| |
| |||||||
Log-Analyse und Auswertung: Chrome Browser öffnet fensterWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
23.12.2014, 09:58
| #1 |
 |  Chrome Browser öffnet fenster Seit einiger zeit öffnet chrom browser sebstständig werbe fenster.Dachte zuerst nur bei facebook.Virenscanner avira kann nichts finden.Hoffe Ihr könnt mir Helfen  Wollte den logfile posten.Mein editor hat keine zeichen.geht nur Datei- Bearbeiten-Format-Ansicht-? Geändert von Klarta (23.12.2014 um 10:15 Uhr) |
|
23.12.2014, 11:17
| #2 |
| /// the machine /// TB-Ausbilder    | Chrome Browser öffnet fenster hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
24.12.2014, 08:45
| #3 |
| | Chrome Browser öffnet fenster FRST Logfile:
__________________FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-12-2014 01
Ran by Tom (administrator) on TOM on 23-12-2014 09:24:53
Running from C:\Users\Klammer Tom\Downloads
Loaded Profile:Tom (Available profiles: Tom & Babsi & Gast)
Platform: Microsoft Windows 7 Home Premium (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(MS) C:\Program Files\LSM\aus.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\avmike.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\certsrv.exe
(Fitbit, Inc.) C:\Program Files\Fitbit Connect\FitbitConnectService.exe
(MS) C:\Program Files\LSM\lsm.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe
(Sony Corporation) C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
() C:\Program Files\Wyse\PocketCloud Windows Companion\PocketCloudService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(MS) C:\Program Files\LSM\lsm.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Fitbit, Inc.) C:\Program Files\Fitbit Connect\Fitbit Connect.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(Sony Corporation) C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Google Inc.) C:\Users\Klammer Tom\AppData\Local\Google\Chrome\Application\chrome.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(Samsung) C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Google Inc.) C:\Users\Klammer Tom\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Klammer Tom\AppData\Local\Google\Chrome\Application\chrome.exe
(Siemens IT Solutions and Services GmbH) C:\Program Files\Siemens\CardOS API\bin\siecacst.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Google Inc.) C:\Users\Klammer Tom\AppData\Local\Google\Chrome\Application\chrome.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Users\Klammer Tom\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Klammer Tom\AppData\Local\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Users\Klammer Tom\AppData\Local\Google\Chrome\Application\chrome.exe
(Google) C:\Users\Klammer Tom\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
(Google Inc.) C:\Users\Klammer Tom\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Klammer Tom\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Klammer Tom\AppData\Local\Google\Chrome\Application\chrome.exe
() C:\Users\Klammer Tom\Downloads\Defogger.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8555040 2010-04-07] (Realtek Semiconductor)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-05-27] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [Fitbit Connect] => C:\Program Files\Fitbit Connect\Fitbit Connect.exe [3093024 2013-02-25] (Fitbit, Inc.)
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-04-15] (DivX, LLC)
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] ()
HKLM\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311152 2013-09-04] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [PMBVolumeWatcher] => C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe [740888 2013-04-24] (Sony Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1212480921-3000280771-3724376844-1001\...\Run: [Google Update] => C:\Users\Klammer Tom\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-18] (Google Inc.)
HKU\S-1-5-21-1212480921-3000280771-3724376844-1001\...\Run: [Fitbit Connect] => C:\Program Files\Fitbit Connect\Fitbit Connect.exe [3093024 2013-02-25] (Fitbit, Inc.)
HKU\S-1-5-21-1212480921-3000280771-3724376844-1001\...\Run: [7458D9638A71E4DCC1B6741438512A391BC80893._service_run] => C:\Users\Klammer Tom\AppData\Local\Google\Chrome\Application\chrome.exe [856904 2014-12-06] (Google Inc.)
HKU\S-1-5-21-1212480921-3000280771-3724376844-1001\...\Run: [KiesPreload] => C:\Program Files\Samsung\Kies\Kies.exe [1564528 2013-09-04] (Samsung)
HKU\S-1-5-21-1212480921-3000280771-3724376844-1001\...\Run: [KiesAirMessage] => C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup
HKU\S-1-5-21-1212480921-3000280771-3724376844-1001\...\Run: [] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-09-04] (Samsung)
HKU\S-1-5-21-1212480921-3000280771-3724376844-1001\...\Run: [GoogleChromeAutoLaunch_1258C2E50858114A6758F2E90A1B01AA] => C:\Users\Klammer Tom\AppData\Local\Google\Chrome\Application\chrome.exe [856904 2014-12-06] (Google Inc.)
HKU\S-1-5-21-1212480921-3000280771-3724376844-1001\...\MountPoints2: {56cf7e1e-3356-11e1-8c09-6c626d5e6893} - G:\autorun.exe /s
HKU\S-1-5-21-1212480921-3000280771-3724376844-1001\...\MountPoints2: {c58e0713-950e-11e2-b41a-6c626d5e6893} - F:\Startme.exe
HKU\S-1-5-21-1212480921-3000280771-3724376844-1001\...\MountPoints2: {dc0d4083-128a-11e1-8cb8-6c626d5e6893} - F:\autorun.exe /s
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CardOS API.lnk
ShortcutTarget: CardOS API.lnk -> C:\Program Files\Siemens\CardOS API\bin\siecacst.exe (Siemens IT Solutions and Services GmbH)
ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlOLmKF8AQeX1uQ_lptDURdxlE1786D-JcfAN0BZpoxwLfcd_VGjx_pwznmpfgTJQmOByNV6qjCRyzAiyzIdh7DV7Jxhs_diEFWvxdIKlxDICvIEXVOv1xnYFER614hn4pI_E8Do3SSrw3Q,,&q={searchTerms}
HKU\S-1-5-21-1212480921-3000280771-3724376844-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com
HKU\S-1-5-21-1212480921-3000280771-3724376844-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com/search?q={searchTerms}
SearchScopes: HKU\.DEFAULT -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlOLmKF8AQeX1uQ_lptDURdxlE1786D-JcfAN0BZpoxwLfcd_VGjx_pwznmpfgTJQmOByNV6qjCRyzAiyzIdh7DV7Jxhs_diEFWvxdIKlxDICvIEXVOv1xnYFER614hn4pI_E8Do3SSrw3Q,,&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
BHO: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001 -> No Name - {8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1212480921-3000280771-3724376844-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Klammer Tom\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-1212480921-3000280771-3724376844-1001: @talk.google.com/O1DPlugin -> C:\Users\Klammer Tom\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-1212480921-3000280771-3724376844-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Klammer Tom\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1212480921-3000280771-3724376844-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Klammer Tom\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Klammer Tom\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Klammer Tom\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: Anti-Banner - C:\Program Files\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru [2011-01-19]
FF Extension: Modul zur Link-Untersuchung - C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2011-01-19]
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-05-19]
Chrome:
=======
CHR HomePage: Default -> https://drive.google.com/keep/
CHR StartupUrls: Default -> "https://drive.google.com/keep/", "hxxp://www.google.com/"
CHR DefaultSearchKeyword: Default -> google.com_
CHR DefaultSearchURL: Default -> hxxp://www.google.com/search?q={searchTerms}
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR Profile: C:\Users\Klammer Tom\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Klammer Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-20]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Klammer Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-08]
CHR Extension: (YouTube) - C:\Users\Klammer Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-21]
CHR Extension: (Google-Suche) - C:\Users\Klammer Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-21]
CHR Extension: (Avira Browserschutz) - C:\Users\Klammer Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-08-27]
CHR Extension: (Skype Click to Call) - C:\Users\Klammer Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-06-20]
CHR Extension: (Google Wallet) - C:\Users\Klammer Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-27]
CHR Extension: (Mehr Leistung und Videoformate für dein HTML5 <video>) - C:\Users\Klammer Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2013-06-20]
CHR Extension: (Google Chrome to Phone Extension) - C:\Users\Klammer Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco [2013-06-21]
CHR Extension: (Google Mail) - C:\Users\Klammer Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-21]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-10-10]
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-05-06]
CHR HKU\S-1-5-21-1212480921-3000280771-3724376844-1001\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\KLAMME~1\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-05-04]
CHR StartMenuInternet: Google Chrome - C:\Users\Klammer Tom\AppData\Local\Google\Chrome\Application\chrome.exe
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AUS; C:\Program Files\LSM\aus.exe [287744 2014-02-22] (MS) [File not signed]
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
R2 avmike; C:\Program Files\FRITZ!Fernzugang\avmike.exe [255904 2012-11-28] (AVM Berlin)
R2 certsrv; C:\Program Files\FRITZ!Fernzugang\certsrv.exe [122272 2012-11-28] (AVM Berlin)
R2 Fitbit Connect; C:\Program Files\Fitbit Connect\FitbitConnectService.exe [1239584 2013-02-25] (Fitbit, Inc.) [File not signed]
R2 Log S.M.; C:\Program Files\LSM\lsm.exe [428032 2014-02-22] (MS) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
R2 nwtsrv; C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe [155488 2013-06-10] (AVM Berlin)
R2 PMBDeviceInfoProvider; C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [483864 2013-04-24] (Sony Corporation)
R2 WysePocketCloud; C:\Program Files\Wyse\PocketCloud Windows Companion\PocketCloudService.exe [177056 2012-05-11] () [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 61883; C:\Windows\System32\DRIVERS\61883.sys [46976 2009-07-14] (Microsoft Corporation)
S3 A38CCID; C:\Windows\System32\DRIVERS\a38ccid.sys [38016 2009-12-15] (Advanced Card Systems Ltd.) [File not signed]
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98160 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-08-15] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2014-12-20] (Disc Soft Ltd)
S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [15720 2012-04-18] (GARMIN Corp.)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
S3 HTCAND32; C:\Windows\System32\Drivers\ANDROIDUSB.sys [25088 2009-10-26] (HTC, Corporation) [File not signed]
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
R1 MpKslec2ab5b7; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AC271A2E-ADB2-43DA-ADC9-CBC0DE3907CA}\MpKslec2ab5b7.sys [39464 2014-12-22] (Microsoft Corporation)
R3 NWIM; C:\Windows\System32\DRIVERS\avmnwim.sys [334712 2011-07-05] (AVM Berlin)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [15688 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [10320 2013-09-30] ()
S3 Ser2plx86; C:\Windows\System32\DRIVERS\ser2pl.sys [139776 2013-10-25] (Prolific Technology Inc.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2014-08-15] (Avira GmbH)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [181912 2013-06-05] (DEVGURU Co., LTD.(www.devguru.co.kr))
R3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [186592 2007-06-17] (Jungo)
S1 acnppeaf; No ImagePath
S1 ajvxhtkn; No ImagePath
S1 alrpfdow; No ImagePath
S1 bbckdoel; No ImagePath
S1 blnyluax; No ImagePath
S1 bxvknznz; No ImagePath
S1 calwkyoh; No ImagePath
S1 csouovll; \??\C:\Windows\system32\drivers\csouovll.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S1 eyhmkoxc; No ImagePath
S1 gmcyysxe; \??\C:\Windows\system32\drivers\gmcyysxe.sys [X]
S1 gzovqwlo; No ImagePath
S1 hgrketja; \??\C:\Windows\system32\drivers\hgrketja.sys [X]
S1 hjbaugtf; No ImagePath
S1 hpzcmekn; No ImagePath
S1 idgksizh; \??\C:\Windows\system32\drivers\idgksizh.sys [X]
S1 imxpezof; No ImagePath
S1 iomzqlia; No ImagePath
S1 jhvusnro; No ImagePath
S1 johxzjxo; \??\C:\Windows\system32\drivers\johxzjxo.sys [X]
S1 kixlqqis; \??\C:\Windows\system32\drivers\kixlqqis.sys [X]
S1 kyernmvt; No ImagePath
S1 lmohiqys; \??\C:\Windows\system32\drivers\lmohiqys.sys [X]
S1 lqhtsnyi; \??\C:\Windows\system32\drivers\lqhtsnyi.sys [X]
S1 mohuhjbr; No ImagePath
S1 nbqboypg; No ImagePath
S1 nioyafri; No ImagePath
S3 Profos; No ImagePath
S1 qbtpojbw; \??\C:\Windows\system32\drivers\qbtpojbw.sys [X]
S1 qkhdjhrz; No ImagePath
S1 szfbsrkv; No ImagePath
S1 sztoigbt; No ImagePath
S1 tafkhagl; \??\C:\Windows\system32\drivers\tafkhagl.sys [X]
S1 tzeqybma; \??\C:\Windows\system32\drivers\tzeqybma.sys [X]
S1 wkrcjoqc; \??\C:\Windows\system32\drivers\wkrcjoqc.sys [X]
S1 xbapjmcg; \??\C:\Windows\system32\drivers\xbapjmcg.sys [X]
S1 xetepzfq; No ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-23 09:24 - 2014-12-23 09:26 - 00025028 _____ () C:\Users\Klammer Tom\Downloads\FRST.txt
2014-12-23 09:24 - 2014-12-23 09:25 - 00000000 ____D () C:\FRST
2014-12-23 09:24 - 2014-12-23 09:24 - 01114112 _____ (Farbar) C:\Users\Klammer Tom\Downloads\FRST.exe
2014-12-23 09:20 - 2014-12-23 09:20 - 00000554 _____ () C:\Users\Klammer Tom\Downloads\defogger_disable.log
2014-12-23 09:20 - 2014-12-23 09:20 - 00000156 _____ () C:\Users\Klammer Tom\defogger_reenable
2014-12-23 09:19 - 2014-12-23 09:20 - 00050477 _____ () C:\Users\Klammer Tom\Downloads\Defogger.exe
2014-12-22 13:56 - 2014-12-22 13:56 - 04000729 _____ () C:\Users\Klammer Tom\Downloads\UPDATE-SuperSU-v2.40.zip
2014-12-22 10:39 - 2014-12-22 10:39 - 02015655 _____ () C:\Users\Klammer Tom\Downloads\Trebuchet_i9505_GPe5.zip
2014-12-22 10:37 - 2014-12-22 10:37 - 05395433 _____ () C:\Users\Klammer Tom\Downloads\GoogleDialer_Contacts_Dark_i9505_GPe5(2).zip
2014-12-22 10:36 - 2014-12-22 10:47 - 270120964 _____ () C:\Users\Klammer Tom\Downloads\Danvdh-GPE-5-12172014.zip
2014-12-20 17:12 - 2014-12-20 17:12 - 00000000 _____ () C:\Windows\system32\sho3BFF.tmp
2014-12-20 15:00 - 2014-12-20 15:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-12-20 15:00 - 2014-12-20 15:00 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-12-20 14:43 - 2014-12-20 14:43 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-12-20 13:39 - 2014-12-20 13:39 - 00001563 _____ () C:\Windows\IE11_main.log
2014-12-20 10:32 - 2014-12-20 10:32 - 00347816 _____ (Microsoft Corporation) C:\Users\Klammer Tom\Downloads\Nicht bestätigt 502266.crdownload
2014-12-20 07:31 - 2014-12-20 07:31 - 00001904 _____ () C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2014-12-20 07:30 - 2014-12-20 07:31 - 00000000 ____D () C:\Users\Klammer Tom\AppData\Roaming\DAEMON Tools Lite
2014-12-20 07:30 - 2014-12-20 07:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2014-12-20 07:30 - 2014-12-20 07:30 - 00243128 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys
2014-12-20 07:30 - 2014-12-20 07:30 - 00000000 ____D () C:\Program Files\DAEMON Tools Lite
2014-12-20 07:29 - 2014-12-20 07:32 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
2014-12-20 07:28 - 2014-12-20 07:28 - 13429504 _____ (Disc Soft Ltd) C:\Users\Klammer Tom\Downloads\DTLite4491-0356.exe
2014-12-20 07:14 - 2014-12-20 07:18 - 229638144 _____ () C:\Users\Klammer Tom\Downloads\gparted-live-0.20.0-2-i486.iso
2014-12-16 09:10 - 2014-12-16 09:11 - 00000000 ____D () C:\Users\Klammer Tom\Desktop\XBMC
2014-12-16 08:47 - 2014-12-17 09:05 - 00000411 _____ () C:\Users\Klammer Tom\.swfinfo
2014-12-16 07:33 - 2014-12-20 12:25 - 00000000 ____D () C:\Users\Klammer Tom\AppData\Roaming\XBMC
2014-12-16 07:30 - 2014-12-16 07:36 - 00000000 ____D () C:\Program Files\XBMC
2014-12-16 07:28 - 2014-12-16 07:29 - 63850156 _____ () C:\Users\Klammer Tom\Downloads\xbmc-13.2-Gotham.exe
2014-12-15 12:04 - 2014-12-15 12:04 - 00001099 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-12-14 18:25 - 2014-12-14 18:25 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\Klammer Tom\Downloads\SpyHunter-Installer.exe
2014-12-04 16:37 - 2014-11-20 08:51 - 481361351 ____N () C:\Users\Klammer Tom\Desktop\I9505_-_Official_Google_Edition_4.4.4_by_Jamal2367_Stable-R2 (1).zip
2014-11-26 08:31 - 2014-11-26 08:31 - 01857948 _____ () C:\Users\Klammer Tom\Downloads\enigma2-plugin-extensions-xbmcaddons_8.0_r0_all.ipk
2014-11-25 07:03 - 2014-11-25 07:03 - 07931687 _____ () C:\Users\Klammer Tom\Downloads\XBMCaddon.rar
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-23 09:26 - 2010-10-03 08:19 - 00001144 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1212480921-3000280771-3724376844-1001UA.job
2014-12-23 09:23 - 2010-09-30 09:16 - 02050808 _____ () C:\Windows\WindowsUpdate.log
2014-12-23 09:20 - 2010-09-30 09:24 - 00000000 ____D () C:\Users\Klammer Tom
2014-12-23 08:55 - 2012-09-13 07:50 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-23 08:33 - 2011-04-16 17:33 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1212480921-3000280771-3724376844-1004UA.job
2014-12-23 07:33 - 2011-04-16 17:33 - 00001068 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1212480921-3000280771-3724376844-1004Core.job
2014-12-22 17:42 - 2009-07-14 05:34 - 00018928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-22 17:42 - 2009-07-14 05:34 - 00018928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-22 17:38 - 2009-07-14 05:39 - 00218685 _____ () C:\Windows\setupact.log
2014-12-22 16:26 - 2010-10-03 08:19 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1212480921-3000280771-3724376844-1001Core.job
2014-12-22 10:55 - 2012-09-13 07:50 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-21 15:00 - 2010-06-29 14:26 - 01733494 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-21 14:56 - 2012-03-27 09:58 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-12-21 14:55 - 2010-10-01 07:41 - 00455292 _____ () C:\Windows\PFRO.log
2014-12-21 14:55 - 2010-06-30 09:35 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-12-21 14:55 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-20 15:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-12-20 15:11 - 2012-06-29 17:20 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-20 15:01 - 2011-09-18 15:17 - 00000000 ____D () C:\ProgramData\Skype
2014-12-20 15:00 - 2011-09-18 15:17 - 00000000 ___RD () C:\Program Files\Skype
2014-12-20 14:54 - 2011-03-02 16:34 - 00002057 _____ () C:\Windows\epplauncher.mif
2014-12-20 14:19 - 2012-07-11 07:50 - 00002121 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-12-20 14:19 - 2011-03-02 16:33 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-12-20 14:18 - 2009-07-14 03:04 - 00000478 _____ () C:\Windows\win.ini
2014-12-20 14:11 - 2013-09-27 15:43 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-20 13:53 - 2010-06-30 09:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-20 07:56 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-20 07:24 - 2011-09-03 14:51 - 00000000 ____D () C:\Users\Klammer Tom\AppData\Roaming\ImgBurn
2014-12-15 12:04 - 2014-08-27 06:06 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-15 12:04 - 2014-08-27 06:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-12-15 12:04 - 2014-08-27 06:04 - 00000000 ____D () C:\Program Files\Avira
2014-12-12 02:30 - 2010-10-03 08:20 - 00002396 _____ () C:\Users\Klammer Tom\Desktop\Google Chrome.lnk
2014-11-27 16:40 - 2010-06-30 09:36 - 109818608 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
Some content of TEMP:
====================
C:\Users\Babsi\AppData\Local\Temp\avgnt.exe
C:\Users\Klammer Tom\AppData\Local\Temp\APNStub.exe
C:\Users\Klammer Tom\AppData\Local\Temp\avgnt.exe
C:\Users\Klammer Tom\AppData\Local\Temp\bitool.dll
C:\Users\Klammer Tom\AppData\Local\Temp\DefaultTabSetup2.exe
C:\Users\Klammer Tom\AppData\Local\Temp\FLVPlayerSetup.exe
C:\Users\Klammer Tom\AppData\Local\Temp\FLVPlayerUpdate_downloader_by_FLVPlayerUpdate.exe
C:\Users\Klammer Tom\AppData\Local\Temp\Installer.exe
C:\Users\Klammer Tom\AppData\Local\Temp\iv_uninstall.exe
C:\Users\Klammer Tom\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Klammer Tom\AppData\Local\Temp\Quarantine.exe
C:\Users\Klammer Tom\AppData\Local\Temp\setup.exe
C:\Users\Klammer Tom\AppData\Local\Temp\setup_CandyBox-somoto.exe
C:\Users\Klammer Tom\AppData\Local\Temp\smt_mystartsearch.exe
C:\Users\Klammer Tom\AppData\Local\Temp\smt_qone8.exe
C:\Users\Klammer Tom\AppData\Local\Temp\smt_qone8_new.exe
C:\Users\Klammer Tom\AppData\Local\Temp\Sqlite3.dll
C:\Users\Klammer Tom\AppData\Local\Temp\tbsof0.dll
C:\Users\Klammer Tom\AppData\Local\Temp\uninst1.exe
C:\Users\Klammer Tom\AppData\Local\Temp\UpdateCheckerSetup.exe
C:\Users\Klammer Tom\AppData\Local\Temp\VideoSpin_2_0_Setup.exe
C:\Users\Klammer Tom\AppData\Local\Temp\wajam_install.exe
C:\Users\Klammer Tom\AppData\Local\Temp\_unps.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-12-15 00:07
==================== End Of Log ============================
--- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 22-12-2014 01
Ran by Klammer Tom at 2014-12-23 09:26:33
Running from C:\Users\Klammer Tom\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
ActvMap V 4.7 (HKLM\...\ActvMap V 4.7) (Version: - Your Company)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.7.0.2090 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.7.700.224 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.7.700.224 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.8.638 - Adobe Systems, Inc.)
Apple Application Support (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{BE4AE3A7-190D-BCB8-A953-A708C9E8E8AA}) (Version: 3.0.778.0 - ATI Technologies, Inc.)
Avira (HKLM\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG)
Avira (Version: 1.1.27.25527 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
AVM FRITZ!Fernzugang (HKLM\...\{F2B03BB1-D679-4FFF-951D-3058A669A823}) (Version: 1.3.1 - AVM Berlin)
AZtrinoLoader (HKLM\...\{EAC850A4-5422-4632-9AFC-A33EC41B6F7E}) (Version: 1.1 - OpenSat)
AZUp (HKLM\...\{FBDBE1F0-AED1-496B-BCBA-7E2608D622FC}) (Version: 1.00.0000 - RTi)
Brother BRAdmin Light 1.21.0002 (HKLM\...\{DB75941E-30C4-4D97-B000-D17C764B998C}) (Version: 1.21.0002 - Brother)
Bürgerkarte/Carta Servizi (HKLM\...\{CB610D37-34F7-4D85-AE73-EAA9BE748B4F}) (Version: 1.0.0 - Autonome Provinz Bozen/Provincia Autonoma di Bolzano)
CandyBox (HKLM\...\CandyBox_is1) (Version: - )
Canon Camera DV WIA Driver 6.1.2 (HKLM\...\InstallShield_{4CA5A658-D909-4F52-94FF-A2D02868D9F0}) (Version: 6.1.2 - Canon)
Canon DV WIA Driver (Version: 6.1.2 - Canon) Hidden
CardOS API (HKLM\...\{8E814717-DE49-4A4A-BD12-39102F9C9FD0}) (Version: 3.3.018 - Siemens IT Solutions and Services GmbH)
CAS Interface Studio 9.0.0 (HKLM\...\{198BDA47-7F40-4F2D-9214-07FF720BF39A}) (Version: 9.0.0 - Duolabs)
ccc-core-static (Version: 2010.0527.1242.20909 - ATI) Hidden
CorelDRAW Essentials 4 - Content (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Draw (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Filters (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - ICA (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - IPM - No VBA (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang BR (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang DE (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang EN (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang ES (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang FR (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang IT (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang NL (Version: 4.0 - Uw bedrijfsnaam) Hidden
CorelDRAW Essentials 4 - PHOTO-PAINT (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Windows Shell Extension (HKLM\...\_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}) (Version: - Corel Corporation)
CorelDRAW Essentials 4 - Windows Shell Extension (Version: 1.1 - Corel Corporation) Hidden
CorelDRAW Essentials 4 (HKLM\...\_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}) (Version: - Corel Corporation)
CorelDRAW Essentials 4 (Version: 4.0 - Corel Corporation) Hidden
CyberLink LabelPrint (HKLM\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2515 - CyberLink Corp.)
CyberLink Power2Go (HKLM\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)
CyberLink PowerDVD Copy (HKLM\...\InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}) (Version: 1.5.1306 - CyberLink Corp.)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
DirectVobSub 2.40.4209 (HKLM\...\vsfilter_is1) (Version: 2.40.4209 - MPC-HC Team)
DivX-Setup (HKLM\...\DivX Setup) (Version: 2.6.1.8 - DivX, LLC)
DogSettings Version 1.5.0.1 (HKLM\...\{7A03618C-AD50-4BDC-BA2E-A172A4410C73}_is1) (Version: 1.5.0.1 - DogStrike)
ffdshow v1.1.4399 [2012-03-22] (HKLM\...\ffdshow_is1) (Version: 1.1.4399.0 - )
Fitbit Connect (HKLM\...\Fitbit Connect) (Version: 1.0.0.2578 - Fitbit Inc.)
Fotogalerie (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
FoxyDeal version 1.0.0 (HKLM\...\FoxyDeal_is1) (Version: 1.0.0 - R&E Media GmbH)
Free MP3 Cutter and Editor 2.6 (HKLM\...\Free MP3 Cutter and Editor_is1) (Version: - musetips.com)
FRITZ!Box-Fernzugang einrichten (HKLM\...\{EFADD989-D9F2-49F6-A280-675951CC78D3}) (Version: 1.0.3 - AVM Berlin)
FuzeZip (HKU\S-1-5-21-1212480921-3000280771-3724376844-1001\...\FuzeZip) (Version: 1.0.0.133556 - Koyote-Lab Inc.) <==== ATTENTION
Garmin Communicator Plugin (HKLM\...\{647BB978-2876-487B-9B0E-FDB73F0EA4A2}) (Version: 4.0.4 - Garmin Ltd or its subsidiaries)
Garmin MapSource (HKLM\...\{AFBAB9A0-DDE8-49AE-8C17-A01B61BEE64B}) (Version: 6.16.3 - Garmin Ltd or its subsidiaries)
Garmin Training Center (HKLM\...\{7D542452-84EB-47C0-97BA-735C523AB555}) (Version: 3.6.5 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM\...\{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM\...\{AE1EC58E-B2AC-4959-A4C2-C38202A25239}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries)
GO Contact Sync Mod (HKLM\...\{B805EB38-C9ED-4102-89AA-C1F25F945F57}) (Version: 3.5.17 - WebGear, Create Software, Stru.be, saller.NET)
Google Chrome (HKU\S-1-5-21-1212480921-3000280771-3724376844-1001\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Drive (HKLM\...\{418BAAD1-754D-48B4-B078-46EF4F25AF42}) (Version: 1.15.6556.8063 - Google, Inc.)
