) NTFS
Drive h: (Volume) (Fixed) (Total:106.58 GB) (Free:21.54 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 568A7C67)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=12.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=246.4 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=206.6 GB) - (Type=OF Extended)
==================== End Of Log ============================
|
|
11.11.2014, 16:37
| #4 |
| /// the machine /// TB-Ausbilder | gefälschte Vodafone-Rechnung Lade Dir bitte von hier  Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
11.11.2014, 20:32
| #5 |
| | gefälschte Vodafone-Rechnung Hallo Schrauber, Combofix hat nicht gemeckert und es gab auch keine Fehlermeldung. Code:
ATTFilter ComboFix 14-11-11.01 - Max Mengelberg 11.11.2014 19:50:51.1.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.16341.12954 [GMT 1:00]
ausgeführt von:: c:\users\Max Mengelberg\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Enabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\security\Database\tmp.edb
c:\windows\ST6UNST.000
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-10-11 bis 2014-11-11 ))))))))))))))))))))))))))))))
.
.
2014-11-11 18:58 . 2014-11-11 18:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-11-11 18:32 . 2014-11-11 18:32 -------- d-----w- c:\program files (x86)\VS Revo Group
2014-11-10 15:18 . 2014-11-10 15:20 -------- d-----w- C:\FRST
2014-11-10 14:27 . 2014-11-10 18:39 -------- d-----w- c:\users\Max Mengelberg\AppData\Roaming\Nico Mak Computing
2014-11-10 13:26 . 2014-11-10 13:26 -------- d-----w- c:\users\Max Mengelberg\AppData\Roaming\QuickScan
2014-10-30 08:28 . 2014-10-30 08:28 -------- d-----w- c:\program files\Google
2014-10-26 13:10 . 2014-10-26 13:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2014-10-26 13:10 . 2014-10-26 13:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2014-10-26 13:10 . 2014-10-26 13:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2014-10-26 13:10 . 2014-10-26 13:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2014-10-26 13:10 . 2014-10-26 13:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2014-10-26 13:10 . 2014-10-26 13:10 -------- d-----w- c:\program files (x86)\QuickTime
2014-10-26 13:10 . 2014-10-26 13:10 -------- d-----w- c:\programdata\Apple Computer
2014-10-23 17:51 . 2014-10-23 17:51 -------- d-----w- c:\users\Max Mengelberg\AppData\Roaming\Avery
2014-10-23 17:50 . 2014-11-10 18:40 -------- d-----w- c:\programdata\Avery
2014-10-23 16:43 . 2014-10-23 16:43 -------- d-----w- c:\users\Max Mengelberg\AppData\Local\Tempad8d4e78ba2d6a4719c524a41c9ad285
2014-10-23 16:42 . 2014-10-23 16:42 -------- d-----w- c:\users\Max Mengelberg\ChromeExtensions
2014-10-23 16:42 . 2014-10-23 16:42 -------- d-----w- c:\users\Max Mengelberg\AppData\Local\Temp32ce20853bcb874bd0a9e2d387ad366c
2014-10-23 16:42 . 2014-10-23 16:42 -------- d-----w- c:\users\Max Mengelberg\AppData\Local\Temp24786dc9db3b9947f69c21b2e1854d76
2014-10-23 16:42 . 2014-10-23 16:42 -------- d-----w- c:\users\Max Mengelberg\AppData\Local\Tempdde92f4c4349613f7dc464a8b6d44229
2014-10-23 16:26 . 2014-10-23 16:26 -------- d-----w- c:\program files (x86)\Sigel
2014-10-23 16:25 . 2014-10-23 16:25 -------- d-----w- c:\programdata\XDMessagingv4
2014-10-23 16:25 . 2014-10-23 16:25 -------- d-----w- c:\users\Max Mengelberg\AppData\Roaming\Abelssoft
2014-10-23 16:25 . 2014-10-23 16:26 -------- d-----w- c:\users\Max Mengelberg\AppData\Local\Abelssoft
2014-10-23 16:25 . 2014-10-25 09:17 -------- d-----w- c:\program files (x86)\CHIP Updater
2014-10-23 16:25 . 2014-11-10 18:43 -------- d-----w- c:\users\Max Mengelberg\AppData\Roaming\DesktopIconForAmazon
2014-10-20 08:04 . 2014-10-20 08:04 -------- d-----w- c:\users\Max Mengelberg\AppData\Roaming\Oracle
2014-10-20 08:02 . 2014-10-20 08:02 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-10-20 08:01 . 2014-10-20 08:01 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-10-20 08:01 . 2014-10-20 08:01 -------- d-----w- c:\program files (x86)\Java
2014-10-16 16:53 . 2014-10-07 02:04 235184 ----a-w- c:\program files (x86)\Internet Explorer\sqmapi.dll
2014-10-16 16:40 . 2014-10-10 02:05 276480 ----a-w- c:\windows\system32\generaltel.dll
2014-10-16 16:40 . 2014-10-10 02:05 507392 ----a-w- c:\windows\system32\aepdu.dll
2014-10-16 16:40 . 2014-10-10 02:00 424448 ----a-w- c:\windows\system32\aeinv.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-30 08:27 . 2012-03-31 16:14 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-10-30 08:27 . 2011-10-04 06:24 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-10-28 05:34 . 2010-11-21 03:27 275080 ------w- c:\windows\system32\MpSigStub.exe
2014-10-26 09:52 . 2014-08-09 10:20 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2014-10-16 22:09 . 2011-10-09 10:33 103265616 ----a-w- c:\windows\system32\MRT.exe
2014-10-14 19:59 . 2014-11-11 07:31 11627712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2F78C263-C77B-4208-BAE5-A22AF935D136}\mpengine.dll
2014-10-02 13:23 . 2014-10-02 13:23 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2014-10-02 13:23 . 2014-10-02 13:23 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2014-09-25 02:08 . 2014-10-01 07:40 371712 ----a-w- c:\windows\system32\qdvd.dll
2014-09-25 01:40 . 2014-10-01 07:40 519680 ----a-w- c:\windows\SysWow64\qdvd.dll
2014-09-10 16:14 . 2010-06-24 16:33 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-09-09 22:11 . 2014-09-24 08:14 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-09 21:47 . 2014-09-24 08:14 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-08-23 02:07 . 2014-08-28 08:36 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-08-23 01:45 . 2014-08-28 08:36 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2014-01-31 1521080]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2014-01-31 10:13 1521080 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2014-01-31 1521080]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Max Mengelberg\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Max Mengelberg\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Max Mengelberg\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"rfxsrvtray"="c:\program files (x86)\Tobit Radio.fx\Client\rfx-tray.exe" [2013-02-07 1838872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Device Detector"="DevDetect.exe -autorun" [X]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2011-01-17 112152]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-03-12 462993]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-04-29 50472]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2011-09-08 888488]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-09-26 271744]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-10-02 421888]
.
c:\users\Max Mengelberg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
BUFFALO NAS Navigator2.lnk - c:\program files (x86)\BUFFALO\NASNAVI\NasNavi.exe /startup [2012-10-25 1929323]
Dropbox.lnk - c:\users\Max Mengelberg\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-9-13 36414624]
NAS Scheduler.lnk - c:\program files (x86)\BUFFALO\NASNAVI\nassche.exe [2013-8-28 206128]
SolidWorks Taskplaner Modul.lnk - c:\program files\SolidWorks Corp\SolidWorks (3)\swScheduler\swBOEngine.exe [2013-10-1 1388584]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-2-8 1136928]
Dell System Manager.lnk - c:\program files\Dell\Dell System Manager\DCPSysMgr.exe [2011-1-20 1552240]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-23 270336]
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office\OSA9.EXE -b -l [1999-4-30 65588]
Radio.fx.LNK - c:\program files (x86)\Tobit Radio.fx\Client\rfx-client.exe [2013-12-4 6759704]
SolidWorks 2013 Schnellstart.lnk - c:\windows\Installer\{B6B5EA7E-B91F-443D-A958-B0062FB53804}\NewShortcut2_87EDF6C81D0A4B7B84F42FE0C6A9D608.exe [2012-11-28 335872]
SolidWorks 2014 Schnellstart.lnk - c:\windows\Installer\{4FFA60C4-9A8B-4C9E-8265-2241B266304C}\NewShortcut2_87EDF6C81D0A4B7B84F42FE0C6A9D608.exe [2014-8-1 335872]
SolidWorks Hintergrund-Downloader.lnk - c:\program files (x86)\Common Files\SolidWorks Installations-Manager\BackgroundDownloading\sldBgDwld.exe /launch_from 0 [2014-8-1 2740264]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Disaster Recovery Imaging;Disaster Recovery Imaging;c:\program files (x86)\NovaStor\NovaStor NovaBACKUP Professional\DR\x64\drdiag.exe;c:\program files (x86)\NovaStor\NovaStor NovaBACKUP Professional\DR\x64\drdiag.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
R3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks Corp\SolidWorks (4)\swScheduler\DTSCoordinatorService.exe;c:\program files\SolidWorks Corp\SolidWorks (4)\swScheduler\DTSCoordinatorService.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 GenericMount;Generic Mount Driver;c:\windows\system32\DRIVERS\GenericMount.sys;c:\windows\SYSNATIVE\DRIVERS\GenericMount.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]
R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys;c:\windows\SYSNATIVE\DRIVERS\netvsc60.sys [x]
R3 O2MDFRDR;O2MDFRDR;c:\windows\system32\drivers\O2MDFw7x64.sys;c:\windows\SYSNATIVE\drivers\O2MDFw7x64.sys [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys;c:\windows\SYSNATIVE\DRIVERS\VMBusVideoM.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys;c:\windows\SYSNATIVE\DRIVERS\stdcfltn.sys [x]
S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvkflt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [x]
S2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [x]
S2 dcpsysmgrsvc;Dell System Manager Service;c:\program files\Dell\Dell System Manager\DCPSysMgrSvc.exe;c:\program files\Dell\Dell System Manager\DCPSysMgrSvc.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [x]
S2 NVWMI;NVIDIA WMI Provider;c:\windows\system32\nvwmi64.exe;c:\windows\SYSNATIVE\nvwmi64.exe [x]
S2 O2SDIOAssist;O2SDIOAssist;c:\windows\SysWOW64\srvany.exe;c:\windows\SysWOW64\srvany.exe [x]
S2 Radio.fx;Radio.fx Server;c:\program files (x86)\Tobit Radio.fx\Server\rfx-server.exe;c:\program files (x86)\Tobit Radio.fx\Server\rfx-server.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 Wave Authentication Manager Service;Wave Authentication Manager Service;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [x]
S2 ZcfgSvc7;Intel(R) PROSet/Wireless ZeroConfig Service;c:\program files\Intel\WiFi\bin\ZCfgSvc7.exe;c:\program files\Intel\WiFi\bin\ZCfgSvc7.exe [x]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys;c:\windows\SYSNATIVE\DRIVERS\Accelern.sys [x]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 cvusbdrv;Dell ControlVault;c:\windows\system32\Drivers\cvusbdrv.sys;c:\windows\SYSNATIVE\Drivers\cvusbdrv.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 O2MDRRDR;O2MDRRDR;c:\windows\system32\DRIVERS\O2MDRw7x64.sys;c:\windows\SYSNATIVE\DRIVERS\O2MDRw7x64.sys [x]
S3 O2SDJRDR;O2SDJRDR;c:\windows\system32\DRIVERS\o2sdjw7x64.sys;c:\windows\SYSNATIVE\DRIVERS\o2sdjw7x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-10-29 08:45 1089352 ----a-w- c:\program files (x86)\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-11-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 08:27]
.
2014-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-12 09:14]
.
