|
Plagegeister aller Art und deren Bekämpfung: db22.exe wurde von Stinger gefunden aber nicht gelöschtWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
15.01.2015, 20:27 | #1 |
| db22.exe wurde von Stinger gefunden aber nicht gelöscht Hallo, bin neu hier. Auf meinem Rechner wurde eine Datei db22.exe gefunden und von McAffee als Trojaner eingestuft. Die Datei wurde aber nicht gelöscht. Kann ich die einfach so löschen? Die Datei liegt in C:\windows\temp\ Ich vermute, dass die Anwendung viele Ressourecen frisst. Außerdem höre ich ab und zu aus den Lautsprechern sowas wie Radio. Nur ganz kurz. Habe den Thread "Musik wird im Hintergrund abgespielt" gelesen. Bin aber nicht so richtig schlau draus geworden. Kann mir bitte jemand helfen? Danke, Ronark |
15.01.2015, 20:28 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | db22.exe wurde von Stinger gefunden aber nicht gelöscht Hallo und
__________________Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten! Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht! Zudem bitte auch ein Log mit Farbars Tool machen: Scan mit Farbar's Recovery Scan Tool (FRST) Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
Lesestoff: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit. Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
15.01.2015, 20:32 | #3 |
| db22.exe wurde von Stinger gefunden aber nicht gelöscht Der Scan mit Stinger läuft noch. Deshalb habe ich noch kein Log-File.
__________________Das ist schon der 2. Lauf mit Stinger. Beim ersten hatte er die db22.exe 2-mal gefunden und eine davon gelöscht. |
15.01.2015, 20:34 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | db22.exe wurde von Stinger gefunden aber nicht gelöscht Bitte nicht auf Stinger allein rumreiten. Die Frage war auch, ob andere Scanner was gefunden haben.
__________________ Logfiles bitte immer in CODE-Tags posten |
15.01.2015, 20:40 | #5 |
| db22.exe wurde von Stinger gefunden aber nicht gelöscht die MS Security Essentials haben nichts gefunden. |
15.01.2015, 20:47 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | db22.exe wurde von Stinger gefunden aber nicht gelöscht Ok. Und weiter? Was ist mit anderen Scannern, kamen welche zum Einsatz? FRST Logs fehlen auch noch.
__________________ --> db22.exe wurde von Stinger gefunden aber nicht gelöscht |
15.01.2015, 20:55 | #7 |
| db22.exe wurde von Stinger gefunden aber nicht gelöscht Der Stinger läuft noch. Hatte ihn vor zweieinhalstunden über das komplette C LW geschickt. Weitere Scanner habe ich nicht. Jetzt hat Stinger die db22.exe gelöscht. Ich bezweifele aber, dass das reicht. Das File wird vermutlich wieder automatisch aus dem INET nachgeladen. Muss jetzt erstmal warten bis Stinger durch ist. Hat wohl keinen Zweck parallel FRST zu installieren und dann zu starten. |
15.01.2015, 21:01 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | db22.exe wurde von Stinger gefunden aber nicht gelöscht Stinger hat hier keine Relevanz. Genauso gut kannst du es abbrechen. Spiel bei Analysen und Bereinigen garkeine Rolle das Tool.
__________________ Logfiles bitte immer in CODE-Tags posten |
15.01.2015, 21:17 | #9 |
| db22.exe wurde von Stinger gefunden aber nicht gelöscht ok. Installiere jetzt FRST und scanne. FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-01-2015 01 Ran by RAaM2 (administrator) on RAINER-PC on 15-01-2015 21:10:53 Running from C:\Users\RAaM2\Downloads Loaded Profiles: RAaM2 (Available profiles: RAaM2 & Sarah & Christa & Gast) Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (REINER SCT) C:\Windows\System32\cjpcsc.exe (MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (Teruten) C:\Windows\System32\FsUsbExService.Exe (Nitro PDF Software) C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe (Sony Corporation) C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe () C:\Windows\System32\PSIService.exe () C:\Program Files\Macrium\Reflect\ReflectService.exe () C:\Program Files\CyberLink\Shared files\RichVideo.exe (DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH) C:\Program Files\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files\StarMoney 9.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe () C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe (Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (X10) C:\Program Files\Common Files\X10\Common\X10nets.exe () C:\Program Files\002\yewimmxqbs32.exe (Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Google Inc.) C:\Program Files\Google\Update\1.3.25.11\GoogleCrashHandler.exe () C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe (Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe () C:\Windows\System32\UMonit.exe () C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe (Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe () C:\Program Files\ZOOM\Edit_Share\bin\ZOOM Edit&Share startup.exe (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe (Sony Corporation) C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Google) C:\Program Files\Google\Drive\googledrivesync.exe (Microsoft Corporation) C:\Users\RAaM2\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Samsung) C:\Program Files\Samsung\Kies\Kies.exe (Samsung) C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe (Google) C:\Program Files\Google\Drive\googledrivesync.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (Dropbox, Inc.) C:\Users\RAaM2\AppData\Roaming\Dropbox\bin\Dropbox.exe (Sony Corporation) C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDms.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe () C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe () C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe () C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe () C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe () C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe () C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe (Google Inc.) C:\Users\RAaM2\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\RAaM2\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\RAaM2\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\RAaM2\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\RAaM2\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\RAaM2\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\RAaM2\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\RAaM2\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\RAaM2\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\RAaM2\AppData\Local\Google\Chrome\Application\chrome.exe (Avid Technology, Inc.) C:\Windows\System32\dgfwcpl.exe (Google Inc.) C:\Users\RAaM2\AppData\Local\Google\Chrome\Application\chrome.exe (Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe (Google Inc.) C:\Users\RAaM2\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\RAaM2\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Google Quick Search Box] => C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe [122880 2009-11-27] (Google Inc.) HKLM\...\Run: [NetFxUpdate_v1.1.4322] => C:\Windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe [106496 2004-08-10] (Microsoft) HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1603152 2007-09-13] (CANON INC.) HKLM\...\Run: [SSBkgdUpdate] => C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.) HKLM\...\Run: [WrtMon.exe] => C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exe [20480 2006-09-20] () HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation) HKLM\...\Run: [NPSStartup] => [X] HKLM\...\Run: [UMonit] => C:\Windows\system32\UMonit.exe [200704 2007-06-18] () HKLM\...\Run: [BigDog303] => C:\Windows\VM303_STI.EXE [61440 2006-01-24] (Vimicro) HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated) HKLM\...\Run: [WD Quick View] => C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe [5562736 2014-07-22] (Western Digital Technologies, Inc.) HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation) HKLM\...\Run: [Path] => C:\Program Files\ZOOM\Edit_Share\bin\ZOOM Edit&Share startup.exe [1989632 2012-06-08] () HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2296600 2013-07-31] (Logitech, Inc.) HKLM\...\Run: [PMBVolumeWatcher] => C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2707992 2014-09-03] (Sony Corporation) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12021464 2014-05-09] (Realtek Semiconductor) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.) Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) HKU\S-1-5-21-837243161-1062950140-3748333167-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-11-27] (Google Inc.) HKU\S-1-5-21-837243161-1062950140-3748333167-1000\...\Run: [Google Update] => C:\Users\RAaM2\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-18] (Google Inc.) HKU\S-1-5-21-837243161-1062950140-3748333167-1000\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google) HKU\S-1-5-21-837243161-1062950140-3748333167-1000\...\Run: [SkyDrive] => C:\Users\RAaM2\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [277672 2014-09-25] (Microsoft Corporation) HKU\S-1-5-21-837243161-1062950140-3748333167-1000\...\Run: [KiesPreload] => C:\Program Files\Samsung\Kies\Kies.exe [1565504 2014-12-16] (Samsung) HKU\S-1-5-21-837243161-1062950140-3748333167-1000\...\Run: [KiesPDLR.exe] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845120 2014-12-16] (Samsung) HKU\S-1-5-21-837243161-1062950140-3748333167-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5489944 2014-12-12] (Piriform Ltd) HKU\S-1-5-21-837243161-1062950140-3748333167-1000\...\Policies\Explorer: [NoFolderOptions] 0 HKU\S-1-5-21-837243161-1062950140-3748333167-1000\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-21-837243161-1062950140-3748333167-1000\...\MountPoints2: {46bb24e7-c704-11e2-bb50-4061864d3aa8} - F:\setup_vmb_lite.exe /checkApplicationPresence Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.) Startup: C:\Users\RAaM2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\RAaM2\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-837243161-1062950140-3748333167-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-837243161-1062950140-3748333167-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ HKU\S-1-5-21-837243161-1062950140-3748333167-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com/ SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = SearchScopes: HKU\S-1-5-21-837243161-1062950140-3748333167-1000 -> DefaultScope {4128802F-8A28-42C8-A441-F464AA11DDFD} URL = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7GFRE_deDE355 SearchScopes: HKU\S-1-5-21-837243161-1062950140-3748333167-1000 -> {16639E9F-A73B-4829-BF1B-C8E7FA2A33A7} URL = hxxp://rover.ebay.com/rover/1/707-37276-23097-0/4?satitle={searchTerms} SearchScopes: HKU\S-1-5-21-837243161-1062950140-3748333167-1000 -> {17E5117F-F86D-40CA-B89B-2C5B34D78C4B} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&tag=iesearch-21&index=blended&linkCode=qs&camp=1789&creative=9325&keywords={searchTerms} SearchScopes: HKU\S-1-5-21-837243161-1062950140-3748333167-1000 -> {2BE66F85-635A-44FC-96C2-6CF411D6FAFE} URL = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms} SearchScopes: HKU\S-1-5-21-837243161-1062950140-3748333167-1000 -> {4128802F-8A28-42C8-A441-F464AA11DDFD} URL = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7GFRE_deDE355 SearchScopes: HKU\S-1-5-21-837243161-1062950140-3748333167-1000 -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = SearchScopes: HKU\S-1-5-21-837243161-1062950140-3748333167-1000 -> {7616FC6D-7F42-41D3-8FAA-C4F318003C6D} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&tag=iesearchde-21&index=blended&linkCode=qs&camp=1789&creative=9325&keywords={searchTerms} SearchScopes: HKU\S-1-5-21-837243161-1062950140-3748333167-1000 -> {945F02B5-2F33-4B96-8841-835C510EC8C2} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&tag=iesearchde-21&index=blended&linkCode=qs&camp=1789&creative=9325&keywords={searchTerms} SearchScopes: HKU\S-1-5-21-837243161-1062950140-3748333167-1000 -> {A8A65AC0-056A-4CEE-9936-3FE3098CF4EA} URL = hxxp://suche.t-online.de/fast-cgi/tsc?q={searchTerms}&sr=searchbar SearchScopes: HKU\S-1-5-21-837243161-1062950140-3748333167-1000 -> {BC87AC6A-4758-4D2A-94EC-84CD4274D282} URL = hxxp://suche.web.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin SearchScopes: HKU\S-1-5-21-837243161-1062950140-3748333167-1000 -> {BCB7F24B-F6E1-4BB1-BE9E-BF32BFE7DEA4} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&index=blended&linkCode=ur2&camp=1638&creative=6742&tag=iepluginsearch-21 SearchScopes: HKU\S-1-5-21-837243161-1062950140-3748333167-1000 -> {D691082F-E5F2-40CE-8941-3106EBE25670} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-837243161-1062950140-3748333167-1000 -> {EFDAAA28-5D6C-40C3-80EF-43B71364A10F} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&tag=iesearchde-21&index=blended&linkCode=qs&camp=1789&creative=9325&keywords={searchTerms} BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.) BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKU\S-1-5-21-837243161-1062950140-3748333167-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File Toolbar: HKU\S-1-5-21-837243161-1062950140-3748333167-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {FD3FF62E-61A7-48EE-A4A4-97CE7BD1F99D} https://eplace-eu.solvay.com/postauthACC/SodaAgent.CAB Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\RAaM2\AppData\Roaming\Mozilla\Firefox\Profiles\vs2ls8wg.default FF Homepage: hxxp://www.google.de/ FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_257.dll () FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.4 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @nitropdf.com/NitroPDF -> C:\Program Files\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF) FF Plugin: @real.com/nppl3260;version=6.0.12.448 -> C:\Program Files\Win7codecs\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=6.0.12.448 -> C:\Program Files\Win7codecs\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-837243161-1062950140-3748333167-1000: @tools.google.com/Google Update;version=3 -> C:\Users\RAaM2\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKU\S-1-5-21-837243161-1062950140-3748333167-1000: @tools.google.com/Google Update;version=9 -> C:\Users\RAaM2\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKU\S-1-5-21-837243161-1062950140-3748333167-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\RAaM2\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF SearchPlugin: C:\Users\RAaM2\AppData\Roaming\Mozilla\Firefox\Profiles\vs2ls8wg.default\searchplugins\conduit.xml FF Extension: vis - C:\Users\RAaM2\AppData\Roaming\Mozilla\Firefox\Profiles\vs2ls8wg.default\Extensions\EFGLQA@78ETGYN-0W7FN789T87.COM [2013-11-13] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-07-31] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-09-01] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012-10-22] FF HKLM\...\Firefox\Extensions: [ClickPotatoLite@ClickPotatoLite.com] - C:\Program Files\ClickPotatoLite\bin\10.0.628.0\firefox\extensions FF HKLM\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-05-27] FF HKU\S-1-5-21-837243161-1062950140-3748333167-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] Chrome: ======= CHR HomePage: Default -> hxxp://www.google.com/ CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Users\RAaM2\AppData\Local\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Users\RAaM2\AppData\Local\Google\Chrome\Application\39.0.2171.95\pdf.dll () CHR Plugin: (Shockwave Flash) - C:\Users\RAaM2\AppData\Local\Google\Chrome\Application\39.0.2171.95\gcswf32.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation) CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll No File CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll No File CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File CHR Plugin: (DivX Player Netscape Plugin) - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) CHR Plugin: (DivX Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Win7codecs\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Win7codecs\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll No File CHR Profile: C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (DER SPIEGEL) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aafpbllkmchckcndlogpofcepplhndlg [2012-11-16] CHR Extension: (Quick Sidebar) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ainbkicbloikcngphmjfpjdemblcojdd [2014-06-15] CHR Extension: (Google Drive) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-04-04] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-04] CHR Extension: (YouTube) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-17] CHR Extension: (Google Cast) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-03-20] CHR Extension: (Adblock Plus) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-04-01] CHR Extension: (Kindle Cloud Reader) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnemmpobpfaichgccgcilgncfigplmol [2014-11-11] CHR Extension: (Google-Suche) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-17] CHR Extension: (hxxp://tunein.com/) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\dblgfaikinhoidnoieheigjobmlkhcjc [2013-06-30] CHR Extension: (Logitech Smooth Scrolling) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2014-05-27] CHR Extension: (Google News) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\dllkocilcinkggkchnjgegijklcililc [2013-01-10] CHR Extension: (Simple Google bookmarks) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\dobhkcpfdpfhghdmiecokllfjiemfmgm [2012-10-22] CHR Extension: (Cut the Rope) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkddaofiamhgfjmaccfcfpfolpgbeomj [2012-12-31] CHR Extension: (Dropbox) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2013-04-05] CHR Extension: (SoundCloud) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipebkipbeggmmkjjljenoblnfaenambp [2013-04-06] CHR Extension: (Scratchpad) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjebfhglflhjjjiceimfkgicifkhjlnm [2012-11-16] CHR Extension: (Super Mario Flash 2 Spiel) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\knbkkfblonehbjjkdfiejflknbokmame [2013-09-23] CHR Extension: (Google Play) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2012-12-07] CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-10] CHR Extension: (Google Maps) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2013-01-10] CHR Extension: (OneDrive) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffchahhjecejoiigmnhhicpoabngedk [2013-04-03] CHR Extension: (LocalChromecast Player) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmladpigjlinmngadjgfogblnmddndcp [2014-03-25] CHR Extension: (Google Wallet) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21] CHR Extension: (Google Chrome to Phone Extension) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco [2012-11-24] CHR Extension: (TV Movie Fernsehprogramm) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\omigcnbanchckjpihkioagdjjdhkhhdh [2013-10-05] CHR Extension: (Wetter) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\paafljigflaodeomfbpjcggedcilkoop [2013-01-10] CHR Extension: (Quick start) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma [2014-06-15] CHR Extension: (Google Mail) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-17] CHR HKLM\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path CHR HKLM\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:\Users\RAaM2\AppData\Roaming\BabSolution\CR\Delta.crx [Not Found] CHR HKLM\...\Chrome\Extension: [mkndcbhcgphcfkkddanakjiepeknbgle] - C:\Program Files\RelevantKnowledge\rlcm.crx [Not Found] CHR HKU\S-1-5-21-837243161-1062950140-3748333167-1000\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path CHR StartMenuInternet: Google Chrome - C:\Users\RAaM2\AppData\Local\Google\Chrome\Application\chrome.exe ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 cjpcsc; C:\Windows\system32\cjpcsc.exe [514128 2012-03-19] (REINER SCT) R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1155072 2009-02-03] (MAGIX AG) [File not signed] S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®) [File not signed] R2 FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [233472 2013-04-18] (Teruten) [File not signed] S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.) R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation) R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation) R2 NitroReaderDriverReadSpool3; C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe [196624 2013-03-26] (Nitro PDF Software) R2 PMBDeviceInfoProvider; C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [484888 2014-09-03] (Sony Corporation) R2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [177704 2007-06-05] () S3 PS3 Media Server; C:\Program Files\PS3 Media Server\win32\service\wrapper.exe [217088 2008-08-17] () [File not signed] R2 ReflectService; C:\Program Files\Macrium\Reflect\ReflectService.exe [220128 2009-11-12] () R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [244904 2009-07-27] () [File not signed] S2 SamsungAllShareV2.0; C:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [25504 2012-01-19] (Samsung Electronics Co., Ltd.) S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [657408 2009-10-27] (Nokia) [File not signed] S3 SimpleSlideShowServer; C:\Program Files\Samsung\AllShare\AllShareSlideShowService.exe [27584 2012-03-02] (Samsung Electronics Co., Ltd.) R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.) R2 StarMoney 8.0 OnlineUpdate; C:\Program Files\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe [699680 2012-12-21] (Star Finanz - Software Entwicklung und Vertriebs GmbH) R2 StarMoney 9.0 OnlineUpdate; C:\Program Files\StarMoney 9.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe [697488 2014-07-04] (Star Finanz-Software Entwicklung und Vertriebs GmbH) R2 Verifies and fixes application compatibility issues; C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe [91304 2015-01-12] () R2 WDBackup; C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-12-02] (Western Digital Technologies, Inc.) R2 WDDriveService; C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-06-02] (Western Digital Technologies, Inc.) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation) U2 x10nets; C:\Program Files\Common Files\X10\Common\X10nets.exe [20480 2001-11-12] (X10) [File not signed] R2 yewimmxqbs32; C:\Program Files\002\yewimmxqbs32.exe [541696 2014-04-27] () [File not signed] S2 mfevtp; "C:\Windows\system32\mfevtps.exe" [X] S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 bizVSerial; C:\Windows\System32\drivers\bizVSerialNT.sys [14949 2007-05-31] (franson.biz) [File not signed] R3 cjusb; C:\Windows\System32\DRIVERS\cjusb.sys [28144 2011-03-29] (REINER SCT) S3 DIGIFW; C:\Windows\System32\DRIVERS\digifw.sys [167952 2010-10-23] (Avid Technology, Inc.) R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-04-18] () [File not signed] R3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [28312 2013-05-23] (Logitech, Inc.) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation) R2 NPF; C:\Windows\System32\drivers\npf.sys [50704 2009-10-20] (CACE Technologies, Inc.) S3 NxpCap; C:\Windows\System32\DRIVERS\NxpCap.sys [1488096 2009-07-30] (NXP Semiconductors Germany GmbH) S3 PSMounter; C:\Windows\system32\drivers\psmounter.sys [32736 2009-11-12] (Macrium Software) R0 pssnap; C:\Windows\System32\DRIVERS\pssnap.sys [15328 2008-05-20] (Macrium Software) R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [36624 2006-11-02] (Sonic Solutions) [File not signed] S3 RTL8187B; C:\Windows\System32\DRIVERS\rtl8187B.sys [379904 2010-03-31] (Realtek Semiconductor Corporation ) R0 TPkd; C:\Windows\system32\Drivers\TPkd.sys [93304 2010-09-26] (PACE Anti-Piracy, Inc.) R3 TrdCap; C:\Windows\System32\DRIVERS\TrdCap.sys [1554472 2010-06-09] (Trident Microsystems, Inc.) R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [13720 2009-05-13] (X10 Wireless Technology, Inc.) R3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27160 2009-05-13] (X10 Wireless Technology, Inc.) S3 ZMGHPAudioSrv; C:\Windows\System32\drivers\zmghpau.sys [38016 2011-02-18] (ZOOM) S3 ZSMC303; C:\Windows\System32\Drivers\usbVM303.sys [391300 2006-02-23] (Vimicro Corporation) R0 mfehidk; system32\drivers\mfehidk.sys [X] S0 mferkdet; system32\drivers\mferkdet.sys [X] S1 muhilvre; \??\C:\Windows\system32\drivers\muhilvre.sys [X] S3 upperdev; system32\DRIVERS\usbser_lowerflt.sys [X] S2 WiseFS; \??\H:\Folders\Software\WFH\Wise Folder Hider\WiseFs32.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-15 21:10 - 2015-01-15 21:12 - 00036581 _____ () C:\Users\RAaM2\Downloads\FRST.txt 2015-01-15 21:10 - 2015-01-15 21:11 - 00000000 ____D () C:\FRST 2015-01-15 21:08 - 2015-01-15 21:09 - 01116672 _____ (Farbar) C:\Users\RAaM2\Downloads\FRST.exe 2015-01-15 18:11 - 2015-01-15 21:05 - 00001287 _____ () C:\Users\RAaM2\Downloads\Stinger_15012015_181146.html 2015-01-15 18:11 - 2015-01-15 18:11 - 00179600 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe.e39d.deleteme 2015-01-15 17:30 - 2015-01-15 17:57 - 00000865 _____ () C:\Windows\setupact.log 2015-01-15 17:30 - 2015-01-15 17:30 - 00000000 _____ () C:\Windows\setuperr.log 2015-01-15 16:45 - 2015-01-15 14:05 - 04188536 _____ (Piriform Ltd) C:\Users\RAaM2\Downloads\ccsetup501_slim.exe 2015-01-15 16:43 - 2015-01-15 21:09 - 00000114 ___RH () C:\Users\RAaM2\Downloads\Stinger.opt 2015-01-15 13:32 - 2015-01-15 13:32 - 00014029 _____ () C:\Users\RAaM2\Downloads\hijackthis.log 2015-01-15 13:22 - 2015-01-15 13:27 - 00388608 _____ (Trend Micro Inc.) C:\Users\RAaM2\Downloads\HiJackThis204.exe 2015-01-15 13:13 - 2015-01-15 13:13 - 00000000 ____D () C:\Quarantine 2015-01-15 13:07 - 2015-01-15 16:38 - 00001073 _____ () C:\Users\RAaM2\Downloads\Stinger_15012015_130717.html 2015-01-15 13:06 - 2015-01-15 21:09 - 00000000 ____D () C:\Program Files\stinger 2015-01-15 13:00 - 2015-01-15 13:04 - 11165552 _____ (McAfee Inc) C:\Users\RAaM2\Downloads\stinger32.exe 2015-01-14 17:28 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2015-01-14 17:28 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-01-14 17:27 - 2014-12-19 03:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2015-01-14 17:27 - 2014-12-11 18:47 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2015-01-14 17:27 - 2014-12-06 04:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll 2015-01-14 17:26 - 2014-12-19 02:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2015-01-14 17:17 - 2015-01-14 17:52 - 00000000 ____D () C:\Users\RAaM2\AppData\Roaming\Compatibility Verifier 2015-01-13 20:08 - 2015-01-15 21:07 - 00000112 _____ () C:\ProgramData\W4Gisl.dat 2015-01-13 20:08 - 2015-01-13 20:08 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia 2015-01-13 20:08 - 2015-01-13 20:08 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Adobe 2015-01-13 20:08 - 2015-01-13 20:08 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia 2015-01-13 20:08 - 2015-01-13 20:08 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Adobe 2015-01-13 20:06 - 2015-01-15 17:35 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Compatibility Verifier 2015-01-13 20:06 - 2015-01-15 17:35 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Compatibility Verifier 2015-01-01 18:05 - 2014-10-13 06:57 - 00184192 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudmdm.sys 2015-01-01 18:05 - 2014-10-13 06:57 - 00089856 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudbus.sys 2014-12-28 19:40 - 2014-12-28 19:40 - 00001221 _____ () C:\Users\RAaM2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TrayIt!.lnk 2014-12-28 19:39 - 2014-12-28 19:39 - 00000000 ____D () C:\Program Files\trayit_4_6_5_5 2014-12-28 19:35 - 2014-12-28 19:35 - 00000000 ____D () C:\Users\RAaM2\Downloads\nw_7668_trayitzip 2014-12-28 19:33 - 2014-12-28 19:33 - 00335253 _____ () C:\Users\RAaM2\Downloads\nw_7668_trayitzip.zip 2014-12-19 15:21 - 2014-12-19 15:21 - 04330507 _____ () C:\Users\RAaM2\Downloads\Tip0000-Download-Paket-Demo.zip 2014-12-18 12:05 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-15 21:11 - 2014-01-02 12:16 - 00000000 ____D () C:\Program Files\StarMoney 9.0 S-Edition 2015-01-15 20:56 - 2009-11-27 21:31 - 01072621 _____ () C:\Windows\WindowsUpdate.log 2015-01-15 20:35 - 2013-10-04 16:48 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-01-15 20:33 - 2010-02-15 22:55 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-01-15 20:15 - 2011-07-22 21:58 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-837243161-1062950140-3748333167-1000UA.job 2015-01-15 18:06 - 2009-07-14 05:34 - 00018512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-01-15 18:06 - 2009-07-14 05:34 - 00018512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-01-15 17:32 - 2013-04-05 19:39 - 00000000 ___RD () C:\Users\RAaM2\Dropbox 2015-01-15 17:32 - 2013-04-05 19:34 - 00000000 ____D () C:\Users\RAaM2\AppData\Roaming\Dropbox 2015-01-15 17:32 - 2013-04-03 15:10 - 00000000 ___RD () C:\Users\RAaM2\SkyDrive 2015-01-15 17:31 - 2013-01-26 20:32 - 00000000 ___RD () C:\Users\RAaM2\Google Drive 2015-01-15 17:30 - 2014-07-14 18:35 - 00008192 _____ () C:\Windows\system32\WDPABKP.dat 2015-01-15 17:30 - 2010-02-15 22:55 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-01-15 17:30 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-01-15 17:14 - 2010-05-09 20:30 - 00000000 ____D () C:\Windows\Minidump 2015-01-15 17:11 - 2013-08-15 23:30 - 00000000 ____D () C:\Users\RAaM2\Desktop\Tools 2015-01-15 16:47 - 2014-01-29 13:10 - 00000000 ____D () C:\Program Files\CCleaner 2015-01-15 12:15 - 2011-07-22 21:58 - 00001068 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-837243161-1062950140-3748333167-1000Core.job 2015-01-14 18:36 - 2012-10-24 17:25 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-01-14 18:36 - 2011-05-16 12:46 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2015-01-14 17:12 - 2013-08-15 23:45 - 00000000 ____D () C:\Windows\system32\MRT 2015-01-14 16:45 - 2009-09-24 16:13 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-01-14 15:36 - 2009-11-27 21:31 - 00000000 ____D () C:\Users\RAaM2 2015-01-14 15:36 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\wfp 2015-01-14 15:34 - 2014-10-10 17:19 - 00000000 ____D () C:\Users\RAaM2\AppData\Roaming\Telegram Win (Unofficial) 2015-01-14 15:34 - 2013-08-15 23:28 - 00000000 ____D () C:\Users\RAaM2\Desktop\Handy 2015-01-14 15:34 - 2013-07-03 14:56 - 00000000 ____D () C:\ProgramData\Package Cache 2015-01-14 15:34 - 2012-03-10 15:38 - 00000000 ____D () C:\Users\Sarah 2015-01-14 15:34 - 2010-10-24 13:21 - 00000000 ____D () C:\Users\Christa 2015-01-14 15:34 - 2010-07-10 16:42 - 00000000 ____D () C:\ProgramData\McAfee Security Scan 2015-01-14 15:34 - 2010-01-16 12:23 - 00000000 ____D () C:\Users\Gast 2015-01-14 15:34 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE 2015-01-14 15:33 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\registration 2015-01-14 15:32 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2015-01-13 22:45 - 2009-09-24 15:43 - 01649492 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-01-02 17:15 - 2009-12-05 20:19 - 00000404 _____ () C:\Windows\Tasks\1-Klick-Wartung.job 2015-01-01 14:41 - 2013-11-12 23:15 - 00000000 ____D () C:\Users\RAaM2\Documents\SelfMV 2014-12-31 12:13 - 2009-10-05 17:03 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-12-23 19:41 - 2012-08-03 16:13 - 00000000 ____D () C:\Users\RAaM2\AppData\Roaming\Skype 2014-12-22 21:22 - 2014-10-22 14:02 - 00000000 ___RD () C:\Program Files\Skype 2014-12-22 21:22 - 2012-08-03 16:13 - 00000000 ____D () C:\ProgramData\Skype 2014-12-19 15:25 - 2009-12-05 01:01 - 00000000 ____D () C:\Users\RAaM2\AppData\Roaming\vlc 2014-12-17 21:27 - 2009-12-02 23:08 - 00002648 _____ () C:\Users\RAaM2\AppData\Roaming\wklnhst.dat 2014-12-17 17:45 - 2013-04-05 19:36 - 00000000 ____D () C:\Users\RAaM2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox Files to move or delete: ==================== C:\ProgramData\W4Gisl.dat Some content of TEMP: ==================== C:\Users\Gast\AppData\Local\Temp\{7815BC09-5CB0-49E5-B205-E2E29FD09BC9}-21.0.1180.60_chrome_installer.exe C:\Users\RAaM2\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp9tjfpi.dll C:\Users\RAaM2\AppData\Local\Temp\repair4.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2013-10-31 09:04 ==================== End Of Log ============================ --- --- --- |
15.01.2015, 21:17 | #10 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | db22.exe wurde von Stinger gefunden aber nicht gelöscht Zukünftig bitte beachten: Zitat:
Bitte alle Tools direkt auf den Desktop downloaden bzw. dorthin verschieben und vom Desktop starten, da unsere Anleitungen daraufhin ausgelegt sind. Zudem lassen sich dann am Ende der Bereinigung alle verwendeten Tools sehr einfach entfernen. Alle Tools bis zum Ende der Bereinigung auf dem Desktop lassen, evtl. benötigen wir manche öfter.
