|
Plagegeister aller Art und deren Bekämpfung: Browser öffnen mit "www.delta-homes.com"Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
19.12.2014, 11:59 | #1 |
| Browser öffnen mit "www.delta-homes.com" Hallo, ich seit Kurzem ein kleines, aber lästiges Problem. Meine Browser, egal ob Iexplorer oder Google Chrome, öffnen immer mit " hxxp://www.delta-homes.com/". Ich habe schon einige Tipps befolgt, z.B. Add-Ons, aber bisher hat das nichts gebracht. Mir ist auch unerklärlich, wie sich so etwas einstellen kann. Ich habe mein Notebook erst vor kurzem auf den Auslieferungszustand zurückgesetzt. Es ist ausschließlich legale Software installiert worden, z.T. Kaufsoftware. Ich bin mir auch nicht bewußt, gefährliche Seiten im Internet aufgesucht zu haben. Kann mir jemand einen Rat geben? |
19.12.2014, 14:33 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Browser öffnen mit "www.delta-homes.com" Hallo und
__________________Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten! Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht! Zudem bitte auch ein Log mit Farbars Tool machen: Scan mit Farbar's Recovery Scan Tool (FRST) Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
Lesestoff: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit. Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
19.12.2014, 18:01 | #3 |
| Browser öffnen mit "www.delta-homes.com" Hallo anbei die beiden Logfiles.
__________________Übrigrens, ich benütze Kaspersky. Nur weiß nich nicht, wie zu den Logfiles der letzten Untersuchung komme. Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-12-2014 Ran by Josef at 2014-12-19 17:50:17 Running from C:\Users\Josef\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Kaspersky PURE 3.0 (Enabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5} AS: Kaspersky PURE 3.0 (Enabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Kaspersky PURE 3.0 (Enabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden 6500_E709_eDocs (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden 6500_E709_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden 6500_E709n (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden ACDSee Pro 3 (HKLM-x32\...\{1B280FAF-AE10-4E31-A41A-DB3917D651DC}) (Version: 3.0.355 - ACD Systems International Inc.) Acer Arcade Deluxe (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 4.1.7615 - CyberLink Corp.) Acer Arcade Deluxe (x32 Version: 4.1.7615 - CyberLink Corp.) Hidden Acer Arcade Instant On (x32 Version: 3.0.34.2 - Acer) Hidden Acer Arcade Movie (x32 Version: 9.0.6415 - CyberLink Corp.) Hidden Acer Backup Manager (HKLM-x32\...\InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}) (Version: 2.0.1.60 - NewTech Infosystems) Acer Bio Protection (HKLM-x32\...\InstallShield_{E09664BB-BB08-45FA-87D1-33EAB0E017F5}) (Version: 6.5.76 - Egis Technology Inc.) Acer Crystal Eye Webcam (HKLM-x32\...\{7760D94E-B1B5-40A0-9AA0-ABF942108755}) (Version: 5.2.12.1 - Suyin Optronics Corp) Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3004 - Acer Incorporated) Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3011 - Acer Incorporated) Acer GameZone Console (HKLM-x32\...\{ABEE079E-648E-488B-8301-0C3DB48C1BCE}_is1) (Version: 6.1.0.2 - Oberon Media, Inc.) Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated) Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0309.2010 - Acer Incorporated) Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3001 - Acer Incorporated) Acer VCM (HKLM-x32\...\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}) (Version: 4.05.3002 - Acer Incorporated) Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated) Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated) Adobe Photoshop Lightroom 5.7 64-bit (HKLM\...\{1B77B02E-17E4-4B6D-B8A1-74B29AF3D8DD}) (Version: 5.7.0 - Adobe Systems Incorporated) Adobe Reader 9.1 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated) Amazonia (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}) (Version: - Oberon Media) ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Argus Cycle Tour 2010 - South Africa (HKLM-x32\...\{5B7664A8-4383-4C3E-B466-46A947381FFC}) (Version: 1.00.0000 - Tacx) Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.24 - Atheros Communications Inc.) Atheros_7.0.2.13_patch2_64 (HKLM-x32\...\{2D13FC7D-42A8-4BF1-AF0C-B3DC68C59448}_is1) (Version: - Atheros) ATI Catalyst Install Manager (HKLM\...\{F5816A09-786E-C91D-3D99-8A8C92648750}) (Version: 3.0.765.0 - ATI Technologies, Inc.) Backup Manager Advance (x32 Version: 2.0.1.60 - NewTech Infosystems) Hidden Biet-O-Matic v2.14.12 (HKLM-x32\...\Biet-O-Matic v2.14.12) (Version: 2.14.12 - BOM Development Team) Bing Bar (HKLM-x32\...\{08234a0d-cf39-4dca-99f0-0c5cb496da81}) (Version: 5.0.1449.0 - Microsoft Corporation) Bing Bar Platform (x32 Version: 5.0.1449.0 - Microsoft Corporation) Hidden Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.00.002.0013 - Atheros Communications) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden BPDSoftware (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden BufferChm (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden Cake Mania (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}) (Version: - Oberon Media) ccc-core-static (x32 Version: 2010.0421.657.10561 - Ihr Firmenname) Hidden Chicken Invaders 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}) (Version: - Oberon Media) Dairy Dash (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}) (Version: - Oberon Media) Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden DeviceDiscovery (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden DocMgr (x32 Version: 140.0.65.000 - Ihr Firmenname) Hidden DocProc (x32 Version: 140.0.100.000 - Hewlett-Packard) Hidden Download & Install Packages (HKU\S-1-5-21-2186974003-2043912784-1202098385-1000\...\Download & Install Packages) (Version: - ) <==== ATTENTION Dream Day First Home (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version: - Oberon Media) eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM) Elevated Installer (x32 Version: 3.2.21.0 - Garmin Ltd or its subsidiaries) Hidden eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.) eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden Farm Frenzy 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}) (Version: - Oberon Media) Fax (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden FileZilla Client 3.9.0.6 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0.6 - Tim Kosse) Fingerprint Solution (x32 Version: 6.1.76.0 - Egis Technology Inc.) Hidden Galapago (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}) (Version: - Oberon Media) Garmin Express (HKLM-x32\...\{045320b6-c340-4960-aefd-57bf08a9b425}) (Version: 3.2.21.0 - Garmin Ltd or its subsidiaries) Garmin Express (x32 Version: 3.2.21.0 - Garmin Ltd or its subsidiaries) Hidden Garmin Express Tray (x32 Version: 3.2.21.0 - Garmin Ltd or its subsidiaries) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.) Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.) Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden GPBaseService2 (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden Granny In Paradise (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}) (Version: - Oberon Media) Heroes of Hellas (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}) (Version: - Oberon Media) HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP) HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP) HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP) HP Officejet 6500 E709 Series (HKLM\...\{58D79E62-CFC8-4331-8469-3A1B16E1769C}) (Version: 14.0 - HP) HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP) HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP) HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP) HP Update (HKLM-x32\...\{74DC0593-6BC6-4001-AD5F-D810AFB68D86}) (Version: 5.002.002.002 - Hewlett-Packard) HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden HPProductAssistant (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden HPSSupply (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.) Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation) Ipswitch WS_FTP Pro Uninstall (HKLM-x32\...\WS_FTPPro) (Version: - ) iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.) Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation) JuiceboxBuilder-Pro (HKLM-x32\...\JuiceboxBuilder-Pro) (Version: 1.3.2 - SimpleViewer Inc) JuiceboxBuilder-Pro (x32 Version: 1.3.2 - SimpleViewer Inc) Hidden Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden Kaspersky PURE 3.0 (HKLM-x32\...\InstallWIX_{D0702EE9-9DE4-419A-9C6C-4730B1C985BA}) (Version: 13.0.2.558 - Kaspersky Lab) Kaspersky PURE 3.0 (x32 Version: 13.0.2.558 - Kaspersky Lab) Hidden Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.7 - Acer Inc.) MAGIX Foto Designer 7 (HKLM-x32\...\MAGIX_{2DCD52EE-1AE1-4128-9819-A79F7D09B6B3}) (Version: 7.0.1.1 - MAGIX AG) MAGIX Foto Designer 7 (Version: 7.0.1.1 - MAGIX AG) Hidden Mallorca Tour I - Spain (HKLM-x32\...\{8B5D5C58-A053-4832-949A-53933682588D}) (Version: 1.00.0000 - Tacx) MarketResearch (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden MediaShow Espresso (x32 Version: 5.5.1403_23691 - CyberLink Corp.) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Expression Web 4 (HKLM-x32\...\Web_4.0.1460.0) (Version: 4.0.1460.0 - Microsoft Corporation) Microsoft Office Professional Plus 2013 - de-de (HKLM\...\ProPlusRetail - de-de) (Version: 15.0.4667.1002 - Microsoft Corporation) Microsoft SharePoint Designer 2013 (HKLM\...\Office15.SharePointDesigner) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.) Microsoft XNA Framework Redistributable 3.0 (HKLM-x32\...\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}) (Version: 3.0.11010.0 - Microsoft Corporation) Milan San Remo 2008 - Italy (HKLM-x32\...\{B1552C76-5085-4982-A131-72E6174F29B6}) (Version: 1.00.0000 - Tacx) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) MyWinLocker (x32 Version: 3.1.210.0 - Egis Technology Inc.) Hidden MyWinLocker Suite (HKLM-x32\...\InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}) (Version: 3.1.210.0 - Egis Technology Inc.) MyWinLocker Suite (x32 Version: 3.1.210.0 - Egis Technology Inc.) Hidden Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden Netzmanager (Version: 1.081 - Deutsche Telekom AG, Marmiko IT-Solutions GmbH) Hidden Nik Collection (HKLM-x32\...\Nik Collection) (Version: 1.2.8 - Google) NTI Backup Now 5 (HKLM-x32\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.628 - NewTech Infosystems) NTI Backup Now Standard (x32 Version: 5.1.2.628 - NewTech Infosystems) Hidden NTI Media Maker 8 (HKLM-x32\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.12.6630 - NewTech Infosystems) NTI Media Maker 8 (x32 Version: 8.0.12.6630 - NewTech Infosystems) Hidden Nuvoton CIR Device Drivers (HKLM-x32\...\{FBC79D04-051E-4367-8051-1DB0C893FBE0}) (Version: 8.60.2002 - Nuvoton Technology Corporation) O2Micro 1394 OHCI Compliant Host Controller Driver (HKLM-x32\...\InstallShield_{AFC44A23-E6A8-4625-B6B1-23D438525D59}) (Version: 1.0.00 - O2Micro International LTD.) O2Micro 1394 OHCI Compliant Host Controller Driver (Version: 1.0.00 - O2Micro International LTD.) Hidden O2Micro Flash Memory Card Windows Driver (HKLM-x32\...\InstallShield_{5FAD2AAE-C6DD-4CC8-B325-BFCBB3D32249}) (Version: 2.0.37.D - O2Micro International LTD.) O2Micro Flash Memory Card Windows Driver (Version: 2.0.37.D - O2Micro International LTD.) Hidden OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP) Office 15 Click-to-Run Extensibility Component (Version: 15.0.4667.1002 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4667.1002 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (Version: 15.0.4667.1002 - Microsoft Corporation) Hidden Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden PMB (HKLM-x32\...\{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}) (Version: 5.8.00.09123 - Sony Corporation) Portrait Professional 10.8 (HKLM-x32\...\PortraitProfessional10_is1) (Version: 10.8 - Anthropics Technology Ltd.) ProductContext (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6072 - Realtek Semiconductor Corp.) Scan (x32 Version: 140.0.167.000 - Hewlett-Packard) Hidden Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0017-0000-1000-0000000FF1CE}_Office15.SharePointDesigner_{67A083C6-0A9E-48E8-BC90-C1EDA8028ED4}) (Version: - Microsoft) Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP) Shredder (Version: 2.0.8.3 - Egis Technology Inc.) Hidden Shredder (x32 Version: 2.0.8.3 - Egis Technology Inc.) Hidden SmartWebPrinting (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden SolutionCenter (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden Spin & Win (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}) (Version: - Oberon Media) Status (x32 Version: 140.0.256.000 - Hewlett-Packard) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.12.2 - Synaptics Incorporated) Tacx Trainer software 4 (HKLM-x32\...\{1FC386C1-EA57-43DB-9860-FE327C143148}) (Version: 4.13.0 - Tacx BV) The Grossglockner 2008 - Austria (HKLM-x32\...\{6AD671B1-4FAD-43A1-9EC2-42301DFF3D3C}) (Version: 1.00.0000 - Tacx) Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden TrayApp (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden TTS Launcher (HKLM-x32\...\{2D09223F-34B4-4C74-B6F2-ABDE6BEC82E5}) (Version: 1.0.3 - Tacx BV) TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.340 - TuneUp Software) Hidden TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities) (Version: 14.0.1000.340 - TuneUp Software) TuneUp Utilities 2014 (x32 Version: 14.0.1000.340 - TuneUp Software) Hidden Überwachungstool für die Intel® Turbo-Boost-Technik (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.186.6 - Intel) USB ANT Stick Silicon Laboratories USBXpress Device (Driver Removal) (HKLM-x32\...\USB_ANT_SIUSBXP_3_1&1004&0FCF) (Version: - ) WebReg (x32 Version: 140.0.213.017 - Hewlett-Packard) Hidden Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.01.3002 - Acer Incorporated) Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation) Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation) Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation) Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation) Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.) Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 12-12-2014 15:45:46 Windows Update 13-12-2014 10:13:46 Windows Update 18-12-2014 09:18:50 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {1830E1A6-0CD6-4683-AB0B-63139290F43A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {224EAC5D-D3C9-4260-B253-ABA8F736325E} - System32\Tasks\HP-Online-Aktualisierungsprogramm => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2009-11-18] (Hewlett-Packard) Task: {2D28C6D4-82D9-4E6F-9AEF-D1CA499D948B} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-10-21] () Task: {3C369532-32DB-4AC1-97BC-86965BB9D6C5} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe [2014-07-16] (TuneUp Software) Task: {48BF3627-CF5F-4357-B6E3-B01FB0B3AC61} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation) Task: {6375FE9B-0F15-4B72-84A5-B5DC9C661CE2} - System32\Tasks\{EF48D0EB-28C4-43A2-8FE7-45FF0EB4AC99} => pcalua.exe -a c:\PROGRA~2\COMMON~1\ADOBEA~1\Versions\1.0\ADOBEA~1.EXE -c "C:\Users\Josef\AppData\Local\Temp\Temp1_juicebox_pro_1.3.2.zip\juicebox_pro_1.3.2\JuiceboxBuilder-Pro.air" Task: {6C964581-D351-4735-83B6-43568B4E7C60} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\Root\Office15\msoia.exe [2014-11-29] (Microsoft Corporation) Task: {6D92763E-7206-4A23-B7AA-26181BB1F59B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-10] (Adobe Systems Incorporated) Task: {98EFF087-0D02-4DBF-AD73-E9849E980F08} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-14] (Google Inc.) Task: {9CDB30CB-9C55-4D0D-A233-4F9C05EAAA36} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\Root\Office15\msoia.exe [2014-11-29] (Microsoft Corporation) Task: {9F5E8837-664E-4DCC-8940-ECF9A737561D} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-10-07] (Oracle Corporation) Task: {AC3C1682-1F45-4CC0-B58A-8A3B97062208} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {DF4379F9-ADC4-4785-ACC0-0A877DBB1BA7} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-10-07] (Microsoft Corporation) Task: {E9066672-66C4-4EFC-B0BC-31D454156384} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-14] (Google Inc.) Task: {ECC75410-0A30-421C-AB6A-D4E9EBC9D2FA} - System32\Tasks\Recovery Management\Burn Notification => C:\Program Files\Acer\Acer eRecovery Management\NotificationCenter\Notification.exe [2010-03-26] (Acer) Task: {EF5C9790-2B98-4D5C-99FA-B1A497200C16} - System32\Tasks\ASP => C:\Program Files (x86)\RCP\systweakasp.exe Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2010-03-08 03:35 - 2010-03-08 03:35 - 00108912 _____ () C:\Program Files (x86)\Acer Bio Protection\PwdFilterV64.DLL 2014-05-01 20:29 - 2014-05-01 20:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll 2014-11-29 12:55 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2014-11-14 21:18 - 2010-01-13 10:47 - 00206208 _____ () C:\Windows\PLFSetI.exe 2010-10-19 08:31 - 2010-10-19 08:31 - 00205312 _____ () C:\Program Files\Netzmanager\NMInfraIS2\driver64\SoftplugLib.DLL 2014-11-14 21:37 - 2010-02-03 09:37 - 00244904 ____N () C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe 2014-07-16 09:24 - 2014-07-16 09:24 - 00699704 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\avgrepliba.dll 2010-03-26 10:41 - 2010-03-26 10:41 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll 2014-11-14 20:54 - 2014-11-14 20:54 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll 2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2012-12-20 18:19 - 2012-12-20 18:19 - 00479752 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\dblite.dll 2012-12-20 18:19 - 2012-12-20 18:19 - 01310728 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\kpcengine.2.2.dll 2010-06-24 14:32 - 2009-05-20 07:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll 2010-03-09 01:18 - 2010-03-09 01:18 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll 2010-03-09 01:13 - 2010-03-09 01:13 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-2186974003-2043912784-1202098385-500 - Administrator - Disabled) Gast (S-1-5-21-2186974003-2043912784-1202098385-501 - Limited - Disabled) Josef (S-1-5-21-2186974003-2043912784-1202098385-1000 - Administrator - Enabled) => C:\Users\Josef ==================== Faulty Device Manager Devices ============= Name: ccnfd_1_10_0_2 Description: ccnfd_1_10_0_2 Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: ccnfd_1_10_0_2 Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: Officejet 6500 E709n Description: Officejet 6500 E709n Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318} Manufacturer: HP Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: WD SES Device USB Device Description: WD SES Device USB Device Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (12/19/2014 01:06:42 PM) (Source: SideBySide) (EventID: 35) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error: (12/18/2014 01:52:12 PM) (Source: SideBySide) (EventID: 35) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error: (12/17/2014 08:37:51 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm TrainerSoftware.exe, Version 4.13.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1e94 Startzeit: 01d01a306fea20e6 Endzeit: 33 Anwendungspfad: C:\Program Files (x86)\Tacx\TacxTrainersoftware4\TrainerSoftware.exe Berichts-ID: Error: (12/16/2014 08:33:24 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: hpqtra08.exe, Version: 140.0.213.0, Zeitstempel: 0x4bffab62 Name des fehlerhaften Moduls: hpzidr12.dll, Version: 12.1.3.51, Zeitstempel: 0x4a0bfded Ausnahmecode: 0xc0000005 Fehleroffset: 0x000070c5 ID des fehlerhaften Prozesses: 0xb84 Startzeit der fehlerhaften Anwendung: 0xhpqtra08.exe0 Pfad der fehlerhaften Anwendung: hpqtra08.exe1 Pfad des fehlerhaften Moduls: hpqtra08.exe2 Berichtskennung: hpqtra08.exe3 Error: (12/16/2014 02:16:52 PM) (Source: SideBySide) (EventID: 35) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error: (12/16/2014 09:08:50 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: APSDaemon.exe, Version: 2.4.3.36, Zeitstempel: 0x543300c1 Name des fehlerhaften Moduls: objc.dll, Version: 1.528.0.120, Zeitstempel: 0x5400227d Ausnahmecode: 0xc0000005 Fehleroffset: 0x00006be4 ID des fehlerhaften Prozesses: 0x2604 Startzeit der fehlerhaften Anwendung: 0xAPSDaemon.exe0 Pfad der fehlerhaften Anwendung: APSDaemon.exe1 Pfad des fehlerhaften Moduls: APSDaemon.exe2 Berichtskennung: APSDaemon.exe3 Error: (12/15/2014 01:42:24 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm ACDSeeQVPro3.exe, Version 3.0.291.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1904 Startzeit: 01d01864770a28d6 Endzeit: 0 Anwendungspfad: C:\Program Files (x86)\ACD Systems\ACDSee Pro\3.0\ACDSeeQVPro3.exe Berichts-ID: ce581d93-8457-11e4-8b6d-60eb6956e8ac Error: (12/15/2014 01:41:56 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4 Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7c92c Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000029fa9 ID des fehlerhaften Prozesses: 0x12fc Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0 Pfad der fehlerhaften Anwendung: Explorer.EXE1 Pfad des fehlerhaften Moduls: Explorer.EXE2 Berichtskennung: Explorer.EXE3 Error: (12/14/2014 11:13:01 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: ACDSeeQVPro3.exe, Version: 3.0.291.0, Zeitstempel: 0x4ab0176c Name des fehlerhaften Moduls: MSVCR90.dll, Version: 9.0.30729.6161, Zeitstempel: 0x4dace5b9 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0003734d ID des fehlerhaften Prozesses: 0x8d0 Startzeit der fehlerhaften Anwendung: 0xACDSeeQVPro3.exe0 Pfad der fehlerhaften Anwendung: ACDSeeQVPro3.exe1 Pfad des fehlerhaften Moduls: ACDSeeQVPro3.exe2 Berichtskennung: ACDSeeQVPro3.exe3 Error: (12/14/2014 11:02:39 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm ACDSeePro3.exe, Version 3.0.355.