2014-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-12 09:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Max Mengelberg\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Max Mengelberg\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Max Mengelberg\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Max Mengelberg\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2011-05-27 22:46 139128 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2011-05-27 22:46 139128 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-04-05 608112]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-07 525312]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-28 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-28 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-28 416024]
"IntelPROSet"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-12-23 1934608]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2011-04-22 686704]
"TdmNotify"="c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe" [2011-05-27 257392]
"DBRMTray"="c:\dell\DBRM\Reminder\DbrmTrayIcon.exe" [2011-03-08 227328]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2013-12-04 2747680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{c0e8ae32-0758-4c8d-ab71-23b361fe8964} - c:\users\MAXMEN~1\AppData\Local\Temp\ie_script_fwde.htm
Trusted Zone: cleverreach.com\novastor
Trusted Zone: google-analytics.com
Trusted Zone: novastor.com
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Max Mengelberg\AppData\Roaming\Mozilla\Firefox\Profiles\kil6doe5.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - ExtSQL: !HIDDEN! 2011-10-09 12:29; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - user.js: extensions.blocklist.enabled - false
FF - user.js: app.update.auto - false
FF - user.js: security.mixed_content.block_active_content - false
FF - user.js: security.mixed_content.block_display_content - false
FF - user.js: app.update.staging.enabled - true
FF - user.js: app.update.interval - 31536000
FF - user.js: app.update.idletime - 31536000
FF - user.js: browser.search.update - false
FF - user.js: browser.search.update.interval - 31536000
FF - user.js: app.update.channel - default
FF - user.js: extensions.getAddons.cache.enabled - false
FF - user.js: app.update.download.backgroundInterval - 31536000
FF - user.js: browser.safebrowsing.appRepURL -
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-DriverTurbo - c:\program files (x86)\DriverTurbo\DriverTurbo.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
AddRemove-{5A0C0737-6AFE-4DC6-A8B4-6DFE509ACD75}_is1 - c:\users\Max Mengelberg\AppData\Roaming\Mozilla\Firefox\Profiles\kil6doe5.default\extensions\cliqz@cliqz.com\unins000.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3300202761-1955330803-1272055055-1001\Software\SecuROM\License information*]
"datasecu"=hex:03,41,c9,04,dc,5f,a8,d6,32,f7,cb,2d,1e,99,9f,d5,db,96,d4,8a,df,
38,76,f6,76,02,b2,4d,d7,2a,72,15,5c,a8,90,b8,8d,47,a5,4f,42,e8,d1,3d,10,e0,\
"rkeysecu"=hex:d2,c2,7b,67,4f,c2,53,91,f3,aa,5c,6f,ae,bb,a6,60
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\DRIVERS\o2flash.exe
c:\windows\sysWOW64\SDIOAssist.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-11-11 20:07:35 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2014-11-11 19:07
.
Vor Suchlauf: 27 Verzeichnis(se), 76.517.384.192 Bytes frei
Nach Suchlauf: 30 Verzeichnis(se), 94.869.213.184 Bytes frei
.
- - End Of File - - 533B2673B0A718494086CDE8998B97B1
Pampel |
|
12.11.2014, 19:08
| #6 |
| /// the machine /// TB-Ausbilder | gefälschte Vodafone-Rechnung Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> gefälschte Vodafone-Rechnung |
|
12.11.2014, 21:04
| #7 |
| | gefälschte Vodafone-Rechnung Hallo Schrauber, Die mbam.txt ist leer. Keine Ahnung, was ich falsch gemacht habe. Code:
ATTFilter # AdwCleaner v4.101 - Bericht erstellt am 12/11/2014 um 20:23:49
# Aktualisiert 09/11/2014 von Xplode
# Database : 2014-11-12.2 [Live]
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : Max Mengelberg - CAD4
# Gestartet von : C:\Users\Max Mengelberg\Desktop\AdwCleaner_4.101.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\apn
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\Program Files (x86)\Ask.com
Ordner Gelöscht : C:\Program Files (x86)\Common Files\Tobit
Ordner Gelöscht : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Ordner Gelöscht : C:\Users\Max Mengelberg\AppData\Local\AskToolbar
Ordner Gelöscht : C:\Users\Max Mengelberg\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\Max Mengelberg\AppData\Roaming\DesktopIconForAmazon
Ordner Gelöscht : C:\Users\Max Mengelberg\AppData\Roaming\Tobit
Ordner Gelöscht : C:\Users\Max Mengelberg\AppData\Roaming\DriverTurbo
Ordner Gelöscht : C:\Users\Max Mengelberg\AppData\Roaming\Mozilla\Firefox\Profiles\kil6doe5.default\Extensions\sparpilot@sparpilot.com
Ordner Gelöscht : C:\Users\Max Mengelberg\AppData\Roaming\Mozilla\Firefox\Profiles\kil6doe5.default\Extensions\toolbar@ask.com
Datei Gelöscht : C:\Users\Max Mengelberg\AppData\Roaming\Mozilla\Firefox\Profiles\kil6doe5.default\invalidprefs.js
Datei Gelöscht : C:\Users\Max Mengelberg\AppData\Roaming\Mozilla\Firefox\Profiles\kil6doe5.default\searchplugins\11-suche.xml
Datei Gelöscht : C:\Users\Max Mengelberg\AppData\Roaming\Mozilla\Firefox\Profiles\kil6doe5.default\searchplugins\Askcom.xml
Datei Gelöscht : C:\Users\Max Mengelberg\AppData\Roaming\Mozilla\Firefox\Profiles\kil6doe5.default\searchplugins\askcomsearch.xml
Datei Gelöscht : C:\Users\Max Mengelberg\AppData\Roaming\Mozilla\Firefox\Profiles\kil6doe5.default\searchplugins\ask-search.xml
Datei Gelöscht : C:\Users\Max Mengelberg\AppData\Roaming\Mozilla\Firefox\Profiles\kil6doe5.default\user.js
***** [ Tasks ] *****
Task Gelöscht : Scheduled Update for Ask Toolbar
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{065C1A21-97F8-45FB-A9F0-861B60FACEC8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3204358F-5904-46A6-841F-D6B5BE3EF4E3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3AE67737-0E3E-44AA-AA5E-46A68BF017FF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3EE5B726-044A-48D2-AA7B-049BD9A0F62A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{60FBBE03-57FF-49D8-B38E-053D3F489825}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6A5182F1-C0B8-42B8-96CC-7F329CD46913}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6C153418-8E4D-4FAF-AF27-5201E38463A7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A26A2F05-AC4D-4A1E-9531-9125F7309B78}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CC5D6240-7DF0-435D-9B9B-F8586A99DE86}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F343045E-E20A-46E1-82D8-9962C43EFC9E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FBB360DC-CB6C-4D6A-808A-2C773151BFFF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FFD7DDAC-EC28-42A5-8D39-917B9078604B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F994E0D9-8335-48F1-99C2-A712C21F8D5F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{F63A9EB9-6C59-4C4E-8AEA-6594ED04EF11}
Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\APN
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\apnwidgets.ask.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17344
-\\ Mozilla Firefox v32.0.3 (x86 de)
[kil6doe5.default\prefs.js] - Zeile gelöscht : user_pref("browser.newtab.url", "chrome://unitedtb/content/newtab/newtab-page.xhtml");
[kil6doe5.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.defaultengine", "Ask.com Search");
[kil6doe5.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.defaultenginename", "Ask.com Search");
[kil6doe5.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.order.1", "Ask.com Search");
[kil6doe5.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.selectedEngine", "Ask.com Search");
[kil6doe5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.asktb.AviraIDW-TS", "1319885630412");
[kil6doe5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.asktb.AviraIDW-XML", "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\r\n<button xmlns=\"hxxp://websearch.ask.com/widgets\">\n <widget_url>hxxps://aviratoolbar.idwatchdog.com/toolbar[...]
[kil6doe5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.asktb.InstallDir", "C:\\Program Files (x86)\\Ask.com\\");
[kil6doe5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.asktb.OOBEVersion", "1");
[kil6doe5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.asktb.autofill-text-highlight-enabled", true);
[kil6doe5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.asktb.cbid", "LL");
[kil6doe5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.asktb.config-updated", false);
[kil6doe5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.asktb.crumb", "2011.10.07+11.11.04-toolbar003iad-DE-Q29sb2duZSxHZXJtYW55");
[kil6doe5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://de.ask.com/web?q={query}&qsrc={qsrc}&o={o}&l={l}&gct=bar");
[kil6doe5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.asktb.dtid", "YYYYYYYYDE");
[kil6doe5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=");
[kil6doe5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.asktb.first-launch-url", "hxxp://picasa-readme.blogspot.com/");
[kil6doe5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.asktb.first-restart-after-config-update", true);
[kil6doe5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.asktb.fresh-install", false);
[kil6doe5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.asktb.guid", "1bb34d7f-a1f9-4890-94c2-5db083edefed");
[kil6doe5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com\", \"www.facebook.com\", \"www.playsushi.com\", \"WWW.google.com\", \"hxxps://websearch.ask.com\", [...]
[kil6doe5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.asktb.if", "first");
[kil6doe5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.asktb.keyword-toggled-in-session", false);
[kil6doe5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.asktb.l", "dis");
[kil6doe5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.asktb.last-config-req", "1402653905818");
[kil6doe5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.asktb.last-search-timestamp", "1397985903162");
[kil6doe5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.asktb.locale", "de_DE");
[kil6doe5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.asktb.location", "Cologne,Germany");
[kil6doe5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.asktb.new-tab-opt-out", true);
[kil6doe5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.asktb.notification-shown", true);
[kil6doe5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.asktb.o", "APN10023");
[kil6doe5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
[kil6doe5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.asktb.qsrc", "2871");
[kil6doe5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.asktb.r", "2");
[kil6doe5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.asktb.sa", "YES");
[kil6doe5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.asktb.saguid", "C4FBD2B9-1190-40A3-B230-3589D18FFA34");
[kil6doe5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.asktb.search-history-queries", "ganterhirth-ringzeichnungsvordrucke solidworkswo zeichnungsvordrucke solidworkswo finde ich zeichnungsvordrucke solidworksThe Oxwagon Ri[...]