Google Talk Plugin (HKLM\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.6.0 - LIGHTNING UK!)
Intel(R) Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.)
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
JDownloader (HKLM\...\JDownloader) (Version: - AppWork UG (haftungsbeschränkt))
Junk Mail filter update (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Medion Home Cinema (HKLM\...\InstallShield_{AB770FDE-8087-4C98-9A85-BD64262C104C}) (Version: 6.0.0000 - CyberLink Corp.)
Medion Home Cinema (Version: 6.0.0000 - CyberLink Corp.) Hidden
Microsoft .NET Framework 1.1 (HKLM\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.0 Language Pack - DEU (HKLM\...\Microsoft Help Viewer 1.0 Language Pack - DEU) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Office 2010 (HKLM\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version: - Microsoft)
Microsoft Office Klick-und-Los 2010 (HKLM\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-1212480921-3000280771-3724376844-1001\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [DEU] (HKLM\...\{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 DEU (HKLM\...\{0125D081-30D0-4A97-82A8-C28D444B6256}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual FoxPro OLE DB Provider (HKLM\...\{3DA245C5-23B1-4874-BFA7-287B7D6C1EF6}) (Version: 1.0.0 - Microsoft Corporation)
miniLector (Version: 3.0.0 - Bit4Id) Hidden
MiniTool Partition Wizard Home Edition 8.1.1 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: - MiniTool Solution Ltd.)
MoneyManagerEX Version 0.9.8.0 (HKLM\...\{2C48DC11-E113-4912-8AFC-366D1918101E}_is1) (Version: 0.9.8.0 - CodeLathe, LLC)
Movie Maker (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
MyPhoneExplorer (HKLM\...\MPE) (Version: 1.8.5 - F.J. Wechselberger)
Photocity Silver 3.2.5.2 (HKLM\...\Photocity Silver_is1) (Version: 3.2.5.2 - Photocity.it)
PL-2303 USB-to-Serial (HKLM\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.7.0 - Prolific Technology INC)
PlayMemories Home (HKLM\...\{0657DE52-8F5C-4073-B70C-ED4F3F7FA076}) (Version: 7.0.03.04240 - Sony Corporation)
PlayReady PC Runtime x86 (HKLM\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
PocketCloud Windows Companion (HKLM\...\{BD8F867A-0ACB-427D-A4F2-9AEE29FBF98B}) (Version: 2.4.19 - Wyse Technology)
PSPad editor (HKLM\...\PSPad editor_is1) (Version: - Jan Fiala)
Qtrax Player (HKLM\...\{89505A66-35F0-4401-B3AD-D077051F8698}) (Version: 01.001.0001 - Qtrax)
Qtrax Player (HKU\S-1-5-21-1212480921-3000280771-3724376844-1001\...\3277153428.portal.qtrax.com) (Version: - portal.qtrax.com)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6083 - Realtek Semiconductor Corp.)
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.3.13052_10 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.5.3.13052_10 - Samsung Electronics Co., Ltd.) Hidden
Samsung Story Album Viewer (HKLM\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.25.0 - SAMSUNG Electronics Co., Ltd.)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.6.8442 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Sony Image Data Suite (HKLM\...\{359FCAA7-B544-4147-AE3B-8C8A526E2427}) (Version: 3.2.00.15160 - Sony Corporation)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TomTom HOME 2.8.3.2499 (HKLM\...\TomTom HOME) (Version: 2.8.3.2499 - TomTom)
TomTom HOME Visual Studio Merge Modules (HKLM\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Total Commander (Remove or Repair) (HKLM\...\Totalcmd) (Version: 7.55a - Ghisler Software GmbH)
Twinbase Manager 2.11 (HKLM\...\{D6FA5A7E-C500-4D00-9F6E-72572A613076}) (Version: 2.1.1 - Duolabs)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Mobile-Gerätecenter (HKLM\...\{904CCF62-818D-4675-BC76-D37EB399F917}) (Version: 6.1.6965.0 - Microsoft Corporation)
WinRAR (HKLM\...\WinRAR archiver) (Version: - )
WinZip 14.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}) (Version: 14.5.9095 - WinZip Computing, S.L. )
XBMC (HKU\S-1-5-21-1212480921-3000280771-3724376844-1001\...\XBMC) (Version: - Team XBMC)
Xvid Video Codec (HKLM\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Klammer Tom\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Klammer Tom\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Klammer Tom\AppData\Local\Google\Update\1.3.25.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Klammer Tom\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Klammer Tom\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Klammer Tom\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\Klammer Tom\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{50BAEED9-ED25-11D2-B97B-000000000000}\InprocServer32 -> C:\Program Files\Common Files\System\ole db\vfpoledb.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{50BAEEDA-ED25-11D2-B97B-000000000000}\InprocServer32 -> C:\Program Files\Common Files\System\ole db\vfpoledb.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{50BAEEDB-ED25-11D2-B97B-000000000000}\InprocServer32 -> C:\Program Files\Common Files\System\ole db\vfpoledb.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Klammer Tom\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\Klammer Tom\AppData\Local\Google\Chrome\Application\39.0.2171.95\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Klammer Tom\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Klammer Tom\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Klammer Tom\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\localserver32 -> C:\Users\Klammer Tom\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Klammer Tom\AppData\Local\Google\Update\1.3.24.15\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\Klammer Tom\AppData\Local\Google\Update\1.3.21.149\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Klammer Tom\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Klammer Tom\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Klammer Tom\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\localserver32 -> C:\Users\Klammer Tom\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\Klammer Tom\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Klammer Tom\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Klammer Tom\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Klammer Tom\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Klammer Tom\AppData\Local\Google\Update\1.3.21.115\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Klammer Tom\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Klammer Tom\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Klammer Tom\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Klammer Tom\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Klammer Tom\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Klammer Tom\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\FileSyncApi.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Klammer Tom\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Klammer Tom\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File
==================== Restore Points =========================
16-12-2014 07:32:19 DirectX wurde installiert
17-12-2014 10:11:34 Windows Update
20-12-2014 07:30:16 Gerätetreiber-Paketinstallation: DT Soft Ltd Systemgeräte
20-12-2014 13:21:12 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:04 - 2014-04-20 17:18 - 00000878 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0C075D54-3C83-47AE-96DC-6D1705C848A4} - \AdobeFlashPlayerUpdate No Task File <==== ATTENTION
Task: {19813342-5F48-4A54-9390-D26920556680} - System32\Tasks\{F2DCD6C3-BF98-489E-B052-01BE7BD554EE} => C:\Program Files\Skype\\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {284CF58D-6BE8-4E41-A012-24361695D8A5} - System32\Tasks\PenWes => C:\Program Files\PenWes\penwes.exe <==== ATTENTION
Task: {330509CC-EE4F-425C-BE40-488C1558A958} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-08-21] (Adobe Systems Incorporated)
Task: {399D78B7-B851-4413-8D40-A6AB8A0ECF99} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1212480921-3000280771-3724376844-1004UA => C:\Users\Babsi\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-29] (Google Inc.)
Task: {4208095E-90B5-493F-B570-F2C2D8A23D89} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2014-10-07] (Oracle Corporation)
Task: {481CA072-544A-47B8-83FA-7A3B64A8ECB2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1212480921-3000280771-3724376844-1001UA => C:\Users\Klammer Tom\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {4869E72E-E196-48D0-ABDD-176F339B2521} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1212480921-3000280771-3724376844-1004Core => C:\Users\Babsi\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-29] (Google Inc.)
Task: {581B7E0B-9842-42DA-AA23-69B8655E0C5F} - System32\Tasks\{2EAB9CC2-169B-4675-BF9B-ED3BAE64C025} => pcalua.exe -a "C:\Users\Klammer Tom\Desktop\softonic-Deutsch.exe" -d "C:\Users\Klammer Tom\Desktop"
Task: {638D1223-EC23-4228-B56B-5ECB6BA45629} - System32\Tasks\{AFF0020B-802C-4926-9147-C1148DD84125} => pcalua.exe -a E:\setup.exe -d E:\
Task: {663F8AA1-6A63-4946-828B-B1F42EF24E3E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: {75411951-1225-4092-B8CE-B297B27B07CB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: {76206859-0407-4871-BD88-722836584F58} - System32\Tasks\{3025F925-A23B-4DFA-9F64-1405AC642E88} => pcalua.exe -a "C:\Users\Klammer Tom\AppData\Local\Temp\Temp1_VirtualDub-1.9.11.zip\auxsetup.exe"
Task: {80EFFEBC-270B-4A27-B395-8234F889E59F} - System32\Tasks\{7E71D9BD-7640-4392-89A6-1625CA74C655} => pcalua.exe -a "C:\Users\Klammer Tom\Downloads\TrainingCenter_365.exe" -d "C:\Users\Klammer Tom\Downloads"
Task: {993C1955-53FD-445D-B4A8-EBD1B107DA35} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A759210A-94AB-4D08-90B8-9FD90E85C24A} - System32\Tasks\Google Updater and Installer => C:\Users\Klammer Tom\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {C92AA16A-F023-4BD7-B6C9-009437BC25B9} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {D306B6AF-5917-4293-9B20-37ABA78E4906} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1212480921-3000280771-3724376844-1001Core => C:\Users\Klammer Tom\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {F5BEDD76-F567-44D4-A46A-A374FE34B733} - \AdobeFlashPlayerUpdate 2 No Task File <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1212480921-3000280771-3724376844-1001Core.job => C:\Users\Klammer Tom\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1212480921-3000280771-3724376844-1001UA.job => C:\Users\Klammer Tom\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1212480921-3000280771-3724376844-1004Core.job => C:\Users\Babsi\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1212480921-3000280771-3724376844-1004UA.job => C:\Users\Babsi\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-05-11 14:09 - 2012-05-11 14:09 - 00177056 _____ () C:\Program Files\Wyse\PocketCloud Windows Companion\PocketCloudService.exe
2012-05-11 14:05 - 2012-05-11 14:05 - 00056832 _____ () C:\Program Files\Wyse\PocketCloud Windows Companion\ServerNetworkInterface.dll
2012-05-11 14:06 - 2012-05-11 14:06 - 01590272 _____ () C:\Program Files\Wyse\PocketCloud Windows Companion\AetherCommLib.dll
2012-05-11 14:04 - 2012-05-11 14:04 - 00061440 _____ () C:\Program Files\Wyse\PocketCloud Windows Companion\WyseWebServerLib.DLL
2013-02-13 03:37 - 2013-02-13 03:37 - 01263952 _____ () C:\Program Files\DivX\DivX Update\DivXUpdate.exe
2013-02-13 03:38 - 2013-02-13 03:38 - 00100688 _____ () C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
2014-12-12 02:30 - 2014-12-06 02:50 - 01077064 _____ () C:\Users\Klammer Tom\AppData\Local\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-12 02:30 - 2014-12-06 02:50 - 00211272 _____ () C:\Users\Klammer Tom\AppData\Local\Google\Chrome\Application\39.0.2171.95\libegl.dll
2008-04-18 14:56 - 2008-04-18 14:56 - 00311296 _____ () C:\Windows\system32\siecaces.dll
2007-04-16 12:01 - 2007-04-16 12:01 - 00184320 _____ () C:\Windows\system32\gmp4_2_1.dll
2014-12-12 02:30 - 2014-12-06 02:50 - 09009480 _____ () C:\Users\Klammer Tom\AppData\Local\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-12 02:30 - 2014-12-06 02:50 - 01677128 _____ () C:\Users\Klammer Tom\AppData\Local\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2010-05-27 20:40 - 2010-05-27 20:40 - 00270336 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-12-20 14:21 - 2014-12-20 14:21 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\818c5277bd028fb9cb78a30e3720eb0f\IsdiInterop.ni.dll
2010-06-29 16:19 - 2010-03-04 04:08 - 00058880 _____ () C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2011-01-19 07:45 - 2010-03-15 11:28 - 00141824 _____ () C:\Program Files\WinRAR\rarext.dll
2012-01-27 11:12 - 2009-11-16 20:31 - 00069632 _____ () C:\Program Files\PSPad editor\PSPadShell.dll
2014-12-23 09:19 - 2014-12-23 09:20 - 00050477 _____ () C:\Users\Klammer Tom\Downloads\Defogger.exe
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:D1B5B4F1
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsScanner => ""="Service"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^CardOS API.lnk => C:\Windows\pss\CardOS API.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Klammer Tom^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Widget vodafone.lnk => C:\Windows\pss\Widget vodafone.lnk.Startup
MSCONFIG\startupreg: CLMLServer => "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: IAStorIcon => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: PMBVolumeWatcher => C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
MSCONFIG\startupreg: PocketCloud Location => C:\Program Files\Wyse\PocketCloud Windows Companion\WyseBrowser.exe
MSCONFIG\startupreg: tvncontrol => "C:\Program Files\TightVNC\tvnserver.exe" -controlservice -slave
========================= Accounts: ==========================
Administrator (S-1-5-21-1212480921-3000280771-3724376844-500 - Administrator - Disabled)
ASPNET (S-1-5-21-1212480921-3000280771-3724376844-1008 - Limited - Enabled)
Babsi (S-1-5-21-1212480921-3000280771-3724376844-1004 - Limited - Enabled) => C:\Users\Babsi
Gast (S-1-5-21-1212480921-3000280771-3724376844-501 - Limited - Disabled) => C:\Users\Gast
HomeGroupUser$ (S-1-5-21-1212480921-3000280771-3724376844-1003 - Limited - Enabled)
Klammer Tom (S-1-5-21-1212480921-3000280771-3724376844-1001 - Administrator - Enabled) => C:\Users\Klammer Tom
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (12/23/2014 00:33:53 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1". Fehler in Manifest- oder Richtliniendatei "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"2" in Zeile Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Definition: Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error: (12/23/2014 00:30:35 AM) (Source: SideBySide) (EventID: 75) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig.
Error: (12/21/2014 07:00:03 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "G:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"
Error: (12/21/2014 03:31:50 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1". Fehler in Manifest- oder Richtliniendatei "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"2" in Zeile Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Definition: Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error: (12/21/2014 03:28:22 PM) (Source: SideBySide) (EventID: 75) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig.
Error: (12/21/2014 03:02:56 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: eb0
Startzeit: 01d01d25d8b61022
Endzeit: 218
Anwendungspfad: C:\Windows\Explorer.EXE
Berichts-ID: 05a2b5c3-891a-11e4-b936-6c626d5e6893
Error: (12/20/2014 02:54:57 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: NT-AUTORITÄT)
Description: HRESULT:0x8004FF06
Description:Microsoft Security Essentials is already installed. A newer version of Security Essentials is already installed on your computer. Error code:0x8004FF06.
Error: (12/20/2014 02:52:15 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - 1>Failed to compile: Microsoft.CSharp, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a . Error code = 0x80131f06
Error: (12/20/2014 02:52:14 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - 1>Failed to compile: Microsoft.CSharp, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a . Error code = 0x80131f06
Error: (12/20/2014 02:52:14 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - 1>Failed to compile: System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80131f06
System errors:
=============
Error: (12/23/2014 09:21:37 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0
Error: (12/22/2014 06:18:14 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.
Error: (12/22/2014 05:47:29 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0
Error: (12/22/2014 05:37:46 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0
Error: (12/22/2014 04:41:39 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.
Error: (12/22/2014 08:26:48 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.
Error: (12/22/2014 06:14:49 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.
Error: (12/22/2014 05:49:07 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.
Error: (12/21/2014 11:43:53 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.
Error: (12/21/2014 11:26:01 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.
Microsoft Office Sessions:
=========================
Error: (12/23/2014 00:33:53 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"c:\program files\Samsung\Kies\External\firmwareupdate\GT-I9505\DeviceController64.exec:\program files\Samsung\Kies\External\firmwareupdate\GT-I9505\Microsoft.VC90.CRT.MANIFEST11
Error: (12/23/2014 00:30:35 AM) (Source: SideBySide) (EventID: 75) (User: )
Description: C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exeC:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe2
Error: (12/21/2014 07:00:03 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: G:\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)
Error: (12/21/2014 03:31:50 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"c:\program files\Samsung\Kies\External\firmwareupdate\GT-I9505\DeviceController64.exec:\program files\Samsung\Kies\External\firmwareupdate\GT-I9505\Microsoft.VC90.CRT.MANIFEST11
Error: (12/21/2014 03:28:22 PM) (Source: SideBySide) (EventID: 75) (User: )
Description: C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exeC:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe2
Error: (12/21/2014 03:02:56 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.1.7601.17567eb001d01d25d8b61022218C:\Windows\Explorer.EXE05a2b5c3-891a-11e4-b936-6c626d5e6893
Error: (12/20/2014 02:54:57 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: NT-AUTORITÄT)
Description: HRESULT:0x8004FF06
Description:Microsoft Security Essentials is already installed. A newer version of Security Essentials is already installed on your computer. Error code:0x8004FF06.
Error: (12/20/2014 02:52:15 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - 1>Failed to compile: Microsoft.CSharp, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a . Error code = 0x80131f06
Microsoft.CSharp, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
Error: (12/20/2014 02:52:14 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - 1>Failed to compile: Microsoft.CSharp, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a . Error code = 0x80131f06
Microsoft.CSharp, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
Error: (12/20/2014 02:52:14 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - 1>Failed to compile: System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80131f06
System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
==================== Memory info ===========================
Processor: Pentium(R) Dual-Core CPU E5700 @ 3.00GHz
Percentage of memory in use: 61%
Total physical RAM: 3071.24 MB
Available physical RAM: 1167.57 MB
Total Pagefile: 6140.77 MB
Available Pagefile: 2796.29 MB
Total Virtual: 2047.88 MB
Available Virtual: 1885.35 MB
==================== Drives ================================
Drive c: (Boot) (Fixed) (Total:890.41 GB) (Free:581.75 GB) NTFS
Drive d: (Recover) (Fixed) (Total:40 GB) (Free:23.53 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=82 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=890.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=40 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)
==================== End Of Log ============================
|
|
24.12.2014, 22:20
| #4 |
| /// the machine /// TB-Ausbilder | Chrome Browser öffnet fenster Lade Dir bitte von hier  Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
25.12.2014, 11:28
| #5 |
| | Chrome Browser öffnet fensterCode:
ATTFilter ComboFix 14-12-23.01 - Klammer Tom 25.12.2014 10:44:11.4.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.0.1252.49.1031.18.3071.1584 [GMT 1:00]
ausgeführt von:: c:\users\Klammer Tom\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Klammer Tom\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Microsoft Security Essentials *Disabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Microsoft Security Essentials *Disabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\UNWISE.EXE