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: dfc Startzeit: 01d017e98a51e63e Endzeit: 16 Anwendungspfad: C:\Program Files (x86)\ACD Systems\ACDSee Pro\3.0\ACDSeePro3.exe Berichts-ID: e89f2dc1-83dc-11e4-8b6d-60eb6956e8ac System errors: ============= Error: (12/19/2014 11:50:53 AM) (Source: Disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error: (12/18/2014 09:32:23 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: ccnfd_1_10_0_2 Error: (12/18/2014 09:31:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Garmin Core Update Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (12/18/2014 09:31:26 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Garmin Core Update Service erreicht. Error: (12/18/2014 09:30:29 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT) Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden. Modulpfad: C:\Windows\system32\athExt.dll Fehlercode: 126 Error: (12/18/2014 09:24:30 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: ccnfd_1_10_0_2 Error: (12/18/2014 09:23:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Garmin Core Update Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (12/18/2014 09:23:33 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Garmin Core Update Service erreicht. Error: (12/18/2014 09:22:32 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT) Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden. Modulpfad: C:\Windows\system32\athExt.dll Fehlercode: 126 Error: (12/18/2014 05:44:56 PM) (Source: Disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Microsoft Office Sessions: ========================= Error: (12/19/2014 01:06:42 PM) (Source: SideBySide) (EventID: 35) (User: ) Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.ExeC:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL8 Error: (12/18/2014 01:52:12 PM) (Source: SideBySide) (EventID: 35) (User: ) Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.ExeC:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL8 Error: (12/17/2014 08:37:51 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: TrainerSoftware.exe4.13.0.01e9401d01a306fea20e633C:\Program Files (x86)\Tacx\TacxTrainersoftware4\TrainerSoftware.exe Error: (12/16/2014 08:33:24 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: hpqtra08.exe140.0.213.04bffab62hpzidr12.dll12.1.3.514a0bfdedc0000005000070c5b8401d0190ce9e9b4ecC:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exeC:\Windows\system32\hpzidr12.dll660137ae-855a-11e4-8d36-60eb6956e8ac Error: (12/16/2014 02:16:52 PM) (Source: SideBySide) (EventID: 35) (User: ) Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.ExeC:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL8 Error: (12/16/2014 09:08:50 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: APSDaemon.exe2.4.3.36543300c1objc.dll1.528.0.1205400227dc000000500006be4260401d018649d2810feC:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exeC:\Program Files (x86)\Common Files\Apple\Apple Application Support\objc.dllc40ea395-84fa-11e4-8b6d-60eb6956e8ac Error: (12/15/2014 01:42:24 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: ACDSeeQVPro3.exe3.0.291.0190401d01864770a28d60C:\Program Files (x86)\ACD Systems\ACDSee Pro\3.0\ACDSeeQVPro3.exece581d93-8457-11e4-8b6d-60eb6956e8ac Error: (12/15/2014 01:41:56 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Explorer.EXE6.1.7601.175674d672ee4ole32.dll6.1.7601.175144ce7c92cc00000050000000000029fa912fc01d016b84f3b89e9C:\Windows\Explorer.EXEC:\Windows\system32\ole32.dllc06daf6b-8457-11e4-8b6d-60eb6956e8ac Error: (12/14/2014 11:13:01 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: ACDSeeQVPro3.exe3.0.291.04ab0176cMSVCR90.dll9.0.30729.61614dace5b9c00000050003734d8d001d017eafe72c4c0C:\Program Files (x86)\ACD Systems\ACDSee Pro\3.0\ACDSeeQVPro3.exeC:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll5d9b0ada-83de-11e4-8b6d-60eb6956e8ac Error: (12/14/2014 11:02:39 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: ACDSeePro3.exe3.0.355.0dfc01d017e98a51e63e16C:\Program Files (x86)\ACD Systems\ACDSee Pro\3.0\ACDSeePro3.exee89f2dc1-83dc-11e4-8b6d-60eb6956e8ac CodeIntegrity Errors: =================================== Date: 2014-12-14 09:53:39.888 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-12-14 09:53:39.859 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-12-14 09:50:58.821 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-12-14 09:50:58.801 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-11-18 17:34:40.349 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-11-18 17:34:40.347 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-11-18 17:34:40.207 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-11-18 17:34:40.144 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-11-18 17:29:12.358 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-11-18 17:29:12.296 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7 CPU Q 740 @ 1.73GHz Percentage of memory in use: 35% Total physical RAM: 8124.5 MB Available physical RAM: 5258.46 MB Total Pagefile: 16247.17 MB Available Pagefile: 12676.22 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: (Acer) (Fixed) (Total:681.04 GB) (Free:204.1 GB) NTFS Drive e: (My Book) (Fixed) (Total:3725.99 GB) (Free:2513.11 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 698.6 GB) (Disk ID: A5F07B42) Partition 1: (Not Active) - (Size=14 GB) - (Type=27) Partition 2: (Not Active) - (Size=3.5 GB) - (Type=12) Partition 3: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=681 GB) - (Type=OF Extended) Attempted reading MBR returned 0 bytes. Could not read MBR for disk 1. ==================== End Of Log ============================ FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-12-2014 Ran by Josef (administrator) on JOSEF-PC on 19-12-2014 17:49:16 Running from C:\Users\Josef\Desktop Loaded Profile: Josef (Available profiles: Josef) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Fuyu LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe (Egis Technology Inc.) C:\Program Files (x86)\Acer Bio Protection\CompPtcVUI.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (CrypKey (Canada) Ltd.) C:\Windows\System32\Crypserv.exe (Infowatch) C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe () C:\Windows\PLFSetI.exe (Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Deutsche Telekom AG) C:\Program Files\Netzmanager\netzmanager.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Egis Technology Inc.) C:\Program Files (x86)\Acer Bio Protection\BASVC.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe (Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (Egis Technology Inc.) C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe (Deutsche Telekom AG) C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe (CyberLink Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe (Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Microsoft Corp.) C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe (NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (O2Micro International) C:\Windows\System32\drivers\o2flash.exe (Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe () C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe (Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe (Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe (Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\klwtblfs.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_15_0_0_246_ActiveX.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-04-17] (Egis Technology Inc.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10134560 2010-03-19] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2107688 2010-04-14] (Synaptics Incorporated) HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [206208 2010-01-13] () HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [558168 2010-04-01] (Atheros Communications) HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [349344 2010-04-23] (Atheros Communications) HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-04-23] (Acer Incorporated) HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1300560 2010-03-03] (Dritek System Inc.) HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-04-17] (Egis Technology Inc.) HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-03-11] (Egis Technology Inc.) HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-03-11] (Egis Technology Inc.) HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [260608 2010-03-09] (NewTech Infosystems, Inc.) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-04-21] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [VitaKeyPdtWzd] => C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe [3577712 2010-03-08] (Egis Technology Inc.) HKLM-x32\...\Run: [MDS_Menu] => C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.) HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe [124136 2010-04-15] (CyberLink Corp.) HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-11] (Kaspersky Lab ZAO) HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [651832 2011-08-24] (Sony Corporation) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Bing Bar] => C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe [243544 2010-04-27] (Microsoft Corp.) HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [288088 2009-11-11] (Microsoft Corporation) HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard) HKU\S-1-5-21-2186974003-2043912784-1202098385-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-10-21] (Garmin Ltd or its subsidiaries) HKU\S-1-5-21-2186974003-2043912784-1202098385-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-06-24] (Google Inc.) HKU\S-1-5-21-2186974003-2043912784-1202098385-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.) HKU\S-1-5-21-2186974003-2043912784-1202098385-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.) HKU\S-1-5-21-2186974003-2043912784-1202098385-1000\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1080104 2014-08-04] (Apple Inc.) HKU\S-1-5-21-2186974003-2043912784-1202098385-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2014-10-20] (Apple Inc.) HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-11-16] (Microsoft Corporation) Lsa: [Notification Packages] C:\Program Files (x86)\Acer Bio Protection\PwdFilterV64 Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk ShortcutTarget: Acer VCM.lnk -> C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Biet-O-Matic.lnk ShortcutTarget: Biet-O-Matic.lnk -> C:\Program Files (x86)\Biet-O-Matic\Biet-O-Matic.exe (www.bid-o-matic.org) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\Users\Josef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk ShortcutTarget: Netzmanager.lnk -> C:\Program Files\Netzmanager\netzmanager.exe (Deutsche Telekom AG) ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\Root\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\Root\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\Root\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll (Egis Technology Inc.) ShellIconOverlayIdentifiers: [KAVOverlayIcon] -> {dd230880-495a-11d1-b064-008048ec2fc5} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\shellex.dll (Kaspersky Lab ZAO) ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x86\psdprotect.dll (Egis Technology Inc.) ShellIconOverlayIdentifiers-x32: [KAVOverlayIcon] -> {dd230880-495a-11d1-b064-008048ec2fc5} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\shellex.dll (Kaspersky Lab ZAO) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-2186974003-2043912784-1202098385-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-homes.com/?type=hp&ts=1418844289&from=wpm12173&uid=WDCXWD7500BPVT-22HXZT1_WD-WX81C706850068500 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-homes.com/?type=hp&ts=1418844289&from=wpm12173&uid=WDCXWD7500BPVT-22HXZT1_WD-WX81C706850068500 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1416003524&from=cor&uid=WDCXWD7500BPVT-22HXZT1_WD-WX81C706850068500&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1416003524&from=cor&uid=WDCXWD7500BPVT-22HXZT1_WD-WX81C706850068500&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.delta-homes.com/?type=hp&ts=1418844289&from=wpm12173&uid=WDCXWD7500BPVT-22HXZT1_WD-WX81C706850068500 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.delta-homes.com/?type=hp&ts=1418844289&from=wpm12173&uid=WDCXWD7500BPVT-22HXZT1_WD-WX81C706850068500 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1416003524&from=cor&uid=WDCXWD7500BPVT-22HXZT1_WD-WX81C706850068500&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1416003524&from=cor&uid=WDCXWD7500BPVT-22HXZT1_WD-WX81C706850068500&q={searchTerms} HKU\S-1-5-21-2186974003-2043912784-1202098385-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx_GxS66P_6EEo2VgpCoAhNId_3S5QoY7z8mwV8Ocs0upvKlHXRkk3iq8eS8akTH0KaF3Rj6oiARI-_scLTGIOPNSHAsIUP6_eZ15mvfjbzUuHdPGtPzmIFD4vQzIxY9Q_5mcOsjaJTnusovne85XZAKzmxH3ZL_CLmZPMR93VVZw,,&q={searchTerms} HKU\S-1-5-21-2186974003-2043912784-1202098385-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ StartMenuInternet: IEXPLORE.EXE - iexplore.exe SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_ir_14_46_ie&cd=2XzuyEtN2Y1L1QzuyCtD0E0ByCzyyDyC0Ezz0A0CtBtDyCzztN0D0Tzu0StCtDyDtCtN1L2XzutAtFyCtFyEtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyEzytCyBzy0Ezy0FtGtBzzzzzytG0A0E0D0BtGyCtAzytAtGtByDtC0ByD0AtByC0BtByBtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DtBtC0D0Ezy0E0EtGtCyCtCtDtGyEyCzyyEtGzzyB0B0EtGyEtAtB0AyBtB0DtA0B0FtAyC2Q&cr=2005769434&ir= SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx_GxS66P_6EEo2VgpCoAhNId_3S5QoY7z8mwV8Ocs0upvKlHXRkk3iq8eS8akTH0KaF3Rj6oiARI-_scLTGIOPNSHAsIUP6_eZ15mvfjbzUuHdPGtPzmIFD4vQzIxY9Q_5mcOsjaJTnusovne85XZHsSLJDShtO13MX44iOUe5BQ,,&q={searchTerms} SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW SearchScopes: HKU\S-1-5-21-2186974003-2043912784-1202098385-1000 -> DefaultScope {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = https://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-2186974003-2043912784-1202098385-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2186974003-2043912784-1202098385-1000 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = https://www.google.com/search?q={searchTerms} BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\Root\Office15\OCHelper.dll (Microsoft Corporation) BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\Root\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Bing Bar BHO -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File Toolbar: HKLM-x32 - @C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation) Toolbar: HKU\S-1-5-21-2186974003-2043912784-1202098385-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Acer\Acer VCM\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\Root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpWinExt,version=5.0 -> C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com [2014-11-14] FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com [2014-11-14] FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com FF Extension: Gevaarlijke websiteblokkering - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com [2014-11-14] FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com [2014-11-14] FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com [2014-11-14] FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-11-23] FF HKLM-x32\...\Firefox\Extensions: [msntoolbar@msn.com] - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\Firefox FF Extension: No Name - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\Firefox [2014-11-23] FF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension FF Extension: No Name - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension [2014-11-25] FF HKU\S-1-5-21-2186974003-2043912784-1202098385-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 Chrome: ======= CHR HomePage: Default -> hxxp://www.google.de/ CHR StartupUrls: Default -> "hxxp://www.google.com/" CHR DefaultSuggestURL: Default -> CHR Profile: C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Präsentationen) - C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-14] CHR Extension: (Google Docs) - C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-14] CHR Extension: (Google Drive) - C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-14] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-14] CHR Extension: (YouTube) - C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-14] CHR Extension: (Google-Suche) - C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-14] CHR Extension: (Modul zur Link-Untersuchung) - C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-11-14] CHR Extension: (Google Tabellen) - C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-14] CHR Extension: (Kaspersky Protection) - C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpoimibckejjdjcfbdnajaicnklhfplh [2014-11-14] CHR Extension: (Google Wallet) - C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-14] CHR Extension: (Security Protection) - C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh [2014-12-17] CHR Extension: (Google Mail) - C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-14] CHR Extension: (Anti-Banner) - C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2014-11-14] CHR HKLM\...\Chrome\Extension: [noajmlkipclmeolfcnflkjhijkigpfjh] - C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh.crx [2014-12-17] CHR HKLM\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - No Path CHR HKU\S-1-5-21-2186974003-2043912784-1202098385-1000\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - No Path CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\urladvisor.crx [2013-11-11] CHR HKLM-x32\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - https://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh [Not Found] CHR HKLM-x32\...\Chrome\Extension: [noajmlkipclmeolfcnflkjhijkigpfjh] - C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh.crx [2014-12-17] CHR HKLM-x32\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - No Path CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\ab.crx [2013-11-11] CHR StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://www.delta-homes.com/?type=sc&ts=1418844289&from=wpm12173&uid=WDCXWD7500BPVT-22HXZT1_WD-WX81C706850068500 ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [34392 2010-04-01] (Atheros Communications) [File not signed] R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-11] (Kaspersky Lab ZAO) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2443960 2014-10-30] (Microsoft Corporation) R2 Crypkey License; C:\Windows\system32\crypserv.exe [122880 2008-05-08] (CrypKey (Canada) Ltd.) [File not signed] R2 CSObjectsSrv; C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [818888 2013-09-25] (Infowatch) R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [451416 2014-10-21] (Garmin Ltd or its subsidiaries) R2 IGBASVC; C:\Program Files (x86)\Acer Bio Protection\BASVC.exe [3456880 2010-03-08] (Egis Technology Inc.) R2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-09-30] (Intel Corporation) [File not signed] R2 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-04-17] (Egis Technology Inc.) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed] R2 Netzmanager Service; C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [2635776 2012-07-20] (Deutsche Telekom AG) [File not signed] R2 NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [250368 2010-03-09] (NewTech Infosystems, Inc.) [File not signed] R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed] R2 RichVideo; C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [244904 2010-02-03] () [File not signed] R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-30] (Acer Incorporated) R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2145080 2014-07-16] (TuneUp Software) R2 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2314240 2009-09-30] (Intel Corporation) [File not signed] R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [485376 2014-12-16] (Fuyu LIMITED) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [84536 2011-06-02] (Infowatch) R1 CSVirtualDiskDrv; C:\Windows\System32\DRIVERS\CSVirtualDiskDrv.sys [66616 2011-06-02] (Infowatch) R3 DSI_SiUSBXp_3_1; C:\Windows\System32\drivers\DSI_SiUSBXp_3_1.sys [16384 2009-03-31] (Silicon Laboratories) R3 hidshim; C:\Windows\system32\DRIVERS\hidshim.sys [6656 2009-08-31] (Windows (R) Win 7 DDK provider) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-11-14] (Kaspersky Lab ZAO) U5 klflt; C:\Windows\System32\Drivers\klflt.sys [92768 2014-11-14] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [628288 2014-11-14] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2014-11-14] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-11-11] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-11-11] (Kaspersky Lab ZAO) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-11-11] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-11-11] (Kaspersky Lab ZAO) S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [44480 2013-09-23] (hxxp://libusb-win32.sourceforge.net) R1 NetworkX; C:\Windows\system32\ckldrv.sys [28664 2008-03-17] () S3 nuvotoncir; C:\Windows\system32\DRIVERS\nuvotoncir.sys [48128 2009-08-31] (Nuvoton Technology Corporation) R3 nuvotonhidcir; C:\Windows\system32\DRIVERS\nuvotonhidcir.sys [26624 2009-08-31] (Nuvoton Technology Corporation) S3 nuvotonir; C:\Windows\system32\DRIVERS\nuvotonir.sys [68096 2009-08-31] (Nuvoton Technology Corporation) R3 O2SDGRDR; C:\Windows\System32\DRIVERS\o2sdgx64.sys [50976 2010-01-11] (O2Micro ) R3 TelekomNM6; C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys [45664 2010-09-16] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2014-05-27] (TuneUp Software) R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] () R3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [254976 2010-08-31] (Jungo) R2 {6E090BD5-4EF5-4bf0-A968-74049E88E935}; C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\000.fcl [146928 2010-04-15] (CyberLink Corp.) S1 ccnfd_1_10_0_2; system32\drivers\ccnfd_1_10_0_2.