[kil6doe5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.asktb.search-suggestions-enabled", true);
[kil6doe5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.asktb.silent-upgrade", true);
[kil6doe5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);
[kil6doe5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.asktb.socialmini-native-on", true);
[kil6doe5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.asktb.themeid", "");
[kil6doe5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.asktb.timeinstalled", "13.06.2012 13:19:09");
[kil6doe5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.asktb.to", "");
[kil6doe5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.asktb.v", "3.15.31.100015");
[kil6doe5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.asktb.version", "5.15.31.57710");
[kil6doe5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.toolbar@ask.com.install-event-fired", true);
[kil6doe5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.toolbar_ORJ-V7C@apn.ask.com.install-event-fired", true);
-\\ Google Chrome v38.0.2125.111
*************************
AdwCleaner[R0].txt - [14677 octets] - [12/11/2014 20:14:04]
AdwCleaner[R1].txt - [14738 octets] - [12/11/2014 20:21:29]
AdwCleaner[S0].txt - [14659 octets] - [12/11/2014 20:23:49]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [14720 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.7 (11.08.2014:1)
OS: Windows 7 Professional x64
Ran by Max Mengelberg on 12.11.2014 at 20:42:07,97
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] "hkey_current_user\software\classes\typelib\{006ad7b2-968a-11de-88c9-5bde55d89593}"
Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9"
~~~ Files
~~~ Folders
~~~ FireFox
Successfully deleted: [File] C:\Users\Max Mengelberg\AppData\Roaming\mozilla\firefox\profiles\kil6doe5.default\searchplugins\avira-safesearch.xml
Successfully deleted: [Folder] C:\Users\Max Mengelberg\AppData\Roaming\mozilla\firefox\profiles\kil6doe5.default\extensions\safesearch@avira.com
Successfully deleted: [Folder] C:\Users\Max Mengelberg\AppData\Roaming\mozilla\firefox\profiles\kil6doe5.default\extensions\toolbar@web.de
Successfully deleted the following from C:\Users\Max Mengelberg\AppData\Roaming\mozilla\firefox\profiles\kil6doe5.default\prefs.js
user_pref("avira.safe_search.search_was_active", "false");
user_pref("extensions.bootstrappedAddons", "{\"elemhidehelper@adblockplus.org\":{\"version\":\"1.3\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Users\\\\Max Mengelberg\\\\A
user_pref("extensions.safesearch.MP_DISTINCT_ID", "\"147a5092931e7-0f581d9a9c989b-42504136-0-147a5092932326\"");
user_pref("extensions.safesearch.SAUTH_expires_at", "1415988538");
user_pref("extensions.safesearch.SAUTH_rndsnr", "\"7061afea2c968de632323805d3fe3bfc8116a6a7\"");
user_pref("extensions.safesearch.SAUTH_userid", "4292691168");
user_pref("extensions.safesearch.SAUTH_utoken", "\"a4e1a7c07cf284570a893b85ea46d386ef3fd096\"");
user_pref("extensions.safesearch.install", "1407223146806");
user_pref("extensions.safesearch@avira.com.install-event-fired", true);
Emptied folder: C:\Users\Max Mengelberg\AppData\Roaming\mozilla\firefox\profiles\kil6doe5.default\minidumps [84 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12.11.2014 at 20:45:36,26
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-11-2014 01 Ran by Max Mengelberg (administrator) on CAD4 on 12-11-2014 20:59:41 Running from C:\Users\Max Mengelberg\Desktop Loaded Profile: Max Mengelberg (Available profiles: Max Mengelberg) Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Windows\System32\nvwmi64.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Windows\System32\nvwmi64.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe (UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe (Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe (Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe (Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe (Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe () C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe (Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe (Dell Computer Corporation) C:\dell\DBRM\Reminder\DbrmTrayicon.exe (Tobit.Software) C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe (ACD Systems, Ltd.) C:\Program Files (x86)\Common Files\ACD Systems\DE\DevDetect.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Apple Inc.) C:\Program Files (x86)\QuickTime\QTTask.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe (Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Dassault Systèmes SolidWorks Corp.) C:\Program Files\SolidWorks Corp\SolidWorks (3)\sldworks_fs.exe (Dassault Systèmes SolidWorks Corp.) C:\Program Files\SolidWorks Corp\SolidWorks (4)\sldworks_fs.exe (Dassault Systèmes SolidWorks Corp.) C:\Program Files (x86)\Common Files\SolidWorks Installations-Manager\BackgroundDownloading\sldBgDwld.exe (BUFFALO INC.) C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe (Dropbox, Inc.) C:\Users\Max Mengelberg\AppData\Roaming\Dropbox\bin\Dropbox.exe (BUFFALO INC.) C:\Program Files (x86)\BUFFALO\NASNAVI\nassche.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Dassault Systèmes SolidWorks Corp.) C:\Program Files\SolidWorks Corp\SolidWorks (3)\swScheduler\swBOEngine.exe (Dell Inc.) C:\Program Files\Dell\Dell System Manager\PanelHelper32.exe (O2Micro International) C:\Windows\System32\drivers\o2flash.exe () C:\Windows\SysWOW64\srvany.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (O2Micro.) C:\Windows\SysWOW64\SDIOAssist.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Microsoft Corporation) C:\Windows\System32\vds.exe (Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe (Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [608112 2011-04-05] (Alps Electric Co., Ltd.) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-07] (IDT, Inc.) HKLM\...\Run: [IntelPROSet] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1934608 2010-12-23] (Intel(R) Corporation) HKLM\...\Run: [FreeFallProtection] => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2011-04-22] () HKLM\...\Run: [TdmNotify] => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe [257392 2011-05-27] (Wave Systems Corp.) HKLM\...\Run: [DBRMTray] => C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe [227328 2011-03-08] (Dell Computer Corporation) HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2747680 2013-12-04] () HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation) HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [112152 2011-01-17] (Intel Corporation) HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [462993 2010-03-12] (Creative Technology Ltd) HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2009-07-06] (CyberLink Corp.) HKLM-x32\...\Run: [PDVD9LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-04-29] (CyberLink Corp.) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions) HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] () HKLM-x32\...\Run: [Device Detector] => DevDetect.exe -autorun HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [124720 2014-10-09] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-10-23] (Avira Operations GmbH & Co. KG) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.) HKU\S-1-5-21-3300202761-1955330803-1272055055-1001\...\Run: [rfxsrvtray] => C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe [1838872 2013-02-07] (Tobit.Software) AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [184048 2013-12-04] (NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [156256 2013-12-04] (NVIDIA Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell System Manager.lnk ShortcutTarget: Dell System Manager.lnk -> C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe (Dell Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Radio.fx.LNK ShortcutTarget: Radio.fx.LNK -> C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-client.exe (Tobit.Software) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SolidWorks 2013 Schnellstart.lnk ShortcutTarget: SolidWorks 2013 Schnellstart.lnk -> C:\Windows\Installer\{B6B5EA7E-B91F-443D-A958-B0062FB53804}\NewShortcut2_87EDF6C81D0A4B7B84F42FE0C6A9D608.exe (Flexera Software, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SolidWorks 2014 Schnellstart.lnk ShortcutTarget: SolidWorks 2014 Schnellstart.lnk -> C:\Windows\Installer\{4FFA60C4-9A8B-4C9E-8265-2241B266304C}\NewShortcut2_87EDF6C81D0A4B7B84F42FE0C6A9D608.exe (Flexera Software LLC) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SolidWorks Hintergrund-Downloader.lnk ShortcutTarget: SolidWorks Hintergrund-Downloader.lnk -> C:\Program Files (x86)\Common Files\SolidWorks Installations-Manager\BackgroundDownloading\sldBgDwld.exe (Dassault Systèmes SolidWorks Corp.) Startup: C:\Users\Max Mengelberg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BUFFALO NAS Navigator2.lnk ShortcutTarget: BUFFALO NAS Navigator2.lnk -> C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe (BUFFALO INC.) Startup: C:\Users\Max Mengelberg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Max Mengelberg\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Max Mengelberg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NAS Scheduler.lnk ShortcutTarget: NAS Scheduler.lnk -> C:\Program Files (x86)\BUFFALO\NASNAVI\nassche.exe (BUFFALO INC.) Startup: C:\Users\Max Mengelberg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SolidWorks Taskplaner Modul.lnk ShortcutTarget: SolidWorks Taskplaner Modul.lnk -> C:\Program Files\SolidWorks Corp\SolidWorks (3)\swScheduler\swBOEngine.exe (Dassault Systèmes SolidWorks Corp.) ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.) ShellIconOverlayIdentifiers: [UninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/USREL/8 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie HKU\S-1-5-21-3300202761-1955330803-1272055055-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - DefaultScope {4D4B8109-E280-4844-BB98-CEDFA9107175} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=foxysecurity SearchScopes: HKCU - {4D4B8109-E280-4844-BB98-CEDFA9107175} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=foxysecurity SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - No File Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: http\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: https\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Max Mengelberg\AppData\Roaming\Mozilla\Firefox\Profiles\kil6doe5.default FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml FF Homepage: hxxp://www.google.de/ FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll () FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll () FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Users\Max Mengelberg\AppData\Roaming\Mozilla\Firefox\Profiles\kil6doe5.default\searchplugins\englische-ergebnisse.xml FF SearchPlugin: C:\Users\Max Mengelberg\AppData\Roaming\Mozilla\Firefox\Profiles\kil6doe5.default\searchplugins\gmx-suche.xml FF SearchPlugin: C:\Users\Max Mengelberg\AppData\Roaming\Mozilla\Firefox\Profiles\kil6doe5.default\searchplugins\google-images.xml FF SearchPlugin: C:\Users\Max Mengelberg\AppData\Roaming\Mozilla\Firefox\Profiles\kil6doe5.default\searchplugins\google-maps.xml FF SearchPlugin: C:\Users\Max Mengelberg\AppData\Roaming\Mozilla\Firefox\Profiles\kil6doe5.default\searchplugins\lastminute.xml FF SearchPlugin: C:\Users\Max Mengelberg\AppData\Roaming\Mozilla\Firefox\Profiles\kil6doe5.default\searchplugins\webde-suche.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Avira Browser Safety - C:\Users\Max Mengelberg\AppData\Roaming\Mozilla\Firefox\Profiles\kil6doe5.default\Extensions\abs@avira.com [2014-10-10] FF Extension: Amazon-Icon - C:\Users\Max Mengelberg\AppData\Roaming\Mozilla\Firefox\Profiles\kil6doe5.default\Extensions\amazon-icon@giga.de [2014-10-23] FF Extension: ReminderFox - C:\Users\Max Mengelberg\AppData\Roaming\Mozilla\Firefox\Profiles\kil6doe5.default\Extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae} [2014-04-19] FF Extension: Bitdefender QuickScan - C:\Users\Max Mengelberg\AppData\Roaming\Mozilla\Firefox\Profiles\kil6doe5.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2014-11-10] FF Extension: Adblock Plus Pop-up Addon - C:\Users\Max Mengelberg\AppData\Roaming\Mozilla\Firefox\Profiles\kil6doe5.default\Extensions\adblockpopups@jessehakanen.net.xpi [2011-10-08] FF Extension: Cliqz Beta - C:\Users\Max Mengelberg\AppData\Roaming\Mozilla\Firefox\Profiles\kil6doe5.default\Extensions\cliqz@cliqz.com.xpi [2014-10-08] FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\Max Mengelberg\AppData\Roaming\Mozilla\Firefox\Profiles\kil6doe5.default\Extensions\elemhidehelper@adblockplus.org.xpi [2012-02-11] FF Extension: {90ee036b-00a5-4e72-a613-6a5a024926d1} - C:\Users\Max Mengelberg\AppData\Roaming\Mozilla\Firefox\Profiles\kil6doe5.default\Extensions\{90ee036b-00a5-4e72-a613-6a5a024926d1}.xpi [2014-11-10] FF Extension: Adblock Plus - C:\Users\Max Mengelberg\AppData\Roaming\Mozilla\Firefox\Profiles\kil6doe5.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-11-09] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-05-10] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-05-10] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-05-10] FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-10-09] Chrome: ======= CHR StartupUrls: Default -> "hxxp://www.msn.com/?pc=BDT3&ocid=BDT3DHP" CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll () CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\gcswf32.