__________________ Logfiles bitte immer in CODE-Tags posten |
15.01.2015, 21:18 | #11 |
| db22.exe wurde von Stinger gefunden aber nicht gelöschtCode:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-01-2015 01 Ran by RAaM2 at 2015-01-15 21:13:06 Running from C:\Users\RAaM2\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1} AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.20 (HKLM\...\7-Zip) (Version: - ) AC3Filter 2.6.0b (HKLM\...\AC3Filter_is1) (Version: 2.6.0b - Alexander Vigovsky) Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation) Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated) Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated) Adobe Reader XI (11.0.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) Adobe Shockwave Player 11.5 (HKLM\...\Adobe Shockwave Player) (Version: 11.5.1.601 - Adobe Systems, Inc.) Adobe® Photoshop® Album Starter Edition 3.2 (HKLM\...\Adobe® Photoshop® Album Starter Edition 3.2) (Version: 3.2.0 - hxxp://www.adobe.de) ALDI Foto Service (HKLM\...\ALDI Foto Service D) (Version: 4.5.9.141 - MAGIX AG) ALDI Nord Foto Manager Free (HKLM\...\ALDI Nord Foto Manager Free D) (Version: 6.0.1.491 - MAGIX AG) Aldi Nord Fotoservice (HKLM\...\Aldi Nord Fotoservice_is1) (Version: - ) ALDI Nord Online Druck Service (HKLM\...\ALDI Nord Online Druck Service D) (Version: 4.5.1.0 - MAGIX AG) Amazon MP3-Downloader 1.0.18 (HKU\S-1-5-21-837243161-1062950140-3748333167-1000\...\Amazon MP3-Downloader) (Version: 1.0.18 - Amazon Services LLC) Android SDK Tools (HKLM\...\Android SDK Tools) (Version: 1.16 - Google Inc.) Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.) Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) ASIO4ALL (HKLM\...\ASIO4ALL) (Version: - ) Audacity 2.0.3 (HKLM\...\Audacity_is1) (Version: 2.0.3 - Audacity Team) AudioCon (HKLM\...\AudioCon) (Version: 1.0 - Basement Softworks) Audiograbber 1.83 SE (HKLM\...\Audiograbber) (Version: 1.83 SE - Audiograbber) Audiograbber MP3-Plugin (HKLM\...\Audiograbber-Lame) (Version: 1.0 - AG) Avid Mbox 2 Pro Driver (x86) (HKLM\...\{DEE30D6A-B4B5-4F34-9554-312DD969F5EA}) (Version: 9.0 - Avid Technology, Inc.) BestPractice (remove only) (HKLM\...\BestPractice) (Version: - ) CamStudio (HKLM\...\CamStudio) (Version: - ) CamStudio Lossless Codec v1.4 (HKLM\...\CamStudio Lossless Codec_is1) (Version: - (c) 2003 RenderSoft Software, Modifications Copyright © 2008 Jake P.) Canon IJ Network Scan Utility (HKLM\...\Canon_IJ_Network_Scan_UTILITY) (Version: - ) Canon IJ Network Tool (HKLM\...\Canon_IJ_Network_UTILITY) (Version: - ) Canon MP Navigator EX 1.1 (HKLM\...\MP Navigator EX 1.1) (Version: - ) Canon MX850 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX850_series) (Version: - ) Canon MX850 series Benutzerregistrierung (HKLM\...\Canon MX850 series Benutzerregistrierung) (Version: - ) Canon My Printer (HKLM\...\CanonMyPrinter) (Version: - ) Canon Utilities Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version: - ) Canon Utilities Solution Menu (HKLM\...\CanonSolutionMenu) (Version: - ) Cartoonist 1.3 (HKLM\...\Cartoonist_is1) (Version: - ) CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform) CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.4852 - CDBurnerXP) CD-LabelPrint (HKLM\...\MediaNavigation.CDLabelPrint) (Version: - ) Cheatbook Database 2010 (HKLM\...\Cheatbook Database 2010) (Version: - ) ClipGrab 3.2.0.10 (HKLM\...\{8A1033B0-EF33-4FB5-97A1-C47A7DCDD7E6}_is1) (Version: - Philipp Schmieder Medien) Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Corel MediaOne (HKLM\...\{A062A15F-9CAC-4B88-98DF-87628A0BD721}) (Version: 2.100.0000 - Corel Corporation) CorelDRAW Essential Edition 3 (HKLM\...\_{ADDBE07D-95B8-4789-9C76-187FFF9624B4}) (Version: - Corel Corporation) CorelDRAW Essential Edition 3 (Version: 3.0 - Corel Corporation) Hidden cyberJack Base Components (HKLM\...\{FC338210-F594-11D3-BA24-00001C3AB4DF}) (Version: 6.10.0 - REINER SCT) CyberLink LabelPrint (HKLM\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2024 - CyberLink Corp.) CyberLink MediaShow (HKLM\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 4.1.3121 - CyberLink Corp.) CyberLink PhotoNow (HKLM\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6622 - CyberLink Corp.) CyberLink Power2Go (HKLM\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3213 - CyberLink Corp.) CyberLink PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.2214 - CyberLink Corp.) CyberLink PowerDVD 9 (HKLM\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.2010 - CyberLink Corp.) CyberLink PowerDVD Copy (HKLM\...\{E3D04529-6EDB-11D8-A372-0050BAE317E1}) (Version: 1.0.6720 - CyberLink Corp.) CyberLink PowerProducer (HKLM\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.2.2129 - CyberLink Corp.) DE (Version: 3.0 - Corel Corporation) Hidden Delta Chrome Toolbar (HKLM\...\Delta Chrome Toolbar) (Version: - Visual Tools) <==== ATTENTION DivX Codec (HKLM\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.9.1 - DivX, Inc.) DivX Converter (HKLM\...\{B13A7C41581B411290FBC0395694E2A9}) (Version: 7.1.0 - DivX, Inc.) DivX Player (HKLM\...\{8ADFC4160D694100B5B8A22DE9DCABD9}) (Version: 7.2.0 - DivX, Inc.) DivX Plus DirectShow Filters (HKLM\...\DivX Plus DirectShow Filters) (Version: - DivX, Inc.) DivX Plus Web Player (HKLM\...\{B7050CBDB2504B34BC2A9CA0A692CC29}) (Version: 2.0.0 - DivX,Inc.) Dropbox (HKU\S-1-5-21-837243161-1062950140-3748333167-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.) DVBViewer Pro (HKLM\...\DVBViewer Pro_is1) (Version: 5.2.8 - CM&V) DVD Shrink 3.2 deutsch (DeCSS-frei) (HKLM\...\DVD Shrink DE_is1) (Version: - DVD Shrink) DVDStyler v2.2 (HKLM\...\DVDStyler_is1) (Version: - ) eLicenser Control (HKLM\...\eLicenser Control) (Version: - Steinberg Media Technologies GmbH) ElsterFormular (HKLM\...\ElsterFormular) (Version: 15.1.13904 - Landesfinanzdirektion Thüringen) Eraser 6.0.7.1893 (HKLM\...\{38BA2875-D7AD-4611-ABA3-C385051ADF42}) (Version: 6.7.1893 - The Eraser Project) eReg (Version: 1.20.138.34 - Logitech, Inc.) Hidden ERUNT 1.1j (HKLM\...\ERUNT_is1) (Version: - Lars Hederer) EXIF Date Changer v2.5 (HKLM\...\{26CA1B07-BC53-4196-B9C2-A11C6F6F3E08}_is1) (Version: - Rellik Software) Firebird SQL Server - MAGIX Edition (HKLM\...\{3E6F0CAD-EE38-42A5-9EEA-AE17A55BF2D4}) (Version: 2.1.23.0 - MAGIX AG) FormatFactory 3.1.1 (HKLM\...\FormatFactory) (Version: 3.1.1 - Free Time) Free YouTube Download version 3.2.1.320 (HKLM\...\Free YouTube Download_is1) (Version: 3.2.1.320 - DVDVideoSoft Ltd.) FreeFileSync 5.11 (HKLM\...\FreeFileSync) (Version: 5.11 - Zenju) FreeRIP v3.42 (HKLM\...\{501451DE-5808-4599-B544-8BD0915B6B24}_is1) (Version: 3.42 - MGShareware) Frets On Fire (HKLM\...\Frets on Fire) (Version: 1.3.110-win32 - ) GameSpy Arcade (HKLM\...\GameSpy Arcade) (Version: - ) Genesys USB Mass Storage Device (HKLM\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 2.5.0.0 - Genesys Logic) GeoSetter 3.4.16 (HKLM\...\GeoSetter_is1) (Version: - Friedemann Schmidt) Google Chrome (HKU\S-1-5-21-837243161-1062950140-3748333167-1000\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.) Google Drive (HKLM\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.) Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.) Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden Google-Schnellsuchfeld (HKLM\...\Quick Search Box) (Version: 1.2.1151.245 - Google, Inc.) GPS-Track-Analyse.NET 6.0 (HKLM\...\GPS-Track-Analyse.NET 6.0_is1) (Version: - ) G-Series_ASIO32 (HKLM\...\{8791C74C-2FFD-11E0-B2E6-00269E8DC781}) (Version: 1.1.2 - ZOOM) HandBrake 0.10.0 (HKLM\...\HandBrake) (Version: 0.10.0 - ) Hardcopy (C:\Program Files\Hardcopy) (HKLM\...\Hardcopy(C__Program Files_Hardcopy)) (Version: 16.1.05 - ) Interlok driver setup x32 (HKLM\...\{25613C10-27D2-410B-942B-D922D5C3A7BE}) (Version: 5.9.0 - PACE Anti-Piracy, Inc.) IrfanView (remove only) (HKLM\...\IrfanView) (Version: - ) iriver plus 3 (remove only) (HKLM\...\iriver plus 3) (Version: - ) ITN Converter 1.82 (HKLM\...\ITN Converter_is1) (Version: 1.82 - Benichou Software) Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle) Java SE Development Kit 7 Update 17 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0170170}) (Version: 1.7.0.170 - Oracle) Junk Mail filter update (Version: 14.0.8089.726 - Microsoft Corporation) Hidden Kastor - Stream Recorder V 1.0 (HKLM\...\{CB84FEF6-C573-4328-B9A4-B29568A4E10E}_is1) (Version: 1.0.0.0 - KastorSoft) LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version: - ) LAV Filters 0.58.1 (HKLM\...\lavfilters_is1) (Version: 0.58.1 - Hendrik Leppkes) Logitech SetPoint 6.61 (HKLM\...\sp6) (Version: 6.61.15 - Logitech) Lupas Rename 2000 v4.2 (HKLM\...\Lupas Rename 2000_is1) (Version: - Ivan Anton Albarracin) Macrium Reflect - Free Edition (HKLM\...\{EB85CC54-5E9A-4D33-B319-593B82291ABC}) (Version: 4.2.2098 - Macrium) MAGIX Video deLuxe 2006 PLUS (D) (HKLM\...\MAGIX Video deLuxe 2006 PLUS D) (Version: 5.5.0.31 - MAGIX AG) MAGIX Xtreme Foto Designer 6 6.0.19.0 (D) (HKLM\...\MAGIX Xtreme Foto Designer 6 D) (Version: 6.0.19.0 - MAGIX AG) McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.) MEDION Fotos auf CD & DVD SE Nord (HKLM\...\MEDION Fotos auf CD & DVD SE Nord D) (Version: 8.0.3.4 - MAGIX AG) Medion Home Cinema (HKLM\...\InstallShield_{AB770FDE-8087-4C98-9A85-BD64262C104C}) (Version: 6.0.0000 - CyberLink Corp.) Medion Home Cinema (Version: 6.0.0000 - CyberLink Corp.) Hidden MergeModule_x86 (Version: 9.0.00 - Sony Corporation) Hidden Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - ) Microsoft .NET Framework 1.1 German Language Pack (HKLM\...\{E78BFA60-5393-4C38-82AB-E8019E464EB4}) (Version: 1.1.4322 - Microsoft) Microsoft .NET Framework 1.1 Security Update (KB953297) (HKLM\...\M953297) (Version: - ) Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation) Microsoft Office Live Add-in 1.4 (HKLM\...\{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}) (Version: 2.0.3008.0 - Microsoft Corporation) Microsoft Office PowerPoint Viewer 2007 (German) (HKLM\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-837243161-1062950140-3748333167-1000\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [DEU] (HKLM\...\{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Sync Framework 2.0 Core Components (x86) ENU (HKLM\...\{FF63121D-91C6-42CC-B341-F1AA729728E7}) (Version: 2.0.1578.0 - Microsoft Corporation) Microsoft Sync Framework 2.0 Provider Services (x86) ENU (HKLM\...\{D3A80508-CD83-4CA3-8671-914A1BC78B61}) (Version: 2.0.1578.0 - Microsoft Corporation) Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation) Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Works (HKLM\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation) Microsoft Works 4 Converter (HKLM\...\{D18AF23E-AB28-4040-9396-28413B2C3B41}) (Version: 9.8.0000 - Microsoft Corporation) Microsoft Works 6-9 Converter (HKLM\...\{172423F9-522A-483A-AD65-03600CE4CA4F}) (Version: 9.7.0000 - Microsoft Corporation) Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation) MidiEditor (HKU\S-1-5-21-837243161-1062950140-3748333167-1000\...\MidiEditor) (Version: - ) MotoGP URT 3 (HKLM\...\MotoGP URT 3_is1) (Version: - THQ) Movie Converter (remove only) (HKLM\...\Movie Converter) (Version: - ) MozBackup 1.4.9 (HKLM\...\MozBackup) (Version: - Pavel Cvrcek) Mozilla Firefox 12.0 (x86 de) (HKLM\...\Mozilla Firefox 12.0 (x86 de)) (Version: 12.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 12.0 - Mozilla) Mozilla Thunderbird (3.1.11) (HKLM\...\Mozilla Thunderbird (3.1.11)) (Version: 3.1.11 (de) - Mozilla) Mp3tag v2.41 (HKLM\...\Mp3tag) (Version: v2.41 - Florian Heidenreich) MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation) MyFreeCodec (HKU\S-1-5-21-837243161-1062950140-3748333167-1000\...\MyFreeCodec) (Version: - ) Nitro Reader 3 (HKLM\...\{5027D37B-3677-4F16-9501-A42288EBDB31}) (Version: 3.5.2.10 - Nitro) No23 Recorder (HKLM\...\{22B0E143-2B0B-435B-9F56-136A3D16065F}) (Version: 2.1.0.3 - No23) Node.js (HKLM\...\{2D41A012-35EE-4724-AE8E-E592EDD9F89D}) (Version: 0.10.13 - Joyent, Inc. and other Node contributors) Notepad++ (HKLM\...\Notepad++) (Version: - ) NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.9 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation) NVIDIA PhysX (HKLM\...\{B83FC356-B7C0-441F-8A4D-D71E088E7974}) (Version: 9.09.0428 - NVIDIA Corporation) OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden OpenOffice 4.1.0 (HKLM\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation) Paragon Partition Manager™ 12 Free (HKLM\...\{47E5588F-C3A0-11DE-9857-005056C00008}) (Version: 90.00.0003 - Paragon Software) Password Safe (HKLM\...\Password Safe) (Version: - ) PC Connectivity Solution (HKLM\...\{4CE6B3C4-D8E2-4A5D-BEF5-5B69AF843B0C}) (Version: 9.45.0.0 - Nokia) Picasa 3 (HKLM\...\Picasa 3) (Version: 3.8 - Google, Inc.) Pinnacle VideoSpin (HKLM\...\{FEB15887-0932-4D2D-BB85-6AC03FBF1AA8}) (Version: 2.0.0.669 - Pinnacle Systems) PlayMemories Home (HKLM\...\{93AA5B49-0994-4EF6-80F3-868C9CEA88ED}) (Version: 4.0.00.09031 - Sony Corporation) PlayReady PC Runtime x86 (HKLM\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation) PMB_ModeEditor (Version: 9.0.00 - Sony Corporation) Hidden PMB_ServiceUploader (Version: 9.0.00 - Sony Corporation) Hidden Power Tab Editor 1.7 (HKLM\...\{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}) (Version: 1.7.0 - Power Tab Software) Presto! PageManager 7.15.20 (HKLM\...\{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}) (Version: 7.15.20 - NewSoft Technology Corporation) Project64 1.6 (HKLM\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6 - Project64) PS3 Media Server (HKLM\...\PS3 Media Server) (Version: - ) QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.) RecordPad Sound Recorder (HKLM\...\Recordpad) (Version: - NCH Software) Remote Control USB Driver (HKLM\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - ) Richard Burns Rally (HKLM\...\{92C7D009-A464-4948-A980-7A3E28CB2F49}) (Version: 1.00.000 - ) Rubik's Games (HKLM\...\Rubik's Games) (Version: - ) Samsung AllShare (HKLM\...\InstallShield_{DF47ACA3-7C78-4C08-8007-AC682563C9F1}) (Version: 2.1.0.12031_10 - Samsung Electronics Co., Ltd.) Samsung AllShare (Version: 2.1.0.12031_10 - Samsung Electronics Co., Ltd.) Hidden Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.0.1.11053_99 - Samsung Electronics Co., Ltd.) Samsung Kies (Version: 2.0.1.11053_99 - Samsung Electronics Co., Ltd.) Hidden Samsung Story Album Viewer (HKLM\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Samsung Story Album Viewer (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.) ScanSoft OmniPage SE 4 (HKLM\...\{66B4C110-8BEB-49B5-824E-C70AEEB20ECD}) (Version: 15.2.0020 - Nuance Communications, Inc.) Secret Maryo Chronicles (HKLM\...\secretmaryo) (Version: 1.9 - Florian Richter) Secret Maryo Chronicles Music Pack (HKLM\...\secretmaryo_music) (Version: 4.1 - Florian Richter) Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.) SOHLib for PlayMemories Home (Version: 1.0.3.02170 - Sony Corporation) Hidden Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated) Spotify (HKU\S-1-5-21-837243161-1062950140-3748333167-1000\...\Spotify) (Version: 0.9.14.13.gba5645ad - Spotify AB) StarMoney (Version: 2.0 - StarFinanz) Hidden StarMoney (Version: 3.0.2.50 - StarFinanz) Hidden StarMoney (Version: 4.0.2.34 - StarFinanz) Hidden StarMoney 8.0 S-Edition (HKLM\...\{87F3F20B-5CF8-40DA-B044-4E714E203006}) (Version: 8.0 - Star Finanz GmbH) StarMoney 9.0 S-Edition (HKLM\...\{95686B93-9738-4F0A-BB2A-212B6943F057}) (Version: 9.0 - Star Finanz GmbH) StationRipper 2.93B (HKU\S-1-5-21-837243161-1062950140-3748333167-1000\...\StationRipper) (Version: 2.93B - Ratajik Software) Steinberg HALionOne (HKLM\...\{E70E7159-93B1-470D-9FBD-D8E9EF34B538}) (Version: 1.1.0.457 - Steinberg Media Technologies GmbH) Steinberg HALionOne GM Drum Set (HKLM\...\{AC997F93-0757-4ED4-A701-F40C2D654D09}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH) Steinberg HALionOne GM Set (HKLM\...\{F057965A-D974-4C64-ADB1-4381CD4B8956}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH) Steinberg Sequel 2 Trial Content (HKLM\...\{DF584D4A-2619-41BE-9515-AAB18439D393}) (Version: 2.0.0.351 - Steinberg Media Technologies GmbH) Steinberg Sequel LE 2 (HKLM\...\{7146D087-B853-4E00-BB52-883DCE99F155}) (Version: 2.0.5 - Steinberg Media Technologies GmbH) SUPER © Version 2010.bld.37 (Jan 2, 2010) (HKLM\...\SUPER ©) (Version: Version 2010.bld.37 (Jan 2, 2010) - eRightSoft) Switch Sound File Converter (HKLM\...\Switch) (Version: - NCH Software) SyncToy 2.1 (x86) (HKLM\...\{A066194B-DC8F-449A-8E0F-B57BDD3A2072}) (Version: 2.1.0 - Microsoft) Telegram Desktop version 0.7.6 (HKU\S-1-5-21-837243161-1062950140-3748333167-1000\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 0.7.6 - Telegram Messenger LLP) The Nomad Soul (HKLM\...\The Nomad Soul) (Version: - ) Tinypic 3.18 (HKLM\...\{E3723A04-A894-4036-A78E-282E18F43C0A}_is1) (Version: Tinypic 3.18 - E. Fiedler) Titanium Studio (HKLM\...\Titanium Studio) (Version: 3.1.1 - Appcelerator, Inc.) Tracktion (HKLM\...\Tracktion4) (Version: - ) Update Manager (Version: 4.60 - Corel Corporation) Hidden URL Snooper v2.27.01 (HKLM\...\URLSnooper 2_is1) (Version: - DonationCoder.com) VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0 - DivX, Inc) Hidden VideoPad Video Editor (HKLM\...\VideoPad) (Version: - NCH Software) VirtualDub Filter Pack 1.1 (HKLM\...\VirtualDub Filter Pack_is1) (Version: - Infognition Co. Ltd.) VIS (HKLM\...\VIS) (Version: - ) <==== ATTENTION VLC media player 1.0.3 (HKLM\...\VLC media player) (Version: 1.0.3 - VideoLAN Team) VSDC Free Video Editor Version 2.1.9.211 (HKLM\...\VSDC Free Video Editor_is1) (Version: 2.1.9.211 - Flash-Integro LLC) WavePad Sound Editor (HKLM\...\WavePad) (Version: - NCH Software) WD Quick View (HKLM\...\{C58994CF-D15D-41E3-A03B-587B39EAA903}) (Version: 2.4.6.3 - Western Digital Technologies, Inc.) WD SmartWare (HKLM\...\{752EC2DC-0313-435A-BF9A-9B02927C049A}) (Version: 2.4.6.3 - Western Digital Technologies, Inc.) WD SmartWare Installer (HKLM\...\{1891b882-48f7-442d-98d0-c1ce533f25bd}) (Version: 2.4.6.3 - Western Digital Technologies, Inc.) Win7codecs (HKLM\...\{8C0CAA7A-3272-4991-A808-2C7559DE3409}) (Version: 2.1.9 - Shark007) Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation) Windows Live ID-Anmelde-Assistent (HKLM\...\{10A44844-4465-456E-8C97-80BDD4F68845}) (Version: 6.500.3146.0 - Microsoft Corporation) Windows Live Sync (HKLM\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation) Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation) Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp) Windows Mobile-Gerätecenter (HKLM\...\{904CCF62-818D-4675-BC76-D37EB399F917}) (Version: 6.1.6965.0 - Microsoft Corporation) Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) (HKLM\...\504244733D18C8F63FF584AEB290E3904E791693) (Version: 08/22/2008 7.0.0.0 - Nokia) WinPcap 4.1.1 (HKLM\...\WinPcapInst) (Version: 4.1.0.1753 - CACE Technologies) X10 Hardware(TM) (HKLM\...\X10Hardware) (Version: - ) XAMPP (HKLM\...\xampp) (Version: 1.8.2-2 - BitNami) XMedia Recode 2.1.4.8 (HKLM\...\XMedia Recode) (Version: 2.1.4.8 - Sebastian Dörfler) Zebra 3 (HKLM\...\{10D41532-9935-460A-8AC4-64E9614CB04E}) (Version: 1.0.0 - Klett Verlag GmbH) ZOOM Edit&Share for Windows (HKLM\...\{E99B8E1C-262D-49E6-9A84-D2AC486B2648}) (Version: 5.00.0000 - ZOOM Corporation) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-837243161-1062950140-3748333167-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\RAaM2\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-837243161-1062950140-3748333167-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\RAaM2\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-837243161-1062950140-3748333167-1000_Classes\CLSID\{0BE35200-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-837243161-1062950140-3748333167-1000_Classes\CLSID\{0BE35201-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-837243161-1062950140-3748333167-1000_Classes\CLSID\{0BE35202-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-837243161-1062950140-3748333167-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\RAaM2\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-837243161-1062950140-3748333167-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\RAaM2\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-837243161-1062950140-3748333167-1000_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> C:\Users\RAaM2\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.) CustomCLSID: HKU\S-1-5-21-837243161-1062950140-3748333167-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\RAaM2\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-837243161-1062950140-3748333167-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\RAaM2\AppData\Local\Google\Chrome\Application\39.0.2171.95\delegate_execute.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-837243161-1062950140-3748333167-1000_Classes\CLSID\{6d05bf60-3eaf-4a97-87c5-10cce505435b}\localserver32 -> C:\Users\RAaM2\AppData\Local\Temp\{9c0ba3c1-2b67-45eb-bf69-bed9658d28d2}\IDriver.NonElevated.exe No (the data entry has 4 more characters). CustomCLSID: HKU\S-1-5-21-837243161-1062950140-3748333167-1000_Classes\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\localserver32 -> C:\Users\RAaM2\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-837243161-1062950140-3748333167-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\RAaM2\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\SkyDriveShell.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-837243161-1062950140-3748333167-1000_Classes\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\localserver32 -> C:\Users\RAaM2\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-837243161-1062950140-3748333167-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\RAaM2\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\SkyDriveShell.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-837243161-1062950140-3748333167-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\RAaM2\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-837243161-1062950140-3748333167-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\RAaM2\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-837243161-1062950140-3748333167-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\RAaM2\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\SkyDriveShell.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-837243161-1062950140-3748333167-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\RAaM2\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-837243161-1062950140-3748333167-1000_Classes\CLSID\{DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611}\InprocServer32 -> C:\Program Files\Macrium\Reflect\RShellExt.dll (Paramount Software UK Ltd) CustomCLSID: HKU\S-1-5-21-837243161-1062950140-3748333167-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\RAaM2\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-837243161-1062950140-3748333167-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\RAaM2\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-837243161-1062950140-3748333167-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\RAaM2\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\SkyDriveShell.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-837243161-1062950140-3748333167-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\RAaM2\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\FileSyncApi.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-837243161-1062950140-3748333167-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\RAaM2\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-837243161-1062950140-3748333167-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\RAaM2\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-837243161-1062950140-3748333167-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\RAaM2\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-837243161-1062950140-3748333167-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\RAaM2\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-837243161-1062950140-3748333167-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\RAaM2\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-837243161-1062950140-3748333167-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\RAaM2\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-837243161-1062950140-3748333167-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\RAaM2\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-837243161-1062950140-3748333167-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\RAaM2\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ==================== Restore Points ========================= 26-12-2014 18:10:44 Windows Update 28-12-2014 19:00:41 Windows-Sicherung 30-12-2014 12:18:15 Windows Update 13-01-2015 17:07:25 Windows Update 13-01-2015 17:14:08 Windows-Sicherung 13-01-2015 20:06:34 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 14-01-2015 11:57:22 Wiederherstellungsvorgang 14-01-2015 13:26:05 Windows Update 14-01-2015 13:29:36 Windows-Sicherung 14-01-2015 15:26:58 Wiederherstellungsvorgang 14-01-2015 15:40:05 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 14-01-2015 16:44:49 Windows Update 14-01-2015 17:20:19 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 14-01-2015 17:53:11 Windows Update 14-01-2015 18:01:36 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 14-01-2015 18:34:05 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 14-01-2015 20:25:54 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {019D783D-DB94-4694-B95A-BDC4512EAD3B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {03DAB6B5-8876-4594-A1A3-48EEE2B72CF3} - System32\Tasks\{ADCA8631-7C7D-4BB1-BD6A-164C482A8C2B} => C:\Program Files\DVD Shrink DE\DVD Shrink 3.2 DE (DeCSS-frei).exe [2005-05-31] (DVD Shrink) Task: {0467EEA8-3E2C-4216-B86E-797865254649} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-837243161-1062950140-3748333167-1000UA => C:\Users\RAaM2\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.) Task: {04C64550-C726-4A0B-85F1-00D87A127BAC} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft) Task: {07A1C535-F579-4666-A22E-0AAD82E45B0D} - System32\Tasks\{33F2EBAD-215B-4165-8A6A-E311315E2C8D} => C:\Program Files\Project64 1.6\Project64.exe [2005-04-01] () Task: {097CD8A5-14ED-4891-BCEC-936474E43335} - System32\Tasks\{97A1201B-8983-47AD-9B48-6F1630FB36DC} => C:\Program Files\DVD Shrink DE\DVD Shrink 3.2 DE (DeCSS-frei).exe [2005-05-31] (DVD Shrink) Task: {1556A58E-27BD-47BB-88C7-0DF0AA864353} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd) Task: {15AF40CE-95C4-4B93-A65D-F693613E0605} - System32\Tasks\{CE22A2A8-0EDF-45EC-A86A-5120707C24D9} => C:\MAGIX\Video_deLuxe_2006_PLUS\VideodeLuxe.exe [2006-06-14] (MAGIX AG) Task: {175AD2BA-364C-49A0-883A-5D26738413DA} - System32\Tasks\{F1EBC007-5A7A-46C0-83AA-F4F8C719F628} => C:\Program Files\office97\Office\Office10\OUTLOOK.EXE Task: {187E44F8-A384-4553-B51D-33EAC93F1950} - System32\Tasks\{6EC45BB9-22D7-4307-98CD-33C3AE83AE15} => C:\MAGIX\Video_deLuxe_2006_PLUS\VideodeLuxe.exe [2006-06-14] (MAGIX AG) Task: {1AA0B8E1-901D-45B4-B043-50AB3411D839} - System32\Tasks\{AE8B22B8-ABA7-4079-B91E-C7ED7847D89B} => pcalua.exe -a "C:\Users\RAaM2\Downloads\Neuer Download\vcredist_x86.exe" -d "C:\Users\RAaM2\Downloads\Neuer Download" Task: {1E151774-5459-4D5D-8B65-13D881C1FC83} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation) Task: {2E046C9E-EFAD-452B-97B0-34D9486ABCE8} - System32\Tasks\{E7D5220E-AF6F-4269-BDEA-1586F80731D2} => C:\Program Files\DVD Shrink DE\DVD Shrink 3.2 DE (DeCSS-frei).exe [2005-05-31] (DVD Shrink) Task: {32E625A5-7C31-44F5-8599-87949871C1D2} - System32\Tasks\{C980546F-B754-4536-AD88-3731BDCAA6D1} => C:\Program Files\office97\Office\Office10\OUTLOOK.EXE Task: {34521D69-C0E7-49D2-8056-38CB7CD8BE6E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-14] (Adobe Systems Incorporated) Task: {35A4D229-81D6-490B-B9DD-E7BAF650673A} - System32\Tasks\{9BFF994D-B78E-4038-B3CA-D7AB95F96736} => Chrome.exe