c:\users\KLAMME~1\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\users\Klammer Tom\3ds
c:\users\Klammer Tom\3ds\__aio\ak.ico
c:\users\Klammer Tom\3ds\__aio\ak2_sd.dldi
c:\users\Klammer Tom\3ds\__aio\cheats\CC\BYXJ7714277F.cc
c:\users\Klammer Tom\3ds\__aio\cheats\CC\C2SP82821A0A.cc
c:\users\Klammer Tom\3ds\__aio\cheats\CC\IRAD12020314.cc
c:\users\Klammer Tom\3ds\__aio\cheats\usrcheat.dat
c:\users\Klammer Tom\3ds\__aio\fonts\kochi-mincho-subst.pcf
c:\users\Klammer Tom\3ds\__aio\fonts\tahoma.pcf
c:\users\Klammer Tom\3ds\__aio\fonts\ugulim12.pcf
c:\users\Klammer Tom\3ds\__aio\fonts\wenquanyi_9pt.pcf
c:\users\Klammer Tom\3ds\__aio\globalsettings.ini
c:\users\Klammer Tom\3ds\__aio\language\lang_br\language.txt
c:\users\Klammer Tom\3ds\__aio\language\lang_cn\language.txt
c:\users\Klammer Tom\3ds\__aio\language\lang_cz\language.txt
c:\users\Klammer Tom\3ds\__aio\language\lang_de\language.txt
c:\users\Klammer Tom\3ds\__aio\language\lang_en\language.txt
c:\users\Klammer Tom\3ds\__aio\language\lang_es\language.txt
c:\users\Klammer Tom\3ds\__aio\language\lang_fr\language.txt
c:\users\Klammer Tom\3ds\__aio\language\lang_it\language.txt
c:\users\Klammer Tom\3ds\__aio\language\lang_jp\language.txt
c:\users\Klammer Tom\3ds\__aio\language\lang_ko\language.txt
c:\users\Klammer Tom\3ds\__aio\language\lang_nl\language.txt
c:\users\Klammer Tom\3ds\__aio\language\lang_no\language.txt
c:\users\Klammer Tom\3ds\__aio\language\lang_pl\language.txt
c:\users\Klammer Tom\3ds\__aio\language\lang_se\language.txt
c:\users\Klammer Tom\3ds\__aio\language\lang_th\language.txt
c:\users\Klammer Tom\3ds\__aio\language\lang_zh\language.txt
c:\users\Klammer Tom\3ds\__aio\language\language.ini
c:\users\Klammer Tom\3ds\__aio\lastsave.ini
c:\users\Klammer Tom\3ds\__aio\loaders\ak2loader.nds
c:\users\Klammer Tom\3ds\__aio\loaders\akloader.nds
c:\users\Klammer Tom\3ds\__aio\optionlist.bin
c:\users\Klammer Tom\3ds\__aio\plugin\wfplugin.ak4
c:\users\Klammer Tom\3ds\__aio\poweroff.bmp
c:\users\Klammer Tom\3ds\__aio\rpg_nand.dldi
c:\users\Klammer Tom\3ds\__aio\rpg_sd.dldi
c:\users\Klammer Tom\3ds\__aio\savelist.bin
c:\users\Klammer Tom\3ds\__aio\savelistex.bin
c:\users\Klammer Tom\3ds\__aio\sdlist.ini
c:\users\Klammer Tom\3ds\__aio\ui\Adv.EvoR\arrow_down.bmp
c:\users\Klammer Tom\3ds\__aio\ui\Adv.EvoR\arrow_up.bmp
c:\users\Klammer Tom\3ds\__aio\ui\Adv.EvoR\brightness.bmp
c:\users\Klammer Tom\3ds\__aio\ui\Adv.EvoR\btn2.bmp
c:\users\Klammer Tom\3ds\__aio\ui\Adv.EvoR\btn3.bmp
c:\users\Klammer Tom\3ds\__aio\ui\Adv.EvoR\btn4.bmp
c:\users\Klammer Tom\3ds\__aio\ui\Adv.EvoR\calendar\clock_colon.bmp
c:\users\Klammer Tom\3ds\__aio\ui\Adv.EvoR\calendar\clock_numbers.bmp
c:\users\Klammer Tom\3ds\__aio\ui\Adv.EvoR\calendar\day_numbers.bmp
c:\users\Klammer Tom\3ds\__aio\ui\Adv.EvoR\calendar\year_numbers.bmp
c:\users\Klammer Tom\3ds\__aio\ui\Adv.EvoR\calendar_no.bmp
c:\users\Klammer Tom\3ds\__aio\ui\Adv.EvoR\card_icon_blue.bmp
c:\users\Klammer Tom\3ds\__aio\ui\Adv.EvoR\cross.bmp
c:\users\Klammer Tom\3ds\__aio\ui\Adv.EvoR\custom.ini
c:\users\Klammer Tom\3ds\__aio\ui\Adv.EvoR\folder_minus.bmp
c:\users\Klammer Tom\3ds\__aio\ui\Adv.EvoR\folder_minus_single.bmp
c:\users\Klammer Tom\3ds\__aio\ui\Adv.EvoR\folder_plus.bmp
c:\users\Klammer Tom\3ds\__aio\ui\Adv.EvoR\folder_plus_single.bmp
c:\users\Klammer Tom\3ds\__aio\ui\Adv.EvoR\folder_up.bmp
c:\users\Klammer Tom\3ds\__aio\ui\Adv.EvoR\gbaframe.bmp
c:\users\Klammer Tom\3ds\__aio\ui\Adv.EvoR\lower_screen.bmp
c:\users\Klammer Tom\3ds\__aio\ui\Adv.EvoR\menu_bg.bmp
c:\users\Klammer Tom\3ds\__aio\ui\Adv.EvoR\note.bmp
c:\users\Klammer Tom\3ds\__aio\ui\Adv.EvoR\progress_bar.bmp
c:\users\Klammer Tom\3ds\__aio\ui\Adv.EvoR\progress_wnd.bmp
c:\users\Klammer Tom\3ds\__aio\ui\Adv.EvoR\scrollbar_b.bmp
c:\users\Klammer Tom\3ds\__aio\ui\Adv.EvoR\scrollbar_m.bmp
c:\users\Klammer Tom\3ds\__aio\ui\Adv.EvoR\scrollbar_t.bmp
c:\users\Klammer Tom\3ds\__aio\ui\Adv.EvoR\spin_btn_left.bmp
c:\users\Klammer Tom\3ds\__aio\ui\Adv.EvoR\spin_btn_right.bmp
c:\users\Klammer Tom\3ds\__aio\ui\Adv.EvoR\tick.bmp
c:\users\Klammer Tom\3ds\__aio\ui\Adv.EvoR\title_bg.bmp
c:\users\Klammer Tom\3ds\__aio\ui\Adv.EvoR\title_left.bmp
c:\users\Klammer Tom\3ds\__aio\ui\Adv.EvoR\title_right.bmp
c:\users\Klammer Tom\3ds\__aio\ui\Adv.EvoR\uisettings.ini
c:\users\Klammer Tom\3ds\__aio\ui\Adv.EvoR\upper_screen.bmp
c:\users\Klammer Tom\3ds\__aio\ui\zelda\arrow_down.bmp
c:\users\Klammer Tom\3ds\__aio\ui\zelda\arrow_up.bmp
c:\users\Klammer Tom\3ds\__aio\ui\zelda\brightness.bmp
c:\users\Klammer Tom\3ds\__aio\ui\zelda\btn2.bmp
c:\users\Klammer Tom\3ds\__aio\ui\zelda\btn3.bmp
c:\users\Klammer Tom\3ds\__aio\ui\zelda\btn4.bmp
c:\users\Klammer Tom\3ds\__aio\ui\zelda\calendar\clock_colon.bmp
c:\users\Klammer Tom\3ds\__aio\ui\zelda\calendar\clock_numbers.bmp
c:\users\Klammer Tom\3ds\__aio\ui\zelda\calendar\day_numbers.bmp
c:\users\Klammer Tom\3ds\__aio\ui\zelda\calendar\Thumbs.db
c:\users\Klammer Tom\3ds\__aio\ui\zelda\calendar\year_numbers.bmp
c:\users\Klammer Tom\3ds\__aio\ui\zelda\card_icon_blue.bmp
c:\users\Klammer Tom\3ds\__aio\ui\zelda\cross.bmp
c:\users\Klammer Tom\3ds\__aio\ui\zelda\custom.ini
c:\users\Klammer Tom\3ds\__aio\ui\zelda\folder_minus.bmp
c:\users\Klammer Tom\3ds\__aio\ui\zelda\folder_minus_single.bmp
c:\users\Klammer Tom\3ds\__aio\ui\zelda\folder_plus.bmp
c:\users\Klammer Tom\3ds\__aio\ui\zelda\folder_plus_single.bmp
c:\users\Klammer Tom\3ds\__aio\ui\zelda\folder_up.bmp
c:\users\Klammer Tom\3ds\__aio\ui\zelda\gbaframe.bmp
c:\users\Klammer Tom\3ds\__aio\ui\zelda\lower_screen.bmp
c:\users\Klammer Tom\3ds\__aio\ui\zelda\menu_bg.bmp
c:\users\Klammer Tom\3ds\__aio\ui\zelda\note.bmp
c:\users\Klammer Tom\3ds\__aio\ui\zelda\progress_bar.bmp
c:\users\Klammer Tom\3ds\__aio\ui\zelda\progress_wnd.bmp
c:\users\Klammer Tom\3ds\__aio\ui\zelda\scrollbar_b.bmp
c:\users\Klammer Tom\3ds\__aio\ui\zelda\scrollbar_m.bmp
c:\users\Klammer Tom\3ds\__aio\ui\zelda\scrollbar_t.bmp
c:\users\Klammer Tom\3ds\__aio\ui\zelda\spin_btn_left.bmp
c:\users\Klammer Tom\3ds\__aio\ui\zelda\spin_btn_right.bmp
c:\users\Klammer Tom\3ds\__aio\ui\zelda\Thumbs.db
c:\users\Klammer Tom\3ds\__aio\ui\zelda\tick.bmp
c:\users\Klammer Tom\3ds\__aio\ui\zelda\title_bg.bmp
c:\users\Klammer Tom\3ds\__aio\ui\zelda\title_left.bmp
c:\users\Klammer Tom\3ds\__aio\ui\zelda\title_right.bmp
c:\users\Klammer Tom\3ds\__aio\ui\zelda\uisettings.ini
c:\users\Klammer Tom\3ds\__aio\ui\zelda\upper_screen.bmp
c:\users\Klammer Tom\3ds\3ds spiele\0002-SM-Ball-EM5.3ds
c:\users\Klammer Tom\3ds\3ds spiele\0002_3DS.rar
c:\users\Klammer Tom\3ds\aiko\__aio\ak.ico
c:\users\Klammer Tom\3ds\aiko\__aio\ak2_sd.dldi
c:\users\Klammer Tom\3ds\aiko\__aio\cheats\usrcheat.dat
c:\users\Klammer Tom\3ds\aiko\__aio\fonts\kochi-mincho-subst.pcf
c:\users\Klammer Tom\3ds\aiko\__aio\fonts\tahoma.pcf
c:\users\Klammer Tom\3ds\aiko\__aio\fonts\ugulim12.pcf
c:\users\Klammer Tom\3ds\aiko\__aio\fonts\wenquanyi_9pt.pcf
c:\users\Klammer Tom\3ds\aiko\__aio\language\lang_br\language.txt
c:\users\Klammer Tom\3ds\aiko\__aio\language\lang_cn\language.txt
c:\users\Klammer Tom\3ds\aiko\__aio\language\lang_cz\language.txt
c:\users\Klammer Tom\3ds\aiko\__aio\language\lang_de\language.txt
c:\users\Klammer Tom\3ds\aiko\__aio\language\lang_en\language.txt
c:\users\Klammer Tom\3ds\aiko\__aio\language\lang_es\language.txt
c:\users\Klammer Tom\3ds\aiko\__aio\language\lang_fr\language.txt
c:\users\Klammer Tom\3ds\aiko\__aio\language\lang_it\language.txt
c:\users\Klammer Tom\3ds\aiko\__aio\language\lang_jp\language.txt
c:\users\Klammer Tom\3ds\aiko\__aio\language\lang_ko\language.txt
c:\users\Klammer Tom\3ds\aiko\__aio\language\lang_nl\language.txt
c:\users\Klammer Tom\3ds\aiko\__aio\language\lang_no\language.txt
c:\users\Klammer Tom\3ds\aiko\__aio\language\lang_pl\language.txt
c:\users\Klammer Tom\3ds\aiko\__aio\language\lang_se\language.txt
c:\users\Klammer Tom\3ds\aiko\__aio\language\lang_th\language.txt
c:\users\Klammer Tom\3ds\aiko\__aio\language\lang_zh\language.txt
c:\users\Klammer Tom\3ds\aiko\__aio\language\language.ini
c:\users\Klammer Tom\3ds\aiko\__aio\lastsave.ini
c:\users\Klammer Tom\3ds\aiko\__aio\loaders\ak2loader.nds
c:\users\Klammer Tom\3ds\aiko\__aio\loaders\akloader.nds
c:\users\Klammer Tom\3ds\aiko\__aio\plugin\wfplugin.ak4
c:\users\Klammer Tom\3ds\aiko\__aio\poweroff.bmp
c:\users\Klammer Tom\3ds\aiko\__aio\rpg_nand.dldi
c:\users\Klammer Tom\3ds\aiko\__aio\rpg_sd.dldi
c:\users\Klammer Tom\3ds\aiko\__aio\savelist.bin
c:\users\Klammer Tom\3ds\aiko\__aio\sdlist.ini
c:\users\Klammer Tom\3ds\aiko\__aio\ui\Adv.EvoR\arrow_down.bmp
c:\users\Klammer Tom\3ds\aiko\__aio\ui\Adv.EvoR\arrow_up.bmp
c:\users\Klammer Tom\3ds\aiko\__aio\ui\Adv.EvoR\brightness.bmp
c:\users\Klammer Tom\3ds\aiko\__aio\ui\Adv.EvoR\btn2.bmp
c:\users\Klammer Tom\3ds\aiko\__aio\ui\Adv.EvoR\btn3.bmp
c:\users\Klammer Tom\3ds\aiko\__aio\ui\Adv.EvoR\btn4.bmp
c:\users\Klammer Tom\3ds\aiko\__aio\ui\Adv.EvoR\calendar\clock_colon.bmp
c:\users\Klammer Tom\3ds\aiko\__aio\ui\Adv.EvoR\calendar\clock_numbers.bmp
c:\users\Klammer Tom\3ds\aiko\__aio\ui\Adv.EvoR\calendar\day_numbers.bmp
c:\users\Klammer Tom\3ds\aiko\__aio\ui\Adv.EvoR\calendar\year_numbers.bmp
c:\users\Klammer Tom\3ds\aiko\__aio\ui\Adv.EvoR\calendar_no.bmp
c:\users\Klammer Tom\3ds\aiko\__aio\ui\Adv.EvoR\card_icon_blue.bmp
c:\users\Klammer Tom\3ds\aiko\__aio\ui\Adv.EvoR\cross.bmp
c:\users\Klammer Tom\3ds\aiko\__aio\ui\Adv.EvoR\custom.ini
c:\users\Klammer Tom\3ds\aiko\__aio\ui\Adv.EvoR\folder_minus.bmp
c:\users\Klammer Tom\3ds\aiko\__aio\ui\Adv.EvoR\folder_minus_single.bmp
c:\users\Klammer Tom\3ds\aiko\__aio\ui\Adv.EvoR\folder_plus.bmp
c:\users\Klammer Tom\3ds\aiko\__aio\ui\Adv.EvoR\folder_plus_single.bmp
c:\users\Klammer Tom\3ds\aiko\__aio\ui\Adv.EvoR\folder_up.bmp
c:\users\Klammer Tom\3ds\aiko\__aio\ui\Adv.EvoR\gbaframe.bmp
c:\users\Klammer Tom\3ds\aiko\__aio\ui\Adv.EvoR\lower_screen.bmp
c:\users\Klammer Tom\3ds\aiko\__aio\ui\Adv.EvoR\menu_bg.bmp
c:\users\Klammer Tom\3ds\aiko\__aio\ui\Adv.EvoR\note.bmp
c:\users\Klammer Tom\3ds\aiko\__aio\ui\Adv.EvoR\progress_bar.bmp
c:\users\Klammer Tom\3ds\aiko\__aio\ui\Adv.EvoR\progress_wnd.bmp
c:\users\Klammer Tom\3ds\aiko\__aio\ui\Adv.EvoR\scrollbar_b.bmp
c:\users\Klammer Tom\3ds\aiko\__aio\ui\Adv.EvoR\scrollbar_m.bmp
c:\users\Klammer Tom\3ds\aiko\__aio\ui\Adv.EvoR\scrollbar_t.bmp
c:\users\Klammer Tom\3ds\aiko\__aio\ui\Adv.EvoR\spin_btn_left.bmp
c:\users\Klammer Tom\3ds\aiko\__aio\ui\Adv.EvoR\spin_btn_right.bmp
c:\users\Klammer Tom\3ds\aiko\__aio\ui\Adv.EvoR\tick.bmp
c:\users\Klammer Tom\3ds\aiko\__aio\ui\Adv.EvoR\title_bg.bmp
c:\users\Klammer Tom\3ds\aiko\__aio\ui\Adv.EvoR\title_left.bmp
c:\users\Klammer Tom\3ds\aiko\__aio\ui\Adv.EvoR\title_right.bmp
c:\users\Klammer Tom\3ds\aiko\__aio\ui\Adv.EvoR\uisettings.ini
c:\users\Klammer Tom\3ds\aiko\__aio\ui\Adv.EvoR\upper_screen.bmp
c:\users\Klammer Tom\3ds\aiko\__aio\ui\zelda\arrow_down.bmp
c:\users\Klammer Tom\3ds\aiko\__aio\ui\zelda\arrow_up.bmp
c:\users\Klammer Tom\3ds\aiko\__aio\ui\zelda\brightness.bmp
c:\users\Klammer Tom\3ds\aiko\__aio\ui\zelda\btn2.bmp
c:\users\Klammer Tom\3ds\aiko\__aio\ui\zelda\btn3.bmp
c:\users\Klammer Tom\3ds\aiko\__aio\ui\zelda\btn4.bmp
c:\users\Klammer Tom\3ds\aiko\__aio\ui\zelda\calendar\clock_colon.bmp
c:\users\Klammer Tom\3ds\aiko\__aio\ui\zelda\calendar\clock_numbers.bmp
c:\users\Klammer Tom\3ds\aiko\__aio\ui\zelda\calendar\day_numbers.bmp
c:\users\Klammer Tom\3ds\aiko\__aio\ui\zelda\calendar\Thumbs.db
c:\users\Klammer Tom\3ds\aiko\__aio\ui\zelda\calendar\year_numbers.bmp
c:\users\Klammer Tom\3ds\aiko\__aio\ui\zelda\card_icon_blue.bmp
c:\users\Klammer Tom\3ds\aiko\__aio\ui\zelda\cross.bmp
c:\users\Klammer Tom\3ds\aiko\__aio\ui\zelda\custom.ini
c:\users\Klammer Tom\3ds\aiko\__aio\ui\zelda\folder_minus.bmp
c:\users\Klammer Tom\3ds\aiko\__aio\ui\zelda\folder_minus_single.bmp
c:\users\Klammer Tom\3ds\aiko\__aio\ui\zelda\folder_plus.bmp
c:\users\Klammer Tom\3ds\aiko\__aio\ui\zelda\folder_plus_single.bmp
c:\users\Klammer Tom\3ds\aiko\__aio\ui\zelda\folder_up.bmp
c:\users\Klammer Tom\3ds\aiko\__aio\ui\zelda\gbaframe.bmp
c:\users\Klammer Tom\3ds\aiko\__aio\ui\zelda\lower_screen.bmp
c:\users\Klammer Tom\3ds\aiko\__aio\ui\zelda\menu_bg.bmp
c:\users\Klammer Tom\3ds\aiko\__aio\ui\zelda\note.bmp
c:\users\Klammer Tom\3ds\aiko\__aio\ui\zelda\progress_bar.bmp
c:\users\Klammer Tom\3ds\aiko\__aio\ui\zelda\progress_wnd.bmp
c:\users\Klammer Tom\3ds\aiko\__aio\ui\zelda\scrollbar_b.bmp
c:\users\Klammer Tom\3ds\aiko\__aio\ui\zelda\scrollbar_m.bmp
c:\users\Klammer Tom\3ds\aiko\__aio\ui\zelda\scrollbar_t.bmp
c:\users\Klammer Tom\3ds\aiko\__aio\ui\zelda\spin_btn_left.bmp
c:\users\Klammer Tom\3ds\aiko\__aio\ui\zelda\spin_btn_right.bmp
c:\users\Klammer Tom\3ds\aiko\__aio\ui\zelda\Thumbs.db
c:\users\Klammer Tom\3ds\aiko\__aio\ui\zelda\tick.bmp
c:\users\Klammer Tom\3ds\aiko\__aio\ui\zelda\title_bg.bmp
c:\users\Klammer Tom\3ds\aiko\__aio\ui\zelda\title_left.bmp
c:\users\Klammer Tom\3ds\aiko\__aio\ui\zelda\title_right.bmp
c:\users\Klammer Tom\3ds\aiko\__aio\ui\zelda\uisettings.ini
c:\users\Klammer Tom\3ds\aiko\__aio\ui\zelda\upper_screen.bmp
c:\users\Klammer Tom\3ds\aiko\akmenu4.nds
c:\users\Klammer Tom\3ds\aiko\LoaderChangelog.txt
c:\users\Klammer Tom\3ds\aiko\readme_AKAIO.txt
c:\users\Klammer Tom\3ds\ak2ifw_update_3ds3.0_DSi143.zip
c:\users\Klammer Tom\3ds\ak2ifw_update_3ds30_DSi143_onDSi_and_DSXL_and3DS.nds
c:\users\Klammer Tom\3ds\ak2loader.nds
c:\users\Klammer Tom\3ds\akmenu4.nds
c:\users\Klammer Tom\3ds\alte spiele\__aio\ak.ico
c:\users\Klammer Tom\3ds\alte spiele\__aio\ak2_sd.dldi
c:\users\Klammer Tom\3ds\alte spiele\__aio\cheats\CC\BYXJ7714277F.cc
c:\users\Klammer Tom\3ds\alte spiele\__aio\cheats\CC\C2SP82821A0A.cc
c:\users\Klammer Tom\3ds\alte spiele\__aio\cheats\CC\IRAD12020314.cc
c:\users\Klammer Tom\3ds\alte spiele\__aio\cheats\usrcheat.dat
c:\users\Klammer Tom\3ds\alte spiele\__aio\fonts\kochi-mincho-subst.pcf
c:\users\Klammer Tom\3ds\alte spiele\__aio\fonts\tahoma.pcf
c:\users\Klammer Tom\3ds\alte spiele\__aio\fonts\ugulim12.pcf
c:\users\Klammer Tom\3ds\alte spiele\__aio\fonts\wenquanyi_9pt.pcf
c:\users\Klammer Tom\3ds\alte spiele\__aio\globalsettings.ini
c:\users\Klammer Tom\3ds\alte spiele\__aio\language\lang_br\language.txt
c:\users\Klammer Tom\3ds\alte spiele\__aio\language\lang_cn\language.txt
c:\users\Klammer Tom\3ds\alte spiele\__aio\language\lang_cz\language.txt
c:\users\Klammer Tom\3ds\alte spiele\__aio\language\lang_de\language.txt
c:\users\Klammer Tom\3ds\alte spiele\__aio\language\lang_en\language.txt
c:\users\Klammer Tom\3ds\alte spiele\__aio\language\lang_es\language.txt
c:\users\Klammer Tom\3ds\alte spiele\__aio\language\lang_fr\language.txt
c:\users\Klammer Tom\3ds\alte spiele\__aio\language\lang_it\language.txt
c:\users\Klammer Tom\3ds\alte spiele\__aio\language\lang_jp\language.txt
c:\users\Klammer Tom\3ds\alte spiele\__aio\language\lang_ko\language.txt
c:\users\Klammer Tom\3ds\alte spiele\__aio\language\lang_nl\language.txt
c:\users\Klammer Tom\3ds\alte spiele\__aio\language\lang_no\language.txt
c:\users\Klammer Tom\3ds\alte spiele\__aio\language\lang_pl\language.txt
c:\users\Klammer Tom\3ds\alte spiele\__aio\language\lang_se\language.txt
c:\users\Klammer Tom\3ds\alte spiele\__aio\language\lang_th\language.txt
c:\users\Klammer Tom\3ds\alte spiele\__aio\language\lang_zh\language.txt
c:\users\Klammer Tom\3ds\alte spiele\__aio\language\language.ini
c:\users\Klammer Tom\3ds\alte spiele\__aio\lastsave.ini
c:\users\Klammer Tom\3ds\alte spiele\__aio\loaders\ak2loader.nds
c:\users\Klammer Tom\3ds\alte spiele\__aio\loaders\akloader.nds
c:\users\Klammer Tom\3ds\alte spiele\__aio\optionlist.bin
c:\users\Klammer Tom\3ds\alte spiele\__aio\plugin\wfplugin.ak4
c:\users\Klammer Tom\3ds\alte spiele\__aio\poweroff.bmp
c:\users\Klammer Tom\3ds\alte spiele\__aio\rpg_nand.dldi
c:\users\Klammer Tom\3ds\alte spiele\__aio\rpg_sd.dldi
c:\users\Klammer Tom\3ds\alte spiele\__aio\savelist.bin
c:\users\Klammer Tom\3ds\alte spiele\__aio\savelistex.bin
c:\users\Klammer Tom\3ds\alte spiele\__aio\sdlist.ini
c:\users\Klammer Tom\3ds\alte spiele\__aio\ui\Adv.EvoR\arrow_down.bmp
c:\users\Klammer Tom\3ds\alte spiele\__aio\ui\Adv.EvoR\arrow_up.bmp
c:\users\Klammer Tom\3ds\alte spiele\__aio\ui\Adv.EvoR\brightness.bmp
c:\users\Klammer Tom\3ds\alte spiele\__aio\ui\Adv.EvoR\btn2.bmp
c:\users\Klammer Tom\3ds\alte spiele\__aio\ui\Adv.EvoR\btn3.bmp
c:\users\Klammer Tom\3ds\alte spiele\__aio\ui\Adv.EvoR\btn4.bmp
c:\users\Klammer Tom\3ds\alte spiele\__aio\ui\Adv.EvoR\calendar\clock_colon.bmp
c:\users\Klammer Tom\3ds\alte spiele\__aio\ui\Adv.EvoR\calendar\clock_numbers.bmp
c:\users\Klammer Tom\3ds\alte spiele\__aio\ui\Adv.EvoR\calendar\day_numbers.bmp
c:\users\Klammer Tom\3ds\alte spiele\__aio\ui\Adv.EvoR\calendar\year_numbers.bmp
c:\users\Klammer Tom\3ds\alte spiele\__aio\ui\Adv.EvoR\calendar_no.bmp
c:\users\Klammer Tom\3ds\alte spiele\__aio\ui\Adv.EvoR\card_icon_blue.bmp
c:\users\Klammer Tom\3ds\alte spiele\__aio\ui\Adv.EvoR\cross.bmp
c:\users\Klammer Tom\3ds\alte spiele\__aio\ui\Adv.EvoR\custom.ini
c:\users\Klammer Tom\3ds\alte spiele\__aio\ui\Adv.EvoR\folder_minus.bmp
c:\users\Klammer Tom\3ds\alte spiele\__aio\ui\Adv.EvoR\folder_minus_single.bmp
c:\users\Klammer Tom\3ds\alte spiele\__aio\ui\Adv.EvoR\folder_plus.bmp
c:\users\Klammer Tom\3ds\alte spiele\__aio\ui\Adv.EvoR\folder_plus_single.bmp
c:\users\Klammer Tom\3ds\alte spiele\__aio\ui\Adv.EvoR\folder_up.bmp
c:\users\Klammer Tom\3ds\alte spiele\__aio\ui\Adv.EvoR\gbaframe.bmp
c:\users\Klammer Tom\3ds\alte spiele\__aio\ui\Adv.EvoR\lower_screen.bmp
c:\users\Klammer Tom\3ds\alte spiele\__aio\ui\Adv.EvoR\menu_bg.bmp
c:\users\Klammer Tom\3ds\alte spiele\__aio\ui\Adv.EvoR\note.bmp
c:\users\Klammer Tom\3ds\alte spiele\__aio\ui\Adv.EvoR\progress_bar.bmp
c:\users\Klammer Tom\3ds\alte spiele\__aio\ui\Adv.EvoR\progress_wnd.bmp
c:\users\Klammer Tom\3ds\alte spiele\__aio\ui\Adv.EvoR\scrollbar_b.bmp
c:\users\Klammer Tom\3ds\alte spiele\__aio\ui\Adv.EvoR\scrollbar_m.bmp
c:\users\Klammer Tom\3ds\alte spiele\__aio\ui\Adv.EvoR\scrollbar_t.bmp
c:\users\Klammer Tom\3ds\alte spiele\__aio\ui\Adv.EvoR\spin_btn_left.bmp
c:\users\Klammer Tom\3ds\alte spiele\__aio\ui\Adv.EvoR\spin_btn_right.bmp
c:\users\Klammer Tom\3ds\alte spiele\__aio\ui\Adv.EvoR\tick.bmp
c:\users\Klammer Tom\3ds\alte spiele\__aio\ui\Adv.EvoR\title_bg.bmp
c:\users\Klammer Tom\3ds\alte spiele\__aio\ui\Adv.EvoR\title_left.bmp
c:\users\Klammer Tom\3ds\alte spiele\__aio\ui\Adv.EvoR\title_right.bmp
c:\users\Klammer Tom\3ds\alte spiele\__aio\ui\Adv.EvoR\uisettings.ini
c:\users\Klammer Tom\3ds\alte spiele\__aio\ui\Adv.EvoR\upper_screen.bmp
c:\users\Klammer Tom\3ds\alte spiele\__aio\ui\zelda\arrow_down.bmp
c:\users\Klammer Tom\3ds\alte spiele\__aio\ui\zelda\arrow_up.bmp
c:\users\Klammer Tom\3ds\alte spiele\__aio\ui\zelda\brightness.bmp
c:\users\Klammer Tom\3ds\alte spiele\__aio\ui\zelda\btn2.bmp
c:\users\Klammer Tom\3ds\alte spiele\__aio\ui\zelda\btn3.bmp
c:\users\Klammer Tom\3ds\alte spiele\__aio\ui\zelda\btn4.bmp
c:\users\Klammer Tom\3ds\alte spiele\__aio\ui\zelda\calendar\clock_colon.bmp
c:\users\Klammer Tom\3ds\alte spiele\__aio\ui\zelda\calendar\clock_numbers.bmp
c:\users\Klammer Tom\3ds\alte spiele\__aio\ui\zelda\calendar\day_numbers.bmp
c:\users\Klammer Tom\3ds\alte spiele\__aio\ui\zelda\calendar\Thumbs.db
c:\users\Klammer Tom\3ds\alte spiele\__aio\ui\zelda\calendar\year_numbers.bmp
c:\users\Klammer Tom\3ds\alte spiele\__aio\ui\zelda\card_icon_blue.bmp
c:\users\Klammer Tom\3ds\alte spiele\__aio\ui\zelda\cross.bmp
c:\users\Klammer Tom\3ds\alte spiele\__aio\ui\zelda\custom.ini
c:\users\Klammer Tom\3ds\alte spiele\__aio\ui\zelda\folder_minus.bmp
c:\users\Klammer Tom\3ds\alte spiele\__aio\ui\zelda\folder_minus_single.bmp
c:\users\Klammer Tom\3ds\alte spiele\__aio\ui\zelda\folder_plus.bmp
c:\users\Klammer Tom\3ds\alte spiele\__aio\ui\zelda\folder_plus_single.bmp
c:\users\Klammer Tom\3ds\alte spiele\__aio\ui\zelda\folder_up.bmp
c:\users\Klammer Tom\3ds\alte spiele\__aio\ui\zelda\gbaframe.bmp
c:\users\Klammer Tom\3ds\alte spiele\__aio\ui\zelda\lower_screen.bmp
c:\users\Klammer Tom\3ds\alte spiele\__aio\ui\zelda\menu_bg.bmp
c:\users\Klammer Tom\3ds\alte spiele\__aio\ui\zelda\note.bmp
c:\users\Klammer Tom\3ds\alte spiele\__aio\ui\zelda\progress_bar.bmp
c:\users\Klammer Tom\3ds\alte spiele\__aio\ui\zelda\progress_wnd.bmp
c:\users\Klammer Tom\3ds\alte spiele\__aio\ui\zelda\scrollbar_b.bmp
c:\users\Klammer Tom\3ds\alte spiele\__aio\ui\zelda\scrollbar_m.bmp
c:\users\Klammer Tom\3ds\alte spiele\__aio\ui\zelda\scrollbar_t.bmp
c:\users\Klammer Tom\3ds\alte spiele\__aio\ui\zelda\spin_btn_left.bmp
c:\users\Klammer Tom\3ds\alte spiele\__aio\ui\zelda\spin_btn_right.bmp
c:\users\Klammer Tom\3ds\alte spiele\__aio\ui\zelda\Thumbs.db
c:\users\Klammer Tom\3ds\alte spiele\__aio\ui\zelda\tick.bmp
c:\users\Klammer Tom\3ds\alte spiele\__aio\ui\zelda\title_bg.bmp
c:\users\Klammer Tom\3ds\alte spiele\__aio\ui\zelda\title_left.bmp
c:\users\Klammer Tom\3ds\alte spiele\__aio\ui\zelda\title_right.bmp
c:\users\Klammer Tom\3ds\alte spiele\__aio\ui\zelda\uisettings.ini
c:\users\Klammer Tom\3ds\alte spiele\__aio\ui\zelda\upper_screen.bmp
c:\users\Klammer Tom\3ds\alte spiele\ak2ifw_update_3ds30_DSi143_onDSi_and_DSXL_and3DS.nds
c:\users\Klammer Tom\3ds\alte spiele\akmenu4.nds
c:\users\Klammer Tom\3ds\alte spiele\Musik\07-Schnuffel Feat. Michael Wendler-Häschenparty.mp3