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File CHR Plugin: (Java(TM) Platform SE 6 U29) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File CHR Plugin: (NPCIG.dll) - C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.) CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll No File CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll No File CHR Plugin: (Default Plug-in) - default_plugin No File CHR Profile: C:\Users\Max Mengelberg\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (YouTube) - C:\Users\Max Mengelberg\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-01-12] CHR Extension: (Amazon) - C:\Users\Max Mengelberg\AppData\Local\Google\Chrome\User Data\Default\Extensions\caeaobpemokdfnidgaebncaooofnbfha [2014-10-30] CHR Extension: (Google-Suche) - C:\Users\Max Mengelberg\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-01-12] CHR Extension: (Avira Browser Safety) - C:\Users\Max Mengelberg\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-10-30] CHR Extension: (Google Wallet) - C:\Users\Max Mengelberg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-30] CHR Extension: (Google Mail) - C:\Users\Max Mengelberg\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-01-12] CHR HKLM-x32\...\Chrome\Extension: [caeaobpemokdfnidgaebncaooofnbfha] - C:\Users\Max Mengelberg\ChromeExtensions\caeaobpemokdfnidgaebncaooofnbfha\amazon-icon-fwde.crx [2014-10-23] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2014-10-23] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2014-10-23] (Avira Operations GmbH & Co. KG) R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [162096 2014-10-09] (Avira Operations GmbH & Co. KG) S3 CoordinatorServiceHost; C:\Program Files\SolidWorks Corp\SolidWorks (4)\swScheduler\DTSCoordinatorService.exe [76328 2014-06-12] (Dassault Systèmes SolidWorks Corp.) R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-23] (Hewlett-Packard Co.) [File not signed] R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-23] (Hewlett-Packard Co.) [File not signed] R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed] S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed] R2 NVWMI; C:\Windows\system32\nvwmi64.exe [1290016 2013-12-04] (NVIDIA Corporation) R2 O2SDIOAssist; c:\Windows\SysWOW64\srvany.exe [8192 2003-04-19] () [File not signed] R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed] S2 Radio.fx; C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe [3999512 2013-06-03] () S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2011-10-08] (SolidWorks) [File not signed] S2 tcsd_win32.exe; C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1633280 2011-02-17] () [File not signed] R2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1600000 2011-07-01] (Wave Systems Corp.) [File not signed] R2 ZcfgSvc7; C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe [992256 2010-12-23] (Intel(R) Corporation) [File not signed] S2 Disaster Recovery Imaging; "C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP Professional\DR\x64\drdiag.exe" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-23] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-23] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-10-23] (Avira Operations GmbH & Co. KG) S3 GenericMount; C:\Windows\System32\DRIVERS\GenericMount.sys [54320 2009-09-21] (Symantec Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-12] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation) R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [300320 2013-12-04] (NVIDIA Corporation) R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-05-02] (Corel Corporation) S3 catchme; \??\C:\ComboFix\catchme.sys [X] U2 V2iMount; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-12 20:53 - 2014-11-12 20:53 - 00002072 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk 2014-11-12 20:53 - 2014-11-12 20:53 - 00000000 ____D () C:\Users\Max Mengelberg\AppData\Roaming\Avira 2014-11-12 20:52 - 2014-11-12 20:52 - 00000000 ____D () C:\Users\Max Mengelberg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte 2014-11-12 20:52 - 2014-10-23 14:02 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2014-11-12 20:52 - 2014-10-23 14:02 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys 2014-11-12 20:52 - 2014-10-23 14:01 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2014-11-12 20:45 - 2014-11-12 20:45 - 00002573 _____ () C:\Users\Max Mengelberg\Desktop\JRT.txt 2014-11-12 20:42 - 2014-11-12 20:42 - 00000000 ____D () C:\Windows\ERUNT 2014-11-12 20:41 - 2014-11-12 20:41 - 01706808 _____ (Thisisu) C:\Users\Max Mengelberg\Desktop\JRT.exe 2014-11-12 20:39 - 2014-11-12 20:39 - 00001139 _____ () C:\Users\Public\Desktop\Avira.lnk 2014-11-12 20:39 - 2014-11-12 20:39 - 00000000 ____D () C:\ProgramData\Package Cache 2014-11-12 20:28 - 2014-11-12 20:28 - 00014905 _____ () C:\Users\Max Mengelberg\Desktop\AdwCleaner[S0].txt 2014-11-12 20:26 - 2014-11-12 20:26 - 00000000 ____D () C:\Users\Max Mengelberg\AppData\Roaming\Tobit 2014-11-12 20:13 - 2014-11-12 20:23 - 00000000 ____D () C:\AdwCleaner 2014-11-12 20:11 - 2014-11-12 20:11 - 02140160 _____ () C:\Users\Max Mengelberg\Desktop\AdwCleaner_4.101.exe 2014-11-12 20:07 - 2014-11-12 20:07 - 00000049 _____ () C:\Users\Max Mengelberg\Desktop\mbam.txt 2014-11-12 19:40 - 2014-11-12 20:52 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-11-12 19:40 - 2014-11-12 19:40 - 00001108 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-11-12 19:40 - 2014-11-12 19:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-11-12 19:40 - 2014-11-12 19:40 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-11-12 19:40 - 2014-11-12 19:40 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-11-12 19:40 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-11-12 19:40 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-11-12 19:40 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-11-12 19:38 - 2014-11-12 19:39 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Max Mengelberg\Downloads\mbam-setup-2.0.3.1025.exe 2014-11-11 20:11 - 2014-11-12 20:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-11-11 20:10 - 2014-11-12 20:52 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-11-11 20:09 - 2014-11-11 20:10 - 151804352 _____ () C:\Users\Max Mengelberg\Downloads\avira_free_antivirus_de_14.0.7.342.exe 2014-11-11 20:07 - 2014-11-11 20:07 - 00031201 _____ () C:\ComboFix.txt 2014-11-11 19:49 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-11-11 19:49 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-11-11 19:49 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-11-11 19:49 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-11-11 19:49 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-11-11 19:49 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe 2014-11-11 19:49 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe 2014-11-11 19:49 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe 2014-11-11 19:42 - 2014-11-11 20:07 - 00000000 ____D () C:\Qoobox 2014-11-11 19:42 - 2014-11-11 20:06 - 00000000 ____D () C:\Windows\erdnt 2014-11-11 19:40 - 2014-11-11 19:40 - 05598118 ____R (Swearware) C:\Users\Max Mengelberg\Desktop\ComboFix.exe 2014-11-11 19:32 - 2014-11-11 19:32 - 00001270 _____ () C:\Users\Max Mengelberg\Desktop\Revo Uninstaller.lnk 2014-11-11 19:32 - 2014-11-11 19:32 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-11-11 19:31 - 2014-11-11 19:31 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Max Mengelberg\Downloads\revosetup95.exe 2014-11-10 16:21 - 2014-11-12 20:59 - 00031757 _____ () C:\Users\Max Mengelberg\Desktop\FRST.txt 2014-11-10 16:21 - 2014-11-10 16:21 - 00044865 _____ () C:\Users\Max Mengelberg\Desktop\Addition.txt 2014-11-10 16:19 - 2014-11-10 16:20 - 00062400 _____ () C:\Users\Max Mengelberg\Downloads\FRST.txt 2014-11-10 16:19 - 2014-11-10 16:20 - 00044865 _____ () C:\Users\Max Mengelberg\Downloads\Addition.txt 2014-11-10 16:19 - 2014-11-10 16:18 - 02116096 _____ (Farbar) C:\Users\Max Mengelberg\Desktop\FRST64.exe 2014-11-10 16:18 - 2014-11-12 20:59 - 00000000 ____D () C:\FRST 2014-11-10 16:18 - 2014-11-10 16:18 - 02116096 _____ (Farbar) C:\Users\Max Mengelberg\Downloads\FRST64.exe 2014-11-10 16:16 - 2014-11-10 16:16 - 00006710 _____ () C:\Users\Max Mengelberg\Desktop\log.xml 2014-11-10 15:27 - 2014-11-10 19:39 - 00000000 ____D () C:\Users\Max Mengelberg\AppData\Roaming\Nico Mak Computing 2014-11-10 14:26 - 2014-11-10 14:26 - 00000000 ____D () C:\Users\Max Mengelberg\AppData\Roaming\QuickScan 2014-11-09 15:42 - 2014-11-09 15:42 - 00000479 _____ () C:\Users\Max Mengelberg\Desktop\Max Mengelberg (Galaxy - Verknüpfung.lnk 2014-11-02 18:33 - 2014-11-02 18:33 - 00104769 _____ () C:\Users\Max Mengelberg\Downloads\141102_Konto 444546204 _ A(1).zip 2014-11-02 18:32 - 2014-11-02 18:32 - 00104769 _____ () C:\Users\Max Mengelberg\Downloads\141102_Konto 444546204 _ A.zip 2014-11-02 18:10 - 2014-11-02 18:11 - 00000960 _____ () C:\Users\Max Mengelberg\Desktop\Inteco_13-234_Frisa_MeM.lnk 2014-11-01 09:55 - 2014-11-01 09:56 - 00001309 _____ () C:\Users\Max Mengelberg\Desktop\11.lnk 2014-10-30 09:28 - 2014-10-30 09:28 - 00000000 ____D () C:\Program Files\Google 2014-10-30 09:27 - 2014-10-30 09:28 - 00000000 ____D () C:\ProgramData\Google 2014-10-27 18:50 - 2014-10-27 18:53 - 365364423 _____ () C:\Users\Max Mengelberg\Downloads\Andalusien.zip 2014-10-26 14:10 - 2014-10-26 14:10 - 00001847 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk 2014-10-26 14:10 - 2014-10-26 14:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime 2014-10-26 14:10 - 2014-10-26 14:10 - 00000000 ____D () C:\ProgramData\Apple Computer 2014-10-26 14:10 - 2014-10-26 14:10 - 00000000 ____D () C:\Program Files (x86)\QuickTime 2014-10-23 19:03 - 2014-10-23 19:10 - 00000368 _____ () C:\Users\Max Mengelberg\Desktop\Visitenkarte.v2m 2014-10-23 19:03 - 2014-10-23 19:05 - 00000368 _____ () C:\Users\Max Mengelberg\Desktop\Visitenkarte.bak 2014-10-23 19:02 - 2014-10-23 19:02 - 00000368 _____ () C:\Users\Max Mengelberg\Documents\Visitenkarte.v2m 2014-10-23 18:51 - 2014-10-23 18:51 - 00000000 ____D () C:\Users\Max Mengelberg\AppData\Roaming\Avery 2014-10-23 18:50 - 2014-11-10 19:40 - 00000000 ____D () C:\ProgramData\Avery 2014-10-23 18:49 - 2014-10-23 18:49 - 00000000 ____D () C:\Users\Max Mengelberg\AppData\Local\Temp32ce20853bcb874bd0a9e2d387ad366c__ 2014-10-23 18:49 - 2014-10-23 18:49 - 00000000 ____D () C:\Users\Max Mengelberg\AppData\Local\Temp24786dc9db3b9947f69c21b2e1854d76__ 2014-10-23 18:48 - 2014-10-23 18:48 - 01048928 _____ () C:\Users\Max Mengelberg\Downloads\Avery-Zweckform-DesignPro-lnstall.exe 2014-10-23 17:43 - 2014-10-23 17:43 - 00000000 ____D () C:\Users\Max Mengelberg\AppData\Local\Tempad8d4e78ba2d6a4719c524a41c9ad285 2014-10-23 17:43 - 2014-10-23 17:43 - 00000000 ____D () C:\Users\Max Mengelberg\AppData\Local\Temp32ce20853bcb874bd0a9e2d387ad366c_ 2014-10-23 17:43 - 2014-10-23 17:43 - 00000000 ____D () C:\Users\Max Mengelberg\AppData\Local\Temp24786dc9db3b9947f69c21b2e1854d76_ 2014-10-23 17:42 - 2014-10-23 17:42 - 00000000 ____D () C:\Users\Max Mengelberg\ChromeExtensions 2014-10-23 17:42 - 2014-10-23 17:42 - 00000000 ____D () C:\Users\Max Mengelberg\AppData\Local\Tempdde92f4c4349613f7dc464a8b6d44229 2014-10-23 17:42 - 2014-10-23 17:42 - 00000000 ____D () C:\Users\Max Mengelberg\AppData\Local\Temp32ce20853bcb874bd0a9e2d387ad366c 2014-10-23 17:42 - 2014-10-23 17:42 - 00000000 ____D () C:\Users\Max Mengelberg\AppData\Local\Temp24786dc9db3b9947f69c21b2e1854d76 2014-10-23 17:41 - 2014-10-23 17:41 - 01048928 _____ () C:\Users\Max Mengelberg\Downloads\STvcard-GOLD-lnstall.exe 2014-10-23 17:26 - 2014-10-23 17:26 - 00001193 _____ () C:\Users\Max Mengelberg\Desktop\Visitenkarten In 2 Minuten.lnk 2014-10-23 17:26 - 2014-10-23 17:26 - 00000000 ____D () C:\Users\Max Mengelberg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sigel 2014-10-23 17:26 - 2014-10-23 17:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sigel 2014-10-23 17:26 - 2014-10-23 17:26 - 00000000 ____D () C:\Program Files (x86)\Sigel 2014-10-23 17:25 - 2014-10-25 10:17 - 00000000 ____D () C:\Windows\System32\Tasks\Abelssoft 2014-10-23 17:25 - 2014-10-25 10:17 - 00000000 ____D () C:\Program Files (x86)\CHIP Updater 2014-10-23 17:25 - 2014-10-23 17:26 - 00000000 ____D () C:\Users\Max Mengelberg\AppData\Local\Abelssoft 2014-10-23 17:25 - 2014-10-23 17:25 - 01125200 _____ () C:\Users\Max Mengelberg\Downloads\Visitenkarten in 2 Minuten - CHIP-Installer.exe 2014-10-23 17:25 - 2014-10-23 17:25 - 00000000 ____D () C:\Users\Max Mengelberg\AppData\Roaming\Abelssoft 2014-10-23 17:25 - 2014-10-23 17:25 - 00000000 ____D () C:\ProgramData\XDMessagingv4 2014-10-21 10:38 - 2014-10-21 10:38 - 00168453 _____ () C:\Users\Max Mengelberg\Downloads\EO_Banjo_elbow_SWVE08LMCF.stp 2014-10-21 10:34 - 2014-10-21 10:34 - 00133081 _____ () C:\Users\Max Mengelberg\Downloads\EO_Banjo_elbow_SWVE08LMOMDCF.stp 2014-10-21 09:42 - 2014-10-21 09:42 - 00174790 _____ () C:\Users\Max Mengelberg\Downloads\EO_Union_elbow_W08ZL71.stp 2014-10-21 09:39 - 2014-10-21 09:39 - 00130075 _____ () C:\Users\Max Mengelberg\Downloads\EO_Union_elbow_W08S71X.stp 2014-10-20 16:37 - 2014-10-20 16:37 - 00143451 _____ () C:\Users\Max Mengelberg\Downloads\EO_Swivel_connector_GAI08LM71.stp 2014-10-20 16:26 - 2014-10-20 16:27 - 00157723 _____ () C:\Users\Max Mengelberg\Downloads\EO_Male_Stud_connector_GEO08LMCF.stp 2014-10-20 14:27 - 2014-10-20 14:27 - 00149634 _____ () C:\Users\Max Mengelberg\Downloads\EO_Swivel_union_GZ08LCF.stp 2014-10-20 09:04 - 2014-10-20 09:04 - 