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-19 17:49 - 2014-12-19 17:50 - 00036677 _____ () C:\Users\Josef\Desktop\FRST.txt 2014-12-19 17:48 - 2014-12-19 17:49 - 00000000 ____D () C:\FRST 2014-12-19 17:48 - 2014-12-19 17:48 - 02121216 _____ (Farbar) C:\Users\Josef\Desktop\FRST64.exe 2014-12-17 20:38 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-12-17 20:38 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-12-17 20:26 - 2014-12-18 15:37 - 00000000 ____D () C:\Program Files (x86)\WinZipper 2014-12-17 20:26 - 2014-12-17 20:26 - 00000000 ____D () C:\Users\Josef\AppData\Roaming\WinZipper 2014-12-15 14:49 - 2014-12-15 13:01 - 15526138 _____ () C:\Users\Josef\Desktop\Kalender von Reiseck Josef TD-334.ics 2014-12-15 13:36 - 2014-12-15 13:36 - 00001849 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk 2014-12-15 13:36 - 2014-12-15 13:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime 2014-12-15 13:36 - 2014-12-15 13:36 - 00000000 ____D () C:\Program Files (x86)\QuickTime 2014-12-15 13:34 - 2014-12-15 13:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud 2014-12-13 10:31 - 2014-12-13 10:31 - 00000000 ____D () C:\Windows\system32\appraiser 2014-12-12 15:48 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2014-12-12 15:48 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll 2014-12-12 15:48 - 2014-07-07 03:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll 2014-12-12 15:48 - 2014-07-07 03:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe 2014-12-12 15:48 - 2014-07-07 03:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe 2014-12-12 15:48 - 2014-07-07 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll 2014-12-12 15:48 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll 2014-12-12 15:48 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe 2014-12-12 15:48 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe 2014-12-12 15:48 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll 2014-12-11 18:41 - 2014-12-04 03:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2014-12-11 18:41 - 2014-12-04 03:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2014-12-11 18:41 - 2014-12-04 03:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2014-12-11 18:41 - 2014-12-04 03:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2014-12-11 18:41 - 2014-12-04 03:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-12-11 18:41 - 2014-12-04 03:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2014-12-11 18:41 - 2014-12-04 03:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-12-11 18:41 - 2014-12-02 00:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe 2014-12-11 18:41 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-12-11 18:41 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-12-11 18:41 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-12-11 18:41 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-12-11 18:41 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-12-11 18:41 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-12-11 18:41 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-12-11 18:41 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-12-11 18:41 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-12-11 18:41 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-12-11 18:41 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-12-11 18:41 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-12-11 18:41 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-12-11 18:41 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-12-11 18:41 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-12-11 18:41 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-12-11 18:41 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-12-11 18:41 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-12-11 18:41 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-12-11 18:41 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-12-11 18:41 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-12-11 18:41 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-12-11 18:41 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-12-11 18:41 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-12-11 18:41 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-12-11 18:41 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-12-11 18:41 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-12-11 18:41 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-12-11 18:41 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-12-11 18:41 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-12-11 18:41 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-12-11 18:41 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-12-11 18:41 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-12-11 18:41 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-12-11 18:41 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-12-11 18:41 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-12-11 18:41 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-12-11 18:41 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-12-11 18:41 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-12-11 18:41 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-12-11 18:41 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-12-11 18:41 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-12-11 18:41 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-12-11 18:41 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-12-11 18:41 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-12-11 18:41 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-12-11 18:41 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-12-11 18:41 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-12-11 18:41 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-12-11 18:41 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-12-11 18:41 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-12-11 18:41 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-12-11 18:41 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-12-11 18:41 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-12-11 18:41 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-12-11 18:41 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-12-11 18:41 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys 2014-12-11 18:40 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-12-11 18:40 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2014-12-11 18:40 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe 2014-12-11 18:40 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe 2014-12-11 18:40 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll 2014-12-11 18:40 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll 2014-12-11 18:40 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll 2014-12-11 18:40 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll 2014-12-11 18:40 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe 2014-12-11 18:40 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll 2014-12-11 18:40 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll 2014-12-11 18:40 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll 2014-12-11 18:40 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll 2014-12-11 18:40 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe 2014-12-07 12:41 - 2014-12-16 16:40 - 00000000 ___HD () C:\Users\Josef\Desktop\[Originaldateien] 2014-12-07 09:55 - 2014-11-30 22:02 - 00002059 _____ () C:\Users\Josef\Desktop\Lightroom 5.7 64-Bit.lnk 2014-12-05 23:10 - 2014-12-05 23:10 - 00000000 ____D () C:\Users\Josef\Desktop\Konverter 2014-12-03 17:10 - 2014-12-18 09:20 - 00000000 ____D () C:\Users\Josef\AppData\Local\D95C058A-9BC8-45EA-84E8-D454B63F41E2.aplzod 2014-12-03 16:48 - 2014-12-18 21:31 - 00000000 ___RD () C:\Users\Josef\iCloudDrive 2014-12-03 16:48 - 2014-12-03 16:48 - 00000000 ____D () C:\Users\Josef\AppData\Local\Apple Inc 2014-12-02 17:58 - 2014-12-02 17:58 - 00000000 ____D () C:\Users\Josef\AppData\Roaming\CyberLink 2014-12-02 17:57 - 2014-12-02 17:58 - 00000000 ____D () C:\Users\Josef\AppData\Roaming\PowerCinema 2014-12-02 17:57 - 2014-12-02 17:57 - 00000000 ____D () C:\Users\Josef\AppData\Local\PowerCinema 2014-12-02 16:24 - 2014-12-02 16:24 - 00003676 _____ () C:\Windows\System32\Tasks\HP-Online-Aktualisierungsprogramm 2014-11-30 22:02 - 2014-11-30 22:02 - 00002079 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 5.7 64-Bit.lnk 2014-11-30 14:30 - 2014-11-30 14:30 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf 2014-11-29 16:08 - 2014-11-29 16:08 - 00001033 _____ () C:\Users\Public\Desktop\Biet-O-Matic.lnk 2014-11-29 16:07 - 2014-11-29 16:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Biet-O-Matic 2014-11-29 16:07 - 2003-01-07 02:22 - 00015873 _____ () C:\Windows\SysWOW64\Inetde.dll 2014-11-29 16:07 - 2000-12-05 23:00 - 00109248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Mswinsck.ocx 2014-11-29 16:07 - 2000-10-01 23:00 - 00125712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vb6de.dll 2014-11-29 16:07 - 2000-05-22 15:58 - 00115920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msinet.ocx 2014-11-29 16:07 - 2000-04-03 19:06 - 00016896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winskde.dll 2014-11-29 16:07 - 2000-04-03 19:05 - 00118784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msstdfmt.dll 2014-11-29 16:07 - 1999-07-14 13:07 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\stdftde.dll 2014-11-29 16:07 - 1998-07-05 23:00 - 00158208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Mscmcde.dll 2014-11-29 16:07 - 1998-07-05 23:00 - 00022528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Tabctde.dll 2014-11-29 16:07 - 1998-06-23 23:00 - 00209192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Tabctl32.ocx 2014-11-29 16:06 - 2014-11-29 16:07 - 04653537 _____ () C:\Users\Josef\Downloads\BOM21412_setup.exe 2014-11-29 15:52 - 2014-12-13 22:49 - 00000000 ____D () C:\Users\Josef\Desktop\Bildschirm 2014-11-29 12:57 - 2014-11-29 13:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2014-11-29 12:55 - 2014-11-29 12:55 - 00000000 ____D () C:\Program Files\Microsoft Office 15 2014-11-29 12:43 - 2014-11-29 12:44 - 00000000 ____D () C:\Users\Josef\Desktop\Outlook 2014-11-28 21:08 - 2014-11-28 21:08 - 00262144 _____ () C:\Windows\system32\config\elam 2014-11-28 21:07 - 2014-12-18 21:38 - 00000000 ____D () C:\Users\Josef\AppData\Roaming\BOM 2014-11-28 21:07 - 2014-11-29 16:08 - 00000000 ____D () C:\Program Files (x86)\Biet-O-Matic 2014-11-28 21:00 - 2014-11-28 22:36 - 00000000 ____D () C:\Program Files (x86)\Wajam 2014-11-28 20:58 - 2014-11-28 20:58 - 00000000 ____D () C:\Users\Josef\AppData\Local\SearchProtect 2014-11-28 20:55 - 2014-11-28 22:36 - 00000000 ____D () C:\Program Files\7-Zip 2014-11-28 20:50 - 2014-11-28 22:36 - 00000000 ____D () C:\Users\Josef\AppData\Roaming\vlc 2014-11-28 20:50 - 2014-11-28 20:50 - 00000000 ____D () C:\Program Files (x86)\VideoLAN 2014-11-28 20:43 - 2014-11-28 20:43 - 00000000 ____D () C:\Garmin 2014-11-26 18:30 - 2014-11-28 23:23 - 00000000 ____D () C:\Program Files (x86)\Garmin GPS Plugin 2014-11-26 18:30 - 2014-11-28 23:22 - 00000000 ____D () C:\Program Files\Garmin GPS Plugin 2014-11-24 18:47 - 2014-11-26 17:58 - 00000000 ____D () C:\Users\Josef\Documents\Daten_Sepp 2014-11-24 18:38 - 2014-11-24 18:38 - 00004608 _____ () C:\Users\Josef\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-11-23 18:58 - 2014-11-23 18:58 - 00000000 ____D () C:\Users\Josef\AppData\Roaming\simplitec 2014-11-23 18:52 - 2014-11-23 18:53 - 00083526 _____ () C:\Windows\hpqins13.dat 2014-11-23 18:48 - 2014-11-23 18:48 - 00000000 ____D () C:\ProgramData\WEBREG 2014-11-23 18:48 - 2010-07-28 17:19 - 00002075 ____N () C:\Windows\hpwmdl23.dat.temp 2014-11-23 18:44 - 2014-11-23 18:53 - 00000000 ____D () C:\Users\Josef\AppData\Roaming\HP 2014-11-23 18:44 - 2014-11-23 18:51 - 00001004 _____ () C:\Users\Josef\AppData\Roaming\ConvAPIPlugin.log 2014-11-23 18:44 - 2014-11-23 18:44 - 00000000 ____D () C:\Users\Josef\AppData\Local\HP 2014-11-23 18:42 - 2014-11-28 23:23 - 00000000 ____D () C:\Program Files (x86)\MSN Toolbar 2014-11-23 18:42 - 2014-11-23 18:42 - 00001384 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Default Manager.lnk 2014-11-23 18:42 - 2014-11-23 18:42 - 00001342 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk 2014-11-23 18:41 - 2014-11-23 18:41 - 00000000 ____D () C:\Windows\SysWOW64\spool 2014-11-23 18:40 - 2014-12-08 16:01 - 00000000 ____D () C:\Users\Josef\AppData\Roaming\HpUpdate 2014-11-23 18:40 - 2014-11-23 18:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP 2014-11-23 18:40 - 2014-11-23 18:40 - 00001361 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\HP Solution Center.lnk 2014-11-23 18:40 - 2014-11-23 18:40 - 00001355 _____ () C:\Users\Public\Desktop\HP Solution Center.lnk 2014-11-23 18:40 - 2014-11-23 18:40 - 00001064 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR-Registrierung.lnk 2014-11-23 18:40 - 2014-11-23 18:40 - 00000000 ____D () C:\ProgramData\HP Product Assistant 2014-11-23 18:37 - 2014-11-23 18:41 - 00000000 ____D () C:\Program Files (x86)\HP 2014-11-23 18:36 - 2014-11-23 18:51 - 00262743 _____ () C:\Windows\hpwins23.dat 2014-11-23 18:36 - 2010-07-28 17:19 - 00002075 ____N () C:\Windows\hpwmdl23.dat 2014-11-23 18:36 - 2010-05-13 11:29 - 00553472 _____ (Hewlett Packard) C:\Windows\system32\hppldcoi.dll 2014-11-23 18:36 - 2010-05-13 11:25 - 01422848 _____ (Hewlett-Packard Co.) C:\Windows\system32\hpwtiop4.dll 2014-11-23 18:36 - 2010-05-13 11:25 - 00906240 _____ (Hewlett-Packard) C:\Windows\system32\hpwwiax5.dll 2014-11-23 18:36 - 2010-02-01 07:54 - 00488960 _____ (Hewlett-Packard Co.) C:\Windows\system32\hpovst11.dll 2014-11-23 18:30 - 2014-11-23 18:30 - 00000000 ____D () C:\Users\Josef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WS_FTP Pro 2014-11-23 18:30 - 2014-11-23 18:30 - 00000000 ____D () C:\Program Files\WS_FTP Pro 2014-11-23 16:10 - 2014-11-23 18:53 - 00002542 _____ () C:\ProgramData\hpzinstall.log 2014-11-23 15:23 - 2014-12-16 18:35 - 00000000 ____D () C:\Users\Josef\Desktop\Bilder_Foren 2014-11-23 12:52 - 2014-11-23 12:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth 2014-11-22 12:03 - 2014-11-22 12:04 - 00000000 ____D () C:\Users\Josef\Desktop\Labertallauf_20141003 2014-11-21 18:39 - 2014-12-06 17:01 - 00000000 ____D () C:\ProgramData\simplitec 2014-11-21 18:39 - 2014-11-21 18:40 - 00000000 ____D () C:\ProgramData\MAGIX 2014-11-21 18:39 - 2014-11-21 18:39 - 00000000 ____D () C:\Users\Josef\AppData\Roaming\MAGIX 2014-11-21 18:39 - 2014-11-21 18:39 - 00000000 ____D () C:\Users\Josef\AppData\Local\MAGIX 2014-11-21 18:39 - 2014-11-21 18:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX 2014-11-21 18:39 - 2014-11-21 18:39 - 00000000 ____D () C:\Program Files (x86)\MAGIX 2014-11-20 19:57 - 2014-11-20 19:58 - 00000000 ____D () C:\ProgramData\Ant 2014-11-20 16:18 - 2014-11-20 16:18 - 00000000 ____D () C:\Users\Josef\AppData\Roaming\Tacx 2014-11-19 11:58 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-11-19 11:58 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll 2014-11-19 11:58 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-11-19 11:58 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-19 17:13 - 2014-11-14 22:02 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-12-19 16:52 - 2014-11-14 23:26 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-12-19 16:50 - 2014-11-14 22:03 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2014-12-19 13:59 - 2014-11-14 20:49 - 01608816 _____ () C:\Windows\WindowsUpdate.log 2014-12-19 12:36 - 2014-11-16 10:13 - 13945389 _____ () C:\Users\Josef\Desktop\Training 12_00.xlsm 2014-12-19 11:59 - 2014-11-14 22:02 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-12-18 21:40 - 2009-07-14 05:45 - 00018512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-12-18 21:40 - 2009-07-14 05:45 - 00018512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-12-18 21:30 - 2014-11-17 17:32 - 00002091 _____ () C:\Windows\error.log 2014-12-18 21:30 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-12-18 21:30 - 2009-07-14 05:51 - 00046594 _____ () C:\Windows\setupact.log 2014-12-18 21:29 - 2014-11-17 17:32 - 00001793 _____ () C:\Windows\errord.log 2014-12-18 14:47 - 2014-11-14 20:45 - 00270342 _____ () C:\Windows\PFRO.log 2014-12-18 13:22 - 2014-11-15 05:34 - 00699614 _____ () C:\Windows\system32\perfh007.dat 2014-12-18 13:22 - 2014-11-15 05:34 - 00149722 _____ () C:\Windows\system32\perfc007.dat 2014-12-18 13:22 - 2009-07-14 06:13 - 01620392 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-12-18 09:24 - 2014-11-17 18:11 - 00000000 ____D () C:\Users\Josef\Documents\Outlook-Dateien 2014-12-17 20:24 - 2014-11-14 23:19 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect 2014-12-17 20:24 - 2014-11-14 21:02 - 00001665 _____ () C:\Users\Josef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-12-16 20:33 - 2014-11-15 12:06 - 00000000 ____D () C:\Users\Josef\AppData\Local\CrashDumps 2014-12-15 13:22 - 2014-11-14 21:59 - 00000000 ____D () C:\Users\Josef\AppData\Local\Google 2014-12-14 13:41 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache 2014-12-14 09:49 - 2014-11-17 16:44 - 00000000 ____D () C:\ProgramData\boost_interprocess 2014-12-13 20:28 - 2014-11-14 22:54 - 00000000 ____D () C:\Users\Josef\Documents\JuiceboxBuilder-Pro 2014-12-13 10:31 - 2014-11-14 23:00 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-12-13 10:31 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-12-13 10:31 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat 2014-12-13 10:14 - 2014-11-15 22:03 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-12-12 22:24 - 2014-11-14 21:02 - 00000000 ____D () C:\Users\Josef\AppData\Roaming\Adobe 2014-12-12 15:55 - 2014-11-14 22:29 - 00000000 ____D () C:\Windows\system32\MRT 2014-12-12 15:50 - 2014-11-14 22:29 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-12-11 21:44 - 2014-11-16 15:59 - 00000000 ____D () C:\Users\Josef\Desktop\Tacx_iGenius 2014-12-11 20:14 - 2014-11-17 17:06 - 00000246 _____ () C:\TTSInstaller.log 2014-12-11 20:12 - 2014-11-15 22:24 - 00001373 _____ () C:\Users\Public\Desktop\Tacx Support Tool.lnk 2014-12-11 20:12 - 2014-11-15 12:02 - 00002282 _____ () C:\Users\Public\Desktop\Tacx Trainer software 4.lnk 2014-12-10 17:41 - 2014-11-14 23:26 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-12-10 17:41 - 2014-11-14 23:26 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-12-10 17:41 - 2014-11-14 23:26 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-12-09 21:16 - 2014-11-15 17:13 - 00000000 ____D () C:\Users\Josef\Documents\ID_Passwoerter 2014-12-07 10:06 - 2014-11-16 15:57 - 00000000 ____D () C:\Users\Josef\Desktop\Foto 2014-12-07 09:44 - 2014-11-17 17:32 - 00000127 _____ () C:\Windows\Crypkey.ini 2014-12-07 09:44 - 2014-11-17 17:32 - 00000000 ____D () C:\Program Files\Stellar Phoenix Outlook PST Repair 2014-12-06 09:14 - 2010-06-24 14:14 - 00000000 ____D () C:\ProgramData\Partner 2014-12-05 23:10 - 2014-11-16 10:15 - 00000000 ____D () C:\Users\Josef\Desktop\Vorhang_Kueche 2014-12-05 20:51 - 2009-07-14 05:45 - 00446712 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-12-03 17:41 - 2014-11-16 15:30 - 00000000 ____D () C:\Users\Josef\AppData\Roaming\Apple Computer 2014-12-03 16:49 - 2014-11-16 15:27 - 00000000 ____D () C:\Users\Josef\AppData\Local\Apple 2014-12-03 16:48 - 2014-11-14 20:59 - 00000000 ____D () C:\Users\Josef 2014-12-03 16:46 - 2014-11-16 15:30 - 00000000 ____D () C:\Users\Josef\AppData\Local\Apple Computer 2014-12-03 16:40 - 2014-11-16 15:26 - 00000000 ____D () C:\Program Files\Common Files\Apple 2014-12-03 16:20 - 2014-11-16 10:15 - 00000000 ____D () C:\Users\Josef\Desktop\Bunker 2014-12-02 17:58 - 2014-11-14 21:36 - 00000000 ____D () C:\ProgramData\CyberLink 2014-12-02 16:24 - 2014-11-15 12:23 - 00003704 _____ () C:\Windows\System32\Tasks\Java Update Scheduler 2014-12-02 16:21 - 2014-11-16 16:15 - 00000000 ____D () C:\Users\Josef\Desktop\TuneUp 2014-11-30 22:01 - 2014-11-14 22:33 - 00000000 ____D () C:\Program Files\Adobe 2014-11-30 19:54 - 2014-11-16 17:06 - 00000000 ____D () C:\Users\Josef\AppData\Roaming\FileZilla 2014-11-29 13:11 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared 2014-11-29 12:49 - 2014-11-14 22:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office _Sharepoint 2014-11-28 23:23 - 2014-11-15 17:13 - 00000000 ____D () C:\Users\Josef\Documents\KV_RV_Vertraege_sonst Schriftverkehr 2014-11-28 23:23 - 2014-11-14 23:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-11-28 23:23 - 2014-11-14 23:26 - 00000000 ____D () C:\Windows\system32\Macromed 2014-11-28 23:23 - 2014-11-14 23:06 - 00000000 ____D () C:\ProgramData\Netzmanager 2014-11-28 23:22 - 2014-11-15 11:43 - 00000000 ____D () C:\Users\Josef\AppData\Local\Garmin 2014-11-28 23:22 - 2014-11-15 11:42 - 00000000 ____D () C:\ProgramData\Garmin 2014-11-28 23:22 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration 2014-11-28 23:21 - 2014-11-15 11:42 - 00000000 ____D () C:\Program Files (x86)\Garmin 2014-11-28 20:41 - 2014-11-15 11:43 - 00000000 ____D () C:\Users\Josef\AppData\Roaming\Garmin 2014-11-24 14:04 - 2014-11-14 22:15 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-11-23 18:57 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD 2014-11-23 18:53 - 2014-11-14 21:00 - 00116520 _____ () C:\Users\Josef\AppData\Local\GDIPFONTCACHEV1.DAT 2014-11-23 18:51 - 2009-07-14 03:34 - 00000560 _____ () C:\Windows\win.ini 2014-11-23 18:46 - 2014-11-14 21:59 - 00000000 ____D () C:\ProgramData\HP 2014-11-23 18:38 - 2010-06-24 13:55 - 00057612 _____ () C:\Windows\DPINST.LOG 2014-11-23 18:33 - 2014-11-16 15:58 - 00000000 ____D () C:\Users\Josef\Desktop\Homepage 2014-11-23 15:23 - 2014-11-15 22:18 - 00000000 ____D () C:\Users\Josef\AppData\Local\ACD Systems 2014-11-23 12:52 - 2010-06-24 14:14 - 00000000 ____D () C:\Program Files (x86)\Google 2014-11-22 09:55 - 2014-11-15 22:14 - 00000000 ____D () C:\Users\Josef\AppData\Local\Downloaded Installations 2014-11-21 18:40 - 2014-11-15 17:14 - 00000000 ____D () C:\Users\Josef\Documents\MAGIX 2014-11-20 19:25 - 2010-06-24 13:53 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-11-19 16:14 - 2014-11-14 23:19 - 00000000 ____D () C:\ProgramData\IePluginServices 2014-11-19 05:37 - 2014-11-14 23:23 - 01594672 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-12-15 15:19 ==================== End Of Log ============================ |
19.12.2014, 18:05 | #4 | |
| Browser öffnen mit "www.delta-homes.com"Zitat:
Nachtrag - Kaspersky: Code:
ATTFilter Nicht gefunden spidentifierimpl.exe c:\users\josef\appdata\local\temp\dlg_xe3wufdc\requirements\? 28.11.2014 21:07:48 not-a-virus:WebToolbar.Win32.Agent.azm Inaktiv OptimizerPro.exe hxxp://dl.softservers.net/111001706/? 28.11.2014 21:01:09 Schädlicher Link Inaktiv sp-downloader.exe hxxp://dlg-cdn.buzzrin.de/public-source/downloadguide/pro-de/1.0/de-de/campaigns/product+website+weboptout/exe/offer/conduit+ltd/great+search+protect/1.0/de-de/? 28.11.2014 20:59:53 not-a-virus:WebToolbar.Win32.Agent.azm Nicht gefunden spidentifierimpl.exe C:\Users\Josef\AppData\Local\Temp\DLG\requirements\? 28.11.2014 20:59:02 not-a-virus:WebToolbar.Win32.Agent.azm Gelöscht PluginService.exe C:\ProgramData\IePluginServices\? 19.11.2014 16:10:02 not-a-virus:AdWare.Win32.Agent.eqwa Gelöscht 91_monetizationloader.js.js e:\datensicherung_sepp\josef reiseck\appdata\local\google\chrome\user data\default\extensions\pgegkicdnjooekkaoflagfdlcflgeohn\1.26.32_0\extensiondata\plugins\? 18.12.2014 20:52:33 not-a-virus:HEUR:WebToolbar.JS.CroRi.heur Nicht gefunden update.exe C:\ProgramData\WindowsMangerProtect\update\? 18.12.2014 14:42:19 not-a-virus:Downloader.Win32.AdLoad.orpc Inaktiv vmw.exe hxxp://cdn.vowsr.com/wte/? 16.11.2014 15:20:16 Schädlicher Link Inaktiv WMD.dll hxxp://cdn.vowsr.com/mpw/? 16.11.2014 15:20:08 Schädlicher Link |
22.12.2014, 00:09 | #5 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Browser öffnen mit "www.delta-homes.com" Adware/Junkware/Toolbars entfernen 1. Schritt: adwCleaner Downloade Dir bitte AdwCleaner auf deinen Desktop.
2. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
3. Schritt: Frisches Log mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ Logfiles bitte immer in CODE-Tags posten |
22.12.2014, 12:43 | #6 |
| Browser öffnen mit "www.delta-homes.com" Hallo, vielen Dank für die Unterstützung. Ich hab alles nach Anweisuung ausgeführt und es hat auch zum Erfolg geführt. Also noch einmal VIELEN DANK!!! Was mich aber noch interessieren würde. Was habe ich mir da eingefangen und wie kann es dazu kommen? Logs: Code:
ATTFilter # AdwCleaner v4.106 - Bericht erstellt am 22/12/2014 um 09:10:44 # Aktualisiert 21/12/2014 von Xplode # Database : 2014-12-21.4 [Live] # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzername : Josef - JOSEF-PC # Gestartet von : C:\Users\Josef\Desktop\Trojanerboard\AdwCleaner_4.106.exe # Option : Löschen ***** [ Dienste ] ***** Dienst Gelöscht : WindowsMangerProtect [#] Dienst Gelöscht : ccnfd_1_10_0_2 Dienst Gelöscht : nkdytjtjsw32 ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\ProgramData\IePluginServices Ordner Gelöscht : C:\ProgramData\Partner Ordner Gelöscht : C:\ProgramData\simplitec Ordner Gelöscht : C:\ProgramData\WindowsMangerProtect Ordner Gelöscht : C:\Program Files (x86)\PC Speed Maximizer Ordner Gelöscht : C:\Program Files (x86)\Wajam Ordner Gelöscht : C:\Program Files (x86)\WinZipper Ordner Gelöscht : C:\Program Files (x86)\ClickCaption_1.10.0.2 Ordner Gelöscht : C:\Program Files\ClickCaption_1.10.0.2 Ordner Gelöscht : C:\Program Files\007 Ordner Gelöscht : C:\Users\Josef\AppData\Local\PackageAware Ordner Gelöscht : C:\Users\Josef\AppData\Local\SearchProtect Ordner Gelöscht : C:\Users\Josef\AppData\LocalLow\HPAppData Ordner Gelöscht : C:\Users\Josef\AppData\Roaming\simplitec Ordner Gelöscht : C:\Users\Josef\AppData\Roaming\Systweak Ordner Gelöscht : C:\Users\Josef\AppData\Roaming\WinZipper Ordner Gelöscht : C:\Users\Josef\Documents\PC Speed Maximizer Ordner Gelöscht : C:\Users\Josef\Documents\Updater Ordner Gelöscht : C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh Datei Gelöscht : C:\Windows\System32\roboot64.exe ***** [ Tasks ] ***** Task Gelöscht : ASP ***** [ Verknüpfungen ] ***** Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk Verknüpfung Desinfiziert : C:\Users\Josef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk Verknüpfung Desinfiziert : C:\Users\Josef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk Verknüpfung Desinfiziert : C:\Users\Josef\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk Verknüpfung Desinfiziert : C:\Users\Josef\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk Verknüpfung Desinfiziert : C:\Users\Josef\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk Verknüpfung Desinfiziert : C:\Users\Josef\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer (64-bit).lnk ***** [ Registrierungsdatenbank ] ***** Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D2CE3E00-F94A-4740-988E-03DC2F38C34F} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8DCB7100-DF86-4384-8842-8FA844297B3F} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D2CE3E00-F94A-4740-988E-03DC2F38C34F} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2CE3E00-F94A-4740-988E-03DC2F38C34F} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8DCB7100-DF86-4384-8842-8FA844297B3F} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D2CE3E00-F94A-4740-988E-03DC2F38C34F} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8DCB7100-DF86-4384-8842-8FA844297B3F} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F} Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{8DCB7100-DF86-4384-8842-8FA844297B3F}] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}] Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}] Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}] Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Schlüssel Gelöscht : HKCU\Software\InstallCore Schlüssel Gelöscht : HKCU\Software\SecuredDownload Schlüssel Gelöscht : HKCU\Software\SmartBar Schlüssel Gelöscht : HKCU\Software\SupHpUISoft Schlüssel Gelöscht : HKCU\Software\systweak Schlüssel Gelöscht : HKLM\SOFTWARE\delta-homesSoftware Schlüssel Gelöscht : HKLM\SOFTWARE\hdcode Schlüssel Gelöscht : HKLM\SOFTWARE\SupTab Schlüssel Gelöscht : HKLM\SOFTWARE\supWindowsMangerProtect Schlüssel Gelöscht : HKLM\SOFTWARE\sweet-pageSoftware Schlüssel Gelöscht : HKLM\SOFTWARE\systweak Schlüssel Gelöscht : HKLM\SOFTWARE\winzipersvc Schlüssel Gelöscht : HKLM\SOFTWARE\ClickCaption_1.10.0.2 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467 Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\delta-homes.com Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.delta-homes.com ***** [ Browser ] ***** -\\ Internet Explorer v11.0.9600.17496 Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page] Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL] Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant] Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default] Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default] Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] -\\ Google Chrome v39.0.2171.95 [C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://search.babylon.com/?q={searchTerms}&AF=100478&babsrc=SP_ss&mntrId=f81ce0410000000000004c0f6e3e1967 [C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://search.babylon.com/?q={searchTerms}&AF=100478&babsrc=SP_ss&mntrId=f81ce0410000000000004c0f6e3e1967 [C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://search.softonic.com/MOY00621/tb_v1?q={searchTerms}&SearchSource=49&cc=&mi=f81ce04100000000000002f46a1ace6a [C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=C2A69170-8BD1-424E-B383-F67091E1C370&apn_sauid=7B6F3687-8C0A-4E82-BC21-232DB3AD38D8& [C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=C2A69170-8BD1-424E-B383-F67091E1C370&apn_sauid=7B6F3687-8C0A-4E82-BC21-232DB3AD38D8& [C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://search.softonic.com/MOY00621/tb_v1?q={searchTerms}&SearchSource=49&cc=&mi=f81ce04100000000000002f46a1ace6a [C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=34EC6C8D-5596-40DE-863A-2B57459DCF34&apn_ptnrs=U3&apn_sauid=EC3E6DEE-F38B-428B-8E17-459BF24FE28C&apn_dtid=OSJ000YYDE&q={searchTerms} [C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=34EC6C8D-5596-40DE-863A-2B57459DCF34&apn_ptnrs=U3&apn_sauid=EC3E6DEE-F38B-428B-8E17-459BF24FE28C&apn_dtid=OSJ000YYDE&q={searchTerms} [C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://dts.search-results.com/sr?src=crb&appid=0&systemid=410&sr=0&q={searchTerms} [C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://mystart.incredibar.com/mb165/?loc=IB_DS&search={searchTerms}&a=6PQHEsc4je&i=26 [C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://mystart.incredibar.com/mb165/?loc=IB_DS&search={searchTerms}&a=6PQHEsc4je&i=26 [C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_ir_14_46_ie&cd=2XzuyEtN2Y1L1QzuyCtD0E0ByCzyyDyC0Ezz0A0CtBtDyCzztN0D0Tzu0StCtDyDtCtN1L2XzutAtFyCtFyEtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyEzytCyBzy0Ezy0FtGtBzzzzzytG0A0E0D0BtGyCtAzytAtGtByDtC0ByD0AtByC0BtByBtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DtBtC0D0Ezy0E0EtGtCyCtCtDtGyEyCzyyEtGzzyB0B0EtGyEtAtB0AyBtB0DtA0B0FtAyC2Q&cr=2005769434&ir= [C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_ir_14_46_ie&cd=2XzuyEtN2Y1L1QzuyCtD0E0ByCzyyDyC0Ezz0A0CtBtDyCzztN0D0Tzu0StCtDyDtCtN1L2XzutAtFyCtFyEtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyEzytCyBzy0Ezy0FtGtBzzzzzytG0A0E0D0BtGyCtAzytAtGtByDtC0ByD0AtByC0BtByBtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DtBtC0D0Ezy0E0EtGtCyCtCtDtGyEyCzyyEtGzzyB0B0EtGyEtAtB0AyBtB0DtA0B0FtAyC2Q&cr=2005769434&ir= [C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.sweet-page.com/web/?type=ds&ts=1416003524&from=cor&uid=WDCXWD7500BPVT-22HXZT1_WD-WX81C706850068500&q={searchTerms} [C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://search.delta-homes.com/web/?type=ds&ts=1418844289&from=wpm12173&uid=WDCXWD7500BPVT-22HXZT1_WD-WX81C706850068500&q={searchTerms} [C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://search.delta-homes.com/web/?type=ds&ts=1418844289&from=wpm12173&uid=WDCXWD7500BPVT-22HXZT1_WD-WX81C706850068500&q={searchTerms} [C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://search.delta-homes.com/web/?type=ds&ts=1418844289&from=wpm12173&uid=WDCXWD7500BPVT-22HXZT1_WD-WX81C706850068500&q={searchTerms} -\\ Opera v0.0.0.0 [C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://search.babylon.com/?q={searchTerms}&AF=100478&babsrc=SP_ss&mntrId=f81ce0410000000000004c0f6e3e1967 [C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://search.babylon.com/?q={searchTerms}&AF=100478&babsrc=SP_ss&mntrId=f81ce0410000000000004c0f6e3e1967 [C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://search.softonic.com/MOY00621/tb_v1?q={searchTerms}&SearchSource=49&cc=&mi=f81ce04100000000000002f46a1ace6a [C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=C2A69170-8BD1-424E-B383-F67091E1C370&apn_sauid=7B6F3687-8C0A-4E82-BC21-232DB3AD38D8& [C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=C2A69170-8BD1-424E-B383-F67091E1C370&apn_sauid=7B6F3687-8C0A-4E82-BC21-232DB3AD38D8& [C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://search.softonic.com/MOY00621/tb_v1?q={searchTerms}&SearchSource=49&cc=&mi=f81ce04100000000000002f46a1ace6a [C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=34EC6C8D-5596-40DE-863A-2B57459DCF34&apn_ptnrs=U3&apn_sauid=EC3E6DEE-F38B-428B-8E17-459BF24FE28C&apn_dtid=OSJ000YYDE&q={searchTerms} [C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=34EC6C8D-5596-40DE-863A-2B57459DCF34&apn_ptnrs=U3&apn_sauid=EC3E6DEE-F38B-428B-8E17-459BF24FE28C&apn_dtid=OSJ000YYDE&q={searchTerms} [C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://dts.search-results.com/sr?src=crb&appid=0&systemid=410&sr=0&q={searchTerms} [C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://mystart.incredibar.com/mb165/?loc=IB_DS&search={searchTerms}&a=6PQHEsc4je&i=26 [C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://mystart.incredibar.com/mb165/?loc=IB_DS&search={searchTerms}&a=6PQHEsc4je&i=26 [C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_ir_14_46_ie&cd=2XzuyEtN2Y1L1QzuyCtD0E0ByCzyyDyC0Ezz0A0CtBtDyCzztN0D0Tzu0StCtDyDtCtN1L2XzutAtFyCtFyEtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyEzytCyBzy0Ezy0FtGtBzzzzzytG0A0E0D0BtGyCtAzytAtGtByDtC0ByD0AtByC0BtByBtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DtBtC0D0Ezy0E0EtGtCyCtCtDtGyEyCzyyEtGzzyB0B0EtGyEtAtB0AyBtB0DtA0B0FtAyC2Q&cr=2005769434&ir= [C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_ir_14_46_ie&cd=2XzuyEtN2Y1L1QzuyCtD0E0ByCzyyDyC0Ezz0A0CtBtDyCzztN0D0Tzu0StCtDyDtCtN1L2XzutAtFyCtFyEtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyEzytCyBzy0Ezy0FtGtBzzzzzytG0A0E0D0BtGyCtAzytAtGtByDtC0ByD0AtByC0BtByBtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DtBtC0D0Ezy0E0EtGtCyCtCtDtGyEyCzyyEtGzzyB0B0EtGyEtAtB0AyBtB0DtA0B0FtAyC2Q&cr=2005769434&ir= [C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.sweet-page.com/web/?type=ds&ts=1416003524&from=cor&uid=WDCXWD7500BPVT-22HXZT1_WD-WX81C706850068500&q={searchTerms} [C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://search.delta-homes.com/web/?type=ds&ts=1418844289&from=wpm12173&uid=WDCXWD7500BPVT-22HXZT1_WD-WX81C706850068500&q={searchTerms} [C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://search.delta-homes.com/web/?type=ds&ts=1418844289&from=wpm12173&uid=WDCXWD7500BPVT-22HXZT1_WD-WX81C706850068500&q={searchTerms} [C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://search.delta-homes.com/web/?type=ds&ts=1418844289&from=wpm12173&uid=WDCXWD7500BPVT-22HXZT1_WD-WX81C706850068500&q={searchTerms} ************************* AdwCleaner[R0].txt - [15246 octets] - [22/12/2014 09:06:51] AdwCleaner[S0].txt - [18038 octets] - [22/12/2014 09:10:44] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [18099 octets] ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.4.0 (11.29.2014:1) OS: Windows 7 Home Premium x64 Ran by Josef on 22.12.2014 at 9:18:38,31 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files Successfully deleted: [File] C:\Windows\prefetch\GOOGLETOOLBARMANAGER_8CA8B414-D855646C.pf Successfully deleted: [File] C:\Windows\prefetch\GOOGLETOOLBARNOTIFIER.EXE-B25C45A8.pf Successfully deleted: [File] C:\Windows\prefetch\GOOGLETOOLBARUSER_32.EXE-992C17DF.pf ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 22.12.2014 at 9:24:46,34 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-12-2014 Ran by Josef (administrator) on JOSEF-PC on 22-12-2014 12:36:49 Running from C:\Users\Josef\Desktop\Trojanerboard Loaded Profile: Josef (Available profiles: Josef) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Egis Technology Inc.) C:\Program Files (x86)\Acer Bio Protection\CompPtcVUI.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (CrypKey (Canada) Ltd.) C:\Windows\System32\Crypserv.exe (Infowatch) C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe () C:\Windows\PLFSetI.exe (Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Deutsche Telekom AG) C:\Program Files\Netzmanager\netzmanager.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Egis Technology Inc.) C:\Program Files (x86)\Acer Bio Protection\BASVC.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe (Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe (Egis Technology Inc.) C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Deutsche Telekom AG) C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe (CyberLink Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe (Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Microsoft Corp.) C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe (Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (O2Micro International) C:\Windows\System32\drivers\o2flash.exe (Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe () C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe (Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\klwtblfs.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-04-17] (Egis Technology Inc.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10134560 2010-03-19] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2107688 2010-04-14] (Synaptics Incorporated) HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [206208 2010-01-13] () HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [558168 2010-04-01] (Atheros Communications) HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [349344 2010-04-23] (Atheros Communications) HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-04-23] (Acer Incorporated) HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1300560 2010-03-03] (Dritek System Inc.) HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-04-17] (Egis Technology Inc.) HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-03-11] (Egis Technology Inc.) HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-03-11] (Egis Technology Inc.) HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [260608 2010-03-09] (NewTech Infosystems, Inc.) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-04-21] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [VitaKeyPdtWzd] => C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe [3577712 2010-03-08] (Egis Technology Inc.) HKLM-x32\...\Run: [MDS_Menu] => C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.) HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe [124136 2010-04-15] (CyberLink Corp.) HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-11] (Kaspersky Lab ZAO) HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [651832 2011-08-24] (Sony Corporation) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Bing Bar] => C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe [243544 2010-04-27] (Microsoft Corp.) HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [288088 2009-11-11] (Microsoft Corporation) HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard) HKU\S-1-5-21-2186974003-2043912784-1202098385-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-10-21] (Garmin Ltd or its subsidiaries) HKU\S-1-5-21-2186974003-2043912784-1202098385-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-06-24] (Google Inc.) HKU\S-1-5-21-2186974003-2043912784-1202098385-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.) HKU\S-1-5-21-2186974003-2043912784-1202098385-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.) HKU\S-1-5-21-2186974003-2043912784-1202098385-1000\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1080104 2014-08-04] (Apple Inc.) HKU\S-1-5-21-2186974003-2043912784-1202098385-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2014-10-20] (Apple Inc.) HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-11-16] (Microsoft Corporation) Lsa: [Notification Packages] C:\Program Files (x86)\Acer Bio Protection\PwdFilterV64 Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk ShortcutTarget: Acer VCM.lnk -> C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\Users\Josef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) Startup: C:\Users\Josef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk ShortcutTarget: Netzmanager.lnk -> C:\Program Files\Netzmanager\netzmanager.exe (Deutsche Telekom AG) ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\Root\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\Root\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\Root\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll (Egis Technology Inc.) ShellIconOverlayIdentifiers: [KAVOverlayIcon] -> {dd230880-495a-11d1-b064-008048ec2fc5} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\shellex.dll (Kaspersky Lab ZAO) ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x86\psdprotect.dll (Egis Technology Inc.) ShellIconOverlayIdentifiers-x32: [KAVOverlayIcon] -> {dd230880-495a-11d1-b064-008048ec2fc5} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\shellex.dll (Kaspersky Lab ZAO) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-2186974003-2043912784-1202098385-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKU\S-1-5-21-2186974003-2043912784-1202098385-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ StartMenuInternet: IEXPLORE.EXE - iexplore.exe SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2186974003-2043912784-1202098385-1000 -> DefaultScope {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = https://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-2186974003-2043912784-1202098385-1000 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = https://www.google.com/search?q={searchTerms} BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\Root\Office15\OCHelper.dll (Microsoft Corporation) BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\Root\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Acer\Acer VCM\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\Root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpWinExt,version=5.0 -> C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com [2014-11-14] FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com [2014-11-14] FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com FF Extension: Gevaarlijke websiteblokkering - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com [2014-11-14] FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com [2014-11-14] FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com [2014-11-14] FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-11-23] FF HKLM-x32\...\Firefox\Extensions: [msntoolbar@msn.com] - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\Firefox FF Extension: No Name - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\Firefox [2014-11-23] FF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension FF Extension: No Name - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension [2014-11-25] FF HKU\S-1-5-21-2186974003-2043912784-1202098385-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 Chrome: ======= CHR HomePage: Default -> hxxp://www.google.de/ CHR StartupUrls: Default -> "hxxp://www.google.com/" CHR DefaultSuggestURL: Default -> CHR Profile: C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Präsentationen) - C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-14] CHR Extension: (Google Docs) - C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-14] CHR Extension: (Google Drive) - C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-14] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-14] CHR Extension: (YouTube) - C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-14] CHR Extension: (Google-Suche) - C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-14] CHR Extension: (Modul zur Link-Untersuchung) - C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-11-14] CHR Extension: (Google Tabellen) - C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-14] CHR Extension: (Kaspersky Protection) - C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpoimibckejjdjcfbdnajaicnklhfplh [2014-11-14] CHR Extension: (Google Wallet) - C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-14] CHR Extension: (Google Mail) - C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-14] CHR Extension: (Anti-Banner) - C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2014-11-14] CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\urladvisor.crx [2013-11-11] CHR HKLM-x32\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - https://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh [Not Found] CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\ab.crx [2013-11-11] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-12-21] (Adobe Systems) [File not signed] R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [34392 2010-04-01] (Atheros Communications) [File not signed] R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-11] (Kaspersky Lab ZAO) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2443960 2014-10-30] (Microsoft Corporation) R2 Crypkey License; C:\Windows\system32\crypserv.exe [122880 2008-05-08] (CrypKey (Canada) Ltd.) [File not signed] R2 CSObjectsSrv; C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [818888 2013-09-25] (Infowatch) S2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [451416 2014-10-21] (Garmin Ltd or its subsidiaries) R2 IGBASVC; C:\Program Files (x86)\Acer Bio Protection\BASVC.exe [3456880 2010-03-08] (Egis Technology Inc.) R2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-09-30] (Intel Corporation) [File not signed] R2 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-04-17] (Egis Technology Inc.) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed] R2 Netzmanager Service; C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [2635776 2012-07-20] (Deutsche Telekom AG) [File not signed] R2 NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [250368 2010-03-09] (NewTech Infosystems, Inc.) [File not signed] R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed] R2 RichVideo; C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [244904 2010-02-03] () [File not signed] R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-30] (Acer Incorporated) R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2145080 2014-07-16] (TuneUp Software) R2 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2314240 2009-09-30] (Intel Corporation) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [84536 2011-06-02] (Infowatch) R1 CSVirtualDiskDrv; C:\Windows\System32\DRIVERS\CSVirtualDiskDrv.sys [66616 2011-06-02] (Infowatch) R3 DSI_SiUSBXp_3_1; C:\Windows\System32\drivers\DSI_SiUSBXp_3_1.sys [16384 2009-03-31] (Silicon Laboratories) R3 hidshim; C:\Windows\system32\DRIVERS\hidshim.sys [6656 2009-08-31] (Windows (R) Win 7 DDK provider) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-11-14] (Kaspersky Lab ZAO) U5 klflt; C:\Windows\System32\Drivers\klflt.sys [92768 2014-11-14] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [628288 2014-11-14] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2014-11-14] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-11-11] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-11-11] (Kaspersky Lab ZAO) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-11-11] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-11-11] (Kaspersky Lab ZAO) S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [44480 2013-09-23] (hxxp://libusb-win32.sourceforge.net) R1 NetworkX; C:\Windows\system32\ckldrv.sys [28664 2008-03-17] () S3 nuvotoncir; C:\Windows\system32\DRIVERS\nuvotoncir.sys [48128 2009-08-31] (Nuvoton Technology Corporation) R3 nuvotonhidcir; C:\Windows\system32\DRIVERS\nuvotonhidcir.sys [26624 2009-08-31] (Nuvoton Technology Corporation) S3 nuvotonir; C:\Windows\system32\DRIVERS\nuvotonir.sys [68096 2009-08-31] (Nuvoton Technology Corporation) R3 O2SDGRDR; C:\Windows\System32\DRIVERS\o2sdgx64.sys [50976 2010-01-11] (O2Micro ) R3 TelekomNM6; C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys [45664 2010-09-16] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2014-05-27] (TuneUp Software) R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] () R3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [254976 2010-08-31] (Jungo) R2 {6E090BD5-4EF5-4bf0-A968-74049E88E935}; C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\000.fcl [146928 2010-04-15] (CyberLink Corp.) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-22 09:18 - 2014-12-22 09:18 - 00000000 ____D () C:\Windows\ERUNT 2014-12-22 09:06 - 2014-12-22 09:10 - 00000000 ____D () C:\AdwCleaner 2014-12-21 12:33 - 2014-12-21 13:05 - 00000000 ___RD () C:\Users\Josef\Desktop\Creative Suite CS2 2014-12-21 12:18 - 2014-12-21 12:18 - 00003316 _____ () C:\Windows\System32\Tasks\{8A28FE80-2F47-446F-A394-0E99E7C8F30F} 2014-12-21 12:16 - 2014-12-21 12:16 - 00003316 _____ () C:\Windows\System32\Tasks\{528B1225-345B-4C8F-BB20-834760168251} 2014-12-21 11:27 - 2014-12-21 11:27 - 00002093 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help Center.lnk 2014-12-21 11:26 - 2014-12-21 11:26 - 00002075 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge.lnk 2014-12-21 11:26 - 2014-12-21 11:26 - 00002049 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS2.lnk 2014-12-21 11:26 - 2014-12-21 11:26 - 00002046 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ImageReady CS2.lnk 2014-12-21 11:26 - 2014-12-21 11:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe 2014-12-21 11:23 - 2014-12-21 11:23 - 00000000 ____D () C:\PS_CS2_Gr_NonRet 2014-12-21 10:55 - 2014-12-21 10:55 - 00000000 ____D () C:\Users\Public\Documents\Adobe PDF 2014-12-21 10:51 - 2014-12-21 11:07 - 00000000 ____D () C:\Creative Suite CS2 2014-12-21 10:39 - 2014-12-21 11:45 - 00000000 ____D () C:\Program Files\BEAF8266-AE64-40A2-BF8D-99F4FB145C26 2014-12-20 09:45 - 2014-12-20 09:45 - 00000000 _____ () C:\Users\Josef\Documents\.txt 2014-12-19 19:13 - 2014-12-19 19:15 - 00000000 ____D () C:\Users\Josef\Desktop\Bad 2014-12-19 18:04 - 2014-12-19 18:04 - 00001348 _____ () C:\Users\Josef\Desktop\Kaspersky.txt 2014-12-19 18:02 - 2014-12-22 12:36 - 00000000 ____D () C:\Users\Josef\Desktop\Trojanerboard 2014-12-19 17:48 - 2014-12-22 12:36 - 00000000 ____D () C:\FRST 2014-12-17 20:38 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-12-17 20:38 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-12-15 14:49 - 2014-12-15 13:01 - 15526138 _____ () C:\Users\Josef\Desktop\Kalender von Reiseck Josef TD-334.ics 2014-12-15 13:36 - 2014-12-15 13:36 - 00001849 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk 2014-12-15 13:36 - 2014-12-15 13:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime 2014-12-15 13:36 - 2014-12-15 13:36 - 00000000 ____D () C:\Program Files (x86)\QuickTime 2014-12-15 13:34 - 2014-12-15 13:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud 2014-12-13 10:31 - 2014-12-13 10:31 - 00000000 ____D () C:\Windows\system32\appraiser 2014-12-12 15:48 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2014-12-12 15:48 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll 2014-12-12 15:48 - 2014-07-07 03:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll 2014-12-12 15:48 - 2014-07-07 03:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe 2014-12-12 15:48 - 2014-07-07 03:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe 2014-12-12 15:48 - 2014-07-07 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll 2014-12-12 15:48 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll 2014-12-12 15:48 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe 2014-12-12 15:48 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe 2014-12-12 15:48 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll 2014-12-11 18:41 - 2014-12-04 03:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2014-12-11 18:41 - 2014-12-04 03:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2014-12-11 18:41 - 2014-12-04 03:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2014-12-11 18:41 - 2014-12-04 03:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2014-12-11 18:41 - 2014-12-04 03:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-12-11 18:41 - 2014-12-04 03:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2014-12-11 18:41 - 2014-12-04 03:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-12-11 18:41 - 2014-12-02 00:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe 2014-12-11 18:41 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-12-11 18:41 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-12-11 18:41 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-12-11 18:41 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-12-11 18:41 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-12-11 18:41 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-12-11 18:41 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-12-11 18:41 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-12-11 18:41 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-12-11 18:41 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-12-11 18:41 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-12-11 18:41 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-12-11 18:41 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-12-11 18:41 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-12-11 18:41 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-12-11 18:41 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-12-11 18:41 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-12-11 18:41 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-12-11 18:41 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-12-11 18:41 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-12-11 18:41 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-12-11 18:41 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-12-11 18:41 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-12-11 18:41 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-12-11 18:41 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-12-11 18:41 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-12-11 18:41 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-12-11 18:41 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-12-11 18:41 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-12-11 18:41 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-12-11 18:41 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-12-11 18:41 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-12-11 18:41 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-12-11 18:41 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-12-11 18:41 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-12-11 18:41 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-12-11 18:41 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-12-11 18:41 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-12-11 18:41 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-12-11 18:41 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-12-11 18:41 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-12-11 18:41 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-12-11 18:41 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-12-11 18:41 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-12-11 18:41 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-12-11 18:41 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-12-11 18:41 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-12-11 18:41 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-12-11 18:41 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-12-11 18:41 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-12-11 18:41 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-12-11 18:41 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-12-11 18:41 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-12-11 18:41 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-12-11 18:41 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-12-11 18:41 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-12-11 18:41 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys 2014-12-11 18:40 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-12-11 18:40 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2014-12-11 18:40 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe 2014-12-11 18:40 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe 2014-12-11 18:40 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll 2014-12-11 18:40 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll 2014-12-11 18:40 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll 2014-12-11 18:40 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll 2014-12-11 18:40 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe 2014-12-11 18:40 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll 2014-12-11 18:40 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll 2014-12-11 18:40 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll 2014-12-11 18:40 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll 2014-12-11 18:40 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe 2014-12-07 12:41 - 2014-12-16 16:40 - 00000000 ___HD () C:\Users\Josef\Desktop\[Originaldateien] 2014-12-07 09:55 - 2014-11-30 22:02 - 00002059 _____ () C:\Users\Josef\Desktop\Lightroom 5.7 64-Bit.lnk 2014-12-05 23:10 - 2014-12-05 23:10 - 00000000 ____D () C:\Users\Josef\Desktop\Konverter 2014-12-03 17:10 - 2014-12-22 09:02 - 00000000 ____D () C:\Users\Josef\AppData\Local\D95C058A-9BC8-45EA-84E8-D454B63F41E2.aplzod 2014-12-03 16:48 - 2014-12-22 09:13 - 00000000 ___RD () C:\Users\Josef\iCloudDrive 2014-12-03 16:48 - 2014-12-03 16:48 - 00000000 ____D () C:\Users\Josef\AppData\Local\Apple Inc 2014-12-02 17:58 - 2014-12-02 17:58 - 00000000 ____D () C:\Users\Josef\AppData\Roaming\CyberLink 2014-12-02 17:57 - 2014-12-02 17:58 - 00000000 ____D () C:\Users\Josef\AppData\Roaming\PowerCinema 2014-12-02 17:57 - 2014-12-02 17:57 - 00000000 ____D () C:\Users\Josef\AppData\Local\PowerCinema 2014-12-02 16:24 - 2014-12-02 16:24 - 00003676 _____ () C:\Windows\System32\Tasks\HP-Online-Aktualisierungsprogramm 2014-11-30 22:02 - 2014-11-30 22:02 - 00002079 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 5.7 64-Bit.lnk 2014-11-30 14:30 - 2014-11-30 14:30 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf 2014-11-29 16:08 - 2014-11-29 16:08 - 00001033 _____ () C:\Users\Public\Desktop\Biet-O-Matic.lnk 2014-11-29 16:07 - 2014-11-29 16:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Biet-O-Matic 2014-11-29 16:07 - 2003-01-07 02:22 - 00015873 _____ () C:\Windows\SysWOW64\Inetde.dll 2014-11-29 16:07 - 2000-12-05 23:00 - 00109248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Mswinsck.ocx 2014-11-29 16:07 - 2000-10-01 23:00 - 00125712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vb6de.dll 2014-11-29 16:07 - 2000-05-22 15:58 - 00115920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msinet.ocx 2014-11-29 16:07 - 2000-04-03 19:06 - 00016896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winskde.dll 2014-11-29 16:07 - 2000-04-03 19:05 - 00118784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msstdfmt.dll 2014-11-29 16:07 - 1999-07-14 13:07 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\stdftde.dll 2014-11-29 16:07 - 1998-07-05 23:00 - 00158208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Mscmcde.dll 2014-11-29 16:07 - 1998-07-05 23:00 - 00022528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Tabctde.dll 2014-11-29 16:07 - 1998-06-23 23:00 - 00209192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Tabctl32.ocx 2014-11-29 16:06 - 2014-11-29 16:07 - 04653537 _____ () C:\Users\Josef\Downloads\BOM21412_setup.exe 2014-11-29 15:52 - 2014-12-13 22:49 - 00000000 ____D () C:\Users\Josef\Desktop\Bildschirm 2014-11-29 12:57 - 2014-11-29 13:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2014-11-29 12:55 - 2014-11-29 12:55 - 00000000 ____D () C:\Program Files\Microsoft Office 15 2014-11-29 12:43 - 2014-11-29 12:44 - 00000000 ____D () C:\Users\Josef\Desktop\Outlook 2014-11-28 21:08 - 2014-11-28 21:08 - 00262144 _____ () C:\Windows\system32\config\elam 2014-11-28 21:07 - 2014-12-20 19:41 - 00000000 ____D () C:\Users\Josef\AppData\Roaming\BOM 2014-11-28 21:07 - 2014-11-29 16:08 - 00000000 ____D () C:\Program Files (x86)\Biet-O-Matic 2014-11-28 20:55 - 2014-11-28 22:36 - 00000000 ____D () C:\Program Files\7-Zip 2014-11-28 20:50 - 2014-11-28 22:36 - 00000000 ____D () C:\Users\Josef\AppData\Roaming\vlc 2014-11-28 20:50 - 2014-11-28 20:50 - 00000000 ____D () C:\Program Files (x86)\VideoLAN 2014-11-28 20:43 - 2014-11-28 20:43 - 00000000 ____D () C:\Garmin 2014-11-26 18:30 - 2014-11-28 23:23 - 00000000 ____D () C:\Program Files (x86)\Garmin GPS Plugin 2014-11-26 18:30 - 2014-11-28 23:22 - 00000000 ____D () C:\Program Files\Garmin GPS Plugin 2014-11-24 18:47 - 2014-11-26 17:58 - 00000000 ____D () C:\Users\Josef\Documents\Daten_Sepp 2014-11-24 18:38 - 2014-11-24 18:38 - 00004608 _____ () C:\Users\Josef\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-11-23 18:52 - 2014-11-23 18:53 - 00083526 _____ () C:\Windows\hpqins13.dat 2014-11-23 18:48 - 2014-11-23 18:48 - 00000000 ____D () C:\ProgramData\WEBREG 2014-11-23 18:48 - 2010-07-28 17:19 - 00002075 ____N () C:\Windows\hpwmdl23.dat.temp 2014-11-23 18:44 - 2014-11-23 18:53 - 00000000 ____D () C:\Users\Josef\AppData\Roaming\HP 2014-11-23 18:44 - 2014-11-23 18:51 - 00001004 _____ () C:\Users\Josef\AppData\Roaming\ConvAPIPlugin.log 2014-11-23 18:44 - 2014-11-23 18:44 - 00000000 ____D () C:\Users\Josef\AppData\Local\HP 2014-11-23 18:42 - 2014-11-28 23:23 - 00000000 ____D () C:\Program Files (x86)\MSN Toolbar 2014-11-23 18:42 - 2014-11-23 18:42 - 00001384 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Default Manager.lnk 2014-11-23 18:42 - 2014-11-23 18:42 - 00001342 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk 2014-11-23 18:41 - 2014-11-23 18:41 - 00000000 ____D () C:\Windows\SysWOW64\spool 2014-11-23 18:40 - 2014-12-22 10:14 - 00000000 ____D () C:\Users\Josef\AppData\Roaming\HpUpdate 2014-11-23 18:40 - 2014-11-23 18:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP 2014-11-23 18:40 - 2014-11-23 18:40 - 00001361 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\HP Solution Center.lnk 2014-11-23 18:40 - 2014-11-23 18:40 - 00001355 _____ () C:\Users\Public\Desktop\HP Solution Center.lnk 2014-11-23 18:40 - 2014-11-23 18:40 - 00001064 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR-Registrierung.lnk 2014-11-23 18:40 - 2014-11-23 18:40 - 00000000 ____D () C:\ProgramData\HP Product Assistant 2014-11-23 18:37 - 2014-11-23 18:41 - 00000000 ____D () C:\Program Files (x86)\HP 2014-11-23 18:36 - 2014-11-23 18:51 - 00262743 _____ () C:\Windows\hpwins23.dat 2014-11-23 18:36 - 2010-07-28 17:19 - 00002075 ____N () C:\Windows\hpwmdl23.dat 2014-11-23 18:36 - 2010-05-13 11:29 - 00553472 _____ (Hewlett Packard) C:\Windows\system32\hppldcoi.dll 2014-11-23 18:36 - 2010-05-13 11:25 - 01422848 _____ (Hewlett-Packard Co.) C:\Windows\system32\hpwtiop4.dll 2014-11-23 18:36 - 2010-05-13 11:25 - 00906240 _____ (Hewlett-Packard) C:\Windows\system32\hpwwiax5.dll 2014-11-23 18:36 - 2010-02-01 07:54 - 00488960 _____ (Hewlett-Packard Co.) C:\Windows\system32\hpovst11.dll 2014-11-23 18:30 - 2014-11-23 18:30 - 00000000 ____D () C:\Users\Josef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WS_FTP Pro 2014-11-23 18:30 - 2014-11-23 18:30 - 00000000 ____D () C:\Program Files\WS_FTP Pro 2014-11-23 16:10 - 2014-11-23 18:53 - 00002542 _____ () C:\ProgramData\hpzinstall.log 2014-11-23 15:23 - 2014-12-16 18:35 - 00000000 ____D () C:\Users\Josef\Desktop\Bilder_Foren 2014-11-23 12:52 - 2014-11-23 12:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth 2014-11-22 12:03 - 2014-11-22 12:04 - 00000000 ____D () C:\Users\Josef\Desktop\Labertallauf_20141003 ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-22 12:13 - 2014-11-14 22:02 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-12-22 11:52 - 2014-11-14 23:26 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-12-22 11:07 - 2014-11-14 22:03 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2014-12-22 10:28 - 2014-11-14 20:49 - 01702638 _____ () C:\Windows\WindowsUpdate.log 2014-12-22 09:22 - 2009-07-14 05:45 - 00018512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-12-22 09:22 - 2009-07-14 05:45 - 00018512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-12-22 09:13 - 2014-11-14 22:02 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-12-22 09:12 - 2014-11-17 17:32 - 00002587 _____ () C:\Windows\error.log 2014-12-22 09:12 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-12-22 09:12 - 2009-07-14 05:51 - 00046818 _____ () C:\Windows\setupact.log 2014-12-22 09:11 - 2014-11-17 17:32 - 00001905 _____ () C:\Windows\errord.log 2014-12-22 09:11 - 2014-11-14 20:45 - 00272960 _____ () C:\Windows\PFRO.log 2014-12-22 09:10 - 2014-11-17 18:11 - 00000000 ____D () C:\Users\Josef\Documents\Outlook-Dateien 2014-12-22 09:10 - 2014-11-14 23:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-12-22 09:10 - 2014-11-14 21:02 - 00000999 _____ () C:\Users\Josef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-12-21 13:12 - 2014-11-16 10:13 - 13945453 _____ () C:\Users\Josef\Desktop\Training 12_00.xlsm 2014-12-21 12:32 - 2014-11-14 21:02 - 00000000 ____D () C:\Users\Josef\AppData\Local\VirtualStore 2014-12-21 12:29 - 2014-11-14 21:02 - 00000000 ____D () C:\Users\Josef\AppData\Roaming\Adobe 2014-12-21 12:23 - 2009-07-14 05:45 - 00447448 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-12-21 11:33 - 2014-11-14 22:42 - 00000000 ____D () C:\Users\Josef\AppData\Local\Adobe 2014-12-21 11:28 - 2014-11-14 21:00 - 00116520 _____ () C:\Users\Josef\AppData\Local\GDIPFONTCACHEV1.DAT 2014-12-21 11:28 - 2010-06-24 14:21 - 00000000 ____D () C:\Program Files (x86)\Adobe 2014-12-21 11:25 - 2010-06-24 14:21 - 00000000 ____D () C:\ProgramData\Adobe 2014-12-21 11:18 - 2014-11-15 17:13 - 00000000 ____D () C:\Users\Josef\Documents\ID_Passwoerter 2014-12-21 10:51 - 2010-06-24 13:53 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-12-19 19:23 - 2014-11-16 10:15 - 00000000 ____D () C:\Users\Josef\Desktop\Bunker 2014-12-18 13:22 - 2014-11-15 05:34 - 00699614 _____ () C:\Windows\system32\perfh007.dat 2014-12-18 13:22 - 2014-11-15 05:34 - 00149722 _____ () C:\Windows\system32\perfc007.dat 2014-12-18 13:22 - 2009-07-14 06:13 - 01620392 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-12-16 20:33 - 2014-11-15 12:06 - 00000000 ____D () C:\Users\Josef\AppData\Local\CrashDumps 2014-12-15 13:22 - 2014-11-14 21:59 - 00000000 ____D () C:\Users\Josef\AppData\Local\Google 2014-12-14 13:41 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache 2014-12-14 09:49 - 2014-11-17 16:44 - 00000000 ____D () C:\ProgramData\boost_interprocess 2014-12-13 20:28 - 2014-11-14 22:54 - 00000000 ____D () C:\Users\Josef\Documents\JuiceboxBuilder-Pro 2014-12-13 10:31 - 2014-11-14 23:00 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-12-13 10:31 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-12-13 10:31 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat 2014-12-13 10:14 - 2014-11-15 22:03 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-12-12 15:55 - 2014-11-14 22:29 - 00000000 ____D () C:\Windows\system32\MRT 2014-12-12 15:50 - 2014-11-14 22:29 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-12-11 21:44 - 2014-11-16 15:59 - 00000000 ____D () C:\Users\Josef\Desktop\Tacx_iGenius 2014-12-11 20:14 - 2014-11-17 17:06 - 00000246 _____ () C:\TTSInstaller.log 2014-12-11 20:12 - 2014-11-15 22:24 - 00001373 _____ () C:\Users\Public\Desktop\Tacx Support Tool.lnk 2014-12-11 20:12 - 2014-11-15 12:02 - 00002282 _____ () C:\Users\Public\Desktop\Tacx Trainer software 4.lnk 2014-12-10 17:41 - 2014-11-14 23:26 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-12-10 17:41 - 2014-11-14 23:26 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-12-10 17:41 - 2014-11-14 23:26 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-12-07 10:06 - 2014-11-16 15:57 - 00000000 ____D () C:\Users\Josef\Desktop\Foto 2014-12-07 09:44 - 2014-11-17 17:32 - 00000127 _____ () C:\Windows\Crypkey.ini 2014-12-07 09:44 - 2014-11-17 17:32 - 00000000 ____D () C:\Program Files\Stellar Phoenix Outlook PST Repair 2014-12-05 23:10 - 2014-11-16 10:15 - 00000000 ____D () C:\Users\Josef\Desktop\Vorhang_Kueche 2014-12-03 17:41 - 2014-11-16 15:30 - 00000000 ____D () C:\Users\Josef\AppData\Roaming\Apple Computer 2014-12-03 16:49 - 2014-11-16 15:27 - 00000000 ____D () C:\Users\Josef\AppData\Local\Apple 2014-12-03 16:48 - 2014-11-14 20:59 - 00000000 ____D () C:\Users\Josef 2014-12-03 16:46 - 2014-11-16 15:30 - 00000000 ____D () C:\Users\Josef\AppData\Local\Apple Computer 2014-12-03 16:40 - 2014-11-16 15:26 - 00000000 ____D () C:\Program Files\Common Files\Apple 2014-12-02 17:58 - 2014-11-14 21:36 - 00000000 ____D () C:\ProgramData\CyberLink 2014-12-02 16:24 - 2014-11-15 12:23 - 00003704 _____ () C:\Windows\System32\Tasks\Java Update Scheduler 2014-12-02 16:21 - 2014-11-16 16:15 - 00000000 ____D () C:\Users\Josef\Desktop\TuneUp 2014-11-30 22:01 - 2014-11-14 22:33 - 00000000 ____D () C:\Program Files\Adobe 2014-11-30 19:54 - 2014-11-16 17:06 - 00000000 ____D () C:\Users\Josef\AppData\Roaming\FileZilla 2014-11-29 13:11 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared 2014-11-29 12:49 - 2014-11-14 22:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office _Sharepoint 2014-11-28 23:23 - 2014-11-15 17:13 - 00000000 ____D () C:\Users\Josef\Documents\KV_RV_Vertraege_sonst Schriftverkehr 2014-11-28 23:23 - 2014-11-14 23:26 - 00000000 ____D () C:\Windows\system32\Macromed 2014-11-28 23:23 - 2014-11-14 23:06 - 00000000 ____D () C:\ProgramData\Netzmanager 2014-11-28 23:22 - 2014-11-15 11:43 - 00000000 ____D () C:\Users\Josef\AppData\Local\Garmin 2014-11-28 23:22 - 2014-11-15 11:42 - 00000000 ____D () C:\ProgramData\Garmin 2014-11-28 23:22 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration 2014-11-28 23:21 - 2014-11-15 11:42 - 00000000 ____D () C:\Program Files (x86)\Garmin 2014-11-28 20:41 - 2014-11-15 11:43 - 00000000 ____D () C:\Users\Josef\AppData\Roaming\Garmin 2014-11-24 14:04 - 2014-11-14 22:15 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-11-23 18:57 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD 2014-11-23 18:51 - 2009-07-14 03:34 - 00000560 _____ () C:\Windows\win.ini 2014-11-23 18:46 - 2014-11-14 21:59 - 00000000 ____D () C:\ProgramData\HP 2014-11-23 18:38 - 2010-06-24 13:55 - 00057612 _____ () C:\Windows\DPINST.LOG 2014-11-23 18:33 - 2014-11-16 15:58 - 00000000 ____D () C:\Users\Josef\Desktop\Homepage 2014-11-23 15:23 - 2014-11-15 22:18 - 00000000 ____D () C:\Users\Josef\AppData\Local\ACD Systems 2014-11-23 12:52 - 2010-06-24 14:14 - 00000000 ____D () C:\Program Files (x86)\Google 2014-11-22 09:55 - 2014-11-15 22:14 - 00000000 ____D () C:\Users\Josef\AppData\Local\Downloaded Installations Some content of TEMP: ==================== C:\Users\Josef\AppData\Local\Temp\Quarantine.exe C:\Users\Josef\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-12-15 15:19 ==================== End Of Log ============================ --- --- --- |
22.12.2014, 15:48 | #7 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Browser öffnen mit "www.delta-homes.com" Bitte auch ne neue Addition.txt erstellen, dazu FRST starten und einen Haken setzen bei Addition.txt, dann auf Scan klicken.