hxxp://ui.skype.com/ui/0/4.2.0.187/de/go/help.faq.installer?LastError=1603 Task: {37598CF9-FB9B-4F03-AA33-9164DC30D05E} - System32\Tasks\{A24F35DC-E365-454A-B462-6A76DB3220BC} => C:\Program Files\Skype\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.) Task: {3FD986E6-786E-4B80-9EA4-074D462E6DF1} - System32\Tasks\{99D2A16C-528E-4968-8891-2DC280C2B5BC} => C:\Program Files\Skype\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.) Task: {4385C8C7-112D-4969-9000-D52CA516F06D} - System32\Tasks\{54BF46E5-AEB3-4152-BC93-F4DDFC988C94} => C:\Program Files\Kinstone Video Power\VideoPower.exe Task: {4A58290C-3401-4598-99F9-05EFF9B3FC20} - System32\Tasks\{BA994F75-EE10-45A6-8553-3BB35005A26F} => pcalua.exe -a "C:\Users\RAaM2\Downloads\Magix Xtrme Foto Designer 6\free_xtremefotodesigner6_de.exe" -d "C:\Users\RAaM2\Downloads\Magix Xtrme Foto Designer 6" Task: {4AAB949C-B0C1-46EE-A131-62A8C3BEA1A3} - System32\Tasks\neoKiKA 02.09.2014 23-41-00 => C:\Program Files\DVBViewer\dvbviewer.exe [2013-10-09] (CM&V Hackbart) Task: {4B5154FA-3870-4F54-9B7B-D4054574062D} - System32\Tasks\{5F683722-6637-4ECF-B189-11AF0C95138A} => pcalua.exe -a "C:\Users\RAaM2\Downloads\StarMoney 7.0\smoney_m_4_0_25050180_3_.exe" -d "C:\Users\RAaM2\Downloads\StarMoney 7.0" Task: {4DA7CC83-870B-49BE-9B98-0ED3A9A3B257} - System32\Tasks\{6788DE74-C5C7-4AA8-AD3C-AD68FAC5AD27} => C:\Program Files\Skype\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.) Task: {54D26981-1528-4631-B95F-CDCD31764F4A} - System32\Tasks\neoKiKA 02.09.2014 22-41-00 => C:\Program Files\DVBViewer\dvbviewer.exe [2013-10-09] (CM&V Hackbart) Task: {57D6827E-A5AB-44D6-8B9C-03042011383E} - System32\Tasks\{041D8794-2E36-435B-8E2E-5723D6A2DBB8} => C:\Program Files\Project64 1.6\Project64.exe [2005-04-01] () Task: {5BFD0C98-B9EF-49C4-A329-9F952787F9CB} - System32\Tasks\SyncToy\SyncToy Test => C:\Program Files\SyncToy 2.1\SyncToyCmd.exe [2009-10-19] (Microsoft Corporation) Task: {6DA33AFC-42FA-41E5-8DFE-30AA03E8C299} - \AdobeFlashPlayerUpdate 2 No Task File <==== ATTENTION Task: {75F9A913-FAE3-4C34-B9B8-F7B4AB7AA64E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-837243161-1062950140-3748333167-1000Core => C:\Users\RAaM2\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.) Task: {7877CFB3-9498-40F4-83CF-DA5CAD0528A8} - System32\Tasks\{EFF213B3-EFC7-47B4-B601-24D8FF28F00C} => C:\Program Files\Kinstone Video Power\VideoPower.exe Task: {835B8281-6E3E-44F8-A07B-613ECB0A8E53} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.) Task: {8ED58C42-D9CD-4C33-BA7A-354CB0B2DB08} - System32\Tasks\{75A926E6-8113-4921-976A-BA57A07FFA25} => C:\Program Files\TuneUp Utilities 2007\OneClickMaintenance.exe Task: {8EDC792A-6BB3-44AB-AE2F-616658AD9D1F} - System32\Tasks\{33207D11-6CE4-494C-A47B-D989A462B709} => C:\Program Files\Skype\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.) Task: {92509917-9DEC-4764-B7F8-C7C1D32E3BB7} - System32\Tasks\{741A89C9-5041-425D-A583-EC9B38579736} => C:\Program Files\office97\Office\Office10\OUTLOOK.EXE Task: {92D0E115-AF42-442B-A268-0B1EC0A68487} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.) Task: {996E3306-9718-45AF-B5B8-E42D3B8106DC} - System32\Tasks\{5328E27C-3F6A-4508-9A24-7F7477C46DE7} => C:\Program Files\SyncToy 2.1\SyncToy.exe [2009-10-19] (Microsoft Corporation) Task: {9BA85ADF-9BB2-4C05-8F40-CD897CDAA8B4} - System32\Tasks\{59F6DCC7-D1CF-40F0-BD16-F97835F30AEB} => C:\Program Files\office97\Office\Office10\OUTLOOK.EXE Task: {9F3A75F0-9FFD-4B51-B36A-83C6810E4758} - System32\Tasks\{0566F81D-3AD9-4543-9C17-E5C225CBF1FF} => C:\Program Files\office97\Office\Office10\OUTLOOK.EXE Task: {A54CB527-CF9C-4059-9B3F-CC11300A4705} - System32\Tasks\Sony Corporation\Sony Home Network Library\SOHLib SOHDms => C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDms.exe [2014-01-16] (Sony Corporation) Task: {A68ADDAA-87AA-40B9-B236-0B707121213D} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation) Task: {A9805966-B3BC-4B6F-A9BC-E99D79201376} - System32\Tasks\{EC238D77-640F-4045-8362-6FD551440A5B} => O:\Downloads\Software\Nokia\NokiaSoftwareUpdaterSetup_de.exe Task: {AC2C2030-1C22-4FFE-8E31-2F1CDD3890D7} - System32\Tasks\{57A35445-BA05-4EEF-A389-4C1CC734F489} => C:\Program Files\Alwil Software\Avast4\ashAvast.exe Task: {AF9D9552-9493-498F-B489-53EB58A6EE01} - System32\Tasks\{AACF9AE8-780F-4124-9A52-F9E47B706F84} => pcalua.exe -a C:\Users\RAaM2\Downloads\HBCI-Leser_cyberjack\bc_6_8_0.exe -d C:\Users\RAaM2\Downloads\HBCI-Leser_cyberjack Task: {B2D26877-DEF1-486E-9368-E1578292154D} - System32\Tasks\{4018C64E-26FC-479D-A92B-0A80940EEB1F} => pcalua.exe -a O:\Downloads\Software\iriver\MovieConverterSetup.exe -d O:\Downloads\Software\iriver Task: {B6E3A24A-5456-4B92-87E2-5DE2EA1C529D} - System32\Tasks\{AC2E26C2-BFCB-4AAD-A36A-3F0137954D59} => C:\Program Files\DVD Shrink DE\DVD Shrink 3.2 DE (DeCSS-frei).exe [2005-05-31] (DVD Shrink) Task: {C2DE5B4B-F3C1-4E66-B228-488A6F398519} - System32\Tasks\{691515F1-649F-4A3F-A132-5988A568222A} => C:\Program Files\office97\Office\Office10\OUTLOOK.EXE Task: {C3EC964F-C3CC-4E5D-B5CB-3A2326A41A5C} - System32\Tasks\1-Klick-Wartung => C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe Task: {C7ECD6AF-0789-4956-BC0C-84711A3A6241} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation) Task: {C822C4B9-2629-4EC7-8D75-3463090333AD} - System32\Tasks\{4F76398C-9EB8-48A7-B9D3-2AC976C72615} => C:\Program Files\iriver\iriver plus 3\iLauncher.exe [2009-03-25] (Reigncom Limited) Task: {C958D7E3-4B1D-4FA8-B34C-C4872FE0F67D} - System32\Tasks\{B5B8C8AE-DED2-4EA4-96E5-64DD37D8FC1E} => C:\Program Files\office97\Office\Office10\OUTLOOK.EXE Task: {D17BE0A0-47C0-4074-A3F9-ED4149F80852} - \AdobeFlashPlayerUpdate No Task File <==== ATTENTION Task: {D8220499-4D92-4B0A-A10F-AC0051DA83ED} - System32\Tasks\EPUpdater => C:\Users\RAaM2\AppData\Roaming\BabSolution\Shared\BabMaint.exe [2013-04-17] () <==== ATTENTION Task: {D85665FD-A042-4791-AD37-D40F2A292258} - System32\Tasks\{41AAA134-0CD8-489C-8FAD-75C2DF6A8A87} => C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe [2009-02-05] (Pinnacle Systems) Task: {DAA37B1B-3FC2-4E26-8FE3-915D5E187923} - System32\Tasks\{D07541E5-CD90-43E9-A676-3456030083D3} => C:\Users\RAaM2\Downloads\Neuer Download\vcredist_x86.exe Task: {DFD19D02-FD8C-41D5-B56A-71A55BE5EFF2} - System32\Tasks\{C9F9A88E-9DF0-4D4D-AAAE-884EADEC290D} => C:\Program Files\iriver\Movie Converter\iLauncher.exe [2007-10-11] (Reigncom Limited) Task: {DFDFFB4D-6929-4BF5-B02A-F72267FA6572} - System32\Tasks\{42A95E58-CA2F-4FE3-9F1F-F696943BEAC4} => C:\Program Files\Skype\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.) Task: {E16F5EE7-2D2D-4EFB-82FF-A54D5D3DF571} - System32\Tasks\{08E84115-1BCA-40AF-AE31-E2B23B5A72A2} => C:\Program Files\office97\Office\Office10\OUTLOOK.EXE Task: {E97EAEAD-BA11-464D-90FF-F7B014016CEC} - System32\Tasks\{E1E276D7-7DB0-447F-B15A-0A54F5A79D20} => C:\Program Files\Project64 1.6\Project64.exe [2005-04-01] () Task: {EA203C2F-33C7-4CF4-A0EC-57394D5BC250} - System32\Tasks\{9361C8AD-E054-44DF-AAE7-897CA7F07BB1} => pcalua.exe -a "E:\USB Driver for Windows OS\setup.exe" -d "E:\USB Driver for Windows OS" Task: {EBFAAAE3-7620-4FB1-A3B2-006F911E4F85} - System32\Tasks\BitGuard => Sc.exe start BitGuard <==== ATTENTION Task: {ED0BA1AE-8B58-478D-BE60-6A5E95451760} - System32\Tasks\{941B1359-8C05-43A3-9733-9E216AC5D07A} => pcalua.exe -a O:\Downloads\Software\iriver\iplus3.exe -d O:\Downloads\Software\iriver Task: {EE3E4D51-DA29-45CC-AD8F-A348B89E2624} - System32\Tasks\{3AE65294-911B-4F40-8D43-6AEBC4EE35C5} => C:\Program Files\DVD Shrink DE\DVD Shrink 3.2 DE (DeCSS-frei).exe [2005-05-31] (DVD Shrink) Task: {F44060CD-0D2A-4968-BEFE-8AFCD8F41569} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation) Task: {F75B9CF0-8A4B-4483-9CE9-0F0AAF6B37FA} - System32\Tasks\{9A23B699-1021-47D6-987B-003EDE61EEB6} => C:\Program Files\Alwil Software\Avast4\ashAvast.exe Task: {F76E6AE9-0F61-4AB8-8BCD-C686F1D49974} - System32\Tasks\{731991E4-B052-47DB-973F-1F68907C9C66} => pcalua.exe -a C:\Windows\system32\dgfw.cpl -c Digidesign Mbox 2 Pro Task: {FCDEC0C2-CAB2-467B-BD16-2DFC79CF0FB9} - System32\Tasks\{7B768B8E-0F06-46DC-936A-8E5FFD10042D} => C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\Photoshop Album Starter Edition.exe [2007-03-16] (Adobe Systems Incorporated) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\1-Klick-Wartung.job => C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-837243161-1062950140-3748333167-1000Core.job => C:\Users\RAaM2\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-837243161-1062950140-3748333167-1000UA.job => C:\Users\RAaM2\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\neoKiKA 02.09.2014 22-41-00.job => C:\Program Files\DVBViewer\dvbviewer.exe Task: C:\Windows\Tasks\neoKiKA 02.09.2014 23-41-00.job => C:\Program Files\DVBViewer\dvbviewer.exe ==================== Loaded Modules (whitelisted) ============= 1996-12-14 00:00 - 1996-12-14 00:00 - 00022016 _____ () C:\Windows\system32\docobj.dll 2009-12-05 00:24 - 2005-03-28 10:13 - 00077824 _____ () C:\Windows\System32\csdlocalmon.dll 2009-12-01 20:12 - 2007-05-31 07:38 - 00167936 ____N () C:\Windows\system32\SerialXP.dll 2007-06-05 12:20 - 2007-06-05 12:20 - 00177704 _____ () C:\Windows\system32\PSIService.exe 2009-11-12 13:50 - 2009-11-12 13:50 - 00220128 _____ () C:\Program Files\Macrium\Reflect\ReflectService.exe 2009-10-23 10:17 - 2009-07-27 14:49 - 00244904 ____N () C:\Program Files\CyberLink\Shared files\RichVideo.exe 2013-02-06 14:52 - 2011-01-13 11:44 - 00232800 _____ () C:\Program Files\StarMoney 8.0 S-Edition\ouservice\PATCHW32.dll 2014-08-06 22:39 - 2011-01-13 11:44 - 00232800 _____ () C:\Program Files\StarMoney 9.0 S-Edition\ouservice\PATCHW32.dll 2015-01-13 20:06 - 2015-01-12 13:55 - 00091304 _____ () C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe 2014-04-27 16:27 - 2014-04-27 16:27 - 00541696 _____ () C:\Program Files\002\yewimmxqbs32.exe 2014-09-25 13:07 - 2014-09-25 13:07 - 00081056 _____ () C:\Users\RAaM2\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\LoggingPlatform.DLL 2009-11-29 21:26 - 2006-09-20 08:35 - 00020480 _____ () C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe 2010-09-05 17:12 - 2007-06-18 04:40 - 00200704 ____R () C:\Windows\System32\UMonit.exe 2010-09-05 17:12 - 2007-05-09 07:34 - 00176128 ____R () C:\Windows\System32\ustor.dll 2009-11-29 21:26 - 2006-10-30 16:59 - 00024576 _____ () C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe 2012-06-08 16:11 - 2012-06-08 16:11 - 01989632 _____ () C:\Program Files\ZOOM\Edit_Share\bin\ZOOM Edit&Share startup.exe 2014-09-25 13:07 - 2014-09-25 13:07 - 00081056 _____ () C:\Users\RAaM2\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\LoggingPlatform.dll 2015-01-01 15:24 - 2015-01-01 15:24 - 00186368 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Commonc65c5a95#\36165d484fa2857575583d9a4cc61840\Kies.Common.DeviceServiceLib.Interface.ni.dll 2015-01-01 15:25 - 2015-01-01 15:25 - 14993920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\afc3f45376148ce6a1ee84da499d7edb\Kies.Theme.ni.dll 2015-01-01 15:24 - 2015-01-01 15:24 - 01865728 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\ff954a7b95f33b6498d154499e393055\Kies.UI.ni.dll 2015-01-01 15:24 - 2015-01-01 15:24 - 00081920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\5157234c4b83b2a920dcc02362260903\Kies.MVVM.ni.dll 2014-10-15 17:54 - 2014-10-15 17:54 - 00236032 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\6815ff93472d008087880a6462931188\ASF_cSharpAPI.ni.dll 2015-01-15 17:30 - 2015-01-15 17:30 - 00098816 _____ () C:\Users\RAaM2\AppData\Local\Temp\_MEI39162\win32api.pyd 2015-01-15 17:30 - 2015-01-15 17:30 - 00110080 _____ () C:\Users\RAaM2\AppData\Local\Temp\_MEI39162\pywintypes27.dll 2015-01-15 17:30 - 2015-01-15 17:30 - 00364544 _____ () C:\Users\RAaM2\AppData\Local\Temp\_MEI39162\pythoncom27.dll 2015-01-15 17:30 - 2015-01-15 17:30 - 00045568 _____ () C:\Users\RAaM2\AppData\Local\Temp\_MEI39162\_socket.pyd 2015-01-15 17:30 - 2015-01-15 17:30 - 01160704 _____ () C:\Users\RAaM2\AppData\Local\Temp\_MEI39162\_ssl.pyd 2015-01-15 17:30 - 2015-01-15 17:30 - 00320512 _____ () C:\Users\RAaM2\AppData\Local\Temp\_MEI39162\win32com.shell.shell.pyd 2015-01-15 17:30 - 2015-01-15 17:30 - 00713216 _____ () C:\Users\RAaM2\AppData\Local\Temp\_MEI39162\_hashlib.pyd 2015-01-15 17:30 - 2015-01-15 17:30 - 01175040 _____ () C:\Users\RAaM2\AppData\Local\Temp\_MEI39162\wx._core_.pyd 2015-01-15 17:30 - 2015-01-15 17:30 - 00805888 _____ () C:\Users\RAaM2\AppData\Local\Temp\_MEI39162\wx._gdi_.pyd 2015-01-15 17:30 - 2015-01-15 17:30 - 00811008 _____ () C:\Users\RAaM2\AppData\Local\Temp\_MEI39162\wx._windows_.pyd 2015-01-15 17:30 - 2015-01-15 17:30 - 01062400 _____ () C:\Users\RAaM2\AppData\Local\Temp\_MEI39162\wx._controls_.pyd 2015-01-15 17:30 - 2015-01-15 17:30 - 00735232 _____ () C:\Users\RAaM2\AppData\Local\Temp\_MEI39162\wx._misc_.pyd 2015-01-15 17:30 - 2015-01-15 17:30 - 00128512 _____ () C:\Users\RAaM2\AppData\Local\Temp\_MEI39162\_elementtree.pyd 2015-01-15 17:30 - 2015-01-15 17:30 - 00127488 _____ () C:\Users\RAaM2\AppData\Local\Temp\_MEI39162\pyexpat.pyd 2015-01-15 17:30 - 2015-01-15 17:30 - 00557056 _____ () C:\Users\RAaM2\AppData\Local\Temp\_MEI39162\pysqlite2._sqlite.pyd 2015-01-15 17:30 - 2015-01-15 17:30 - 00087552 _____ () C:\Users\RAaM2\AppData\Local\Temp\_MEI39162\_ctypes.pyd 2015-01-15 17:30 - 2015-01-15 17:30 - 00119808 _____ () C:\Users\RAaM2\AppData\Local\Temp\_MEI39162\win32file.pyd 2015-01-15 17:30 - 2015-01-15 17:30 - 00108544 _____ () C:\Users\RAaM2\AppData\Local\Temp\_MEI39162\win32security.pyd 2015-01-15 17:30 - 2015-01-15 17:30 - 00007168 _____ () C:\Users\RAaM2\AppData\Local\Temp\_MEI39162\hashobjs_ext.pyd 2015-01-15 17:30 - 2015-01-15 17:30 - 00167936 _____ () C:\Users\RAaM2\AppData\Local\Temp\_MEI39162\win32gui.pyd 2015-01-15 17:30 - 2015-01-15 17:30 - 00018432 _____ () C:\Users\RAaM2\AppData\Local\Temp\_MEI39162\win32event.pyd 2015-01-15 17:30 - 2015-01-15 17:30 - 00038912 _____ () C:\Users\RAaM2\AppData\Local\Temp\_MEI39162\win32inet.pyd 2015-01-15 17:30 - 2015-01-15 17:30 - 00011264 _____ () C:\Users\RAaM2\AppData\Local\Temp\_MEI39162\win32crypt.pyd 2015-01-15 17:30 - 2015-01-15 17:30 - 00070656 _____ () C:\Users\RAaM2\AppData\Local\Temp\_MEI39162\wx._html2.pyd 2015-01-15 17:30 - 2015-01-15 17:30 - 00027136 _____ () C:\Users\RAaM2\AppData\Local\Temp\_MEI39162\_multiprocessing.pyd 2015-01-15 17:30 - 2015-01-15 17:30 - 00035840 _____ () C:\Users\RAaM2\AppData\Local\Temp\_MEI39162\win32process.pyd 2015-01-15 17:30 - 2015-01-15 17:30 - 00686080 _____ () C:\Users\RAaM2\AppData\Local\Temp\_MEI39162\unicodedata.pyd 2015-01-15 17:30 - 2015-01-15 17:30 - 00122368 _____ () C:\Users\RAaM2\AppData\Local\Temp\_MEI39162\wx._wizard.pyd 2015-01-15 17:30 - 2015-01-15 17:30 - 00024064 _____ () C:\Users\RAaM2\AppData\Local\Temp\_MEI39162\win32pipe.pyd 2015-01-15 17:30 - 2015-01-15 17:30 - 00025600 _____ () C:\Users\RAaM2\AppData\Local\Temp\_MEI39162\win32pdh.pyd 2015-01-15 17:30 - 2015-01-15 17:30 - 00525640 _____ () C:\Users\RAaM2\AppData\Local\Temp\_MEI39162\windows._lib_cacheinvalidation.pyd 2015-01-15 17:30 - 2015-01-15 17:30 - 00010240 _____ () C:\Users\RAaM2\AppData\Local\Temp\_MEI39162\select.pyd 2015-01-15 17:30 - 2015-01-15 17:30 - 00017408 _____ () C:\Users\RAaM2\AppData\Local\Temp\_MEI39162\win32profile.pyd 2015-01-15 17:30 - 2015-01-15 17:30 - 00022528 _____ () C:\Users\RAaM2\AppData\Local\Temp\_MEI39162\win32ts.pyd 2015-01-15 17:30 - 2015-01-15 17:30 - 00078336 _____ () C:\Users\RAaM2\AppData\Local\Temp\_MEI39162\wx._animate.pyd 2014-10-22 01:22 - 2014-10-22 01:22 - 00750080 _____ () C:\Users\RAaM2\AppData\Roaming\Dropbox\bin\libGLESv2.dll 2015-01-15 17:31 - 2015-01-15 17:31 - 00043008 _____ () c:\users\raam2\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp9tjfpi.dll 2014-10-22 01:22 - 2014-10-22 01:22 - 00047616 _____ () C:\Users\RAaM2\AppData\Roaming\Dropbox\bin\libEGL.dll 2014-10-22 01:22 - 2014-10-22 01:22 - 00863744 _____ () C:\Users\RAaM2\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll 2014-10-22 01:22 - 2014-10-22 01:22 - 00200704 _____ () C:\Users\RAaM2\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll 2015-01-13 20:06 - 2015-01-13 23:12 - 51548328 _____ () C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe 2015-01-13 20:06 - 2015-01-07 22:22 - 00985768 _____ () C:\Users\Default\AppData\Roaming\Compatibility Verifier\ffmpegsumo.dll 2015-01-13 20:06 - 2015-01-07 22:22 - 01360552 _____ () C:\Users\Default\AppData\Roaming\Compatibility Verifier\libglesv2.dll 2015-01-13 20:06 - 2015-01-07 22:22 - 00214184 _____ () C:\Users\Default\AppData\Roaming\Compatibility Verifier\libegl.dll 2015-01-13 20:06 - 2015-01-07 22:22 - 16827048 _____ () C:\Users\Default\AppData\Roaming\Compatibility Verifier\NPSWF32_15_0_0_189.dll 2014-12-12 23:18 - 2014-12-06 02:50 - 01077064 _____ () C:\Users\RAaM2\AppData\Local\Google\Chrome\Application\39.0.2171.95\libglesv2.dll 2014-12-12 23:18 - 2014-12-06 02:50 - 00211272 _____ () C:\Users\RAaM2\AppData\Local\Google\Chrome\Application\39.0.2171.95\libegl.dll 2014-12-12 23:18 - 2014-12-06 02:50 - 09009480 _____ () C:\Users\RAaM2\AppData\Local\Google\Chrome\Application\39.0.2171.95\pdf.dll 2014-12-12 23:18 - 2014-12-06 02:50 - 01677128 _____ () C:\Users\RAaM2\AppData\Local\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupfolder: C:^Users^RAaM2^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Produktregistrierung.lnk => C:\Windows\pss\Logitech . Produktregistrierung.lnk.Startup MSCONFIG\startupreg: Adobe Photo Downloader => "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" MSCONFIG\startupreg: AllShareAgent => C:\Program Files\Samsung\AllShare\AllShareAgent.exe MSCONFIG\startupreg: AmazonMP3DownloaderHelper => C:\Users\RAaM2\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe MSCONFIG\startupreg: CanonSolutionMenu => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon MSCONFIG\startupreg: CLMLServer => "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe" MSCONFIG\startupreg: Eraser => "C:\PROGRA~1\Eraser\Eraser.exe" --atRestart MSCONFIG\startupreg: KiesPDLR => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe MSCONFIG\startupreg: KiesPreload => C:\Program Files\Samsung\Kies\Kies.exe /preload MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe MSCONFIG\startupreg: OpwareSE4 => "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" MSCONFIG\startupreg: PC Suite Tray => "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe ========================= Accounts: ========================== Administrator (S-1-5-21-837243161-1062950140-3748333167-500 - Administrator - Disabled) ASPNET (S-1-5-21-837243161-1062950140-3748333167-1002 - Limited - Enabled) Christa (S-1-5-21-837243161-1062950140-3748333167-1007 - Administrator - Enabled) => C:\Users\Christa Gast (S-1-5-21-837243161-1062950140-3748333167-501 - Limited - Enabled) => C:\Users\Gast HomeGroupUser$ (S-1-5-21-837243161-1062950140-3748333167-1005 - Limited - Enabled) RAaM2 (S-1-5-21-837243161-1062950140-3748333167-1000 - Administrator - Enabled) => C:\Users\RAaM2 Sarah (S-1-5-21-837243161-1062950140-3748333167-1006 - Administrator - Enabled) => C:\Users\Sarah ==================== Faulty Device Manager Devices ============= Name: Teredo Tunneling Pseudo-Interface Description: Microsoft-Teredo-Tunneling-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: Bluetooth-Peripheriegerät Description: Bluetooth-Peripheriegerät Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (01/15/2015 08:11:13 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: SpfService.exe, Version: 1.3.0.9090, Zeitstempel: 0x4e684be0 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea91c Ausnahmecode: 0xc0000005 Fehleroffset: 0x0005d032 ID des fehlerhaften Prozesses: 0xc68 Startzeit der fehlerhaften Anwendung: 0xSpfService.exe0 Pfad der fehlerhaften Anwendung: SpfService.exe1 Pfad des fehlerhaften Moduls: SpfService.exe2 Berichtskennung: SpfService.exe3 Error: (01/15/2015 05:37:15 PM) (Source: SamsungAllShareV2.0) (EventID: 0) (User: ) Description: Der Dienst kann nicht gestartet werden. System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt. bei AllShareDmsUtil.Configuration.ConfigurationManager.GetSharingFolderList() bei AllShareDmsUtil.Manager.AllShareDmsManager.LoadSharingFolderList() bei AllShareDmsUtil.Manager.AllShareDmsManager.InitContentsDirectoryManager() bei AllShareDmsUtil.Manager.AllShareDmsManager.Initialize() bei AllShareDmsUtil.Manager.AllShareDmsManager..ctor() bei AllShareDmsUtil.Manager.AllShareDmsManager.get_Instance() bei AllShareDMS.AllShareDMS.DoStart() bei AllShareDMS.AllShareDMS.OnStart(String[] args) bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state) Error: (01/15/2015 05:32:32 PM) (Source: Windows Search Service) (EventID: 7010) (User: ) Description: Der Index kann nicht initialisiert werden. Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Error: (01/15/2015 05:32:32 PM) (Source: Windows Search Service) (EventID: 3058) (User: ) Description: Die Anwendung kann nicht initialisiert werden. Kontext: Windows Anwendung Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Error: (01/15/2015 05:32:32 PM) (Source: Windows Search Service) (EventID: 3028) (User: ) Description: Das Gatherer-Objekt kann nicht initialisiert werden. Kontext: Windows Anwendung, SystemIndex Katalog Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Error: (01/15/2015 05:32:32 PM) (Source: Windows Search Service) (EventID: 3029) (User: ) Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden. Kontext: Windows Anwendung, SystemIndex Katalog Details: Element nicht gefunden. (HRESULT : 0x80070490) (0x80070490) Error: (01/15/2015 05:32:27 PM) (Source: Windows Search Service) (EventID: 3029) (User: ) Description: Plug-In in <Search.JetPropStore> kann nicht initialisiert werden. Kontext: Windows Anwendung, SystemIndex Katalog Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Error: (01/15/2015 05:32:27 PM) (Source: Windows Search Service) (EventID: 9002) (User: ) Description: Die Eigenschaftenspeicherdaten können von Windows Search nicht geladen werden. Kontext: Windows Anwendung, SystemIndex Katalog Details: Die Inhaltsindexdatenbank ist fehlerhaft. (HRESULT : 0xc0041800) (0xc0041800) Error: (01/15/2015 05:32:27 PM) (Source: Windows Search Service) (EventID: 7042) (User: ) Description: Windows Search wird aufgrund eines Problems bei der Indizierung The catalog is corrupt beendet. Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Error: (01/15/2015 05:32:27 PM) (Source: Windows Search Service) (EventID: 7040) (User: ) Description: Vom Suchdienst wurden beschädigte Datendateien im Index {id=4700} erkannt. Vom Dienst wird versucht, dieses Problem durch Neuerstellung des Indexes automatisch zu beheben. Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) System errors: ============= Error: (01/15/2015 08:11:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "VAIO Entertainment Common Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (01/15/2015 05:41:50 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: Der Dienst "Windows Update" wurde nicht richtig gestartet. Error: (01/15/2015 05:38:43 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst eventlog erreicht. Error: (01/15/2015 05:33:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (01/15/2015 05:33:03 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Search erreicht. Error: (01/15/2015 05:33:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (01/15/2015 05:33:02 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Search erreicht. Error: (01/15/2015 05:33:02 PM) (Source: DCOM) (EventID: 10005) (User: ) Description: 1053WSearch{9E175B6D-F52A-11D8-B9A5-505054503030} Error: (01/15/2015 05:32:33 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts. Error: (01/15/2015 05:32:33 PM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073473535. Microsoft Office Sessions: ========================= Error: (01/15/2015 08:11:13 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: SpfService.exe1.3.0.90904e684be0ntdll.dll6.1.7601.18247521ea91cc00000050005d032c6801d030e0dd1df540C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exeC:\Windows\SYSTEM32\ntdll.dll4517b760-9cea-11e4-b9b7-000a94176540 Error: (01/15/2015 05:37:15 PM) (Source: SamsungAllShareV2.0) (EventID: 0) (User: ) Description: Der Dienst kann nicht gestartet werden. System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt. bei AllShareDmsUtil.Configuration.ConfigurationManager.GetSharingFolderList() bei AllShareDmsUtil.Manager.AllShareDmsManager.LoadSharingFolderList() bei AllShareDmsUtil.Manager.AllShareDmsManager.InitContentsDirectoryManager() bei AllShareDmsUtil.Manager.AllShareDmsManager.Initialize() bei AllShareDmsUtil.Manager.AllShareDmsManager..ctor() bei AllShareDmsUtil.Manager.AllShareDmsManager.get_Instance() bei AllShareDMS.AllShareDMS.DoStart() bei AllShareDMS.AllShareDMS.OnStart(String[] args) bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state) Error: (01/15/2015 05:32:32 PM) (Source: Windows Search Service) (EventID: 7010) (User: ) Description: Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Error: (01/15/2015 05:32:32 PM) (Source: Windows Search Service) (EventID: 3058) (User: ) Description: Kontext: Windows Anwendung Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Error: (01/15/2015 05:32:32 PM) (Source: Windows Search Service) (EventID: 3028) (User: ) Description: Kontext: Windows Anwendung, SystemIndex Katalog Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Error: (01/15/2015 05:32:32 PM) (Source: Windows Search Service) (EventID: 3029) (User: ) Description: Kontext: Windows Anwendung, SystemIndex Katalog Details: Element nicht gefunden. (HRESULT : 0x80070490) (0x80070490) Search.TripoliIndexer Error: (01/15/2015 05:32:27 PM) (Source: Windows Search Service) (EventID: 3029) (User: ) Description: Kontext: Windows Anwendung, SystemIndex Katalog Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Search.JetPropStore Error: (01/15/2015 05:32:27 PM) (Source: Windows Search Service) (EventID: 9002) (User: ) Description: Kontext: Windows Anwendung, SystemIndex Katalog Details: Die Inhaltsindexdatenbank ist fehlerhaft. (HRESULT : 0xc0041800) (0xc0041800) Error: (01/15/2015 05:32:27 PM) (Source: Windows Search Service) (EventID: 7042) (User: ) Description: Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) The catalog is corrupt Error: (01/15/2015 05:32:27 PM) (Source: Windows Search Service) (EventID: 7040) (User: ) Description: Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) 4700 ==================== Memory info =========================== Processor: Intel(R) Core(TM)2 Quad CPU Q8300 @ 2.50GHz Percentage of memory in use: 74% Total physical RAM: 3071.3 MB Available physical RAM: 794.41 MB Total Pagefile: 7165.59 MB Available Pagefile: 2374.06 MB Total Virtual: 2047.88 MB Available Virtual: 1900.45 MB ==================== Drives ================================ Drive c: (Boot) (Fixed) (Total:910.41 GB) (Free:756.54 GB) NTFS Drive d: (Recover) (Fixed) (Total:20 GB) (Free:10.34 GB) NTFS Drive e: (MyBook) (Fixed) (Total:2794.49 GB) (Free:2218.81 GB) NTFS Drive p: (Expansion) (Fixed) (Total:465.76 GB) (Free:439.39 GB) NTFS Drive q: (maxi n.u) (Fixed) (Total:465.76 GB) (Free:0 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: 9E009E00) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=910.4 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=20 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=1 GB) - (Type=12) ======================================================== Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: BA7E796E) Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS) Attempted reading MBR returned 0 bytes. Could not read MBR for disk 2. ======================================================== Disk: 6 (Size: 465.8 GB) (Disk ID: E5A677E1) Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
15.01.2015, 21:23 | #12 |
/// Winkelfunktion /// TB-Süch-Tiger™ | db22.exe wurde von Stinger gefunden aber nicht gelöscht Sagmal, ist das ein gewerblich genutztes System?