00000000 ____D () C:\Users\Max Mengelberg\AppData\Roaming\Oracle 2014-10-20 09:02 - 2014-10-20 09:01 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-10-20 09:01 - 2014-10-20 09:01 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-10-20 09:01 - 2014-10-20 09:01 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-10-20 09:01 - 2014-10-20 09:01 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-10-20 09:01 - 2014-10-20 09:01 - 00000000 ____D () C:\Program Files (x86)\Java 2014-10-16 17:54 - 2014-10-07 03:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-10-16 17:54 - 2014-10-07 03:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-10-16 17:54 - 2014-09-29 01:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-10-16 17:54 - 2014-09-25 23:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-10-16 17:54 - 2014-09-25 23:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-10-16 17:54 - 2014-09-25 23:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-10-16 17:54 - 2014-09-25 23:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-10-16 17:54 - 2014-09-25 23:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-10-16 17:54 - 2014-09-25 23:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-10-16 17:54 - 2014-09-19 02:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-10-16 17:54 - 2014-09-19 02:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-10-16 17:54 - 2014-09-19 02:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-10-16 17:54 - 2014-09-19 02:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-10-16 17:54 - 2014-09-19 02:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-10-16 17:54 - 2014-09-19 02:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-10-16 17:54 - 2014-09-19 02:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-10-16 17:54 - 2014-09-19 02:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-10-16 17:54 - 2014-09-19 02:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-10-16 17:54 - 2014-09-19 02:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-10-16 17:54 - 2014-09-19 02:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-10-16 17:54 - 2014-09-19 02:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-10-16 17:54 - 2014-09-19 02:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-10-16 17:54 - 2014-09-19 02:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-10-16 17:54 - 2014-09-19 02:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-10-16 17:54 - 2014-09-19 01:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-10-16 17:54 - 2014-09-19 01:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-10-16 17:54 - 2014-09-19 01:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-10-16 17:54 - 2014-09-19 01:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-10-16 17:54 - 2014-09-19 01:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-10-16 17:54 - 2014-09-19 01:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-10-16 17:54 - 2014-09-19 01:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-10-16 17:54 - 2014-09-19 01:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-10-16 17:54 - 2014-09-19 01:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-10-16 17:54 - 2014-09-19 01:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-10-16 17:54 - 2014-09-19 01:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-10-16 17:54 - 2014-09-19 01:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-10-16 17:54 - 2014-09-19 00:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-10-16 17:54 - 2014-09-19 00:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-10-16 17:54 - 2014-09-19 00:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-10-16 17:54 - 2014-09-18 03:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-10-16 17:54 - 2014-09-18 02:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-10-16 17:54 - 2014-09-13 02:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-10-16 17:54 - 2014-09-13 02:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll 2014-10-16 17:54 - 2014-09-04 06:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll 2014-10-16 17:54 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll 2014-10-16 17:54 - 2014-07-17 03:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2014-10-16 17:54 - 2014-07-17 03:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe 2014-10-16 17:54 - 2014-07-17 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll 2014-10-16 17:54 - 2014-07-17 03:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2014-10-16 17:54 - 2014-07-17 03:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll 2014-10-16 17:54 - 2014-07-17 03:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll 2014-10-16 17:54 - 2014-07-17 03:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-10-16 17:54 - 2014-07-17 03:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-10-16 17:54 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll 2014-10-16 17:54 - 2014-07-17 02:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2014-10-16 17:54 - 2014-07-17 02:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe 2014-10-16 17:54 - 2014-07-17 02:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll 2014-10-16 17:54 - 2014-07-17 02:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-10-16 17:54 - 2014-07-17 02:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-10-16 17:54 - 2014-07-17 02:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys 2014-10-16 17:54 - 2014-07-17 02:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2014-10-16 17:54 - 2014-06-18 23:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll 2014-10-16 17:54 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll 2014-10-16 17:54 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll 2014-10-16 17:54 - 2014-06-18 23:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll 2014-10-16 17:54 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll 2014-10-16 17:54 - 2014-06-18 23:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll 2014-10-16 17:53 - 2014-09-25 23:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-10-16 17:53 - 2014-09-19 03:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-10-16 17:53 - 2014-09-19 02:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-10-16 17:53 - 2014-09-19 02:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-10-16 17:53 - 2014-09-19 02:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-10-16 17:53 - 2014-09-19 02:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-10-16 17:53 - 2014-09-19 02:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-10-16 17:53 - 2014-09-19 02:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-10-16 17:53 - 2014-09-19 02:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-10-16 17:53 - 2014-09-19 02:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-10-16 17:53 - 2014-09-19 02:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-10-16 17:53 - 2014-09-19 02:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-10-16 17:53 - 2014-09-19 01:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-10-16 17:53 - 2014-09-19 01:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-10-16 17:53 - 2014-09-19 01:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-10-16 17:53 - 2014-09-19 01:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-10-16 17:53 - 2014-09-19 01:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-10-16 17:53 - 2014-09-19 00:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-10-16 17:40 - 2014-10-10 03:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-10-16 17:40 - 2014-10-10 03:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2014-10-16 17:40 - 2014-10-10 03:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-12 20:57 - 2009-07-14 05:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-11-12 20:57 - 2009-07-14 05:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-11-12 20:52 - 2011-10-07 19:11 - 00000000 ____D () C:\ProgramData\Avira 2014-11-12 20:52 - 2009-07-14 05:51 - 00173299 _____ () C:\Windows\setupact.log 2014-11-12 20:50 - 2013-11-01 08:34 - 00000000 ___RD () C:\Users\Max Mengelberg\Dropbox 2014-11-12 20:50 - 2013-11-01 08:27 - 00000000 ____D () C:\Users\Max Mengelberg\AppData\Roaming\Dropbox 2014-11-12 20:49 - 2011-10-04 08:00 - 00000000 ____D () C:\ProgramData\Sonic 2014-11-12 20:48 - 2014-08-01 15:39 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-11-12 20:48 - 2012-01-12 19:44 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-11-12 20:48 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-11-12 20:47 - 2011-10-04 00:16 - 01833684 _____ () C:\Windows\WindowsUpdate.log 2014-11-12 20:47 - 2010-11-21 04:47 - 00451244 _____ () C:\Windows\PFRO.log 2014-11-12 20:19 - 2012-01-12 19:44 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-11-12 20:04 - 2012-03-31 17:14 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-11-12 19:56 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Web 2014-11-12 19:37 - 2010-11-21 07:50 - 00714458 _____ () C:\Windows\system32\perfh007.dat 2014-11-12 19:37 - 2010-11-21 07:50 - 00154510 _____ () C:\Windows\system32\perfc007.dat 2014-11-12 19:37 - 2009-07-14 06:13 - 01649592 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-11-12 18:26 - 2011-10-08 17:40 - 00000000 ____D () C:\Users\Max Mengelberg\AppData\Roaming\SolidWorks 2014-11-12 10:02 - 2009-07-14 03:34 - 00000444 _____ () C:\Windows\win.ini 2014-11-11 23:04 - 2012-03-31 17:14 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-11-11 23:04 - 2012-03-31 17:14 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-11-11 23:04 - 2011-10-04 07:24 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-11-11 20:07 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default 2014-11-11 20:01 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini 2014-11-11 20:00 - 2009-07-14 03:34 - 19660800 _____ () C:\Windows\system32\config\SYSTEM.bak 2014-11-11 20:00 - 2009-07-14 03:34 - 128712704 _____ () C:\Windows\system32\config\SOFTWARE.bak 2014-11-11 20:00 - 2009-07-14 03:34 - 01048576 _____ () C:\Windows\system32\config\DEFAULT.bak 2014-11-11 20:00 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak 2014-11-11 20:00 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak 2014-11-11 10:37 - 2011-10-17 13:05 - 00000000 ____D () C:\temp 2014-11-10 19:43 - 2014-05-10 13:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-11-10 19:40 - 2011-10-04 07:35 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-11-10 11:48 - 2011-10-08 17:52 - 00000000 ____D () C:\Program Files\Common Files\SolidWorks Shared 2014-11-07 10:07 - 2012-02-17 13:12 - 00000000 ____D () C:\Users\Max Mengelberg\AppData\Local\CutePDF Writer 2014-11-02 18:55 - 2011-10-09 13:44 - 00000000 ____D () C:\Program Files (x86)\ElsterFormular 2014-11-02 18:55 - 2011-10-07 19:58 - 00000000 ____D () C:\Users\Max Mengelberg 2014-11-01 20:28 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-10-30 09:28 - 2014-08-17 12:05 - 00000000 ____D () C:\Users\Max Mengelberg\AppData\Local\Adobe 2014-10-30 09:28 - 2012-01-12 19:44 - 00000000 ____D () C:\Program Files (x86)\Google 2014-10-29 09:46 - 2012-01-12 19:44 - 00002177 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-10-28 06:34 - 2010-11-21 04:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-10-25 10:14 - 2012-01-12 19:44 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-10-25 10:14 - 2012-01-12 19:44 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-10-24 09:23 - 2011-10-07 19:59 - 00111824 _____ () C:\Users\Max Mengelberg\AppData\Local\GDIPFONTCACHEV1.DAT 2014-10-24 09:21 - 2009-07-14 05:45 - 00405416 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-10-20 12:17 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache 2014-10-20 10:41 - 2011-10-09 12:10 - 00000000 ____D () C:\Windows\system32\appmgmt 2014-10-20 10:40 - 2011-10-15 10:58 - 00000000 ____D () C:\ProgramData\Symantec 2014-10-20 10:40 - 2011-10-15 10:58 - 00000000 ____D () C:\ProgramData\{1C6FDDD8-FC9E-4C12-9FA5-1AAD377097B3} 2014-10-20 10:40 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Registration 2014-10-20 09:02 - 2013-10-20 12:09 - 00000000 ____D () C:\ProgramData\Oracle 2014-10-17 08:16 - 2014-05-06 23:35 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-10-16 23:11 - 2013-07-13 18:28 - 00000000 ____D () C:\Windows\system32\MRT 2014-10-16 23:09 - 2011-10-09 11:33 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe Some content of TEMP: ==================== C:\Users\Max Mengelberg\AppData\Local\Temp\avgnt.exe C:\Users\Max Mengelberg\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjpl8kz.dll C:\Users\Max Mengelberg\AppData\Local\Temp\Quarantine.exe C:\Users\Max Mengelberg\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-11-05 10:21 ==================== End Of Log ============================ Gruß Pampel |
|
13.11.2014, 17:05
| #8 |
| /// the machine /// TB-Ausbilder | gefälschte Vodafone-RechnungESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
17.11.2014, 23:44
| #9 |
| | gefälschte Vodafone-Rechnung Hallo Schrauber, hier die verlangten fies Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=5350c4cf27baff48a82b3d87b68891c2
# engine=21131
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-11-17 10:19:26
# local_time=2014-11-17 11:19:26 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 99 105883 2193451 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 535164 167892616 0 0
# scanned=603803
# found=2
# cleaned=0
# scan_time=15554
sh=BBBEBA3BBE3A661274B854A0C40E45F3DAA74104 ft=0 fh=0000000000000000 vn="HTML/Hoax.FastDownload.A.Gen Anwendung" ac=I fn="L:\CAD4\Backup Set 2011-10-19 184443\Backup Files 2012-05-20 190000\Backup files 11.zip"