c:\users\Klammer Tom\3ds\alte spiele\Spiele\1998 - Professor Kageyama's Maths Training (EU).nds.sav
c:\users\Klammer Tom\3ds\alte spiele\Spiele\2018 - Final Fantasy XII - Revenant Wings - (E) - (M5) - Europe.nds.sav
c:\users\Klammer Tom\3ds\alte spiele\Spiele\2018 - Final Fantasy XII - Revenant Wings - (E) - (M5) - Europe.sav
c:\users\Klammer Tom\3ds\alte spiele\Spiele\2171 - Mein Wortschatz Coach - Englisch Lernen - (G) - - Germany.nds
c:\users\Klammer Tom\3ds\alte spiele\Spiele\2171 - Mein Wortschatz Coach - Englisch Lernen - (G) - - Germany.sav
c:\users\Klammer Tom\3ds\alte spiele\Spiele\4468 - Pokemon Mystery Dungeon - Explorers of Sky (Europe) (En,Fr,De,Es,It).nds
c:\users\Klammer Tom\3ds\alte spiele\Spiele\4468 - Pokemon Mystery Dungeon - Explorers of Sky (Europe) (En,Fr,De,Es,It).sav
c:\users\Klammer Tom\3ds\alte spiele\Spiele\b-cogdragons.nds.sav
c:\users\Klammer Tom\3ds\alte spiele\Spiele\B-MSOWGE.NDS.sav
c:\users\Klammer Tom\3ds\alte spiele\Spiele\b-planet51.nds
c:\users\Klammer Tom\3ds\alte spiele\Spiele\b-planet51.nds.sav
c:\users\Klammer Tom\3ds\alte spiele\Spiele\b-planet51.sav
c:\users\Klammer Tom\3ds\alte spiele\Spiele\b-yugioh2k10j.nds
c:\users\Klammer Tom\3ds\alte spiele\Spiele\b-yugioh2k10j.sav
c:\users\Klammer Tom\3ds\alte spiele\Spiele\Der Magische Stift.nds
c:\users\Klammer Tom\3ds\alte spiele\Spiele\Der Magische Stift.nds.sav
c:\users\Klammer Tom\3ds\alte spiele\Spiele\Der Magische Stift.sav
c:\users\Klammer Tom\3ds\alte spiele\Spiele\lgc-ace.nds
c:\users\Klammer Tom\3ds\alte spiele\Spiele\LGC-ACE.NDS.sav
c:\users\Klammer Tom\3ds\alte spiele\Spiele\LGC-ACE.SAV
c:\users\Klammer Tom\3ds\alte spiele\Spiele\Mario vs. Donkey Kong Mini-Land Mayhem! (Europe) .nds
c:\users\Klammer Tom\3ds\alte spiele\Spiele\Mario vs. Donkey Kong Mini-Land Mayhem! (Europe) .sav
c:\users\Klammer Tom\3ds\alte spiele\Spiele\POKEM~01.SAV
c:\users\Klammer Tom\3ds\alte spiele\Spiele\Pokemon Ranger Shadows of Almia.nds
c:\users\Klammer Tom\3ds\alte spiele\Spiele\Pokemon Ranger Shadows of Almia.nds.sav
c:\users\Klammer Tom\3ds\alte spiele\Spiele\Pokemon SoulSilver - Silberne Edition Patched.nds
c:\users\Klammer Tom\3ds\alte spiele\Spiele\Pokemon SoulSilver - Silberne Edition Patched.nds.sav
c:\users\Klammer Tom\3ds\alte spiele\Spiele\Pokemon SoulSilver - Silberne Edition Patched.sav
c:\users\Klammer Tom\3ds\alte spiele\Spiele\Pokemon Weiße.nds
c:\users\Klammer Tom\3ds\alte spiele\Spiele\Pokemon Weiße.sav
c:\users\Klammer Tom\3ds\alte spiele\Spiele\Pokemon White_Patched.nds
c:\users\Klammer Tom\3ds\alte spiele\Spiele\Pokemon White_Patched.sav
c:\users\Klammer Tom\3ds\alte spiele\Spiele\V-LEGORB.NDS
c:\users\Klammer Tom\3ds\alte spiele\Spiele\V-LEGORB.NDS.sav
c:\users\Klammer Tom\3ds\alte spiele\Spiele\V-LEGORB.SAV
c:\users\Klammer Tom\3ds\alte spiele\Spiele\vatos-layton2.nds
c:\users\Klammer Tom\3ds\alte spiele\Spiele\vatos-layton2.nds.sav
c:\users\Klammer Tom\3ds\alte spiele\Spiele\vatos-layton2.sav
c:\users\Klammer Tom\3ds\alte spiele\Spiele\XMS-DSRE.NDS.sav
c:\users\Klammer Tom\3ds\alte spiele\Spiele\xms-tdgg.nds
c:\users\Klammer Tom\3ds\alte spiele\Spiele\XMS-TDGG.NDS.sav
c:\users\Klammer Tom\3ds\alte spiele\Spiele\XMS-TDGG.SAV
c:\users\Klammer Tom\3ds\alte spiele\Spiele\XPA-PEOS.NDS.sav
c:\users\Klammer Tom\3ds\alte spiele\Spiele\xpa-tppm.nds
c:\users\Klammer Tom\3ds\alte spiele\Spiele\XPA-TPPM.NDS.sav
c:\users\Klammer Tom\3ds\alte spiele\Spiele\XPA-TPPM.SAV
c:\users\Klammer Tom\3ds\Musik\07-Schnuffel Feat. Michael Wendler-Häschenparty.mp3
c:\users\Klammer Tom\3ds\Spiele\1998 - Professor Kageyama's Maths Training (EU).nds.sav
c:\users\Klammer Tom\3ds\Spiele\2018 - Final Fantasy XII - Revenant Wings - (E) - (M5) - Europe.nds.sav
c:\users\Klammer Tom\3ds\Spiele\2018 - Final Fantasy XII - Revenant Wings - (E) - (M5) - Europe.sav
c:\users\Klammer Tom\3ds\Spiele\2171 - Mein Wortschatz Coach - Englisch Lernen - (G) - - Germany.nds
c:\users\Klammer Tom\3ds\Spiele\2171 - Mein Wortschatz Coach - Englisch Lernen - (G) - - Germany.sav
c:\users\Klammer Tom\3ds\Spiele\4468 - Pokemon Mystery Dungeon - Explorers of Sky (Europe) (En,Fr,De,Es,It).nds
c:\users\Klammer Tom\3ds\Spiele\4468 - Pokemon Mystery Dungeon - Explorers of Sky (Europe) (En,Fr,De,Es,It).sav
c:\users\Klammer Tom\3ds\Spiele\b-cogdragons.nds.sav
c:\users\Klammer Tom\3ds\Spiele\B-MSOWGE.NDS.sav
c:\users\Klammer Tom\3ds\Spiele\b-planet51.nds
c:\users\Klammer Tom\3ds\Spiele\b-planet51.nds.sav
c:\users\Klammer Tom\3ds\Spiele\b-planet51.sav
c:\users\Klammer Tom\3ds\Spiele\b-yugioh2k10j.nds
c:\users\Klammer Tom\3ds\Spiele\b-yugioh2k10j.sav
c:\users\Klammer Tom\3ds\Spiele\Der Magische Stift.nds
c:\users\Klammer Tom\3ds\Spiele\Der Magische Stift.nds.sav
c:\users\Klammer Tom\3ds\Spiele\Der Magische Stift.sav
c:\users\Klammer Tom\3ds\Spiele\lgc-ace.nds
c:\users\Klammer Tom\3ds\Spiele\LGC-ACE.NDS.sav
c:\users\Klammer Tom\3ds\Spiele\LGC-ACE.SAV
c:\users\Klammer Tom\3ds\Spiele\Mario vs. Donkey Kong Mini-Land Mayhem! (Europe) .nds
c:\users\Klammer Tom\3ds\Spiele\Mario vs. Donkey Kong Mini-Land Mayhem! (Europe) .sav
c:\users\Klammer Tom\3ds\Spiele\POKEM~01.SAV
c:\users\Klammer Tom\3ds\Spiele\Pokemon Ranger Shadows of Almia.nds
c:\users\Klammer Tom\3ds\Spiele\Pokemon Ranger Shadows of Almia.nds.sav
c:\users\Klammer Tom\3ds\Spiele\Pokemon SoulSilver - Silberne Edition Patched.nds
c:\users\Klammer Tom\3ds\Spiele\Pokemon SoulSilver - Silberne Edition Patched.nds.sav
c:\users\Klammer Tom\3ds\Spiele\Pokemon SoulSilver - Silberne Edition Patched.sav
c:\users\Klammer Tom\3ds\Spiele\Pokemon Weiße.nds
c:\users\Klammer Tom\3ds\Spiele\Pokemon Weiße.sav
c:\users\Klammer Tom\3ds\Spiele\Pokemon White_Patched.nds
c:\users\Klammer Tom\3ds\Spiele\Pokemon White_Patched.sav
c:\users\Klammer Tom\3ds\Spiele\V-LEGORB.NDS
c:\users\Klammer Tom\3ds\Spiele\V-LEGORB.NDS.sav
c:\users\Klammer Tom\3ds\Spiele\V-LEGORB.SAV
c:\users\Klammer Tom\3ds\Spiele\vatos-layton2.nds
c:\users\Klammer Tom\3ds\Spiele\vatos-layton2.nds.sav
c:\users\Klammer Tom\3ds\Spiele\vatos-layton2.sav
c:\users\Klammer Tom\3ds\Spiele\XMS-DSRE.NDS.sav
c:\users\Klammer Tom\3ds\Spiele\xms-tdgg.nds
c:\users\Klammer Tom\3ds\Spiele\XMS-TDGG.NDS.sav
c:\users\Klammer Tom\3ds\Spiele\XMS-TDGG.SAV
c:\users\Klammer Tom\3ds\Spiele\XPA-PEOS.NDS.sav
c:\users\Klammer Tom\3ds\Spiele\xpa-tppm.nds
c:\users\Klammer Tom\3ds\Spiele\XPA-TPPM.NDS.sav
c:\users\Klammer Tom\3ds\Spiele\XPA-TPPM.SAV
c:\users\Klammer Tom\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\users\Klammer Tom\AppData\Local\TempDIR
c:\users\Klammer Tom\AppData\Local\TempDIR\BetterInstaller.exe
c:\users\Klammer Tom\AppData\Roaming\.#
c:\windows\files
c:\windows\files\bootsect.bin
c:\windows\files\CFW\BenQ-CFW.bin
c:\windows\files\CFW\Lite-CFW.bin
c:\windows\files\CFW\Sam-CFW.bin
c:\windows\files\CHANGE.COM
c:\windows\files\dBen.bat
c:\windows\files\dLite.bat
c:\windows\files\Dos\command.com
c:\windows\files\Dos\io.sys
c:\windows\files\Dos\msdos.sys
c:\windows\files\dSam.bat
c:\windows\files\fBen.bat
c:\windows\files\fLite.bat
c:\windows\files\fSam.bat
c:\windows\files\mkubt.exe
c:\windows\files\TOOLS\DosFlash.exe
c:\windows\files\TOOLS\DosFlash.typ
c:\windows\files\TOOLS\FIRMTOOL.EXE
c:\windows\IsUn0407.exe
c:\windows\system32\SET12D9.tmp
c:\windows\system32\System32\MASetupCleaner.exe
c:\windows\system32\System32\muzapp.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-11-25 bis 2014-12-25 ))))))))))))))))))))))))))))))
.
.
2014-12-25 10:15 . 2014-12-25 10:18 -------- d-----w- c:\users\Klammer Tom\AppData\Local\temp
2014-12-25 10:15 . 2014-12-25 10:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-12-25 10:15 . 2014-12-25 10:15 -------- d-----w- c:\users\Gast\AppData\Local\temp
2014-12-25 06:16 . 2014-12-02 11:01 9054624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C2E12817-E22E-423A-B96E-C72D7C6D84C4}\mpengine.dll
2014-12-25 06:09 . 2014-12-25 06:09 -------- d-----w- c:\program files\VS Revo Group
2014-12-23 14:07 . 2014-12-02 11:01 9054624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-12-23 08:24 . 2014-12-23 08:27 -------- d-----w- C:\FRST
2014-12-20 16:12 . 2014-12-20 16:12 0 ----a-w- c:\windows\system32\sho3BFF.tmp
2014-12-20 14:00 . 2014-12-20 14:00 -------- d-----w- c:\program files\Common Files\Skype
2014-12-20 13:46 . 2014-12-20 13:46 -------- d-----w- c:\windows\Migration
2014-12-20 06:30 . 2014-12-20 06:30 243128 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2014-12-20 06:30 . 2014-12-20 06:31 -------- d-----w- c:\users\Klammer Tom\AppData\Roaming\DAEMON Tools Lite
2014-12-20 06:30 . 2014-12-20 06:30 -------- d-----w- c:\program files\DAEMON Tools Lite
2014-12-20 06:29 . 2014-12-20 06:32 -------- d-----w- c:\programdata\DAEMON Tools Lite
2014-12-19 09:11 . 2014-09-17 03:53 908840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AFE1A49D-B66A-4C20-B58C-089ED334A667}\gapaengine.dll
2014-12-16 06:33 . 2014-12-20 11:25 -------- d-----w- c:\users\Klammer Tom\AppData\Roaming\XBMC
2014-12-16 06:30 . 2014-12-16 06:36 -------- d-----w- c:\program files\XBMC
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-10 07:24 . 2013-08-05 06:54 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-11-01 09:28 . 2014-11-01 09:28 0 ----a-w- c:\windows\system32\sho99AA.tmp
2014-10-30 11:24 . 2010-06-29 13:41 229000 ------w- c:\windows\system32\MpSigStub.exe
2014-10-09 13:13 . 2014-08-28 11:06 37384 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2014-10-09 13:13 . 2014-08-27 05:04 136216 ----a-w- c:\windows\system32\drivers\avipbb.sys
2014-10-09 13:13 . 2014-08-27 05:04 98160 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-10-08 09:32 . 2012-02-04 08:33 1236816 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2014-10-04 09:37 . 2012-02-04 08:33 893552 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2014-10-04 09:37 . 2012-02-04 08:33 42168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2014-09-29 06:46 . 2012-11-01 10:48 952 --sha-w- c:\programdata\KGyGaAvL.sys
2012-03-04 11:01 . 2012-03-04 10:56 39789 ----a-w- c:\program files\uninst-mp3gain.exe
2010-06-03 16:24 . 2010-10-16 07:05 2736736 ----a-w- c:\program files\tbsoft.dll
2005-01-08 23:58 . 2005-01-08 23:58 131127 ----a-w- c:\program files\mp3gain.exe
2005-01-08 20:45 . 2005-01-08 20:45 630841 ----a-w- c:\program files\MP3GainGUI.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-12-14 08:40 220632 ----a-w- c:\users\Klammer Tom\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-12-14 08:40 220632 ----a-w- c:\users\Klammer Tom\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-12-14 08:40 220632 ----a-w- c:\users\Klammer Tom\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-04-25 08:03 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-04-25 08:03 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-04-25 08:03 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-04-25 08:03 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-04-25 08:03 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-04-25 08:03 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Fitbit Connect"="c:\program files\Fitbit Connect\Fitbit Connect.exe" [2013-02-25 3093024]
"7458D9638A71E4DCC1B6741438512A391BC80893._service_run"="c:\users\Klammer Tom\AppData\Local\Google\Chrome\Application\chrome.exe" [2014-12-06 856904]
"KiesPreload"="c:\program files\Samsung\Kies\Kies.exe" [2013-09-04 1564528]
"GoogleChromeAutoLaunch_1258C2E50858114A6758F2E90A1B01AA"="c:\users\Klammer Tom\AppData\Local\Google\Chrome\Application\chrome.exe" [2014-12-06 856904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-04-07 8555040]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-27 98304]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 974432]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
"Fitbit Connect"="c:\program files\Fitbit Connect\Fitbit Connect.exe" [2013-02-25 3093024]
"DivXMediaServer"="c:\program files\DivX\DivX Media Server\DivXMediaServer.exe" [2013-04-15 450560]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2013-09-04 311152]
"PMBVolumeWatcher"="c:\program files\Sony\PlayMemories Home\PMBVolumeWatcher.exe" [2013-04-24 740888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-02-21 152392]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2014-12-16 702768]
"Avira Systray"="c:\program files\Avira\My Avira\Avira.OE.Systray.exe" [2014-11-20 126200]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
CardOS API.lnk - c:\program files\Siemens\CardOS API\bin\siecacst.exe [2010-12-13 135168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^CardOS API.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\CardOS API.lnk
backup=c:\windows\pss\CardOS API.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Klammer Tom^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Widget vodafone.lnk]
path=c:\users\Klammer Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Widget vodafone.lnk
backup=c:\windows\pss\Widget vodafone.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
2009-11-02 21:21 103720 ------w- c:\program files\CyberLink\Power2Go\CLMLSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAStorIcon]
2010-03-04 03:16 284696 ----a-w- c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PocketCloud Location]
2012-05-11 13:09 883104 ----a-w- c:\program files\Wyse\PocketCloud Windows Companion\WyseBrowser.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\Klammer Tom\AppData\Local\Google\Update\GoogleUpdate.exe" /c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
R1 acnppeaf;acnppeaf; [x]
R1 ajvxhtkn;ajvxhtkn; [x]
R1 alrpfdow;alrpfdow; [x]
R1 bbckdoel;bbckdoel; [x]
R1 blnyluax;blnyluax; [x]
R1 bxvknznz;bxvknznz; [x]
R1 calwkyoh;calwkyoh; [x]
R1 csouovll;csouovll;c:\windows\system32\drivers\csouovll.sys [x]
R1 eyhmkoxc;eyhmkoxc; [x]
R1 gmcyysxe;gmcyysxe;c:\windows\system32\drivers\gmcyysxe.sys [x]
R1 gzovqwlo;gzovqwlo; [x]
R1 hgrketja;hgrketja;c:\windows\system32\drivers\hgrketja.sys [x]
R1 hjbaugtf;hjbaugtf; [x]
R1 hpzcmekn;hpzcmekn; [x]
R1 idgksizh;idgksizh;c:\windows\system32\drivers\idgksizh.sys [x]
R1 imxpezof;imxpezof; [x]
R1 iomzqlia;iomzqlia; [x]
R1 jhvusnro;jhvusnro; [x]
R1 johxzjxo;johxzjxo;c:\windows\system32\drivers\johxzjxo.sys [x]
R1 kixlqqis;kixlqqis;c:\windows\system32\drivers\kixlqqis.sys [x]
R1 kyernmvt;kyernmvt; [x]
R1 lmohiqys;lmohiqys;c:\windows\system32\drivers\lmohiqys.sys [x]
R1 lqhtsnyi;lqhtsnyi;c:\windows\system32\drivers\lqhtsnyi.sys [x]
R1 mohuhjbr;mohuhjbr; [x]
R1 nbqboypg;nbqboypg; [x]
R1 nioyafri;nioyafri; [x]
R1 qbtpojbw;qbtpojbw;c:\windows\system32\drivers\qbtpojbw.sys [x]
R1 qkhdjhrz;qkhdjhrz; [x]
R1 szfbsrkv;szfbsrkv; [x]
R1 sztoigbt;sztoigbt; [x]
R1 tafkhagl;tafkhagl;c:\windows\system32\drivers\tafkhagl.sys [x]
R1 tzeqybma;tzeqybma;c:\windows\system32\drivers\tzeqybma.sys [x]
R1 wkrcjoqc;wkrcjoqc;c:\windows\system32\drivers\wkrcjoqc.sys [x]
R1 xbapjmcg;xbapjmcg;c:\windows\system32\drivers\xbapjmcg.sys [x]
R1 xetepzfq;xetepzfq; [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]
R3 A38CCID;CCID USB Smart Card Reader;c:\windows\system32\DRIVERS\a38ccid.sys [2009-12-15 38016]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2014-01-22 88576]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2011-11-25 12400]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-10-26 25088]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2014-07-17 95920]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2014-08-22 288120]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2013-09-30 15688]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2013-09-30 10320]
R3 Ser2plx86;Prolific Serial port WDF driver;c:\windows\system32\DRIVERS\ser2pl.sys [2013-10-25 139776]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2013-06-05 136904]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2013-06-05 17864]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2013-06-05 153672]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2013-06-05 130248]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2014-01-22 184192]
R3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudserd.sys [2013-06-05 181912]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-01 1343400]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2014-08-15 37352]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2014-12-20 243128]
S1 MpKsl0e7ba5a7;MpKsl0e7ba5a7;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C2E12817-E22E-423A-B96E-C72D7C6D84C4}\MpKsl0e7ba5a7.sys [2014-12-25 39464]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-05-27 176128]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2014-12-16 431920]
S2 AUS;Auto Update Service;c:\program files\LSM\aus.exe [2014-02-22 287744]
S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files\Avira\My Avira\Avira.OE.ServiceHost.exe [2014-11-20 166192]
S2 avmike;AVM FRITZ!Fernzugang IKE Service;c:\program files\FRITZ!Fernzugang\avmike.exe [2012-11-28 255904]
S2 certsrv;AVM FRITZ!Fernzugang Cert Service;c:\program files\FRITZ!Fernzugang\certsrv.exe [2012-11-28 122272]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2013-04-22 822504]
S2 Fitbit Connect;Fitbit Connect Service;c:\program files\Fitbit Connect\FitbitConnectService.exe [2013-02-25 1239584]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 Log S.M.;Log Session Manager;c:\program files\LSM\lsm.exe [2014-02-22 428032]
S2 nwtsrv;AVM FRITZ!Fernzugang Client;c:\program files\FRITZ!Fernzugang\nwtsrv.exe [2013-06-10 155488]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [2013-04-24 483864]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2013-06-26 523944]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2012-01-23 92592]
S2 WysePocketCloud;Wyse PocketCloud;c:\program files\Wyse\PocketCloud Windows Companion\PocketCloudService.exe [2012-05-11 177056]
S3 NWIM;AVM VPN Miniport;c:\windows\system32\DRIVERS\avmnwim.sys [2011-07-05 334712]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-11-05 230912]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2009-09-22 579072]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2013-06-26 583848]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2013-06-26 197800]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2013-06-26 24232]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2013-06-26 20136]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2013-06-26 207528]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Inhalt des "geplante Tasks" Ordners
.
2014-12-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1212480921-3000280771-3724376844-1001Core.job
- c:\users\Klammer Tom\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-03 03:15]
.
2014-12-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1212480921-3000280771-3724376844-1001UA.job
- c:\users\Klammer Tom\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-03 03:15]
.
2014-12-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1212480921-3000280771-3724376844-1004Core.job
- c:\users\Babsi\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-16 06:28]
.
2014-12-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1212480921-3000280771-3724376844-1004UA.job
- c:\users\Babsi\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-16 06:28]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com
mStart Page = about:blank
uSearchAssistant = hxxp://www.bing.com/search?q={searchTerms}
IE: An OneNote s&enden - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
IE: {{C4046502-6524-4d87-896C-878F57D1FF07} - c:\program files\PokerStars.IT\PokerStarsUpdate.exe
TCP: DhcpNameServer = 192.168.178.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} - (no file)
HKCU-Run-KiesAirMessage - c:\program files\Samsung\Kies\KiesAirMessage.exe
SafeBoot-BsScanner
MSConfigStartUp-PMBVolumeWatcher - c:\program files\Sony\PMB\PMBVolumeWatcher.exe
MSConfigStartUp-tvncontrol - c:\program files\TightVNC\tvnserver.exe
AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{6AD8E59C-250C-4201-B5BA-56ADEF76FF46}\bm_installer.exe
AddRemove-01_Simmental - c:\program files\SAMSUNG\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\SAMSUNG\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\SAMSUNG\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\SAMSUNG\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-07_Schorl - c:\program files\SAMSUNG\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-09_Hsp - c:\program files\SAMSUNG\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\SAMSUNG\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\SAMSUNG\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\SAMSUNG\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\SAMSUNG\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\SAMSUNG\USB Drivers\25_escape\Uninstall.exe
AddRemove-3277153428.portal.qtrax.com - c:\program files\Microsoft Silverlight\5.1.10411.0\Silverlight.Configuration.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\WUDFHost.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\conhost.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-12-25 11:21:24 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2014-12-25 10:21
.
Vor Suchlauf: 19 Verzeichnis(se), 635.633.385.472 Bytes frei
Nach Suchlauf: 24 Verzeichnis(se), 640.739.311.616 Bytes frei
.