__________________ Logfiles bitte immer in CODE-Tags posten |
15.01.2015, 22:07 | #13 |
| db22.exe wurde von Stinger gefunden aber nicht gelöscht FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-01-2015 01 Ran by RAaM2 (administrator) on RAINER-PC on 15-01-2015 21:21:03 Running from C:\Users\RAaM2\Desktop Loaded Profiles: RAaM2 (Available profiles: RAaM2 & Sarah & Christa & Gast) Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (REINER SCT) C:\Windows\System32\cjpcsc.exe (MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (Teruten) C:\Windows\System32\FsUsbExService.Exe (Nitro PDF Software) C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe (Sony Corporation) C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe () C:\Windows\System32\PSIService.exe () C:\Program Files\Macrium\Reflect\ReflectService.exe () C:\Program Files\CyberLink\Shared files\RichVideo.exe (DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH) C:\Program Files\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files\StarMoney 9.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe () C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe (Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (X10) C:\Program Files\Common Files\X10\Common\X10nets.exe () C:\Program Files\002\yewimmxqbs32.exe (Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Google Inc.) C:\Program Files\Google\Update\1.3.25.11\GoogleCrashHandler.exe () C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe (Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe () C:\Windows\System32\UMonit.exe () C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe (Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe () C:\Program Files\ZOOM\Edit_Share\bin\ZOOM Edit&Share startup.exe (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe (Sony Corporation) C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Google) C:\Program Files\Google\Drive\googledrivesync.exe (Microsoft Corporation) C:\Users\RAaM2\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Samsung) C:\Program Files\Samsung\Kies\Kies.exe (Samsung) C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe (Google) C:\Program Files\Google\Drive\googledrivesync.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (Dropbox, Inc.) C:\Users\RAaM2\AppData\Roaming\Dropbox\bin\Dropbox.exe (Sony Corporation) C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDms.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe () C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe () C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe () C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe () C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe () C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe () C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe (Google Inc.) C:\Users\RAaM2\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\RAaM2\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\RAaM2\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\RAaM2\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\RAaM2\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\RAaM2\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\RAaM2\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\RAaM2\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\RAaM2\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\RAaM2\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\RAaM2\AppData\Local\Google\Chrome\Application\chrome.exe (Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe (Google Inc.) C:\Users\RAaM2\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\RAaM2\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Google Quick Search Box] => C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe [122880 2009-11-27] (Google Inc.) HKLM\...\Run: [NetFxUpdate_v1.1.4322] => C:\Windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe [106496 2004-08-10] (Microsoft) HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1603152 2007-09-13] (CANON INC.) HKLM\...\Run: [SSBkgdUpdate] => C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.) HKLM\...\Run: [WrtMon.exe] => C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exe [20480 2006-09-20] () HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation) HKLM\...\Run: [NPSStartup] => [X] HKLM\...\Run: [UMonit] => C:\Windows\system32\UMonit.exe [200704 2007-06-18] () HKLM\...\Run: [BigDog303] => C:\Windows\VM303_STI.EXE [61440 2006-01-24] (Vimicro) HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated) HKLM\...\Run: [WD Quick View] => C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe [5562736 2014-07-22] (Western Digital Technologies, Inc.) HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation) HKLM\...\Run: [Path] => C:\Program Files\ZOOM\Edit_Share\bin\ZOOM Edit&Share startup.exe [1989632 2012-06-08] () HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2296600 2013-07-31] (Logitech, Inc.) HKLM\...\Run: [PMBVolumeWatcher] => C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2707992 2014-09-03] (Sony Corporation) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12021464 2014-05-09] (Realtek Semiconductor) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.) Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) HKU\S-1-5-21-837243161-1062950140-3748333167-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-11-27] (Google Inc.) HKU\S-1-5-21-837243161-1062950140-3748333167-1000\...\Run: [Google Update] => C:\Users\RAaM2\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-18] (Google Inc.) HKU\S-1-5-21-837243161-1062950140-3748333167-1000\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google) HKU\S-1-5-21-837243161-1062950140-3748333167-1000\...\Run: [SkyDrive] => C:\Users\RAaM2\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [277672 2014-09-25] (Microsoft Corporation) HKU\S-1-5-21-837243161-1062950140-3748333167-1000\...\Run: [KiesPreload] => C:\Program Files\Samsung\Kies\Kies.exe [1565504 2014-12-16] (Samsung) HKU\S-1-5-21-837243161-1062950140-3748333167-1000\...\Run: [KiesPDLR.exe] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845120 2014-12-16] (Samsung) HKU\S-1-5-21-837243161-1062950140-3748333167-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5489944 2014-12-12] (Piriform Ltd) HKU\S-1-5-21-837243161-1062950140-3748333167-1000\...\Policies\Explorer: [NoFolderOptions] 0 HKU\S-1-5-21-837243161-1062950140-3748333167-1000\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-21-837243161-1062950140-3748333167-1000\...\MountPoints2: {46bb24e7-c704-11e2-bb50-4061864d3aa8} - F:\setup_vmb_lite.exe /checkApplicationPresence Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.) Startup: C:\Users\RAaM2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\RAaM2\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-837243161-1062950140-3748333167-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-837243161-1062950140-3748333167-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ HKU\S-1-5-21-837243161-1062950140-3748333167-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com/ SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = SearchScopes: HKU\S-1-5-21-837243161-1062950140-3748333167-1000 -> DefaultScope {4128802F-8A28-42C8-A441-F464AA11DDFD} URL = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7GFRE_deDE355 SearchScopes: HKU\S-1-5-21-837243161-1062950140-3748333167-1000 -> {16639E9F-A73B-4829-BF1B-C8E7FA2A33A7} URL = hxxp://rover.ebay.com/rover/1/707-37276-23097-0/4?satitle={searchTerms} SearchScopes: HKU\S-1-5-21-837243161-1062950140-3748333167-1000 -> {17E5117F-F86D-40CA-B89B-2C5B34D78C4B} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&tag=iesearch-21&index=blended&linkCode=qs&camp=1789&creative=9325&keywords={searchTerms} SearchScopes: HKU\S-1-5-21-837243161-1062950140-3748333167-1000 -> {2BE66F85-635A-44FC-96C2-6CF411D6FAFE} URL = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms} SearchScopes: HKU\S-1-5-21-837243161-1062950140-3748333167-1000 -> {4128802F-8A28-42C8-A441-F464AA11DDFD} URL = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7GFRE_deDE355 SearchScopes: HKU\S-1-5-21-837243161-1062950140-3748333167-1000 -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = SearchScopes: HKU\S-1-5-21-837243161-1062950140-3748333167-1000 -> {7616FC6D-7F42-41D3-8FAA-C4F318003C6D} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&tag=iesearchde-21&index=blended&linkCode=qs&camp=1789&creative=9325&keywords={searchTerms} SearchScopes: HKU\S-1-5-21-837243161-1062950140-3748333167-1000 -> {945F02B5-2F33-4B96-8841-835C510EC8C2} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&tag=iesearchde-21&index=blended&linkCode=qs&camp=1789&creative=9325&keywords={searchTerms} SearchScopes: HKU\S-1-5-21-837243161-1062950140-3748333167-1000 -> {A8A65AC0-056A-4CEE-9936-3FE3098CF4EA} URL = hxxp://suche.t-online.de/fast-cgi/tsc?q={searchTerms}&sr=searchbar SearchScopes: HKU\S-1-5-21-837243161-1062950140-3748333167-1000 -> {BC87AC6A-4758-4D2A-94EC-84CD4274D282} URL = hxxp://suche.web.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin SearchScopes: HKU\S-1-5-21-837243161-1062950140-3748333167-1000 -> {BCB7F24B-F6E1-4BB1-BE9E-BF32BFE7DEA4} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&index=blended&linkCode=ur2&camp=1638&creative=6742&tag=iepluginsearch-21 SearchScopes: HKU\S-1-5-21-837243161-1062950140-3748333167-1000 -> {D691082F-E5F2-40CE-8941-3106EBE25670} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-837243161-1062950140-3748333167-1000 -> {EFDAAA28-5D6C-40C3-80EF-43B71364A10F} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&tag=iesearchde-21&index=blended&linkCode=qs&camp=1789&creative=9325&keywords={searchTerms} BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.) BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKU\S-1-5-21-837243161-1062950140-3748333167-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File Toolbar: HKU\S-1-5-21-837243161-1062950140-3748333167-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {FD3FF62E-61A7-48EE-A4A4-97CE7BD1F99D} https://eplace-eu.solvay.com/postauthACC/SodaAgent.CAB Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\RAaM2\AppData\Roaming\Mozilla\Firefox\Profiles\vs2ls8wg.default FF Homepage: hxxp://www.google.de/ FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_257.dll () FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.4 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @nitropdf.com/NitroPDF -> C:\Program Files\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF) FF Plugin: @real.com/nppl3260;version=6.0.12.448 -> C:\Program Files\Win7codecs\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=6.0.12.448 -> C:\Program Files\Win7codecs\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-837243161-1062950140-3748333167-1000: @tools.google.com/Google Update;version=3 -> C:\Users\RAaM2\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKU\S-1-5-21-837243161-1062950140-3748333167-1000: @tools.google.com/Google Update;version=9 -> C:\Users\RAaM2\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKU\S-1-5-21-837243161-1062950140-3748333167-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\RAaM2\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF SearchPlugin: C:\Users\RAaM2\AppData\Roaming\Mozilla\Firefox\Profiles\vs2ls8wg.default\searchplugins\conduit.xml FF Extension: vis - C:\Users\RAaM2\AppData\Roaming\Mozilla\Firefox\Profiles\vs2ls8wg.default\Extensions\EFGLQA@78ETGYN-0W7FN789T87.COM [2013-11-13] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-07-31] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-09-01] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012-10-22] FF HKLM\...\Firefox\Extensions: [ClickPotatoLite@ClickPotatoLite.com] - C:\Program Files\ClickPotatoLite\bin\10.0.628.0\firefox\extensions FF HKLM\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-05-27] FF HKU\S-1-5-21-837243161-1062950140-3748333167-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] Chrome: ======= CHR HomePage: Default -> hxxp://www.google.com/ CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Users\RAaM2\AppData\Local\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Users\RAaM2\AppData\Local\Google\Chrome\Application\39.0.2171.95\pdf.dll () CHR Plugin: (Shockwave Flash) - C:\Users\RAaM2\AppData\Local\Google\Chrome\Application\39.0.2171.95\gcswf32.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation) CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll No File CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll No File CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File CHR Plugin: (DivX Player Netscape Plugin) - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) CHR Plugin: (DivX Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Win7codecs\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Win7codecs\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll No File CHR Profile: C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (DER SPIEGEL) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aafpbllkmchckcndlogpofcepplhndlg [2012-11-16] CHR Extension: (Quick Sidebar) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ainbkicbloikcngphmjfpjdemblcojdd [2014-06-15] CHR Extension: (Google Drive) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-04-04] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-04] CHR Extension: (YouTube) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-17] CHR Extension: (Google Cast) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-03-20] CHR Extension: (Adblock Plus) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-04-01] CHR Extension: (Kindle Cloud Reader) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnemmpobpfaichgccgcilgncfigplmol [2014-11-11] CHR Extension: (Google-Suche) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-17] CHR Extension: (hxxp://tunein.com/) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\dblgfaikinhoidnoieheigjobmlkhcjc [2013-06-30] CHR Extension: (Logitech Smooth Scrolling) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2014-05-27] CHR Extension: (Google News) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\dllkocilcinkggkchnjgegijklcililc [2013-01-10] CHR Extension: (Simple Google bookmarks) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\dobhkcpfdpfhghdmiecokllfjiemfmgm [2012-10-22] CHR Extension: (Cut the Rope) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkddaofiamhgfjmaccfcfpfolpgbeomj [2012-12-31] CHR Extension: (Dropbox) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2013-04-05] CHR Extension: (SoundCloud) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipebkipbeggmmkjjljenoblnfaenambp [2013-04-06] CHR Extension: (Scratchpad) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjebfhglflhjjjiceimfkgicifkhjlnm [2012-11-16] CHR Extension: (Super Mario Flash 2 Spiel) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\knbkkfblonehbjjkdfiejflknbokmame [2013-09-23] CHR Extension: (Google Play) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2012-12-07] CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-10] CHR Extension: (Google Maps) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2013-01-10] CHR Extension: (OneDrive) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffchahhjecejoiigmnhhicpoabngedk [2013-04-03] CHR Extension: (LocalChromecast Player) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmladpigjlinmngadjgfogblnmddndcp [2014-03-25] CHR Extension: (Google Wallet) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21] CHR Extension: (Google Chrome to Phone Extension) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco [2012-11-24] CHR Extension: (TV Movie Fernsehprogramm) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\omigcnbanchckjpihkioagdjjdhkhhdh [2013-10-05] CHR Extension: (Wetter) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\paafljigflaodeomfbpjcggedcilkoop [2013-01-10] CHR Extension: (Quick start) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma [2014-06-15] CHR Extension: (Google Mail) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-17] CHR HKLM\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path CHR HKLM\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:\Users\RAaM2\AppData\Roaming\BabSolution\CR\Delta.crx [Not Found] CHR HKLM\...\Chrome\Extension: [mkndcbhcgphcfkkddanakjiepeknbgle] - C:\Program Files\RelevantKnowledge\rlcm.crx [Not Found] CHR HKU\S-1-5-21-837243161-1062950140-3748333167-1000\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path CHR StartMenuInternet: Google Chrome - C:\Users\RAaM2\AppData\Local\Google\Chrome\Application\chrome.exe ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 cjpcsc; C:\Windows\system32\cjpcsc.exe [514128 2012-03-19] (REINER SCT) R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1155072 2009-02-03] (MAGIX AG) [File not signed] S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®) [File not signed] R2 FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [233472 2013-04-18] (Teruten) [File not signed] S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.) R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation) R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation) R2 NitroReaderDriverReadSpool3; C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe [196624 2013-03-26] (Nitro PDF Software) R2 PMBDeviceInfoProvider; C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [484888 2014-09-03] (Sony Corporation) R2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [177704 2007-06-05] () S3 PS3 Media Server; C:\Program Files\PS3 Media Server\win32\service\wrapper.exe [217088 2008-08-17] () [File not signed] R2 ReflectService; C:\Program Files\Macrium\Reflect\ReflectService.exe [220128 2009-11-12] () R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [244904 2009-07-27] () [File not signed] S2 SamsungAllShareV2.0; C:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [25504 2012-01-19] (Samsung Electronics Co., Ltd.) S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [657408 2009-10-27] (Nokia) [File not signed] S3 SimpleSlideShowServer; C:\Program Files\Samsung\AllShare\AllShareSlideShowService.exe [27584 2012-03-02] (Samsung Electronics Co., Ltd.) R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.) R2 StarMoney 8.0 OnlineUpdate; C:\Program Files\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe [699680 2012-12-21] (Star Finanz - Software Entwicklung und Vertriebs GmbH) R2 StarMoney 9.0 OnlineUpdate; C:\Program Files\StarMoney 9.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe [697488 2014-07-04] (Star Finanz-Software Entwicklung und Vertriebs GmbH) R2 Verifies and fixes application compatibility issues; C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe [91304 2015-01-12] () R2 WDBackup; C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-12-02] (Western Digital Technologies, Inc.) R2 WDDriveService; C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-06-02] (Western Digital Technologies, Inc.) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation) U2 x10nets; C:\Program Files\Common Files\X10\Common\X10nets.exe [20480 2001-11-12] (X10) [File not signed] R2 yewimmxqbs32; C:\Program Files\002\yewimmxqbs32.exe [541696 2014-04-27] () [File not signed] S2 mfevtp; "C:\Windows\system32\mfevtps.exe" [X] S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 bizVSerial; C:\Windows\System32\drivers\bizVSerialNT.sys [14949 2007-05-31] (franson.biz) [File not signed] R3 cjusb; C:\Windows\System32\DRIVERS\cjusb.sys [28144 2011-03-29] (REINER SCT) S3 DIGIFW; C:\Windows\System32\DRIVERS\digifw.sys [167952 2010-10-23] (Avid Technology, Inc.) R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-04-18] () [File not signed] R3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [28312 2013-05-23] (Logitech, Inc.) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation) R2 NPF; C:\Windows\System32\drivers\npf.sys [50704 2009-10-20] (CACE Technologies, Inc.) S3 NxpCap; C:\Windows\System32\DRIVERS\NxpCap.sys [1488096 2009-07-30] (NXP Semiconductors Germany GmbH) S3 PSMounter; C:\Windows\system32\drivers\psmounter.sys [32736 2009-11-12] (Macrium Software) R0 pssnap; C:\Windows\System32\DRIVERS\pssnap.sys [15328 2008-05-20] (Macrium Software) R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [36624 2006-11-02] (Sonic Solutions) [File not signed] S3 RTL8187B; C:\Windows\System32\DRIVERS\rtl8187B.sys [379904 2010-03-31] (Realtek Semiconductor Corporation ) R0 TPkd; C:\Windows\system32\Drivers\TPkd.sys [93304 2010-09-26] (PACE Anti-Piracy, Inc.) R3 TrdCap; C:\Windows\System32\DRIVERS\TrdCap.sys [1554472 2010-06-09] (Trident Microsystems, Inc.) R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [13720 2009-05-13] (X10 Wireless Technology, Inc.) R3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27160 2009-05-13] (X10 Wireless Technology, Inc.) S3 ZMGHPAudioSrv; C:\Windows\System32\drivers\zmghpau.sys [38016 2011-02-18] (ZOOM) S3 ZSMC303; C:\Windows\System32\Drivers\usbVM303.sys [391300 2006-02-23] (Vimicro Corporation) R0 mfehidk; system32\drivers\mfehidk.sys [X] S0 mferkdet; system32\drivers\mferkdet.sys [X] S1 muhilvre; \??\C:\Windows\system32\drivers\muhilvre.sys [X] S3 upperdev; system32\DRIVERS\usbser_lowerflt.sys [X] S2 WiseFS; \??\H:\Folders\Software\WFH\Wise Folder Hider\WiseFs32.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-15 21:21 - 2015-01-15 21:21 - 00036522 _____ () C:\Users\RAaM2\Desktop\FRST.txt 2015-01-15 21:20 - 2015-01-15 21:09 - 01116672 _____ (Farbar) C:\Users\RAaM2\Downloads\FRST.exe 2015-01-15 21:10 - 2015-01-15 21:21 - 00000000 ____D () C:\FRST 2015-01-15 21:08 - 2015-01-15 21:09 - 01116672 _____ (Farbar) C:\Users\RAaM2\Desktop\FRST.exe 2015-01-15 18:11 - 2015-01-15 21:05 - 00001287 _____ () C:\Users\RAaM2\Downloads\Stinger_15012015_181146.html 2015-01-15 18:11 - 2015-01-15 18:11 - 00179600 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe.e39d.deleteme 2015-01-15 17:30 - 2015-01-15 17:57 - 00000865 _____ () C:\Windows\setupact.log 2015-01-15 17:30 - 2015-01-15 17:30 - 00000000 _____ () C:\Windows\setuperr.log 2015-01-15 16:45 - 2015-01-15 14:05 - 04188536 _____ (Piriform Ltd) C:\Users\RAaM2\Downloads\ccsetup501_slim.exe 2015-01-15 16:43 - 2015-01-15 21:09 - 00000114 ___RH () C:\Users\RAaM2\Downloads\Stinger.opt 2015-01-15 13:32 - 2015-01-15 13:32 - 00014029 _____ () C:\Users\RAaM2\Downloads\hijackthis.log 2015-01-15 13:22 - 2015-01-15 13:27 - 00388608 _____ (Trend Micro Inc.) C:\Users\RAaM2\Downloads\HiJackThis204.exe 2015-01-15 13:13 - 2015-01-15 13:13 - 00000000 ____D () C:\Quarantine 2015-01-15 13:07 - 2015-01-15 16:38 - 00001073 _____ () C:\Users\RAaM2\Downloads\Stinger_15012015_130717.html 2015-01-15 13:06 - 2015-01-15 21:09 - 00000000 ____D () C:\Program Files\stinger 2015-01-15 13:00 - 2015-01-15 13:04 - 11165552 _____ (McAfee Inc) C:\Users\RAaM2\Downloads\stinger32.exe 2015-01-14 17:28 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2015-01-14 17:28 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-01-14 17:27 - 2014-12-19 03:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2015-01-14 17:27 - 2014-12-11 18:47 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2015-01-14 17:27 - 2014-12-06 04:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll 2015-01-14 17:26 - 2014-12-19 02:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2015-01-14 17:17 - 2015-01-14 17:52 - 00000000 ____D () C:\Users\RAaM2\AppData\Roaming\Compatibility Verifier 2015-01-13 20:08 - 2015-01-15 21:07 - 00000112 _____ () C:\ProgramData\W4Gisl.dat 2015-01-13 20:08 - 2015-01-13 20:08 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia 2015-01-13 20:08 - 2015-01-13 20:08 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Adobe 2015-01-13 20:08 - 2015-01-13 20:08 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia 2015-01-13 20:08 - 2015-01-13 20:08 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Adobe 2015-01-13 20:06 - 2015-01-15 17:35 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Compatibility Verifier 2015-01-13 20:06 - 2015-01-15 17:35 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Compatibility Verifier 2015-01-01 18:05 - 2014-10-13 06:57 - 00184192 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudmdm.sys 2015-01-01 18:05 - 2014-10-13 06:57 - 00089856 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudbus.sys 2014-12-28 19:40 - 2014-12-28 19:40 - 00001221 _____ () C:\Users\RAaM2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TrayIt!.lnk 2014-12-28 19:39 - 2014-12-28 19:39 - 00000000 ____D () C:\Program Files\trayit_4_6_5_5 2014-12-28 19:35 - 2014-12-28 19:35 - 00000000 ____D () C:\Users\RAaM2\Downloads\nw_7668_trayitzip 2014-12-28 19:33 - 2014-12-28 19:33 - 00335253 _____ () C:\Users\RAaM2\Downloads\nw_7668_trayitzip.zip 2014-12-19 15:21 - 2014-12-19 15:21 - 04330507 _____ () C:\Users\RAaM2\Downloads\Tip0000-Download-Paket-Demo.zip 2014-12-18 12:05 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-15 21:15 - 2011-07-22 21:58 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-837243161-1062950140-3748333167-1000UA.job 2015-01-15 21:11 - 2014-01-02 12:16 - 00000000 ____D () C:\Program Files\StarMoney 9.0 S-Edition 2015-01-15 20:56 - 2009-11-27 21:31 - 01072621 _____ () C:\Windows\WindowsUpdate.log 2015-01-15 20:35 - 2013-10-04 16:48 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-01-15 20:33 - 2010-02-15 22:55 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-01-15 18:06 - 2009-07-14 05:34 - 00018512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-01-15 18:06 - 2009-07-14 05:34 - 00018512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-01-15 17:32 - 2013-04-05 19:39 - 00000000 ___RD () C:\Users\RAaM2\Dropbox 2015-01-15 17:32 - 2013-04-05 19:34 - 00000000 ____D () C:\Users\RAaM2\AppData\Roaming\Dropbox 2015-01-15 17:32 - 2013-04-03 15:10 - 00000000 ___RD () C:\Users\RAaM2\SkyDrive 2015-01-15 17:31 - 2013-01-26 20:32 - 00000000 ___RD () C:\Users\RAaM2\Google Drive 2015-01-15 17:30 - 2014-07-14 18:35 - 00008192 _____ () C:\Windows\system32\WDPABKP.dat 2015-01-15 17:30 - 2010-02-15 22:55 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-01-15 17:30 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-01-15 17:14 - 2010-05-09 20:30 - 00000000 ____D () C:\Windows\Minidump 2015-01-15 17:11 - 2013-08-15 23:30 - 00000000 ____D () C:\Users\RAaM2\Desktop\Tools 2015-01-15 16:47 - 2014-01-29 13:10 - 00000000 ____D () C:\Program Files\CCleaner 2015-01-15 12:15 - 2011-07-22 21:58 - 00001068 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-837243161-1062950140-3748333167-1000Core.job 2015-01-14 18:36 - 2012-10-24 17:25 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-01-14 18:36 - 2011-05-16 12:46 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2015-01-14 17:12 - 2013-08-15 23:45 - 00000000 ____D () C:\Windows\system32\MRT 2015-01-14 16:45 - 2009-09-24 16:13 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-01-14 15:36 - 2009-11-27 21:31 - 00000000 ____D () C:\Users\RAaM2 2015-01-14 15:36 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\wfp 2015-01-14 15:34 - 2014-10-10 17:19 - 00000000 ____D () C:\Users\RAaM2\AppData\Roaming\Telegram Win (Unofficial) 2015-01-14 15:34 - 2013-08-15 23:28 - 00000000 ____D () C:\Users\RAaM2\Desktop\Handy 2015-01-14 15:34 - 2013-07-03 14:56 - 00000000 ____D () C:\ProgramData\Package Cache 2015-01-14 15:34 - 2012-03-10 15:38 - 00000000 ____D () C:\Users\Sarah 2015-01-14 15:34 - 2010-10-24 13:21 - 00000000 ____D () C:\Users\Christa 2015-01-14 15:34 - 2010-07-10 16:42 - 00000000 ____D () C:\ProgramData\McAfee Security Scan 2015-01-14 15:34 - 2010-01-16 12:23 - 00000000 ____D () C:\Users\Gast 2015-01-14 15:34 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE 2015-01-14 15:33 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\registration 2015-01-14 15:32 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2015-01-13 22:45 - 2009-09-24 15:43 - 01649492 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-01-02 17:15 - 2009-12-05 20:19 - 00000404 _____ () C:\Windows\Tasks\1-Klick-Wartung.job 2015-01-01 14:41 - 2013-11-12 23:15 - 00000000 ____D () C:\Users\RAaM2\Documents\SelfMV 2014-12-31 12:13 - 2009-10-05 17:03 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-12-23 19:41 - 2012-08-03 16:13 - 00000000 ____D () C:\Users\RAaM2\AppData\Roaming\Skype 2014-12-22 21:22 - 2014-10-22 14:02 - 00000000 ___RD () C:\Program Files\Skype 2014-12-22 21:22 - 2012-08-03 16:13 - 00000000 ____D () C:\ProgramData\Skype 2014-12-19 15:25 - 2009-12-05 01:01 - 00000000 ____D () C:\Users\RAaM2\AppData\Roaming\vlc 2014-12-17 21:27 - 2009-12-02 23:08 - 00002648 _____ () C:\Users\RAaM2\AppData\Roaming\wklnhst.dat 2014-12-17 17:45 - 2013-04-05 19:36 - 00000000 ____D () C:\Users\RAaM2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox Files to move or delete: ==================== C:\ProgramData\W4Gisl.dat Some content of TEMP: ==================== C:\Users\Gast\AppData\Local\Temp\{7815BC09-5CB0-49E5-B205-E2E29FD09BC9}-21.0.1180.60_chrome_installer.exe C:\Users\RAaM2\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp9tjfpi.dll C:\Users\RAaM2\AppData\Local\Temp\repair4.