sh=D855BFE84E4F9675212F3C0FEF09F72B2F961EAC ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="L:\CAD4\Backup Set 2011-10-19 184443\Backup Files 2012-05-20 190000\Backup files 12.zip"
Code:
ATTFilter Results of screen317's Security Check version 0.99.89 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Java 7 Update 71 Java version out of Date! Adobe Flash Player 15.0.0.223 Adobe Reader XI Mozilla Firefox 32.0.3 Firefox out of Date! Mozilla Thunderbird (24.6.0) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Avira Antivir avgnt.exe Avira Antivir avguard.exe Malwarebytes Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` Code:
ATTFilter Results of screen317's Security Check version 0.99.89 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Java 7 Update 71 Java version out of Date! Adobe Flash Player 15.0.0.223 Adobe Reader XI Mozilla Firefox 32.0.3 Firefox out of Date! Mozilla Thunderbird (24.6.0) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Avira Antivir avgnt.exe Avira Antivir avguard.exe Malwarebytes Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` Pampel FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-11-2014 Ran by Max Mengelberg (administrator) on CAD4 on 17-11-2014 23:37:13 Running from C:\Users\Max Mengelberg\Desktop Loaded Profile: Max Mengelberg (Available profiles: Max Mengelberg) Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Windows\System32\nvwmi64.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Windows\System32\nvwmi64.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe (Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe (Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe (Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe (Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe () C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe (Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe (Dell Computer Corporation) C:\dell\DBRM\Reminder\DbrmTrayicon.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Tobit.Software) C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe (O2Micro International) C:\Windows\System32\drivers\o2flash.exe () C:\Windows\SysWOW64\srvany.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (O2Micro.) C:\Windows\SysWOW64\SDIOAssist.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe (ACD Systems, Ltd.) C:\Program Files (x86)\Common Files\ACD Systems\DE\DevDetect.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Apple Inc.) C:\Program Files (x86)\QuickTime\QTTask.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Microsoft Corporation) C:\Windows\System32\vds.exe (Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Dell Inc.) C:\Program Files\Dell\Dell System Manager\PanelHelper32.exe (Dassault Systèmes SolidWorks Corp.) C:\Program Files\SolidWorks Corp\SolidWorks (3)\sldworks_fs.exe (Dassault Systèmes SolidWorks Corp.) C:\Program Files\SolidWorks Corp\SolidWorks (4)\sldworks_fs.exe (Dassault Systèmes SolidWorks Corp.) C:\Program Files (x86)\Common Files\SolidWorks Installations-Manager\BackgroundDownloading\sldBgDwld.exe (BUFFALO INC.) C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe (Dropbox, Inc.) C:\Users\Max Mengelberg\AppData\Roaming\Dropbox\bin\Dropbox.exe (BUFFALO INC.) C:\Program Files (x86)\BUFFALO\NASNAVI\nassche.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe (Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office\EXCEL.EXE (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe () C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe (Microsoft Corporation) C:\Windows\SysWOW64\find.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [608112 2011-04-05] (Alps Electric Co., Ltd.) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-07] (IDT, Inc.) HKLM\...\Run: [IntelPROSet] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1934608 2010-12-23] (Intel(R) Corporation) HKLM\...\Run: [FreeFallProtection] => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2011-04-22] () HKLM\...\Run: [TdmNotify] => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe [257392 2011-05-27] (Wave Systems Corp.) HKLM\...\Run: [DBRMTray] => C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe [227328 2011-03-08] (Dell Computer Corporation) HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2747680 2013-12-04] () HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation) HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [112152 2011-01-17] (Intel Corporation) HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [462993 2010-03-12] (Creative Technology Ltd) HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2009-07-06] (CyberLink Corp.) HKLM-x32\...\Run: [PDVD9LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-04-29] (CyberLink Corp.) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions) HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] () HKLM-x32\...\Run: [Device Detector] => DevDetect.exe -autorun HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-10-23] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [124208 2014-10-22] (Avira Operations GmbH & Co. KG) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.) HKU\S-1-5-21-3300202761-1955330803-1272055055-1001\...\Run: [rfxsrvtray] => C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe [1838872 2013-02-07] (Tobit.Software) AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [184048 2013-12-04] (NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [156256 2013-12-04] (NVIDIA Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell System Manager.lnk ShortcutTarget: Dell System Manager.lnk -> C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe (Dell Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Radio.fx.LNK ShortcutTarget: Radio.fx.LNK -> C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-client.exe (Tobit.Software) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SolidWorks 2013 Schnellstart.lnk ShortcutTarget: SolidWorks 2013 Schnellstart.lnk -> C:\Windows\Installer\{B6B5EA7E-B91F-443D-A958-B0062FB53804}\NewShortcut2_87EDF6C81D0A4B7B84F42FE0C6A9D608.exe (Flexera Software, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SolidWorks 2014 Schnellstart.lnk ShortcutTarget: SolidWorks 2014 Schnellstart.lnk -> C:\Windows\Installer\{4FFA60C4-9A8B-4C9E-8265-2241B266304C}\NewShortcut2_87EDF6C81D0A4B7B84F42FE0C6A9D608.exe (Flexera Software LLC) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SolidWorks Hintergrund-Downloader.lnk ShortcutTarget: SolidWorks Hintergrund-Downloader.lnk -> C:\Program Files (x86)\Common Files\SolidWorks Installations-Manager\BackgroundDownloading\sldBgDwld.exe (Dassault Systèmes SolidWorks Corp.) Startup: C:\Users\Max Mengelberg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BUFFALO NAS Navigator2.lnk ShortcutTarget: BUFFALO NAS Navigator2.lnk -> C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe (BUFFALO INC.) Startup: C:\Users\Max Mengelberg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Max Mengelberg\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Max Mengelberg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NAS Scheduler.lnk ShortcutTarget: NAS Scheduler.lnk -> C:\Program Files (x86)\BUFFALO\NASNAVI\nassche.exe (BUFFALO INC.) Startup: C:\Users\Max Mengelberg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SolidWorks Taskplaner Modul.lnk ShortcutTarget: SolidWorks Taskplaner Modul.lnk -> C:\Program Files\SolidWorks Corp\SolidWorks (3)\swScheduler\swBOEngine.exe (Dassault Systèmes SolidWorks Corp.) ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.) ShellIconOverlayIdentifiers: [UninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-3300202761-1955330803-1272055055-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-3300202761-1955330803-1272055055-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/USREL/8 HKU\S-1-5-21-3300202761-1955330803-1272055055-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3300202761-1955330803-1272055055-1001 -> DefaultScope {4D4B8109-E280-4844-BB98-CEDFA9107175} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=foxysecurity SearchScopes: HKU\S-1-5-21-3300202761-1955330803-1272055055-1001 -> {4D4B8109-E280-4844-BB98-CEDFA9107175} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=foxysecurity SearchScopes: HKU\S-1-5-21-3300202761-1955330803-1272055055-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Max Mengelberg\AppData\Roaming\Mozilla\Firefox\Profiles\kil6doe5.default FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml FF Homepage: hxxp://www.google.de/ FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll () FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll () FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Users\Max Mengelberg\AppData\Roaming\Mozilla\Firefox\Profiles\kil6doe5.default\searchplugins\englische-ergebnisse.xml FF SearchPlugin: C:\Users\Max Mengelberg\AppData\Roaming\Mozilla\Firefox\Profiles\kil6doe5.default\searchplugins\gmx-suche.xml FF SearchPlugin: C:\Users\Max Mengelberg\AppData\Roaming\Mozilla\Firefox\Profiles\kil6doe5.default\searchplugins\google-images.xml FF SearchPlugin: C:\Users\Max Mengelberg\AppData\Roaming\Mozilla\Firefox\Profiles\kil6doe5.default\searchplugins\google-maps.xml FF SearchPlugin: C:\Users\Max Mengelberg\AppData\Roaming\Mozilla\Firefox\Profiles\kil6doe5.default\searchplugins\lastminute.xml FF SearchPlugin: C:\Users\Max Mengelberg\AppData\Roaming\Mozilla\Firefox\Profiles\kil6doe5.default\searchplugins\webde-suche.xml FF Extension: Avira Browser Safety - C:\Users\Max Mengelberg\AppData\Roaming\Mozilla\Firefox\Profiles\kil6doe5.default\Extensions\abs@avira.com [2014-10-10] FF Extension: Amazon-Icon - C:\Users\Max Mengelberg\AppData\Roaming\Mozilla\Firefox\Profiles\kil6doe5.default\Extensions\amazon-icon@giga.de [2014-10-23] FF Extension: ReminderFox - C:\Users\Max Mengelberg\AppData\Roaming\Mozilla\Firefox\Profiles\kil6doe5.default\Extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae} [2014-04-19] FF Extension: Bitdefender QuickScan - C:\Users\Max Mengelberg\AppData\Roaming\Mozilla\Firefox\Profiles\kil6doe5.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2014-11-10] FF Extension: Adblock Plus Pop-up Addon - C:\Users\Max Mengelberg\AppData\Roaming\Mozilla\Firefox\Profiles\kil6doe5.default\Extensions\adblockpopups@jessehakanen.net.xpi [2011-10-08] FF Extension: Cliqz Beta - C:\Users\Max Mengelberg\AppData\Roaming\Mozilla\Firefox\Profiles\kil6doe5.default\Extensions\cliqz@cliqz.com.xpi [2014-10-08] FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\Max Mengelberg\AppData\Roaming\Mozilla\Firefox\Profiles\kil6doe5.default\Extensions\elemhidehelper@adblockplus.org.xpi [2012-02-11] FF Extension: QuickTime Compiler Free - C:\Users\Max Mengelberg\AppData\Roaming\Mozilla\Firefox\Profiles\kil6doe5.default\Extensions\{69db859d-61b8-4700-a94d-7839ead96b8a}.xpi [2014-11-15] FF Extension: {90ee036b-00a5-4e72-a613-6a5a024926d1} - C:\Users\Max Mengelberg\AppData\Roaming\Mozilla\Firefox\Profiles\kil6doe5.default\Extensions\{90ee036b-00a5-4e72-a613-6a5a024926d1}.xpi [2014-11-10] FF Extension: Adblock Plus - C:\Users\Max Mengelberg\AppData\Roaming\Mozilla\Firefox\Profiles\kil6doe5.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-11-09] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-05-10] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-05-10] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-05-10] FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-10-09] Chrome: ======= CHR StartupUrls: Default -> "hxxp://www.msn.com/?pc=BDT3&ocid=BDT3DHP" CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll No File CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\gcswf32.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File CHR Plugin: (Java(TM) Platform SE 6 U29) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File CHR Plugin: (NPCIG.dll) - C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.) CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll No File CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll No File CHR Plugin: (Default Plug-in) - default_plugin No File CHR Profile: C:\Users\Max Mengelberg\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (YouTube) - C:\Users\Max Mengelberg\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-01-12] CHR Extension: (Amazon) - C:\Users\Max Mengelberg\AppData\Local\Google\Chrome\User Data\Default\Extensions\caeaobpemokdfnidgaebncaooofnbfha [2014-10-30] CHR Extension: (Google-Suche) - C:\Users\Max Mengelberg\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-01-12] CHR Extension: (Avira Browser Safety) - C:\Users\Max Mengelberg\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-10-30] CHR Extension: (Google Wallet) - C:\Users\Max Mengelberg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-30] CHR Extension: (Google Mail) - C:\Users\Max Mengelberg\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-01-12] CHR HKLM-x32\...