- - End Of File - - A5EC9EA871C4B5E9130682A017AA93B4
C79B30CB8852157F6F908E4698CFE0D0
|
|
26.12.2014, 08:56
| #6 |
| /// the machine /// TB-Ausbilder | Chrome Browser öffnet fenster Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> Chrome Browser öffnet fenster |
|
26.12.2014, 10:15
| #7 |
| | Chrome Browser öffnet fensterCode:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Protection, 26.12.2014 09:07:57, SYSTEM, KLAMMERTOM, Protection, Malware Protection, Starting, Protection, 26.12.2014 09:07:57, SYSTEM, KLAMMERTOM, Protection, Malware Protection, Started, Protection, 26.12.2014 09:07:57, SYSTEM, KLAMMERTOM, Protection, Malicious Website Protection, Starting, Update, 26.12.2014 09:08:03, SYSTEM, KLAMMERTOM, Manual, Remediation Database, 2013.10.16.1, 2014.12.6.1, Update, 26.12.2014 09:08:03, SYSTEM, KLAMMERTOM, Manual, Rootkit Database, 2014.11.18.1, 2014.12.23.2, Update, 26.12.2014 09:08:13, SYSTEM, KLAMMERTOM, Manual, Malware Database, 2014.11.20.6, 2014.12.26.4, Protection, 26.12.2014 09:08:13, SYSTEM, KLAMMERTOM, Protection, Refresh, Starting, Protection, 26.12.2014 09:08:22, SYSTEM, KLAMMERTOM, Protection, Malicious Website Protection, Started, Protection, 26.12.2014 09:08:22, SYSTEM, KLAMMERTOM, Protection, Malicious Website Protection, Stopping, Protection, 26.12.2014 09:08:22, SYSTEM, KLAMMERTOM, Protection, Malicious Website Protection, Stopped, Protection, 26.12.2014 09:08:28, SYSTEM, KLAMMERTOM, Protection, Refresh, Success, Protection, 26.12.2014 09:08:28, SYSTEM, KLAMMERTOM, Protection, Malicious Website Protection, Starting, Protection, 26.12.2014 09:08:28, SYSTEM, KLAMMERTOM, Protection, Malicious Website Protection, Started, Update, 26.12.2014 09:37:21, SYSTEM, KLAMMERTOM, Manual, Malware Database, 2014.12.26.4, 2014.12.26.5, Protection, 26.12.2014 09:37:21, SYSTEM, KLAMMERTOM, Protection, Refresh, Starting, Protection, 26.12.2014 09:37:21, SYSTEM, KLAMMERTOM, Protection, Malicious Website Protection, Stopping, Protection, 26.12.2014 09:37:21, SYSTEM, KLAMMERTOM, Protection, Malicious Website Protection, Stopped, Protection, 26.12.2014 09:37:57, SYSTEM, KLAMMERTOM, Protection, Refresh, Success, Protection, 26.12.2014 09:37:57, SYSTEM, KLAMMERTOM, Protection, Malicious Website Protection, Starting, Protection, 26.12.2014 09:37:58, SYSTEM, KLAMMERTOM, Protection, Malicious Website Protection, Started, Scan, 26.12.2014 09:38:22, SYSTEM, KLAMMERTOM, Manual, Start: % 1 "% 2", Dauer: % 1 min 25 Sekunden, Bedrohungs-Suchlauf, Abgeschlossen, 0 Malwareerkennung, 12-Malwareerkennung, Protection, 26.12.2014 09:44:21, SYSTEM, KLAMMERTOM, Protection, Malware Protection, Starting, Protection, 26.12.2014 09:44:21, SYSTEM, KLAMMERTOM, Protection, Malware Protection, Started, Protection, 26.12.2014 09:44:21, SYSTEM, KLAMMERTOM, Protection, Malicious Website Protection, Starting, Protection, 26.12.2014 09:46:07, SYSTEM, KLAMMERTOM, Protection, Malicious Website Protection, Started, (end) Code:
ATTFilter # AdwCleaner v4.106 - Bericht erstellt am 26/12/2014 um 10:00:41
# Aktualisiert 21/12/2014 von Xplode
# Database : 2014-12-21.4 [Live]
# Betriebssystem : Windows 7 Home Premium (32 bits)
# Benutzername : Klammer Tom - KLAMMERTOM
# Gestartet von : C:\Users\Klammer Tom\Desktop\AdwCleaner_4.106.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Users\Babsi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Ordner Gelöscht : C:\Users\Klammer Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Datei Gelöscht : C:\Users\Klammer Tom\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs [bProtectTabs]
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wpm
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
***** [ Browser ] *****
-\\ Internet Explorer v8.0.7601.17514
-\\ Google Chrome v
[C:\Users\Babsi\AppData\Local\Google\Chrome\User Data\Default\preferences] - Gelöscht [Extension] : lifbcibllhkdhoafpjfnlhfpfgnpldfl
[C:\Users\Klammer Tom\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://mystart.incredibar.com/?loc=IB_DS&search={searchTerms}&a=6R8i6q7A7l&i=26
[C:\Users\Klammer Tom\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://mystart.incredibar.com/?loc=IB_DS&search={searchTerms}&a=6R8i6q7A7l&i=26
[C:\Users\Klammer Tom\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.softonic.de/s/{searchTerms}
[C:\Users\Klammer Tom\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlOLmKF8AQeX1uQ_lptDURdxlE1786D-JcfAN0BZpoxwLfcd_VGjx_pwznmpfgTJQmOByNV6qjCRyzAiyzIdh7DV7Jxhs_diEFWvxdIKlxDICvIEXVOv1xnYFER614hn4pI_E8Do3SSrw3Q,,&q={searchTerms}
[C:\Users\Klammer Tom\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.second-hand.it/index.php.de.php?search={searchTerms}&page=0&startsearch=suchen
[C:\Users\Klammer Tom\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={94FDB544-7492-4179-B786-FB67E147D0BB}
*************************
AdwCleaner[R0].txt - [33240 octets] - [26/08/2014 08:43:09]
AdwCleaner[R1].txt - [24471 octets] - [30/08/2014 05:20:06]
AdwCleaner[R2].txt - [4174 octets] - [26/12/2014 09:57:30]
AdwCleaner[S0].txt - [7056 octets] - [26/08/2014 08:44:45]
AdwCleaner[S1].txt - [23536 octets] - [30/08/2014 05:25:12]
AdwCleaner[S2].txt - [4095 octets] - [26/12/2014 10:00:41]
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [4155 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 7 Home Premium x86
Ran by Klammer Tom on 26.12.2014 at 10:08:46,59
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
Successfully deleted: [File] "C:\Users\Klammer Tom\appdata\locallow\microsoft\silverlight\outofbrowser\index\portal.qtrax.com"
~~~ Folders
Successfully deleted: [Folder] "C:\Program Files\dll-files.com fixer"
Successfully deleted: [Folder] "C:\Program Files\myfree codec"
Successfully deleted: [Folder] "C:\Users\Klammer Tom\music\qtrax media library"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26.12.2014 at 10:10:39,79
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-12-2014 01 Ran by Klammer Tom (administrator) on KLAMMERTOM on 26-12-2014 10:13:03 Running from C:\Users\Klammer Tom\Desktop Loaded Profile: Klammer Tom (Available profiles: Klammer Tom & Babsi & Gast) Platform: Microsoft Windows 7 Home Premium (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 8 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (MS) C:\Program Files\LSM\aus.exe (AVM Berlin) C:\Program Files\FRITZ!Fernzugang\avmike.exe (AVM Berlin) C:\Program Files\FRITZ!Fernzugang\certsrv.exe (Fitbit, Inc.) C:\Program Files\Fitbit Connect\FitbitConnectService.exe (MS) C:\Program Files\LSM\lsm.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe (AVM Berlin) C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe (Sony Corporation) C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe (Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE () C:\Program Files\Wyse\PocketCloud Windows Companion\PocketCloudService.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe (Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe (MS) C:\Program Files\LSM\lsm.exe (Fitbit, Inc.) C:\Program Files\Fitbit Connect\Fitbit Connect.exe (Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe () C:\Program Files\DivX\DivX Update\DivXUpdate.exe (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Sony Corporation) C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe (Samsung) C:\Program Files\Samsung\Kies\Kies.exe (Siemens IT Solutions and Services GmbH) C:\Program Files\Siemens\CardOS API\bin\siecacst.exe (Numera) C:\Program Files\BiLink Gateway\GatewaySysTray.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\wuauclt.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avcenter.exe (Google Inc.) C:\Users\Klammer Tom\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Klammer Tom\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Klammer Tom\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Klammer Tom\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Klammer Tom\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Klammer Tom\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Klammer Tom\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Klammer Tom\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8555040 2010-04-07] (Realtek Semiconductor) HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-05-27] (Advanced Micro Devices, Inc.) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation) HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) HKLM\...\Run: [Fitbit Connect] => C:\Program Files\Fitbit Connect\Fitbit Connect.exe [3093024 2013-02-25] (Fitbit, Inc.) HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-04-15] (DivX, LLC) HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] () HKLM\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311152 2013-09-04] (Samsung Electronics Co., Ltd.) HKLM\...\Run: [PMBVolumeWatcher] => C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe [740888 2013-04-24] (Sony Corporation) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.) HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG) HKU\S-1-5-21-1212480921-3000280771-3724376844-1001\...\Run: [Fitbit Connect] => C:\Program Files\Fitbit Connect\Fitbit Connect.exe [3093024 2013-02-25] (Fitbit, Inc.) HKU\S-1-5-21-1212480921-3000280771-3724376844-1001\...\Run: [7458D9638A71E4DCC1B6741438512A391BC80893._service_run] => C:\Users\Klammer Tom\AppData\Local\Google\Chrome\Application\chrome.exe [856904 2014-12-06] (Google Inc.) HKU\S-1-5-21-1212480921-3000280771-3724376844-1001\...\Run: [KiesPreload] => C:\Program Files\Samsung\Kies\Kies.exe [1564528 2013-09-04] (Samsung) HKU\S-1-5-21-1212480921-3000280771-3724376844-1001\...\Run: [GoogleChromeAutoLaunch_1258C2E50858114A6758F2E90A1B01AA] => C:\Users\Klammer Tom\AppData\Local\Google\Chrome\Application\chrome.exe [856904 2014-12-06] (Google Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CardOS API.lnk ShortcutTarget: CardOS API.lnk -> C:\Program Files\Siemens\CardOS API\bin\siecacst.exe (Siemens IT Solutions and Services GmbH) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Omron BiLink Gateway.lnk ShortcutTarget: Omron BiLink Gateway.lnk -> C:\Windows\Installer\{63041551-16E0-4841-AC48-92A825711C93}\NewShortcut1_8188288DFAC14FF2859A19505BA528D5.exe (Flexera Software LLC) ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-1212480921-3000280771-3724376844-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-1212480921-3000280771-3724376844-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-1212480921-3000280771-3724376844-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab DPF: {CAFEEFAC-0018-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.) FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.) FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1212480921-3000280771-3724376844-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Klammer Tom\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF Plugin HKU\S-1-5-21-1212480921-3000280771-3724376844-1001: @talk.google.com/O1DPlugin -> C:\Users\Klammer Tom\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) FF Plugin HKU\S-1-5-21-1212480921-3000280771-3724376844-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Klammer Tom\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKU\S-1-5-21-1212480921-3000280771-3724376844-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Klammer Tom\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\Klammer Tom\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google) FF Plugin ProgramFiles/Appdata: C:\Users\Klammer Tom\AppData\Roaming\mozilla\plugins\npo1d.dll (Google) FF Extension: Anti-Banner - C:\Program Files\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru [2011-01-19] FF Extension: Modul zur Link-Untersuchung - C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2011-01-19] FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-05-19] Chrome: ======= CHR HomePage: Default -> https://drive.google.com/keep/ CHR StartupUrls: Default -> "https://drive.google.com/keep/", "hxxp://www.google.com/" CHR DefaultSearchKeyword: Default -> google.com_ CHR DefaultSearchURL: Default -> hxxp://www.google.com/search?q={searchTerms} CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR Profile: C:\Users\Klammer Tom\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Drive) - C:\Users\Klammer Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-20] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Klammer Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-08] CHR Extension: (YouTube) - C:\Users\Klammer Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-21] CHR Extension: (Google-Suche) - C:\Users\Klammer Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-21] CHR Extension: (Avira Browserschutz) - C:\Users\Klammer Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-08-27] CHR Extension: (AdBlock) - C:\Users\Klammer Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-12-23] CHR Extension: (Google Wallet) - C:\Users\Klammer Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-27] CHR Extension: (Mehr Leistung und Videoformate für dein HTML5 <video>) - C:\Users\Klammer Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2013-06-20] CHR Extension: (Google Chrome to Phone Extension) - C:\Users\Klammer Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco [2013-06-21] CHR Extension: (Google Mail) - C:\Users\Klammer Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-21] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-05-06] CHR HKU\S-1-5-21-1212480921-3000280771-3724376844-1001\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\KLAMME~1\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-05-04] CHR StartMenuInternet: Google Chrome - C:\Users\Klammer Tom\AppData\Local\Google\Chrome\Application\chrome.exe ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG) R2 AUS; C:\Program Files\LSM\aus.exe [287744 2014-02-22] (MS) [File not signed] R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG) R2 avmike; C:\Program Files\FRITZ!Fernzugang\avmike.exe [255904 2012-11-28] (AVM Berlin) R2 certsrv; C:\Program Files\FRITZ!Fernzugang\certsrv.exe [122272 2012-11-28] (AVM Berlin) R2 Fitbit Connect; C:\Program Files\Fitbit Connect\FitbitConnectService.exe [1239584 2013-02-25] (Fitbit, Inc.) [File not signed] R2 Log S.M.; C:\Program Files\LSM\lsm.exe [428032 2014-02-22] (MS) [File not signed] R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation) S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation) R2 nwtsrv; C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe [155488 2013-06-10] (AVM Berlin) R2 PMBDeviceInfoProvider; C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [483864 2013-04-24] (Sony Corporation) R2 WysePocketCloud; C:\Program Files\Wyse\PocketCloud Windows Companion\PocketCloudService.exe [177056 2012-05-11] () [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 61883; C:\Windows\System32\DRIVERS\61883.sys [46976 2009-07-14] (Microsoft Corporation) S3 A38CCID; C:\Windows\System32\DRIVERS\a38ccid.sys [38016 2009-12-15] (Advanced Card Systems Ltd.) [File not signed] R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98160 2014-10-09] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-10-09] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-08-15] (Avira Operations GmbH & Co. KG) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2014-12-20] (Disc Soft Ltd) S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [15720 2012-04-18] (GARMIN Corp.) S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.) S3 HTCAND32; C:\Windows\System32\Drivers\ANDROIDUSB.sys [25088 2009-10-26] (HTC, Corporation) [File not signed] R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-12-26] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation) R3 NWIM; C:\Windows\System32\DRIVERS\avmnwim.sys [334712 2011-07-05] (AVM Berlin) S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [15688 2013-09-30] () S3 pwdspio; C:\Windows\system32\pwdspio.sys [10320 2013-09-30] () S3 Ser2plx86; C:\Windows\System32\DRIVERS\ser2pl.sys [139776 2013-10-25] (Prolific Technology Inc.) R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2014-08-15] (Avira GmbH) S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [181912 2013-06-05] (DEVGURU Co., LTD.(www.devguru.co.kr)) R3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [186592 2007-06-17] (Jungo) S1 acnppeaf; No ImagePath S1 ajvxhtkn; No ImagePath S1 alrpfdow; No ImagePath U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation) S1 bbckdoel; No ImagePath S1 blnyluax; No ImagePath S1 bxvknznz; No ImagePath S1 calwkyoh; No ImagePath S3 catchme; \??\C:\Users\KLAMME~1\AppData\Local\Temp\catchme.sys [X] S1 csouovll; \??\C:\Windows\system32\drivers\csouovll.sys [X] S3 dgderdrv; System32\drivers\dgderdrv.sys [X] S1 eyhmkoxc; No ImagePath S1 gmcyysxe; \??\C:\Windows\system32\drivers\gmcyysxe.sys [X] S1 gzovqwlo; No ImagePath S1 hgrketja; \??\C:\Windows\system32\drivers\hgrketja.sys [X] S1 hjbaugtf; No ImagePath S1 hpzcmekn; No ImagePath S1 idgksizh; \??\C:\Windows\system32\drivers\idgksizh.sys [X] S1 imxpezof; No ImagePath S1 iomzqlia; No ImagePath S1 jhvusnro; No ImagePath S1 johxzjxo; \??\C:\Windows\system32\drivers\johxzjxo.sys [X] S1 kixlqqis; \??\C:\Windows\system32\drivers\kixlqqis.sys [X] S1 kyernmvt; No ImagePath S1 lmohiqys; \??\C:\Windows\system32\drivers\lmohiqys.sys [X] S1 lqhtsnyi; \??\C:\Windows\system32\drivers\lqhtsnyi.sys [X] S1 mohuhjbr; No ImagePath S1 nbqboypg; No ImagePath S1 nioyafri; No ImagePath S3 Profos; No ImagePath S1 qbtpojbw; \??\C:\Windows\system32\drivers\qbtpojbw.sys [X] S1 qkhdjhrz; No ImagePath S1 szfbsrkv; No ImagePath S1 sztoigbt; No ImagePath S1 tafkhagl; \??\C:\Windows\system32\drivers\tafkhagl.sys [X] S1 tzeqybma; \??\C:\Windows\system32\drivers\tzeqybma.sys [X] S1 wkrcjoqc; \??\C:\Windows\system32\drivers\wkrcjoqc.sys [X] S1 xbapjmcg; \??\C:\Windows\system32\drivers\xbapjmcg.sys [X] S1 xetepzfq; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-26 10:13 - 2014-12-26 10:13 - 00023896 _____ () C:\Users\Klammer Tom\Desktop\FRST.txt 2014-12-26 10:10 - 2014-12-26 10:10 - 00000979 _____ () C:\Users\Klammer Tom\Desktop\JRT.txt 2014-12-26 10:08 - 2014-12-26 10:08 - 00000000 ____D () C:\Windows\ERUNT 2014-12-26 10:07 - 2014-12-26 10:07 - 01707646 _____ (Thisisu) C:\Users\Klammer Tom\Desktop\JRT.exe 2014-12-26 09:55 - 2014-12-26 09:56 - 02173952 _____ () C:\Users\Klammer Tom\Desktop\AdwCleaner_4.106.exe 2014-12-26 09:51 - 2014-12-26 09:51 - 00002669 _____ () C:\Users\Klammer Tom\Desktop\mbam.txt 2014-12-26 09:38 - 2014-12-26 09:38 - 00001876 _____ () C:\Users\Public\Desktop\NewShortcut4.lnk 2014-12-26 09:38 - 2014-12-26 09:38 - 00000000 ____D () C:\Users\Klammer Tom\AppData\Roaming\Omron 2014-12-26 09:38 - 2014-12-26 09:38 - 00000000 ____D () C:\Users\Klammer Tom\AppData\Roaming\Numera.Gateway 2014-12-26 09:38 - 2014-12-26 09:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BiLink Gateway 2014-12-26 09:38 - 2014-12-26 09:38 - 00000000 ____D () C:\Program Files\BiLink Gateway 2014-12-26 09:33 - 2014-12-26 09:35 - 85883120 _____ (Omron) C:\Users\Klammer Tom\Downloads\Bi-LINKGateway.exe 2014-12-26 09:07 - 2014-12-26 10:04 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-12-26 09:07 - 2014-12-26 09:07 - 00001068 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-12-26 09:07 - 2014-12-26 09:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-12-26 09:07 - 2014-12-26 09:07 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-12-26 09:07 - 2014-12-26 09:07 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-12-26 09:07 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-12-26 09:07 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-12-26 09:07 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-12-26 09:03 - 2014-12-26 10:12 - 00000000 ____D () C:\Users\Klammer Tom\PC Hilfe 2014-12-25 11:25 - 2014-12-25 11:25 - 00053614 _____ () C:\Users\Klammer Tom\Desktop\Cobofix.txt 2014-12-25 11:21 - 2014-12-25 11:21 - 00053614 _____ () C:\ComboFix.txt 2014-12-25 07:26 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-12-25 07:26 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-12-25 07:26 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-12-25 07:26 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-12-25 07:26 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-12-25 07:26 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe 2014-12-25 07:26 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe 2014-12-25 07:26 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe 2014-12-25 07:20 - 2014-12-25 11:21 - 00000000 ____D () C:\Qoobox 2014-12-25 07:20 - 2014-12-25 11:20 - 00000000 ____D () C:\Windows\erdnt 2014-12-25 07:16 - 2014-12-25 10:24 - 05603465 ____R (Swearware) C:\Users\Klammer Tom\Desktop\ComboFix.exe 2014-12-25 07:09 - 2014-12-25 07:09 - 00001230 _____ () C:\Users\Klammer Tom\Desktop\Revo Uninstaller.lnk 2014-12-25 07:09 - 2014-12-25 07:09 - 00000000 ____D () C:\Program Files\VS Revo Group 2014-12-23 09:26 - 2014-12-23 09:27 - 00047313 _____ () C:\Users\Klammer Tom\Downloads\Addition.txt 2014-12-23 09:24 - 2014-12-26 10:13 - 00000000 ____D () C:\FRST 2014-12-23 09:24 - 2014-12-23 09:27 - 00034576 _____ () C:\Users\Klammer Tom\Downloads\FRST.txt 2014-12-23 09:24 - 2014-12-23 09:24 - 01114112 _____ (Farbar) C:\Users\Klammer Tom\Desktop\FRST.exe 2014-12-23 09:20 - 2014-12-23 09:20 - 00000554 _____ () C:\Users\Klammer Tom\Downloads\defogger_disable.log 2014-12-23 09:20 - 2014-12-23 09:20 - 00000156 _____ () C:\Users\Klammer Tom\defogger_reenable 2014-12-23 09:19 - 2014-12-23 09:20 - 00050477 _____ () C:\Users\Klammer Tom\Downloads\Defogger.exe 2014-12-22 13:56 - 2014-12-22 13:56 - 04000729 _____ () C:\Users\Klammer Tom\Downloads\UPDATE-SuperSU-v2.40.zip 2014-12-22 10:39 - 2014-12-22 10:39 - 02015655 _____ () C:\Users\Klammer Tom\Downloads\Trebuchet_i9505_GPe5.zip 2014-12-22 10:37 - 2014-12-22 10:37 - 05395433 _____ () C:\Users\Klammer Tom\Downloads\GoogleDialer_Contacts_Dark_i9505_GPe5(2).zip 2014-12-22 10:36 - 2014-12-22 10:47 - 270120964 _____ () C:\Users\Klammer Tom\Downloads\Danvdh-GPE-5-12172014.zip 2014-12-20 17:12 - 2014-12-20 17:12 - 00000000 _____ () C:\Windows\system32\sho3BFF.tmp 2014-12-20 15:00 - 2014-12-20 15:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2014-12-20 15:00 - 2014-12-20 15:00 - 00000000 ____D () C:\Program Files\Common Files\Skype 2014-12-20 14:43 - 2014-12-20 14:43 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER 2014-12-20 13:39 - 2014-12-20 13:39 - 00001563 _____ () C:\Windows\IE11_main.log 2014-12-20 10:32 - 2014-12-20 10:32 - 00347816 _____ (Microsoft Corporation) C:\Users\Klammer Tom\Downloads\Nicht bestätigt 502266.crdownload 2014-12-20 07:31 - 2014-12-20 07:31 - 00001904 _____ () C:\Users\Public\Desktop\DAEMON Tools Lite.lnk 2014-12-20 07:30 - 2014-12-20 07:31 - 00000000 ____D () C:\Users\Klammer Tom\AppData\Roaming\DAEMON Tools Lite 2014-12-20 07:30 - 2014-12-20 07:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite 2014-12-20 07:30 - 2014-12-20 07:30 - 00243128 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys 2014-12-20 07:30 - 2014-12-20 07:30 - 00000000 ____D () C:\Program Files\DAEMON Tools Lite 2014-12-20 07:29 - 2014-12-20 07:32 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite 2014-12-20 07:14 - 2014-12-20 07:18 - 229638144 _____ () C:\Users\Klammer Tom\Downloads\gparted-live-0.20.0-2-i486.iso 2014-12-16 09:10 - 2014-12-16 09:11 - 00000000 ____D () C:\Users\Klammer Tom\Desktop\XBMC 2014-12-16 08:47 - 2014-12-17 09:05 - 00000411 _____ () C:\Users\Klammer Tom\.swfinfo 2014-12-16 07:33 - 2014-12-20 12:25 - 00000000 ____D () C:\Users\Klammer Tom\AppData\Roaming\XBMC 2014-12-16 07:30 - 2014-12-16 07:36 - 00000000 ____D () C:\Program Files\XBMC 2014-12-16 07:28 - 2014-12-16 07:29 - 63850156 _____ () C:\Users\Klammer Tom\Downloads\xbmc-13.2-Gotham.exe 2014-12-15 12:04 - 2014-12-15 12:04 - 00001099 _____ () C:\Users\Public\Desktop\Avira.lnk 2014-12-14 18:25 - 2014-12-14 18:25 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\Klammer Tom\Downloads\SpyHunter-Installer.exe 2014-11-26 08:31 - 2014-11-26 08:31 - 01857948 _____ () C:\Users\Klammer Tom\Downloads\enigma2-plugin-extensions-xbmcaddons_8.0_r0_all.ipk ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-26 10:10 - 2009-07-14 05:34 - 00018928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-12-26 10:10 - 2009-07-14 05:34 - 00018928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-12-26 10:07 - 2010-09-30 09:16 - 01178111 _____ () C:\Windows\WindowsUpdate.log 2014-12-26 10:04 - 2012-03-27 09:58 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics 2014-12-26 10:02 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-12-26 10:01 - 2010-10-01 07:41 - 00460370 _____ () C:\Windows\PFRO.log 2014-12-26 10:01 - 2009-07-14 05:39 - 00218909 _____ () C:\Windows\setupact.log 2014-12-26 10:00 - 2014-08-26 08:43 - 00000000 ____D () C:\AdwCleaner 2014-12-26 09:33 - 2011-04-16 17:33 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1212480921-3000280771-3724376844-1004UA.job 2014-12-26 09:26 - 2010-10-03 08:19 - 00001144 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1212480921-3000280771-3724376844-1001UA.job 2014-12-26 09:03 - 2010-09-30 09:24 - 00000000 ____D () C:\Users\Klammer Tom 2014-12-26 07:33 - 2011-04-16 17:33 - 00001068 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1212480921-3000280771-3724376844-1004Core.job 2014-12-25 16:26 - 2010-10-03 08:19 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1212480921-3000280771-3724376844-1001Core.job 2014-12-25 11:21 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Default 2014-12-25 11:21 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public 2014-12-25 11:17 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini 2014-12-25 07:13 - 2013-08-26 08:15 - 00000000 ____D () C:\Users\Klammer Tom\AppData\Local\FuzeZip 2014-12-21 15:00 - 2010-06-29 14:26 - 01733494 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-12-21 14:55 - 2010-06-30 09:35 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-12-20 15:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-12-20 15:11 - 2012-06-29 17:20 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-12-20 15:01 - 2011-09-18 15:17 - 00000000 ____D () C:\ProgramData\Skype 2014-12-20 15:00 - 2011-09-18 15:17 - 00000000 ___RD () C:\Program Files\Skype 2014-12-20 14:54 - 2011-03-02 16:34 - 00002057 _____ () C:\Windows\epplauncher.mif 2014-12-20 14:19 - 2012-07-11 07:50 - 00002121 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk 2014-12-20 14:19 - 2011-03-02 16:33 - 00000000 ____D () C:\Program Files\Microsoft Security Client 2014-12-20 14:18 - 2009-07-14 03:04 - 00000478 _____ () C:\Windows\win.ini 2014-12-20 14:11 - 2013-09-27 15:43 - 00000000 ____D () C:\Windows\system32\MRT 2014-12-20 13:53 - 2010-06-30 09:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2014-12-20 07:56 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF 2014-12-20 07:24 - 2011-09-03 14:51 - 00000000 ____D () C:\Users\Klammer Tom\AppData\Roaming\ImgBurn 2014-12-15 12:04 - 2014-08-27 06:06 - 00000000 ____D () C:\ProgramData\Package Cache 2014-12-15 12:04 - 2014-08-27 06:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-12-15 12:04 - 2014-08-27 06:04 - 00000000 ____D () C:\Program Files\Avira 2014-12-12 02:30 - 2010-10-03 08:20 - 00002396 _____ () C:\Users\Klammer Tom\Desktop\Google Chrome.lnk 2014-11-27 16:40 - 2010-06-30 09:36 - 109818608 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe Some content of TEMP: ==================== C:\Users\Klammer Tom\AppData\Local\temp\avgnt.exe C:\Users\Klammer Tom\AppData\Local\temp\CP210xVCPInstaller_x64.exe C:\Users\Klammer Tom\AppData\Local\temp\CP210xVCPInstaller_x86.exe C:\Users\Klammer Tom\AppData\Local\temp\Quarantine.exe C:\Users\Klammer Tom\AppData\Local\temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-12-25 14:52 ==================== End Of Log ============================ --- --- --- --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 22-12-2014 01
Ran by Klammer Tom at 2014-12-26 10:13:47
Running from C:\Users\Klammer Tom\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Microsoft Security Essentials (Disabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Disabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
ActvMap V 4.7 (HKLM\...\ActvMap V 4.7) (Version: - Your Company)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.7.0.2090 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.7.700.224 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.7.700.224 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.8.638 - Adobe Systems, Inc.)
Apple Application Support (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{BE4AE3A7-190D-BCB8-A953-A708C9E8E8AA}) (Version: 3.0.778.0 - ATI Technologies, Inc.)
Avira (HKLM\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG)
Avira (Version: 1.1.27.25527 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
AVM FRITZ!Fernzugang (HKLM\...\{F2B03BB1-D679-4FFF-951D-3058A669A823}) (Version: 1.3.1 - AVM Berlin)
AZtrinoLoader (HKLM\...\{EAC850A4-5422-4632-9AFC-A33EC41B6F7E}) (Version: 1.1 - OpenSat)
AZUp (HKLM\...\{FBDBE1F0-AED1-496B-BCBA-7E2608D622FC}) (Version: 1.00.0000 - RTi)
Bi-LINK Gateway (HKLM\...\{63041551-16E0-4841-AC48-92A825711C93}) (Version: 1.00.5000 - Ihr Firmenname)
Brother BRAdmin Light 1.21.0002 (HKLM\...\{DB75941E-30C4-4D97-B000-D17C764B998C}) (Version: 1.21.0002 - Brother)
Bürgerkarte/Carta Servizi (HKLM\...\{CB610D37-34F7-4D85-AE73-EAA9BE748B4F}) (Version: 1.0.0 - Autonome Provinz Bozen/Provincia Autonoma di Bolzano)
CandyBox (HKLM\...\CandyBox_is1) (Version: - )
Canon Camera DV WIA Driver 6.1.2 (HKLM\...\InstallShield_{4CA5A658-D909-4F52-94FF-A2D02868D9F0}) (Version: 6.1.2 - Canon)
Canon DV WIA Driver (Version: 6.1.2 - Canon) Hidden
CardOS API (HKLM\...\{8E814717-DE49-4A4A-BD12-39102F9C9FD0}) (Version: 3.3.018 - Siemens IT Solutions and Services GmbH)
CAS Interface Studio 9.0.0 (HKLM\...\{198BDA47-7F40-4F2D-9214-07FF720BF39A}) (Version: 9.0.0 - Duolabs)
ccc-core-static (Version: 2010.0527.1242.20909 - ATI) Hidden
CorelDRAW Essentials 4 - Content (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Draw (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Filters (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - ICA (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - IPM - No VBA (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang BR (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang DE (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang EN (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang ES (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang FR (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang IT (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang NL (Version: 4.0 - Uw bedrijfsnaam) Hidden
CorelDRAW Essentials 4 - PHOTO-PAINT (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Windows Shell Extension (HKLM\...\_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}) (Version: - Corel Corporation)
CorelDRAW Essentials 4 - Windows Shell Extension (Version: 1.1 - Corel Corporation) Hidden
CorelDRAW Essentials 4 (HKLM\...\_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}) (Version: - Corel Corporation)
CorelDRAW Essentials 4 (Version: 4.0 - Corel Corporation) Hidden
CyberLink LabelPrint (HKLM\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2515 - CyberLink Corp.)
CyberLink Power2Go (HKLM\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)
CyberLink PowerDVD Copy (HKLM\...\InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}) (Version: 1.5.1306 - CyberLink Corp.)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
DirectVobSub 2.40.4209 (HKLM\...\vsfilter_is1) (Version: 2.40.4209 - MPC-HC Team)
DivX-Setup (HKLM\...\DivX Setup) (Version: 2.6.1.8 - DivX, LLC)
DogSettings Version 1.5.0.1 (HKLM\...\{7A03618C-AD50-4BDC-BA2E-A172A4410C73}_is1) (Version: 1.5.0.1 - DogStrike)
ffdshow v1.1.4399 [2012-03-22] (HKLM\...\ffdshow_is1) (Version: 1.1.4399.0 - )
Fitbit Connect (HKLM\...\Fitbit Connect) (Version: 1.0.0.2578 - Fitbit Inc.)
Fotogalerie (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
FoxyDeal version 1.0.0 (HKLM\...\FoxyDeal_is1) (Version: 1.0.0 - R&E Media GmbH)
Free MP3 Cutter and Editor 2.6 (HKLM\...\Free MP3 Cutter and Editor_is1) (Version: - musetips.com)
FRITZ!Box-Fernzugang einrichten (HKLM\...\{EFADD989-D9F2-49F6-A280-675951CC78D3}) (Version: 1.0.3 - AVM Berlin)
Garmin Communicator Plugin (HKLM\...\{647BB978-2876-487B-9B0E-FDB73F0EA4A2}) (Version: 4.0.4 - Garmin Ltd or its subsidiaries)
Garmin MapSource (HKLM\...\{AFBAB9A0-DDE8-49AE-8C17-A01B61BEE64B}) (Version: 6.16.3 - Garmin Ltd or its subsidiaries)
Garmin Training Center (HKLM\...\{7D542452-84EB-47C0-97BA-735C523AB555}) (Version: 3.6.5 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM\...\{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM\...\{AE1EC58E-B2AC-4959-A4C2-C38202A25239}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries)
GO Contact Sync Mod (HKLM\...\{B805EB38-C9ED-4102-89AA-C1F25F945F57}) (Version: 3.5.17 - WebGear, Create Software, Stru.be, saller.NET)
Google Chrome (HKU\S-1-5-21-1212480921-3000280771-3724376844-1001\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Drive (HKLM\...\{418BAAD1-754D-48B4-B078-46EF4F25AF42}) (Version: 1.15.6556.8063 - Google, Inc.)
Google Talk Plugin (HKLM\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.6.0 - LIGHTNING UK!)
Intel(R) Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.)
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
JDownloader (HKLM\...\JDownloader) (Version: - AppWork UG (haftungsbeschränkt))
Junk Mail filter update (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Medion Home Cinema (HKLM\...\InstallShield_{AB770FDE-8087-4C98-9A85-BD64262C104C}) (Version: 6.0.0000 - CyberLink Corp.)
Medion Home Cinema (Version: 6.0.0000 - CyberLink Corp.) Hidden
Microsoft .NET Framework 1.1 (HKLM\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.0 Language Pack - DEU (HKLM\...\Microsoft Help Viewer 1.0 Language Pack - DEU) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Office 2010 (HKLM\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version: - Microsoft)
Microsoft Office Klick-und-Los 2010 (HKLM\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-1212480921-3000280771-3724376844-1001\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [DEU] (HKLM\...\{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 DEU (HKLM\...\{0125D081-30D0-4A97-82A8-C28D444B6256}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual FoxPro OLE DB Provider (HKLM\...\{3DA245C5-23B1-4874-BFA7-287B7D6C1EF6}) (Version: 1.0.0 - Microsoft Corporation)
miniLector (Version: 3.0.0 - Bit4Id) Hidden
MiniTool Partition Wizard Home Edition 8.1.1 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: - MiniTool Solution Ltd.)
MoneyManagerEX Version 0.9.8.0 (HKLM\...\{2C48DC11-E113-4912-8AFC-366D1918101E}_is1) (Version: 0.9.8.0 - CodeLathe, LLC)
Movie Maker (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
MyPhoneExplorer (HKLM\...\MPE) (Version: 1.8.5 - F.J. Wechselberger)
Photocity Silver 3.2.5.2 (HKLM\...\Photocity Silver_is1) (Version: 3.2.5.2 - Photocity.it)
PL-2303 USB-to-Serial (HKLM\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.7.0 - Prolific Technology INC)
PlayMemories Home (HKLM\...\{0657DE52-8F5C-4073-B70C-ED4F3F7FA076}) (Version: 7.0.03.04240 - Sony Corporation)
PlayReady PC Runtime x86 (HKLM\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
PocketCloud Windows Companion (HKLM\...\{BD8F867A-0ACB-427D-A4F2-9AEE29FBF98B}) (Version: 2.4.19 - Wyse Technology)
PSPad editor (HKLM\...\PSPad editor_is1) (Version: - Jan Fiala)
Qtrax Player (HKLM\...\{89505A66-35F0-4401-B3AD-D077051F8698}) (Version: 01.001.0001 - Qtrax)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6083 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.3.13052_10 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.5.3.13052_10 - Samsung Electronics Co., Ltd.) Hidden
Samsung Story Album Viewer (HKLM\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.25.0 - SAMSUNG Electronics Co., Ltd.)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.6.8442 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Sony Image Data Suite (HKLM\...\{359FCAA7-B544-4147-AE3B-8C8A526E2427}) (Version: 3.2.00.15160 - Sony Corporation)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TomTom HOME 2.8.3.2499 (HKLM\...\TomTom HOME) (Version: 2.8.3.2499 - TomTom)
TomTom HOME Visual Studio Merge Modules (HKLM\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Total Commander (Remove or Repair) (HKLM\...\Totalcmd) (Version: 7.55a - Ghisler Software GmbH)
Twinbase Manager 2.11 (HKLM\...\{D6FA5A7E-C500-4D00-9F6E-72572A613076}) (Version: 2.1.1 - Duolabs)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Mobile-Gerätecenter (HKLM\...\{904CCF62-818D-4675-BC76-D37EB399F917}) (Version: 6.1.6965.0 - Microsoft Corporation)
WinRAR (HKLM\...\WinRAR archiver) (Version: - )
WinZip 14.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}) (Version: 14.5.9095 - WinZip Computing, S.L. )
XBMC (HKU\S-1-5-21-1212480921-3000280771-3724376844-1001\...\XBMC) (Version: - Team XBMC)
Xvid Video Codec (HKLM\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Klammer Tom\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Klammer Tom\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Klammer Tom\AppData\Local\Google\Update\1.3.25.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Klammer Tom\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Klammer Tom\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Klammer Tom\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\Klammer Tom\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{50BAEED9-ED25-11D2-B97B-000000000000}\InprocServer32 -> C:\Program Files\Common Files\System\ole db\vfpoledb.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{50BAEEDA-ED25-11D2-B97B-000000000000}\InprocServer32 -> C:\Program Files\Common Files\System\ole db\vfpoledb.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{50BAEEDB-ED25-11D2-B97B-000000000000}\InprocServer32 -> C:\Program Files\Common Files\System\ole db\vfpoledb.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Klammer Tom\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\Klammer Tom\AppData\Local\Google\Chrome\Application\39.0.2171.95\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Klammer Tom\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Klammer Tom\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Klammer Tom\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\localserver32 -> C:\Users\Klammer Tom\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Klammer Tom\AppData\Local\Google\Update\1.3.24.15\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\Klammer Tom\AppData\Local\Google\Update\1.3.21.149\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Klammer Tom\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Klammer Tom\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Klammer Tom\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\localserver32 -> C:\Users\Klammer Tom\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\Klammer Tom\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Klammer Tom\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Klammer Tom\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Klammer Tom\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Klammer Tom\AppData\Local\Google\Update\1.3.21.115\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Klammer Tom\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Klammer Tom\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Klammer Tom\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Klammer Tom\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Klammer Tom\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Klammer Tom\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\FileSyncApi.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Klammer Tom\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Klammer Tom\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File
==================== Restore Points =========================
25-12-2014 07:11:28 Revo Uninstaller's restore point - FuzeZip
25-12-2014 07:12:36 Revo Uninstaller's restore point - FuzeZip
25-12-2014 07:16:07 Windows Update
26-12-2014 09:38:03 Installed Bi-LINK Gateway.
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:04 - 2014-12-25 11:15 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0C075D54-3C83-47AE-96DC-6D1705C848A4} - \AdobeFlashPlayerUpdate No Task File <==== ATTENTION
Task: {19813342-5F48-4A54-9390-D26920556680} - System32\Tasks\{F2DCD6C3-BF98-489E-B052-01BE7BD554EE} => C:\Program Files\Skype\\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {284CF58D-6BE8-4E41-A012-24361695D8A5} - System32\Tasks\PenWes => C:\Program Files\PenWes\penwes.exe <==== ATTENTION
Task: {330509CC-EE4F-425C-BE40-488C1558A958} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-08-21] (Adobe Systems Incorporated)
Task: {399D78B7-B851-4413-8D40-A6AB8A0ECF99} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1212480921-3000280771-3724376844-1004UA => C:\Users\Babsi\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-29] (Google Inc.)
Task: {4208095E-90B5-493F-B570-F2C2D8A23D89} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2014-10-07] (Oracle Corporation)
Task: {481CA072-544A-47B8-83FA-7A3B64A8ECB2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1212480921-3000280771-3724376844-1001UA => C:\Users\Klammer Tom\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {4869E72E-E196-48D0-ABDD-176F339B2521} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1212480921-3000280771-3724376844-1004Core => C:\Users\Babsi\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-29] (Google Inc.)
Task: {581B7E0B-9842-42DA-AA23-69B8655E0C5F} - System32\Tasks\{2EAB9CC2-169B-4675-BF9B-ED3BAE64C025} => pcalua.exe -a "C:\Users\Klammer Tom\Desktop\softonic-Deutsch.exe" -d "C:\Users\Klammer Tom\Desktop"
Task: {638D1223-EC23-4228-B56B-5ECB6BA45629} - System32\Tasks\{AFF0020B-802C-4926-9147-C1148DD84125} => pcalua.exe -a E:\setup.exe -d E:\
Task: {76206859-0407-4871-BD88-722836584F58} - System32\Tasks\{3025F925-A23B-4DFA-9F64-1405AC642E88} => pcalua.exe -a "C:\Users\Klammer Tom\AppData\Local\Temp\Temp1_VirtualDub-1.9.11.zip\auxsetup.exe"
Task: {80EFFEBC-270B-4A27-B395-8234F889E59F} - System32\Tasks\{7E71D9BD-7640-4392-89A6-1625CA74C655} => pcalua.exe -a "C:\Users\Klammer Tom\Downloads\TrainingCenter_365.exe" -d "C:\Users\Klammer Tom\Downloads"
Task: {993C1955-53FD-445D-B4A8-EBD1B107DA35} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A759210A-94AB-4D08-90B8-9FD90E85C24A} - System32\Tasks\Google Updater and Installer => C:\Users\Klammer Tom\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {C92AA16A-F023-4BD7-B6C9-009437BC25B9} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {D306B6AF-5917-4293-9B20-37ABA78E4906} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1212480921-3000280771-3724376844-1001Core => C:\Users\Klammer Tom\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {F5BEDD76-F567-44D4-A46A-A374FE34B733} - \AdobeFlashPlayerUpdate 2 No Task File <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1212480921-3000280771-3724376844-1001Core.job => C:\Users\Klammer Tom\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1212480921-3000280771-3724376844-1001UA.job => C:\Users\Klammer Tom\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1212480921-3000280771-3724376844-1004Core.job => C:\Users\Babsi\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1212480921-3000280771-3724376844-1004UA.job => C:\Users\Babsi\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-05-11 14:09 - 2012-05-11 14:09 - 00177056 _____ () C:\Program Files\Wyse\PocketCloud Windows Companion\PocketCloudService.exe
2012-05-11 14:05 - 2012-05-11 14:05 - 00056832 _____ () C:\Program Files\Wyse\PocketCloud Windows Companion\ServerNetworkInterface.dll
2012-05-11 14:06 - 2012-05-11 14:06 - 01590272 _____ () C:\Program Files\Wyse\PocketCloud Windows Companion\AetherCommLib.dll
2012-05-11 14:04 - 2012-05-11 14:04 - 00061440 _____ () C:\Program Files\Wyse\PocketCloud Windows Companion\WyseWebServerLib.DLL
2013-02-13 03:37 - 2013-02-13 03:37 - 01263952 _____ () C:\Program Files\DivX\DivX Update\DivXUpdate.exe
2013-02-13 03:38 - 2013-02-13 03:38 - 00100688 _____ () C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
2008-04-18 14:56 - 2008-04-18 14:56 - 00311296 _____ () C:\Windows\system32\siecaces.dll
2007-04-16 12:01 - 2007-04-16 12:01 - 00184320 _____ () C:\Windows\system32\gmp4_2_1.dll
2010-05-27 20:40 - 2010-05-27 20:40 - 00270336 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-12-20 14:21 - 2014-12-20 14:21 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\818c5277bd028fb9cb78a30e3720eb0f\IsdiInterop.ni.dll
2010-06-29 16:19 - 2010-03-04 04:08 - 00058880 _____ () C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2011-01-19 07:45 - 2010-03-15 11:28 - 00141824 _____ () C:\Program Files\WinRAR\rarext.dll
2014-12-12 02:30 - 2014-12-06 02:50 - 01077064 _____ () C:\Users\Klammer Tom\AppData\Local\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-12 02:30 - 2014-12-06 02:50 - 00211272 _____ () C:\Users\Klammer Tom\AppData\Local\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-12 02:30 - 2014-12-06 02:50 - 09009480 _____ () C:\Users\Klammer Tom\AppData\Local\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-12 02:30 - 2014-12-06 02:50 - 01677128 _____ () C:\Users\Klammer Tom\AppData\Local\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:D1B5B4F1
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^CardOS API.lnk => C:\Windows\pss\CardOS API.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Klammer Tom^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Widget vodafone.lnk => C:\Windows\pss\Widget vodafone.lnk.Startup
MSCONFIG\startupreg: CLMLServer => "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: IAStorIcon => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: PocketCloud Location => C:\Program Files\Wyse\PocketCloud Windows Companion\WyseBrowser.exe
========================= Accounts: ==========================
Administrator (S-1-5-21-1212480921-3000280771-3724376844-500 - Administrator - Disabled)
ASPNET (S-1-5-21-1212480921-3000280771-3724376844-1008 - Limited - Enabled)
Babsi (S-1-5-21-1212480921-3000280771-3724376844-1004 - Limited - Enabled) => C:\Users\Babsi
Gast (S-1-5-21-1212480921-3000280771-3724376844-501 - Limited - Disabled) => C:\Users\Gast
HomeGroupUser$ (S-1-5-21-1212480921-3000280771-3724376844-1003 - Limited - Enabled)
Klammer Tom (S-1-5-21-1212480921-3000280771-3724376844-1001 - Administrator - Enabled) => C:\Users\Klammer Tom
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Processor: Pentium(R) Dual-Core CPU E5700 @ 3.00GHz
Percentage of memory in use: 52%
Total physical RAM: 3071.24 MB
Available physical RAM: 1456.25 MB
Total Pagefile: 6140.77 MB
Available Pagefile: 3778.32 MB
Total Virtual: 2047.88 MB
Available Virtual: 1908.26 MB
==================== Drives ================================
Drive c: (Boot) (Fixed) (Total:890.41 GB) (Free:598.61 GB) NTFS
Drive d: (Recover) (Fixed) (Total:40 GB) (Free:23.53 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=82 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=890.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=40 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)
==================== End Of Log ============================
Geändert von Klarta (26.12.2014 um 10:06 Uhr) |
|
26.12.2014, 19:24
| #8 |
| /// the machine /// TB-Ausbilder | Chrome Browser öffnet fensterESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
27.12.2014, 09:14
| #9 |
| | Chrome Browser öffnet fensterCode:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=81d0481610cd334d86f7055190d09247
# engine=21716
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-12-27 07:36:38
# local_time=2014-12-27 08:36:38 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 99 30302 11574395 0 0
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 587831 113847002 0 0
# scanned=202332
# found=59
# cleaned=0
# scan_time=19014
sh=E4D52A13B9D9F3D5BE0C4653857250D633223518 ft=1 fh=1aec917682e94057 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\LPT\Smartbar.Resources.HistoryAndStatsWrapper.dll.vir"
sh=6BF3E641CE0003E395A0A0D98AFB3F025334F695 ft=1 fh=9f67302321ccba6c vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\LPT\sppsm.dll.vir"
sh=8092C608B4E086365D99AC1EA8AF340C95A6B1B2 ft=1 fh=03ccaa026cb41a28 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\LPT\spusm.dll.vir"
sh=8BC417D84335C8A2984292D841C3006F4AA33F19 ft=1 fh=b832c00106aff94b vn="Variante von MSIL/Toolbar.Linkury.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\LPT\srbs.dll.vir"
sh=D1AC909FA3DA3ACE7120A10116A2172DE0FCA1ED ft=1 fh=6f70850ac416122f vn="Variante von MSIL/Toolbar.Linkury.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\LPT\srbu.dll.vir"
sh=8AB15733E80D0AE684F54EB075FC220DF1BD5721 ft=1 fh=5e8557a3384687dc vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\LPT\srpt.dll.vir"
sh=956D0D7E1543BCD5F41F2082D176E8E79E65BC30 ft=0 fh=0000000000000000 vn="Win32/PriceGong.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\PriceGong\2.6.3\PriceGong.crx.vir"
sh=1392C6E57505B8D63429BD8CA19D9E0197A875C4 ft=1 fh=b7c935b3c5f85add vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\PriceGong\2.6.3\PriceGongIE.dll.vir"
sh=97375C5960DAA2B3B4EA56975CE5CCEF74C42B0B ft=1 fh=b2a6f1d5e5e6980f vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\PriceGong\2.6.3\FF\components\PriceGongFF.dll.vir"
sh=251D27396EAE12241F753CBCD15F1C4810304EDB ft=1 fh=44a4304d485ad7d5 vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\PriceGong\2.6.3\FF\components\PriceGongFF_100.dll.vir"
sh=9FFFAACFE4EEAC55CE138FB7317761C32CD8EE7A ft=1 fh=0eef8d80e39072d1 vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\PriceGong\2.6.3\FF\components\PriceGongFF_50.dll.vir"
sh=0B8A4E2B75408C54B87975DE7839806943F66D15 ft=1 fh=e82aff129fd32db6 vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\PriceGong\2.6.3\FF\components\PriceGongFF_60.dll.vir"
sh=26F342BD7129782AEA7F3579ED3F4F4914F39D96 ft=1 fh=29848cdbe6c200bf vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\PriceGong\2.6.3\FF\components\PriceGongFF_70.dll.vir"
sh=C8CE8F77838E27FA4EFC5D4351E5E65F7BF923EC ft=1 fh=465872eeb32986b2 vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\PriceGong\2.6.3\FF\components\PriceGongFF_80.dll.vir"
sh=A42B27E9DADB988A8FBFEDA920AFF7888BD10028 ft=1 fh=7198cea6e95f53b5 vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\PriceGong\2.6.3\FF\components\PriceGongFF_90.dll.vir"
sh=C7BBD7FDEFEAB6433B7B26255E653109DC761325 ft=1 fh=8836dbeddf710ec6 vn="Win32/ELEX.AR evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\BHOEnabler.exe.vir"
sh=4E475FD620FBCCBB37453AF2BD0427BDA73109FF ft=1 fh=70875884387ffbdb vn="Variante von Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\DpInterface32.dll.vir"
sh=4E5E1B36910AD12E0E328F71A7CDC6EA6C009F9E ft=1 fh=ad050ae056d7e21e vn="Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\SupTab.dll.vir"
sh=95D8C7F2851240F836D46EBD0DCB0BBAE3C9C3C8 ft=1 fh=c39b2415a29978f2 vn="Variante von Win32/ELEX.AV evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\IePluginService\PluginService.exe.vir"
sh=4EDACB162E79B13F82774B4D1951DDAD8C518115 ft=1 fh=eba317b2b14505a9 vn="Variante von Win32/ELEX.AV evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\IePluginServices\PluginService.exe.vir"
sh=58AC6B48AA4566D2B149568A066A1639B18961B0 ft=0 fh=0000000000000000 vn="Win32/PriceGong.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Babsi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.3_0\pg_background.html.vir"
sh=8A2CAF2F4DE036234B9B5963B146ECA89EE6275A ft=0 fh=0000000000000000 vn="Win32/PriceGong.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Babsi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.3_0\pg_client.js.vir"
sh=EB58028A0E0214A2D04E36C4546BCEB81808B6A0 ft=0 fh=0000000000000000 vn="Win32/PriceGong.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Babsi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.3_0\menu_dlg\pg_dlg.html.vir"
sh=A8FA962A87C1F1477CEB4EC84A232E136750C9B1 ft=0 fh=0000000000000000 vn="Win32/PriceGong.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Babsi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.3_0\options\pg_options.html.vir"
sh=7A5B168BB2B8C06B2A9134B656BBF195830D21C2 ft=1 fh=55d4f387d8566cf4 vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Babsi\AppData\LocalLow\softonic-de3\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll.vir"
sh=7A5B168BB2B8C06B2A9134B656BBF195830D21C2 ft=1 fh=55d4f387d8566cf4 vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Babsi\AppData\LocalLow\Softonic_Deutsch\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll.vir"
sh=7A5B168BB2B8C06B2A9134B656BBF195830D21C2 ft=1 fh=55d4f387d8566cf4 vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\LocalLow\softonic-de3\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll.vir"
sh=7A5B168BB2B8C06B2A9134B656BBF195830D21C2 ft=1 fh=55d4f387d8566cf4 vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\LocalLow\Softonic_Deutsch\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll.vir"
sh=E3F8B8FE0BBC22CBB743C688ED79E0BF73FCCFE5 ft=1 fh=a81abe411291deb5 vn="Variante von Win32/Somoto.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Klammer Tom\AppData\Local\FilesFrog Update Checker\update_checker.exe.vir"
sh=58AC6B48AA4566D2B149568A066A1639B18961B0 ft=0 fh=0000000000000000 vn="Win32/PriceGong.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Klammer Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.3_0\pg_background.html.vir"
sh=8A2CAF2F4DE036234B9B5963B146ECA89EE6275A ft=0 fh=0000000000000000 vn="Win32/PriceGong.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Klammer Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.3_0\pg_client.js.vir"
sh=EB58028A0E0214A2D04E36C4546BCEB81808B6A0 ft=0 fh=0000000000000000 vn="Win32/PriceGong.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Klammer Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.3_0\menu_dlg\pg_dlg.html.vir"
sh=A8FA962A87C1F1477CEB4EC84A232E136750C9B1 ft=0 fh=0000000000000000 vn="Win32/PriceGong.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Klammer Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.3_0\options\pg_options.html.vir"
sh=E0814D0F17EE1122F6D3507DC676030F8E1CC133 ft=1 fh=0e0f46db8e6ee8c4 vn="Win32/Toolbar.Babylon.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Klammer Tom\AppData\Roaming\BabSolution\Shared\BabMaint.exe.vir"
sh=EC7EC5D60C5A578BC9953115D368BECD05BA14B2 ft=1 fh=ecbff00cc7dcc0fd vn="Variante von Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Klammer Tom\AppData\Roaming\SupTab\SupTab.dll.vir"
sh=61A8D16A5586134040C587C83F285C978EC432E3 ft=1 fh=550beeaa64c08289 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\tbsoft.dll"
sh=3222E8DAB740BA1D640CC66A9CD36070969DEB80 ft=1 fh=c71c0011469aa6c7 vn="Variante von Win32/Somoto.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Klammer Tom\AppData\Local\TempDIR\BetterInstaller.exe.vir"
sh=AEED4BD07358CF131BC4BB7409F5EE36EF18993C ft=1 fh=99982121147a8d4a vn="Win32/Somoto.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Klammer Tom\AppData\Local\Google\Chrome\User Data\Default\File System\010\t\00\00000000"
sh=42C28E041EA5F8B06D4857E8E6FCA75ABD4BCF2F ft=1 fh=b55fe72874790c5f vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Klammer Tom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G0JOBBUN\tbedrs[1].dll"
sh=7738C09B20F384D52FC9295966EE53222564D38C ft=1 fh=0215ddde6083ecb6 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Klammer Tom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Klammer Tom\AppData\Local\Conduit\CT1351351\Softonic_DeutschAutoUpdaterHelper.exe"
sh=A0AC2EF060C27275F2C0768DAF18A02FC0A6E168 ft=0 fh=0000000000000000 vn="Archbomb.RAR Trojaner" ac=I fn="C:\Users\Klammer Tom\Downloads\dropox\img_1559.rar"
sh=2446E82304B2A797346141850D2245916E179BB6 ft=1 fh=4f9fb98a1d8c5ee8 vn="Win32/Packed.Autoit.H evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Klammer Tom\Fritzbox\ruKernelTool\_Lib_\PrettyPrintFirmwareLinkListe.exe"
sh=D3B13F31A2277D7AF16506A6CB6053A9D729A890 ft=1 fh=78cace3e93567d5c vn="Win32/DownWare.L evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Klammer Tom\iphone\Install_ipswDownloader_v201_hf.exe"
sh=D8658959B782236151629045367108EE351FF2A2 ft=0 fh=0000000000000000 vn="Win32/DownWare.L evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Klammer Tom\iphone\ipswDownloader_v201_win.zip"
sh=8FC5F5CC72D9709775C56A8734F405A61F586299 ft=1 fh=cdbf2ae64812955d vn="Variante von MSIL/TrojanDropper.Agent.EH Trojaner" ac=I fn="C:\Windows\JungleFlasher v0.1.59 Beta\What.NET.exe"
sh=13587D79DBB9C94A82EF9E47C5F13BC5EDDC5D7E ft=0 fh=0000000000000000 vn="Win32/Toolbar.Babylon.I evtl. unerwünschte Anwendung" ac=I fn="K:\$RECYCLE.BIN\S-1-5-21-1212480921-3000280771-3724376844-1001\$R3GYJJP\Backup Set 2014-07-21 170830\Backup Files 2014-07-21 170830\Backup files 16.zip"
sh=2C4276AC59DECA4E0A6483AE8707114A9ACBE292 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Babylon.C evtl. unerwünschte Anwendung" ac=I fn="K:\$RECYCLE.BIN\S-1-5-21-1212480921-3000280771-3724376844-1001\$R3GYJJP\Backup Set 2014-07-21 170830\Backup Files 2014-07-21 170830\Backup files 3.zip"
sh=699FAD340BD59A05297BFF5ADCEFD9CB78CB5533 ft=0 fh=0000000000000000 vn="Win32/InstallCore.BN evtl. unerwünschte Anwendung" ac=I fn="K:\$RECYCLE.BIN\S-1-5-21-1212480921-3000280771-3724376844-1001\$R3GYJJP\Backup Set 2014-07-21 170830\Backup Files 2014-07-21 170830\Backup files 4.zip"
sh=F0D5A34ACBCF9AB80C701334FCE3616E92BD8BF6 ft=0 fh=0000000000000000 vn="Win32/Toolbar.SearchSuite evtl. unerwünschte Anwendung" ac=I fn="K:\$RECYCLE.BIN\S-1-5-21-1212480921-3000280771-3724376844-1001\$R3GYJJP\Backup Set 2014-07-21 170830\Backup Files 2014-07-21 170830\Backup files 5.zip"
sh=F21333573641DA470B4356136DD184B180F75805 ft=0 fh=0000000000000000 vn="Win32/SoftonicDownloader.E evtl. unerwünschte Anwendung" ac=I fn="K:\$RECYCLE.BIN\S-1-5-21-1212480921-3000280771-3724376844-1001\$R3GYJJP\Backup Set 2014-07-21 170830\Backup Files 2014-07-21 170830\Backup files 6.zip"
sh=AC7570FBF10BD591B9DC9D3B39C538D7EBB4AD1C ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Widgi.B evtl. unerwünschte Anwendung" ac=I fn="K:\$RECYCLE.BIN\S-1-5-21-1212480921-3000280771-3724376844-1001\$R3GYJJP\Backup Set 2014-07-21 170830\Backup Files 2014-07-21 170830\Backup files 7.zip"
sh=61A8D16A5586134040C587C83F285C978EC432E3 ft=1 fh=550beeaa64c08289 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="K:\$RECYCLE.BIN\S-1-5-21-1212480921-3000280771-3724376844-1001\$RFDQVCD\Program Files\tbsoft.dll"
sh=A47739F27C4BC8FD3A48B4A90B40679DF1218E1B ft=1 fh=ab4f3351c96b3042 vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="K:\$RECYCLE.BIN\S-1-5-21-1212480921-3000280771-3724376844-1001\$RFDQVCD\Program Files\Conduit\Community Alerts\Alert.dll"
sh=97BCCD25561F44E9B13F05F6EEF083C9CE9BA529 ft=1 fh=641f1fb3d2e699c4 vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="K:\$RECYCLE.BIN\S-1-5-21-1212480921-3000280771-3724376844-1001\$RFDQVCD\Program Files\Conduit\Community Alerts\Alert0.dll"
sh=D6383D1A810605A5ED92656A4AEEE009240AE531 ft=0 fh=0000000000000000 vn="Win32/Toolbar.DefaultTab.C evtl. unerwünschte Anwendung" ac=I fn="K:\$RECYCLE.BIN\S-1-5-21-1212480921-3000280771-3724376844-1001\$RFDQVCD\Program Files\DefaultTab\DefaultTab.crx"
sh=B1CF6E1D2CC7797C9CCD51E781DBEF3A1ACA74C8 ft=1 fh=e90057d45239714d vn="Variante von Win32/Toolbar.DefaultTab.B evtl. unerwünschte Anwendung" ac=I fn="K:\$RECYCLE.BIN\S-1-5-21-1212480921-3000280771-3724376844-1001\$RFDQVCD\Program Files\DefaultTab\DefaultTabSearch.exe"
sh=257718085F922E6B12C1370CE97DCB1A73E4C3F6 ft=0 fh=0000000000000000 vn="Archbomb.RAR Trojaner" ac=I fn="K:\KLAMMERTOM\Backup Set 2014-08-30 061751\Backup Files 2014-08-30 063330\Backup files 363.zip"
sh=681DC2B67986C10C0622568BB70A0A0B4D91EDAF ft=0 fh=0000000000000000 vn="Variante von Win32/SoftPulse.D evtl. unerwünschte Anwendung" ac=I fn="K:\KLAMMERTOM\Backup Set 2014-08-30 061751\Backup Files 2014-08-30 063330\Backup files 8.zip"
sh=E0BD65F0D75E7F04099327FA5ABE34707846BE94 ft=0 fh=0000000000000000 vn="Variante von Win32/Somoto.A evtl. unerwünschte Anwendung" ac=I fn="K:\KLAMMERTOM\Backup Set 2014-08-30 061751\Backup Files 2014-08-30 063330\Backup files 9.zip"
Code:
ATTFilter unsupported operating system! Aborted!
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 22-12-2014 01
Ran by Klammer Tom at 2014-12-27 09:09:00
Running from C:\Users\Klammer Tom\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
ActvMap V 4.7 (HKLM\...\ActvMap V 4.7) (Version: - Your Company)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.7.0.2090 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.7.700.224 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.7.700.224 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.8.638 - Adobe Systems, Inc.)
Apple Application Support (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{BE4AE3A7-190D-BCB8-A953-A708C9E8E8AA}) (Version: 3.0.778.0 - ATI Technologies, Inc.)
Avira (HKLM\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG)
Avira (Version: 1.1.27.25527 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
AVM FRITZ!Fernzugang (HKLM\...\{F2B03BB1-D679-4FFF-951D-3058A669A823}) (Version: 1.3.1 - AVM Berlin)
AZtrinoLoader (HKLM\...\{EAC850A4-5422-4632-9AFC-A33EC41B6F7E}) (Version: 1.1 - OpenSat)
AZUp (HKLM\...\{FBDBE1F0-AED1-496B-BCBA-7E2608D622FC}) (Version: 1.00.0000 - RTi)
Bi-LINK Gateway (HKLM\...\{63041551-16E0-4841-AC48-92A825711C93}) (Version: 1.00.5000 - Ihr Firmenname)
Brother BRAdmin Light 1.21.0002 (HKLM\...\{DB75941E-30C4-4D97-B000-D17C764B998C}) (Version: 1.21.0002 - Brother)
Bürgerkarte/Carta Servizi (HKLM\...\{CB610D37-34F7-4D85-AE73-EAA9BE748B4F}) (Version: 1.0.0 - Autonome Provinz Bozen/Provincia Autonoma di Bolzano)
CandyBox (HKLM\...\CandyBox_is1) (Version: - )
Canon Camera DV WIA Driver 6.1.2 (HKLM\...\InstallShield_{4CA5A658-D909-4F52-94FF-A2D02868D9F0}) (Version: 6.1.2 - Canon)
Canon DV WIA Driver (Version: 6.1.2 - Canon) Hidden
CardOS API (HKLM\...\{8E814717-DE49-4A4A-BD12-39102F9C9FD0}) (Version: 3.3.018 - Siemens IT Solutions and Services GmbH)
CAS Interface Studio 9.0.0 (HKLM\...\{198BDA47-7F40-4F2D-9214-07FF720BF39A}) (Version: 9.0.0 - Duolabs)
ccc-core-static (Version: 2010.0527.1242.20909 - ATI) Hidden
CorelDRAW Essentials 4 - Content (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Draw (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Filters (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - ICA (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - IPM - No VBA (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang BR (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang DE (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang EN (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang ES (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang FR (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang IT (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang NL (Version: 4.0 - Uw bedrijfsnaam) Hidden
CorelDRAW Essentials 4 - PHOTO-PAINT (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Windows Shell Extension (HKLM\...\_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}) (Version: - Corel Corporation)
CorelDRAW Essentials 4 - Windows Shell Extension (Version: 1.1 - Corel Corporation) Hidden
CorelDRAW Essentials 4 (HKLM\...\_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}) (Version: - Corel Corporation)
CorelDRAW Essentials 4 (Version: 4.0 - Corel Corporation) Hidden
CyberLink LabelPrint (HKLM\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2515 - CyberLink Corp.)
CyberLink Power2Go (HKLM\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)
CyberLink PowerDVD Copy (HKLM\...\InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}) (Version: 1.5.1306 - CyberLink Corp.)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
DirectVobSub 2.40.4209 (HKLM\...\vsfilter_is1) (Version: 2.40.4209 - MPC-HC Team)
DivX-Setup (HKLM\...\DivX Setup) (Version: 2.6.1.8 - DivX, LLC)
DogSettings Version 1.5.0.1 (HKLM\...\{7A03618C-AD50-4BDC-BA2E-A172A4410C73}_is1) (Version: 1.5.0.1 - DogStrike)
ffdshow v1.1.4399 [2012-03-22] (HKLM\...\ffdshow_is1) (Version: 1.1.4399.0 - )
Fitbit Connect (HKLM\...\Fitbit Connect) (Version: 1.0.0.2578 - Fitbit Inc.)
Fotogalerie (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
FoxyDeal version 1.0.0 (HKLM\...\FoxyDeal_is1) (Version: 1.0.0 - R&E Media GmbH)
Free MP3 Cutter and Editor 2.6 (HKLM\...\Free MP3 Cutter and Editor_is1) (Version: - musetips.com)
FRITZ!Box-Fernzugang einrichten (HKLM\...\{EFADD989-D9F2-49F6-A280-675951CC78D3}) (Version: 1.0.3 - AVM Berlin)
Garmin Communicator Plugin (HKLM\...\{647BB978-2876-487B-9B0E-FDB73F0EA4A2}) (Version: 4.0.4 - Garmin Ltd or its subsidiaries)
Garmin MapSource (HKLM\...\{AFBAB9A0-DDE8-49AE-8C17-A01B61BEE64B}) (Version: 6.16.3 - Garmin Ltd or its subsidiaries)
Garmin Training Center (HKLM\...\{7D542452-84EB-47C0-97BA-735C523AB555}) (Version: 3.6.5 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM\...\{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM\...\{AE1EC58E-B2AC-4959-A4C2-C38202A25239}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries)
GO Contact Sync Mod (HKLM\...\{B805EB38-C9ED-4102-89AA-C1F25F945F57}) (Version: 3.5.17 - WebGear, Create Software, Stru.be, saller.NET)
Google Chrome (HKU\S-1-5-21-1212480921-3000280771-3724376844-1001\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Drive (HKLM\...\{418BAAD1-754D-48B4-B078-46EF4F25AF42}) (Version: 1.15.6556.8063 - Google, Inc.)
Google Talk Plugin (HKLM\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.6.0 - LIGHTNING UK!)
Intel(R) Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.)
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
JDownloader (HKLM\...\JDownloader) (Version: - AppWork UG (haftungsbeschränkt))
Junk Mail filter update (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Medion Home Cinema (HKLM\...\InstallShield_{AB770FDE-8087-4C98-9A85-BD64262C104C}) (Version: 6.0.0000 - CyberLink Corp.)
Medion Home Cinema (Version: 6.0.0000 - CyberLink Corp.) Hidden
Microsoft .NET Framework 1.1 (HKLM\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.0 Language Pack - DEU (HKLM\...\Microsoft Help Viewer 1.0 Language Pack - DEU) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Office 2010 (HKLM\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version: - Microsoft)
Microsoft Office Klick-und-Los 2010 (HKLM\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-1212480921-3000280771-3724376844-1001\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [DEU] (HKLM\...\{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 DEU (HKLM\...\{0125D081-30D0-4A97-82A8-C28D444B6256}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual FoxPro OLE DB Provider (HKLM\...\{3DA245C5-23B1-4874-BFA7-287B7D6C1EF6}) (Version: 1.0.0 - Microsoft Corporation)
miniLector (Version: 3.0.0 - Bit4Id) Hidden
MiniTool Partition Wizard Home Edition 8.1.1 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: - MiniTool Solution Ltd.)
MoneyManagerEX Version 0.9.8.0 (HKLM\...\{2C48DC11-E113-4912-8AFC-366D1918101E}_is1) (Version: 0.9.8.0 - CodeLathe, LLC)
Movie Maker (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
MyPhoneExplorer (HKLM\...\MPE) (Version: 1.8.5 - F.J. Wechselberger)
Photocity Silver 3.2.5.2 (HKLM\...\Photocity Silver_is1) (Version: 3.2.5.2 - Photocity.it)
PL-2303 USB-to-Serial (HKLM\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.7.0 - Prolific Technology INC)
PlayMemories Home (HKLM\...\{0657DE52-8F5C-4073-B70C-ED4F3F7FA076}) (Version: 7.0.03.04240 - Sony Corporation)
PlayReady PC Runtime x86 (HKLM\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
PocketCloud Windows Companion (HKLM\...\{BD8F867A-0ACB-427D-A4F2-9AEE29FBF98B}) (Version: 2.4.19 - Wyse Technology)
PSPad editor (HKLM\...\PSPad editor_is1) (Version: - Jan Fiala)
Qtrax Player (HKLM\...\{89505A66-35F0-4401-B3AD-D077051F8698}) (Version: 01.001.0001 - Qtrax)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6083 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.3.13052_10 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.5.3.13052_10 - Samsung Electronics Co., Ltd.) Hidden
Samsung Story Album Viewer (HKLM\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.25.0 - SAMSUNG Electronics Co., Ltd.)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.6.8442 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Sony Image Data Suite (HKLM\...\{359FCAA7-B544-4147-AE3B-8C8A526E2427}) (Version: 3.2.00.15160 - Sony Corporation)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TomTom HOME 2.8.3.2499 (HKLM\...\TomTom HOME) (Version: 2.8.3.2499 - TomTom)
TomTom HOME Visual Studio Merge Modules (HKLM\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Total Commander (Remove or Repair) (HKLM\...\Totalcmd) (Version: 7.55a - Ghisler Software GmbH)
Twinbase Manager 2.11 (HKLM\...\{D6FA5A7E-C500-4D00-9F6E-72572A613076}) (Version: 2.1.1 - Duolabs)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Mobile-Gerätecenter (HKLM\...\{904CCF62-818D-4675-BC76-D37EB399F917}) (Version: 6.1.6965.0 - Microsoft Corporation)
WinRAR (HKLM\...\WinRAR archiver) (Version: - )
WinZip 14.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}) (Version: 14.5.9095 - WinZip Computing, S.L. )
XBMC (HKU\S-1-5-21-1212480921-3000280771-3724376844-1001\...\XBMC) (Version: - Team XBMC)
Xvid Video Codec (HKLM\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Klammer Tom\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Klammer Tom\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Klammer Tom\AppData\Local\Google\Update\1.3.25.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Klammer Tom\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Klammer Tom\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Klammer Tom\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\Klammer Tom\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{50BAEED9-ED25-11D2-B97B-000000000000}\InprocServer32 -> C:\Program Files\Common Files\System\ole db\vfpoledb.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{50BAEEDA-ED25-11D2-B97B-000000000000}\InprocServer32 -> C:\Program Files\Common Files\System\ole db\vfpoledb.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{50BAEEDB-ED25-11D2-B97B-000000000000}\InprocServer32 -> C:\Program Files\Common Files\System\ole db\vfpoledb.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Klammer Tom\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\Klammer Tom\AppData\Local\Google\Chrome\Application\39.0.2171.95\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Klammer Tom\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Klammer Tom\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Klammer Tom\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\localserver32 -> C:\Users\Klammer Tom\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Klammer Tom\AppData\Local\Google\Update\1.3.24.15\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\Klammer Tom\AppData\Local\Google\Update\1.3.21.149\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Klammer Tom\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Klammer Tom\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Klammer Tom\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\localserver32 -> C:\Users\Klammer Tom\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\Klammer Tom\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Klammer Tom\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Klammer Tom\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Klammer Tom\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Klammer Tom\AppData\Local\Google\Update\1.3.21.115\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Klammer Tom\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Klammer Tom\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Klammer Tom\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Klammer Tom\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Klammer Tom\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Klammer Tom\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\FileSyncApi.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Klammer Tom\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Klammer Tom\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File
==================== Restore Points =========================
25-12-2014 07:11:28 Revo Uninstaller's restore point - FuzeZip
25-12-2014 07:12:36 Revo Uninstaller's restore point - FuzeZip
25-12-2014 07:16:07 Windows Update
26-12-2014 09:38:03 Installed Bi-LINK Gateway.
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:04 - 2014-12-25 11:15 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0C075D54-3C83-47AE-96DC-6D1705C848A4} - \AdobeFlashPlayerUpdate No Task File <==== ATTENTION
Task: {19813342-5F48-4A54-9390-D26920556680} - System32\Tasks\{F2DCD6C3-BF98-489E-B052-01BE7BD554EE} => C:\Program Files\Skype\\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {284CF58D-6BE8-4E41-A012-24361695D8A5} - System32\Tasks\PenWes => C:\Program Files\PenWes\penwes.exe <==== ATTENTION
Task: {330509CC-EE4F-425C-BE40-488C1558A958} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-08-21] (Adobe Systems Incorporated)
Task: {399D78B7-B851-4413-8D40-A6AB8A0ECF99} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1212480921-3000280771-3724376844-1004UA => C:\Users\Babsi\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-29] (Google Inc.)
Task: {4208095E-90B5-493F-B570-F2C2D8A23D89} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2014-10-07] (Oracle Corporation)
Task: {481CA072-544A-47B8-83FA-7A3B64A8ECB2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1212480921-3000280771-3724376844-1001UA => C:\Users\Klammer Tom\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {4869E72E-E196-48D0-ABDD-176F339B2521} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1212480921-3000280771-3724376844-1004Core => C:\Users\Babsi\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-29] (Google Inc.)
Task: {581B7E0B-9842-42DA-AA23-69B8655E0C5F} - System32\Tasks\{2EAB9CC2-169B-4675-BF9B-ED3BAE64C025} => pcalua.exe -a "C:\Users\Klammer Tom\Desktop\softonic-Deutsch.exe" -d "C:\Users\Klammer Tom\Desktop"
Task: {638D1223-EC23-4228-B56B-5ECB6BA45629} - System32\Tasks\{AFF0020B-802C-4926-9147-C1148DD84125} => pcalua.exe -a E:\setup.exe -d E:\
Task: {76206859-0407-4871-BD88-722836584F58} - System32\Tasks\{3025F925-A23B-4DFA-9F64-1405AC642E88} => pcalua.exe -a "C:\Users\Klammer Tom\AppData\Local\Temp\Temp1_VirtualDub-1.9.11.zip\auxsetup.exe"
Task: {80EFFEBC-270B-4A27-B395-8234F889E59F} - System32\Tasks\{7E71D9BD-7640-4392-89A6-1625CA74C655} => pcalua.exe -a "C:\Users\Klammer Tom\Downloads\TrainingCenter_365.exe" -d "C:\Users\Klammer Tom\Downloads"
Task: {993C1955-53FD-445D-B4A8-EBD1B107DA35} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A759210A-94AB-4D08-90B8-9FD90E85C24A} - System32\Tasks\Google Updater and Installer => C:\Users\Klammer Tom\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {C92AA16A-F023-4BD7-B6C9-009437BC25B9} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {D306B6AF-5917-4293-9B20-37ABA78E4906} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1212480921-3000280771-3724376844-1001Core => C:\Users\Klammer Tom\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {F5BEDD76-F567-44D4-A46A-A374FE34B733} - \AdobeFlashPlayerUpdate 2 No Task File <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1212480921-3000280771-3724376844-1001Core.job => C:\Users\Klammer Tom\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1212480921-3000280771-3724376844-1001UA.job => C:\Users\Klammer Tom\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1212480921-3000280771-3724376844-1004Core.job => C:\Users\Babsi\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1212480921-3000280771-3724376844-1004UA.job => C:\Users\Babsi\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-05-11 14:09 - 2012-05-11 14:09 - 00177056 _____ () C:\Program Files\Wyse\PocketCloud Windows Companion\PocketCloudService.exe
2012-05-11 14:05 - 2012-05-11 14:05 - 00056832 _____ () C:\Program Files\Wyse\PocketCloud Windows Companion\ServerNetworkInterface.dll
2012-05-11 14:06 - 2012-05-11 14:06 - 01590272 _____ () C:\Program Files\Wyse\PocketCloud Windows Companion\AetherCommLib.dll
2012-05-11 14:04 - 2012-05-11 14:04 - 00061440 _____ () C:\Program Files\Wyse\PocketCloud Windows Companion\WyseWebServerLib.DLL
2013-02-13 03:37 - 2013-02-13 03:37 - 01263952 _____ () C:\Program Files\DivX\DivX Update\DivXUpdate.exe
2013-02-13 03:38 - 2013-02-13 03:38 - 00100688 _____ () C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
2008-04-18 14:56 - 2008-04-18 14:56 - 00311296 _____ () C:\Windows\system32\siecaces.dll
2007-04-16 12:01 - 2007-04-16 12:01 - 00184320 _____ () C:\Windows\system32\gmp4_2_1.dll
2010-05-27 20:40 - 2010-05-27 20:40 - 00270336 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-12-20 14:21 - 2014-12-20 14:21 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\818c5277bd028fb9cb78a30e3720eb0f\IsdiInterop.ni.dll
2010-06-29 16:19 - 2010-03-04 04:08 - 00058880 _____ () C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2011-01-19 07:45 - 2010-03-15 11:28 - 00141824 _____ () C:\Program Files\WinRAR\rarext.dll
2014-12-12 02:30 - 2014-12-06 02:50 - 01077064 _____ () C:\Users\Klammer Tom\AppData\Local\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-12 02:30 - 2014-12-06 02:50 - 00211272 _____ () C:\Users\Klammer Tom\AppData\Local\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-12 02:30 - 2014-12-06 02:50 - 09009480 _____ () C:\Users\Klammer Tom\AppData\Local\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-12 02:30 - 2014-12-06 02:50 - 01677128 _____ () C:\Users\Klammer Tom\AppData\Local\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2014-12-12 02:30 - 2014-12-06 02:50 - 14913352 _____ () C:\Users\Klammer Tom\AppData\Local\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll
2014-12-27 09:03 - 2014-12-27 09:03 - 00852505 _____ () C:\Users\Klammer Tom\Desktop\SecurityCheck.exe
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:D1B5B4F1
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^CardOS API.lnk => C:\Windows\pss\CardOS API.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Klammer Tom^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Widget vodafone.lnk => C:\Windows\pss\Widget vodafone.lnk.Startup
MSCONFIG\startupreg: CLMLServer => "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: IAStorIcon => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: PocketCloud Location => C:\Program Files\Wyse\PocketCloud Windows Companion\WyseBrowser.exe
========================= Accounts: ==========================
Administrator (S-1-5-21-1212480921-3000280771-3724376844-500 - Administrator - Disabled)
ASPNET (S-1-5-21-1212480921-3000280771-3724376844-1008 - Limited - Enabled)
Babsi (S-1-5-21-1212480921-3000280771-3724376844-1004 - Limited - Enabled) => C:\Users\Babsi
Gast (S-1-5-21-1212480921-3000280771-3724376844-501 - Limited - Disabled) => C:\Users\Gast
HomeGroupUser$ (S-1-5-21-1212480921-3000280771-3724376844-1003 - Limited - Enabled)
Klammer Tom (S-1-5-21-1212480921-3000280771-3724376844-1001 - Administrator - Enabled) => C:\Users\Klammer Tom
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Error: (12/27/2014 09:05:21 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0
Error: (12/27/2014 09:03:10 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0
Error: (12/27/2014 09:02:07 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0
Error: (12/27/2014 08:47:47 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0
Error: (12/27/2014 08:38:48 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0
Error: (12/27/2014 08:38:48 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0
Error: (12/27/2014 08:32:01 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0
Error: (12/27/2014 08:24:46 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0
Error: (12/27/2014 08:18:13 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0
Error: (12/27/2014 08:13:18 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Processor: Pentium(R) Dual-Core CPU E5700 @ 3.00GHz
Percentage of memory in use: 64%
Total physical RAM: 3071.24 MB
Available physical RAM: 1098.93 MB
Total Pagefile: 6140.77 MB
Available Pagefile: 2639.93 MB
Total Virtual: 2047.88 MB
Available Virtual: 1908.25 MB
==================== Drives ================================
Drive c: (Boot) (Fixed) (Total:890.41 GB) (Free:598.04 GB) NTFS
Drive d: (Recover) (Fixed) (Total:40 GB) (Free:23.53 GB) NTFS
Drive k: (HD-PCU2) (Fixed) (Total:465.76 GB) (Free:247.84 GB) NTFS
Drive l: (KINGSTON) (Removable) (Total:14.82 GB) (Free:14.82 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=82 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=890.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=40 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)
========================================================
Disk: 4 (Size: 465.8 GB) (Disk ID: 572CD56E)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)
========================================================
Disk: 5 (MBR Code: Windows XP) (Size: 14.8 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=14.8 GB) - (Type=0C)
==================== End Of Log ============================
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-12-2014 01
Ran by Klammer Tom (administrator) on KLAMMERTOM on 27-12-2014 09:07:48
Running from C:\Users\Klammer Tom\Desktop
Loaded Profile: Klammer Tom (Available profiles: Klammer Tom & Babsi & Gast)
Platform: Microsoft Windows 7 Home Premium (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(MS) C:\Program Files\LSM\aus.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\avmike.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\certsrv.exe
(Fitbit, Inc.) C:\Program Files\Fitbit Connect\FitbitConnectService.exe
(MS) C:\Program Files\LSM\lsm.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe
(Sony Corporation) C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
() C:\Program Files\Wyse\PocketCloud Windows Companion\PocketCloudService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(MS) C:\Program Files\LSM\lsm.exe
(Fitbit, Inc.) C:\Program Files\Fitbit Connect\Fitbit Connect.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(Sony Corporation) C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(Siemens IT Solutions and Services GmbH) C:\Program Files\Siemens\CardOS API\bin\siecacst.exe
(Numera) C:\Program Files\BiLink Gateway\GatewaySysTray.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Google Inc.) C:\Users\Klammer Tom\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Klammer Tom\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Klammer Tom\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Klammer Tom\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Klammer Tom\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Klammer Tom\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Klammer Tom\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Klammer Tom\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Klammer Tom\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Klammer Tom\AppData\Local\Google\Chrome\Application\chrome.exe
() C:\Users\Klammer Tom\Desktop\SecurityCheck.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8555040 2010-04-07] (Realtek Semiconductor)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-05-27] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [Fitbit Connect] => C:\Program Files\Fitbit Connect\Fitbit Connect.exe [3093024 2013-02-25] (Fitbit, Inc.)
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-04-15] (DivX, LLC)
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] ()
HKLM\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311152 2013-09-04] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [PMBVolumeWatcher] => C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe [740888 2013-04-24] (Sony Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1212480921-3000280771-3724376844-1001\...\Run: [Fitbit Connect] => C:\Program Files\Fitbit Connect\Fitbit Connect.exe [3093024 2013-02-25] (Fitbit, Inc.)
HKU\S-1-5-21-1212480921-3000280771-3724376844-1001\...\Run: [7458D9638A71E4DCC1B6741438512A391BC80893._service_run] => C:\Users\Klammer Tom\AppData\Local\Google\Chrome\Application\chrome.exe [856904 2014-12-06] (Google Inc.)