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2013-10-31 09:04 ==================== End Of Log ============================ --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- [/CODE] Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-01-2015 01 Ran by RAaM2 at 2015-01-15 21:21:55 Running from C:\Users\RAaM2\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1} AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.20 (HKLM\...\7-Zip) (Version: - ) AC3Filter 2.6.0b (HKLM\...\AC3Filter_is1) (Version: 2.6.0b - Alexander Vigovsky) Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation) Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated) Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated) Adobe Reader XI (11.0.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) Adobe Shockwave Player 11.5 (HKLM\...\Adobe Shockwave Player) (Version: 11.5.1.601 - Adobe Systems, Inc.) Adobe® Photoshop® Album Starter Edition 3.2 (HKLM\...\Adobe® Photoshop® Album Starter Edition 3.2) (Version: 3.2.0 - hxxp://www.adobe.de) ALDI Foto Service (HKLM\...\ALDI Foto Service D) (Version: 4.5.9.141 - MAGIX AG) ALDI Nord Foto Manager Free (HKLM\...\ALDI Nord Foto Manager Free D) (Version: 6.0.1.491 - MAGIX AG) Aldi Nord Fotoservice (HKLM\...\Aldi Nord Fotoservice_is1) (Version: - ) ALDI Nord Online Druck Service (HKLM\...\ALDI Nord Online Druck Service D) (Version: 4.5.1.0 - MAGIX AG) Amazon MP3-Downloader 1.0.18 (HKU\S-1-5-21-837243161-1062950140-3748333167-1000\...\Amazon MP3-Downloader) (Version: 1.0.18 - Amazon Services LLC) Android SDK Tools (HKLM\...\Android SDK Tools) (Version: 1.16 - Google Inc.) Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.) Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) ASIO4ALL (HKLM\...\ASIO4ALL) (Version: - ) Audacity 2.0.3 (HKLM\...\Audacity_is1) (Version: 2.0.3 - Audacity Team) AudioCon (HKLM\...\AudioCon) (Version: 1.0 - Basement Softworks) Audiograbber 1.83 SE (HKLM\...\Audiograbber) (Version: 1.83 SE - Audiograbber) Audiograbber MP3-Plugin (HKLM\...\Audiograbber-Lame) (Version: 1.0 - AG) Avid Mbox 2 Pro Driver (x86) (HKLM\...\{DEE30D6A-B4B5-4F34-9554-312DD969F5EA}) (Version: 9.0 - Avid Technology, Inc.) BestPractice (remove only) (HKLM\...\BestPractice) (Version: - ) CamStudio (HKLM\...\CamStudio) (Version: - ) CamStudio Lossless Codec v1.4 (HKLM\...\CamStudio Lossless Codec_is1) (Version: - (c) 2003 RenderSoft Software, Modifications Copyright © 2008 Jake P.) Canon IJ Network Scan Utility (HKLM\...\Canon_IJ_Network_Scan_UTILITY) (Version: - ) Canon IJ Network Tool (HKLM\...\Canon_IJ_Network_UTILITY) (Version: - ) Canon MP Navigator EX 1.1 (HKLM\...\MP Navigator EX 1.1) (Version: - ) Canon MX850 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX850_series) (Version: - ) Canon MX850 series Benutzerregistrierung (HKLM\...\Canon MX850 series Benutzerregistrierung) (Version: - ) Canon My Printer (HKLM\...\CanonMyPrinter) (Version: - ) Canon Utilities Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version: - ) Canon Utilities Solution Menu (HKLM\...\CanonSolutionMenu) (Version: - ) Cartoonist 1.3 (HKLM\...\Cartoonist_is1) (Version: - ) CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform) CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.4852 - CDBurnerXP) CD-LabelPrint (HKLM\...\MediaNavigation.CDLabelPrint) (Version: - ) Cheatbook Database 2010 (HKLM\...\Cheatbook Database 2010) (Version: - ) ClipGrab 3.2.0.10 (HKLM\...\{8A1033B0-EF33-4FB5-97A1-C47A7DCDD7E6}_is1) (Version: - Philipp Schmieder Medien) Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Corel MediaOne (HKLM\...\{A062A15F-9CAC-4B88-98DF-87628A0BD721}) (Version: 2.100.0000 - Corel Corporation) CorelDRAW Essential Edition 3 (HKLM\...\_{ADDBE07D-95B8-4789-9C76-187FFF9624B4}) (Version: - Corel Corporation) CorelDRAW Essential Edition 3 (Version: 3.0 - Corel Corporation) Hidden cyberJack Base Components (HKLM\...\{FC338210-F594-11D3-BA24-00001C3AB4DF}) (Version: 6.10.0 - REINER SCT) CyberLink LabelPrint (HKLM\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2024 - CyberLink Corp.) CyberLink MediaShow (HKLM\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 4.1.3121 - CyberLink Corp.) CyberLink PhotoNow (HKLM\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6622 - CyberLink Corp.) CyberLink Power2Go (HKLM\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3213 - CyberLink Corp.) CyberLink PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.2214 - CyberLink Corp.) CyberLink PowerDVD 9 (HKLM\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.2010 - CyberLink Corp.) CyberLink PowerDVD Copy (HKLM\...\{E3D04529-6EDB-11D8-A372-0050BAE317E1}) (Version: 1.0.6720 - CyberLink Corp.) CyberLink PowerProducer (HKLM\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.2.2129 - CyberLink Corp.) DE (Version: 3.0 - Corel Corporation) Hidden Delta Chrome Toolbar (HKLM\...\Delta Chrome Toolbar) (Version: - Visual Tools) <==== ATTENTION DivX Codec (HKLM\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.9.1 - DivX, Inc.) DivX Converter (HKLM\...\{B13A7C41581B411290FBC0395694E2A9}) (Version: 7.1.0 - DivX, Inc.) DivX Player (HKLM\...\{8ADFC4160D694100B5B8A22DE9DCABD9}) (Version: 7.2.0 - DivX, Inc.) DivX Plus DirectShow Filters (HKLM\...\DivX Plus DirectShow Filters) (Version: - DivX, Inc.) DivX Plus Web Player (HKLM\...\{B7050CBDB2504B34BC2A9CA0A692CC29}) (Version: 2.0.0 - DivX,Inc.) Dropbox (HKU\S-1-5-21-837243161-1062950140-3748333167-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.) DVBViewer Pro (HKLM\...\DVBViewer Pro_is1) (Version: 5.2.8 - CM&V) DVD Shrink 3.2 deutsch (DeCSS-frei) (HKLM\...\DVD Shrink DE_is1) (Version: - DVD Shrink) DVDStyler v2.2 (HKLM\...\DVDStyler_is1) (Version: - ) eLicenser Control (HKLM\...\eLicenser Control) (Version: - Steinberg Media Technologies GmbH) ElsterFormular (HKLM\...\ElsterFormular) (Version: 15.1.13904 - Landesfinanzdirektion Thüringen) Eraser 6.0.7.1893 (HKLM\...\{38BA2875-D7AD-4611-ABA3-C385051ADF42}) (Version: 6.7.1893 - The Eraser Project) eReg (Version: 1.20.138.34 - Logitech, Inc.) Hidden ERUNT 1.1j (HKLM\...\ERUNT_is1) (Version: - Lars Hederer) EXIF Date Changer v2.5 (HKLM\...\{26CA1B07-BC53-4196-B9C2-A11C6F6F3E08}_is1) (Version: - Rellik Software) Firebird SQL Server - MAGIX Edition (HKLM\...\{3E6F0CAD-EE38-42A5-9EEA-AE17A55BF2D4}) (Version: 2.1.23.0 - MAGIX AG) FormatFactory 3.1.1 (HKLM\...\FormatFactory) (Version: 3.1.1 - Free Time) Free YouTube Download version 3.2.1.320 (HKLM\...\Free YouTube Download_is1) (Version: 3.2.1.320 - DVDVideoSoft Ltd.) FreeFileSync 5.11 (HKLM\...\FreeFileSync) (Version: 5.11 - Zenju) FreeRIP v3.42 (HKLM\...\{501451DE-5808-4599-B544-8BD0915B6B24}_is1) (Version: 3.42 - MGShareware) Frets On Fire (HKLM\...\Frets on Fire) (Version: 1.3.110-win32 - ) GameSpy Arcade (HKLM\...\GameSpy Arcade) (Version: - ) Genesys USB Mass Storage Device (HKLM\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 2.5.0.0 - Genesys Logic) GeoSetter 3.4.16 (HKLM\...\GeoSetter_is1) (Version: - Friedemann Schmidt) Google Chrome (HKU\S-1-5-21-837243161-1062950140-3748333167-1000\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.) Google Drive (HKLM\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.) Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.) Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden Google-Schnellsuchfeld (HKLM\...\Quick Search Box) (Version: 1.2.1151.245 - Google, Inc.) GPS-Track-Analyse.NET 6.0 (HKLM\...\GPS-Track-Analyse.NET 6.0_is1) (Version: - ) G-Series_ASIO32 (HKLM\...\{8791C74C-2FFD-11E0-B2E6-00269E8DC781}) (Version: 1.1.2 - ZOOM) HandBrake 0.10.0 (HKLM\...\HandBrake) (Version: 0.10.0 - ) Hardcopy (C:\Program Files\Hardcopy) (HKLM\...\Hardcopy(C__Program Files_Hardcopy)) (Version: 16.1.05 - ) Interlok driver setup x32 (HKLM\...\{25613C10-27D2-410B-942B-D922D5C3A7BE}) (Version: 5.9.0 - PACE Anti-Piracy, Inc.) IrfanView (remove only) (HKLM\...\IrfanView) (Version: - ) iriver plus 3 (remove only) (HKLM\...\iriver plus 3) (Version: - ) ITN Converter 1.82 (HKLM\...\ITN Converter_is1) (Version: 1.82 - Benichou Software) Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle) Java SE Development Kit 7 Update 17 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0170170}) (Version: 1.7.0.170 - Oracle) Junk Mail filter update (Version: 14.0.8089.726 - Microsoft Corporation) Hidden Kastor - Stream Recorder V 1.0 (HKLM\...\{CB84FEF6-C573-4328-B9A4-B29568A4E10E}_is1) (Version: 1.0.0.0 - KastorSoft) LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version: - ) LAV Filters 0.58.1 (HKLM\...\lavfilters_is1) (Version: 0.58.1 - Hendrik Leppkes) Logitech SetPoint 6.61 (HKLM\...\sp6) (Version: 6.61.15 - Logitech) Lupas Rename 2000 v4.2 (HKLM\...\Lupas Rename 2000_is1) (Version: - Ivan Anton Albarracin) Macrium Reflect - Free Edition (HKLM\...\{EB85CC54-5E9A-4D33-B319-593B82291ABC}) (Version: 4.2.2098 - Macrium) MAGIX Video deLuxe 2006 PLUS (D) (HKLM\...\MAGIX Video deLuxe 2006 PLUS D) (Version: 5.5.0.31 - MAGIX AG) MAGIX Xtreme Foto Designer 6 6.0.19.0 (D) (HKLM\...\MAGIX Xtreme Foto Designer 6 D) (Version: 6.0.19.0 - MAGIX AG) McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.) MEDION Fotos auf CD & DVD SE Nord (HKLM\...\MEDION Fotos auf CD & DVD SE Nord D) (Version: 8.0.3.4 - MAGIX AG) Medion Home Cinema (HKLM\...\InstallShield_{AB770FDE-8087-4C98-9A85-BD64262C104C}) (Version: 6.0.0000 - CyberLink Corp.) Medion Home Cinema (Version: 6.0.0000 - CyberLink Corp.) Hidden MergeModule_x86 (Version: 9.0.00 - Sony Corporation) Hidden Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - ) Microsoft .NET Framework 1.1 German Language Pack (HKLM\...\{E78BFA60-5393-4C38-82AB-E8019E464EB4}) (Version: 1.1.4322 - Microsoft) Microsoft .NET Framework 1.1 Security Update (KB953297) (HKLM\...\M953297) (Version: - ) Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation) Microsoft Office Live Add-in 1.4 (HKLM\...\{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}) (Version: 2.0.3008.0 - Microsoft Corporation) Microsoft Office PowerPoint Viewer 2007 (German) (HKLM\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-837243161-1062950140-3748333167-1000\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [DEU] (HKLM\...\{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Sync Framework 2.0 Core Components (x86) ENU (HKLM\...\{FF63121D-91C6-42CC-B341-F1AA729728E7}) (Version: 2.0.1578.0 - Microsoft Corporation) Microsoft Sync Framework 2.0 Provider Services (x86) ENU (HKLM\...\{D3A80508-CD83-4CA3-8671-914A1BC78B61}) (Version: 2.0.1578.0 - Microsoft Corporation) Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation) Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Works (HKLM\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation) Microsoft Works 4 Converter (HKLM\...\{D18AF23E-AB28-4040-9396-28413B2C3B41}) (Version: 9.8.0000 - Microsoft Corporation) Microsoft Works 6-9 Converter (HKLM\...\{172423F9-522A-483A-AD65-03600CE4CA4F}) (Version: 9.7.0000 - Microsoft Corporation) Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation) MidiEditor (HKU\S-1-5-21-837243161-1062950140-3748333167-1000\...\MidiEditor) (Version: - ) MotoGP URT 3 (HKLM\...\MotoGP URT 3_is1) (Version: - THQ) Movie Converter (remove only) (HKLM\...\Movie Converter) (Version: - ) MozBackup 1.4.9 (HKLM\...\MozBackup) (Version: - Pavel Cvrcek) Mozilla Firefox 12.0 (x86 de) (HKLM\...\Mozilla Firefox 12.0 (x86 de)) (Version: 12.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 12.0 - Mozilla) Mozilla Thunderbird (3.1.11) (HKLM\...\Mozilla Thunderbird (3.1.11)) (Version: 3.1.11 (de) - Mozilla) Mp3tag v2.41 (HKLM\...\Mp3tag) (Version: v2.41 - Florian Heidenreich) MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation) MyFreeCodec (HKU\S-1-5-21-837243161-1062950140-3748333167-1000\...\MyFreeCodec) (Version: - ) Nitro Reader 3 (HKLM\...\{5027D37B-3677-4F16-9501-A42288EBDB31}) (Version: 3.5.2.10 - Nitro) No23 Recorder (HKLM\...\{22B0E143-2B0B-435B-9F56-136A3D16065F}) (Version: 2.1.0.3 - No23) Node.js (HKLM\...\{2D41A012-35EE-4724-AE8E-E592EDD9F89D}) (Version: 0.10.13 - Joyent, Inc. and other Node contributors) Notepad++ (HKLM\...\Notepad++) (Version: - ) NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.9 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation) NVIDIA PhysX (HKLM\...\{B83FC356-B7C0-441F-8A4D-D71E088E7974}) (Version: 9.09.0428 - NVIDIA Corporation) OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden OpenOffice 4.1.0 (HKLM\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation) Paragon Partition Manager™ 12 Free (HKLM\...\{47E5588F-C3A0-11DE-9857-005056C00008}) (Version: 90.00.0003 - Paragon Software) Password Safe (HKLM\...\Password Safe) (Version: - ) PC Connectivity Solution (HKLM\...\{4CE6B3C4-D8E2-4A5D-BEF5-5B69AF843B0C}) (Version: 9.45.0.0 - Nokia) Picasa 3 (HKLM\...\Picasa 3) (Version: 3.8 - Google, Inc.) Pinnacle VideoSpin (HKLM\...\{FEB15887-0932-4D2D-BB85-6AC03FBF1AA8}) (Version: 2.0.0.669 - Pinnacle Systems) PlayMemories Home (HKLM\...\{93AA5B49-0994-4EF6-80F3-868C9CEA88ED}) (Version: 4.0.00.09031 - Sony Corporation) PlayReady PC Runtime x86 (HKLM\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation) PMB_ModeEditor (Version: 9.0.00 - Sony Corporation) Hidden PMB_ServiceUploader (Version: 9.0.00 - Sony Corporation) Hidden Power Tab Editor 1.7 (HKLM\...\{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}) (Version: 1.7.0 - Power Tab Software) Presto! PageManager 7.15.20 (HKLM\...\{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}) (Version: 7.15.20 - NewSoft Technology Corporation) Project64 1.6 (HKLM\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6 - Project64) PS3 Media Server (HKLM\...\PS3 Media Server) (Version: - ) QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.) RecordPad Sound Recorder (HKLM\...\Recordpad) (Version: - NCH Software) Remote Control USB Driver (HKLM\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - ) Richard Burns Rally (HKLM\...\{92C7D009-A464-4948-A980-7A3E28CB2F49}) (Version: 1.00.000 - ) Rubik's Games (HKLM\...\Rubik's Games) (Version: - ) Samsung AllShare (HKLM\...\InstallShield_{DF47ACA3-7C78-4C08-8007-AC682563C9F1}) (Version: 2.1.0.12031_10 - Samsung Electronics Co., Ltd.) Samsung AllShare (Version: 2.1.0.12031_10 - Samsung Electronics Co., Ltd.) Hidden Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.0.1.11053_99 - Samsung Electronics Co., Ltd.) Samsung Kies (Version: 2.0.1.11053_99 - Samsung Electronics Co., Ltd.) Hidden Samsung Story Album Viewer (HKLM\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Samsung Story Album Viewer (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.) ScanSoft OmniPage SE 4 (HKLM\...\{66B4C110-8BEB-49B5-824E-C70AEEB20ECD}) (Version: 15.2.0020 - Nuance Communications, Inc.) Secret Maryo Chronicles (HKLM\...\secretmaryo) (Version: 1.9 - Florian Richter) Secret Maryo Chronicles Music Pack (HKLM\...\secretmaryo_music) (Version: 4.1 - Florian Richter) Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.) SOHLib for PlayMemories Home (Version: 1.0.3.02170 - Sony Corporation) Hidden Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated) Spotify (HKU\S-1-5-21-837243161-1062950140-3748333167-1000\...\Spotify) (Version: 0.9.14.13.gba5645ad - Spotify AB) StarMoney (Version: 2.0 - StarFinanz) Hidden StarMoney (Version: 3.0.2.50 - StarFinanz) Hidden StarMoney (Version: 4.0.2.34 - StarFinanz) Hidden StarMoney 8.0 S-Edition (HKLM\...\{87F3F20B-5CF8-40DA-B044-4E714E203006}) (Version: 8.0 - Star Finanz GmbH) StarMoney 9.0 S-Edition (HKLM\...\{95686B93-9738-4F0A-BB2A-212B6943F057}) (Version: 9.0 - Star Finanz GmbH) StationRipper 2.93B (HKU\S-1-5-21-837243161-1062950140-3748333167-1000\...\StationRipper) (Version: 2.93B - Ratajik Software) Steinberg HALionOne (HKLM\...\{E70E7159-93B1-470D-9FBD-D8E9EF34B538}) (Version: 1.1.0.457 - Steinberg Media Technologies GmbH) Steinberg HALionOne GM Drum Set (HKLM\...\{AC997F93-0757-4ED4-A701-F40C2D654D09}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH) Steinberg HALionOne GM Set (HKLM\...\{F057965A-D974-4C64-ADB1-4381CD4B8956}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH) Steinberg Sequel 2 Trial Content (HKLM\...\{DF584D4A-2619-41BE-9515-AAB18439D393}) (Version: 2.0.0.351 - Steinberg Media Technologies GmbH) Steinberg Sequel LE 2 (HKLM\...\{7146D087-B853-4E00-BB52-883DCE99F155}) (Version: 2.0.5 - Steinberg Media Technologies GmbH) SUPER © Version 2010.bld.37 (Jan 2, 2010) (HKLM\...\SUPER ©) (Version: Version 2010.bld.37 (Jan 2, 2010) - eRightSoft) Switch Sound File Converter (HKLM\...\Switch) (Version: - NCH Software) SyncToy 2.1 (x86) (HKLM\...\{A066194B-DC8F-449A-8E0F-B57BDD3A2072}) (Version: 2.1.0 - Microsoft) Telegram Desktop version 0.7.6 (HKU\S-1-5-21-837243161-1062950140-3748333167-1000\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 0.7.6 - Telegram Messenger LLP) The Nomad Soul (HKLM\...\The Nomad Soul) (Version: - ) Tinypic 3.18 (HKLM\...\{E3723A04-A894-4036-A78E-282E18F43C0A}_is1) (Version: Tinypic 3.18 - E. Fiedler) Titanium Studio (HKLM\...\Titanium Studio) (Version: 3.1.1 - Appcelerator, Inc.) Tracktion (HKLM\...\Tracktion4) (Version: - ) Update Manager (Version: 4.60 - Corel Corporation) Hidden URL Snooper v2.27.01 (HKLM\...\URLSnooper 2_is1) (Version: - DonationCoder.com) VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0 - DivX, Inc) Hidden VideoPad Video Editor (HKLM\...\VideoPad) (Version: - NCH Software) VirtualDub Filter Pack 1.1 (HKLM\...\VirtualDub Filter Pack_is1) (Version: - Infognition Co. Ltd.) VIS (HKLM\...\VIS) (Version: - ) <==== ATTENTION VLC media player 1.0.3 (HKLM\...\VLC media player) (Version: 1.0.3 - VideoLAN Team) VSDC Free Video Editor Version 2.1.9.211 (HKLM\...\VSDC Free Video Editor_is1) (Version: 2.1.9.211 - Flash-Integro LLC) WavePad Sound Editor (HKLM\...\WavePad) (Version: - NCH Software) WD Quick View (HKLM\...\{C58994CF-D15D-41E3-A03B-587B39EAA903}) (Version: 2.4.6.3 - Western Digital Technologies, Inc.) WD SmartWare (HKLM\...\{752EC2DC-0313-435A-BF9A-9B02927C049A}) (Version: 2.4.6.3 - Western Digital Technologies, Inc.) WD SmartWare Installer (HKLM\...\{1891b882-48f7-442d-98d0-c1ce533f25bd}) (Version: 2.4.6.3 - Western Digital Technologies, Inc.) Win7codecs (HKLM\...\{8C0CAA7A-3272-4991-A808-2C7559DE3409}) (Version: 2.1.9 - Shark007) Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation) Windows Live ID-Anmelde-Assistent (HKLM\...\{10A44844-4465-456E-8C97-80BDD4F68845}) (Version: 6.500.3146.0 - Microsoft Corporation) Windows Live Sync (HKLM\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation) Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation) Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp) Windows Mobile-Gerätecenter (HKLM\...\{904CCF62-818D-4675-BC76-D37EB399F917}) (Version: 6.1.6965.0 - Microsoft Corporation) Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) (HKLM\...\504244733D18C8F63FF584AEB290E3904E791693) (Version: 08/22/2008 7.0.0.0 - Nokia) WinPcap 4.1.1 (HKLM\...\WinPcapInst) (Version: 4.1.0.1753 - CACE Technologies) X10 Hardware(TM) (HKLM\...\X10Hardware) (Version: - ) XAMPP (HKLM\...\xampp) (Version: 1.8.2-2 - BitNami) XMedia Recode 2.1.4.8 (HKLM\...\XMedia Recode) (Version: 2.1.4.8 - Sebastian Dörfler) Zebra 3 (HKLM\...\{10D41532-9935-460A-8AC4-64E9614CB04E}) (Version: 1.0.0 - Klett Verlag GmbH) ZOOM Edit&Share for Windows (HKLM\...\{E99B8E1C-262D-49E6-9A84-D2AC486B2648}) (Version: 5.00.0000 - ZOOM Corporation) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-837243161-1062950140-3748333167-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\RAaM2\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-837243161-1062950140-3748333167-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\RAaM2\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-837243161-1062950140-3748333167-1000_Classes\CLSID\{0BE35200-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-837243161-1062950140-3748333167-1000_Classes\CLSID\{0BE35201-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-837243161-1062950140-3748333167-1000_Classes\CLSID\{0BE35202-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-837243161-1062950140-3748333167-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\RAaM2\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-837243161-1062950140-3748333167-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\RAaM2\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-837243161-1062950140-3748333167-1000_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> C:\Users\RAaM2\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.) CustomCLSID: HKU\S-1-5-21-837243161-1062950140-3748333167-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\RAaM2\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-837243161-1062950140-3748333167-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\RAaM2\AppData\Local\Google\Chrome\Application\39.0.2171.95\delegate_execute.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-837243161-1062950140-3748333167-1000_Classes\CLSID\{6d05bf60-3eaf-4a97-87c5-10cce505435b}\localserver32 -> C:\Users\RAaM2\AppData\Local\Temp\{9c0ba3c1-2b67-45eb-bf69-bed9658d28d2}\IDriver.NonElevated.exe No (the data entry has 4 more characters). CustomCLSID: HKU\S-1-5-21-837243161-1062950140-3748333167-1000_Classes\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\localserver32 -> C:\Users\RAaM2\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-837243161-1062950140-3748333167-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\RAaM2\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\SkyDriveShell.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-837243161-1062950140-3748333167-1000_Classes\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\localserver32 -> C:\Users\RAaM2\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-837243161-1062950140-3748333167-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\RAaM2\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\SkyDriveShell.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-837243161-1062950140-3748333167-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\RAaM2\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-837243161-1062950140-3748333167-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\RAaM2\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-837243161-1062950140-3748333167-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\RAaM2\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\SkyDriveShell.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-837243161-1062950140-3748333167-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\RAaM2\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-837243161-1062950140-3748333167-1000_Classes\CLSID\{DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611}\InprocServer32 -> C:\Program Files\Macrium\Reflect\RShellExt.dll (Paramount Software UK Ltd) CustomCLSID: HKU\S-1-5-21-837243161-1062950140-3748333167-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\RAaM2\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-837243161-1062950140-3748333167-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\RAaM2\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-837243161-1062950140-3748333167-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\RAaM2\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\SkyDriveShell.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-837243161-1062950140-3748333167-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\RAaM2\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\FileSyncApi.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-837243161-1062950140-3748333167-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\RAaM2\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-837243161-1062950140-3748333167-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\RAaM2\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-837243161-1062950140-3748333167-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\RAaM2\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-837243161-1062950140-3748333167-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\RAaM2\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-837243161-1062950140-3748333167-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\RAaM2\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-837243161-1062950140-3748333167-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\RAaM2\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-837243161-1062950140-3748333167-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\RAaM2\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-837243161-1062950140-3748333167-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\RAaM2\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ==================== Restore Points ========================= 26-12-2014 18:10:44 Windows Update 28-12-2014 19:00:41 Windows-Sicherung 30-12-2014 12:18:15 Windows Update 13-01-2015 17:07:25 Windows Update 13-01-2015 17:14:08 Windows-Sicherung 13-01-2015 20:06:34 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 14-01-2015 11:57:22 Wiederherstellungsvorgang 14-01-2015 13:26:05 Windows Update 14-01-2015 13:29:36 Windows-Sicherung 14-01-2015 15:26:58 Wiederherstellungsvorgang 14-01-2015 15:40:05 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 14-01-2015 16:44:49 Windows Update 14-01-2015 17:20:19 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 14-01-2015 17:53:11 Windows Update 14-01-2015 18:01:36 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 14-01-2015 18:34:05 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 14-01-2015 20:25:54 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {019D783D-DB94-4694-B95A-BDC4512EAD3B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {03DAB6B5-8876-4594-A1A3-48EEE2B72CF3} - System32\Tasks\{ADCA8631-7C7D-4BB1-BD6A-164C482A8C2B} => C:\Program Files\DVD Shrink DE\DVD Shrink 3.2 DE (DeCSS-frei).exe [2005-05-31] (DVD Shrink) Task: {0467EEA8-3E2C-4216-B86E-797865254649} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-837243161-1062950140-3748333167-1000UA => C:\Users\RAaM2\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.) Task: {04C64550-C726-4A0B-85F1-00D87A127BAC} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft) Task: {07A1C535-F579-4666-A22E-0AAD82E45B0D} - System32\Tasks\{33F2EBAD-215B-4165-8A6A-E311315E2C8D} => C:\Program Files\Project64 1.6\Project64.exe [2005-04-01] () Task: {097CD8A5-14ED-4891-BCEC-936474E43335} - System32\Tasks\{97A1201B-8983-47AD-9B48-6F1630FB36DC} => C:\Program Files\DVD Shrink DE\DVD Shrink 3.2 DE (DeCSS-frei).exe [2005-05-31] (DVD Shrink) Task: {1556A58E-27BD-47BB-88C7-0DF0AA864353} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd) Task: {15AF40CE-95C4-4B93-A65D-F693613E0605} - System32\Tasks\{CE22A2A8-0EDF-45EC-A86A-5120707C24D9} => C:\MAGIX\Video_deLuxe_2006_PLUS\VideodeLuxe.exe [2006-06-14] (MAGIX AG) Task: {175AD2BA-364C-49A0-883A-5D26738413DA} - System32\Tasks\{F1EBC007-5A7A-46C0-83AA-F4F8C719F628} => C:\Program Files\office97\Office\Office10\OUTLOOK.EXE Task: {187E44F8-A384-4553-B51D-33EAC93F1950} - System32\Tasks\{6EC45BB9-22D7-4307-98CD-33C3AE83AE15} => C:\MAGIX\Video_deLuxe_2006_PLUS\VideodeLuxe.exe [2006-06-14] (MAGIX AG) Task: {1AA0B8E1-901D-45B4-B043-50AB3411D839} - System32\Tasks\{AE8B22B8-ABA7-4079-B91E-C7ED7847D89B} => pcalua.exe -a "C:\Users\RAaM2\Downloads\Neuer Download\vcredist_x86.exe" -d "C:\Users\RAaM2\Downloads\Neuer Download" Task: {1E151774-5459-4D5D-8B65-13D881C1FC83} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation) Task: {2E046C9E-EFAD-452B-97B0-34D9486ABCE8} - System32\Tasks\{E7D5220E-AF6F-4269-BDEA-1586F80731D2} => C:\Program Files\DVD Shrink DE\DVD Shrink 3.2 DE (DeCSS-frei).exe [2005-05-31] (DVD Shrink) Task: {32E625A5-7C31-44F5-8599-87949871C1D2} - System32\Tasks\{C980546F-B754-4536-AD88-3731BDCAA6D1} => C:\Program