\Chrome\Extension: [caeaobpemokdfnidgaebncaooofnbfha] - C:\Users\Max Mengelberg\ChromeExtensions\caeaobpemokdfnidgaebncaooofnbfha\amazon-icon-fwde.crx [2014-10-23] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2014-10-23] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2014-10-23] (Avira Operations GmbH & Co. KG) R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [164656 2014-10-22] (Avira Operations GmbH & Co. KG) S3 CoordinatorServiceHost; C:\Program Files\SolidWorks Corp\SolidWorks (4)\swScheduler\DTSCoordinatorService.exe [76328 2014-06-12] (Dassault Systèmes SolidWorks Corp.) R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-23] (Hewlett-Packard Co.) [File not signed] R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-23] (Hewlett-Packard Co.) [File not signed] R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed] S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed] R2 NVWMI; C:\Windows\system32\nvwmi64.exe [1290016 2013-12-04] (NVIDIA Corporation) R2 O2SDIOAssist; c:\Windows\SysWOW64\srvany.exe [8192 2003-04-19] () [File not signed] R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed] R2 Radio.fx; C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe [3999512 2013-06-03] () S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2011-10-08] (SolidWorks) [File not signed] S2 tcsd_win32.exe; C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1633280 2011-02-17] () [File not signed] R2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1600000 2011-07-01] (Wave Systems Corp.) [File not signed] R2 ZcfgSvc7; C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe [992256 2010-12-23] (Intel(R) Corporation) [File not signed] S2 Disaster Recovery Imaging; "C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP Professional\DR\x64\drdiag.exe" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-23] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-23] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-10-23] (Avira Operations GmbH & Co. KG) S3 GenericMount; C:\Windows\System32\DRIVERS\GenericMount.sys [54320 2009-09-21] (Symantec Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-17] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation) R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [300320 2013-12-04] (NVIDIA Corporation) R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-05-02] (Corel Corporation) R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 cpuz134; \??\C:\Users\MAXMEN~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X] U2 V2iMount; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-17 23:37 - 2014-11-17 23:37 - 00032047 _____ () C:\Users\Max Mengelberg\Desktop\FRST.txt 2014-11-17 23:37 - 2014-11-17 23:37 - 00000000 ____D () C:\Users\Max Mengelberg\Desktop\FRST-OlderVersion 2014-11-17 23:29 - 2014-11-17 23:29 - 00854448 _____ () C:\Users\Max Mengelberg\Desktop\SecurityCheck.exe 2014-11-17 18:57 - 2014-11-17 18:57 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-11-17 18:43 - 2014-11-17 18:43 - 00000000 __SHD () C:\Users\Max Mengelberg\AppData\Local\EmieBrowserModeList 2014-11-13 09:51 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-11-13 09:51 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-11-13 09:51 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-11-13 09:51 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-11-13 09:51 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-11-13 09:51 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-11-13 09:51 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-11-13 09:51 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-11-13 09:51 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-11-13 09:51 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-11-13 09:51 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-11-13 09:51 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-11-13 09:51 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-11-13 09:51 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-11-13 09:51 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-11-13 09:51 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-11-13 09:51 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-11-13 09:51 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-11-13 09:51 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-11-13 09:51 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-11-13 09:51 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-11-13 09:51 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-11-13 09:51 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-11-13 09:51 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-11-13 09:51 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-11-13 09:51 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-11-13 09:51 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-11-13 09:51 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-11-13 09:51 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-11-13 09:51 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-11-13 09:51 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-11-13 09:51 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-11-13 09:51 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-11-13 09:51 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-11-13 09:51 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-11-13 09:51 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-11-13 09:51 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-11-13 09:51 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-11-13 09:51 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-11-13 09:51 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-11-13 09:51 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-11-13 09:51 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-11-13 09:51 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-11-13 09:51 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-11-13 09:51 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-11-13 09:51 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-11-13 09:51 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-11-13 09:51 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-11-13 09:51 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-11-13 09:51 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-11-13 09:51 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-11-13 09:51 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-11-13 09:51 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-11-13 09:51 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-11-13 09:51 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-11-13 09:51 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-11-13 09:51 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-11-13 09:51 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll 2014-11-13 09:51 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-11-13 09:51 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2014-11-13 09:51 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2014-11-13 09:51 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-11-13 09:51 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-11-13 09:51 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2014-11-13 09:51 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2014-11-13 09:50 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-11-13 09:50 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll 2014-11-13 09:50 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-11-13 09:50 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-11-13 09:50 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-11-13 09:50 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2014-11-13 09:50 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2014-11-13 09:50 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2014-11-13 09:50 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2014-11-13 09:50 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2014-11-13 09:50 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll 2014-11-13 09:50 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2014-11-13 09:50 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2014-11-13 09:50 - 2014-09-19 10:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-11-13 09:50 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-11-13 09:50 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-11-13 09:50 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2014-11-13 09:50 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-11-13 09:50 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-11-13 09:50 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-11-13 09:50 - 2014-09-19 10:23 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-11-13 09:50 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2014-11-13 09:50 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-11-13 09:50 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2014-11-13 09:50 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2014-11-13 09:50 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-11-13 09:50 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-11-13 09:50 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-11-13 09:50 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-11-13 09:50 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2014-11-13 09:50 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2014-11-13 09:50 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL 2014-11-13 09:50 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL 2014-11-13 09:49 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2014-11-13 09:49 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2014-11-13 09:38 - 2014-11-05 18:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2014-11-13 09:38 - 2014-11-05 18:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-11-13 09:38 - 2014-11-05 18:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-11-12 21:18 - 2014-11-12 21:18 - 00002089 _____ () C:\Users\Public\Desktop\Radio.fx.LNK 2014-11-12 21:18 - 2014-11-12 21:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tobit.Software 2014-11-12 21:18 - 2014-11-12 21:18 - 00000000 ____D () C:\Program Files (x86)\Tobit Radio.fx 2014-11-12 21:18 - 2013-04-15 16:36 - 03326232 _____ (Tobit.Software) C:\Windows\RXSUnins.exe 2014-11-12 21:18 - 2013-04-15 16:36 - 03326232 _____ (Tobit.Software) C:\Windows\RXCUnins.exe 2014-11-12 21:17 - 2014-11-12 21:17 - 17615456 _____ (Tobit.Software) C:\Users\Max Mengelberg\Downloads\radio-fx.exe 2014-11-12 21:08 - 2014-11-12 21:10 - 00000165 _____ () C:\Windows\Reimage.ini 2014-11-12 21:08 - 2014-11-12 21:08 - 00000000 ____D () C:\Users\Max Mengelberg\AppData\Roaming\DesktopIconGoodgame 2014-11-12 21:07 - 2014-11-12 21:08 - 01125200 _____ () C:\Users\Max Mengelberg\Downloads\Radio fx Basic - CHIP-Installer.exe 2014-11-12 20:53 - 2014-11-12 20:53 - 00002072 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk 2014-11-12 20:53 - 2014-11-12 20:53 - 00000000 ____D () C:\Users\Max Mengelberg\AppData\Roaming\Avira 2014-11-12 20:52 - 2014-10-23 14:02 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2014-11-12 20:52 - 2014-10-23 14:02 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys 2014-11-12 20:52 - 2014-10-23 14:01 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2014-11-12 20:42 - 2014-11-12 20:42 - 00000000 ____D () C:\Windows\ERUNT 2014-11-12 20:41 - 2014-11-12 20:41 - 01706808 _____ (Thisisu) C:\Users\Max Mengelberg\Desktop\JRT.exe 2014-11-12 20:39 - 2014-11-15 19:10 - 00001139 _____ () C:\Users\Public\Desktop\Avira.lnk 2014-11-12 20:39 - 2014-11-15 19:10 - 00000000 ____D () C:\ProgramData\Package Cache 2014-11-12 20:26 - 2014-11-12 21:18 - 00000000 ____D () C:\Users\Max Mengelberg\AppData\Roaming\Tobit 2014-11-12 20:13 - 2014-11-12 20:23 - 00000000 ____D () C:\AdwCleaner 2014-11-12 20:11 - 2014-11-12 20:11 - 02140160 _____ () C:\Users\Max Mengelberg\Desktop\AdwCleaner_4.101.exe 2014-11-12 19:40 - 2014-11-17 23:23 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-11-12 19:40 - 2014-11-12 19:40 - 00001108 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-11-12 19:40 - 2014-11-12 19:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-11-12 19:40 - 2014-11-12 19:40 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-11-12 19:40 - 2014-11-12 19:40 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-11-12 19:40 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-11-12 19:40 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-11-12 19:40 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-11-12 19:38 - 2014-11-12 19:39 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Max Mengelberg\Downloads\mbam-setup-2.0.3.1025.exe 2014-11-11 20:11 - 2014-11-15 19:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-11-11 20:10 - 2014-11-15 19:10 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-11-11 20:09 - 2014-11-11 20:10 - 151804352 _____ () C:\Users\Max Mengelberg\Downloads\avira_free_antivirus_de_14.0.7.342.exe 2014-11-11 20:07 - 2014-11-11 20:07 - 00031201 _____ () C:\ComboFix.txt 2014-11-11 19:49 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-11-11 19:49 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-11-11 19:49 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-11-11 19:49 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-11-11 19:49 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-11-11 19:49 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe 2014-11-11 19:49 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe 2014-11-11 19:49 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe 2014-11-11 19:42 - 2014-11-11 20:07 - 00000000 ____D () C:\Qoobox 2014-11-11 19:42 - 2014-11-11 20:06 - 00000000 ____D () C:\Windows\erdnt 2014-11-11 19:40 - 2014-11-11 19:40 - 05598118 ____R (Swearware) C:\Users\Max Mengelberg\Desktop\ComboFix.exe 2014-11-11 19:32 - 2014-11-11 