__________________ Logfiles bitte immer in CODE-Tags posten |
22.12.2014, 16:00 | #8 |
| Browser öffnen mit "www.delta-homes.com"Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-12-2014 Ran by Josef at 2014-12-22 15:58:23 Running from C:\Users\Josef\Desktop\Trojanerboard Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Kaspersky PURE 3.0 (Enabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5} AS: Kaspersky PURE 3.0 (Enabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Kaspersky PURE 3.0 (Enabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden 6500_E709_eDocs (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden 6500_E709_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden 6500_E709n (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) ACDSee Pro 3 (HKLM-x32\...\{1B280FAF-AE10-4E31-A41A-DB3917D651DC}) (Version: 3.0.355 - ACD Systems International Inc.) Acer Arcade Deluxe (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 4.1.7615 - CyberLink Corp.) Acer Arcade Deluxe (x32 Version: 4.1.7615 - CyberLink Corp.) Hidden Acer Arcade Instant On (x32 Version: 3.0.34.2 - Acer) Hidden Acer Arcade Movie (x32 Version: 9.0.6415 - CyberLink Corp.) Hidden Acer Backup Manager (HKLM-x32\...\InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}) (Version: 2.0.1.60 - NewTech Infosystems) Acer Bio Protection (HKLM-x32\...\InstallShield_{E09664BB-BB08-45FA-87D1-33EAB0E017F5}) (Version: 6.5.76 - Egis Technology Inc.) Acer Crystal Eye Webcam (HKLM-x32\...\{7760D94E-B1B5-40A0-9AA0-ABF942108755}) (Version: 5.2.12.1 - Suyin Optronics Corp) Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3004 - Acer Incorporated) Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3011 - Acer Incorporated) Acer GameZone Console (HKLM-x32\...\{ABEE079E-648E-488B-8301-0C3DB48C1BCE}_is1) (Version: 6.1.0.2 - Oberon Media, Inc.) Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated) Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0309.2010 - Acer Incorporated) Acer VCM (HKLM-x32\...\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}) (Version: 4.05.3002 - Acer Incorporated) Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated) Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated) Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.) Adobe Photoshop Lightroom 5.7 64-bit (HKLM\...\{1B77B02E-17E4-4B6D-B8A1-74B29AF3D8DD}) (Version: 5.7.0 - Adobe Systems Incorporated) Adobe Reader 9.1 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated) Amazonia (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}) (Version: - Oberon Media) ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Argus Cycle Tour 2010 - South Africa (HKLM-x32\...\{5B7664A8-4383-4C3E-B466-46A947381FFC}) (Version: 1.00.0000 - Tacx) Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.24 - Atheros Communications Inc.) Atheros_7.0.2.13_patch2_64 (HKLM-x32\...\{2D13FC7D-42A8-4BF1-AF0C-B3DC68C59448}_is1) (Version: - Atheros) ATI Catalyst Install Manager (HKLM\...\{F5816A09-786E-C91D-3D99-8A8C92648750}) (Version: 3.0.765.0 - ATI Technologies, Inc.) Backup Manager Advance (x32 Version: 2.0.1.60 - NewTech Infosystems) Hidden Biet-O-Matic v2.14.12 (HKLM-x32\...\Biet-O-Matic v2.14.12) (Version: 2.14.12 - BOM Development Team) Bing Bar (HKLM-x32\...\{08234a0d-cf39-4dca-99f0-0c5cb496da81}) (Version: 5.0.1449.0 - Microsoft Corporation) Bing Bar Platform (x32 Version: 5.0.1449.0 - Microsoft Corporation) Hidden Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.00.002.0013 - Atheros Communications) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden BPDSoftware (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden BufferChm (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden Cake Mania (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}) (Version: - Oberon Media) ccc-core-static (x32 Version: 2010.0421.657.10561 - Ihr Firmenname) Hidden Chicken Invaders 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}) (Version: - Oberon Media) Dairy Dash (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}) (Version: - Oberon Media) Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden DeviceDiscovery (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden DocMgr (x32 Version: 140.0.65.000 - Ihr Firmenname) Hidden DocProc (x32 Version: 140.0.100.000 - Hewlett-Packard) Hidden Download & Install Packages (HKU\S-1-5-21-2186974003-2043912784-1202098385-1000\...\Download & Install Packages) (Version: - ) <==== ATTENTION Dream Day First Home (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version: - Oberon Media) eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM) Elevated Installer (x32 Version: 3.2.21.0 - Garmin Ltd or its subsidiaries) Hidden eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.) eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden Farm Frenzy 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}) (Version: - Oberon Media) Fax (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden FileZilla Client 3.9.0.6 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0.6 - Tim Kosse) Fingerprint Solution (x32 Version: 6.1.76.0 - Egis Technology Inc.) Hidden Galapago (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}) (Version: - Oberon Media) Garmin Express (HKLM-x32\...\{045320b6-c340-4960-aefd-57bf08a9b425}) (Version: 3.2.21.0 - Garmin Ltd or its subsidiaries) Garmin Express (x32 Version: 3.2.21.0 - Garmin Ltd or its subsidiaries) Hidden Garmin Express Tray (x32 Version: 3.2.21.0 - Garmin Ltd or its subsidiaries) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.) Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.) Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden GPBaseService2 (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden Granny In Paradise (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}) (Version: - Oberon Media) Heroes of Hellas (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}) (Version: - Oberon Media) HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP) HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP) HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP) HP Officejet 6500 E709 Series (HKLM\...\{58D79E62-CFC8-4331-8469-3A1B16E1769C}) (Version: 14.0 - HP) HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP) HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP) HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP) HP Update (HKLM-x32\...\{74DC0593-6BC6-4001-AD5F-D810AFB68D86}) (Version: 5.002.002.002 - Hewlett-Packard) HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden HPProductAssistant (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden HPSSupply (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.) Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation) Ipswitch WS_FTP Pro Uninstall (HKLM-x32\...\WS_FTPPro) (Version: - ) iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.) Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation) JuiceboxBuilder-Pro (HKLM-x32\...\JuiceboxBuilder-Pro) (Version: 1.3.2 - SimpleViewer Inc) JuiceboxBuilder-Pro (x32 Version: 1.3.2 - SimpleViewer Inc) Hidden Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden Kaspersky PURE 3.0 (HKLM-x32\...\InstallWIX_{D0702EE9-9DE4-419A-9C6C-4730B1C985BA}) (Version: 13.0.2.558 - Kaspersky Lab) Kaspersky PURE 3.0 (x32 Version: 13.0.2.558 - Kaspersky Lab) Hidden Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.7 - Acer Inc.) MAGIX Foto Designer 7 (HKLM-x32\...\MAGIX_{2DCD52EE-1AE1-4128-9819-A79F7D09B6B3}) (Version: 7.0.1.1 - MAGIX AG) MAGIX Foto Designer 7 (Version: 7.0.1.1 - MAGIX AG) Hidden Mallorca Tour I - Spain (HKLM-x32\...\{8B5D5C58-A053-4832-949A-53933682588D}) (Version: 1.00.0000 - Tacx) MarketResearch (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden MediaShow Espresso (x32 Version: 5.5.1403_23691 - CyberLink Corp.) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Expression Web 4 (HKLM-x32\...\Web_4.0.1460.0) (Version: 4.0.1460.0 - Microsoft Corporation) Microsoft Office Professional Plus 2013 - de-de (HKLM\...\ProPlusRetail - de-de) (Version: 15.0.4667.1002 - Microsoft Corporation) Microsoft SharePoint Designer 2013 (HKLM\...\Office15.SharePointDesigner) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.) Microsoft XNA Framework Redistributable 3.0 (HKLM-x32\...\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}) (Version: 3.0.11010.0 - Microsoft Corporation) Milan San Remo 2008 - Italy (HKLM-x32\...\{B1552C76-5085-4982-A131-72E6174F29B6}) (Version: 1.00.0000 - Tacx) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) MyWinLocker (x32 Version: 3.1.210.0 - Egis Technology Inc.) Hidden MyWinLocker Suite (HKLM-x32\...\InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}) (Version: 3.1.210.0 - Egis Technology Inc.) MyWinLocker Suite (x32 Version: 3.1.210.0 - Egis Technology Inc.) Hidden Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden Netzmanager (Version: 1.081 - Deutsche Telekom AG, Marmiko IT-Solutions GmbH) Hidden Nik Collection (HKLM-x32\...\Nik Collection) (Version: 1.2.8 - Google) NTI Backup Now 5 (HKLM-x32\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.628 - NewTech Infosystems) NTI Backup Now Standard (x32 Version: 5.1.2.628 - NewTech Infosystems) Hidden NTI Media Maker 8 (HKLM-x32\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.12.6630 - NewTech Infosystems) NTI Media Maker 8 (x32 Version: 8.0.12.6630 - NewTech Infosystems) Hidden Nuvoton CIR Device Drivers (HKLM-x32\...\{FBC79D04-051E-4367-8051-1DB0C893FBE0}) (Version: 8.60.2002 - Nuvoton Technology Corporation) O2Micro 1394 OHCI Compliant Host Controller Driver (HKLM-x32\...\InstallShield_{AFC44A23-E6A8-4625-B6B1-23D438525D59}) (Version: 1.0.00 - O2Micro International LTD.) O2Micro 1394 OHCI Compliant Host Controller Driver (Version: 1.0.00 - O2Micro International LTD.) Hidden O2Micro Flash Memory Card Windows Driver (HKLM-x32\...\InstallShield_{5FAD2AAE-C6DD-4CC8-B325-BFCBB3D32249}) (Version: 2.0.37.D - O2Micro International LTD.) O2Micro Flash Memory Card Windows Driver (Version: 2.0.37.D - O2Micro International LTD.) Hidden OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP) Office 15 Click-to-Run Extensibility Component (Version: 15.0.4667.1002 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4667.1002 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (Version: 15.0.4667.1002 - Microsoft Corporation) Hidden Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden PMB (HKLM-x32\...\{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}) (Version: 5.8.00.09123 - Sony Corporation) Portrait Professional 10.8 (HKLM-x32\...\PortraitProfessional10_is1) (Version: 10.8 - Anthropics Technology Ltd.) ProductContext (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6072 - Realtek Semiconductor Corp.) Scan (x32 Version: 140.0.167.000 - Hewlett-Packard) Hidden Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0017-0000-1000-0000000FF1CE}_Office15.SharePointDesigner_{67A083C6-0A9E-48E8-BC90-C1EDA8028ED4}) (Version: - Microsoft) Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP) Shredder (Version: 2.0.8.3 - Egis Technology Inc.) Hidden Shredder (x32 Version: 2.0.8.3 - Egis Technology Inc.) Hidden SmartWebPrinting (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden SolutionCenter (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden Spin & Win (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}) (Version: - Oberon Media) Status (x32 Version: 140.0.256.000 - Hewlett-Packard) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.12.2 - Synaptics Incorporated) Tacx Trainer software 4 (HKLM-x32\...\{1FC386C1-EA57-43DB-9860-FE327C143148}) (Version: 4.13.0 - Tacx BV) The Grossglockner 2008 - Austria (HKLM-x32\...\{6AD671B1-4FAD-43A1-9EC2-42301DFF3D3C}) (Version: 1.00.0000 - Tacx) Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden TrayApp (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden TTS Launcher (HKLM-x32\...\{2D09223F-34B4-4C74-B6F2-ABDE6BEC82E5}) (Version: 1.0.3 - Tacx BV) TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.340 - TuneUp Software) Hidden TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities) (Version: 14.0.1000.340 - TuneUp Software) TuneUp Utilities 2014 (x32 Version: 14.0.1000.340 - TuneUp Software) Hidden Überwachungstool für die Intel® Turbo-Boost-Technik (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.186.6 - Intel) USB ANT Stick Silicon Laboratories USBXpress Device (Driver Removal) (HKLM-x32\...\USB_ANT_SIUSBXP_3_1&1004&0FCF) (Version: - ) WebReg (x32 Version: 140.0.213.017 - Hewlett-Packard) Hidden Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.01.3002 - Acer Incorporated) Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation) Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation) Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation) Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation) Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.) Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 18-12-2014 09:18:50 Windows Update 21-12-2014 11:25:02 Adobe Photoshop CS2 wird installiert 22-12-2014 12:47:45 Installed 7-Zip 9.20 (x64 edition) ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {1830E1A6-0CD6-4683-AB0B-63139290F43A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {224EAC5D-D3C9-4260-B253-ABA8F736325E} - System32\Tasks\HP-Online-Aktualisierungsprogramm => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2009-11-18] (Hewlett-Packard) Task: {2D28C6D4-82D9-4E6F-9AEF-D1CA499D948B} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-10-21] () Task: {3C369532-32DB-4AC1-97BC-86965BB9D6C5} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe [2014-07-16] (TuneUp Software) Task: {48BF3627-CF5F-4357-B6E3-B01FB0B3AC61} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation) Task: {5D644936-02A2-4A76-BCD2-4ACF464A0AD8} - System32\Tasks\{8A28FE80-2F47-446F-A394-0E99E7C8F30F} => pcalua.exe -a "C:\Users\Josef\Desktop\Foto\Foto_Software\Adobe\Creative Suite CS2\CS2_RetNon_Ger_3.exe" -d "C:\Users\Josef\Desktop\Foto\Foto_Software\Adobe\Creative Suite CS2" Task: {6375FE9B-0F15-4B72-84A5-B5DC9C661CE2} - System32\Tasks\{EF48D0EB-28C4-43A2-8FE7-45FF0EB4AC99} => pcalua.exe -a c:\PROGRA~2\COMMON~1\ADOBEA~1\Versions\1.0\ADOBEA~1.EXE -c "C:\Users\Josef\AppData\Local\Temp\Temp1_juicebox_pro_1.3.2.zip\juicebox_pro_1.3.2\JuiceboxBuilder-Pro.air" Task: {6C964581-D351-4735-83B6-43568B4E7C60} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\Root\Office15\msoia.exe [2014-11-29] (Microsoft Corporation) Task: {6D92763E-7206-4A23-B7AA-26181BB1F59B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-10] (Adobe Systems Incorporated) Task: {98EFF087-0D02-4DBF-AD73-E9849E980F08} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-14] (Google Inc.) Task: {9CDB30CB-9C55-4D0D-A233-4F9C05EAAA36} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\Root\Office15\msoia.exe [2014-11-29] (Microsoft Corporation) Task: {9F5E8837-664E-4DCC-8940-ECF9A737561D} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-10-07] (Oracle Corporation) Task: {AC3C1682-1F45-4CC0-B58A-8A3B97062208} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {D489FCAE-3B05-4EFB-9047-6A76C9C66FD6} - System32\Tasks\{528B1225-345B-4C8F-BB20-834760168251} => pcalua.exe -a "C:\Users\Josef\Desktop\Foto\Foto_Software\Adobe\Creative Suite CS2\CS2_RetNon_Ger_2.exe" -d "C:\Users\Josef\Desktop\Foto\Foto_Software\Adobe\Creative Suite CS2" Task: {DF4379F9-ADC4-4785-ACC0-0A877DBB1BA7} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-10-07] (Microsoft Corporation) Task: {E9066672-66C4-4EFC-B0BC-31D454156384} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-14] (Google Inc.) Task: {ECC75410-0A30-421C-AB6A-D4E9EBC9D2FA} - System32\Tasks\Recovery Management\Burn Notification => C:\Program Files\Acer\Acer eRecovery Management\NotificationCenter\Notification.exe [2010-03-26] (Acer) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2010-03-08 03:35 - 2010-03-08 03:35 - 00108912 _____ () C:\Program Files (x86)\Acer Bio Protection\PwdFilterV64.DLL 2014-11-29 12:55 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2014-11-14 21:18 - 2010-01-13 10:47 - 00206208 _____ () C:\Windows\PLFSetI.exe 2010-10-19 08:31 - 2010-10-19 08:31 - 00205312 _____ () C:\Program Files\Netzmanager\NMInfraIS2\driver64\SoftplugLib.DLL 2014-11-14 21:37 - 2010-02-03 09:37 - 00244904 ____N () C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe 2014-07-16 09:24 - 2014-07-16 09:24 - 00699704 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\avgrepliba.dll 2014-05-01 20:29 - 2014-05-01 20:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll 2010-03-26 10:41 - 2010-03-26 10:41 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll 2014-11-14 20:54 - 2014-11-14 20:54 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll 2014-11-29 12:55 - 2014-11-29 12:55 - 00393376 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream64.dll 2014-11-29 12:55 - 2014-11-29 13:00 - 02210480 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\tmpod.dll 2014-11-29 12:58 - 2014-11-29 13:00 - 01428128 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\ADDINS\UmOutlookAddin.dll 2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2012-12-20 18:19 - 2012-12-20 18:19 - 00479752 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\dblite.dll 2012-12-20 18:19 - 2012-12-20 18:19 - 01310728 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\kpcengine.2.2.dll 2010-06-24 14:32 - 2009-05-20 07:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll 2010-03-09 01:18 - 2010-03-09 01:18 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll 2010-03-09 01:13 - 2010-03-09 01:13 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-2186974003-2043912784-1202098385-500 - Administrator - Disabled) Gast (S-1-5-21-2186974003-2043912784-1202098385-501 - Limited - Disabled) Josef (S-1-5-21-2186974003-2043912784-1202098385-1000 - Administrator - Enabled) => C:\Users\Josef ==================== Faulty Device Manager Devices ============= Name: Officejet 6500 E709n Description: Officejet 6500 E709n Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318} Manufacturer: HP Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: WD SES Device USB Device Description: WD SES Device USB Device Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== System errors: ============= Error: (12/22/2014 02:26:41 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {9E6E74C7-0E85-4D14-8851-7635E2C1C528} Error: (12/22/2014 01:37:33 PM) (Source: Disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error: (12/22/2014 10:09:44 AM) (Source: Disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error: (12/22/2014 10:09:28 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {995C996E-D918-4A8C-A302-45719A6F4EA7} Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2014-12-14 09:53:39.888 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-12-14 09:53:39.859 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-12-14 09:50:58.821 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-12-14 09:50:58.801 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-11-18 17:34:40.349 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-11-18 17:34:40.347 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-11-18 17:34:40.207 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-11-18 17:34:40.144 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-11-18 17:29:12.358 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-11-18 17:29:12.296 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7 CPU Q 740 @ 1.73GHz Percentage of memory in use: 33% Total physical RAM: 8124.5 MB Available physical RAM: 5374.08 MB Total Pagefile: 16247.17 MB Available Pagefile: 12697.21 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: (Acer) (Fixed) (Total:681.04 GB) (Free:197.09 GB) NTFS Drive e: (My Book) (Fixed) (Total:3725.99 GB) (Free:2513.04 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 698.6 GB) (Disk ID: A5F07B42) Partition 1: (Not Active) - (Size=14 GB) - (Type=27) Partition 2: (Not Active) - (Size=3.5 GB) - (Type=12) Partition 3: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=681 GB) - (Type=OF Extended) Attempted reading MBR returned 0 bytes. Could not read MBR for disk 1. ==================== End Of Log ============================ |