Files\office97\Office\Office10\OUTLOOK.EXE Task: {34521D69-C0E7-49D2-8056-38CB7CD8BE6E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-14] (Adobe Systems Incorporated) Task: {35A4D229-81D6-490B-B9DD-E7BAF650673A} - System32\Tasks\{9BFF994D-B78E-4038-B3CA-D7AB95F96736} => Chrome.exe hxxp://ui.skype.com/ui/0/4.2.0.187/de/go/help.faq.installer?LastError=1603 Task: {37598CF9-FB9B-4F03-AA33-9164DC30D05E} - System32\Tasks\{A24F35DC-E365-454A-B462-6A76DB3220BC} => C:\Program Files\Skype\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.) Task: {3FD986E6-786E-4B80-9EA4-074D462E6DF1} - System32\Tasks\{99D2A16C-528E-4968-8891-2DC280C2B5BC} => C:\Program Files\Skype\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.) Task: {4385C8C7-112D-4969-9000-D52CA516F06D} - System32\Tasks\{54BF46E5-AEB3-4152-BC93-F4DDFC988C94} => C:\Program Files\Kinstone Video Power\VideoPower.exe Task: {4A58290C-3401-4598-99F9-05EFF9B3FC20} - System32\Tasks\{BA994F75-EE10-45A6-8553-3BB35005A26F} => pcalua.exe -a "C:\Users\RAaM2\Downloads\Magix Xtrme Foto Designer 6\free_xtremefotodesigner6_de.exe" -d "C:\Users\RAaM2\Downloads\Magix Xtrme Foto Designer 6" Task: {4AAB949C-B0C1-46EE-A131-62A8C3BEA1A3} - System32\Tasks\neoKiKA 02.09.2014 23-41-00 => C:\Program Files\DVBViewer\dvbviewer.exe [2013-10-09] (CM&V Hackbart) Task: {4B5154FA-3870-4F54-9B7B-D4054574062D} - System32\Tasks\{5F683722-6637-4ECF-B189-11AF0C95138A} => pcalua.exe -a "C:\Users\RAaM2\Downloads\StarMoney 7.0\smoney_m_4_0_25050180_3_.exe" -d "C:\Users\RAaM2\Downloads\StarMoney 7.0" Task: {4DA7CC83-870B-49BE-9B98-0ED3A9A3B257} - System32\Tasks\{6788DE74-C5C7-4AA8-AD3C-AD68FAC5AD27} => C:\Program Files\Skype\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.) Task: {54D26981-1528-4631-B95F-CDCD31764F4A} - System32\Tasks\neoKiKA 02.09.2014 22-41-00 => C:\Program Files\DVBViewer\dvbviewer.exe [2013-10-09] (CM&V Hackbart) Task: {57D6827E-A5AB-44D6-8B9C-03042011383E} - System32\Tasks\{041D8794-2E36-435B-8E2E-5723D6A2DBB8} => C:\Program Files\Project64 1.6\Project64.exe [2005-04-01] () Task: {5BFD0C98-B9EF-49C4-A329-9F952787F9CB} - System32\Tasks\SyncToy\SyncToy Test => C:\Program Files\SyncToy 2.1\SyncToyCmd.exe [2009-10-19] (Microsoft Corporation) Task: {6DA33AFC-42FA-41E5-8DFE-30AA03E8C299} - \AdobeFlashPlayerUpdate 2 No Task File <==== ATTENTION Task: {75F9A913-FAE3-4C34-B9B8-F7B4AB7AA64E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-837243161-1062950140-3748333167-1000Core => C:\Users\RAaM2\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.) Task: {7877CFB3-9498-40F4-83CF-DA5CAD0528A8} - System32\Tasks\{EFF213B3-EFC7-47B4-B601-24D8FF28F00C} => C:\Program Files\Kinstone Video Power\VideoPower.exe Task: {835B8281-6E3E-44F8-A07B-613ECB0A8E53} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.) Task: {8ED58C42-D9CD-4C33-BA7A-354CB0B2DB08} - System32\Tasks\{75A926E6-8113-4921-976A-BA57A07FFA25} => C:\Program Files\TuneUp Utilities 2007\OneClickMaintenance.exe Task: {8EDC792A-6BB3-44AB-AE2F-616658AD9D1F} - System32\Tasks\{33207D11-6CE4-494C-A47B-D989A462B709} => C:\Program Files\Skype\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.) Task: {92509917-9DEC-4764-B7F8-C7C1D32E3BB7} - System32\Tasks\{741A89C9-5041-425D-A583-EC9B38579736} => C:\Program Files\office97\Office\Office10\OUTLOOK.EXE Task: {92D0E115-AF42-442B-A268-0B1EC0A68487} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.) Task: {996E3306-9718-45AF-B5B8-E42D3B8106DC} - System32\Tasks\{5328E27C-3F6A-4508-9A24-7F7477C46DE7} => C:\Program Files\SyncToy 2.1\SyncToy.exe [2009-10-19] (Microsoft Corporation) Task: {9BA85ADF-9BB2-4C05-8F40-CD897CDAA8B4} - System32\Tasks\{59F6DCC7-D1CF-40F0-BD16-F97835F30AEB} => C:\Program Files\office97\Office\Office10\OUTLOOK.EXE Task: {9F3A75F0-9FFD-4B51-B36A-83C6810E4758} - System32\Tasks\{0566F81D-3AD9-4543-9C17-E5C225CBF1FF} => C:\Program Files\office97\Office\Office10\OUTLOOK.EXE Task: {A54CB527-CF9C-4059-9B3F-CC11300A4705} - System32\Tasks\Sony Corporation\Sony Home Network Library\SOHLib SOHDms => C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDms.exe [2014-01-16] (Sony Corporation) Task: {A68ADDAA-87AA-40B9-B236-0B707121213D} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation) Task: {A9805966-B3BC-4B6F-A9BC-E99D79201376} - System32\Tasks\{EC238D77-640F-4045-8362-6FD551440A5B} => O:\Downloads\Software\Nokia\NokiaSoftwareUpdaterSetup_de.exe Task: {AC2C2030-1C22-4FFE-8E31-2F1CDD3890D7} - System32\Tasks\{57A35445-BA05-4EEF-A389-4C1CC734F489} => C:\Program Files\Alwil Software\Avast4\ashAvast.exe Task: {AF9D9552-9493-498F-B489-53EB58A6EE01} - System32\Tasks\{AACF9AE8-780F-4124-9A52-F9E47B706F84} => pcalua.exe -a C:\Users\RAaM2\Downloads\HBCI-Leser_cyberjack\bc_6_8_0.exe -d C:\Users\RAaM2\Downloads\HBCI-Leser_cyberjack Task: {B2D26877-DEF1-486E-9368-E1578292154D} - System32\Tasks\{4018C64E-26FC-479D-A92B-0A80940EEB1F} => pcalua.exe -a O:\Downloads\Software\iriver\MovieConverterSetup.exe -d O:\Downloads\Software\iriver Task: {B6E3A24A-5456-4B92-87E2-5DE2EA1C529D} - System32\Tasks\{AC2E26C2-BFCB-4AAD-A36A-3F0137954D59} => C:\Program Files\DVD Shrink DE\DVD Shrink 3.2 DE (DeCSS-frei).exe [2005-05-31] (DVD Shrink) Task: {C2DE5B4B-F3C1-4E66-B228-488A6F398519} - System32\Tasks\{691515F1-649F-4A3F-A132-5988A568222A} => C:\Program Files\office97\Office\Office10\OUTLOOK.EXE Task: {C3EC964F-C3CC-4E5D-B5CB-3A2326A41A5C} - System32\Tasks\1-Klick-Wartung => C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe Task: {C7ECD6AF-0789-4956-BC0C-84711A3A6241} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation) Task: {C822C4B9-2629-4EC7-8D75-3463090333AD} - System32\Tasks\{4F76398C-9EB8-48A7-B9D3-2AC976C72615} => C:\Program Files\iriver\iriver plus 3\iLauncher.exe [2009-03-25] (Reigncom Limited) Task: {C958D7E3-4B1D-4FA8-B34C-C4872FE0F67D} - System32\Tasks\{B5B8C8AE-DED2-4EA4-96E5-64DD37D8FC1E} => C:\Program Files\office97\Office\Office10\OUTLOOK.EXE Task: {D17BE0A0-47C0-4074-A3F9-ED4149F80852} - \AdobeFlashPlayerUpdate No Task File <==== ATTENTION Task: {D8220499-4D92-4B0A-A10F-AC0051DA83ED} - System32\Tasks\EPUpdater => C:\Users\RAaM2\AppData\Roaming\BabSolution\Shared\BabMaint.exe [2013-04-17] () <==== ATTENTION Task: {D85665FD-A042-4791-AD37-D40F2A292258} - System32\Tasks\{41AAA134-0CD8-489C-8FAD-75C2DF6A8A87} => C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe [2009-02-05] (Pinnacle Systems) Task: {DAA37B1B-3FC2-4E26-8FE3-915D5E187923} - System32\Tasks\{D07541E5-CD90-43E9-A676-3456030083D3} => C:\Users\RAaM2\Downloads\Neuer Download\vcredist_x86.exe Task: {DFD19D02-FD8C-41D5-B56A-71A55BE5EFF2} - System32\Tasks\{C9F9A88E-9DF0-4D4D-AAAE-884EADEC290D} => C:\Program Files\iriver\Movie Converter\iLauncher.exe [2007-10-11] (Reigncom Limited) Task: {DFDFFB4D-6929-4BF5-B02A-F72267FA6572} - System32\Tasks\{42A95E58-CA2F-4FE3-9F1F-F696943BEAC4} => C:\Program Files\Skype\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.) Task: {E16F5EE7-2D2D-4EFB-82FF-A54D5D3DF571} - System32\Tasks\{08E84115-1BCA-40AF-AE31-E2B23B5A72A2} => C:\Program Files\office97\Office\Office10\OUTLOOK.EXE Task: {E97EAEAD-BA11-464D-90FF-F7B014016CEC} - System32\Tasks\{E1E276D7-7DB0-447F-B15A-0A54F5A79D20} => C:\Program Files\Project64 1.6\Project64.exe [2005-04-01] () Task: {EA203C2F-33C7-4CF4-A0EC-57394D5BC250} - System32\Tasks\{9361C8AD-E054-44DF-AAE7-897CA7F07BB1} => pcalua.exe -a "E:\USB Driver for Windows OS\setup.exe" -d "E:\USB Driver for Windows OS" Task: {EBFAAAE3-7620-4FB1-A3B2-006F911E4F85} - System32\Tasks\BitGuard => Sc.exe start BitGuard <==== ATTENTION Task: {ED0BA1AE-8B58-478D-BE60-6A5E95451760} - System32\Tasks\{941B1359-8C05-43A3-9733-9E216AC5D07A} => pcalua.exe -a O:\Downloads\Software\iriver\iplus3.exe -d O:\Downloads\Software\iriver Task: {EE3E4D51-DA29-45CC-AD8F-A348B89E2624} - System32\Tasks\{3AE65294-911B-4F40-8D43-6AEBC4EE35C5} => C:\Program Files\DVD Shrink DE\DVD Shrink 3.2 DE (DeCSS-frei).exe [2005-05-31] (DVD Shrink) Task: {F44060CD-0D2A-4968-BEFE-8AFCD8F41569} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation) Task: {F75B9CF0-8A4B-4483-9CE9-0F0AAF6B37FA} - System32\Tasks\{9A23B699-1021-47D6-987B-003EDE61EEB6} => C:\Program Files\Alwil Software\Avast4\ashAvast.exe Task: {F76E6AE9-0F61-4AB8-8BCD-C686F1D49974} - System32\Tasks\{731991E4-B052-47DB-973F-1F68907C9C66} => pcalua.exe -a C:\Windows\system32\dgfw.cpl -c Digidesign Mbox 2 Pro Task: {FCDEC0C2-CAB2-467B-BD16-2DFC79CF0FB9} - System32\Tasks\{7B768B8E-0F06-46DC-936A-8E5FFD10042D} => C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\Photoshop Album Starter Edition.exe [2007-03-16] (Adobe Systems Incorporated) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\1-Klick-Wartung.job => C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-837243161-1062950140-3748333167-1000Core.job => C:\Users\RAaM2\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-837243161-1062950140-3748333167-1000UA.job => C:\Users\RAaM2\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\neoKiKA 02.09.2014 22-41-00.job => C:\Program Files\DVBViewer\dvbviewer.exe Task: C:\Windows\Tasks\neoKiKA 02.09.2014 23-41-00.job => C:\Program Files\DVBViewer\dvbviewer.exe ==================== Loaded Modules (whitelisted) ============= 1996-12-14 00:00 - 1996-12-14 00:00 - 00022016 _____ () C:\Windows\system32\docobj.dll 2009-12-05 00:24 - 2005-03-28 10:13 - 00077824 _____ () C:\Windows\System32\csdlocalmon.dll 2009-12-01 20:12 - 2007-05-31 07:38 - 00167936 ____N () C:\Windows\system32\SerialXP.dll 2007-06-05 12:20 - 2007-06-05 12:20 - 00177704 _____ () C:\Windows\system32\PSIService.exe 2009-11-12 13:50 - 2009-11-12 13:50 - 00220128 _____ () C:\Program Files\Macrium\Reflect\ReflectService.exe 2009-10-23 10:17 - 2009-07-27 14:49 - 00244904 ____N () C:\Program Files\CyberLink\Shared files\RichVideo.exe 2013-02-06 14:52 - 2011-01-13 11:44 - 00232800 _____ () C:\Program Files\StarMoney 8.0 S-Edition\ouservice\PATCHW32.dll 2014-08-06 22:39 - 2011-01-13 11:44 - 00232800 _____ () C:\Program Files\StarMoney 9.0 S-Edition\ouservice\PATCHW32.dll 2015-01-13 20:06 - 2015-01-12 13:55 - 00091304 _____ () C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe 2014-04-27 16:27 - 2014-04-27 16:27 - 00541696 _____ () C:\Program Files\002\yewimmxqbs32.exe 2014-09-25 13:07 - 2014-09-25 13:07 - 00081056 _____ () C:\Users\RAaM2\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\LoggingPlatform.DLL 2009-11-29 21:26 - 2006-09-20 08:35 - 00020480 _____ () C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe 2010-09-05 17:12 - 2007-06-18 04:40 - 00200704 ____R () C:\Windows\System32\UMonit.exe 2010-09-05 17:12 - 2007-05-09 07:34 - 00176128 ____R () C:\Windows\System32\ustor.dll 2009-11-29 21:26 - 2006-10-30 16:59 - 00024576 _____ () C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe 2012-06-08 16:11 - 2012-06-08 16:11 - 01989632 _____ () C:\Program Files\ZOOM\Edit_Share\bin\ZOOM Edit&Share startup.exe 2014-09-25 13:07 - 2014-09-25 13:07 - 00081056 _____ () C:\Users\RAaM2\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\LoggingPlatform.dll 2015-01-01 15:24 - 2015-01-01 15:24 - 00186368 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Commonc65c5a95#\36165d484fa2857575583d9a4cc61840\Kies.Common.DeviceServiceLib.Interface.ni.dll 2015-01-01 15:25 - 2015-01-01 15:25 - 14993920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\afc3f45376148ce6a1ee84da499d7edb\Kies.Theme.ni.dll 2015-01-01 15:24 - 2015-01-01 15:24 - 01865728 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\ff954a7b95f33b6498d154499e393055\Kies.UI.ni.dll 2015-01-01 15:24 - 2015-01-01 15:24 - 00081920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\5157234c4b83b2a920dcc02362260903\Kies.MVVM.ni.dll 2014-10-15 17:54 - 2014-10-15 17:54 - 00236032 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\6815ff93472d008087880a6462931188\ASF_cSharpAPI.ni.dll 2015-01-15 17:30 - 2015-01-15 17:30 - 00098816 _____ () C:\Users\RAaM2\AppData\Local\Temp\_MEI39162\win32api.pyd 2015-01-15 17:30 - 2015-01-15 17:30 - 00110080 _____ () C:\Users\RAaM2\AppData\Local\Temp\_MEI39162\pywintypes27.dll 2015-01-15 17:30 - 2015-01-15 17:30 - 00364544 _____ () C:\Users\RAaM2\AppData\Local\Temp\_MEI39162\pythoncom27.dll 2015-01-15 17:30 - 2015-01-15 17:30 - 00045568 _____ () C:\Users\RAaM2\AppData\Local\Temp\_MEI39162\_socket.pyd 2015-01-15 17:30 - 2015-01-15 17:30 - 01160704 _____ () C:\Users\RAaM2\AppData\Local\Temp\_MEI39162\_ssl.pyd 2015-01-15 17:30 - 2015-01-15 17:30 - 00320512 _____ () C:\Users\RAaM2\AppData\Local\Temp\_MEI39162\win32com.shell.shell.pyd 2015-01-15 17:30 - 2015-01-15 17:30 - 00713216 _____ () C:\Users\RAaM2\AppData\Local\Temp\_MEI39162\_hashlib.pyd 2015-01-15 17:30 - 2015-01-15 17:30 - 01175040 _____ () C:\Users\RAaM2\AppData\Local\Temp\_MEI39162\wx._core_.pyd 2015-01-15 17:30 - 2015-01-15 17:30 - 00805888 _____ () C:\Users\RAaM2\AppData\Local\Temp\_MEI39162\wx._gdi_.pyd 2015-01-15 17:30 - 2015-01-15 17:30 - 00811008 _____ () C:\Users\RAaM2\AppData\Local\Temp\_MEI39162\wx._windows_.pyd 2015-01-15 17:30 - 2015-01-15 17:30 - 01062400 _____ () C:\Users\RAaM2\AppData\Local\Temp\_MEI39162\wx._controls_.pyd 2015-01-15 17:30 - 2015-01-15 17:30 - 00735232 _____ () C:\Users\RAaM2\AppData\Local\Temp\_MEI39162\wx._misc_.pyd 2015-01-15 17:30 - 2015-01-15 17:30 - 00128512 _____ () C:\Users\RAaM2\AppData\Local\Temp\_MEI39162\_elementtree.pyd 2015-01-15 17:30 - 2015-01-15 17:30 - 00127488 _____ () C:\Users\RAaM2\AppData\Local\Temp\_MEI39162\pyexpat.pyd 2015-01-15 17:30 - 2015-01-15 17:30 - 00557056 _____ () C:\Users\RAaM2\AppData\Local\Temp\_MEI39162\pysqlite2._sqlite.pyd 2015-01-15 17:30 - 2015-01-15 17:30 - 00087552 _____ () C:\Users\RAaM2\AppData\Local\Temp\_MEI39162\_ctypes.pyd 2015-01-15 17:30 - 2015-01-15 17:30 - 00119808 _____ () C:\Users\RAaM2\AppData\Local\Temp\_MEI39162\win32file.pyd 2015-01-15 17:30 - 2015-01-15 17:30 - 00108544 _____ () C:\Users\RAaM2\AppData\Local\Temp\_MEI39162\win32security.pyd 2015-01-15 17:30 - 2015-01-15 17:30 - 00007168 _____ () C:\Users\RAaM2\AppData\Local\Temp\_MEI39162\hashobjs_ext.pyd 2015-01-15 17:30 - 2015-01-15 17:30 - 00167936 _____ () C:\Users\RAaM2\AppData\Local\Temp\_MEI39162\win32gui.pyd 2015-01-15 17:30 - 2015-01-15 17:30 - 00018432 _____ () C:\Users\RAaM2\AppData\Local\Temp\_MEI39162\win32event.pyd 2015-01-15 17:30 - 2015-01-15 17:30 - 00038912 _____ () C:\Users\RAaM2\AppData\Local\Temp\_MEI39162\win32inet.pyd 2015-01-15 17:30 - 2015-01-15 17:30 - 00011264 _____ () C:\Users\RAaM2\AppData\Local\Temp\_MEI39162\win32crypt.pyd 2015-01-15 17:30 - 2015-01-15 17:30 - 00070656 _____ () C:\Users\RAaM2\AppData\Local\Temp\_MEI39162\wx._html2.pyd 2015-01-15 17:30 - 2015-01-15 17:30 - 00027136 _____ () C:\Users\RAaM2\AppData\Local\Temp\_MEI39162\_multiprocessing.pyd 2015-01-15 17:30 - 2015-01-15 17:30 - 00035840 _____ () C:\Users\RAaM2\AppData\Local\Temp\_MEI39162\win32process.pyd 2015-01-15 17:30 - 2015-01-15 17:30 - 00686080 _____ () C:\Users\RAaM2\AppData\Local\Temp\_MEI39162\unicodedata.pyd 2015-01-15 17:30 - 2015-01-15 17:30 - 00122368 _____ () C:\Users\RAaM2\AppData\Local\Temp\_MEI39162\wx._wizard.pyd 2015-01-15 17:30 - 2015-01-15 17:30 - 00024064 _____ () C:\Users\RAaM2\AppData\Local\Temp\_MEI39162\win32pipe.pyd 2015-01-15 17:30 - 2015-01-15 17:30 - 00025600 _____ () C:\Users\RAaM2\AppData\Local\Temp\_MEI39162\win32pdh.pyd 2015-01-15 17:30 - 2015-01-15 17:30 - 00525640 _____ () C:\Users\RAaM2\AppData\Local\Temp\_MEI39162\windows._lib_cacheinvalidation.pyd 2015-01-15 17:30 - 2015-01-15 17:30 - 00010240 _____ () C:\Users\RAaM2\AppData\Local\Temp\_MEI39162\select.pyd 2015-01-15 17:30 - 2015-01-15 17:30 - 00017408 _____ () C:\Users\RAaM2\AppData\Local\Temp\_MEI39162\win32profile.pyd 2015-01-15 17:30 - 2015-01-15 17:30 - 00022528 _____ () C:\Users\RAaM2\AppData\Local\Temp\_MEI39162\win32ts.pyd 2015-01-15 17:30 - 2015-01-15 17:30 - 00078336 _____ () C:\Users\RAaM2\AppData\Local\Temp\_MEI39162\wx._animate.pyd 2014-10-22 01:22 - 2014-10-22 01:22 - 00750080 _____ () C:\Users\RAaM2\AppData\Roaming\Dropbox\bin\libGLESv2.dll 2015-01-15 17:31 - 2015-01-15 17:31 - 00043008 _____ () c:\users\raam2\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp9tjfpi.dll 2014-10-22 01:22 - 2014-10-22 01:22 - 00047616 _____ () C:\Users\RAaM2\AppData\Roaming\Dropbox\bin\libEGL.dll 2014-10-22 01:22 - 2014-10-22 01:22 - 00863744 _____ () C:\Users\RAaM2\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll 2014-10-22 01:22 - 2014-10-22 01:22 - 00200704 _____ () C:\Users\RAaM2\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll 2015-01-13 20:06 - 2015-01-13 23:12 - 51548328 _____ () C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe 2015-01-13 20:06 - 2015-01-07 22:22 - 00985768 _____ () C:\Users\Default\AppData\Roaming\Compatibility Verifier\ffmpegsumo.dll 2015-01-13 20:06 - 2015-01-07 22:22 - 01360552 _____ () C:\Users\Default\AppData\Roaming\Compatibility Verifier\libglesv2.dll 2015-01-13 20:06 - 2015-01-07 22:22 - 00214184 _____ () C:\Users\Default\AppData\Roaming\Compatibility Verifier\libegl.dll 2015-01-13 20:06 - 2015-01-07 22:22 - 16827048 _____ () C:\Users\Default\AppData\Roaming\Compatibility Verifier\NPSWF32_15_0_0_189.dll 2014-12-12 23:18 - 2014-12-06 02:50 - 01077064 _____ () C:\Users\RAaM2\AppData\Local\Google\Chrome\Application\39.0.2171.95\libglesv2.dll 2014-12-12 23:18 - 2014-12-06 02:50 - 00211272 _____ () C:\Users\RAaM2\AppData\Local\Google\Chrome\Application\39.0.2171.95\libegl.dll 2014-12-12 23:18 - 2014-12-06 02:50 - 09009480 _____ () C:\Users\RAaM2\AppData\Local\Google\Chrome\Application\39.0.2171.95\pdf.dll 2014-12-12 23:18 - 2014-12-06 02:50 - 01677128 _____ () C:\Users\RAaM2\AppData\Local\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupfolder: C:^Users^RAaM2^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Produktregistrierung.lnk => C:\Windows\pss\Logitech . Produktregistrierung.lnk.Startup MSCONFIG\startupreg: Adobe Photo Downloader => "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" MSCONFIG\startupreg: AllShareAgent => C:\Program Files\Samsung\AllShare\AllShareAgent.exe MSCONFIG\startupreg: AmazonMP3DownloaderHelper => C:\Users\RAaM2\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe MSCONFIG\startupreg: CanonSolutionMenu => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon MSCONFIG\startupreg: CLMLServer => "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe" MSCONFIG\startupreg: Eraser => "C:\PROGRA~1\Eraser\Eraser.exe" --atRestart MSCONFIG\startupreg: KiesPDLR => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe MSCONFIG\startupreg: KiesPreload => C:\Program Files\Samsung\Kies\Kies.exe /preload MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe MSCONFIG\startupreg: OpwareSE4 => "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" MSCONFIG\startupreg: PC Suite Tray => "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe ========================= Accounts: ========================== Administrator (S-1-5-21-837243161-1062950140-3748333167-500 - Administrator - Disabled) ASPNET (S-1-5-21-837243161-1062950140-3748333167-1002 - Limited - Enabled) Christa (S-1-5-21-837243161-1062950140-3748333167-1007 - Administrator - Enabled) => C:\Users\Christa Gast (S-1-5-21-837243161-1062950140-3748333167-501 - Limited - Enabled) => C:\Users\Gast HomeGroupUser$ (S-1-5-21-837243161-1062950140-3748333167-1005 - Limited - Enabled) RAaM2 (S-1-5-21-837243161-1062950140-3748333167-1000 - Administrator - Enabled) => C:\Users\RAaM2 Sarah (S-1-5-21-837243161-1062950140-3748333167-1006 - Administrator - Enabled) => C:\Users\Sarah ==================== Faulty Device Manager Devices ============= Name: Teredo Tunneling Pseudo-Interface Description: Microsoft-Teredo-Tunneling-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: Bluetooth-Peripheriegerät Description: Bluetooth-Peripheriegerät Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (01/15/2015 08:11:13 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: SpfService.exe, Version: 1.3.0.9090, Zeitstempel: 0x4e684be0 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea91c Ausnahmecode: 0xc0000005 Fehleroffset: 0x0005d032 ID des fehlerhaften Prozesses: 0xc68 Startzeit der fehlerhaften Anwendung: 0xSpfService.exe0 Pfad der fehlerhaften Anwendung: SpfService.exe1 Pfad des fehlerhaften Moduls: SpfService.exe2 Berichtskennung: SpfService.exe3 Error: (01/15/2015 05:37:15 PM) (Source: SamsungAllShareV2.0) (EventID: 0) (User: ) Description: Der Dienst kann nicht gestartet werden. System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt. bei AllShareDmsUtil.Configuration.ConfigurationManager.GetSharingFolderList() bei AllShareDmsUtil.Manager.AllShareDmsManager.LoadSharingFolderList() bei AllShareDmsUtil.Manager.AllShareDmsManager.InitContentsDirectoryManager() bei AllShareDmsUtil.Manager.AllShareDmsManager.Initialize() bei AllShareDmsUtil.Manager.AllShareDmsManager..ctor() bei AllShareDmsUtil.Manager.AllShareDmsManager.get_Instance() bei AllShareDMS.AllShareDMS.DoStart() bei AllShareDMS.AllShareDMS.OnStart(String[] args) bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state) Error: (01/15/2015 05:32:32 PM) (Source: Windows Search Service) (EventID: 7010) (User: ) Description: Der Index kann nicht initialisiert werden. Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Error: (01/15/2015 05:32:32 PM) (Source: Windows Search Service) (EventID: 3058) (User: ) Description: Die Anwendung kann nicht initialisiert werden. Kontext: Windows Anwendung Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Error: (01/15/2015 05:32:32 PM) (Source: Windows Search Service) (EventID: 3028) (User: ) Description: Das Gatherer-Objekt kann nicht initialisiert werden. Kontext: Windows Anwendung, SystemIndex Katalog Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Error: (01/15/2015 05:32:32 PM) (Source: Windows Search Service) (EventID: 3029) (User: ) Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden. Kontext: Windows Anwendung, SystemIndex Katalog Details: Element nicht gefunden. (HRESULT : 0x80070490) (0x80070490) Error: (01/15/2015 05:32:27 PM) (Source: Windows Search Service) (EventID: 3029) (User: ) Description: Plug-In in <Search.JetPropStore> kann nicht initialisiert werden. Kontext: Windows Anwendung, SystemIndex Katalog Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Error: (01/15/2015 05:32:27 PM) (Source: Windows Search Service) (EventID: 9002) (User: ) Description: Die Eigenschaftenspeicherdaten können von Windows Search nicht geladen werden. Kontext: Windows Anwendung, SystemIndex Katalog Details: Die Inhaltsindexdatenbank ist fehlerhaft. (HRESULT : 0xc0041800) (0xc0041800) Error: (01/15/2015 05:32:27 PM) (Source: Windows Search Service) (EventID: 7042) (User: ) Description: Windows Search wird aufgrund eines Problems bei der Indizierung The catalog is corrupt beendet. Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Error: (01/15/2015 05:32:27 PM) (Source: Windows Search Service) (EventID: 7040) (User: ) Description: Vom Suchdienst wurden beschädigte Datendateien im Index {id=4700} erkannt. Vom Dienst wird versucht, dieses Problem durch Neuerstellung des Indexes automatisch zu beheben. Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) System errors: ============= Error: (01/15/2015 08:11:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "VAIO Entertainment Common Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (01/15/2015 05:41:50 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: Der Dienst "Windows Update" wurde nicht richtig gestartet. Error: (01/15/2015 05:38:43 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst eventlog erreicht. Error: (01/15/2015 05:33:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (01/15/2015 05:33:03 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Search erreicht. Error: (01/15/2015 05:33:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (01/15/2015 05:33:02 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Search erreicht. Error: (01/15/2015 05:33:02 PM) (Source: DCOM) (EventID: 10005) (User: ) Description: 1053WSearch{9E175B6D-F52A-11D8-B9A5-505054503030} Error: (01/15/2015 05:32:33 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts. Error: (01/15/2015 05:32:33 PM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073473535. Microsoft Office Sessions: ========================= Error: (01/15/2015 08:11:13 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: SpfService.exe1.3.0.90904e684be0ntdll.dll6.1.7601.18247521ea91cc00000050005d032c6801d030e0dd1df540C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exeC:\Windows\SYSTEM32\ntdll.dll4517b760-9cea-11e4-b9b7-000a94176540 Error: (01/15/2015 05:37:15 PM) (Source: SamsungAllShareV2.0) (EventID: 0) (User: ) Description: Der Dienst kann nicht gestartet werden. System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt. bei AllShareDmsUtil.Configuration.ConfigurationManager.GetSharingFolderList() bei AllShareDmsUtil.Manager.AllShareDmsManager.LoadSharingFolderList() bei AllShareDmsUtil.Manager.AllShareDmsManager.InitContentsDirectoryManager() bei AllShareDmsUtil.Manager.AllShareDmsManager.Initialize() bei AllShareDmsUtil.Manager.AllShareDmsManager..ctor() bei AllShareDmsUtil.Manager.AllShareDmsManager.get_Instance() bei AllShareDMS.AllShareDMS.DoStart() bei AllShareDMS.AllShareDMS.OnStart(String[] args) bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state) Error: (01/15/2015 05:32:32 PM) (Source: Windows Search Service) (EventID: 7010) (User: ) Description: Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Error: (01/15/2015 05:32:32 PM) (Source: Windows Search Service) (EventID: 3058) (User: ) Description: Kontext: Windows Anwendung Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Error: (01/15/2015 05:32:32 PM) (Source: Windows Search Service) (EventID: 3028) (User: ) Description: Kontext: Windows Anwendung, SystemIndex Katalog Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Error: (01/15/2015 05:32:32 PM) (Source: Windows Search Service) (EventID: 3029) (User: ) Description: Kontext: Windows Anwendung, SystemIndex Katalog Details: Element nicht gefunden. (HRESULT : 0x80070490) (0x80070490) Search.TripoliIndexer Error: (01/15/2015 05:32:27 PM) (Source: Windows Search Service) (EventID: 3029) (User: ) Description: Kontext: Windows Anwendung, SystemIndex Katalog Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Search.JetPropStore Error: (01/15/2015 05:32:27 PM) (Source: Windows Search Service) (EventID: 9002) (User: ) Description: Kontext: Windows Anwendung, SystemIndex Katalog Details: Die Inhaltsindexdatenbank ist fehlerhaft. (HRESULT : 0xc0041800) (0xc0041800) Error: (01/15/2015 05:32:27 PM) (Source: Windows Search Service) (EventID: 7042) (User: ) Description: Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) The catalog is corrupt Error: (01/15/2015 05:32:27 PM) (Source: Windows Search Service) (EventID: 7040) (User: ) Description: Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) 4700 ==================== Memory info =========================== Processor: Intel(R) Core(TM)2 Quad CPU Q8300 @ 2.50GHz Percentage of memory in use: 72% Total physical RAM: 3071.3 MB Available physical RAM: 846.13 MB Total Pagefile: 7165.59 MB Available Pagefile: 2346.59 MB Total Virtual: 2047.88 MB Available Virtual: 1919.79 MB ==================== Drives ================================ Drive c: (Boot) (Fixed) (Total:910.41 GB) (Free:756.5 GB) NTFS Drive d: (Recover) (Fixed) (Total:20 GB) (Free:10.34 GB) NTFS Drive e: (MyBook) (Fixed) (Total:2794.49 GB) (Free:2218.81 GB) NTFS Drive p: (Expansion) (Fixed) (Total:465.76 GB) (Free:439.39 GB) NTFS Drive q: (maxi n.u) (Fixed) (Total:465.76 GB) (Free:0 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: 9E009E00) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=910.4 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=20 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=1 GB) - (Type=12) ======================================================== Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: BA7E796E) Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS) Attempted reading MBR returned 0 bytes. Could not read MBR for disk 2. ======================================================== Disk: 6 (Size: 465.8 GB) (Disk ID: E5A677E1) Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Ist ein relativ alter Medion. Hallo cosinus, bist du noch da? ;-) |
15.01.2015, 22:25 | #14 |
/// Winkelfunktion /// TB-Süch-Tiger™ | db22.exe wurde von Stinger gefunden aber nicht gelöscht Adware/Junkware/Toolbars entfernen (alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!) 1. Schritt: adwCleaner Downloade Dir bitte AdwCleaner auf deinen Desktop.
2. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
3. Schritt: Frisches Log mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ Logfiles bitte immer in CODE-Tags posten |
15.01.2015, 23:29 | #15 |
| db22.exe wurde von Stinger gefunden aber nicht gelöscht AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v4.107 - Bericht erstellt am 15/01/2015 um 22:40:41 # Aktualisiert 07/01/2015 von Xplode # Database : 2015-01-13.2 [Live] # Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits) # Benutzername : RAaM2 - RAINER-PC # Gestartet von : C:\Users\RAaM2\Desktop\AdwCleaner_4.107.exe # Option : Löschen ***** [ Dienste ] ***** Dienst Gelöscht : yewimmxqbs32 ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 Ordner Gelöscht : C:\ProgramData\Babylon Ordner Gelöscht : C:\ProgramData\NCH Software Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Ordner Gelöscht : C:\Program Files\002 Ordner Gelöscht : C:\Program Files\Conduit Ordner Gelöscht : C:\Program Files\NCH Software Ordner Gelöscht : C:\Program Files\RrFilter Ordner Gelöscht : C:\Program Files\VideoConverter Ordner Gelöscht : C:\Program Files\Common Files\DVDVideoSoft\TB Ordner Gelöscht : C:\Users\RAaM2\AppData\Local\Ilivid Player Ordner Gelöscht : C:\Users\RAaM2\AppData\LocalLow\Conduit Ordner Gelöscht : C:\Users\RAaM2\AppData\Roaming\BabSolution Ordner Gelöscht : C:\Users\RAaM2\AppData\Roaming\Babylon Ordner Gelöscht : C:\Users\RAaM2\AppData\Roaming\NCH Software Ordner Gelöscht : C:\Users\RAaM2\AppData\Roaming\Windows Net Data [!] Ordner Gelöscht : C:\Users\RAaM2\AppData\Roaming\Compatibility Verifier Ordner Gelöscht : C:\Users\RAaM2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard Ordner Gelöscht : C:\Users\RAaM2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Online Ordner Gelöscht : C:\Users\RAaM2\AppData\Roaming\Mozilla\Firefox\Profiles\vs2ls8wg.default\Extensions\EFGLQA@78ETGYN-0W7FN789T87.COM Ordner Gelöscht : C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ainbkicbloikcngphmjfpjdemblcojdd Ordner Gelöscht : C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma Datei Gelöscht : C:\Windows\system32\drivers\netfilter.sys Datei Gelöscht : C:\Users\RAaM2\AppData\Roaming\BabMaint.exe Datei Gelöscht : C:\Users\RAaM2\AppData\Roaming\Mozilla\Firefox\Profiles\vs2ls8wg.default\bProtector_extensions.rdf Datei Gelöscht : C:\Users\RAaM2\AppData\Roaming\Mozilla\Firefox\Profiles\vs2ls8wg.default\bprotector_extensions.sqlite Datei Gelöscht : C:\Users\RAaM2\AppData\Roaming\Mozilla\Firefox\Profiles\vs2ls8wg.default\searchplugins\Conduit.xml Datei Gelöscht : C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences Datei Gelöscht : C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\bprotector web data ***** [ Tasks ] ***** Task Gelöscht : BitGuard Task Gelöscht : EPUpdater ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [ClickPotatoLite@ClickPotatoLite.com] [#] Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde [#] Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page] Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\MenuButtonIE.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ClickPotatoLiteAx.Info Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ClickPotatoLiteAx.Info.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ClickPotatoLiteAX.UserProfiles Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ClickPotatoLiteAX.UserProfiles.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MenuButtonIE.ButtonIE Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MenuButtonIE.ButtonIE.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1 Schlüssel Gelöscht : HKCU\Software\9edf8cb23cb943 Schlüssel Gelöscht : HKLM\SOFTWARE\9edf8cb23cb943 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D2083641-E57F-4EAB-BB85-0582424F4A29} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C4C4F1F4-3074-4CB6-9FB8-0A64273166F0} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{69725738-CD68-4F36-8D02-8C43722EE5DA} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C3B01BC-53A5-48A0-A43B-0C67731134B9} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0ABE0FED-50E7-4E42-A125-57C0A11DBCDE} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} Schlüssel Gelöscht : HKCU\Software\BABSOLUTION Schlüssel Gelöscht : HKCU\Software\BabylonToolbar Schlüssel Gelöscht : HKCU\Software\clickpotatolitesa Schlüssel Gelöscht : HKCU\Software\Conduit Schlüssel Gelöscht : HKCU\Software\DataMngr Schlüssel Gelöscht : HKCU\Software\filescout Schlüssel Gelöscht : HKCU\Software\Imesh Schlüssel Gelöscht : HKCU\Software\InstallCore Schlüssel Gelöscht : HKCU\Software\MGShareware Schlüssel Gelöscht : HKCU\Software\Myfree Codec Schlüssel Gelöscht : HKCU\Software\OCS Schlüssel Gelöscht : HKCU\Software\Softonic Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Rr Savings Schlüssel Gelöscht : HKLM\SOFTWARE\Babylon Schlüssel Gelöscht : HKLM\SOFTWARE\ClickPotatoLite Schlüssel Gelöscht : HKLM\SOFTWARE\Conduit Schlüssel Gelöscht : HKLM\SOFTWARE\DataMngr Schlüssel Gelöscht : HKLM\SOFTWARE\LevelQualityWatcher Schlüssel Gelöscht : HKLM\SOFTWARE\MGShareware Schlüssel Gelöscht : HKLM\SOFTWARE\Myfree Codec Schlüssel Gelöscht : HKLM\SOFTWARE\RrSavings Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VIS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494 ***** [ Browser ] ***** -\\ Internet Explorer v11.0.9600.17496 -\\ Mozilla Firefox v12.0 (de) [vs2ls8wg.default\prefs.js] - Zeile gelöscht : user_pref("extensions.enabledItems", "{3112ca9c-de6d-4884-a869-9855de68056c}:7.1.20101113Wb1,vshare@toolbar:1.0.0,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17"); [vs2ls8wg.default\prefs.js] - Zeile gelöscht : user_pref("extensions.vshare@toolbar.update.enabled", false); -\\ Google Chrome v [C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://search.delta-homes.com/web/?type=ds&ts=1402593230&from=wpm0612&uid=ST320LT012-1DG14C_W3P2NVM1XXXXW3P2NVM1&q={searchTerms} [C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.softonic.de/s/{searchTerms} -\\ Opera v0.0.0.0 [C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://search.delta-homes.com/web/?type=ds&ts=1402593230&from=wpm0612&uid=ST320LT012-1DG14C_W3P2NVM1XXXXW3P2NVM1&q={searchTerms} [C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.softonic.de/s/{searchTerms} ************************* AdwCleaner[R0].txt - [8946 octets] - [15/01/2015 22:32:26] AdwCleaner[S0].txt - [9112 octets] - [15/01/2015 22:40:41] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9172 octets] ########## [/CODE]JRT Logfile: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.4.1 (12.28.2014:1) OS: Windows 7 Home Premium x86 Ran by RAaM2 on 15.01.2015 at 22:57:15,98 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10AD2C61-0898-4348-8600-14A342F22AC3} Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{10AD2C61-0898-4348-8600-14A342F22AC3} ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Program Files\freerip3" Successfully deleted: [Folder] "C:\Program Files\myfree codec" ~~~ FireFox Successfully deleted the following from C:\Users\RAaM2\AppData\Roaming\mozilla\firefox\profiles\vs2ls8wg.default\prefs.js user_pref("google.toolbar.button_option.cached.gtbSearchBlogs", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\" id=\"gtbSearchBlogs\" t user_pref("google.toolbar.button_option.cached.gtbSearchPhotos", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\" id=\"gtbSearchPhotos\" user_pref("google.toolbar.button_option.cached.gtbSearchScholar", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\" id=\"gtbSearchScholar user_pref("google.toolbar.button_option.cached.gtbstoolbar-google-com_CTK0Y7F4MTG6NKYH03WT-xml", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.o user_pref("google.toolbar.button_option.cached.gtbstoolbar-google-com_J66T77NJDBMW4FEUU7FA-xml", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.o user_pref("google.toolbar.search-icon", "data:image/x-icon;base64,AAABAAEAEBAAAAEAIABoBAAAFgAAACgAAAAQAAAAIAAAAAEAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7PT7/3zF6/9Ptu//RbHx/ ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 15.01.2015 at 23:00:17,93 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-01-2015 01 Ran by RAaM2 (administrator) on RAINER-PC on 15-01-2015 23:02:06 Running from C:\Users\RAaM2\Desktop Loaded Profiles: RAaM2 (Available profiles: RAaM2 & Sarah & Christa & Gast) Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (REINER SCT) C:\Windows\System32\cjpcsc.exe (MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (Teruten) C:\Windows\System32\FsUsbExService.Exe (Nitro PDF Software) C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe (Sony Corporation) C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe () C:\Windows\System32\PSIService.exe () C:\Program Files\Macrium\Reflect\ReflectService.exe () C:\Program Files\CyberLink\Shared files\RichVideo.exe (DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH) C:\Program Files\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files\StarMoney 9.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe (Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (X10) C:\Program Files\Common Files\X10\Common\X10nets.exe (Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Google Inc.) C:\Program Files\Google\Update\1.3.25.11\GoogleCrashHandler.exe () C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe (Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe () C:\Windows\System32\UMonit.exe () C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe (Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe () C:\Program Files\ZOOM\Edit_Share\bin\ZOOM Edit&Share startup.exe (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe (Sony Corporation) C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Google Inc.) C:\Users\RAaM2\AppData\Local\Google\Update\GoogleUpdate.exe (Google) C:\Program Files\Google\Drive\googledrivesync.exe (Microsoft Corporation) C:\Users\RAaM2\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Samsung) C:\Program Files\Samsung\Kies\Kies.exe (Samsung) C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (Dropbox, Inc.) C:\Users\RAaM2\AppData\Roaming\Dropbox\bin\Dropbox.exe (Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe (Google) C:\Program Files\Google\Drive\googledrivesync.exe (Sony Corporation) C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDms.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Google Inc.) C:\Users\RAaM2\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\RAaM2\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\RAaM2\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\RAaM2\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\RAaM2\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\RAaM2\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\RAaM2\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\RAaM2\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Google Quick Search Box] => C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe [122880 2009-11-27] (Google Inc.) HKLM\...\Run: [NetFxUpdate_v1.1.4322] => C:\Windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe [106496 2004-08-10] (Microsoft) HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1603152 2007-09-13] (CANON INC.) HKLM\...\Run: [SSBkgdUpdate] => C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.) HKLM\...\Run: [WrtMon.exe] => C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exe [20480 2006-09-20] () HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation) HKLM\...\Run: [NPSStartup] => [X] HKLM\...\Run: [UMonit] => C:\Windows\system32\UMonit.exe [200704 2007-06-18] () HKLM\...\Run: [BigDog303] => C:\Windows\VM303_STI.EXE [61440 2006-01-24] (Vimicro) HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated) HKLM\...\Run: [WD Quick View] => C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe [5562736 2014-07-22] (Western Digital Technologies, Inc.) HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation) HKLM\...\Run: [Path] => C:\Program Files\ZOOM\Edit_Share\bin\ZOOM Edit&Share startup.exe [1989632 2012-06-08] () HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2296600 2013-07-31] (Logitech, Inc.) HKLM\...\Run: [PMBVolumeWatcher] => C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2707992 2014-09-03] (Sony Corporation) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12021464 2014-05-09] (Realtek Semiconductor) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.) Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) HKU\S-1-5-21-837243161-1062950140-3748333167-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-11-27] (Google Inc.) HKU\S-1-5-21-837243161-1062950140-3748333167-1000\...\Run: [Google Update] => C:\Users\RAaM2\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-18] (Google Inc.) HKU\S-1-5-21-837243161-1062950140-3748333167-1000\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google) HKU\S-1-5-21-837243161-1062950140-3748333167-1000\...\Run: [SkyDrive] => C:\Users\RAaM2\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [277672 2014-09-25] (Microsoft Corporation) HKU\S-1-5-21-837243161-1062950140-3748333167-1000\...\Run: [KiesPreload] => C:\Program Files\Samsung\Kies\Kies.exe [1565504 2014-12-16] (Samsung) HKU\S-1-5-21-837243161-1062950140-3748333167-1000\...\Run: [KiesPDLR.exe] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845120 2014-12-16] (Samsung) HKU\S-1-5-21-837243161-1062950140-3748333167-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5489944 2014-12-12] (Piriform Ltd) HKU\S-1-5-21-837243161-1062950140-3748333167-1000\...\Policies\Explorer: [NoFolderOptions] 0 HKU\S-1-5-21-837243161-1062950140-3748333167-1000\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-21-837243161-1062950140-3748333167-1000\...\MountPoints2: {46bb24e7-c704-11e2-bb50-4061864d3aa8} - F:\setup_vmb_lite.exe /checkApplicationPresence Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.) Startup: C:\Users\RAaM2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\RAaM2\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-837243161-1062950140-3748333167-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-837243161-1062950140-3748333167-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI HKU\S-1-5-21-837243161-1062950140-3748333167-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com/ SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-837243161-1062950140-3748333167-1000 -> DefaultScope {4128802F-8A28-42C8-A441-F464AA11DDFD} URL = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7GFRE_deDE355 SearchScopes: HKU\S-1-5-21-837243161-1062950140-3748333167-1000 -> {16639E9F-A73B-4829-BF1B-C8E7FA2A33A7} URL = hxxp://rover.ebay.com/rover/1/707-37276-23097-0/4?satitle={searchTerms} SearchScopes: HKU\S-1-5-21-837243161-1062950140-3748333167-1000 -> {17E5117F-F86D-40CA-B89B-2C5B34D78C4B} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&tag=iesearch-21&index=blended&linkCode=qs&camp=1789&creative=9325&keywords={searchTerms} SearchScopes: HKU\S-1-5-21-837243161-1062950140-3748333167-1000 -> {2BE66F85-635A-44FC-96C2-6CF411D6FAFE} URL = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms} SearchScopes: HKU\S-1-5-21-837243161-1062950140-3748333167-1000 -> {4128802F-8A28-42C8-A441-F464AA11DDFD} URL = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7GFRE_deDE355 SearchScopes: HKU\S-1-5-21-837243161-1062950140-3748333167-1000 -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = SearchScopes: HKU\S-1-5-21-837243161-1062950140-3748333167-1000 -> {7616FC6D-7F42-41D3-8FAA-C4F318003C6D} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&tag=iesearchde-21&index=blended&linkCode=qs&camp=1789&creative=9325&keywords={searchTerms} SearchScopes: HKU\S-1-5-21-837243161-1062950140-3748333167-1000 -> {945F02B5-2F33-4B96-8841-835C510EC8C2} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&tag=iesearchde-21&index=blended&linkCode=qs&camp=1789&creative=9325&keywords={searchTerms} SearchScopes: HKU\S-1-5-21-837243161-1062950140-3748333167-1000 -> {A8A65AC0-056A-4CEE-9936-3FE3098CF4EA} URL = hxxp://suche.t-online.de/fast-cgi/tsc?q={searchTerms}&sr=searchbar SearchScopes: HKU\S-1-5-21-837243161-1062950140-3748333167-1000 -> {BC87AC6A-4758-4D2A-94EC-84CD4274D282} URL = hxxp://suche.web.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin SearchScopes: HKU\S-1-5-21-837243161-1062950140-3748333167-1000 -> {BCB7F24B-F6E1-4BB1-BE9E-BF32BFE7DEA4} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&index=blended&linkCode=ur2&camp=1638&creative=6742&tag=iepluginsearch-21 SearchScopes: HKU\S-1-5-21-837243161-1062950140-3748333167-1000 -> {D691082F-E5F2-40CE-8941-3106EBE25670} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-837243161-1062950140-3748333167-1000 -> {EFDAAA28-5D6C-40C3-80EF-43B71364A10F} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&tag=iesearchde-21&index=blended&linkCode=qs&camp=1789&creative=9325&keywords={searchTerms} BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKU\S-1-5-21-837243161-1062950140-3748333167-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File Toolbar: HKU\S-1-5-21-837243161-1062950140-3748333167-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {FD3FF62E-61A7-48EE-A4A4-97CE7BD1F99D} https://eplace-eu.solvay.com/postauthACC/SodaAgent.CAB Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\RAaM2\AppData\Roaming\Mozilla\Firefox\Profiles\vs2ls8wg.default FF Homepage: hxxp://www.google.de/ FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_257.dll () FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.4 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @nitropdf.com/NitroPDF -> C:\Program Files\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF) FF Plugin: @real.com/nppl3260;version=6.0.12.448 -> C:\Program Files\Win7codecs\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=6.0.12.448 -> C:\Program Files\Win7codecs\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-837243161-1062950140-3748333167-1000: @tools.google.com/Google Update;version=3 -> C:\Users\RAaM2\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKU\S-1-5-21-837243161-1062950140-3748333167-1000: @tools.google.com/Google Update;version=9 -> C:\Users\RAaM2\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKU\S-1-5-21-837243161-1062950140-3748333167-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\RAaM2\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-07-31] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-09-01] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012-10-22] FF HKLM\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-05-27] FF HKU\S-1-5-21-837243161-1062950140-3748333167-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] Chrome: ======= CHR HomePage: Default -> hxxp://www.google.com/ CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Users\RAaM2\AppData\Local\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Users\RAaM2\AppData\Local\Google\Chrome\Application\39.0.2171.95\pdf.dll () CHR Plugin: (Shockwave Flash) - C:\Users\RAaM2\AppData\Local\Google\Chrome\Application\39.0.2171.95\gcswf32.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation) CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll No File CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll No File CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File CHR Plugin: (DivX Player Netscape Plugin) - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) CHR Plugin: (DivX Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Win7codecs\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Win7codecs\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll No File CHR Profile: C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (DER SPIEGEL) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aafpbllkmchckcndlogpofcepplhndlg [2012-11-16] CHR Extension: (Google Drive) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-04-04] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-04] CHR Extension: (YouTube) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-17] CHR Extension: (Google Cast) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-03-20] CHR Extension: (Adblock Plus) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-04-01] CHR Extension: (Kindle Cloud Reader) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnemmpobpfaichgccgcilgncfigplmol [2014-11-11] CHR Extension: (Google-Suche) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-17] CHR Extension: (TuneIn: Listen to Online Radio, Music and Talk Stations) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\dblgfaikinhoidnoieheigjobmlkhcjc [2013-06-30] CHR Extension: (Logitech Smooth Scrolling) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2014-05-27] CHR Extension: (Google News) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\dllkocilcinkggkchnjgegijklcililc [2013-01-10] CHR Extension: (Simple Google bookmarks) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\dobhkcpfdpfhghdmiecokllfjiemfmgm [2012-10-22] CHR Extension: (Cut the Rope) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkddaofiamhgfjmaccfcfpfolpgbeomj [2012-12-31] CHR Extension: (Dropbox) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2013-04-05] CHR Extension: (SoundCloud) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipebkipbeggmmkjjljenoblnfaenambp [2013-04-06] CHR Extension: (Scratchpad) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjebfhglflhjjjiceimfkgicifkhjlnm [2012-11-16] CHR Extension: (Super Mario Flash 2 Spiel) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\knbkkfblonehbjjkdfiejflknbokmame [2013-09-23] CHR Extension: (Google Play) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2012-12-07] CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-10] CHR Extension: (Google Maps) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2013-01-10] CHR Extension: (OneDrive) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffchahhjecejoiigmnhhicpoabngedk [2013-04-03] CHR Extension: (LocalChromecast Player) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmladpigjlinmngadjgfogblnmddndcp [2014-03-25] CHR Extension: (Google Wallet) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21] CHR Extension: (Google Chrome to Phone Extension) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco [2012-11-24] CHR Extension: (TV Movie Fernsehprogramm) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\omigcnbanchckjpihkioagdjjdhkhhdh [2013-10-05] CHR Extension: (Wetter) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\paafljigflaodeomfbpjcggedcilkoop [2013-01-10] CHR Extension: (Google Mail) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-17] CHR HKU\S-1-5-21-837243161-1062950140-3748333167-1000\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path CHR StartMenuInternet: Google Chrome - C:\Users\RAaM2\AppData\Local\Google\Chrome\Application\chrome.exe ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 cjpcsc; C:\Windows\system32\cjpcsc.exe [514128 2012-03-19] (REINER SCT) R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1155072 2009-02-03] (MAGIX AG) [File not signed] S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®) [File not signed] R2 FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [233472 2013-04-18] (Teruten) [File not signed] S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.) R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation) R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation) R2 NitroReaderDriverReadSpool3; C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe [196624 2013-03-26] (Nitro PDF Software) R2 PMBDeviceInfoProvider; C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [484888 2014-09-03] (Sony Corporation) R2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [177704 2007-06-05] () S3 PS3 Media Server; C:\Program Files\PS3 Media Server\win32\service\wrapper.exe [217088 2008-08-17] () [File not signed] R2 ReflectService; C:\Program Files\Macrium\Reflect\ReflectService.exe [220128 2009-11-12] () R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [244904 2009-07-27] () [File not signed] S2 SamsungAllShareV2.0; C:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [25504 2012-01-19] (Samsung Electronics Co., Ltd.) S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [657408 2009-10-27] (Nokia) [File not signed] S3 SimpleSlideShowServer; C:\Program Files\Samsung\AllShare\AllShareSlideShowService.exe [27584 2012-03-02] (Samsung Electronics Co., Ltd.) R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.) R2 StarMoney 8.0 OnlineUpdate; C:\Program Files\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe [699680 2012-12-21] (Star Finanz - Software Entwicklung und Vertriebs GmbH) R2 StarMoney 9.0 OnlineUpdate; C:\Program Files\StarMoney 9.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe [697488 2014-07-04] (Star Finanz-Software Entwicklung und Vertriebs GmbH) R2 WDBackup; C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-12-02] (Western Digital Technologies, Inc.) R2 WDDriveService; C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-06-02] (Western Digital Technologies, Inc.) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation) U2 x10nets; C:\Program Files\Common Files\X10\Common\X10nets.exe [20480 2001-11-12] (X10) [File not signed] S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X] S2 Verifies and fixes application compatibility issues; C:\Users\RAaM2\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 bizVSerial; C:\Windows\System32\drivers\bizVSerialNT.sys [14949 2007-05-31] (franson.biz) [File not signed] R3 cjusb; C:\Windows\System32\DRIVERS\cjusb.sys [28144 2011-03-29] (REINER SCT) S3 DIGIFW; C:\Windows\System32\DRIVERS\digifw.sys [167952 2010-10-23] (Avid Technology, Inc.) R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-04-18] () [File not signed] R3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [28312 2013-05-23] (Logitech, Inc.) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation) R2 NPF; C:\Windows\System32\drivers\npf.sys [50704 2009-10-20] (CACE Technologies, Inc.) S3 NxpCap; C:\Windows\System32\DRIVERS\NxpCap.sys [1488096 2009-07-30] (NXP Semiconductors Germany GmbH) S3 PSMounter; C:\Windows\system32\drivers\psmounter.sys [32736 2009-11-12] (Macrium Software) R0 pssnap; C:\Windows\System32\DRIVERS\pssnap.sys [15328 2008-05-20] (Macrium Software) R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [36624 2006-11-02] (Sonic Solutions) [File not signed] S3 RTL8187B; C:\Windows\System32\DRIVERS\rtl8187B.sys [379904 2010-03-31] (Realtek Semiconductor Corporation ) R0 TPkd; C:\Windows\system32\Drivers\TPkd.sys [93304 2010-09-26] (PACE Anti-Piracy, Inc.) R3 TrdCap; C:\Windows\System32\DRIVERS\TrdCap.sys [1554472 2010-06-09] (Trident Microsystems, Inc.) R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [13720 2009-05-13] (X10 Wireless Technology, Inc.) R3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27160 2009-05-13] (X10 Wireless Technology, Inc.) S3 ZMGHPAudioSrv; C:\Windows\System32\drivers\zmghpau.sys [38016 2011-02-18] (ZOOM) S3 ZSMC303; C:\Windows\System32\Drivers\usbVM303.sys [391300 2006-02-23] (Vimicro Corporation) S1 muhilvre; \??\C:\Windows\system32\drivers\muhilvre.sys [X] S3 upperdev; system32\DRIVERS\usbser_lowerflt.sys [X] S2 WiseFS; \??\H:\Folders\Software\WFH\Wise Folder Hider\WiseFs32.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-15 23:00 - 2015-01-15 23:00 - 00002551 _____ () C:\Users\RAaM2\Desktop\JRT.txt 2015-01-15 22:57 - 2015-01-15 22:57 - 00000000 ____D () C:\Windows\ERUNT 2015-01-15 22:49 - 2015-01-15 22:49 - 00000562 _____ () C:\Windows\PFRO.log 2015-01-15 22:32 - 2015-01-15 22:46 - 00000000 ____D () C:\AdwCleaner 2015-01-15 22:29 - 2015-01-15 22:28 - 02191360 _____ () C:\Users\RAaM2\Desktop\AdwCleaner_4.107.exe 2015-01-15 22:29 - 2015-01-15 22:28 - 01707939 _____ (Thisisu) C:\Users\RAaM2\Desktop\JRT.exe 2015-01-15 22:28 - 2015-01-15 22:28 - 01707939 _____ (Thisisu) C:\Users\RAaM2\Downloads\JRT.exe 2015-01-15 22:27 - 2015-01-15 22:28 - 02191360 _____ () C:\Users\RAaM2\Downloads\AdwCleaner_4.107.exe 2015-01-15 21:21 - 2015-01-15 23:02 - 00034373 _____ () C:\Users\RAaM2\Desktop\FRST.txt 2015-01-15 21:21 - 2015-01-15 21:22 - 00070384 _____ () C:\Users\RAaM2\Desktop\Addition.txt 2015-01-15 21:20 - 2015-01-15 21:09 - 01116672 _____ (Farbar) C:\Users\RAaM2\Downloads\FRST.exe 2015-01-15 21:10 - 2015-01-15 23:02 - 00000000 ____D () C:\FRST 2015-01-15 21:08 - 2015-01-15 21:09 - 01116672 _____ (Farbar) C:\Users\RAaM2\Desktop\FRST.exe 2015-01-15 18:11 - 2015-01-15 21:05 - 00001287 _____ () C:\Users\RAaM2\Downloads\Stinger_15012015_181146.html 2015-01-15 17:30 - 2015-01-15 22:49 - 00001033 _____ () C:\Windows\setupact.log 2015-01-15 17:30 - 2015-01-15 17:30 - 00000000 _____ () C:\Windows\setuperr.log 2015-01-15 16:45 - 2015-01-15 14:05 - 04188536 _____ (Piriform Ltd) C:\Users\RAaM2\Downloads\ccsetup501_slim.exe 2015-01-15 16:43 - 2015-01-15 21:09 - 00000114 ___RH () C:\Users\RAaM2\Downloads\Stinger.opt 2015-01-15 13:32 - 2015-01-15 13:32 - 00014029 _____ () C:\Users\RAaM2\Downloads\hijackthis.log 2015-01-15 13:22 - 2015-01-15 13:27 - 00388608 _____ (Trend Micro Inc.) C:\Users\RAaM2\Downloads\HiJackThis204.exe 2015-01-15 13:13 - 2015-01-15 13:13 - 00000000 ____D () C:\Quarantine 2015-01-15 13:07 - 2015-01-15 16:38 - 00001073 _____ () C:\Users\RAaM2\Downloads\Stinger_15012015_130717.html 2015-01-15 13:06 - 2015-01-15 21:09 - 00000000 ____D () C:\Program Files\stinger 2015-01-15 13:00 - 2015-01-15 13:04 - 11165552 _____ (McAfee Inc) C:\Users\RAaM2\Downloads\stinger32.exe 2015-01-14 17:28 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2015-01-14 17:28 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-01-14 17:27 - 2014-12-19 03:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2015-01-14 17:27 - 2014-12-11 18:47 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2015-01-14 17:27 - 2014-12-06 04:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll 2015-01-14 17:26 - 2014-12-19 02:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2015-01-14 17:17 - 2015-01-15 22:49 - 00000000 ____D () C:\Users\RAaM2\AppData\Roaming\Compatibility Verifier 2015-01-13 20:08 - 2015-01-15 22:30 - 00000112 _____ () C:\ProgramData\W4Gisl.dat 2015-01-13 20:08 - 2015-01-13 20:08 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia 2015-01-13 20:08 - 2015-01-13 20:08 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Adobe 2015-01-13 20:08 - 2015-01-13 20:08 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia 2015-01-13 20:08 - 2015-01-13 20:08 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Adobe 2015-01-13 20:06 - 2015-01-15 22:17 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Compatibility Verifier 2015-01-13 20:06 - 2015-01-15 22:17 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Compatibility Verifier 2015-01-01 18:05 - 2014-10-13 06:57 - 00184192 _____ (DEVGURU Co., LTD.(???? | ????? ???? ?????.)) C:\Windows\system32\Drivers\ssudmdm.sys 2015-01-01 18:05 - 2014-10-13 06:57 - 00089856 _____ (DEVGURU Co., LTD.(???? | ????? ???? ?????.)) C:\Windows\system32\Drivers\ssudbus.sys 2014-12-28 19:40 - 2014-12-28 19:40 - 00001221 _____ () C:\Users\RAaM2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TrayIt!.lnk 2014-12-28 19:39 - 2014-12-28 19:39 - 00000000 ____D () C:\Program Files\trayit_4_6_5_5 2014-12-28 19:35 - 2014-12-28 19:35 - 00000000 ____D () C:\Users\RAaM2\Downloads\nw_7668_trayitzip 2014-12-28 19:33 - 2014-12-28 19:33 - 00335253 _____ () C:\Users\RAaM2\Downloads\nw_7668_trayitzip.zip 2014-12-19 15:21 - 2014-12-19 15:21 - 04330507 _____ () C:\Users\RAaM2\Downloads\Tip0000-Download-Paket-Demo.zip 2014-12-18 12:05 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-15 23:00 - 2009-07-14 05:34 - 00018512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-01-15 23:00 - 2009-07-14 05:34 - 00018512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-01-15 22:51 - 2013-04-05 19:39 - 00000000 ___RD () C:\Users\RAaM2\Dropbox 2015-01-15 22:51 - 2013-04-05 19:34 - 00000000 ____D () C:\Users\RAaM2\AppData\Roaming\Dropbox 2015-01-15 22:51 - 2013-04-03 15:10 - 00000000 ___RD () C:\Users\RAaM2\SkyDrive 2015-01-15 22:50 - 2014-07-14 18:35 - 00008192 _____ () C:\Windows\system32\WDPABKP.dat 2015-01-15 22:50 - 2013-01-26 20:32 - 00000000 ___RD () C:\Users\RAaM2\Google Drive 2015-01-15 22:50 - 2010-02-15 22:55 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-01-15 22:49 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-01-15 22:48 - 2009-11-27 21:31 - 01107954 _____ () C:\Windows\WindowsUpdate.log 2015-01-15 22:41 - 2013-04-10 10:55 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft 2015-01-15 22:36 - 2013-10-04 16:48 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-01-15 22:36 - 2010-02-15 22:55 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-01-15 22:15 - 2011-07-22 21:58 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-837243161-1062950140-3748333167-1000UA.job 2015-01-15 21:11 - 2014-01-02 12:16 - 00000000 ____D () C:\Program Files\StarMoney 9.0 S-Edition 2015-01-15 17:14 - 2010-05-09 20:30 - 00000000 ____D () C:\Windows\Minidump 2015-01-15 17:11 - 2013-08-15 23:30 - 00000000 ____D () C:\Users\RAaM2\Desktop\Tools 2015-01-15 16:47 - 2014-01-29 13:10 - 00000000 ____D () C:\Program Files\CCleaner 2015-01-15 12:15 - 2011-07-22 21:58 - 00001068 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-837243161-1062950140-3748333167-1000Core.job 2015-01-14 18:36 - 2012-10-24 17:25 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-01-14 18:36 - 2011-05-16 12:46 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2015-01-14 17:12 - 2013-08-15 23:45 - 00000000 ____D () C:\Windows\system32\MRT 2015-01-14 16:45 - 2009-09-24 16:13 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-01-14 15:36 - 2009-11-27 21:31 - 00000000 ____D () C:\Users\RAaM2 2015-01-14 15:36 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\wfp 2015-01-14 15:34 - 2014-10-10 17:19 - 00000000 ____D () C:\Users\RAaM2\AppData\Roaming\Telegram Win (Unofficial) 2015-01-14 15:34 - 2013-08-15 23:28 - 00000000 ____D () C:\Users\RAaM2\Desktop\Handy 2015-01-14 15:34 - 2013-07-03 14:56 - 00000000 ____D () C:\ProgramData\Package Cache 2015-01-14 15:34 - 2012-03-10 15:38 - 00000000 ____D () C:\Users\Sarah 2015-01-14 15:34 - 2010-10-24 13:21 - 00000000 ____D () C:\Users\Christa 2015-01-14 15:34 - 2010-07-10 16:42 - 00000000 ____D () C:\ProgramData\McAfee Security Scan 2015-01-14 15:34 - 2010-01-16 12:23 - 00000000 ____D () C:\Users\Gast 2015-01-14 15:34 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE 2015-01-14 15:33 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\registration 2015-01-14 15:32 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2015-01-13 22:45 - 2009-09-24 15:43 - 01649492 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-01-02 17:15 - 2009-12-05 20:19 - 00000404 _____ () C:\Windows\Tasks\1-Klick-Wartung.job 2015-01-01 14:41 - 2013-11-12 23:15 - 00000000 ____D () C:\Users\RAaM2\Documents\SelfMV 2014-12-31 12:13 - 2009-10-05 17:03 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-12-23 19:41 - 2012-08-03 16:13 - 00000000 ____D () C:\Users\RAaM2\AppData\Roaming\Skype 2014-12-22 21:22 - 2014-10-22 14:02 - 00000000 ___RD () C:\Program Files\Skype 2014-12-22 21:22 - 2012-08-03 16:13 - 00000000 ____D () C:\ProgramData\Skype 2014-12-19 15:25 - 2009-12-05 01:01 - 00000000 ____D () C:\Users\RAaM2\AppData\Roaming\vlc 2014-12-17 21:27 - 2009-12-02 23:08 - 00002648 _____ () C:\Users\RAaM2\AppData\Roaming\wklnhst.dat 2014-12-17 17:45 - 2013-04-05 19:36 - 00000000 ____D () C:\Users\RAaM2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox Files to move or delete: ==================== C:\ProgramData\W4Gisl.dat Some content of TEMP: ==================== C:\Users\Gast\AppData\Local\Temp\{7815BC09-5CB0-49E5-B205-E2E29FD09BC9}-21.0.1180.60_chrome_installer.exe C:\Users\RAaM2\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpawoxya.dll C:\Users\RAaM2\AppData\Local\Temp\Quarantine.exe C:\Users\RAaM2\AppData\Local\Temp\repair4.exe C:\Users\RAaM2\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2013-10-31 09:04 ==================== End Of Log ============================ --- --- --- --- --- --- --- --- --- --- --- --- FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-01-2015 01 Ran by RAaM2 (administrator) on RAINER-PC on 15-01-2015 23:02:06 Running from C:\Users\RAaM2\Desktop Loaded Profiles: RAaM2 (Available profiles: RAaM2 & Sarah & Christa & Gast) Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (REINER SCT) C:\Windows\System32\cjpcsc.exe (MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (Teruten) C:\Windows\System32\FsUsbExService.Exe (Nitro PDF Software) C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe (Sony Corporation) C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe () C:\Windows\System32\PSIService.exe () C:\Program Files\Macrium\Reflect\ReflectService.exe () C:\Program Files\CyberLink\Shared files\RichVideo.exe (DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH) C:\Program Files\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files\StarMoney 9.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe (Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (X10) C:\Program Files\Common Files\X10\Common\X10nets.exe (Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Google Inc.) C:\Program Files\Google\Update\1.3.25.11\GoogleCrashHandler.exe () C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe (Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe () C:\Windows\System32\UMonit.exe () C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe (Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe () C:\Program Files\ZOOM\Edit_Share\bin\ZOOM Edit&Share startup.exe (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe (Sony Corporation) C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Google Inc.) C:\Users\RAaM2\AppData\Local\Google\Update\GoogleUpdate.exe (Google) C:\Program Files\Google\Drive\googledrivesync.exe (Microsoft Corporation) C:\Users\RAaM2\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Samsung) C:\Program Files\Samsung\Kies\Kies.exe (Samsung) C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (Dropbox, Inc.) C:\Users\RAaM2\AppData\Roaming\Dropbox\bin\Dropbox.exe (Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe (Google) C:\Program Files\Google\Drive\googledrivesync.exe (Sony Corporation) C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDms.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Google Inc.) C:\Users\RAaM2\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\RAaM2\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\RAaM2\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\RAaM2\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\RAaM2\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\RAaM2\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\RAaM2\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\RAaM2\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Google Quick Search Box] => C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe [122880 2009-11-27] (Google Inc.) HKLM\...\Run: [NetFxUpdate_v1.1.4322] => C:\Windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe [106496 2004-08-10] (Microsoft) HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1603152 2007-09-13] (CANON INC.) HKLM\...\Run: [SSBkgdUpdate] => C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.) HKLM\...\Run: [WrtMon.exe] => C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exe [20480 2006-09-20] () HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation) HKLM\...\Run: [NPSStartup] => [X] HKLM\...\Run: [UMonit] => C:\Windows\system32\UMonit.exe [200704 2007-06-18] () HKLM\...\Run: [BigDog303] => C:\Windows\VM303_STI.EXE [61440 2006-01-24] (Vimicro) HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated) HKLM\...\Run: [WD Quick View] => C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe [5562736 2014-07-22] (Western Digital Technologies, Inc.) HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation) HKLM\...\Run: [Path] => C:\Program Files\ZOOM\Edit_Share\bin\ZOOM Edit&Share startup.exe [1989632 2012-06-08] () HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2296600 2013-07-31] (Logitech, Inc.) HKLM\...\Run: [PMBVolumeWatcher] => C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2707992 2014-09-03] (Sony Corporation) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12021464 2014-05-09] (Realtek Semiconductor) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.) Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) HKU\S-1-5-21-837243161-1062950140-3748333167-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-11-27] (Google Inc.) HKU\S-1-5-21-837243161-1062950140-3748333167-1000\...\Run: [Google Update] => C:\Users\RAaM2\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-18] (Google Inc.) HKU\S-1-5-21-837243161-1062950140-3748333167-1000\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google) HKU\S-1-5-21-837243161-1062950140-3748333167-1000\...\Run: [SkyDrive] => C:\Users\RAaM2\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [277672 2014-09-25] (Microsoft Corporation) HKU\S-1-5-21-837243161-1062950140-3748333167-1000\...\Run: [KiesPreload] => C:\Program Files\Samsung\Kies\Kies.exe [1565504 2014-12-16] (Samsung) HKU\S-1-5-21-837243161-1062950140-3748333167-1000\...\Run: [KiesPDLR.exe] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845120 2014-12-16] (Samsung) HKU\S-1-5-21-837243161-1062950140-3748333167-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5489944 2014-12-12] (Piriform Ltd) HKU\S-1-5-21-837243161-1062950140-3748333167-1000\...\Policies\Explorer: [NoFolderOptions] 0 HKU\S-1-5-21-837243161-1062950140-3748333167-1000\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-21-837243161-1062950140-3748333167-1000\...\MountPoints2: {46bb24e7-c704-11e2-bb50-4061864d3aa8} - F:\setup_vmb_lite.exe /checkApplicationPresence Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.) Startup: C:\Users\RAaM2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\RAaM2\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-837243161-1062950140-3748333167-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-837243161-1062950140-3748333167-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI HKU\S-1-5-21-837243161-1062950140-3748333167-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com/ SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-837243161-1062950140-3748333167-1000 -> DefaultScope {4128802F-8A28-42C8-A441-F464AA11DDFD} URL = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7GFRE_deDE355 SearchScopes: HKU\S-1-5-21-837243161-1062950140-3748333167-1000 -> {16639E9F-A73B-4829-BF1B-C8E7FA2A33A7} URL = hxxp://rover.ebay.com/rover/1/707-37276-23097-0/4?satitle={searchTerms} SearchScopes: HKU\S-1-5-21-837243161-1062950140-3748333167-1000 -> {17E5117F-F86D-40CA-B89B-2C5B34D78C4B} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&tag=iesearch-21&index=blended&linkCode=qs&camp=1789&creative=9325&keywords={searchTerms} SearchScopes: HKU\S-1-5-21-837243161-1062950140-3748333167-1000 -> {2BE66F85-635A-44FC-96C2-6CF411D6FAFE} URL = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms} SearchScopes: HKU\S-1-5-21-837243161-1062950140-3748333167-1000 -> {4128802F-8A28-42C8-A441-F464AA11DDFD} URL = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7GFRE_deDE355 SearchScopes: HKU\S-1-5-21-837243161-1062950140-3748333167-1000 -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = SearchScopes: HKU\S-1-5-21-837243161-1062950140-3748333167-1000 -> {7616FC6D-7F42-41D3-8FAA-C4F318003C6D} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&tag=iesearchde-21&index=blended&linkCode=qs&camp=1789&creative=9325&keywords={searchTerms} SearchScopes: HKU\S-1-5-21-837243161-1062950140-3748333167-1000 -> {945F02B5-2F33-4B96-8841-835C510EC8C2} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&tag=iesearchde-21&index=blended&linkCode=qs&camp=1789&creative=9325&keywords={searchTerms} SearchScopes: HKU\S-1-5-21-837243161-1062950140-3748333167-1000 -> {A8A65AC0-056A-4CEE-9936-3FE3098CF4EA} URL = hxxp://suche.t-online.de/fast-cgi/tsc?q={searchTerms}&sr=searchbar SearchScopes: HKU\S-1-5-21-837243161-1062950140-3748333167-1000 -> {BC87AC6A-4758-4D2A-94EC-84CD4274D282} URL = hxxp://suche.web.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin SearchScopes: HKU\S-1-5-21-837243161-1062950140-3748333167-1000 -> {BCB7F24B-F6E1-4BB1-BE9E-BF32BFE7DEA4} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&index=blended&linkCode=ur2&camp=1638&creative=6742&tag=iepluginsearch-21 SearchScopes: HKU\S-1-5-21-837243161-1062950140-3748333167-1000 -> {D691082F-E5F2-40CE-8941-3106EBE25670} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-837243161-1062950140-3748333167-1000 -> {EFDAAA28-5D6C-40C3-80EF-43B71364A10F} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&tag=iesearchde-21&index=blended&linkCode=qs&camp=1789&creative=9325&keywords={searchTerms} BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKU\S-1-5-21-837243161-1062950140-3748333167-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File Toolbar: HKU\S-1-5-21-837243161-1062950140-3748333167-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {FD3FF62E-61A7-48EE-A4A4-97CE7BD1F99D} https://eplace-eu.solvay.com/postauthACC/SodaAgent.CAB Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\RAaM2\AppData\Roaming\Mozilla\Firefox\Profiles\vs2ls8wg.default FF Homepage: hxxp://www.google.de/ FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_257.dll () FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.4 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @nitropdf.com/NitroPDF -> C:\Program Files\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF) FF Plugin: @real.com/nppl3260;version=6.0.12.448 -> C:\Program Files\Win7codecs\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=6.0.12.448 -> C:\Program Files\Win7codecs\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-837243161-1062950140-3748333167-1000: @tools.google.com/Google Update;version=3 -> C:\Users\RAaM2\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKU\S-1-5-21-837243161-1062950140-3748333167-1000: @tools.google.com/Google Update;version=9 -> C:\Users\RAaM2\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKU\S-1-5-21-837243161-1062950140-3748333167-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\RAaM2\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-07-31] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-09-01] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012-10-22] FF HKLM\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-05-27] FF HKU\S-1-5-21-837243161-1062950140-3748333167-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] Chrome: ======= CHR HomePage: Default -> hxxp://www.google.com/ CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Users\RAaM2\AppData\Local\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Users\RAaM2\AppData\Local\Google\Chrome\Application\39.0.2171.95\pdf.dll () CHR Plugin: (Shockwave Flash) - C:\Users\RAaM2\AppData\Local\Google\Chrome\Application\39.0.2171.95\gcswf32.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation) CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll No File CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll No File CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File CHR Plugin: (DivX Player Netscape Plugin) - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) CHR Plugin: (DivX Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Win7codecs\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Win7codecs\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll No File CHR Profile: C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (DER SPIEGEL) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aafpbllkmchckcndlogpofcepplhndlg [2012-11-16] CHR Extension: (Google Drive) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-04-04] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-04] CHR Extension: (YouTube) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-17] CHR Extension: (Google Cast) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-03-20] CHR Extension: (Adblock Plus) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-04-01] CHR Extension: (Kindle Cloud Reader) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnemmpobpfaichgccgcilgncfigplmol [2014-11-11] CHR Extension: (Google-Suche) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-17] CHR Extension: (TuneIn: Listen to Online Radio, Music and Talk Stations) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\dblgfaikinhoidnoieheigjobmlkhcjc [2013-06-30] CHR Extension: (Logitech Smooth Scrolling) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2014-05-27] CHR Extension: (Google News) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\dllkocilcinkggkchnjgegijklcililc [2013-01-10] CHR Extension: (Simple Google bookmarks) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\dobhkcpfdpfhghdmiecokllfjiemfmgm [2012-10-22] CHR Extension: (Cut the Rope) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkddaofiamhgfjmaccfcfpfolpgbeomj [2012-12-31] CHR Extension: (Dropbox) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2013-04-05] CHR Extension: (SoundCloud) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipebkipbeggmmkjjljenoblnfaenambp [2013-04-06] CHR Extension: (Scratchpad) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjebfhglflhjjjiceimfkgicifkhjlnm [2012-11-16] CHR Extension: (Super Mario Flash 2 Spiel) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\knbkkfblonehbjjkdfiejflknbokmame [2013-09-23] CHR Extension: (Google Play) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2012-12-07] CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-10] CHR Extension: (Google Maps) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2013-01-10] CHR Extension: (OneDrive) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffchahhjecejoiigmnhhicpoabngedk [2013-04-03] CHR Extension: (LocalChromecast Player) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmladpigjlinmngadjgfogblnmddndcp [2014-03-25] CHR Extension: (Google Wallet) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21] CHR Extension: (Google Chrome to Phone Extension) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco [2012-11-24] CHR Extension: (TV Movie Fernsehprogramm) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\omigcnbanchckjpihkioagdjjdhkhhdh [2013-10-05] CHR Extension: (Wetter) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\paafljigflaodeomfbpjcggedcilkoop [2013-01-10] CHR Extension: (Google Mail) - C:\Users\RAaM2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-17] CHR HKU\S-1-5-21-837243161-1062950140-3748333167-1000\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path CHR StartMenuInternet: Google Chrome - C:\Users\RAaM2\AppData\Local\Google\Chrome\Application\chrome.exe ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 cjpcsc; C:\Windows\system32\cjpcsc.exe [514128 2012-03-19] (REINER SCT) R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1155072 2009-02-03] (MAGIX AG) [File not signed] S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®) [File not signed] R2 FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [233472 2013-04-18] (Teruten) [File not signed] S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.) R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation) R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation) R2 NitroReaderDriverReadSpool3; C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe [196624 2013-03-26] (Nitro PDF Software) R2 PMBDeviceInfoProvider; C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [484888 2014-09-03] (Sony Corporation) R2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [177704 2007-06-05] () S3 PS3 Media Server; C:\Program Files\PS3 Media Server\win32\service\wrapper.exe [217088 2008-08-17] () [File not signed] R2 ReflectService; C:\Program Files\Macrium\Reflect\ReflectService.exe [220128 2009-11-12] () R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [244904 2009-07-27] () [File not signed] S2 SamsungAllShareV2.0; C:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [25504 2012-01-19] (Samsung Electronics Co., Ltd.) S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [657408 2009-10-27] (Nokia) [File not signed] S3 SimpleSlideShowServer; C:\Program Files\Samsung\AllShare\AllShareSlideShowService.exe [27584 2012-03-02] (Samsung Electronics Co., Ltd.) R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.) R2 StarMoney 8.0 OnlineUpdate; C:\Program Files\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe [699680 2012-12-21] (Star Finanz - Software Entwicklung und Vertriebs GmbH) R2 StarMoney 9.0 OnlineUpdate; C:\Program Files\StarMoney 9.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe [697488 2014-07-04] (Star Finanz-Software Entwicklung und Vertriebs GmbH) R2 WDBackup; C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-12-02] (Western Digital Technologies, Inc.) R2 WDDriveService; C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-06-02] (Western Digital Technologies, Inc.) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation) U2 x10nets; C:\Program Files\Common Files\X10\Common\X10nets.exe [20480 2001-11-12] (X10) [File not signed] S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X] S2 Verifies and fixes application compatibility issues; C:\Users\RAaM2\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 bizVSerial; C:\Windows\System32\drivers\bizVSerialNT.sys [14949 2007-05-31] (franson.biz) [File not signed] R3 cjusb; C:\Windows\System32\DRIVERS\cjusb.sys [28144 2011-03-29] (REINER SCT) S3 DIGIFW; C:\Windows\System32\DRIVERS\digifw.sys [167952 2010-10-23] (Avid Technology, Inc.) R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-04-18] () [File not signed] R3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [28312 2013-05-23] (Logitech, Inc.) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation) R2 NPF; C:\Windows\System32\drivers\npf.sys [50704 2009-10-20] (CACE Technologies, Inc.) S3 NxpCap; C:\Windows\System32\DRIVERS\NxpCap.sys [1488096 2009-07-30] (NXP Semiconductors Germany GmbH) S3 PSMounter; C:\Windows\system32\drivers\psmounter.sys [32736 2009-11-12] (Macrium Software) R0 pssnap; C:\Windows\System32\DRIVERS\pssnap.sys [15328 2008-05-20] (Macrium Software) R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [36624 2006-11-02] (Sonic Solutions) [File not signed] S3 RTL8187B; C:\Windows\System32\DRIVERS\rtl8187B.sys [379904 2010-03-31] (Realtek Semiconductor Corporation ) R0 TPkd; C:\Windows\system32\Drivers\TPkd.sys [93304 2010-09-26] (PACE Anti-Piracy, Inc.) R3 TrdCap; C:\Windows\System32\DRIVERS\TrdCap.sys [1554472 2010-06-09] (Trident Microsystems, Inc.) R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [13720 2009-05-13] (X10 Wireless Technology, Inc.) R3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27160 2009-05-13] (X10 Wireless Technology, Inc.) S3 ZMGHPAudioSrv; C:\Windows\System32\drivers\zmghpau.sys [38016 2011-02-18] (ZOOM) S3 ZSMC303; C:\Windows\System32\Drivers\usbVM303.sys [391300 2006-02-23] (Vimicro Corporation) S1 muhilvre; \??\C:\Windows\system32\drivers\muhilvre.sys [X] S3 upperdev; system32\DRIVERS\usbser_lowerflt.sys [X] S2 WiseFS; \??\H:\Folders\Software\WFH\Wise Folder Hider\WiseFs32.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-15 23:00 - 2015-01-15 23:00 - 00002551 _____ () C:\Users\RAaM2\Desktop\JRT.txt 2015-01-15 22:57 - 2015-01-15 22:57 - 00000000 ____D () C:\Windows\ERUNT 2015-01-15 22:49 - 2015-01-15 22:49 - 00000562 _____ () C:\Windows\PFRO.log 2015-01-15 22:32 - 2015-01-15 22:46 - 00000000 ____D () C:\AdwCleaner 2015-01-15 22:29 - 2015-01-15 22:28 - 02191360 _____ () C:\Users\RAaM2\Desktop\AdwCleaner_4.107.exe 2015-01-15 22:29 - 2015-01-15 22:28 - 01707939 _____ (Thisisu) C:\Users\RAaM2\Desktop\JRT.exe 2015-01-15 22:28 - 2015-01-15 22:28 - 01707939 _____ (Thisisu) C:\Users\RAaM2\Downloads\JRT.exe 2015-01-15 22:27 - 2015-01-15 22:28 - 02191360 _____ () C:\Users\RAaM2\Downloads\AdwCleaner_4.107.exe 2015-01-15 21:21 - 2015-01-15 23:02 - 00034373 _____ () C:\Users\RAaM2\Desktop\FRST.txt 2015-01-15 21:21 - 2015-01-15 21:22 - 00070384 _____ () C:\Users\RAaM2\Desktop\Addition.txt 2015-01-15 21:20 - 2015-01-15 21:09 - 01116672 _____ (Farbar) C:\Users\RAaM2\Downloads\FRST.exe 2015-01-15 21:10 - 2015-01-15 23:02 - 00000000 ____D () C:\FRST 2015-01-15 21:08 - 2015-01-15 21:09 - 01116672 _____ (Farbar) C:\Users\RAaM2\Desktop\FRST.exe 2015-01-15 18:11 - 2015-01-15 21:05 - 00001287 _____ () C:\Users\RAaM2\Downloads\Stinger_15012015_181146.html 2015-01-15 17:30 - 2015-01-15 22:49 - 00001033 _____ () C:\Windows\setupact.log 2015-01-15 17:30 - 2015-01-15 17:30 - 00000000 _____ () C:\Windows\setuperr.log 2015-01-15 16:45 - 2015-01-15 14:05 - 04188536 _____ (Piriform Ltd) C:\Users\RAaM2\Downloads\ccsetup501_slim.exe 2015-01-15 16:43 - 2015-01-15 21:09 - 00000114 ___RH () C:\Users\RAaM2\Downloads\Stinger.opt 2015-01-15 13:32 - 2015-01-15 13:32 - 00014029 _____ () C:\Users\RAaM2\Downloads\hijackthis.log 2015-01-15 13:22 - 2015-01-15 13:27 - 00388608 _____ (Trend Micro Inc.) C:\Users\RAaM2\Downloads\HiJackThis204.exe 2015-01-15 13:13 - 2015-01-15 13:13 - 00000000 ____D () C:\Quarantine 2015-01-15 13:07 - 2015-01-15 16:38 - 00001073 _____ () C:\Users\RAaM2\Downloads\Stinger_15012015_130717.html 2015-01-15 13:06 - 2015-01-15 21:09 - 00000000 ____D () C:\Program Files\stinger 2015-01-15 13:00 - 2015-01-15 13:04 - 11165552 _____ (McAfee Inc) C:\Users\RAaM2\Downloads\stinger32.exe 2015-01-14 17:28 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2015-01-14 17:28 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-01-14 17:27 - 2014-12-19 03:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2015-01-14 17:27 - 2014-12-11 18:47 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2015-01-14 17:27 - 2014-12-06 04:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll 2015-01-14 17:26 - 2014-12-19 02:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2015-01-14 17:17 - 2015-01-15 22:49 - 00000000 ____D () C:\Users\RAaM2\AppData\Roaming\Compatibility Verifier 2015-01-13 20:08 - 2015-01-15 22:30 - 00000112 _____ () C:\ProgramData\W4Gisl.dat 2015-01-13 20:08 - 2015-01-13 20:08 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia 2015-01-13 20:08 - 2015-01-13 20:08 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Adobe 2015-01-13 20:08 - 2015-01-13 20:08 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia 2015-01-13 20:08 - 2015-01-13 20:08 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Adobe 2015-01-13 20:06 - 2015-01-15 22:17 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Compatibility Verifier 2015-01-13 20:06 - 2015-01-15 22:17 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Compatibility Verifier 2015-01-01 18:05 - 2014-10-13 06:57 - 00184192 _____ (DEVGURU Co., LTD.(???? | ????? ???? ?????.)) C:\Windows\system32\Drivers\ssudmdm.sys 2015-01-01 18:05 - 2014-10-13 06:57 - 00089856 _____ (DEVGURU Co., LTD.(???? | ????? ???? ?????.)) C:\Windows\system32\Drivers\ssudbus.sys 2014-12-28 19:40 - 2014-12-28 19:40 - 00001221 _____ () C:\Users\RAaM2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TrayIt!.lnk 2014-12-28 19:39 - 2014-12-28 19:39 - 00000000 ____D () C:\Program Files\trayit_4_6_5_5 2014-12-28 19:35 - 2014-12-28 19:35 - 00000000 ____D () C:\Users\RAaM2\Downloads\nw_7668_trayitzip 2014-12-28 19:33 - 2014-12-28 19:33 - 00335253 _____ () C:\Users\RAaM2\Downloads\nw_7668_trayitzip.zip 2014-12-19 15:21 - 2014-12-19 15:21 - 04330507 _____ () C:\Users\RAaM2\Downloads\Tip0000-Download-Paket-Demo.zip 2014-12-18 12:05 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-15 23:00 - 2009-07-14 05:34 - 00018512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-01-15 23:00 - 2009-07-14 05:34 - 00018512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-01-15 22:51 - 2013-04-05 19:39 - 00000000 ___RD () C:\Users\RAaM2\Dropbox 2015-01-15 22:51 - 2013-04-05 19:34 - 00000000 ____D () C:\Users\RAaM2\AppData\Roaming\Dropbox 2015-01-15 22:51 - 2013-04-03 15:10 - 00000000 ___RD () C:\Users\RAaM2\SkyDrive 2015-01-15 22:50 - 2014-07-14 18:35 - 00008192 _____ () C:\Windows\system32\WDPABKP.dat 2015-01-15 22:50 - 2013-01-26 20:32 - 00000000 ___RD () C:\Users\RAaM2\Google Drive 2015-01-15 22:50 - 2010-02-15 22:55 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-01-15 22:49 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-01-15 22:48 - 2009-11-27 21:31 - 01107954 _____ () C:\Windows\WindowsUpdate.log 2015-01-15 22:41 - 2013-04-10 10:55 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft 2015-01-15 22:36 - 2013-10-04 16:48 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-01-15 22:36 - 2010-02-15 22:55 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-01-15 22:15 - 2011-07-22 21:58 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-837243161-1062950140-3748333167-1000UA.job 2015-01-15 21:11 - 2014-01-02 12:16 - 00000000 ____D () C:\Program Files\StarMoney 9.0 S-Edition 2015-01-15 17:14 - 2010-05-09 20:30 - 00000000 ____D () C:\Windows\Minidump 2015-01-15 17:11 - 2013-08-15 23:30 - 00000000 ____D () C:\Users\RAaM2\Desktop\Tools 2015-01-15 16:47 - 2014-01-29 13:10 - 00000000 ____D () C:\Program Files\CCleaner 2015-01-15 12:15 - 2011-07-22 21:58 - 00001068 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-837243161-1062950140-3748333167-1000Core.job 2015-01-14 18:36 - 2012-10-24 17:25 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-01-14 18:36 - 2011-05-16 12:46 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2015-01-14 17:12 - 2013-08-15 23:45 - 00000000 ____D () C:\Windows\system32\MRT 2015-01-14 16:45 - 2009-09-24 16:13 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-01-14 15:36 - 2009-11-27 21:31 - 00000000 ____D () C:\Users\RAaM2 2015-01-14 15:36 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\wfp 2015-01-14 15:34 - 2014-10-10 17:19 - 00000000 ____D () C:\Users\RAaM2\AppData\Roaming\Telegram Win (Unofficial) 2015-01-14 15:34 - 2013-08-15 23:28 - 00000000 ____D () C:\Users\RAaM2\Desktop\Handy 2015-01-14 15:34 - 2013-07-03 14:56 - 00000000 ____D () C:\ProgramData\Package Cache 2015-01-14 15:34 - 2012-03-10 15:38 - 00000000 ____D () C:\Users\Sarah 2015-01-14 15:34 - 2010-10-24 13:21 - 00000000 ____D () C:\Users\Christa 2015-01-14 15:34 - 2010-07-10 16:42 - 00000000 ____D () C:\ProgramData\McAfee Security Scan 2015-01-14 15:34 - 2010-01-16 12:23 - 00000000 ____D () C:\Users\Gast 2015-01-14 15:34 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE 2015-01-14 15:33 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\registration 2015-01-14 15:32 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2015-01-13 22:45 - 2009-09-24 15:43 - 01649492 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-01-02 17:15 - 2009-12-05 20:19 - 00000404 _____ () C:\Windows\Tasks\1-Klick-Wartung.job 2015-01-01 14:41 - 2013-11-12 23:15 - 00000000 ____D () C:\Users\RAaM2\Documents\SelfMV 2014-12-31 12:13 - 2009-10-05 17:03 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-12-23 19:41 - 2012-08-03 16:13 - 00000000 ____D () C:\Users\RAaM2\AppData\Roaming\Skype 2014-12-22 21:22 - 2014-10-22 14:02 - 00000000 ___RD () C:\Program Files\Skype 2014-12-22 21:22 - 2012-08-03 16:13 - 00000000 ____D () C:\ProgramData\Skype 2014-12-19 15:25 - 2009-12-05 01:01 - 00000000 ____D () C:\Users\RAaM2\AppData\Roaming\vlc 2014-12-17 21:27 - 2009-12-02 23:08 - 00002648 _____ () C:\Users\RAaM2\AppData\Roaming\wklnhst.dat 2014-12-17 17:45 - 2013-04-05 19:36 - 00000000 ____D () C:\Users\RAaM2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox Files to move or delete: ==================== C:\ProgramData\W4Gisl.dat Some content of TEMP: ==================== C:\Users\Gast\AppData\Local\Temp\{7815BC09-5CB0-49E5-B205-E2E29FD09BC9}-21.0.1180.60_chrome_installer.exe C:\Users\RAaM2\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpawoxya.dll C:\Users\RAaM2\AppData\Local\Temp\Quarantine.exe C:\Users\RAaM2\AppData\Local\Temp\repair4.exe C:\Users\RAaM2\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2013-10-31 09:04 ==================== End Of Log ============================ --- --- --- --- --- --- --- --- --- Sorry, FRST hab ich zweimal hochgeladen. Eure Board Software sagte dass ich nur alle 40 Sek eine Antwort schicken kann. Da hab ich's nochmal geschickt. Hey cosinus. Ist jetzt alles ok? Dann würde ich den PC nochmal neu starten. Und wie kann ich feststellen ob db22.exe noch aktiv ist? Erstmal vielen Dank zwischendurch!!! |
Themen zu db22.exe wurde von Stinger gefunden aber nicht gelöscht |
abgespielt, anwendung, c:\windows, c:\windows\temp, datei, db22.exe, einfach, gefunde, gelöscht, hintergrund, lautsprecher, löschen, mcaffee, musik, neu, rechner, richtig, schlau, stinger, temp, thread, troja, trojaner, vermute, windows, windows\temp |