19:32 - 00001270 _____ () C:\Users\Max Mengelberg\Desktop\Revo Uninstaller.lnk 2014-11-11 19:32 - 2014-11-11 19:32 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-11-11 19:31 - 2014-11-11 19:31 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Max Mengelberg\Downloads\revosetup95.exe 2014-11-10 16:21 - 2014-11-10 16:21 - 00044865 _____ () C:\Users\Max Mengelberg\Desktop\Addition.txt 2014-11-10 16:19 - 2014-11-17 23:37 - 02117120 _____ (Farbar) C:\Users\Max Mengelberg\Desktop\FRST64.exe 2014-11-10 16:19 - 2014-11-10 16:20 - 00062400 _____ () C:\Users\Max Mengelberg\Downloads\FRST.txt 2014-11-10 16:19 - 2014-11-10 16:20 - 00044865 _____ () C:\Users\Max Mengelberg\Downloads\Addition.txt 2014-11-10 16:18 - 2014-11-17 23:37 - 00000000 ____D () C:\FRST 2014-11-10 16:18 - 2014-11-10 16:18 - 02116096 _____ (Farbar) C:\Users\Max Mengelberg\Downloads\FRST64.exe 2014-11-10 15:27 - 2014-11-10 19:39 - 00000000 ____D () C:\Users\Max Mengelberg\AppData\Roaming\Nico Mak Computing 2014-11-10 14:26 - 2014-11-12 21:31 - 00000000 ____D () C:\Users\Max Mengelberg\AppData\Roaming\QuickScan 2014-11-09 15:42 - 2014-11-09 15:42 - 00000479 _____ () C:\Users\Max Mengelberg\Desktop\Max Mengelberg (Galaxy - Verknüpfung.lnk 2014-11-02 18:33 - 2014-11-02 18:33 - 00104769 _____ () C:\Users\Max Mengelberg\Downloads\141102_Konto 444546204 _ A(1).zip 2014-11-02 18:32 - 2014-11-02 18:32 - 00104769 _____ () C:\Users\Max Mengelberg\Downloads\141102_Konto 444546204 _ A.zip 2014-11-02 18:10 - 2014-11-02 18:11 - 00000960 _____ () C:\Users\Max Mengelberg\Desktop\Inteco_13-234_Frisa_MeM.lnk 2014-11-01 09:55 - 2014-11-01 09:56 - 00001309 _____ () C:\Users\Max Mengelberg\Desktop\11.lnk 2014-10-30 09:28 - 2014-10-30 09:28 - 00000000 ____D () C:\Program Files\Google 2014-10-30 09:27 - 2014-10-30 09:28 - 00000000 ____D () C:\ProgramData\Google 2014-10-27 18:50 - 2014-10-27 18:53 - 365364423 _____ () C:\Users\Max Mengelberg\Downloads\Andalusien.zip 2014-10-26 14:10 - 2014-10-26 14:10 - 00001847 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk 2014-10-26 14:10 - 2014-10-26 14:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime 2014-10-26 14:10 - 2014-10-26 14:10 - 00000000 ____D () C:\ProgramData\Apple Computer 2014-10-26 14:10 - 2014-10-26 14:10 - 00000000 ____D () C:\Program Files (x86)\QuickTime 2014-10-23 19:03 - 2014-10-23 19:10 - 00000368 _____ () C:\Users\Max Mengelberg\Desktop\Visitenkarte.v2m 2014-10-23 19:03 - 2014-10-23 19:05 - 00000368 _____ () C:\Users\Max Mengelberg\Desktop\Visitenkarte.bak 2014-10-23 19:02 - 2014-10-23 19:02 - 00000368 _____ () C:\Users\Max Mengelberg\Documents\Visitenkarte.v2m 2014-10-23 18:51 - 2014-10-23 18:51 - 00000000 ____D () C:\Users\Max Mengelberg\AppData\Roaming\Avery 2014-10-23 18:50 - 2014-11-10 19:40 - 00000000 ____D () C:\ProgramData\Avery 2014-10-23 18:49 - 2014-10-23 18:49 - 00000000 ____D () C:\Users\Max Mengelberg\AppData\Local\Temp32ce20853bcb874bd0a9e2d387ad366c__ 2014-10-23 18:49 - 2014-10-23 18:49 - 00000000 ____D () C:\Users\Max Mengelberg\AppData\Local\Temp24786dc9db3b9947f69c21b2e1854d76__ 2014-10-23 18:48 - 2014-10-23 18:48 - 01048928 _____ () C:\Users\Max Mengelberg\Downloads\Avery-Zweckform-DesignPro-lnstall.exe 2014-10-23 17:43 - 2014-10-23 17:43 - 00000000 ____D () C:\Users\Max Mengelberg\AppData\Local\Tempad8d4e78ba2d6a4719c524a41c9ad285 2014-10-23 17:43 - 2014-10-23 17:43 - 00000000 ____D () C:\Users\Max Mengelberg\AppData\Local\Temp32ce20853bcb874bd0a9e2d387ad366c_ 2014-10-23 17:43 - 2014-10-23 17:43 - 00000000 ____D () C:\Users\Max Mengelberg\AppData\Local\Temp24786dc9db3b9947f69c21b2e1854d76_ 2014-10-23 17:42 - 2014-10-23 17:42 - 00000000 ____D () C:\Users\Max Mengelberg\ChromeExtensions 2014-10-23 17:42 - 2014-10-23 17:42 - 00000000 ____D () C:\Users\Max Mengelberg\AppData\Local\Tempdde92f4c4349613f7dc464a8b6d44229 2014-10-23 17:42 - 2014-10-23 17:42 - 00000000 ____D () C:\Users\Max Mengelberg\AppData\Local\Temp32ce20853bcb874bd0a9e2d387ad366c 2014-10-23 17:42 - 2014-10-23 17:42 - 00000000 ____D () C:\Users\Max Mengelberg\AppData\Local\Temp24786dc9db3b9947f69c21b2e1854d76 2014-10-23 17:41 - 2014-10-23 17:41 - 01048928 _____ () C:\Users\Max Mengelberg\Downloads\STvcard-GOLD-lnstall.exe 2014-10-23 17:26 - 2014-10-23 17:26 - 00001193 _____ () C:\Users\Max Mengelberg\Desktop\Visitenkarten In 2 Minuten.lnk 2014-10-23 17:26 - 2014-10-23 17:26 - 00000000 ____D () C:\Users\Max Mengelberg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sigel 2014-10-23 17:26 - 2014-10-23 17:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sigel 2014-10-23 17:26 - 2014-10-23 17:26 - 00000000 ____D () C:\Program Files (x86)\Sigel 2014-10-23 17:25 - 2014-11-12 21:11 - 00000000 ____D () C:\Program Files (x86)\CHIP Updater 2014-10-23 17:25 - 2014-11-12 21:08 - 00000000 ____D () C:\Windows\System32\Tasks\Abelssoft 2014-10-23 17:25 - 2014-10-23 17:26 - 00000000 ____D () C:\Users\Max Mengelberg\AppData\Local\Abelssoft 2014-10-23 17:25 - 2014-10-23 17:25 - 01125200 _____ () C:\Users\Max Mengelberg\Downloads\Visitenkarten in 2 Minuten - CHIP-Installer.exe 2014-10-23 17:25 - 2014-10-23 17:25 - 00000000 ____D () C:\Users\Max Mengelberg\AppData\Roaming\Abelssoft 2014-10-23 17:25 - 2014-10-23 17:25 - 00000000 ____D () C:\ProgramData\XDMessagingv4 2014-10-21 10:38 - 2014-10-21 10:38 - 00168453 _____ () C:\Users\Max Mengelberg\Downloads\EO_Banjo_elbow_SWVE08LMCF.stp 2014-10-21 10:34 - 2014-10-21 10:34 - 00133081 _____ () C:\Users\Max Mengelberg\Downloads\EO_Banjo_elbow_SWVE08LMOMDCF.stp 2014-10-21 09:42 - 2014-10-21 09:42 - 00174790 _____ () C:\Users\Max Mengelberg\Downloads\EO_Union_elbow_W08ZL71.stp 2014-10-21 09:39 - 2014-10-21 09:39 - 00130075 _____ () C:\Users\Max Mengelberg\Downloads\EO_Union_elbow_W08S71X.stp 2014-10-20 16:37 - 2014-10-20 16:37 - 00143451 _____ () C:\Users\Max Mengelberg\Downloads\EO_Swivel_connector_GAI08LM71.stp 2014-10-20 16:26 - 2014-10-20 16:27 - 00157723 _____ () C:\Users\Max Mengelberg\Downloads\EO_Male_Stud_connector_GEO08LMCF.stp 2014-10-20 14:27 - 2014-10-20 14:27 - 00149634 _____ () C:\Users\Max Mengelberg\Downloads\EO_Swivel_union_GZ08LCF.stp 2014-10-20 09:04 - 2014-10-20 09:04 - 00000000 ____D () C:\Users\Max Mengelberg\AppData\Roaming\Oracle 2014-10-20 09:02 - 2014-10-20 09:01 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-10-20 09:01 - 2014-10-20 09:01 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-10-20 09:01 - 2014-10-20 09:01 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-10-20 09:01 - 2014-10-20 09:01 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-10-20 09:01 - 2014-10-20 09:01 - 00000000 ____D () C:\Program Files (x86)\Java ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-17 23:25 - 2012-01-12 19:44 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-11-17 23:04 - 2012-03-31 17:14 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-11-17 19:25 - 2012-01-12 19:44 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-11-17 19:06 - 2010-11-21 07:50 - 00714458 _____ () C:\Windows\system32\perfh007.dat 2014-11-17 19:06 - 2010-11-21 07:50 - 00154510 _____ () C:\Windows\system32\perfc007.dat 2014-11-17 19:06 - 2009-07-14 06:13 - 01649592 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-11-17 18:42 - 2009-07-14 05:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-11-17 18:42 - 2009-07-14 05:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-11-17 18:38 - 2011-10-04 00:16 - 01904678 _____ () C:\Windows\WindowsUpdate.log 2014-11-17 18:34 - 2013-11-01 08:34 - 00000000 ___RD () C:\Users\Max Mengelberg\Dropbox 2014-11-17 18:34 - 2013-11-01 08:27 - 00000000 ____D () C:\Users\Max Mengelberg\AppData\Roaming\Dropbox 2014-11-17 18:33 - 2011-10-04 08:00 - 00000000 ____D () C:\ProgramData\Sonic 2014-11-17 18:32 - 2014-08-01 15:39 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-11-17 18:32 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-11-17 18:32 - 2009-07-14 05:51 - 00174251 _____ () C:\Windows\setupact.log 2014-11-17 17:42 - 2011-10-17 13:05 - 00000000 ____D () C:\temp 2014-11-17 16:43 - 2011-10-08 17:40 - 00000000 ____D () C:\Users\Max Mengelberg\AppData\Roaming\SolidWorks 2014-11-17 09:57 - 2013-11-01 08:34 - 00001044 _____ () C:\Users\Max Mengelberg\Desktop\Dropbox.lnk 2014-11-17 09:57 - 2013-11-01 08:27 - 00000000 ____D () C:\Users\Max Mengelberg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-11-14 20:23 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache 2014-11-14 19:20 - 2012-01-12 19:44 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-11-14 19:20 - 2012-01-12 19:44 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-11-13 22:45 - 2009-07-14 05:45 - 00405416 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-11-13 22:42 - 2014-05-06 23:35 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-11-13 22:41 - 2010-11-21 04:47 - 00612174 _____ () C:\Windows\PFRO.log 2014-11-13 20:07 - 2013-07-13 18:28 - 00000000 ____D () C:\Windows\system32\MRT 2014-11-13 20:05 - 2011-10-09 11:33 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-11-12 21:29 - 2012-01-12 19:44 - 00000000 ____D () C:\Program Files (x86)\Google 2014-11-12 20:52 - 2011-10-07 19:11 - 00000000 ____D () C:\ProgramData\Avira 2014-11-12 19:56 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Web 2014-11-12 10:02 - 2009-07-14 03:34 - 00000444 _____ () C:\Windows\win.ini 2014-11-11 23:04 - 2012-03-31 17:14 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-11-11 23:04 - 2012-03-31 17:14 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-11-11 23:04 - 2011-10-04 07:24 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-11-11 20:07 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default 2014-11-11 20:01 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini 2014-11-11 20:00 - 2009-07-14 03:34 - 19660800 _____ () C:\Windows\system32\config\SYSTEM.bak 2014-11-11 20:00 - 2009-07-14 03:34 - 128712704 _____ () C:\Windows\system32\config\SOFTWARE.bak 2014-11-11 20:00 - 2009-07-14 03:34 - 01048576 _____ () C:\Windows\system32\config\DEFAULT.bak 2014-11-11 20:00 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak 2014-11-11 20:00 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak 2014-11-10 19:43 - 2014-05-10 13:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-11-10 19:40 - 2011-10-04 07:35 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-11-10 11:48 - 2011-10-08 17:52 - 00000000 ____D () C:\Program Files\Common Files\SolidWorks Shared 2014-11-07 10:07 - 2012-02-17 13:12 - 00000000 ____D () C:\Users\Max Mengelberg\AppData\Local\CutePDF Writer 2014-11-02 18:55 - 2011-10-09 13:44 - 00000000 ____D () C:\Program Files (x86)\ElsterFormular 2014-11-02 18:55 - 2011-10-07 19:58 - 00000000 ____D () C:\Users\Max Mengelberg 2014-11-01 20:28 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-10-30 09:28 - 2014-08-17 12:05 - 00000000 ____D () C:\Users\Max Mengelberg\AppData\Local\Adobe 2014-10-28 06:34 - 2010-11-21 04:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-10-24 09:23 - 2011-10-07 19:59 - 00111824 _____ () C:\Users\Max Mengelberg\AppData\Local\GDIPFONTCACHEV1.DAT 2014-10-20 10:41 - 2011-10-09 12:10 - 00000000 ____D () C:\Windows\system32\appmgmt 2014-10-20 10:40 - 2011-10-15 10:58 - 00000000 ____D () C:\ProgramData\Symantec 2014-10-20 10:40 - 2011-10-15 10:58 - 00000000 ____D () C:\ProgramData\{1C6FDDD8-FC9E-4C12-9FA5-1AAD377097B3} 2014-10-20 10:40 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Registration 2014-10-20 09:02 - 2013-10-20 12:09 - 00000000 ____D () C:\ProgramData\Oracle Some content of TEMP: ==================== C:\Users\Max Mengelberg\AppData\Local\Temp\avgnt.exe C:\Users\Max Mengelberg\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxpupkc.dll C:\Users\Max Mengelberg\AppData\Local\Temp\Quarantine.exe C:\Users\Max Mengelberg\AppData\Local\Temp\ReimagePackage.exe C:\Users\Max Mengelberg\AppData\Local\Temp\sqlite3.dll C:\Users\Max Mengelberg\AppData\Local\Temp\TOBITCLT.DLL ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-11-15 19:43 ==================== End Of Log ============================ --- --- --- |
|
18.11.2014, 12:51
| #10 |
| /// the machine /// TB-Ausbilder | gefälschte Vodafone-Rechnung Java und Firefox updaten. Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
19.11.2014, 19:19
| #11 |
| | gefälschte Vodafone-Rechnung Hallo Schrauber, zunächst mal vielen vielen Dank für deine Hilfe. Ich habe gerade die von dir empfohlenen Programme installiert. Leider schützen diese nicht vor eigener Blödheit. Naja; besser aufpassen. Hatte ich denn nun einen Virus oderTrojaner auf dem Rechner und was hätte der anrichten können? Noch eine Frage: Mit meinem Smartphone hatte ich ja den gleichen Mist gemacht. Ich habe Avira und Malwarebytes Anti-Malware laufen lassen und keine negativen Meldungen bekommen. Auch ist mir nicht aufgefallen, dass das Telefon sich irgendwie merkwürdig verhält. Kannst du mich hier beruhigen? Viele Grüße Pampel |
|
20.11.2014, 16:29
| #12 |
| /// the machine /// TB-Ausbilder | gefälschte Vodafone-Rechnung Wir haben schon einiges an Adware entfernt. Dein Handy ist sicher, die Dinger sind für Windows gemacht
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu gefälschte Vodafone-Rechnung |
| anhang, ask toolbar entfernen, avira, erhalte, erhalten, fehlercode 0x5, fehlercode 0xc0000374, fehlercode 22, fehlercode 28, fehlercode windows, gefälschte, gen, heute, kunde, link, neue, neuen, nicht öffnen, phone, rechner, scanner, smartphone, stelle, this device is disabled. (code 22), virenscan, virenscanner |
dann auf 
und dann auf 
. 
WARNUNG an die MITLESER: 
Linear-Darstellung