22.12.2014, 16:08 | #9 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Browser öffnen mit "www.delta-homes.com" Okay, dann Kontrollscans mit MBAM und ESET bitte: Downloade Dir bitte Malwarebytes Anti-Malware
ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
23.12.2014, 12:48 | #10 |
| Browser öffnen mit "www.delta-homes.com" Hat leider eine Weile gedauert. Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 22.12.2014 Suchlauf-Zeit: 18:40:32 Logdatei: mbam.txt Administrator: Ja Version: 2.00.4.1028 Malware Datenbank: v2014.12.22.06 Rootkit Datenbank: v2014.12.14.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Josef Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 345909 Verstrichene Zeit: 13 Min, 24 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 0 (Keine schädliche Elemente erkannt) Registrierungswerte: 0 (Keine schädliche Elemente erkannt) Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 0 (Keine schädliche Elemente erkannt) Dateien: 5 PUP.Optional.InstallCore, C:\Users\Josef\AppData\Roaming\0D1F2W1G1I1F1T1QyE2W1L1G1Q1F2W1B\Download & Install Packages\uninstaller.exe, , [bc2215508fed35019fb6e01c8f7218e8], PUP.Optional.InstallCore, C:\Users\Josef\AppData\Local\Temp\58401205.Uninstall\uninstaller.exe, , [cc12a1c4c4b86cca4f062fcdd52cb749], PUP.Optional.InstallCore, C:\Users\Josef\AppData\Local\Temp\58550700.Uninstall\uninstaller.exe, , [4e905411e993a4921144f507847d4bb5], PUP.Optional.InstallCore, C:\Users\Josef\AppData\Local\Temp\58605831.Uninstall\uninstaller.exe, , [805e77ee7c004de96de874884cb5ca36], PUP.Optional.SecurityProtection.A, C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh.crx, , [15c95f061f5dd561c23987d19370f30d], Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=2e832004d451f9499c363d3c26a00061 # engine=21668 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2014-12-23 01:05:24 # local_time=2014-12-23 02:05:24 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='Kaspersky PURE 3.0' # compatibility_mode=1289 16777214 100 99 25718 110707592 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776573 100 94 129692 170926574 0 0 # scanned=864548 # found=45 # cleaned=0 # scan_time=25151 sh=CAD805B3B450427B1F6FA77814F6CE6E40691FBE ft=1 fh=28418eb44ee327e6 vn="Variante von Win32/InstallCore.TL evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2186974003-2043912784-1202098385-1000\$RM0O2N8.exe" sh=A7E55C336AB5504ED0AE3BBD292CF508769FE131 ft=1 fh=3ba8fc19ca14dfb1 vn="Variante von Win32/Adware.Adpeak.Q Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\007\nkdytjtjsw32.exe.vir" sh=C1D7E269C9CEC47C21C557E33DD215E2A18C92E7 ft=1 fh=c71c00117580c45f vn="Variante von Win32/ELEX.BC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe.vir" sh=C93FB945956D3241233F257ECD5BC0A0CD586235 ft=0 fh=0000000000000000 vn="JS/Trackware.Agent.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh\1.2.4_0\js\inject.js.vir" sh=FA55D765ACECF0E142995558447BA1C0C64A95B9 ft=1 fh=8a5fed32a6adae19 vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir" sh=5F94B5147433490152EAC795CB75A929A77F7AB1 ft=1 fh=06d2e423d167a2a2 vn="Variante von Win32/InstallCore.PY evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Josef\Downloads\IDM2-Win-EN.exe" sh=9D02A0107DA5A558ED3B9131060933DDDE2DD653 ft=1 fh=164f737b091da2c9 vn="Mehrere Bedrohungen" ac=I fn="C:\Windows\Temp\BEAF8266-AE64-40A2-BF8D-99F4FB145C26n.exe" sh=D5548ED6BC1308AE61F2FFD215F8EE70E73A271E ft=1 fh=c71c0011010f2845 vn="Variante von Win32/Toolbar.Babylon.F evtl. unerwünschte Anwendung" ac=I fn="E:\Datensicherung_Sepp\Josef Reiseck\AppData\Local\Babylon\Setup\BExternal.dll" sh=55953896937FFDB69A3179997B01D6231717B055 ft=1 fh=377d655ef08f77a0 vn="Variante von Win32/Toolbar.Babylon.E evtl. unerwünschte Anwendung" ac=I fn="E:\Datensicherung_Sepp\Josef Reiseck\AppData\Local\Babylon\Setup\IECookieLow.dll" sh=40969E053E001937C71D74EA719F78BF9A5FEF2A ft=1 fh=9a76860661eadcce vn="Win32/Toolbar.Babylon evtl. unerwünschte Anwendung" ac=I fn="E:\Datensicherung_Sepp\Josef Reiseck\AppData\Local\Babylon\Setup\MyBabylonTB.exe" sh=1476185F98F21971B4C64716990B13EE0CEFD707 ft=1 fh=6886307c4e8d6b1c vn="Variante von Win32/Toolbar.Babylon.E evtl. unerwünschte Anwendung" ac=I fn="E:\Datensicherung_Sepp\Josef Reiseck\AppData\Local\Babylon\Setup\Setup.exe" sh=57279257E733B05B254033CFED9DF0A9239A0680 ft=0 fh=0000000000000000 vn="JS/Adware.Yontoo.B Anwendung" ac=I fn="E:\Datensicherung_Sepp\Josef Reiseck\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.4_0\back.js" sh=6D2F4089C3FB9A3AD6F255F9BD9D7DB6BC5B4B5E ft=0 fh=0000000000000000 vn="JS/Adware.Yontoo.A Anwendung" ac=I fn="E:\Datensicherung_Sepp\Josef Reiseck\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.4_0\yl.js" sh=95ADC7925C2BB20FACE637E7031972F8E208FA33 ft=0 fh=0000000000000000 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="E:\Datensicherung_Sepp\Josef Reiseck\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx" sh=9F9CF6762E257F68F6623E8B86E62819BB182C87 ft=0 fh=0000000000000000 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="E:\Datensicherung_Sepp\Josef Reiseck\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetNT.crx" sh=4AFC28D0218FACFEEA4A88E1DC311CA0ABC6FCE5 ft=1 fh=897dc87dbc6ba9f1 vn="Mehrere Bedrohungen" ac=I fn="E:\Datensicherung_Sepp\Josef Reiseck\AppData\Local\Temp\9003.exe" sh=6B3D8EE31019F17D284C82F5A8E148EC2AD98C4A ft=1 fh=7c069882bbc38c72 vn="Variante von Win32/Complitly.A evtl. unerwünschte Anwendung" ac=I fn="E:\Datensicherung_Sepp\Josef Reiseck\AppData\Roaming\Complitly\Complitly.dll" sh=A3DC07B87C3A77711F062B93B6E22BCF7C49F8C1 ft=1 fh=7408fda3ce07568f vn="Variante von Win32/PredictAd.A evtl. unerwünschte Anwendung" ac=I fn="E:\Datensicherung_Sepp\Josef Reiseck\AppData\Roaming\Complitly\KeepMeUpdated.exe" sh=3B0F9DF1FEF6F297E7A3AC319A21174166B63A2A ft=1 fh=b5e9e28e3551652e vn="Variante von Win64/Complitly.A evtl. unerwünschte Anwendung" ac=I fn="E:\Datensicherung_Sepp\Josef Reiseck\AppData\Roaming\Complitly\64\Complitly64.dll" sh=A3DC07B87C3A77711F062B93B6E22BCF7C49F8C1 ft=1 fh=7408fda3ce07568f vn="Variante von Win32/PredictAd.A evtl. unerwünschte Anwendung" ac=I fn="E:\Datensicherung_Sepp\Josef Reiseck\AppData\Roaming\Complitly\64\KeepMeUpdated.exe" sh=FB9B4B0EE9279CFE23CBACD4B2765483321A08DE ft=1 fh=643fe0264237b7d6 vn="Win32/Toolbar.Montiera.I evtl. unerwünschte Anwendung" ac=I fn="E:\Datensicherung_Sepp\Josef Reiseck\AppData\Roaming\OpenCandy\514EC4010C364E19A0B492813AAFBEF7\Softonic_chr_p1v6.exe" sh=EE4A580BD51B86C4B4079B9E4F267A454AE0D320 ft=1 fh=72e6de8e7f315ca3 vn="Win32/SoftonicDownloader.A evtl. unerwünschte Anwendung" ac=I fn="E:\Datensicherung_Sepp\Josef Reiseck\Desktop\Software\Software_alt\Software_PC\BOM_Bietsoftware.exe" sh=6E46A0A077930B1B9D25C3105F629D399CB8EBD1 ft=1 fh=88cd3388df6e5029 vn="Win32/Adware.Toolbar.Shopper Anwendung" ac=I fn="E:\Datensicherung_Sepp\Josef Reiseck\Desktop\Software\Software_alt\Software_PC\Office 2007\daemon4123-lite.exe" sh=2CA1645D010A152C0EF078EE1BF030EDAD769E87 ft=1 fh=e1911fa5d7bfc39e vn="Win32/Adware.WildTangent Anwendung" ac=I fn="E:\Datensicherung_Sepp\Josef Reiseck\Desktop\Software\Software_alt\Software_PC\Spiele\speedway.exe" sh=5D6CD79906F9D07265D40AFB9E47B64016F5BD17 ft=1 fh=b11019cacfc333e5 vn="Win32/Adware.WildTangent Anwendung" ac=I fn="E:\Datensicherung_Sepp\Josef Reiseck\Desktop\Software\Software_alt\Software_PC\Spiele\tlboxing.exe" sh=B69FF71CC2986E88C54E30CC611EAE26CA9B583F ft=1 fh=1b539b36dba40fb3 vn="Win32/Adware.WildTangent Anwendung" ac=I fn="E:\Datensicherung_Sepp\Josef Reiseck\Desktop\Software\Software_alt\Software_PC\Spiele\trackmeet.exe" sh=450BC07BDF16426A927CFDCF6952C70D8CE5E9F5 ft=1 fh=c6a73bdcdf60520b vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="E:\Datensicherung_Sepp\Josef Reiseck\Downloads\ashampoo_burning_studio_6_free_6.80_3639.exe" sh=1D4DD4523492EDC59753D2F328BF3564A9390EA4 ft=1 fh=ec458d8c372fafe5 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="E:\Datensicherung_Sepp\Josef Reiseck\Downloads\ashampoo_burning_studio_6_free_6.80_4312.exe" sh=698A03A88D3C1D0613EFCE82138248A3EA21E3E0 ft=1 fh=8b635154fd9f4e78 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="E:\Datensicherung_Sepp\Josef Reiseck\Downloads\ashampoo_photo_commander_7_7.60_7659[1]" sh=698A03A88D3C1D0613EFCE82138248A3EA21E3E0 ft=1 fh=8b635154fd9f4e78 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="E:\Datensicherung_Sepp\Josef Reiseck\Downloads\ashampoo_photo_commander_7_7\ashampoo_photo_commander_7_7.60_7659[1]" sh=13DDFB00567A8F5FB6EA6509A272B24018D22B1C ft=1 fh=b8d1396863c48d65 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="E:\Datensicherung_Sepp\Josef Reiseck\Downloads\LG KS20\Elf_1.exe" sh=72EAFCCC9560913E74953DBD6DA6D8BBC3D5A77B ft=0 fh=0000000000000000 vn="Win32/Packed.Autoit.E.Gen evtl. unerwünschte Anwendung" ac=I fn="E:\Datensicherung_Sepp\Josef Reiseck\Dropbox (Alt)\Public\FritzRePass1.20-U3.zip" sh=450BC07BDF16426A927CFDCF6952C70D8CE5E9F5 ft=1 fh=c6a73bdcdf60520b vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="E:\Software_Download\ashampoo_burning_studio_6_free_6.80_3639.exe" sh=1D4DD4523492EDC59753D2F328BF3564A9390EA4 ft=1 fh=ec458d8c372fafe5 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="E:\Software_Download\ashampoo_burning_studio_6_free_6.80_4312.exe" sh=6E46A0A077930B1B9D25C3105F629D399CB8EBD1 ft=1 fh=88cd3388df6e5029 vn="Win32/Adware.Toolbar.Shopper Anwendung" ac=I fn="E:\Software_Download\Software\Software_alt\Software_PC\Office 2007\daemon4123-lite.exe" sh=2CA1645D010A152C0EF078EE1BF030EDAD769E87 ft=1 fh=e1911fa5d7bfc39e vn="Win32/Adware.WildTangent Anwendung" ac=I fn="E:\Software_Download\Software\Software_alt\Software_PC\Spiele\speedway.exe" sh=5D6CD79906F9D07265D40AFB9E47B64016F5BD17 ft=1 fh=b11019cacfc333e5 vn="Win32/Adware.WildTangent Anwendung" ac=I fn="E:\Software_Download\Software\Software_alt\Software_PC\Spiele\tlboxing.exe" sh=B69FF71CC2986E88C54E30CC611EAE26CA9B583F ft=1 fh=1b539b36dba40fb3 vn="Win32/Adware.WildTangent Anwendung" ac=I fn="E:\Software_Download\Software\Software_alt\Software_PC\Spiele\trackmeet.exe" sh=6E46A0A077930B1B9D25C3105F629D399CB8EBD1 ft=1 fh=88cd3388df6e5029 vn="Win32/Adware.Toolbar.Shopper Anwendung" ac=I fn="G:\BMW_Notebook_20121212\Datensicherung_Laptop BMW\Festplatte alt\Desktop\Zwischenablage\Office 2007\daemon4123-lite.exe" sh=450BC07BDF16426A927CFDCF6952C70D8CE5E9F5 ft=1 fh=c6a73bdcdf60520b vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="G:\Software\Software_Download\ashampoo_burning_studio_6_free_6.80_3639.exe" sh=1D4DD4523492EDC59753D2F328BF3564A9390EA4 ft=1 fh=ec458d8c372fafe5 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="G:\Software\Software_Download\ashampoo_burning_studio_6_free_6.80_4312.exe" sh=6E46A0A077930B1B9D25C3105F629D399CB8EBD1 ft=1 fh=88cd3388df6e5029 vn="Win32/Adware.Toolbar.Shopper Anwendung" ac=I fn="G:\Software\Software_Download\Software\Software_alt\Software_PC\Office 2007\daemon4123-lite.exe" sh=2CA1645D010A152C0EF078EE1BF030EDAD769E87 ft=1 fh=e1911fa5d7bfc39e vn="Win32/Adware.WildTangent Anwendung" ac=I fn="G:\Software\Software_Download\Software\Software_alt\Software_PC\Spiele\speedway.exe" sh=5D6CD79906F9D07265D40AFB9E47B64016F5BD17 ft=1 fh=b11019cacfc333e5 vn="Win32/Adware.WildTangent Anwendung" ac=I fn="G:\Software\Software_Download\Software\Software_alt\Software_PC\Spiele\tlboxing.exe" sh=B69FF71CC2986E88C54E30CC611EAE26CA9B583F ft=1 fh=1b539b36dba40fb3 vn="Win32/Adware.WildTangent Anwendung" ac=I fn="G:\Software\Software_Download\Software\Software_alt\Software_PC\Spiele\trackmeet.exe" |
23.12.2014, 23:17 | #11 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Browser öffnen mit "www.delta-homes.com" Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Users\Josef\Downloads\IDM2-Win-EN.exe C:\Windows\Temp\BEAF8266-AE64-40A2-BF8D-99F4FB145C26n.exe E:\Datensicherung_Sepp\Josef Reiseck\AppData\Local\Babylon\Setup\BExternal.dll E:\Datensicherung_Sepp\Josef Reiseck\AppData\Local\Babylon\Setup\IECookieLow.dll E:\Datensicherung_Sepp\Josef Reiseck\AppData\Local\Babylon\Setup\MyBabylonTB.exe E:\Datensicherung_Sepp\Josef Reiseck\AppData\Local\Babylon\Setup\Setup.exe E:\Datensicherung_Sepp\Josef Reiseck\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.4_0\back.js E:\Datensicherung_Sepp\Josef Reiseck\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.4_0\yl.js E:\Datensicherung_Sepp\Josef Reiseck\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx E:\Datensicherung_Sepp\Josef Reiseck\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetNT.crx E:\Datensicherung_Sepp\Josef Reiseck\AppData\Local\Temp\9003.exe E:\Datensicherung_Sepp\Josef Reiseck\AppData\Roaming\Complitly\Complitly.dll E:\Datensicherung_Sepp\Josef Reiseck\AppData\Roaming\Complitly\KeepMeUpdated.exe E:\Datensicherung_Sepp\Josef Reiseck\AppData\Roaming\Complitly\64\Complitly64.dll E:\Datensicherung_Sepp\Josef Reiseck\AppData\Roaming\Complitly\64\KeepMeUpdated.exe E:\Datensicherung_Sepp\Josef Reiseck\AppData\Roaming\OpenCandy\514EC4010C364E19A0B492813AAFBEF7\Softonic_chr_p1v6.exe E:\Datensicherung_Sepp\Josef Reiseck\Desktop\Software\Software_alt\Software_PC\BOM_Bietsoftware.exe E:\Datensicherung_Sepp\Josef Reiseck\Desktop\Software\Software_alt\Software_PC\Office 2007\daemon4123-lite.exe E:\Datensicherung_Sepp\Josef Reiseck\Desktop\Software\Software_alt\Software_PC\Spiele\speedway.exe E:\Datensicherung_Sepp\Josef Reiseck\Desktop\Software\Software_alt\Software_PC\Spiele\tlboxing.exe E:\Datensicherung_Sepp\Josef Reiseck\Desktop\Software\Software_alt\Software_PC\Spiele\trackmeet.exe E:\Datensicherung_Sepp\Josef Reiseck\Downloads\ashampoo_burning_studio_6_free_6.80_3639.exe E:\Datensicherung_Sepp\Josef Reiseck\Downloads\ashampoo_burning_studio_6_free_6.80_4312.exe E:\Datensicherung_Sepp\Josef Reiseck\Downloads\ashampoo_photo_commander_7_7.60_7659[1] E:\Datensicherung_Sepp\Josef Reiseck\Downloads\ashampoo_photo_commander_7_7\ashampoo_photo_commander_7_7.60_7659[1] E:\Datensicherung_Sepp\Josef Reiseck\Downloads\LG KS20\Elf_1.exe E:\Datensicherung_Sepp\Josef Reiseck\Dropbox (Alt)\Public\FritzRePass1.20-U3.zip E:\Software_Download\ashampoo_burning_studio_6_free_6.80_3639.exe E:\Software_Download\ashampoo_burning_studio_6_free_6.80_4312.exe E:\Software_Download\Software\Software_alt\Software_PC\Office 2007\daemon4123-lite.exe E:\Software_Download\Software\Software_alt\Software_PC\Spiele\speedway.exe E:\Software_Download\Software\Software_alt\Software_PC\Spiele\tlboxing.exe E:\Software_Download\Software\Software_alt\Software_PC\Spiele\trackmeet.exe G:\BMW_Notebook_20121212\Datensicherung_Laptop BMW\Festplatte alt\Desktop\Zwischenablage\Office 2007\daemon4123-lite.exe G:\Software\Software_Download\ashampoo_burning_studio_6_free_6.80_3639.exe G:\Software\Software_Download\ashampoo_burning_studio_6_free_6.80_4312.exe G:\Software\Software_Download\Software\Software_alt\Software_PC\Office 2007\daemon4123-lite.exe G:\Software\Software_Download\Software\Software_alt\Software_PC\Spiele\speedway.exe G:\Software\Software_Download\Software\Software_alt\Software_PC\Spiele\tlboxing.exe G:\Software\Software_Download\Software\Software_alt\Software_PC\Spiele\trackmeet.exe EmptyTemp: Hosts: Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ Logfiles bitte immer in CODE-Tags posten |