HKU\S-1-5-21-1212480921-3000280771-3724376844-1001\...\Run: [KiesPreload] => C:\Program Files\Samsung\Kies\Kies.exe [1564528 2013-09-04] (Samsung)
HKU\S-1-5-21-1212480921-3000280771-3724376844-1001\...\Run: [GoogleChromeAutoLaunch_1258C2E50858114A6758F2E90A1B01AA] => C:\Users\Klammer Tom\AppData\Local\Google\Chrome\Application\chrome.exe [856904 2014-12-06] (Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CardOS API.lnk
ShortcutTarget: CardOS API.lnk -> C:\Program Files\Siemens\CardOS API\bin\siecacst.exe (Siemens IT Solutions and Services GmbH)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Omron BiLink Gateway.lnk
ShortcutTarget: Omron BiLink Gateway.lnk -> C:\Windows\Installer\{63041551-16E0-4841-AC48-92A825711C93}\NewShortcut1_8188288DFAC14FF2859A19505BA528D5.exe (Flexera Software LLC)
ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-1212480921-3000280771-3724376844-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1212480921-3000280771-3724376844-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1212480921-3000280771-3724376844-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-1212480921-3000280771-3724376844-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1212480921-3000280771-3724376844-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Klammer Tom\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-1212480921-3000280771-3724376844-1001: @talk.google.com/O1DPlugin -> C:\Users\Klammer Tom\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-1212480921-3000280771-3724376844-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Klammer Tom\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1212480921-3000280771-3724376844-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Klammer Tom\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Klammer Tom\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Klammer Tom\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: Anti-Banner - C:\Program Files\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru [2011-01-19]
FF Extension: Modul zur Link-Untersuchung - C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2011-01-19]
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-05-19]
Chrome:
=======
CHR HomePage: Default -> https://drive.google.com/keep/
CHR StartupUrls: Default -> "https://drive.google.com/keep/", "hxxp://www.google.com/"
CHR DefaultSearchKeyword: Default -> google.com_
CHR DefaultSearchURL: Default -> hxxp://www.google.com/search?q={searchTerms}
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR Profile: C:\Users\Klammer Tom\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Klammer Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-20]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Klammer Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-08]
CHR Extension: (YouTube) - C:\Users\Klammer Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-21]
CHR Extension: (Google-Suche) - C:\Users\Klammer Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-21]
CHR Extension: (Avira Browserschutz) - C:\Users\Klammer Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-08-27]
CHR Extension: (AdBlock) - C:\Users\Klammer Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-12-23]
CHR Extension: (Google Wallet) - C:\Users\Klammer Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-27]
CHR Extension: (Mehr Leistung und Videoformate für dein HTML5 <video>) - C:\Users\Klammer Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2013-06-20]
CHR Extension: (Google Chrome to Phone Extension) - C:\Users\Klammer Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco [2013-06-21]
CHR Extension: (Google Mail) - C:\Users\Klammer Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-21]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-05-06]
CHR HKU\S-1-5-21-1212480921-3000280771-3724376844-1001\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\KLAMME~1\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-05-04]
CHR StartMenuInternet: Google Chrome - C:\Users\Klammer Tom\AppData\Local\Google\Chrome\Application\chrome.exe
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AUS; C:\Program Files\LSM\aus.exe [287744 2014-02-22] (MS) [File not signed]
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
R2 avmike; C:\Program Files\FRITZ!Fernzugang\avmike.exe [255904 2012-11-28] (AVM Berlin)
R2 certsrv; C:\Program Files\FRITZ!Fernzugang\certsrv.exe [122272 2012-11-28] (AVM Berlin)
R2 Fitbit Connect; C:\Program Files\Fitbit Connect\FitbitConnectService.exe [1239584 2013-02-25] (Fitbit, Inc.) [File not signed]
R2 Log S.M.; C:\Program Files\LSM\lsm.exe [428032 2014-02-22] (MS) [File not signed]
S2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
R2 nwtsrv; C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe [155488 2013-06-10] (AVM Berlin)
R2 PMBDeviceInfoProvider; C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [483864 2013-04-24] (Sony Corporation)
R2 WysePocketCloud; C:\Program Files\Wyse\PocketCloud Windows Companion\PocketCloudService.exe [177056 2012-05-11] () [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 61883; C:\Windows\System32\DRIVERS\61883.sys [46976 2009-07-14] (Microsoft Corporation)
S3 A38CCID; C:\Windows\System32\DRIVERS\a38ccid.sys [38016 2009-12-15] (Advanced Card Systems Ltd.) [File not signed]
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98160 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-08-15] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2014-12-20] (Disc Soft Ltd)
S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [15720 2012-04-18] (GARMIN Corp.)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
S3 HTCAND32; C:\Windows\System32\Drivers\ANDROIDUSB.sys [25088 2009-10-26] (HTC, Corporation) [File not signed]
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
R3 NWIM; C:\Windows\System32\DRIVERS\avmnwim.sys [334712 2011-07-05] (AVM Berlin)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [15688 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [10320 2013-09-30] ()
S3 Ser2plx86; C:\Windows\System32\DRIVERS\ser2pl.sys [139776 2013-10-25] (Prolific Technology Inc.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2014-08-15] (Avira GmbH)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [181912 2013-06-05] (DEVGURU Co., LTD.(www.devguru.co.kr))
R3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [186592 2007-06-17] (Jungo)
S1 acnppeaf; No ImagePath
S1 ajvxhtkn; No ImagePath
S1 alrpfdow; No ImagePath
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S1 bbckdoel; No ImagePath
S1 blnyluax; No ImagePath
S1 bxvknznz; No ImagePath
S1 calwkyoh; No ImagePath
S3 catchme; \??\C:\Users\KLAMME~1\AppData\Local\Temp\catchme.sys [X]
S1 csouovll; \??\C:\Windows\system32\drivers\csouovll.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S1 eyhmkoxc; No ImagePath
S1 gmcyysxe; \??\C:\Windows\system32\drivers\gmcyysxe.sys [X]
S1 gzovqwlo; No ImagePath
S1 hgrketja; \??\C:\Windows\system32\drivers\hgrketja.sys [X]
S1 hjbaugtf; No ImagePath
S1 hpzcmekn; No ImagePath
S1 idgksizh; \??\C:\Windows\system32\drivers\idgksizh.sys [X]
S1 imxpezof; No ImagePath
S1 iomzqlia; No ImagePath
S1 jhvusnro; No ImagePath
S1 johxzjxo; \??\C:\Windows\system32\drivers\johxzjxo.sys [X]
S1 kixlqqis; \??\C:\Windows\system32\drivers\kixlqqis.sys [X]
S1 kyernmvt; No ImagePath
S1 lmohiqys; \??\C:\Windows\system32\drivers\lmohiqys.sys [X]
S1 lqhtsnyi; \??\C:\Windows\system32\drivers\lqhtsnyi.sys [X]
S1 mohuhjbr; No ImagePath
S1 nbqboypg; No ImagePath
S1 nioyafri; No ImagePath
S3 Profos; No ImagePath
S1 qbtpojbw; \??\C:\Windows\system32\drivers\qbtpojbw.sys [X]
S1 qkhdjhrz; No ImagePath
S1 szfbsrkv; No ImagePath
S1 sztoigbt; No ImagePath
S1 tafkhagl; \??\C:\Windows\system32\drivers\tafkhagl.sys [X]
S1 tzeqybma; \??\C:\Windows\system32\drivers\tzeqybma.sys [X]
S1 wkrcjoqc; \??\C:\Windows\system32\drivers\wkrcjoqc.sys [X]
S1 xbapjmcg; \??\C:\Windows\system32\drivers\xbapjmcg.sys [X]
S1 xetepzfq; No ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-27 09:03 - 2014-12-27 09:03 - 00852505 _____ () C:\Users\Klammer Tom\Desktop\SecurityCheck.exe
2014-12-27 03:12 - 2014-12-27 03:12 - 02347384 _____ (ESET) C:\Users\Klammer Tom\Downloads\esetsmartinstaller_deu.exe
2014-12-26 10:13 - 2014-12-27 09:08 - 00023720 _____ () C:\Users\Klammer Tom\Desktop\FRST.txt
2014-12-26 10:10 - 2014-12-26 10:10 - 00000979 _____ () C:\Users\Klammer Tom\Desktop\JRT.txt
2014-12-26 10:08 - 2014-12-26 10:08 - 00000000 ____D () C:\Windows\ERUNT
2014-12-26 10:07 - 2014-12-26 10:07 - 01707646 _____ (Thisisu) C:\Users\Klammer Tom\Desktop\JRT.exe
2014-12-26 09:51 - 2014-12-26 09:51 - 00002669 _____ () C:\Users\Klammer Tom\Desktop\mbam.txt
2014-12-26 09:38 - 2014-12-26 09:38 - 00001876 _____ () C:\Users\Public\Desktop\NewShortcut4.lnk
2014-12-26 09:38 - 2014-12-26 09:38 - 00000000 ____D () C:\Users\Klammer Tom\AppData\Roaming\Omron
2014-12-26 09:38 - 2014-12-26 09:38 - 00000000 ____D () C:\Users\Klammer Tom\AppData\Roaming\Numera.Gateway
2014-12-26 09:38 - 2014-12-26 09:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BiLink Gateway
2014-12-26 09:38 - 2014-12-26 09:38 - 00000000 ____D () C:\Program Files\BiLink Gateway
2014-12-26 09:33 - 2014-12-26 09:35 - 85883120 _____ (Omron) C:\Users\Klammer Tom\Downloads\Bi-LINKGateway.exe
2014-12-26 09:07 - 2014-12-27 01:56 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-26 09:07 - 2014-12-26 09:07 - 00001068 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-12-26 09:07 - 2014-12-26 09:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-12-26 09:07 - 2014-12-26 09:07 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-26 09:07 - 2014-12-26 09:07 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-12-26 09:07 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-26 09:07 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-26 09:07 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-26 09:03 - 2014-12-27 09:03 - 00000000 ____D () C:\Users\Klammer Tom\PC Hilfe
2014-12-25 11:21 - 2014-12-25 11:21 - 00053614 _____ () C:\ComboFix.txt
2014-12-25 07:26 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-12-25 07:26 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-12-25 07:26 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-12-25 07:26 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-12-25 07:26 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-12-25 07:26 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-12-25 07:26 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-12-25 07:26 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-12-25 07:20 - 2014-12-25 11:21 - 00000000 ____D () C:\Qoobox
2014-12-25 07:20 - 2014-12-25 11:20 - 00000000 ____D () C:\Windows\erdnt
2014-12-25 07:16 - 2014-12-25 10:24 - 05603465 ____R (Swearware) C:\Users\Klammer Tom\Desktop\ComboFix.exe
2014-12-25 07:09 - 2014-12-25 07:09 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-12-23 09:26 - 2014-12-23 09:27 - 00047313 _____ () C:\Users\Klammer Tom\Downloads\Addition.txt
2014-12-23 09:24 - 2014-12-27 09:07 - 00000000 ____D () C:\FRST
2014-12-23 09:24 - 2014-12-23 09:27 - 00034576 _____ () C:\Users\Klammer Tom\Downloads\FRST.txt
2014-12-23 09:24 - 2014-12-23 09:24 - 01114112 _____ (Farbar) C:\Users\Klammer Tom\Desktop\FRST.exe
2014-12-23 09:20 - 2014-12-23 09:20 - 00000554 _____ () C:\Users\Klammer Tom\Downloads\defogger_disable.log
2014-12-23 09:20 - 2014-12-23 09:20 - 00000156 _____ () C:\Users\Klammer Tom\defogger_reenable
2014-12-23 09:19 - 2014-12-23 09:20 - 00050477 _____ () C:\Users\Klammer Tom\Downloads\Defogger.exe
2014-12-22 13:56 - 2014-12-22 13:56 - 04000729 _____ () C:\Users\Klammer Tom\Downloads\UPDATE-SuperSU-v2.40.zip
2014-12-22 10:39 - 2014-12-22 10:39 - 02015655 _____ () C:\Users\Klammer Tom\Downloads\Trebuchet_i9505_GPe5.zip
2014-12-22 10:37 - 2014-12-22 10:37 - 05395433 _____ () C:\Users\Klammer Tom\Downloads\GoogleDialer_Contacts_Dark_i9505_GPe5(2).zip
2014-12-22 10:36 - 2014-12-22 10:47 - 270120964 _____ () C:\Users\Klammer Tom\Downloads\Danvdh-GPE-5-12172014.zip
2014-12-20 17:12 - 2014-12-20 17:12 - 00000000 _____ () C:\Windows\system32\sho3BFF.tmp
2014-12-20 15:00 - 2014-12-20 15:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-12-20 15:00 - 2014-12-20 15:00 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-12-20 14:43 - 2014-12-20 14:43 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-12-20 13:39 - 2014-12-20 13:39 - 00001563 _____ () C:\Windows\IE11_main.log
2014-12-20 10:32 - 2014-12-20 10:32 - 00347816 _____ (Microsoft Corporation) C:\Users\Klammer Tom\Downloads\Nicht bestätigt 502266.crdownload
2014-12-20 07:31 - 2014-12-20 07:31 - 00001904 _____ () C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2014-12-20 07:30 - 2014-12-20 07:31 - 00000000 ____D () C:\Users\Klammer Tom\AppData\Roaming\DAEMON Tools Lite
2014-12-20 07:30 - 2014-12-20 07:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2014-12-20 07:30 - 2014-12-20 07:30 - 00243128 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys
2014-12-20 07:30 - 2014-12-20 07:30 - 00000000 ____D () C:\Program Files\DAEMON Tools Lite
2014-12-20 07:29 - 2014-12-20 07:32 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
2014-12-20 07:14 - 2014-12-20 07:18 - 229638144 _____ () C:\Users\Klammer Tom\Downloads\gparted-live-0.20.0-2-i486.iso
2014-12-16 09:10 - 2014-12-16 09:11 - 00000000 ____D () C:\Users\Klammer Tom\Desktop\XBMC
2014-12-16 08:47 - 2014-12-17 09:05 - 00000411 _____ () C:\Users\Klammer Tom\.swfinfo
2014-12-16 07:33 - 2014-12-20 12:25 - 00000000 ____D () C:\Users\Klammer Tom\AppData\Roaming\XBMC
2014-12-16 07:30 - 2014-12-16 07:36 - 00000000 ____D () C:\Program Files\XBMC
2014-12-16 07:28 - 2014-12-16 07:29 - 63850156 _____ () C:\Users\Klammer Tom\Downloads\xbmc-13.2-Gotham.exe
2014-12-15 12:04 - 2014-12-15 12:04 - 00001099 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-12-14 18:25 - 2014-12-14 18:25 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\Klammer Tom\Downloads\SpyHunter-Installer.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-27 08:33 - 2011-04-16 17:33 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1212480921-3000280771-3724376844-1004UA.job
2014-12-27 08:26 - 2010-10-03 08:19 - 00001144 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1212480921-3000280771-3724376844-1001UA.job
2014-12-27 07:33 - 2011-04-16 17:33 - 00001068 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1212480921-3000280771-3724376844-1004Core.job
2014-12-27 07:09 - 2010-09-30 09:16 - 01192427 _____ () C:\Windows\WindowsUpdate.log
2014-12-27 03:13 - 2010-06-29 14:26 - 01733494 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-26 16:26 - 2010-10-03 08:19 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1212480921-3000280771-3724376844-1001Core.job
2014-12-26 10:10 - 2009-07-14 05:34 - 00018928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-26 10:10 - 2009-07-14 05:34 - 00018928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-26 10:04 - 2012-03-27 09:58 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-12-26 10:02 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-26 10:01 - 2010-10-01 07:41 - 00460370 _____ () C:\Windows\PFRO.log
2014-12-26 10:01 - 2009-07-14 05:39 - 00218909 _____ () C:\Windows\setupact.log
2014-12-26 10:00 - 2014-08-26 08:43 - 00000000 ____D () C:\AdwCleaner
2014-12-26 09:03 - 2010-09-30 09:24 - 00000000 ____D () C:\Users\Klammer Tom
2014-12-25 11:21 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Default
2014-12-25 11:21 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2014-12-25 11:17 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini
2014-12-25 07:13 - 2013-08-26 08:15 - 00000000 ____D () C:\Users\Klammer Tom\AppData\Local\FuzeZip
2014-12-21 14:55 - 2010-06-30 09:35 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-12-20 15:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-12-20 15:11 - 2012-06-29 17:20 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-20 15:01 - 2011-09-18 15:17 - 00000000 ____D () C:\ProgramData\Skype
2014-12-20 15:00 - 2011-09-18 15:17 - 00000000 ___RD () C:\Program Files\Skype
2014-12-20 14:54 - 2011-03-02 16:34 - 00002057 _____ () C:\Windows\epplauncher.mif
2014-12-20 14:19 - 2012-07-11 07:50 - 00002121 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-12-20 14:19 - 2011-03-02 16:33 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-12-20 14:18 - 2009-07-14 03:04 - 00000478 _____ () C:\Windows\win.ini
2014-12-20 14:11 - 2013-09-27 15:43 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-20 13:53 - 2010-06-30 09:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-20 07:56 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-20 07:24 - 2011-09-03 14:51 - 00000000 ____D () C:\Users\Klammer Tom\AppData\Roaming\ImgBurn
2014-12-15 12:04 - 2014-08-27 06:06 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-15 12:04 - 2014-08-27 06:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-12-15 12:04 - 2014-08-27 06:04 - 00000000 ____D () C:\Program Files\Avira
2014-12-12 02:30 - 2010-10-03 08:20 - 00002396 _____ () C:\Users\Klammer Tom\Desktop\Google Chrome.lnk
2014-11-27 16:40 - 2010-06-30 09:36 - 109818608 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
Some content of TEMP:
====================
C:\Users\Klammer Tom\AppData\Local\temp\avgnt.exe
C:\Users\Klammer Tom\AppData\Local\temp\CP210xVCPInstaller_x64.exe
C:\Users\Klammer Tom\AppData\Local\temp\CP210xVCPInstaller_x86.exe
C:\Users\Klammer Tom\AppData\Local\temp\Quarantine.exe
C:\Users\Klammer Tom\AppData\Local\temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-12-25 14:52
==================== End Of Log ============================
--- --- --- |
|
28.12.2014, 00:01
| #10 |
| /// the machine /// TB-Ausbilder | Chrome Browser öffnet fenster Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter Task: {0C075D54-3C83-47AE-96DC-6D1705C848A4} - \AdobeFlashPlayerUpdate No Task File <==== ATTENTION
Task: {284CF58D-6BE8-4E41-A012-24361695D8A5} - System32\Tasks\PenWes => C:\Program Files\PenWes\penwes.exe <==== ATTENTION
Task: {F5BEDD76-F567-44D4-A46A-A374FE34B733} - \AdobeFlashPlayerUpdate 2 No Task File <==== ATTENTION
CHR HKU\S-1-5-21-1212480921-3000280771-3724376844-1001\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\KLAMME~1\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-05-04]
S1 acnppeaf; No ImagePath
S1 ajvxhtkn; No ImagePath
S1 alrpfdow; No ImagePath
S1 bbckdoel; No ImagePath
S1 blnyluax; No ImagePath
S1 bxvknznz; No ImagePath
S1 calwkyoh; No ImagePath
S1 csouovll; \??\C:\Windows\system32\drivers\csouovll.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S1 eyhmkoxc; No ImagePath
S1 gmcyysxe; \??\C:\Windows\system32\drivers\gmcyysxe.sys [X]
S1 gzovqwlo; No ImagePath
S1 hgrketja; \??\C:\Windows\system32\drivers\hgrketja.sys [X]
S1 hjbaugtf; No ImagePath
S1 hpzcmekn; No ImagePath
S1 idgksizh; \??\C:\Windows\system32\drivers\idgksizh.sys [X]
S1 imxpezof; No ImagePath
S1 iomzqlia; No ImagePath
S1 jhvusnro; No ImagePath
S1 johxzjxo; \??\C:\Windows\system32\drivers\johxzjxo.sys [X]
S1 kixlqqis; \??\C:\Windows\system32\drivers\kixlqqis.sys [X]
S1 kyernmvt; No ImagePath
S1 lmohiqys; \??\C:\Windows\system32\drivers\lmohiqys.sys [X]
S1 lqhtsnyi; \??\C:\Windows\system32\drivers\lqhtsnyi.sys [X]
S1 mohuhjbr; No ImagePath
S1 nbqboypg; No ImagePath
S1 nioyafri; No ImagePath
S3 Profos; No ImagePath
S1 qbtpojbw; \??\C:\Windows\system32\drivers\qbtpojbw.sys [X]
S1 qkhdjhrz; No ImagePath
S1 szfbsrkv; No ImagePath
S1 sztoigbt; No ImagePath
S1 tafkhagl; \??\C:\Windows\system32\drivers\tafkhagl.sys [X]
S1 tzeqybma; \??\C:\Windows\system32\drivers\tzeqybma.sys [X]
S1 wkrcjoqc; \??\C:\Windows\system32\drivers\wkrcjoqc.sys [X]
S1 xbapjmcg; \??\C:\Windows\system32\drivers\xbapjmcg.sys [X]
S1 xetepzfq; No ImagePath
Emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Frisches FRST Log bitte. Was ist Laufwerk K?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
28.12.2014, 07:42
| #11 |
| | Chrome Browser öffnet fensterCode:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 27-12-2014
Ran by Klammer Tom at 2014-12-28 01:38:37 Run:1
Running from C:\Users\Klammer Tom\Desktop
Loaded Profile: Klammer Tom (Available profiles: Klammer Tom & Babsi & Gast)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Task: {0C075D54-3C83-47AE-96DC-6D1705C848A4} - \AdobeFlashPlayerUpdate No Task File <==== ATTENTION
Task: {284CF58D-6BE8-4E41-A012-24361695D8A5} - System32\Tasks\PenWes => C:\Program Files\PenWes\penwes.exe <==== ATTENTION
Task: {F5BEDD76-F567-44D4-A46A-A374FE34B733} - \AdobeFlashPlayerUpdate 2 No Task File <==== ATTENTION
CHR HKU\S-1-5-21-1212480921-3000280771-3724376844-1001\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\KLAMME~1\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-05-04]
S1 acnppeaf; No ImagePath
S1 ajvxhtkn; No ImagePath
S1 alrpfdow; No ImagePath
S1 bbckdoel; No ImagePath
S1 blnyluax; No ImagePath
S1 bxvknznz; No ImagePath
S1 calwkyoh; No ImagePath
S1 csouovll; \??\C:\Windows\system32\drivers\csouovll.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S1 eyhmkoxc; No ImagePath
S1 gmcyysxe; \??\C:\Windows\system32\drivers\gmcyysxe.sys [X]
S1 gzovqwlo; No ImagePath
S1 hgrketja; \??\C:\Windows\system32\drivers\hgrketja.sys [X]
S1 hjbaugtf; No ImagePath
S1 hpzcmekn; No ImagePath
S1 idgksizh; \??\C:\Windows\system32\drivers\idgksizh.sys [X]
S1 imxpezof; No ImagePath
S1 iomzqlia; No ImagePath
S1 jhvusnro; No ImagePath
S1 johxzjxo; \??\C:\Windows\system32\drivers\johxzjxo.sys [X]
S1 kixlqqis; \??\C:\Windows\system32\drivers\kixlqqis.sys [X]
S1 kyernmvt; No ImagePath
S1 lmohiqys; \??\C:\Windows\system32\drivers\lmohiqys.sys [X]
S1 lqhtsnyi; \??\C:\Windows\system32\drivers\lqhtsnyi.sys [X]
S1 mohuhjbr; No ImagePath
S1 nbqboypg; No ImagePath
S1 nioyafri; No ImagePath
S3 Profos; No ImagePath
S1 qbtpojbw; \??\C:\Windows\system32\drivers\qbtpojbw.sys [X]
S1 qkhdjhrz; No ImagePath
S1 szfbsrkv; No ImagePath
S1 sztoigbt; No ImagePath
S1 tafkhagl; \??\C:\Windows\system32\drivers\tafkhagl.sys [X]
S1 tzeqybma; \??\C:\Windows\system32\drivers\tzeqybma.sys [X]
S1 wkrcjoqc; \??\C:\Windows\system32\drivers\wkrcjoqc.sys [X]
S1 xbapjmcg; \??\C:\Windows\system32\drivers\xbapjmcg.sys [X]
S1 xetepzfq; No ImagePath
Emptytemp:
*****************
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0C075D54-3C83-47AE-96DC-6D1705C848A4}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0C075D54-3C83-47AE-96DC-6D1705C848A4}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AdobeFlashPlayerUpdate" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{284CF58D-6BE8-4E41-A012-24361695D8A5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{284CF58D-6BE8-4E41-A012-24361695D8A5}" => Key deleted successfully.
C:\Windows\System32\Tasks\PenWes => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PenWes" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{F5BEDD76-F567-44D4-A46A-A374FE34B733}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F5BEDD76-F567-44D4-A46A-A374FE34B733}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AdobeFlashPlayerUpdate 2" => Key deleted successfully.
"HKU\S-1-5-21-1212480921-3000280771-3724376844-1001\SOFTWARE\Google\Chrome\Extensions\apdfllckaahabafndbhieahigkjlhalf" => Key deleted successfully.
C:\Users\KLAMME~1\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx => Moved successfully.
acnppeaf => Service deleted successfully.
ajvxhtkn => Service deleted successfully.
alrpfdow => Service deleted successfully.
bbckdoel => Service deleted successfully.
blnyluax => Service deleted successfully.
bxvknznz => Service deleted successfully.
calwkyoh => Service deleted successfully.
csouovll => Service deleted successfully.
dgderdrv => Service deleted successfully.
eyhmkoxc => Service deleted successfully.
gmcyysxe => Service deleted successfully.
gzovqwlo => Service deleted successfully.
hgrketja => Service deleted successfully.
hjbaugtf => Service deleted successfully.
hpzcmekn => Service deleted successfully.
idgksizh => Service deleted successfully.
imxpezof => Service deleted successfully.
iomzqlia => Service deleted successfully.
jhvusnro => Service deleted successfully.
johxzjxo => Service deleted successfully.
kixlqqis => Service deleted successfully.
kyernmvt => Service deleted successfully.
lmohiqys => Service deleted successfully.
lqhtsnyi => Service deleted successfully.
mohuhjbr => Service deleted successfully.
nbqboypg => Service deleted successfully.
nioyafri => Service deleted successfully.
Profos => Service deleted successfully.
qbtpojbw => Service deleted successfully.
qkhdjhrz => Service deleted successfully.
szfbsrkv => Service deleted successfully.
sztoigbt => Service deleted successfully.
tafkhagl => Service deleted successfully.
tzeqybma => Service deleted successfully.
wkrcjoqc => Service deleted successfully.
xbapjmcg => Service deleted successfully.
xetepzfq => Service deleted successfully.
EmptyTemp: => Removed 353.9 MB temporary data.
The system needed a reboot.
==== End of Fixlog 01:39:28 ====
|
|
28.12.2014, 19:22
| #12 |
| /// the machine /// TB-Ausbilder | Chrome Browser öffnet fenster ESET Funde auf K von Hand löschen. Revo Uninstaller - Download - Filepony damit Chrome deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren. Dann: https://support.google.com/chrome/answer/3296214?hl=de Frisches FRST Log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
29.12.2014, 07:45
| #13 |
| | Chrome Browser öffnet fenster ESET Funde auf K von Hand löschen.hab eset deinstalliert .wie beschrieben auf K sind aber nur Fotos und video vom Urlaub,geburtstag usw Bei Google chrome lassen sich 9 einträge nicht löschen |
|
29.12.2014, 20:05
| #14 | |
| /// the machine /// TB-Ausbilder | Chrome Browser öffnet fensterZitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
30.12.2014, 01:47
| #15 |
| | Chrome Browser öffnet fenster Hab dir einnen link geschikt über pm.kurzes video.hab jetzt einennneustart gemacht.soll ich jetzt Chrom wieder installieren.wegen den 9 Dateien? |
|
| Themen zu Chrome Browser öffnet fenster |
| applaus, avira, browser, browser öffnet fenster, chrome, einiger, fenster, nichts, scan, scanner, werbe, öffnet |
dann auf 
und dann auf 
. 
WARNUNG an die MITLESER: 
Linear-Darstellung