24.12.2014, 10:39 | #12 |
| Browser öffnen mit "www.delta-homes.com"Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-12-2014 Ran by Josef at 2014-12-24 10:21:18 Run:1 Running from C:\Users\Josef\Desktop\Trojanerboard Loaded Profile: Josef (Available profiles: Josef) Boot Mode: Normal ============================================== Content of fixlist: ***************** C:\Users\Josef\Downloads\IDM2-Win-EN.exe C:\Windows\Temp\BEAF8266-AE64-40A2-BF8D-99F4FB145C26n.exe E:\Datensicherung_Sepp\Josef Reiseck\AppData\Local\Babylon\Setup\BExternal.dll E:\Datensicherung_Sepp\Josef Reiseck\AppData\Local\Babylon\Setup\IECookieLow.dll E:\Datensicherung_Sepp\Josef Reiseck\AppData\Local\Babylon\Setup\MyBabylonTB.exe E:\Datensicherung_Sepp\Josef Reiseck\AppData\Local\Babylon\Setup\Setup.exe E:\Datensicherung_Sepp\Josef Reiseck\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.4_0\back.js E:\Datensicherung_Sepp\Josef Reiseck\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.4_0\yl.js E:\Datensicherung_Sepp\Josef Reiseck\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx E:\Datensicherung_Sepp\Josef Reiseck\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetNT.crx E:\Datensicherung_Sepp\Josef Reiseck\AppData\Local\Temp\9003.exe E:\Datensicherung_Sepp\Josef Reiseck\AppData\Roaming\Complitly\Complitly.dll E:\Datensicherung_Sepp\Josef Reiseck\AppData\Roaming\Complitly\KeepMeUpdated.exe E:\Datensicherung_Sepp\Josef Reiseck\AppData\Roaming\Complitly\64\Complitly64.dll E:\Datensicherung_Sepp\Josef Reiseck\AppData\Roaming\Complitly\64\KeepMeUpdated.exe E:\Datensicherung_Sepp\Josef Reiseck\AppData\Roaming\OpenCandy\514EC4010C364E19A0B492813AAFBEF7\Softonic_chr_p1v6.exe E:\Datensicherung_Sepp\Josef Reiseck\Desktop\Software\Software_alt\Software_PC\BOM_Bietsoftware.exe E:\Datensicherung_Sepp\Josef Reiseck\Desktop\Software\Software_alt\Software_PC\Office 2007\daemon4123-lite.exe E:\Datensicherung_Sepp\Josef Reiseck\Desktop\Software\Software_alt\Software_PC\Spiele\speedway.exe E:\Datensicherung_Sepp\Josef Reiseck\Desktop\Software\Software_alt\Software_PC\Spiele\tlboxing.exe E:\Datensicherung_Sepp\Josef Reiseck\Desktop\Software\Software_alt\Software_PC\Spiele\trackmeet.exe E:\Datensicherung_Sepp\Josef Reiseck\Downloads\ashampoo_burning_studio_6_free_6.80_3639.exe E:\Datensicherung_Sepp\Josef Reiseck\Downloads\ashampoo_burning_studio_6_free_6.80_4312.exe E:\Datensicherung_Sepp\Josef Reiseck\Downloads\ashampoo_photo_commander_7_7.60_7659[1] E:\Datensicherung_Sepp\Josef Reiseck\Downloads\ashampoo_photo_commander_7_7\ashampoo_photo_commander_7_7.60_7659[1] E:\Datensicherung_Sepp\Josef Reiseck\Downloads\LG KS20\Elf_1.exe E:\Datensicherung_Sepp\Josef Reiseck\Dropbox (Alt)\Public\FritzRePass1.20-U3.zip E:\Software_Download\ashampoo_burning_studio_6_free_6.80_3639.exe E:\Software_Download\ashampoo_burning_studio_6_free_6.80_4312.exe E:\Software_Download\Software\Software_alt\Software_PC\Office 2007\daemon4123-lite.exe E:\Software_Download\Software\Software_alt\Software_PC\Spiele\speedway.exe E:\Software_Download\Software\Software_alt\Software_PC\Spiele\tlboxing.exe E:\Software_Download\Software\Software_alt\Software_PC\Spiele\trackmeet.exe G:\BMW_Notebook_20121212\Datensicherung_Laptop BMW\Festplatte alt\Desktop\Zwischenablage\Office 2007\daemon4123-lite.exe G:\Software\Software_Download\ashampoo_burning_studio_6_free_6.80_3639.exe G:\Software\Software_Download\ashampoo_burning_studio_6_free_6.80_4312.exe G:\Software\Software_Download\Software\Software_alt\Software_PC\Office 2007\daemon4123-lite.exe G:\Software\Software_Download\Software\Software_alt\Software_PC\Spiele\speedway.exe G:\Software\Software_Download\Software\Software_alt\Software_PC\Spiele\tlboxing.exe G:\Software\Software_Download\Software\Software_alt\Software_PC\Spiele\trackmeet.exe EmptyTemp: Hosts: ***************** C:\Users\Josef\Downloads\IDM2-Win-EN.exe => Moved successfully. C:\Windows\Temp\BEAF8266-AE64-40A2-BF8D-99F4FB145C26n.exe => Moved successfully. E:\Datensicherung_Sepp\Josef Reiseck\AppData\Local\Babylon\Setup\BExternal.dll => Moved successfully. E:\Datensicherung_Sepp\Josef Reiseck\AppData\Local\Babylon\Setup\IECookieLow.dll => Moved successfully. E:\Datensicherung_Sepp\Josef Reiseck\AppData\Local\Babylon\Setup\MyBabylonTB.exe => Moved successfully. E:\Datensicherung_Sepp\Josef Reiseck\AppData\Local\Babylon\Setup\Setup.exe => Moved successfully. E:\Datensicherung_Sepp\Josef Reiseck\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.4_0\back.js => Moved successfully. E:\Datensicherung_Sepp\Josef Reiseck\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.4_0\yl.js => Moved successfully. E:\Datensicherung_Sepp\Josef Reiseck\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx => Moved successfully. E:\Datensicherung_Sepp\Josef Reiseck\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetNT.crx => Moved successfully. E:\Datensicherung_Sepp\Josef Reiseck\AppData\Local\Temp\9003.exe => Moved successfully. E:\Datensicherung_Sepp\Josef Reiseck\AppData\Roaming\Complitly\Complitly.dll => Moved successfully. E:\Datensicherung_Sepp\Josef Reiseck\AppData\Roaming\Complitly\KeepMeUpdated.exe => Moved successfully. E:\Datensicherung_Sepp\Josef Reiseck\AppData\Roaming\Complitly\64\Complitly64.dll => Moved successfully. E:\Datensicherung_Sepp\Josef Reiseck\AppData\Roaming\Complitly\64\KeepMeUpdated.exe => Moved successfully. E:\Datensicherung_Sepp\Josef Reiseck\AppData\Roaming\OpenCandy\514EC4010C364E19A0B492813AAFBEF7\Softonic_chr_p1v6.exe => Moved successfully. E:\Datensicherung_Sepp\Josef Reiseck\Desktop\Software\Software_alt\Software_PC\BOM_Bietsoftware.exe => Moved successfully. E:\Datensicherung_Sepp\Josef Reiseck\Desktop\Software\Software_alt\Software_PC\Office 2007\daemon4123-lite.exe => Moved successfully. E:\Datensicherung_Sepp\Josef Reiseck\Desktop\Software\Software_alt\Software_PC\Spiele\speedway.exe => Moved successfully. E:\Datensicherung_Sepp\Josef Reiseck\Desktop\Software\Software_alt\Software_PC\Spiele\tlboxing.exe => Moved successfully. E:\Datensicherung_Sepp\Josef Reiseck\Desktop\Software\Software_alt\Software_PC\Spiele\trackmeet.exe => Moved successfully. E:\Datensicherung_Sepp\Josef Reiseck\Downloads\ashampoo_burning_studio_6_free_6.80_3639.exe => Moved successfully. E:\Datensicherung_Sepp\Josef Reiseck\Downloads\ashampoo_burning_studio_6_free_6.80_4312.exe => Moved successfully. E:\Datensicherung_Sepp\Josef Reiseck\Downloads\ashampoo_photo_commander_7_7.60_7659[1] => Moved successfully. E:\Datensicherung_Sepp\Josef Reiseck\Downloads\ashampoo_photo_commander_7_7\ashampoo_photo_commander_7_7.60_7659[1] => Moved successfully. E:\Datensicherung_Sepp\Josef Reiseck\Downloads\LG KS20\Elf_1.exe => Moved successfully. E:\Datensicherung_Sepp\Josef Reiseck\Dropbox (Alt)\Public\FritzRePass1.20-U3.zip => Moved successfully. E:\Software_Download\ashampoo_burning_studio_6_free_6.80_3639.exe => Moved successfully. E:\Software_Download\ashampoo_burning_studio_6_free_6.80_4312.exe => Moved successfully. E:\Software_Download\Software\Software_alt\Software_PC\Office 2007\daemon4123-lite.exe => Moved successfully. E:\Software_Download\Software\Software_alt\Software_PC\Spiele\speedway.exe => Moved successfully. E:\Software_Download\Software\Software_alt\Software_PC\Spiele\tlboxing.exe => Moved successfully. E:\Software_Download\Software\Software_alt\Software_PC\Spiele\trackmeet.exe => Moved successfully. "G:\BMW_Notebook_20121212\Datensicherung_Laptop BMW\Festplatte alt\Desktop\Zwischenablage\Office 2007\daemon4123-lite.exe" => File/Directory not found. "G:\Software\Software_Download\ashampoo_burning_studio_6_free_6.80_3639.exe" => File/Directory not found. "G:\Software\Software_Download\ashampoo_burning_studio_6_free_6.80_4312.exe" => File/Directory not found. "G:\Software\Software_Download\Software\Software_alt\Software_PC\Office 2007\daemon4123-lite.exe" => File/Directory not found. "G:\Software\Software_Download\Software\Software_alt\Software_PC\Spiele\speedway.exe" => File/Directory not found. "G:\Software\Software_Download\Software\Software_alt\Software_PC\Spiele\tlboxing.exe" => File/Directory not found. "G:\Software\Software_Download\Software\Software_alt\Software_PC\Spiele\trackmeet.exe" => File/Directory not found. "C:\Windows\System32\Drivers\etc\hosts" => Could not move. Could not reset Hosts. EmptyTemp: => Removed 889.7 MB temporary data. The system needed a reboot. ==== End of Fixlog 10:24:03 ==== |
24.12.2014, 16:42 | #13 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Browser öffnen mit "www.delta-homes.com" Virenscanner deaktivieren und den Fix bitte wiederholen
__________________ Logfiles bitte immer in CODE-Tags posten |
24.12.2014, 17:25 | #14 |
| Browser öffnen mit "www.delta-homes.com"Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-12-2014 Ran by Josef at 2014-12-24 17:15:38 Run:3 Running from C:\Users\Josef\Desktop\Trojanerboard Loaded Profile: Josef (Available profiles: Josef) Boot Mode: Normal ============================================== Content of fixlist: ***************** C:\Users\Josef\Downloads\IDM2-Win-EN.exe C:\Windows\Temp\BEAF8266-AE64-40A2-BF8D-99F4FB145C26n.exe E:\Datensicherung_Sepp\Josef Reiseck\AppData\Local\Babylon\Setup\BExternal.dll E:\Datensicherung_Sepp\Josef Reiseck\AppData\Local\Babylon\Setup\IECookieLow.dll E:\Datensicherung_Sepp\Josef Reiseck\AppData\Local\Babylon\Setup\MyBabylonTB.exe E:\Datensicherung_Sepp\Josef Reiseck\AppData\Local\Babylon\Setup\Setup.exe E:\Datensicherung_Sepp\Josef Reiseck\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.4_0\back.js E:\Datensicherung_Sepp\Josef Reiseck\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.4_0\yl.js E:\Datensicherung_Sepp\Josef Reiseck\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx E:\Datensicherung_Sepp\Josef Reiseck\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetNT.crx E:\Datensicherung_Sepp\Josef Reiseck\AppData\Local\Temp\9003.exe E:\Datensicherung_Sepp\Josef Reiseck\AppData\Roaming\Complitly\Complitly.dll E:\Datensicherung_Sepp\Josef Reiseck\AppData\Roaming\Complitly\KeepMeUpdated.exe E:\Datensicherung_Sepp\Josef Reiseck\AppData\Roaming\Complitly\64\Complitly64.dll E:\Datensicherung_Sepp\Josef Reiseck\AppData\Roaming\Complitly\64\KeepMeUpdated.exe E:\Datensicherung_Sepp\Josef Reiseck\AppData\Roaming\OpenCandy\514EC4010C364E19A0B492813AAFBEF7\Softonic_chr_p1v6.exe E:\Datensicherung_Sepp\Josef Reiseck\Desktop\Software\Software_alt\Software_PC\BOM_Bietsoftware.exe E:\Datensicherung_Sepp\Josef Reiseck\Desktop\Software\Software_alt\Software_PC\Office 2007\daemon4123-lite.exe E:\Datensicherung_Sepp\Josef Reiseck\Desktop\Software\Software_alt\Software_PC\Spiele\speedway.exe E:\Datensicherung_Sepp\Josef Reiseck\Desktop\Software\Software_alt\Software_PC\Spiele\tlboxing.exe E:\Datensicherung_Sepp\Josef Reiseck\Desktop\Software\Software_alt\Software_PC\Spiele\trackmeet.exe E:\Datensicherung_Sepp\Josef Reiseck\Downloads\ashampoo_burning_studio_6_free_6.80_3639.exe E:\Datensicherung_Sepp\Josef Reiseck\Downloads\ashampoo_burning_studio_6_free_6.80_4312.exe E:\Datensicherung_Sepp\Josef Reiseck\Downloads\ashampoo_photo_commander_7_7.60_7659[1] E:\Datensicherung_Sepp\Josef Reiseck\Downloads\ashampoo_photo_commander_7_7\ashampoo_photo_commander_7_7.60_7659[1] E:\Datensicherung_Sepp\Josef Reiseck\Downloads\LG KS20\Elf_1.exe E:\Datensicherung_Sepp\Josef Reiseck\Dropbox (Alt)\Public\FritzRePass1.20-U3.zip E:\Software_Download\ashampoo_burning_studio_6_free_6.80_3639.exe E:\Software_Download\ashampoo_burning_studio_6_free_6.80_4312.exe E:\Software_Download\Software\Software_alt\Software_PC\Office 2007\daemon4123-lite.exe E:\Software_Download\Software\Software_alt\Software_PC\Spiele\speedway.exe E:\Software_Download\Software\Software_alt\Software_PC\Spiele\tlboxing.exe E:\Software_Download\Software\Software_alt\Software_PC\Spiele\trackmeet.exe G:\BMW_Notebook_20121212\Datensicherung_Laptop BMW\Festplatte alt\Desktop\Zwischenablage\Office 2007\daemon4123-lite.exe G:\Software\Software_Download\ashampoo_burning_studio_6_free_6.80_3639.exe G:\Software\Software_Download\ashampoo_burning_studio_6_free_6.80_4312.exe G:\Software\Software_Download\Software\Software_alt\Software_PC\Office 2007\daemon4123-lite.exe G:\Software\Software_Download\Software\Software_alt\Software_PC\Spiele\speedway.exe G:\Software\Software_Download\Software\Software_alt\Software_PC\Spiele\tlboxing.exe G:\Software\Software_Download\Software\Software_alt\Software_PC\Spiele\trackmeet.exe EmptyTemp: Hosts: ***************** "C:\Users\Josef\Downloads\IDM2-Win-EN.exe" => File/Directory not found. "C:\Windows\Temp\BEAF8266-AE64-40A2-BF8D-99F4FB145C26n.exe" => File/Directory not found. "E:\Datensicherung_Sepp\Josef Reiseck\AppData\Local\Babylon\Setup\BExternal.dll" => File/Directory not found. "E:\Datensicherung_Sepp\Josef Reiseck\AppData\Local\Babylon\Setup\IECookieLow.dll" => File/Directory not found. "E:\Datensicherung_Sepp\Josef Reiseck\AppData\Local\Babylon\Setup\MyBabylonTB.exe" => File/Directory not found. "E:\Datensicherung_Sepp\Josef Reiseck\AppData\Local\Babylon\Setup\Setup.exe" => File/Directory not found. "E:\Datensicherung_Sepp\Josef Reiseck\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.4_0\back.js" => File/Directory not found. "E:\Datensicherung_Sepp\Josef Reiseck\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.4_0\yl.js" => File/Directory not found. "E:\Datensicherung_Sepp\Josef Reiseck\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx" => File/Directory not found. "E:\Datensicherung_Sepp\Josef Reiseck\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetNT.crx" => File/Directory not found. "E:\Datensicherung_Sepp\Josef Reiseck\AppData\Local\Temp\9003.exe" => File/Directory not found. "E:\Datensicherung_Sepp\Josef Reiseck\AppData\Roaming\Complitly\Complitly.dll" => File/Directory not found. "E:\Datensicherung_Sepp\Josef Reiseck\AppData\Roaming\Complitly\KeepMeUpdated.exe" => File/Directory not found. "E:\Datensicherung_Sepp\Josef Reiseck\AppData\Roaming\Complitly\64\Complitly64.dll" => File/Directory not found. "E:\Datensicherung_Sepp\Josef Reiseck\AppData\Roaming\Complitly\64\KeepMeUpdated.exe" => File/Directory not found. "E:\Datensicherung_Sepp\Josef Reiseck\AppData\Roaming\OpenCandy\514EC4010C364E19A0B492813AAFBEF7\Softonic_chr_p1v6.exe" => File/Directory not found. "E:\Datensicherung_Sepp\Josef Reiseck\Desktop\Software\Software_alt\Software_PC\BOM_Bietsoftware.exe" => File/Directory not found. "E:\Datensicherung_Sepp\Josef Reiseck\Desktop\Software\Software_alt\Software_PC\Office 2007\daemon4123-lite.exe" => File/Directory not found. "E:\Datensicherung_Sepp\Josef Reiseck\Desktop\Software\Software_alt\Software_PC\Spiele\speedway.exe" => File/Directory not found. "E:\Datensicherung_Sepp\Josef Reiseck\Desktop\Software\Software_alt\Software_PC\Spiele\tlboxing.exe" => File/Directory not found. "E:\Datensicherung_Sepp\Josef Reiseck\Desktop\Software\Software_alt\Software_PC\Spiele\trackmeet.exe" => File/Directory not found. "E:\Datensicherung_Sepp\Josef Reiseck\Downloads\ashampoo_burning_studio_6_free_6.80_3639.exe" => File/Directory not found. "E:\Datensicherung_Sepp\Josef Reiseck\Downloads\ashampoo_burning_studio_6_free_6.80_4312.exe" => File/Directory not found. "E:\Datensicherung_Sepp\Josef Reiseck\Downloads\ashampoo_photo_commander_7_7.60_7659[1]" => File/Directory not found. "E:\Datensicherung_Sepp\Josef Reiseck\Downloads\ashampoo_photo_commander_7_7\ashampoo_photo_commander_7_7.60_7659[1]" => File/Directory not found. "E:\Datensicherung_Sepp\Josef Reiseck\Downloads\LG KS20\Elf_1.exe" => File/Directory not found. "E:\Datensicherung_Sepp\Josef Reiseck\Dropbox (Alt)\Public\FritzRePass1.20-U3.zip" => File/Directory not found. "E:\Software_Download\ashampoo_burning_studio_6_free_6.80_3639.exe" => File/Directory not found. "E:\Software_Download\ashampoo_burning_studio_6_free_6.80_4312.exe" => File/Directory not found. "E:\Software_Download\Software\Software_alt\Software_PC\Office 2007\daemon4123-lite.exe" => File/Directory not found. "E:\Software_Download\Software\Software_alt\Software_PC\Spiele\speedway.exe" => File/Directory not found. "E:\Software_Download\Software\Software_alt\Software_PC\Spiele\tlboxing.exe" => File/Directory not found. "E:\Software_Download\Software\Software_alt\Software_PC\Spiele\trackmeet.exe" => File/Directory not found. G:\BMW_Notebook_20121212\Datensicherung_Laptop BMW\Festplatte alt\Desktop\Zwischenablage\Office 2007\daemon4123-lite.exe => Moved successfully. G:\Software\Software_Download\ashampoo_burning_studio_6_free_6.80_3639.exe => Moved successfully. G:\Software\Software_Download\ashampoo_burning_studio_6_free_6.80_4312.exe => Moved successfully. G:\Software\Software_Download\Software\Software_alt\Software_PC\Office 2007\daemon4123-lite.exe => Moved successfully. G:\Software\Software_Download\Software\Software_alt\Software_PC\Spiele\speedway.exe => Moved successfully. G:\Software\Software_Download\Software\Software_alt\Software_PC\Spiele\tlboxing.exe => Moved successfully. G:\Software\Software_Download\Software\Software_alt\Software_PC\Spiele\trackmeet.exe => Moved successfully. C:\Windows\System32\Drivers\etc\hosts => Moved successfully. Hosts was reset successfully. EmptyTemp: => Removed 2.4 MB temporary data. The system needed a reboot. ==== End of Fixlog 17:15:43 ==== |
24.12.2014, 17:50 | #15 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Browser öffnen mit "www.delta-homes.com" Sieht soweit ok aus Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) empfehle ich die Erweiterung Ghostery, diese verhindert weitgehend Usertracking bzw. das Anzeigen von Werbebannern. Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |