|
Log-Analyse und Auswertung: WIN 7: Zugriff auf Dateien nicht mehr möglichWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
25.01.2015, 17:01 | #1 |
| WIN 7: Zugriff auf Dateien nicht mehr möglich Hallo, mein PC verhält sich seit 1-2 Wochen seltsam: - zuerst wurde er immer langsamer, Rechenleistung war halbiert - im Hintergrund sah ich über Taskmanager 20 geöffnete Dateien mit dem Namen: compatibilitycheck.exe, die ich nicht stoppen konnte - mittlerweile lassen sich keine Datein mehr öffnen, nur im abgesicherten Modus - ich habe alle vorgeschriebenen LOG Dateien ausgeführt und habe diese auf dem Desktop gespeichert - jedoch war die Ausführung der GMER.EXE jedes Mal beim Scan, leider nicht möglich, da eine Fehlermeldung kam, dass diese "nicht mehr funktioniert und nach dem Fehler gesucht würde". - ich kann also nur die Logfiles von : Additional, Defogger, FRST beifügen Leider habe ich seit einiger Zeit keinen Virenscanner aktiv. Habe das Problem vorher wohl unterschätzt Es wäre schön, wenn mir jemand helfen könnte meinen PC wieder herzustellen. Vielen Dank für Eure Mühe. LG Nailimixam |
25.01.2015, 17:20 | #2 |
/// the machine /// TB-Ausbilder | WIN 7: Zugriff auf Dateien nicht mehr möglich Hi,
__________________Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen. Ich kann auf Arbeit keine Anhänge öffnen, danke. So funktioniert es: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
25.01.2015, 19:43 | #3 |
| WIN 7: Zugriff auf Dateien nicht mehr möglich Hallo Schrauber,
__________________Oh sorry, ich versuche es einmal: Additional.txt: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-01-2015 01 Ran by Pia Bausch at 2015-01-25 16:11:00 Running from C:\Users\Pia Bausch\Desktop Boot Mode: Safe Mode (with Networking) ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Trend Micro Client/Server Security Agent (Enabled - Up to date) {5D349EF8-873B-C657-917F-F1D93E101A7C} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Trend Micro Client/Server Security Agent Anti-Spyware (Enabled - Up to date) {E6557F1C-A101-C9D9-ABCF-CAAB459750C1} FW: Trend Micro Personal Firewall (Disabled) {50C2E989-60CF-0845-AFD3-290B7D301E79} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) AccelerometerP11 (HKLM-x32\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 2.00.10.33 - STMicroelectronics) Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.287 - Adobe Systems Incorporated) Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.287 - Adobe Systems Incorporated) Adobe Reader X (10.1.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated) Amazon MP3-Downloader 1.0.17 (HKLM-x32\...\Amazon MP3-Downloader) (Version: 1.0.17 - Amazon Services LLC) ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Ask Toolbar (HKLM-x32\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.13.2.0 - Ask.com) <==== ATTENTION AuthenTec Fingerprint Software (Version: 8.4.4.20 - AuthenTec, Inc.) Hidden BioAPI Framework (Version: 1.0.2 - Dell Inc.) Hidden Blender (HKLM\...\Blender) (Version: 2.72b - Blender Foundation) BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.8.10.3096 - BlueStack Systems, Inc.) BlueStacks Notification Center (HKLM-x32\...\{0BED0B96-70B8-4893-884B-DC485DC8C1B7}) (Version: 0.8.10.3096 - BlueStack Systems, Inc.) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Broadcom NetXtreme-I Netlink Driver and Management Installer (HKLM\...\{64973F6A-8754-43D1-BDD0-FC6F0546347B}) (Version: 14.4.6.2 - Broadcom Corporation) Butterfly Magic (HKLM-x32\...\Butterfly Magic) (Version: - ) CameraHelperMsi (x32 Version: 13.31.1038.0 - Logitech) Hidden CamStudio 2.7.2 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7.2 - CamStudio Open Source) Cisco Jabber Video for TelePresence (HKLM-x32\...\{8803DD42-66B1-401F-BAEE-A3C10F8E4BEC}) (Version: 4.6.3.17194 - Cisco Systems, Inc.) Cisco WebEx Meetings (HKU\S-1-5-21-1140785117-3275974374-1152227498-1000\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC) CyberLink PowerDVD 9.5 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.5.1.3225 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Dell Backup and Recovery Manager (HKLM\...\{50B4B603-A4C6-4739-AE96-6C76A0F8A388}) (Version: 1.3.1 - Dell Inc.) Dell Client System Update (HKLM-x32\...\{2B2B45B1-3CA0-4F8D-BBB3-AC77ED46A0FE}) (Version: 1.2.2 - Dell Inc.) Dell Data Protection | Access (HKLM-x32\...\{A7D91856-258D-4C87-8041-B170851CE432}) (Version: 2.0.00001.001 - Dell Inc.) Dell Data Protection | Access (Version: 02.01.01.002 - Wave Systems Corp) Hidden Dell Data Protection | Access | Drivers (HKLM-x32\...\{4E4E65EE-C456-45AC-B5AD-C62C3A325BD0}) (Version: 1.00.011 - Dell Inc.) Dell Data Protection | Access | Middleware (HKLM-x32\...\{841CBDD5-4BB5-403E-AEE3-2FADC3890BE8}) (Version: 1.00.005 - Dell Inc.) Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc) Dell Mobile Broadband Manager (HKLM-x32\...\{23EEC842-57ED-4055-A056-9D4185DFB1AA}) (Version: 6.3.3.2 - Dell) Dell System Manager (HKLM\...\{FDF509ED-9624-4FDE-9BAA-9566C186AB96}) (Version: 1.6.00000 - Dell Inc.) Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1208.101.118 - ALPS ELECTRIC CO., LTD.) Dell Wireless HSPA Mini-Card Drivers (HKLM-x32\...\{9D583F01-A973-4B04-90BD-FB7886779090}) (Version: 6.3.3.6 - Dell) Digital Line Detect (HKLM-x32\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.21 - BVRP Software, Inc) DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden EG21 Vokabelkartei interaktiv 2 (HKLM-x32\...\{D9C1E527-F7B8-4C32-8186-E59DDD38C475}) (Version: 1.00.0000 - Cornelsen Verlag GmbH) EG21 Vokabelkartei interaktiv 3 (HKLM-x32\...\{D14B5875-A7FB-4169-BE5B-C9003A5C71AC}) (Version: 1.00.0000 - Cornelsen Verlag GmbH) EG21 Vokabelkartei interaktiv 4 (HKLM-x32\...\{2235E685-11A5-4E37-ADD9-60A1214F7474}) (Version: 1.00.0000 - Cornelsen Verlag GmbH) Elevated Installer (x32 Version: 3.2.26.0 - Garmin Ltd or its subsidiaries) Hidden ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 15.2.20140326 - Landesfinanzdirektion Thüringen) erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden Euro Truck Simulator 2 (HKLM-x32\...\{1B705E8F-9893-4486-B5D7-4F7FEB9C871E}_is1) (Version: 1.0.2 - SCS Software) FileZilla Client 3.9.0.6 (HKU\S-1-5-21-1140785117-3275974374-1152227498-1000\...\FileZilla Client) (Version: 3.9.0.6 - Tim Kosse) Football Mania (HKLM-x32\...\InstallShield_{E8A68053-E9B5-4334-B402-6709CFA56405}) (Version: 0.00.0067 - LEGO Media) Football Mania (x32 Version: 0.00.0067 - LEGO Media) Hidden Foxtab (HKLM-x32\...\foxtab) (Version: - FoxTab) <==== ATTENTION! Foxy Security (HKLM-x32\...\Foxy Security) (Version: - ) Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - ) FromDocToPDF Toolbar (HKLM-x32\...\FromDocToPDF_65bar Uninstall) (Version: - Mindspark Interactive Network) <==== ATTENTION ftp-uploader (HKLM-x32\...\ftp-uploader) (Version: 3.3.0.0 - Firma Gregor Schommer Systemberatung, Raderthaler Str. 31, D-50968 Köln) Garmin Express (HKLM-x32\...\{0db152f6-3b8d-4363-aedd-374ee54d33ba}) (Version: 3.2.26.0 - Garmin Ltd or its subsidiaries) Garmin Express (x32 Version: 3.2.26.0 - Garmin Ltd or its subsidiaries) Hidden Garmin Express Tray (x32 Version: 3.2.26.0 - Garmin Ltd or its subsidiaries) Hidden Gemalto (Version: 01.64.01.0010 - Wave Systems Corp) Hidden GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team) Globy (HKLM-x32\...\Globy) (Version: - ) Google Drive (HKLM-x32\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.) Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Talk Plugin (HKLM-x32\...\{F7770F7F-0ABC-30CB-95BC-93761A05CAB6}) (Version: 5.38.4.0 - Google) Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.) Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden Hotfix für Microsoft Visual Basic 2010 Express - DEU (KB2635973) (HKLM-x32\...\{CCAC7E52-ECCE-3C4D-B1BE-BC2ACF1C1C0E}.KB2635973) (Version: 1 - Microsoft Corporation) HyperBalloidCE (HKLM-x32\...\HyperBalloidCE) (Version: - ) Intel(R) Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2418 - Intel Corporation) Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{4C1CCA11-0D08-4D5E-8444-2D9FB48BCABF}) (Version: 14.00.20110 - Intel Corporation) Internet Explorer Toolbar 4.8 by SweetPacks (x32 Version: 4.8.0000 - SweetIM Technologies Ltd.) Hidden <==== ATTENTION ISScript (x32 Version: 3.00.185 - InstallShield Software Corp.) Hidden Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation) Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation) Java SE Development Kit 8 Update 25 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180250}) (Version: 8.0.250.18 - Oracle Corporation) Java(TM) 6 Update 24 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416024FF}) (Version: 6.0.240 - Oracle) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden LEGO® Harry Potter™: Die Jahre 1-4 (HKLM-x32\...\{C5A8DF48-580B-44D3-B2B2-E965A9368F28}) (Version: 1.0.0.0 - WB Games) LEGO® Harry Potter™: Die Jahre 5-7 (HKLM-x32\...\{5C5A944F-096E-4ADD-B8E8-887F18BA6228}) (Version: 1.0.0.0 - WB Games) Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.) LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.303 - LogMeIn, Inc.) LogMeIn Hamachi (x32 Version: 2.2.0.303 - LogMeIn, Inc.) Hidden LookThisUp (HKLM\...\LookThisUp) (Version: 1.0.2 - LookThisUp) <==== ATTENTION! LPT System Updater Service (x32 Version: 1.0.0.0 - LPT) Hidden <==== ATTENTION LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden MAGIX Content und Soundpools (HKLM-x32\...\MAGIX_GlobalContent) (Version: 1.0.0.0 - MAGIX Software GmbH) MAGIX Goya burnR (MSI) (HKLM-x32\...\MX.{0E302EE8-EBF9-41DE-B5A0-EA79FB842258}) (Version: 4.3.2.0 - MAGIX Software GmbH) MAGIX Goya burnR (MSI) (Version: 4.3.2.0 - MAGIX Software GmbH) Hidden MAGIX Music Maker 2015 Trial Soundpools (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Help Viewer 1.0 Language Pack - DEU (HKLM\...\Microsoft Help Viewer 1.0 Language Pack - DEU) (Version: 1.0.30319 - Microsoft Corporation) Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation) Microsoft Help Viewer 1.1 Language Pack - DEU (HKLM\...\Microsoft Help Viewer 1.1 Language Pack - DEU) (Version: 1.1.40219 - Microsoft Corporation) Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft Small Basic v1.0 (HKLM-x32\...\{7AAA27E4-CDB3-49C0-AA2D-41827C001BA3}) (Version: 1.0.0.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{E9089B6A-1FDE-47F3-8D29-175F5B7A0722}) (Version: 10.50.1750.9 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{0125D081-30D0-4A97-82A8-C28D444B6256}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 x64 DEU (HKLM\...\{C3EAE456-7E7A-451F-80EF-F34C7A13C558}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft SQL Server System CLR Types (HKLM-x32\...\{C668416A-9213-4058-B7F2-01A42D85559D}) (Version: 10.50.1750.9 - Microsoft Corporation) Microsoft Visual Basic 2010 Express - DEU (HKLM-x32\...\Microsoft Visual Basic 2010 Express - DEU) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219 (HKLM\...\{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{616C6F39-4CE1-3434-A665-2F6A04C09A7F}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU (HKLM\...\{3C983A67-DFB2-3D3D-AD9E-CA1A5A09FD18}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation) Minecraft - 1.7.4 Packages (HKU\S-1-5-21-1140785117-3275974374-1152227498-1000\...\Minecraft - 1.7.4 Packages) (Version: - ) <==== ATTENTION Modem Diagnostic Tool (HKLM\...\{0335701D-8E28-4A7F-B0EF-312974755BB2}) (Version: 1.0.28.0 - Dell) Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) Mysteryville 2 (HKLM-x32\...\{7730D510-6DE2-4CD4-8F58-0B04680AEFE6}) (Version: 1.00.0000 - Mysteryville 2) Netwaiting (HKLM-x32\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.59 - BVRP Software, Inc) Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.9 - Notepad++ Team) NTRU TCG Software Stack (Version: 2.1.34 - Security Innovation) Hidden O2Micro Flash Memory Card Windows Driver (HKLM-x32\...\InstallShield_{0CB3B7EE-52C7-4136-AF40-605567D90318}) (Version: 3.0.07.23 - O2Micro International LTD.) O2Micro Flash Memory Card Windows Driver (x32 Version: 3.0.07.23 - O2Micro International LTD.) Hidden O2Micro OZ776 SCR Driver (HKLM-x32\...\InstallShield_{732D0C79-C6E3-4EDE-8D11-67D58697E0DE}) (Version: 2.1.4.210GS - O2Micro) O2Micro OZ776 SCR Driver (Version: 2.1.4.210GS - O2Micro) Hidden Optimizer Pro v3.2 (HKLM-x32\...\Optimizer Pro_is1) (Version: - ) <==== ATTENTION PC Connectivity Solution (HKLM-x32\...\{AC599724-5755-48C1-ABE7-ABB857652930}) (Version: 8.15.0.0 - Nokia) PC-CCID (Version: 2.0.0 - Gemalto) Hidden Pearl Poppers (HKLM-x32\...\Pearl Poppers) (Version: - ) Phase 5 HTML-Editor (HKLM-x32\...\{20B1B020-DEAE-48D1-9960-D4C3185D758B}) (Version: 5.6.2.3 - Systemberatung Schommer) PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden Plantronics Calisto Driver (64-bit) (Version: 3.2.50830.8480 - Plantronics, Inc.) Hidden Plantronics CSR Driver (64-bit) (Version: 3.2.50830.8480 - Plantronics, Inc.) Hidden Plantronics CsrDfu Installer (x32 Version: 3.2.50830.8480 - Plantronics, Inc.) Hidden Plantronics FwuApi Installer (x32 Version: 3.2.50830.8480 - Plantronics, Inc.) Hidden Plantronics HidDfu Installer (x32 Version: 3.2.50830.8480 - Plantronics, Inc.) Hidden Plantronics Hub Device Handlers (32-bit) (x32 Version: 3.2.50830.8480 - Plantronics, Inc.) Hidden Plantronics Hub DFU Handlers (32-bit) (x32 Version: 3.2.50830.8480 - Plantronics, Inc.) Hidden Plantronics Hub Install Check (x32 Version: 3.2.50830.8480 - Plantronics, Inc.) Hidden Plantronics Hub Native Runtime (x32 Version: 3.2.50830.8480 - Plantronics, Inc.) Hidden Plantronics Hub Plugins (32-bit) (x32 Version: 3.2.50830.8480 - Plantronics, Inc.) Hidden Plantronics Hub Runtime (x32 Version: 3.2.50830.8480 - Plantronics, Inc.) Hidden Plantronics Hub Software (HKLM-x32\...\{b66cc4be-f731-4d1f-a411-e7622e33da36}) (Version: 3.2.50830.8480 - Plantronics, Inc.) Plantronics Hub Startup (x32 Version: 3.2.50830.8480 - Plantronics, Inc.) Hidden Plantronics Hub Update Service (x32 Version: 3.2.50830.8480 - Plantronics, Inc.) Hidden Plantronics Hub WMP Plugin (64-bit) (Version: 3.2.50830.8480 - Plantronics, Inc.) Hidden Plantronics Legacy Hub SDK (x32 Version: 3.0.0.0 - Plantronics, Inc.) Hidden RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden RegClean Pro (HKLM-x32\...\RegClean Pro_is1) (Version: 6.21 - Systweak Inc) <==== ATTENTION Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio) Roxio File Backup (Version: 1.3.2 - Roxio) Hidden Samsung Mobile phone USB driver Drive Software (HKLM\...\Samsung Mobile phone USB driver Drive) (Version: - ) Samsung New PC Studio (HKLM-x32\...\InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}) (Version: 1.00.0000 - Samsung Electronics Co., Ltd.) Samsung New PC Studio (x32 Version: 1.00.0000 - Samsung Electronics Co., Ltd.) Hidden Samsung New PC Studio USB Driver Installer (HKLM-x32\...\InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}) (Version: 1.00.0000 - Samsung Electronics Co., Ltd.) Samsung New PC Studio USB Driver Installer (x32 Version: 1.00.0000 - Samsung Electronics Co., Ltd.) Hidden SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.650.0 - SAMSUNG Electronics Co., Ltd.) SamsungConnectivityCableDriver (HKLM-x32\...\{7E84FAC8-C518-40F9-9807-7455301D6D25}) (Version: 6.83.6.2.1 - Samsung) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.) Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden SPBA 5.9 (Version: 5.9.4.6686 - UPEK Inc.) Hidden SpyHunter 4 (HKLM-x32\...\SpyHunter) (Version: 4.18.9.4384 - Enigma Software Group, LLC) SweetIM Bundle by SweetPacks (HKLM-x32\...\SweetIM Bundle by SweetPacks) (Version: 1.0.0.0 - SweetPacks LTD) <==== ATTENTION SweetIM for Messenger 3.7 (x32 Version: 3.7.0007 - SweetIM Technologies Ltd.) Hidden <==== ATTENTION TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.10 - TeamSpeak Systems GmbH) Text-To-Speech-Runtime (HKLM-x32\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH) The Great Mahjongg (HKLM-x32\...\The Great Mahjongg) (Version: - ) Trend Micro Client/Server Security Agent (HKLM-x32\...\{BED0B8A2-2986-49F8-90D6-FA008D37A3D2}) (Version: 3.5.1163 - Trend Micro) Upek Touchchip Fingerprint Reader (Version: 1.2.004 - Dell Inc.) Hidden VirtualDJ Home FREE (HKLM-x32\...\{B515962D-C979-44AC-9912-F7BB499B4B2C}) (Version: 7.3 - Atomix Productions) Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{CFCB8616-A5D1-4281-80E8-389F685BFAE2}) (Version: 4.0.8080.0 - Microsoft Corporation) Vokabelkartei interaktiv À plus! 1 (HKLM-x32\...\{C7BD31A9-B17E-4125-8AE6-217C1FF8BE10}) (Version: 1.00.0000 - Cornelsen Verlag GmbH) Vokabelkartei interaktiv À plus! 2 (HKLM-x32\...\{08DBA737-EAD2-4DDA-A48B-E7A8AEC45BD8}) (Version: 1.00.0000 - Cornelsen Verlag GmbH) Vokabelkartei interaktiv À plus! 3 (HKLM-x32\...\{8535E112-4075-4D54-A2BD-7CDEFB4BA528}) (Version: 1.00.0000 - Cornelsen Verlag GmbH) Wave Support Software Installer (Version: 05.13.00.033 - Wave Systems Corp) Hidden WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.7900 - Broadcom Corporation) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation) Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows-Treiberpaket - Cambridge Silicon Radio (CSRBC) USB (10/26/2012 2.4.0.0) (HKLM\...\20C7EDA3129B3FF8F72F9BF59252B718B554FBDC) (Version: 10/26/2012 2.4.0.0 - Cambridge Silicon Radio) Windows-Treiberpaket - Dell Inc. PBADRV System (09/11/2009 1.0.1.6) (HKLM\...\9512AA21B791B05A54E27065C45BBC417AB282DF) (Version: 09/11/2009 1.0.1.6 - Dell Inc.) Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.) Windows-Treiberpaket - Nokia pccsmcfd (10/12/2007 6.85.4.0) (HKLM\...\BC15EA930074932BB2C4B4493C9FD4EA95087D1A) (Version: 10/12/2007 6.85.4.0 - Nokia) Windows-Treiberpaket - Plantronics, Inc. (usbser.ntamd64) Ports (04/21/2009 5.1) (HKLM\...\07AFE62D73C8799E9E5689F86FB9F48389717BA3) (Version: 04/21/2009 5.1 - Plantronics, Inc.) Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software) WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH) Yahoo Community Smartbar (HKLM-x32\...\{4E732E5D-E577-451A-9BB1-CBE64A2CBC2F}) (Version: 11.112.66.19229 - Linkury Inc.) <==== ATTENTION Yahoo Community Smartbar Engine (HKU\S-1-5-21-1140785117-3275974374-1152227498-1000\...\{d0178b17-ab1f-4552-9a89-f1d5eb97f1e0}) (Version: 11.112.66.19229 - Linkury Inc.) <==== ATTENTION ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-1140785117-3275974374-1152227498-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Pia Bausch\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-1140785117-3275974374-1152227498-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Pia Bausch\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-1140785117-3275974374-1152227498-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Pia Bausch\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-1140785117-3275974374-1152227498-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Pia Bausch\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File ==================== Restore Points ========================= 17-12-2014 21:44:24 Windows Update 25-12-2014 17:48:55 Geplanter Prüfpunkt 25-12-2014 21:35:57 Garmin Express 25-12-2014 21:38:20 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 12-01-2015 18:31:38 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 15-01-2015 03:01:22 Windows Update 16-01-2015 22:06:12 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 21-01-2015 19:59:07 Windows Update 23-01-2015 21:00:35 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 24-01-2015 13:56:11 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 24-01-2015 17:48:18 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0F447EA0-815A-471A-8EBE-B00EDC586154} - System32\Tasks\Dell\Client System Update => C:\Program Files (x86)\Dell\ClientSystemUpdate\DellClientSystemUpdate.exe [2011-05-26] (Dell Inc.) Task: {145CBF8D-289B-4571-9E63-DF117313D428} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {1FA33044-F92F-44CD-ABC0-60CD158DDD6D} - System32\Tasks\{F69D63AE-77A1-4E87-89F8-BA34A8EFFA6C} => Firefox.exe hxxp://ui.skype.com/ui/0/6.20.0.104/de/abandoninstall?page=tsProgressBar Task: {20938E96-8FA0-455E-826D-7B06D588F9C7} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION Task: {292B99BD-B157-4CE8-BE77-E2746133B039} - System32\Tasks\FoxTab => C:\Users\Pia Bausch\AppData\Roaming\FoxTab\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION Task: {3D0A45A8-9121-4D7F-B498-8512CAF15CD7} - System32\Tasks\{23D63CCC-8A31-45FE-9871-C2CB92F9FA87} => Firefox.exe hxxp://ui.skype.com/ui/0/6.20.0.104/de/abandoninstall?page=tsProgressBar Task: {3F29A405-49FE-4C70-BB8E-3334F3AE2C06} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [2014-08-21] (PC Utilities Software Limited) <==== ATTENTION Task: {4491BA4B-3700-410D-B70B-DEADD3354010} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-23] (Adobe Systems Incorporated) Task: {4B8BBA16-40EA-47EB-8D70-7DB4EBDAE7BB} - System32\Tasks\{F85AB527-F322-4AA3-8A12-595B196B4855} => Firefox.exe hxxp://ui.skype.com/ui/0/6.20.0.104/de/abandoninstall?page=tsProgressBar Task: {589732E3-4C2A-4F4B-B405-57308869A7C6} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-12-17] () Task: {5B97072D-21F8-4FFC-8461-BFF4959942EF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1140785117-3275974374-1152227498-1000Core => C:\Users\Pia Bausch\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-23] (Google Inc.) Task: {6428195F-DCAA-4B1F-9BEA-4D85B237560C} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1140785117-3275974374-1152227498-1000 Task: {66A8B7D7-25AB-47D7-923C-572872CE3DAE} - System32\Tasks\{5D5CE647-F1F4-424D-B7E8-F6B60BA8CF93} => pcalua.exe -a E:\epson320037eu.exe -d E:\ Task: {68B6DB6A-57CF-4FB8-9E00-4CA2F4065DB7} - System32\Tasks\LaunchApp => C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe <==== ATTENTION Task: {6960FEC7-EDF7-4D64-8D16-5E226729711B} - System32\Tasks\Chrome => C:\Users\Pia Bausch\AppData\Local\Temp\Rau\PackerV2.exe [2014-12-23] (Packer Framework) <==== ATTENTION Task: {7329D3A0-8575-4932-B683-EA587E76E939} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1140785117-3275974374-1152227498-1000UA => C:\Users\Pia Bausch\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-23] (Google Inc.) Task: {9716134A-0A47-42D2-A4D6-56C6123497E1} - System32\Tasks\{F67A8953-FFF4-4611-B141-16351B34BF2A} => Firefox.exe hxxp://ui.skype.com/ui/0/6.20.0.104/de/abandoninstall?page=tsProgressBar Task: {9EE86894-4701-46D5-9B3D-AF21336FD1DA} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {A275E288-65AB-4BA3-B2D8-FF7A240BCEC2} - System32\Tasks\{D23EE878-E040-478A-95B6-564FE9780E96} => Firefox.exe hxxp://ui.skype.com/ui/0/6.20.0.104/de/abandoninstall?page=tsProgressBar Task: {B1699566-3282-44EB-9CF1-27AD70CADF20} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-01-14] (Google Inc.) Task: {B726C91E-27D1-4976-A4D2-5018676EC41F} - System32\Tasks\{38769602-CD8F-45A3-A4FC-69E572047EDB} => C:\Program Files (x86)\Microsoft Office\Options14\MSOO.EXE Task: {C18812C1-8041-4B85-8915-C4AE3DE82369} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-01-14] (Google Inc.) Task: {CA92F2D9-5E38-4539-A681-ED680073AB40} - System32\Tasks\{BD207A15-D183-424A-8D94-6C268B7AF145} => Firefox.exe hxxp://ui.skype.com/ui/0/6.20.0.104/de/abandoninstall?page=tsProgressBar Task: {D05FCC0D-3B64-42E4-9BF4-783B0D48A27B} - System32\Tasks\{945A0B59-A136-4330-8F16-9BD34CC1C03B} => Firefox.exe hxxp://ui.skype.com/ui/0/6.20.0.104/de/abandoninstall?page=tsProgressBar Task: {D2614531-99C7-4EAC-902A-20EEB0B4F2DE} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe <==== ATTENTION Task: {D3137221-3C2C-4EF8-9566-9B40A39E3D78} - System32\Tasks\{D020A67D-C9E2-4C4B-831C-1021F2A61541} => pcalua.exe -a "C:\Users\Pia Bausch\Desktop\forge-1.8-11.14.0.1239-1.8-installer-win.exe" -d "C:\Users\Pia Bausch\Desktop" Task: {D6B22C7A-71BC-48A0-BBD1-5ABC8C4E1ADA} - System32\Tasks\{BBC8E3A9-E5BD-4E26-9E84-9C713B815849} => Firefox.exe hxxp://ui.skype.com/ui/0/6.20.0.104/de/abandoninstall?page=tsProgressBar Task: {E2BCDBE8-D430-46D5-AC16-51612DF6E6F1} - System32\Tasks\{FDB9472F-D644-4A6E-B7B5-730215D3D745} => C:\Program Files (x86)\Microsoft Office\Options14\MSOO.EXE Task: {EE044CA2-4F78-46B4-AED8-2FCD8D756373} - System32\Tasks\{ADDDE2F1-12AB-4BBE-B6EF-4E785F1AF6A2} => pcalua.exe -a "C:\Users\Pia Bausch\Desktop\vbasic_web.exe" -d "C:\Users\Pia Bausch\Desktop" Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\FoxTab.job => C:\Users\PIABAU~1\AppData\Roaming\FoxTab\UPDATE~1\UPDATE~1.EXE <==== ATTENTION Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1140785117-3275974374-1152227498-1000Core.job => C:\Users\Pia Bausch\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1140785117-3275974374-1152227498-1000UA.job => C:\Users\Pia Bausch\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2014-12-09 17:17 - 2014-12-09 17:17 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-1140785117-3275974374-1152227498-500 - Administrator - Disabled) Gast (S-1-5-21-1140785117-3275974374-1152227498-501 - Limited - Disabled) => C:\Users\Gast Pia Bausch (S-1-5-21-1140785117-3275974374-1152227498-1000 - Administrator - Enabled) => C:\Users\Pia Bausch ==================== Faulty Device Manager Devices ============= Name: Teredo Tunneling Pseudo-Interface Description: Microsoft-Teredo-Tunneling-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: Security Processor Loader Driver Description: Security Processor Loader Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: spldr Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (01/25/2015 03:41:26 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/25/2015 03:06:10 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 90080108 Error: (01/24/2015 05:50:33 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54bd82c9 Name des fehlerhaften Moduls: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54bd82c9 Ausnahmecode: 0x4000001f Fehleroffset: 0x00231330 ID des fehlerhaften Prozesses: 0x1924 Startzeit der fehlerhaften Anwendung: 0xcompatibilitycheck.exe0 Pfad der fehlerhaften Anwendung: compatibilitycheck.exe1 Pfad des fehlerhaften Moduls: compatibilitycheck.exe2 Berichtskennung: compatibilitycheck.exe3 Error: (01/24/2015 05:39:25 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80004005 Error: (01/24/2015 05:30:19 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/24/2015 03:03:18 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: ExpressTray.exe, Version: 3.2.26.0, Zeitstempel: 0x5491a15b Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x5315a05a Ausnahmecode: 0xe0434352 Fehleroffset: 0x000000000000940d ID des fehlerhaften Prozesses: 0xd04 Startzeit der fehlerhaften Anwendung: 0xExpressTray.exe0 Pfad der fehlerhaften Anwendung: ExpressTray.exe1 Pfad des fehlerhaften Moduls: ExpressTray.exe2 Berichtskennung: ExpressTray.exe3 Error: (01/24/2015 03:03:15 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Anwendung: ExpressTray.exe Frameworkversion: v4.0.30319 Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet. Ausnahmeinformationen: System.TypeInitializationException Stapel: bei MS.Win32.Penimc.UnsafeNativeMethods.CreateResetEvent(IntPtr ByRef) bei System.Windows.Input.PenThreadWorker..ctor() bei System.Windows.Input.PenThreadPool.GetPenThreadForPenContextHelper(System.Windows.Input.PenContext) bei System.Windows.Input.StylusLogic.get_TabletDevices() bei System.Windows.Input.StylusLogic.RegisterHwndForInput(System.Windows.Input.InputManager, System.Windows.PresentationSource) bei System.Windows.Interop.HwndStylusInputProvider..ctor(System.Windows.Interop.HwndSource) bei System.Windows.Interop.HwndSource.Initialize(System.Windows.Interop.HwndSourceParameters) bei System.Windows.Interop.HwndSource..ctor(System.Windows.Interop.HwndSourceParameters) bei System.Windows.Window.CreateSourceWindow(Boolean) bei System.Windows.Window.ShowHelper(System.Object) bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32) bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate) bei System.Windows.Threading.DispatcherOperation.InvokeImpl() bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object) bei System.Windows.Threading.DispatcherOperation.Invoke() bei System.Windows.Threading.Dispatcher.ProcessQueue() bei System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef) bei MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef) bei MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object) bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32) bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate) bei System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32) bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr) bei MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef) bei MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef) bei System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame) bei System.Windows.Application.RunDispatcher(System.Object) bei System.Windows.Application.RunInternal(System.Windows.Window) bei Garmin.Cartography.MapUpdate.TrayApplication.App.Main() Error: (01/24/2015 02:56:49 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/24/2015 01:55:36 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: NT-AUTORITÄT) Description: Die Anwendung oder der Dienst "Compatibility Verify" konnte nicht heruntergefahren werden. Error: (01/24/2015 01:51:16 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54bd82c9 Name des fehlerhaften Moduls: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54bd82c9 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0009587e ID des fehlerhaften Prozesses: 0x1efc Startzeit der fehlerhaften Anwendung: 0xcompatibilitycheck.exe0 Pfad der fehlerhaften Anwendung: compatibilitycheck.exe1 Pfad des fehlerhaften Moduls: compatibilitycheck.exe2 Berichtskennung: compatibilitycheck.exe3 System errors: ============= Error: (01/25/2015 04:11:02 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (01/25/2015 04:11:02 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (01/25/2015 04:11:02 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (01/25/2015 04:08:58 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (01/25/2015 04:08:58 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (01/25/2015 04:08:58 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (01/25/2015 04:08:32 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (01/25/2015 04:08:32 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (01/25/2015 04:08:32 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (01/25/2015 04:04:50 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Microsoft Office Sessions: ========================= Error: (01/25/2015 03:41:26 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/25/2015 03:06:10 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 90080108 Error: (01/24/2015 05:50:33 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: compatibilitycheck.exe0.0.0.054bd82c9compatibilitycheck.exe0.0.0.054bd82c94000001f00231330192401d037f5b0607098C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exeC:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe1c38a048-a3e9-11e4-b685-028037ec0200 Error: (01/24/2015 05:39:25 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80004005 Error: (01/24/2015 05:30:19 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/24/2015 03:03:18 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: ExpressTray.exe3.2.26.05491a15bKERNELBASE.dll6.1.7601.184095315a05ae0434352000000000000940dd0401d037dda6b5be20C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exeC:\Windows\system32\KERNELBASE.dllbf3836c3-a3d1-11e4-974a-028037ec0200 Error: (01/24/2015 03:03:15 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Anwendung: ExpressTray.exe Frameworkversion: v4.0.30319 Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet. Ausnahmeinformationen: System.TypeInitializationException Stapel: bei MS.Win32.Penimc.UnsafeNativeMethods.CreateResetEvent(IntPtr ByRef) bei System.Windows.Input.PenThreadWorker..ctor() bei System.Windows.Input.PenThreadPool.GetPenThreadForPenContextHelper(System.Windows.Input.PenContext) bei System.Windows.Input.StylusLogic.get_TabletDevices() bei System.Windows.Input.StylusLogic.RegisterHwndForInput(System.Windows.Input.InputManager, System.Windows.PresentationSource) bei System.Windows.Interop.HwndStylusInputProvider..ctor(System.Windows.Interop.HwndSource) bei System.Windows.Interop.HwndSource.Initialize(System.Windows.Interop.HwndSourceParameters) bei System.Windows.Interop.HwndSource..ctor(System.Windows.Interop.HwndSourceParameters) bei System.Windows.Window.CreateSourceWindow(Boolean) bei System.Windows.Window.ShowHelper(System.Object) bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32) bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate) bei System.Windows.Threading.DispatcherOperation.InvokeImpl() bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object) bei System.Windows.Threading.DispatcherOperation.Invoke() bei System.Windows.Threading.Dispatcher.ProcessQueue() bei System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef) bei MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef) bei MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object) bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32) bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate) bei System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32) bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr) bei MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef) bei MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef) bei System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame) bei System.Windows.Application.RunDispatcher(System.Object) bei System.Windows.Application.RunInternal(System.Windows.Window) bei Garmin.Cartography.MapUpdate.TrayApplication.App.Main() Error: (01/24/2015 02:56:49 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/24/2015 01:55:36 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: NT-AUTORITÄT) Description: 1C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exeCompatibility Verify0302621615056143003A005C00550073006500720073005C00440065006600610075006C0074005C0041007000700044006100740061005C0052006F0061006D0069006E0067005C0043006F006D007000610074006900620069006C006900740079002000560065007200690066006900650072005C0063006F006D007000610074006900620069006C0069007400790063006800650063006B007300760063002E006500780065000000 Error: (01/24/2015 01:51:16 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: compatibilitycheck.exe0.0.0.054bd82c9compatibilitycheck.exe0.0.0.054bd82c9c00000050009587e1efc01d037d3fb409ef4C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exeC:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exeaf0f8c4a-a3c7-11e4-a546-028037ec0200 ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz Percentage of memory in use: 26% Total physical RAM: 3992.93 MB Available physical RAM: 2931.22 MB Total Pagefile: 7984.05 MB Available Pagefile: 6993.09 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:219.69 GB) (Free:64.5 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: 6EFD8936) Partition 1: (Not Active) - (Size=39 MB) - (Type=DE) Partition 2: (Active) - (Size=13.2 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=219.7 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Defogger: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1) Log created at 16:05 on 25/01/2015 (Pia Bausch) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01 Ran by Pia Bausch (administrator) on PIABAUSCH on 25-01-2015 16:09:16 Running from C:\Users\Pia Bausch\Desktop Loaded Profiles: Pia Bausch (Available profiles: Pia Bausch & Gast) Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Safe Mode (with Networking) Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [608112 2011-04-05] (Alps Electric Co., Ltd.) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-25] (IDT, Inc.) HKLM\...\Run: [IntelPROSet] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1934608 2010-12-23] (Intel(R) Corporation) HKLM\...\Run: [DBRMTray] => C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe [227328 2011-03-08] (Dell Computer Corporation) HKLM\...\Run: [FreeFallProtection] => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2011-07-25] () HKLM\...\Run: [Monitor] => C:\Windows\PixArt\PAC207\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation) HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2009-07-06] (CyberLink Corp.) HKLM-x32\...\Run: [PDVD9LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-04-29] (CyberLink Corp.) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions) HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] () HKLM-x32\...\Run: [OfficeScanNT Monitor] => c:\Program Files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe [2112536 2013-03-19] (Trend Micro Inc.) HKLM-x32\...\Run: [OE] => c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TMAS_OE\TMAS_OEMon.exe [846672 2010-08-10] (Trend Micro Inc.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [NPSStartup] => [X] HKLM-x32\...\Run: [ApnUpdater] => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" HKLM-x32\...\Run: [FromDocToPDF Search Scope Monitor] => C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65SrchMn.exe [42536 2013-03-02] (MindSpark) HKLM-x32\...\Run: [FromDocToPDF_65 Browser Plugin Loader] => C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65brmon.exe [30096 2013-03-02] (VER_COMPANY_NAME) HKLM-x32\...\Run: [SweetIM] => C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe [115032 2012-10-04] (SweetIM Technologies Ltd.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.) HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [832272 2014-05-21] (BlueStack Systems, Inc.) HKLM-x32\...\Run: [PLTSpokes.exe] => C:\Program Files (x86)\Plantronics\Spokes3G\PLTSpokes.exe [6579600 2014-10-23] (Plantronics, Inc.) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3977576 2015-01-20] (LogMeIn Inc.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.) HKU\S-1-5-21-1140785117-3275974374-1152227498-1000\...\Run: [AutoStartNPSAgent] => C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe [95576 2010-07-04] (Samsung Electronics Co., Ltd.) HKU\S-1-5-21-1140785117-3275974374-1152227498-1000\...\Run: [Google Update] => C:\Users\Pia Bausch\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-09-23] (Google Inc.) HKU\S-1-5-21-1140785117-3275974374-1152227498-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google) HKU\S-1-5-21-1140785117-3275974374-1152227498-1000\...\Run: [Optimizer Pro] => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [146888 2014-08-21] (PC Utilities Software Limited) HKU\S-1-5-21-1140785117-3275974374-1152227498-1000\...\Run: [Browser Infrastructure Helper] => C:\Users\Pia Bausch\AppData\Local\Smartbar\Application\Smartbar.exe [29696 2014-08-27] (Smartbar) HKU\S-1-5-21-1140785117-3275974374-1152227498-1000\...\Run: [LookThisUp] => "C:\Users\Pia Bausch\AppData\Roaming\LookThisUp\LookThisUp.exe" HKU\S-1-5-21-1140785117-3275974374-1152227498-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-12-17] (Garmin Ltd or its subsidiaries) HKU\S-1-5-21-1140785117-3275974374-1152227498-1000\...\MountPoints2: {abd3b293-537a-11e3-8e53-3859f9d61b58} - G:\LaunchU3.exe -a Lsa: [Authentication Packages] msv1_0 wvauth Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell System Manager.lnk ShortcutTarget: Dell System Manager.lnk -> C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe (Dell Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files (x86)\Digital Line Detect\DLG.exe (Avanquest Software ) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.) Startup: C:\Users\Pia Bausch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-1140785117-3275974374-1152227498-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxjMrI-tVCBBJAVXjH2c_ez7MAbFNRMw7vfozUDFYZDokGR3x5WmFGLtUGdHomRE66jyhMonN5_WMm_RxI4vr-DbljOiysZ1l680Nl6VXESZFGpYNps2gqqOJCVb6z20rAEEF_SeM69XlnMvryDfj27gSU1eDM6ftCtEug,, HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxjMrI-tVCBBJAVXjH2c_ez7MAbFNRMw7vfozUDFYZDokGR3x5WmFGLtUGdHomRE66j-k0nkzoGe31QXRZZ7hCnw7D-ULd5F0mnBXXgRp1mpvGnEjSXU77vHfRGVrJmK_R_7fhYodK-WzwLNRKT0XF_bCb5E9DjBOgAIfA,,&q={searchTerms} HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxjMrI-tVCBBJAVXjH2c_ez7MAbFNRMw7vfozUDFYZDokGR3x5WmFGLtUGdHomRE66j-k0nkzoGe31QXRZZ7hCnw7D-ULd5F0mnBXXgRp1mpvGnEjSXU77vHfRGVrJmK_R_7fhYodK-WzwLNRKT0XF_bCb5E9DjBOgAIfA,,&q={searchTerms} HKU\S-1-5-21-1140785117-3275974374-1152227498-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxjMrI-tVCBBJAVXjH2c_ez7MAbFNRMw7vfozUDFYZDokGR3x5WmFGLtUGdHomRE66j-k0nkzoGe31QXRZZ7hCnw7D-ULd5F0mnBXXgRp1mpvGnEjSXU77vHfRGVrJmK_R_7fhYodK-WzwLNRKTxy7fU52M7wPzRbMg0Dg,,&q={searchTerms} HKU\S-1-5-21-1140785117-3275974374-1152227498-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxjMrI-tVCBBJAVXjH2c_ez7MAbFNRMw7vfozUDFYZDokGR3x5WmFGLtUGdHomRE66jyhMonN5_WMm_RxI4vr-DbljOiysZ1l680Nl6VXESZFGpYNps2gqqOJCVb6z20rAEEF_SeM69XlnMvryDaC3vj7nbGW_JnJQ3jYw,, HKU\S-1-5-21-1140785117-3275974374-1152227498-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.msn.com/?ocid=ie9hp HKU\S-1-5-21-1140785117-3275974374-1152227498-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://g.uk.msn.com/USREL/8 HKU\S-1-5-21-1140785117-3275974374-1152227498-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://g.uk.msn.com/USREL/8 HKU\S-1-5-21-1140785117-3275974374-1152227498-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxjMrI-tVCBBJAVXjH2c_ez7MAbFNRMw7vfozUDFYZDokGR3x5WmFGLtUGdHomRE66j-k0nkzoGe31QXRZZ7hCnw7D-ULd5F0mnBXXgRp1mpvGnEjSXU77vHfRGVrJmK_R_7fhYodK-WzwLNRKTxy7fU52M7wPzRbMg0Dg,,&q={searchTerms} StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1415030717&from=pjr&uid=ST9250315AS_6VCW0GMSXXXX6VCW0GMS SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1415030717&from=pjr&uid=ST9250315AS_6VCW0GMSXXXX6VCW0GMS&q={searchTerms} SearchScopes: HKLM -> {935B0526-B2BB-4248-A009-C85668DE6358} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxjMrI-tVCBBJAVXjH2c_ez7MAbFNRMw7vfozUDFYZDokGR3x5WmFGLtUGdHomRE66j-k0nkzoGe31QXRZZ7hCnw7D-ULd5F0mnBXXgRp1mpvGnEjSXU77vHfRGVrJmK_R_7fhYodK-WzwLNRKT0XF_bCb5E9DjBOgAIfA,,&q={searchTerms} SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1415030717&from=pjr&uid=ST9250315AS_6VCW0GMSXXXX6VCW0GMS&q={searchTerms} SearchScopes: HKU\.DEFAULT -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxjMrI-tVCBBJAVXjH2c_ez7MAbFNRMw7vfozUDFYZDokGR3x5WmFGLtUGdHomRE66j-k0nkzoGe31QXRZZ7hCnw7D-ULd5F0mnBXXgRp1mpvGnEjSXU77vHfRGVrJmK_R_7fhYodK-WzwLNRKT0XF_bCb5E9DjBOgAIfA,,&q={searchTerms} SearchScopes: HKU\.DEFAULT -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxjMrI-tVCBBJAVXjH2c_ez7MAbFNRMw7vfozUDFYZDokGR3x5WmFGLtUGdHomRE66j-k0nkzoGe31QXRZZ7hCnw7D-ULd5F0mnBXXgRp1mpvGnEjSXU77vHfRGVrJmK_R_7fhYodK-WzwLNRKT0XF_bCb5E9DjBOgAIfA,,&q={searchTerms} SearchScopes: HKU\.DEFAULT -> {935B0526-B2BB-4248-A009-C85668DE6358} URL = SearchScopes: HKU\S-1-5-21-1140785117-3275974374-1152227498-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1415030717&from=pjr&uid=ST9250315AS_6VCW0GMSXXXX6VCW0GMS&q={searchTerms} SearchScopes: HKU\S-1-5-21-1140785117-3275974374-1152227498-1000 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxjMrI-tVCBBJAVXjH2c_ez7MAbFNRMw7vfozUDFYZDokGR3x5WmFGLtUGdHomRE66j-k0nkzoGe31QXRZZ7hCnw7D-ULd5F0mnBXXgRp1mpvGnEjSXU77vHfRGVrJmK_R_7fhYodK-WzwLNRKTxy7fU52M7wPzRbMg0Dg,,&q={searchTerms} SearchScopes: HKU\S-1-5-21-1140785117-3275974374-1152227498-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1415030717&from=pjr&uid=ST9250315AS_6VCW0GMSXXXX6VCW0GMS&q={searchTerms} BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1056\TmIEPlg.dll (Trend Micro Inc.) BHO: Yahoo Community Smartbar (by Linkury)Engine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\Windows\system32\mscoree.dll (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1056\TmIEPlg32.dll (Trend Micro Inc.) BHO-x32: Yahoo Community Smartbar (by Linkury)Engine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation) BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Toolbar BHO -> {a235e1e3-6296-4710-af39-104a7faa6c7c} -> C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65bar.dll (MindSpark) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: SupraSavings -> {ca3eae2b-3b20-2e6f-a849-c126d93b6ad3} -> C:\Program Files\E52BA74C-5F88-4F08-A1B8-3FC89D881FD1\xkymsyyrfh.dll () BHO-x32: VirtualDJ Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll No File BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: SweetPacks Browser Helper -> {EEE6C35C-6118-11DC-9C72-001320C79847} -> C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) BHO-x32: Search Assistant BHO -> {f236ca79-3123-4afb-9f74-e98117ad5625} -> C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65SrcAs.dll (MindSpark) BHO-x32: No Name -> {FCADDC14-BD46-408A-9842-CDBE1C6D37EB} -> C:\Users\Pia Bausch\AppData\LocalLow\systems ie bho\bho.dll () Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM - Yahoo Community Smartbar (by Linkury) - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll (Microsoft Corporation) Toolbar: HKLM-x32 - VirtualDJ Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll No File Toolbar: HKLM-x32 - FromDocToPDF - {c66a678d-5e6c-4af9-8f57-c6192f42cf74} - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65bar.dll (MindSpark) Toolbar: HKLM-x32 - SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKLM-x32 - Yahoo Community Smartbar (by Linkury) - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation) Toolbar: HKU\.DEFAULT -> No Name - {C66A678D-5E6C-4AF9-8F57-C6192F42CF74} - No File Toolbar: HKU\.DEFAULT -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1056\TmIEPlg.dll (Trend Micro Inc.) Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1056\TmIEPlg32.dll (Trend Micro Inc.) FireFox: ======== FF ProfilePath: C:\Users\Pia Bausch\AppData\Roaming\Mozilla\Firefox\Profiles\455x0jfg.default FF NewTab: chrome://quick_start/content/index.html FF SelectedSearchEngine: webssearches FF Homepage: https://www.google.de/ FF Keyword.URL: hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=8E2B2572-183B-4907-87CE-E0BF9CC78E8E&n=77fc6747&ind=2013030215&p2=^Y6^xdm043^YY^de&si=swissconverter&searchfor= FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_287.dll () FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_287.dll () FF Plugin-x32: @FromDocToPDF_65.com/Plugin -> C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\NP65Stub.dll (MindSpark) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1140785117-3275974374-1152227498-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Pia Bausch\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF Plugin HKU\S-1-5-21-1140785117-3275974374-1152227498-1000: @talk.google.com/O1DPlugin -> C:\Users\Pia Bausch\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) FF Plugin HKU\S-1-5-21-1140785117-3275974374-1152227498-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Pia Bausch\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKU\S-1-5-21-1140785117-3275974374-1152227498-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Pia Bausch\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKU\S-1-5-21-1140785117-3275974374-1152227498-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10174.dll (Amazon.com, Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\Pia Bausch\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC) FF Plugin ProgramFiles/Appdata: C:\Users\Pia Bausch\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google) FF Plugin ProgramFiles/Appdata: C:\Users\Pia Bausch\AppData\Roaming\mozilla\plugins\npo1d.dll (Google) FF SearchPlugin: C:\Users\Pia Bausch\AppData\Roaming\Mozilla\Firefox\Profiles\455x0jfg.default\searchplugins\Web Search.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\webssearches.xml FF Extension: jid1xKH0EoS44u1a2wjetpack - C:\Users\Pia Bausch\AppData\Roaming\Mozilla\Firefox\Profiles\455x0jfg.default\Extensions\jid1-xKH0EoS44u1a2w@jetpack [2014-11-07] FF Extension: Foxy Security - C:\Users\Pia Bausch\AppData\Roaming\Mozilla\Firefox\Profiles\455x0jfg.default\Extensions\sys@foxysecurity.com [2014-05-30] FF Extension: Yahoo! Toolbar - C:\Users\Pia Bausch\AppData\Roaming\Mozilla\Firefox\Profiles\455x0jfg.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2014-10-28] FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\Pia Bausch\AppData\Roaming\Mozilla\Firefox\Profiles\455x0jfg.default\Extensions\elemhidehelper@adblockplus.org.xpi [2014-11-16] FF Extension: Foxtab Speed Dial - C:\Users\Pia Bausch\AppData\Roaming\Mozilla\Firefox\Profiles\455x0jfg.default\Extensions\{5ebdca98-43b3-45bb-87e0-716029fb42ab}.xpi [2014-03-25] FF Extension: NoScript - C:\Users\Pia Bausch\AppData\Roaming\Mozilla\Firefox\Profiles\455x0jfg.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-11-16] FF Extension: Adblock Plus - C:\Users\Pia Bausch\AppData\Roaming\Mozilla\Firefox\Profiles\455x0jfg.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-16] FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1056\FirefoxExtension FF Extension: Trend Micro NSC Firefox Extension - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1056\FirefoxExtension [2012-10-07] FF HKLM-x32\...\Firefox\Extensions: [65ffxtbr@FromDocToPDF_65.com] - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin FF Extension: FromDocToPDF - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin [2013-03-02] FF HKLM-x32\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\Pia Bausch\AppData\Roaming\Mozilla\Firefox\Profiles\455x0jfg.default\extensions\faststartff@gmail.com FF HKU\S-1-5-21-1140785117-3275974374-1152227498-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] Chrome: ======= CHR dev: Chrome dev build detected! <======= ATTENTION CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 BrcmMgmtAgent; C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [158720 2010-06-29] (Broadcom Corporation) [File not signed] S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [402192 2014-05-21] (BlueStack Systems, Inc.) S2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385808 2014-05-21] (BlueStack Systems, Inc.) S2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [774928 2014-05-21] (BlueStack Systems, Inc.) S2 bupService; C:\Users\Pia Bausch\AppData\Roaming\BupSystem\bup.exe [642048 2014-04-14] (BUP) [File not signed] S2 CouponarificService64; C:\Program Files (x86)\0892CCEA-3029-46F2-BD98-F3177431F5F8\xtloowpkjv64.exe [186368 2014-11-19] () [File not signed] S2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [451416 2014-12-17] (Garmin Ltd or its subsidiaries) S2 jzmoeejfme64; C:\Program Files\003\jzmoeejfme64.exe [706560 2014-11-03] () [File not signed] S2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-01-14] (LogMeIn, Inc.) S2 LPTSystemUpdater; C:\Program Files (x86)\LPT\srpts.exe [34304 2014-08-27] () <==== ATTENTION S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.) S2 ntrtscan; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\ntrtscan.exe [1824800 2013-03-18] (Trend Micro Inc.) S2 O2SDIOAssist; c:\Windows\SysWOW64\srvany.exe [8192 2003-04-19] () [File not signed] S2 PlantronicsUpdateService; C:\Program Files (x86)\Plantronics\Spokes3G\SpokesUpdateService.exe [1183120 2014-10-23] (Plantronics, Inc.) S2 RGMUpdater; C:\Users\Pia Bausch\AppData\Local\RGMService\RGMUpdater.exe [28160 2014-10-27] () [File not signed] S3 ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [430592 2008-04-07] (Nokia.) [File not signed] S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1025920 2015-01-20] (Enigma Software Group USA, LLC.) S2 SupraSavingsService64; C:\Program Files (x86)\E52BA74C-5F88-4F08-A1B8-3FC89D881FD1\hmhfslexky64.exe [172544 2014-07-17] () [File not signed] S2 svcGenericHost; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [50208 2013-01-11] (Trend Micro Inc.) S2 tcsd_win32.exe; C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1629696 2010-07-13] () [File not signed] S3 TMBMServer; c:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe [571928 2013-03-13] (Trend Micro Inc.) S2 tmlisten; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmlisten.exe [2060904 2013-03-18] (Trend Micro Inc.) S3 TmProxy; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe [918064 2012-08-08] (Trend Micro Inc.) S2 Verifies and fixes application compatibility issues; C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe [91304 2015-01-12] () S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) S2 WMCoreService; C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe [586280 2011-02-23] (Ericsson AB) S2 ZcfgSvc7; C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe [992256 2010-12-23] (Intel(R) Corporation) [File not signed] S3 SecureStorageService; "C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [123152 2014-05-21] (BlueStack Systems) S3 d554gps; C:\Windows\System32\DRIVERS\d554gps64.sys [101416 2010-12-02] (Ericsson AB) R3 d554scard; C:\Windows\System32\DRIVERS\d554scard.sys [61992 2010-11-19] (Ericsson AB) R3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2010-02-24] (Ericsson AB) R3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [30248 2010-02-24] (Ericsson AB) S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2015-01-20] (Enigma Software Group USA, LLC.) S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-01-20] () S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [44480 2011-05-17] (hxxp://libusb-win32.sourceforge.net) R3 Mbm3CBus; C:\Windows\System32\DRIVERS\Mbm3CBus.sys [411208 2010-11-01] (MCCI Corporation) S3 Mbm3DevMt; C:\Windows\System32\DRIVERS\Mbm3DevMt.sys [419912 2010-11-01] (MCCI Corporation) S3 Mbm3mdfl; C:\Windows\System32\DRIVERS\Mbm3mdfl.sys [19528 2010-11-01] (MCCI Corporation) S3 Mbm3Mdm; C:\Windows\System32\DRIVERS\Mbm3Mdm.sys [472648 2010-11-01] (MCCI Corporation) R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [41168 2014-11-19] (NetFilterSDK.com) S3 PAC207; C:\Windows\System32\DRIVERS\PFC027.SYS [572416 2006-12-05] (PixArt Imaging Inc.) S3 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [82840 2012-10-30] (Trend Micro Inc.) S1 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [174016 2012-11-13] (Trend Micro Inc.) S3 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [65872 2012-10-30] (Trend Micro Inc.) S2 TmFilter; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys [344376 2012-07-17] (Trend Micro Inc.) S2 TmPreFilter; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmPreFlt.sys [42808 2012-07-17] (Trend Micro Inc.) S1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [109080 2013-01-09] (Trend Micro Inc.) S2 VSApiNt; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\VSApiNt.sys [2224952 2012-07-17] (Trend Micro Inc.) R3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp64.sys [276520 2011-02-08] (Ericsson AB) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-25 16:09 - 2015-01-25 16:09 - 00031512 _____ () C:\Users\Pia Bausch\Desktop\FRST.txt 2015-01-25 16:09 - 2015-01-25 16:09 - 00000000 ____D () C:\FRST 2015-01-25 16:07 - 2015-01-25 16:08 - 02129920 _____ (Farbar) C:\Users\Pia Bausch\Desktop\FRST64.exe 2015-01-25 16:05 - 2015-01-25 16:05 - 00000482 _____ () C:\Users\Pia Bausch\Desktop\defogger_disable.log 2015-01-25 16:05 - 2015-01-25 16:05 - 00000000 _____ () C:\Users\Pia Bausch\defogger_reenable 2015-01-25 16:04 - 2015-01-25 16:04 - 00050477 _____ () C:\Users\Pia Bausch\Desktop\Defogger.exe 2015-01-24 14:05 - 2015-01-24 14:05 - 00000000 ____D () C:\Users\Pia Bausch\AppData\Roaming\Google 2015-01-24 13:43 - 2015-01-24 13:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi 2015-01-24 13:43 - 2015-01-24 13:43 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi 2015-01-23 21:47 - 2015-01-23 21:47 - 03353776 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2015-01-20 22:17 - 2015-01-20 22:17 - 00000000 _____ () C:\autoexec.bat 2015-01-20 20:21 - 2015-01-20 20:21 - 00000000 __SHD () C:\Users\Pia Bausch\AppData\Local\EmieBrowserModeList 2015-01-20 19:53 - 2015-01-20 19:53 - 00000000 ____D () C:\sh4ldr 2015-01-20 19:52 - 2015-01-20 19:52 - 00022704 _____ () C:\Windows\system32\Drivers\EsgScanner.sys 2015-01-20 19:52 - 2015-01-20 19:52 - 00000000 ____D () C:\Program Files\Enigma Software Group 2015-01-20 19:33 - 2015-01-20 19:53 - 00000000 ____D () C:\Users\Pia Bausch\AppData\Roaming\Enigma Software Group 2015-01-16 22:10 - 2015-01-24 14:50 - 00000112 _____ () C:\ProgramData\42G8625p.dat 2015-01-14 16:19 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2015-01-14 16:19 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2015-01-14 16:19 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-01-14 16:19 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-01-14 16:19 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-01-14 16:19 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-01-14 16:19 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-01-14 16:19 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-01-14 16:19 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-01-14 16:19 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2015-01-14 16:19 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll 2015-01-14 16:19 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll 2015-01-14 16:19 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll 2015-01-12 18:35 - 2015-01-12 18:35 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia 2015-01-12 18:35 - 2015-01-12 18:35 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Adobe 2015-01-12 18:35 - 2015-01-12 18:35 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia 2015-01-12 18:35 - 2015-01-12 18:35 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Adobe 2015-01-12 18:31 - 2015-01-24 17:49 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Compatibility Verifier 2015-01-12 18:31 - 2015-01-24 17:49 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Compatibility Verifier 2015-01-12 17:44 - 2015-01-12 17:44 - 06388344 _____ (Tim Kosse) C:\Users\Pia Bausch\Downloads\FileZilla_3.10.0_win32-setup.exe 2014-12-30 18:49 - 2014-12-30 18:49 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-12-30 18:49 - 2014-12-30 18:49 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-12-30 18:49 - 2014-12-30 18:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-25 16:05 - 2011-11-03 09:02 - 00000000 ____D () C:\Users\Pia Bausch 2015-01-25 15:44 - 2010-11-21 07:50 - 00902590 _____ () C:\Windows\system32\perfh007.dat 2015-01-25 15:44 - 2010-11-21 07:50 - 00215014 _____ () C:\Windows\system32\perfc007.dat 2015-01-25 15:44 - 2009-07-14 06:13 - 02165128 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-01-25 15:40 - 2014-12-05 15:37 - 00000000 ____D () C:\Users\Pia Bausch\AppData\Local\LogMeIn Hamachi 2015-01-25 15:35 - 2011-08-25 09:10 - 01258866 _____ () C:\Windows\WindowsUpdate.log 2015-01-25 15:35 - 2009-07-14 05:51 - 00168720 _____ () C:\Windows\setupact.log 2015-01-25 15:22 - 2012-01-14 17:39 - 00001118 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-01-25 15:21 - 2012-12-06 18:14 - 00001140 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1140785117-3275974374-1152227498-1000UA.job 2015-01-25 14:54 - 2014-01-29 14:54 - 00000304 _____ () C:\Windows\Tasks\FoxTab.job 2015-01-25 14:47 - 2012-07-22 11:23 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-01-25 14:41 - 2012-12-06 18:14 - 00001088 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1140785117-3275974374-1152227498-1000Core.job 2015-01-25 14:41 - 2012-01-14 17:39 - 00001114 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-01-24 17:40 - 2009-07-14 05:45 - 00031088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-01-24 17:40 - 2009-07-14 05:45 - 00031088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-01-24 17:33 - 2014-12-23 22:25 - 00000000 ____D () C:\Users\Pia Bausch\AppData\Local\RGMService 2015-01-24 17:32 - 2014-05-19 16:38 - 00000000 ___RD () C:\Users\Pia Bausch\Google Drive 2015-01-24 17:30 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-01-24 14:59 - 2011-08-25 16:57 - 00000000 ____D () C:\ProgramData\Sonic 2015-01-24 14:05 - 2012-01-14 17:39 - 00000000 ____D () C:\Users\Pia Bausch\AppData\Local\Google 2015-01-23 22:27 - 2014-11-25 19:18 - 00000000 ____D () C:\Users\Pia Bausch\AppData\Roaming\.minecraft 2015-01-23 21:47 - 2012-07-22 11:23 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-01-23 21:47 - 2012-07-22 11:23 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-01-23 21:47 - 2011-08-25 16:17 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-01-23 17:24 - 2013-12-14 17:00 - 00000000 ____D () C:\Users\Pia Bausch\AppData\Roaming\Skype 2015-01-23 14:40 - 2014-12-02 16:39 - 00000000 ____D () C:\Program Files\Couponarific 2015-01-22 18:26 - 2014-10-01 20:04 - 00000000 ____D () C:\Users\Pia Bausch\Desktop\Instagram 2015-01-22 17:49 - 2014-09-23 15:57 - 00003266 _____ () C:\Windows\System32\Tasks\Optimizer Pro Schedule 2015-01-21 20:06 - 2011-02-11 18:45 - 02139408 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2015-01-20 21:26 - 2010-11-21 04:47 - 00266146 _____ () C:\Windows\PFRO.log 2015-01-20 18:21 - 2011-11-03 09:03 - 00000000 ____D () C:\Windows\System32\Tasks\Dell 2015-01-17 00:40 - 2013-03-16 11:30 - 00007601 _____ () C:\Users\Pia Bausch\AppData\Local\resmon.resmoncfg 2015-01-15 03:15 - 2013-08-13 17:30 - 00000000 ____D () C:\Windows\system32\MRT 2015-01-15 03:02 - 2012-08-09 16:27 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-01-14 11:32 - 2013-08-29 12:53 - 00033856 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys 2015-01-12 17:59 - 2014-07-21 16:15 - 00000000 ____D () C:\Users\Pia Bausch\AppData\Roaming\FileZilla 2015-01-02 22:50 - 2012-03-14 18:52 - 00004805 _____ () C:\Windows\TMFilter.log 2014-12-30 18:49 - 2013-12-14 17:00 - 00000000 ____D () C:\ProgramData\Skype ==================== Files in the root of some directories ======= 2013-02-26 07:28 - 2013-02-26 07:28 - 0027762 _____ () C:\Program Files\changes.txt 2013-02-26 07:34 - 2013-02-26 07:34 - 2547384 _____ (Beepa P/L) C:\Program Files\fraps.exe 2013-02-26 07:34 - 2013-02-26 07:34 - 0234168 _____ (Beepa P/L) C:\Program Files\fraps32.dll 2013-02-26 07:34 - 2013-02-26 07:34 - 0068792 _____ (Beepa P/L) C:\Program Files\fraps64.dat 2013-02-26 07:34 - 2013-02-26 07:34 - 0186552 _____ (Beepa P/L) C:\Program Files\fraps64.dll 2013-02-26 07:30 - 2013-02-26 07:30 - 0140288 _____ (Beepa P/L) C:\Program Files\frapslcd.dll 2014-11-27 16:04 - 2014-11-27 16:04 - 0000180 _____ () C:\Program Files\FRAPSLOG.TXT 2013-02-26 07:27 - 2013-02-26 07:27 - 0001894 _____ () C:\Program Files\README.HTM 2014-11-27 16:01 - 2014-11-27 16:01 - 0040446 _____ (Beepa Pty Ltd) C:\Program Files\uninstall.exe 2014-11-03 17:06 - 2014-11-03 17:06 - 1545136 _____ (HDTubeV03.11) C:\Users\Pia Bausch\AppData\Roaming\BCQYCY.exe 2014-04-13 12:30 - 2014-04-13 15:41 - 0000108 _____ () C:\Users\Pia Bausch\AppData\Roaming\Camdata.ini 2014-04-13 12:30 - 2014-04-13 15:41 - 0000408 _____ () C:\Users\Pia Bausch\AppData\Roaming\CamLayout.ini 2014-04-13 12:30 - 2014-04-13 15:41 - 0000408 _____ () C:\Users\Pia Bausch\AppData\Roaming\CamShapes.ini 2014-04-13 12:30 - 2014-04-13 12:33 - 0004535 _____ () C:\Users\Pia Bausch\AppData\Roaming\CamStudio.cfg 2014-11-03 17:06 - 2014-11-03 17:06 - 2042288 _____ (HDTubeV03.11) C:\Users\Pia Bausch\AppData\Roaming\CJJORAH.exe 2014-04-13 12:29 - 2014-04-13 12:30 - 0000096 _____ () C:\Users\Pia Bausch\AppData\Roaming\version2.xml 2014-01-29 14:54 - 2014-11-17 16:53 - 0000181 _____ () C:\Users\Pia Bausch\AppData\Roaming\WB.CFG 2014-11-29 19:28 - 2014-11-29 19:28 - 0002085 _____ () C:\Users\Pia Bausch\AppData\Local\recently-used.xbel 2013-03-16 11:30 - 2015-01-17 00:40 - 0007601 _____ () C:\Users\Pia Bausch\AppData\Local\resmon.resmoncfg 2015-01-16 22:10 - 2015-01-24 14:50 - 0000112 _____ () C:\ProgramData\42G8625p.dat Files to move or delete: ==================== C:\ProgramData\42G8625p.dat Some content of TEMP: ==================== C:\Users\Pia Bausch\AppData\Local\Temp\0birg04y.dll C:\Users\Pia Bausch\AppData\Local\Temp\1lgq0ftb.dll C:\Users\Pia Bausch\AppData\Local\Temp\2y-qbeib.dll C:\Users\Pia Bausch\AppData\Local\Temp\4l0-fnac.dll C:\Users\Pia Bausch\AppData\Local\Temp\7gaj2fq3.dll C:\Users\Pia Bausch\AppData\Local\Temp\7z920.exe C:\Users\Pia Bausch\AppData\Local\Temp\9uos6bli.dll C:\Users\Pia Bausch\AppData\Local\Temp\APNStub.exe C:\Users\Pia Bausch\AppData\Local\Temp\avhhixrd.dll C:\Users\Pia Bausch\AppData\Local\Temp\BackupSetup.exe C:\Users\Pia Bausch\AppData\Local\Temp\bundlesweetimsetup.exe C:\Users\Pia Bausch\AppData\Local\Temp\cixovzf6.dll C:\Users\Pia Bausch\AppData\Local\Temp\cpdd890w.dll C:\Users\Pia Bausch\AppData\Local\Temp\DeltaTB.exe C:\Users\Pia Bausch\AppData\Local\Temp\dp.exe C:\Users\Pia Bausch\AppData\Local\Temp\e6ow2f5j.dll C:\Users\Pia Bausch\AppData\Local\Temp\edde_wvx.dll C:\Users\Pia Bausch\AppData\Local\Temp\ewddex_5.dll C:\Users\Pia Bausch\AppData\Local\Temp\ffymztt5.dll C:\Users\Pia Bausch\AppData\Local\Temp\fj3whpxl.dll C:\Users\Pia Bausch\AppData\Local\Temp\FLVPlayerSetup.exe C:\Users\Pia Bausch\AppData\Local\Temp\FoxySecuritySetup.exe C:\Users\Pia Bausch\AppData\Local\Temp\f_ehlkuw.dll C:\Users\Pia Bausch\AppData\Local\Temp\g5w6v-4d.dll C:\Users\Pia Bausch\AppData\Local\Temp\GdiPlus.dll C:\Users\Pia Bausch\AppData\Local\Temp\GenericUninstall.exe C:\Users\Pia Bausch\AppData\Local\Temp\glgtk_sx.dll C:\Users\Pia Bausch\AppData\Local\Temp\GoogleToolbarInstaller_en32_signed.exe C:\Users\Pia Bausch\AppData\Local\Temp\hxbxahck.dll C:\Users\Pia Bausch\AppData\Local\Temp\ia-7msjs.dll C:\Users\Pia Bausch\AppData\Local\Temp\ICReinstall_FileZilla_3.8.1_win32-setup.exe C:\Users\Pia Bausch\AppData\Local\Temp\ICReinstall_MineCraftSetup.exe C:\Users\Pia Bausch\AppData\Local\Temp\ICReinstall_winzip19-mediafire.exe C:\Users\Pia Bausch\AppData\Local\Temp\InstallerMessageBox.exe C:\Users\Pia Bausch\AppData\Local\Temp\jansi-64-git-Bukkit-1.6.4-R2.0-b2918jnks.dll C:\Users\Pia Bausch\AppData\Local\Temp\jpun-md-.dll C:\Users\Pia Bausch\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe C:\Users\Pia Bausch\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe C:\Users\Pia Bausch\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe C:\Users\Pia Bausch\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe C:\Users\Pia Bausch\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe C:\Users\Pia Bausch\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe C:\Users\Pia Bausch\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe C:\Users\Pia Bausch\AppData\Local\Temp\Kraus.exe C:\Users\Pia Bausch\AppData\Local\Temp\LyricsPal.exe C:\Users\Pia Bausch\AppData\Local\Temp\mgsqlite3.dll C:\Users\Pia Bausch\AppData\Local\Temp\ms.exe C:\Users\Pia Bausch\AppData\Local\Temp\npp.6.6.7.Installer.exe C:\Users\Pia Bausch\AppData\Local\Temp\npp.6.6.9.Installer.exe C:\Users\Pia Bausch\AppData\Local\Temp\NPSInstallerProxy.exe C:\Users\Pia Bausch\AppData\Local\Temp\NPSInstallerProxyMessageBoxHookDll.dll C:\Users\Pia Bausch\AppData\Local\Temp\nsi80A6.tmp.exe C:\Users\Pia Bausch\AppData\Local\Temp\nweveefb.dll C:\Users\Pia Bausch\AppData\Local\Temp\ofjq_kjs.dll C:\Users\Pia Bausch\AppData\Local\Temp\optprosetup.exe C:\Users\Pia Bausch\AppData\Local\Temp\ppbg9ya-.dll C:\Users\Pia Bausch\AppData\Local\Temp\pricepeep_130001_0101.exe C:\Users\Pia Bausch\AppData\Local\Temp\qdwzo0vl.dll C:\Users\Pia Bausch\AppData\Local\Temp\qge-11ux.dll C:\Users\Pia Bausch\AppData\Local\Temp\ql9tops3.dll C:\Users\Pia Bausch\AppData\Local\Temp\rcallup8.dll C:\Users\Pia Bausch\AppData\Local\Temp\s-iv8lqz.dll C:\Users\Pia Bausch\AppData\Local\Temp\setup_297.exe C:\Users\Pia Bausch\AppData\Local\Temp\setup_383.exe C:\Users\Pia Bausch\AppData\Local\Temp\SkypeSetup.exe C:\Users\Pia Bausch\AppData\Local\Temp\sm1kchwo.dll C:\Users\Pia Bausch\AppData\Local\Temp\SmallBasicLibrary.dll C:\Users\Pia Bausch\AppData\Local\Temp\somoto_BD Renaissance_1.0.exe C:\Users\Pia Bausch\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll C:\Users\Pia Bausch\AppData\Local\Temp\Sqlite3.dll C:\Users\Pia Bausch\AppData\Local\Temp\tmp145E.tmp.exe C:\Users\Pia Bausch\AppData\Local\Temp\tmp1560.tmp.exe C:\Users\Pia Bausch\AppData\Local\Temp\tmp1A7B.tmp.exe C:\Users\Pia Bausch\AppData\Local\Temp\tmp1C41.tmp.exe C:\Users\Pia Bausch\AppData\Local\Temp\tmp1ECC.tmp.exe C:\Users\Pia Bausch\AppData\Local\Temp\tmp1F35.tmp.exe C:\Users\Pia Bausch\AppData\Local\Temp\tmp2442.tmp.exe C:\Users\Pia Bausch\AppData\Local\Temp\tmp24A9.tmp.exe C:\Users\Pia Bausch\AppData\Local\Temp\tmp28C0.tmp.exe C:\Users\Pia Bausch\AppData\Local\Temp\tmp2AAE.tmp.exe C:\Users\Pia Bausch\AppData\Local\Temp\tmp2FFE.tmp.exe C:\Users\Pia Bausch\AppData\Local\Temp\tmp32BC.tmp.exe C:\Users\Pia Bausch\AppData\Local\Temp\tmp32F4.tmp.exe C:\Users\Pia Bausch\AppData\Local\Temp\tmp347F.tmp.exe C:\Users\Pia Bausch\AppData\Local\Temp\tmp36DD.tmp.exe C:\Users\Pia Bausch\AppData\Local\Temp\tmp375E.tmp.exe C:\Users\Pia Bausch\AppData\Local\Temp\tmp3848.tmp.exe C:\Users\Pia Bausch\AppData\Local\Temp\tmp3A3B.tmp.exe C:\Users\Pia Bausch\AppData\Local\Temp\tmp3C12.tmp.exe C:\Users\Pia Bausch\AppData\Local\Temp\tmp3F80.tmp.exe C:\Users\Pia Bausch\AppData\Local\Temp\tmp4363.tmp.exe C:\Users\Pia Bausch\AppData\Local\Temp\tmp43C6.tmp.exe C:\Users\Pia Bausch\AppData\Local\Temp\tmp440A.tmp.exe C:\Users\Pia Bausch\AppData\Local\Temp\tmp4472.tmp.exe C:\Users\Pia Bausch\AppData\Local\Temp\tmp44A1.tmp.exe C:\Users\Pia Bausch\AppData\Local\Temp\tmp49B4.tmp.exe C:\Users\Pia Bausch\AppData\Local\Temp\tmp4A39.tmp.exe C:\Users\Pia Bausch\AppData\Local\Temp\tmp4A4C.tmp.exe C:\Users\Pia Bausch\AppData\Local\Temp\tmp4CD9.tmp.exe C:\Users\Pia Bausch\AppData\Local\Temp\tmp4D3C.tmp.exe C:\Users\Pia Bausch\AppData\Local\Temp\tmp4EB0.tmp.exe C:\Users\Pia Bausch\AppData\Local\Temp\tmp4F17.tmp.exe C:\Users\Pia Bausch\AppData\Local\Temp\tmp521C.tmp.exe C:\Users\Pia Bausch\AppData\Local\Temp\tmp552B.tmp.exe C:\Users\Pia Bausch\AppData\Local\Temp\tmp588E.tmp.exe C:\Users\Pia Bausch\AppData\Local\Temp\tmp5A03.tmp.exe C:\Users\Pia Bausch\AppData\Local\Temp\tmp5C15.tmp.exe C:\Users\Pia Bausch\AppData\Local\Temp\tmp5C63.tmp.exe C:\Users\Pia Bausch\AppData\Local\Temp\tmp616B.tmp.exe C:\Users\Pia Bausch\AppData\Local\Temp\tmp622C.tmp.exe C:\Users\Pia Bausch\AppData\Local\Temp\tmp6387.tmp.exe C:\Users\Pia Bausch\AppData\Local\Temp\tmp66F6.tmp.exe C:\Users\Pia Bausch\AppData\Local\Temp\tmp6754.tmp.exe C:\Users\Pia Bausch\AppData\Local\Temp\tmp685B.tmp.exe C:\Users\Pia Bausch\AppData\Local\Temp\tmp68CC.tmp.exe C:\Users\Pia Bausch\AppData\Local\Temp\tmp6996.tmp.exe C:\Users\Pia Bausch\AppData\Local\Temp\tmp6C7D.tmp.exe C:\Users\Pia Bausch\AppData\Local\Temp\tmp6D70.tmp.exe C:\Users\Pia Bausch\AppData\Local\Temp\tmp6E70.tmp.exe C:\Users\Pia Bausch\AppData\Local\Temp\tmp6F9F.tmp.exe C:\Users\Pia Bausch\AppData\Local\Temp\tmp714E.tmp.exe C:\Users\Pia Bausch\AppData\Local\Temp\tmp715.tmp.exe C:\Users\Pia Bausch\AppData\Local\Temp\tmp7486.tmp.exe C:\Users\Pia Bausch\AppData\Local\Temp\tmp7582.tmp.exe C:\Users\Pia Bausch\AppData\Local\Temp\tmp79FC.tmp.exe C:\Users\Pia Bausch\AppData\Local\Temp\tmp7E8A.tmp.exe C:\Users\Pia Bausch\AppData\Local\Temp\tmp81A5.tmp.exe C:\Users\Pia Bausch\AppData\Local\Temp\tmp83AD.tmp.exe C:\Users\Pia Bausch\AppData\Local\Temp\tmp85E4.tmp.exe C:\Users\Pia Bausch\AppData\Local\Temp\tmp8A38.tmp.exe C:\Users\Pia Bausch\AppData\Local\Temp\tmp8B8D.tmp.exe C:\Users\Pia Bausch\AppData\Local\Temp\tmp8EDF.tmp.exe C:\Users\Pia Bausch\AppData\Local\Temp\tmp9423.tmp.exe C:\Users\Pia Bausch\AppData\Local\Temp\tmp95C4.tmp.exe C:\Users\Pia Bausch\AppData\Local\Temp\tmp97B2.tmp.exe C:\Users\Pia Bausch\AppData\Local\Temp\tmp9AED.tmp.exe C:\Users\Pia Bausch\AppData\Local\Temp\tmpA04A.tmp.exe C:\Users\Pia Bausch\AppData\Local\Temp\tmpA060.tmp.exe C:\Users\Pia Bausch\AppData\Local\Temp\tmpA1D2.tmp.exe C:\Users\Pia Bausch\AppData\Local\Temp\tmpA30B.tmp.exe C:\Users\Pia Bausch\AppData\Local\Temp\tmpA4C.tmp.exe C:\Users\Pia Bausch\AppData\Local\Temp\tmpA5BC.tmp.exe C:\Users\Pia Bausch\AppData\Local\Temp\tmpAFAC.tmp.exe C:\Users\Pia Bausch\AppData\Local\Temp\tmpB829.tmp.exe C:\Users\Pia Bausch\AppData\Local\Temp\tmpB832.tmp.exe C:\Users\Pia Bausch\AppData\Local\Temp\tmpBED4.tmp.exe C:\Users\Pia Bausch\AppData\Local\Temp\tmpBF30.tmp.exe C:\Users\Pia Bausch\AppData\Local\Temp\tmpC95.tmp.exe C:\Users\Pia Bausch\AppData\Local\Temp\tmpCB02.tmp.exe C:\Users\Pia Bausch\AppData\Local\Temp\tmpCDB4.tmp.exe C:\Users\Pia Bausch\AppData\Local\Temp\tmpCE5B.tmp.exe C:\Users\Pia Bausch\AppData\Local\Temp\tmpCFD.tmp.exe C:\Users\Pia Bausch\AppData\Local\Temp\tmpD296.tmp.exe C:\Users\Pia Bausch\AppData\Local\Temp\tmpD4F8.tmp.exe C:\Users\Pia Bausch\AppData\Local\Temp\tmpD545.tmp.exe C:\Users\Pia Bausch\AppData\Local\Temp\tmpD79B.tmp.exe C:\Users\Pia Bausch\AppData\Local\Temp\tmpD8EA.tmp.exe C:\Users\Pia Bausch\AppData\Local\Temp\tmpD9E9.tmp.exe C:\Users\Pia Bausch\AppData\Local\Temp\tmpDD4C.tmp.exe C:\Users\Pia Bausch\AppData\Local\Temp\tmpE16A.tmp.exe C:\Users\Pia Bausch\AppData\Local\Temp\tmpE2D0.tmp.exe C:\Users\Pia Bausch\AppData\Local\Temp\tmpE600.tmp.exe C:\Users\Pia Bausch\AppData\Local\Temp\tmpE668.tmp.exe C:\Users\Pia Bausch\AppData\Local\Temp\tmpE728.tmp.exe C:\Users\Pia Bausch\AppData\Local\Temp\tmpEACE.tmp.exe C:\Users\Pia Bausch\AppData\Local\Temp\tmpED7B.tmp.exe C:\Users\Pia Bausch\AppData\Local\Temp\tmpF524.tmp.exe C:\Users\Pia Bausch\AppData\Local\Temp\tmpF998.tmp.exe C:\Users\Pia Bausch\AppData\Local\Temp\tmpFB96.tmp.exe C:\Users\Pia Bausch\AppData\Local\Temp\tmpFC2E.tmp.exe C:\Users\Pia Bausch\AppData\Local\Temp\tmpFEA3.tmp.exe C:\Users\Pia Bausch\AppData\Local\Temp\tmpFF2B.tmp.exe C:\Users\Pia Bausch\AppData\Local\Temp\tmpFF4D.tmp.exe C:\Users\Pia Bausch\AppData\Local\Temp\umhkqfzw.dll C:\Users\Pia Bausch\AppData\Local\Temp\umxujks7.dll C:\Users\Pia Bausch\AppData\Local\Temp\uninstaller.exe C:\Users\Pia Bausch\AppData\Local\Temp\UpdateCheckerSetup.exe C:\Users\Pia Bausch\AppData\Local\Temp\vhh6wd8-.dll C:\Users\Pia Bausch\AppData\Local\Temp\vtcuksu9.dll C:\Users\Pia Bausch\AppData\Local\Temp\vvqyybou.dll C:\Users\Pia Bausch\AppData\Local\Temp\WSSetup.exe C:\Users\Pia Bausch\AppData\Local\Temp\xfl7ux5v.dll C:\Users\Pia Bausch\AppData\Local\Temp\xmlUpdater.exe C:\Users\Pia Bausch\AppData\Local\Temp\zafwSetupWeb_120_121_000-4-.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-15 03:51 ==================== End Of Log ============================ Mehr habe ich wie bereits geschrieben leider nicht. Ist es OK so?? Danke erst einmal LG Nailimixam |
26.01.2015, 09:24 | #4 |
/// the machine /// TB-Ausbilder | WIN 7: Zugriff auf Dateien nicht mehr möglich Lade Dir bitte von hier Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
26.01.2015, 17:24 | #5 |
| WIN 7: Zugriff auf Dateien nicht mehr möglich Hallo Schrauber, ok habe nun alle aufgelisteten Programme deinstalliert. Gibt es nun noch irgentetwas zu tun? Es scheint so, als wäre nun alles in Ordnung !! Super, dass wäre ja sentiationell !! Kannst Du mir noch ein gutes (kostengünstiges) Virenprogramm empfehlen, welches ich nun abbonieren sollte? Danke nochmal für die Hilfe! LG Nailimixam Geändert von Nailimixam (26.01.2015 um 18:10 Uhr) |
26.01.2015, 19:23 | #6 |
/// the machine /// TB-Ausbilder | WIN 7: Zugriff auf Dateien nicht mehr möglich Was ist mit Combofix?
__________________ --> WIN 7: Zugriff auf Dateien nicht mehr möglich |
26.01.2015, 22:03 | #7 |
| WIN 7: Zugriff auf Dateien nicht mehr möglich Hallo Schrauber, Wie es scheint habe ich wohl die Anweisung mit dem Combofix Scan überflogen, da ich dachte das das nur für die Mitleser gilt... Naja ich habe jetzt alles gemacht hier ist die Combofit.txt: Code:
ATTFilter ComboFix 15-01-22.02 - Pia Bausch 26.01.2015 21:23:43.1.4 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3993.2244 [GMT 1:00] ausgeführt von:: c:\users\Pia Bausch\Desktop\ComboFix.exe AV: Trend Micro Client/Server Security Agent *Disabled/Updated* {5D349EF8-873B-C657-917F-F1D93E101A7C} FW: Trend Micro Personal Firewall *Disabled* {50C2E989-60CF-0845-AFD3-290B7D301E79} SP: Trend Micro Client/Server Security Agent Anti-Spyware *Disabled/Updated* {E6557F1C-A101-C9D9-ABCF-CAAB459750C1} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . C:\install.exe c:\programdata\374311380 c:\users\Pia Bausch\AppData\Local\Microsoft\Windows\Temporary Internet Files\{0CE5DDB5-DD51-4089-83E5-3A2A425939BF}.xps c:\users\Pia Bausch\AppData\Local\Microsoft\Windows\Temporary Internet Files\result.xml c:\users\Pia Bausch\AppData\Local\Temp\_MEI48162\_ctypes.pyd c:\users\Pia Bausch\AppData\Local\Temp\_MEI48162\_elementtree.pyd c:\users\Pia Bausch\AppData\Local\Temp\_MEI48162\_hashlib.pyd c:\users\Pia Bausch\AppData\Local\Temp\_MEI48162\_multiprocessing.pyd c:\users\Pia Bausch\AppData\Local\Temp\_MEI48162\_socket.pyd c:\users\Pia Bausch\AppData\Local\Temp\_MEI48162\_ssl.pyd c:\users\Pia Bausch\AppData\Local\Temp\_MEI48162\hashobjs_ext.pyd c:\users\Pia Bausch\AppData\Local\Temp\_MEI48162\pyexpat.pyd c:\users\Pia Bausch\AppData\Local\Temp\_MEI48162\pysqlite2._sqlite.pyd c:\users\Pia Bausch\AppData\Local\Temp\_MEI48162\python27.dll c:\users\Pia Bausch\AppData\Local\Temp\_MEI48162\pythoncom27.dll c:\users\Pia Bausch\AppData\Local\Temp\_MEI48162\PyWinTypes27.dll c:\users\Pia Bausch\AppData\Local\Temp\_MEI48162\select.pyd c:\users\Pia Bausch\AppData\Local\Temp\_MEI48162\unicodedata.pyd c:\users\Pia Bausch\AppData\Local\Temp\_MEI48162\win32api.pyd c:\users\Pia Bausch\AppData\Local\Temp\_MEI48162\win32com.shell.shell.pyd c:\users\Pia Bausch\AppData\Local\Temp\_MEI48162\win32crypt.pyd c:\users\Pia Bausch\AppData\Local\Temp\_MEI48162\win32event.pyd c:\users\Pia Bausch\AppData\Local\Temp\_MEI48162\win32file.pyd c:\users\Pia Bausch\AppData\Local\Temp\_MEI48162\win32gui.pyd c:\users\Pia Bausch\AppData\Local\Temp\_MEI48162\win32inet.pyd c:\users\Pia Bausch\AppData\Local\Temp\_MEI48162\win32pdh.pyd c:\users\Pia Bausch\AppData\Local\Temp\_MEI48162\win32pipe.pyd c:\users\Pia Bausch\AppData\Local\Temp\_MEI48162\win32process.pyd c:\users\Pia Bausch\AppData\Local\Temp\_MEI48162\win32profile.pyd c:\users\Pia Bausch\AppData\Local\Temp\_MEI48162\win32security.pyd c:\users\Pia Bausch\AppData\Local\Temp\_MEI48162\win32ts.pyd c:\users\Pia Bausch\AppData\Local\Temp\_MEI48162\windows._lib_cacheinvalidation.pyd c:\users\Pia Bausch\AppData\Local\Temp\_MEI48162\wx._animate.pyd c:\users\Pia Bausch\AppData\Local\Temp\_MEI48162\wx._controls_.pyd c:\users\Pia Bausch\AppData\Local\Temp\_MEI48162\wx._core_.pyd c:\users\Pia Bausch\AppData\Local\Temp\_MEI48162\wx._gdi_.pyd c:\users\Pia Bausch\AppData\Local\Temp\_MEI48162\wx._html2.pyd c:\users\Pia Bausch\AppData\Local\Temp\_MEI48162\wx._misc_.pyd c:\users\Pia Bausch\AppData\Local\Temp\_MEI48162\wx._windows_.pyd c:\users\Pia Bausch\AppData\Local\Temp\_MEI48162\wx._wizard.pyd c:\users\Pia Bausch\AppData\Local\Temp\_MEI48162\wxbase294u_net_vc90.dll c:\users\Pia Bausch\AppData\Local\Temp\_MEI48162\wxbase294u_vc90.dll c:\users\Pia Bausch\AppData\Local\Temp\_MEI48162\wxmsw294u_adv_vc90.dll c:\users\Pia Bausch\AppData\Local\Temp\_MEI48162\wxmsw294u_core_vc90.dll c:\users\Pia Bausch\AppData\Local\Temp\_MEI48162\wxmsw294u_html_vc90.dll c:\users\Pia Bausch\AppData\Local\Temp\_MEI48162\wxmsw294u_webview_vc90.dll c:\users\PIABAU~1\AppData\Local\Temp\_MEI48162\_ctypes.pyd c:\users\PIABAU~1\AppData\Local\Temp\_MEI48162\_elementtree.pyd c:\users\PIABAU~1\AppData\Local\Temp\_MEI48162\_hashlib.pyd c:\users\PIABAU~1\AppData\Local\Temp\_MEI48162\_multiprocessing.pyd c:\users\PIABAU~1\AppData\Local\Temp\_MEI48162\_socket.pyd c:\users\PIABAU~1\AppData\Local\Temp\_MEI48162\_ssl.pyd c:\users\PIABAU~1\AppData\Local\Temp\_MEI48162\hashobjs_ext.pyd c:\users\PIABAU~1\AppData\Local\Temp\_MEI48162\pyexpat.pyd c:\users\PIABAU~1\AppData\Local\Temp\_MEI48162\pysqlite2._sqlite.pyd c:\users\PIABAU~1\AppData\Local\Temp\_MEI48162\python27.dll c:\users\PIABAU~1\AppData\Local\Temp\_MEI48162\pythoncom27.dll c:\users\PIABAU~1\AppData\Local\Temp\_MEI48162\PyWinTypes27.dll c:\users\PIABAU~1\AppData\Local\Temp\_MEI48162\select.pyd c:\users\PIABAU~1\AppData\Local\Temp\_MEI48162\unicodedata.pyd c:\users\PIABAU~1\AppData\Local\Temp\_MEI48162\win32api.pyd c:\users\PIABAU~1\AppData\Local\Temp\_MEI48162\win32com.shell.shell.pyd c:\users\PIABAU~1\AppData\Local\Temp\_MEI48162\win32crypt.pyd c:\users\PIABAU~1\AppData\Local\Temp\_MEI48162\win32event.pyd c:\users\PIABAU~1\AppData\Local\Temp\_MEI48162\win32file.pyd c:\users\PIABAU~1\AppData\Local\Temp\_MEI48162\win32gui.pyd c:\users\PIABAU~1\AppData\Local\Temp\_MEI48162\win32inet.pyd c:\users\PIABAU~1\AppData\Local\Temp\_MEI48162\win32pdh.pyd c:\users\PIABAU~1\AppData\Local\Temp\_MEI48162\win32pipe.pyd c:\users\PIABAU~1\AppData\Local\Temp\_MEI48162\win32process.pyd c:\users\PIABAU~1\AppData\Local\Temp\_MEI48162\win32profile.pyd c:\users\PIABAU~1\AppData\Local\Temp\_MEI48162\win32security.pyd c:\users\PIABAU~1\AppData\Local\Temp\_MEI48162\win32ts.pyd c:\users\PIABAU~1\AppData\Local\Temp\_MEI48162\windows._lib_cacheinvalidation.pyd c:\users\PIABAU~1\AppData\Local\Temp\_MEI48162\wx._animate.pyd c:\users\PIABAU~1\AppData\Local\Temp\_MEI48162\wx._controls_.pyd c:\users\PIABAU~1\AppData\Local\Temp\_MEI48162\wx._core_.pyd c:\users\PIABAU~1\AppData\Local\Temp\_MEI48162\wx._gdi_.pyd c:\users\PIABAU~1\AppData\Local\Temp\_MEI48162\wx._html2.pyd c:\users\PIABAU~1\AppData\Local\Temp\_MEI48162\wx._misc_.pyd c:\users\PIABAU~1\AppData\Local\Temp\_MEI48162\wx._windows_.pyd c:\users\PIABAU~1\AppData\Local\Temp\_MEI48162\wx._wizard.pyd c:\users\PIABAU~1\AppData\Local\Temp\_MEI48162\wxbase294u_net_vc90.dll c:\users\PIABAU~1\AppData\Local\Temp\_MEI48162\wxbase294u_vc90.dll c:\users\PIABAU~1\AppData\Local\Temp\_MEI48162\wxmsw294u_adv_vc90.dll c:\users\PIABAU~1\AppData\Local\Temp\_MEI48162\wxmsw294u_core_vc90.dll c:\users\PIABAU~1\AppData\Local\Temp\_MEI48162\wxmsw294u_html_vc90.dll c:\users\PIABAU~1\AppData\Local\Temp\_MEI48162\wxmsw294u_webview_vc90.dll c:\windows\msdownld.tmp c:\windows\SysWow64\WNLT . . ((((((((((((((((((((((( Dateien erstellt von 2014-12-26 bis 2015-01-26 )))))))))))))))))))))))))))))) . . 2015-01-26 20:35 . 2015-01-26 20:35 -------- d-----w- c:\users\Default\AppData\Local\temp 2015-01-26 20:35 . 2015-01-26 20:35 -------- d-----w- c:\users\Maximilian Bausch\AppData\Local\temp 2015-01-26 20:35 . 2015-01-26 20:35 -------- d-----w- c:\users\Gast\AppData\Local\temp 2015-01-26 15:46 . 2015-01-26 15:46 -------- d-----w- c:\program files (x86)\VS Revo Group 2015-01-25 15:09 . 2015-01-25 15:11 -------- d-----w- C:\FRST 2015-01-24 12:43 . 2015-01-24 12:43 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi 2015-01-20 19:21 . 2015-01-20 19:21 -------- d-sh--w- c:\users\Pia Bausch\AppData\Local\EmieBrowserModeList 2015-01-20 18:53 . 2015-01-20 18:53 -------- d-----w- C:\sh4ldr 2015-01-20 18:52 . 2015-01-20 18:52 22704 ----a-w- c:\windows\system32\drivers\EsgScanner.sys 2015-01-20 18:52 . 2015-01-26 16:19 -------- d-----w- c:\program files\Enigma Software Group 2015-01-12 17:31 . 2015-01-26 20:44 -------- d-----w- c:\users\Default\AppData\Roaming\Compatibility Verifier 2015-01-12 17:31 . 2015-01-12 17:31 -------- d-----w- c:\users\Default\AppData\Local\Programs 2014-12-30 17:49 . 2014-12-30 17:49 -------- d-----w- c:\program files (x86)\Common Files\Skype 2014-12-30 17:49 . 2014-12-30 17:49 -------- d-----r- c:\program files (x86)\Skype . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2015-01-26 17:47 . 2012-07-22 10:23 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2015-01-26 17:47 . 2011-08-25 15:17 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2015-01-15 02:02 . 2012-08-09 15:27 113365784 ----a-w- c:\windows\system32\MRT.exe 2015-01-14 10:32 . 2013-08-29 11:53 33856 ---ha-w- c:\windows\system32\hamachi.sys 2014-12-25 17:10 . 2014-10-12 11:45 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin 2014-12-13 05:09 . 2014-12-17 18:56 144384 ----a-w- c:\windows\system32\ieUnatt.exe 2014-12-13 03:33 . 2014-12-17 18:56 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2014-12-04 16:22 . 2014-12-04 16:23 111016 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll 2014-12-04 02:50 . 2014-12-10 15:29 413184 ----a-w- c:\windows\system32\generaltel.dll 2014-12-04 02:50 . 2014-12-10 15:29 741376 ----a-w- c:\windows\system32\invagent.dll 2014-12-04 02:50 . 2014-12-10 15:29 396800 ----a-w- c:\windows\system32\devinv.dll 2014-12-04 02:50 . 2014-12-10 15:29 830976 ----a-w- c:\windows\system32\appraiser.dll 2014-12-04 02:50 . 2014-12-10 15:29 192000 ----a-w- c:\windows\system32\aepic.dll 2014-12-04 02:50 . 2014-12-10 15:29 227328 ----a-w- c:\windows\system32\aepdu.dll 2014-12-04 02:44 . 2014-12-10 15:29 1083392 ----a-w- c:\windows\system32\aeinv.dll 2014-12-01 23:28 . 2014-12-10 15:29 1232040 ----a-w- c:\windows\system32\aitstatic.exe 2014-11-27 15:01 . 2014-11-27 15:01 40446 ----a-w- c:\program files\uninstall.exe 2014-11-27 01:43 . 2014-12-10 15:30 389296 ----a-w- c:\windows\system32\iedkcs32.dll 2014-11-25 18:12 . 2014-11-25 18:09 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2014-11-25 18:09 . 2014-11-25 18:13 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll 2014-11-25 18:09 . 2014-11-25 18:13 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2014-11-25 17:34 . 2014-11-25 17:35 320936 ----a-w- c:\windows\system32\javaws.exe 2014-11-25 17:34 . 2014-11-25 17:35 191400 ----a-w- c:\windows\system32\javaw.exe 2014-11-25 17:34 . 2014-11-25 17:35 190888 ----a-w- c:\windows\system32\java.exe 2014-11-25 17:28 . 2014-11-25 17:28 0 ----a-w- c:\windows\system32\REN3EC6.tmp 2014-11-25 17:28 . 2014-11-25 17:28 0 ----a-w- c:\windows\system32\REN3EB6.tmp 2014-11-25 17:28 . 2014-11-25 17:28 0 ----a-w- c:\windows\system32\REN3EB5.tmp 2014-11-25 17:23 . 2014-11-25 17:23 0 ----a-w- c:\windows\system32\REN10A4.tmp 2014-11-25 17:23 . 2014-11-25 17:23 0 ----a-w- c:\windows\system32\REN1093.tmp 2014-11-25 16:16 . 2014-11-25 16:16 177856928 ----a-w- c:\users\Pia Bausch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\jdk-8u25-windows-x64.exe 2014-11-22 03:13 . 2014-12-10 15:30 25059840 ----a-w- c:\windows\system32\mshtml.dll 2014-11-22 03:06 . 2014-12-10 15:30 2724864 ----a-w- c:\windows\system32\mshtml.tlb 2014-11-22 03:06 . 2014-12-10 15:30 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll 2014-11-22 02:50 . 2014-12-10 15:30 66560 ----a-w- c:\windows\system32\iesetup.dll 2014-11-22 02:50 . 2014-12-10 15:30 580096 ----a-w- c:\windows\system32\vbscript.dll 2014-11-22 02:49 . 2014-12-10 15:30 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll 2014-11-22 02:49 . 2014-12-10 15:30 2885120 ----a-w- c:\windows\system32\iertutil.dll 2014-11-22 02:48 . 2014-12-10 15:30 88064 ----a-w- c:\windows\system32\MshtmlDac.dll 2014-11-22 02:41 . 2014-12-10 15:30 54784 ----a-w- c:\windows\system32\jsproxy.dll 2014-11-22 02:40 . 2014-12-10 15:30 34304 ----a-w- c:\windows\system32\iernonce.dll 2014-11-22 02:37 . 2014-12-10 15:30 633856 ----a-w- c:\windows\system32\ieui.dll 2014-11-22 02:35 . 2014-12-10 15:30 114688 ----a-w- c:\windows\system32\ieetwcollector.exe 2014-11-22 02:34 . 2014-12-10 15:30 814080 ----a-w- c:\windows\system32\jscript9diag.dll 2014-11-22 02:34 . 2014-12-10 15:30 6039552 ----a-w- c:\windows\system32\jscript9.dll 2014-11-22 02:26 . 2014-12-10 15:30 968704 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe 2014-11-22 02:22 . 2014-12-10 15:30 490496 ----a-w- c:\windows\system32\dxtmsft.dll 2014-11-22 02:20 . 2014-12-10 15:30 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb 2014-11-22 02:14 . 2014-12-10 15:30 77824 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll 2014-11-22 02:09 . 2014-12-10 15:30 199680 ----a-w- c:\windows\system32\msrating.dll 2014-11-22 02:08 . 2014-12-10 15:30 92160 ----a-w- c:\windows\system32\mshtmled.dll 2014-11-22 02:07 . 2014-12-10 15:30 501248 ----a-w- c:\windows\SysWow64\vbscript.dll 2014-11-22 02:07 . 2014-12-10 15:30 62464 ----a-w- c:\windows\SysWow64\iesetup.dll 2014-11-22 02:06 . 2014-12-10 15:30 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll 2014-11-22 02:05 . 2014-12-10 15:30 64000 ----a-w- c:\windows\SysWow64\MshtmlDac.dll 2014-11-22 02:05 . 2014-12-10 15:30 316928 ----a-w- c:\windows\system32\dxtrans.dll 2014-11-22 01:54 . 2014-12-10 15:30 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll 2014-11-22 01:49 . 2014-12-10 15:30 718848 ----a-w- c:\windows\system32\ie4uinit.exe 2014-11-22 01:49 . 2014-12-10 15:30 800768 ----a-w- c:\windows\system32\msfeeds.dll 2014-11-22 01:47 . 2014-12-10 15:30 1359360 ----a-w- c:\windows\system32\mshtmlmedia.dll 2014-11-22 01:46 . 2014-12-10 15:30 2125312 ----a-w- c:\windows\system32\inetcpl.cpl 2014-11-22 01:43 . 2014-12-10 15:30 14412800 ----a-w- c:\windows\system32\ieframe.dll 2014-11-22 01:40 . 2014-12-10 15:30 60416 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll 2014-11-22 01:29 . 2014-12-10 15:30 4299264 ----a-w- c:\windows\SysWow64\jscript9.dll 2014-11-22 01:28 . 2014-12-10 15:30 2358272 ----a-w- c:\windows\system32\wininet.dll 2014-11-22 01:22 . 2014-12-10 15:30 2052096 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2014-11-22 01:21 . 2014-12-10 15:30 1155072 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll 2014-11-22 01:15 . 2014-12-10 15:30 1548288 ----a-w- c:\windows\system32\urlmon.dll 2014-11-22 01:03 . 2014-12-10 15:30 800768 ----a-w- c:\windows\system32\ieapfltr.dll 2014-11-22 01:00 . 2014-12-10 15:30 1888256 ----a-w- c:\windows\SysWow64\wininet.dll 2014-11-19 15:38 . 2014-11-19 15:38 41168 ----a-w- c:\windows\system32\drivers\netfilter64.sys 2014-11-19 03:31 . 2014-11-19 03:31 1217192 ----a-w- c:\windows\SysWow64\FM20.DLL 2014-11-11 03:09 . 2014-12-10 15:29 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll 2014-11-11 03:08 . 2014-11-19 12:50 241152 ----a-w- c:\windows\system32\pku2u.dll 2014-11-11 03:08 . 2014-11-19 12:50 728064 ----a-w- c:\windows\system32\kerberos.dll 2014-11-11 02:44 . 2014-12-10 15:29 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll 2014-11-11 02:44 . 2014-11-19 12:50 186880 ----a-w- c:\windows\SysWow64\pku2u.dll 2014-11-11 02:44 . 2014-11-19 12:50 550912 ----a-w- c:\windows\SysWow64\kerberos.dll 2014-11-11 01:46 . 2014-12-10 15:29 119296 ----a-w- c:\windows\system32\drivers\tdx.sys 2014-11-08 03:16 . 2014-12-10 15:24 2048 ----a-w- c:\windows\system32\tzres.dll 2014-11-08 02:45 . 2014-12-10 15:24 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2014-11-03 16:06 . 2014-11-03 16:06 1545136 ----a-w- c:\users\Pia Bausch\AppData\Roaming\BCQYCY.exe 2014-11-03 16:06 . 2014-11-03 16:06 2042288 ----a-w- c:\users\Pia Bausch\AppData\Roaming\CJJORAH.exe 2014-10-30 02:03 . 2014-12-10 15:24 165888 ----a-w- c:\windows\system32\charmap.exe 2014-10-30 01:45 . 2014-12-10 15:24 155136 ----a-w- c:\windows\SysWow64\charmap.exe 2013-02-26 06:34 . 2013-02-26 06:34 68792 ----a-w- c:\program files\fraps64.dat 2013-02-26 06:34 . 2013-02-26 06:34 2547384 ----a-w- c:\program files\fraps.exe 2013-02-26 06:34 . 2013-02-26 06:34 234168 ----a-w- c:\program files\fraps32.dll 2013-02-26 06:34 . 2013-02-26 06:34 186552 ----a-w- c:\program files\fraps64.dll 2013-02-26 06:30 . 2013-02-26 06:30 140288 ----a-w- c:\program files\frapslcd.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}] 2010-11-21 03:24 297808 ----a-w- c:\windows\System32\mscoree.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}] 2014-11-03 16:07 515464 ----a-w- c:\program files (x86)\SupTab\SupTab.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{ca3eae2b-3b20-2e6f-a849-c126d93b6ad3}] 2014-07-11 14:13 74752 ----a-w- c:\program files\E52BA74C-5F88-4F08-A1B8-3FC89D881FD1\xkymsyyrfh.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}] 2013-03-18 14:53 1310480 ----a-r- c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2013-03-18 1310480] . [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}] [HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1] [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}] [HKEY_CLASSES_ROOT\SWEETIE.IEToolbar] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AutoStartNPSAgent"="c:\program files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe" [2010-07-04 95576] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584] "GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2014-08-08 22734160] "Browser Infrastructure Helper"="c:\users\Pia Bausch\AppData\Local\Smartbar\Application\Smartbar.exe" [2014-08-27 29696] "GarminExpressTrayApp"="c:\program files (x86)\Garmin\Express Tray\ExpressTray.exe" [2014-12-17 688984] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336] "PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-04-29 50472] "RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112] "Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544] "OfficeScanNT Monitor"="c:\program files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe" [2013-03-19 2112536] "OE"="c:\program files (x86)\Trend Micro\Client Server Security Agent\TMAS_OE\TMAS_OEMon.exe" [2010-08-10 846672] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904] "SweetIM"="c:\program files (x86)\SweetIM\Messenger\SweetIM.exe" [2012-10-04 115032] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720] "LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336] "BlueStacks Agent"="c:\program files (x86)\BlueStacks\HD-Agent.exe" [2014-05-21 832272] "PLTSpokes.exe"="c:\program files (x86)\Plantronics\Spokes3G\PLTSpokes.exe" [2014-10-23 6579600] "LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2015-01-20 3977576] . c:\users\Pia Bausch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-2-8 1136928] Dell System Manager.lnk - c:\program files\Dell\Dell System Manager\DCPSysMgr.exe [2011-1-20 1552240] Digital Line Detect.lnk - c:\program files (x86)\Digital Line Detect\DLG.exe [2011-8-25 50688] McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.150\SSScheduler.exe [2014-4-9 332016] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "DisableCAD"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\program files\Enigma Software Group\SpyHunter\SH4Service.exe;c:\program files\Enigma Software Group\SpyHunter\SH4Service.exe [x] R2 SupraSavingsService64;SupraSavingsService64;c:\program files (x86)\E52BA74C-5F88-4F08-A1B8-3FC89D881FD1\hmhfslexky64.exe;c:\program files (x86)\E52BA74C-5F88-4F08-A1B8-3FC89D881FD1\hmhfslexky64.exe [x] R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x] R3 d554gps;Dell Wireless HSPA Mini-Card GPS Port;c:\windows\system32\DRIVERS\d554gps64.sys;c:\windows\SYSNATIVE\DRIVERS\d554gps64.sys [x] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x] R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x] R3 EsgScanner;EsgScanner;c:\windows\system32\DRIVERS\EsgScanner.sys;c:\windows\SYSNATIVE\DRIVERS\EsgScanner.sys [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x] R3 libusb0;libusb-win32 - Kernel Driver 04/08/2011 1.2.4.0;c:\windows\system32\DRIVERS\libusb0.sys;c:\windows\SYSNATIVE\DRIVERS\libusb0.sys [x] R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x] R3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe [x] R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys;c:\windows\SYSNATIVE\DRIVERS\netvsc60.sys [x] R3 O2MDFRDR;O2MDFRDR;c:\windows\system32\drivers\O2MDFw7x64.sys;c:\windows\SYSNATIVE\drivers\O2MDFw7x64.sys [x] R3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS;c:\windows\SYSNATIVE\DRIVERS\PFC027.SYS [x] R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x] R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bbus.sys [x] R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdfl.sys [x] R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdm.sys [x] R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys;c:\windows\SYSNATIVE\DRIVERS\VMBusVideoM.sys [x] R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys;c:\windows\SYSNATIVE\Drivers\TFsExDisk.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x] S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys;c:\windows\SYSNATIVE\DRIVERS\stdcfltn.sys [x] S1 netfilter64;netfilter64;c:\windows\system32\drivers\netfilter64.sys;c:\windows\SYSNATIVE\drivers\netfilter64.sys [x] S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x] S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\ATService.exe;c:\program files\Fingerprint Sensor\ATService.exe [x] S2 BrcmMgmtAgent;Broadcom Management Agent;c:\program files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe;c:\program files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [x] S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x] S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x] S2 BstHdUpdaterSvc;BlueStacks Updater Service;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe [x] S2 bupService;BUP Service;c:\users\Pia Bausch\AppData\Roaming\BupSystem\bup.exe;c:\users\Pia Bausch\AppData\Roaming\BupSystem\bup.exe [x] S2 CouponarificService64;CouponarificService64;c:\program files (x86)\0892CCEA-3029-46F2-BD98-F3177431F5F8\xtloowpkjv64.exe;c:\program files (x86)\0892CCEA-3029-46F2-BD98-F3177431F5F8\xtloowpkjv64.exe [x] S2 dcpsysmgrsvc;Dell System Manager Service;c:\program files\Dell\Dell System Manager\DCPSysMgrSvc.exe;c:\program files\Dell\Dell System Manager\DCPSysMgrSvc.exe [x] S2 Garmin Core Update Service;Garmin Core Update Service;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [x] S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x] S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [x] S2 jzmoeejfme64;jzmoeejfme64;c:\program files\003\jzmoeejfme64.exe run options=01100010030000000000000000000000 sourceguid=E52BA74C-5F88-4F08-A1B8-3FC89D881FD1;c:\program files\003\jzmoeejfme64.exe run options=01100010030000000000000000000000 sourceguid=E52BA74C-5F88-4F08-A1B8-3FC89D881FD1 [x] S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x] S2 LPTSystemUpdater;LPT System Updater Service;c:\program files (x86)\LPT\srpts.exe;c:\program files (x86)\LPT\srpts.exe [x] S2 O2SDIOAssist;O2SDIOAssist;c:\windows\SysWOW64\srvany.exe;c:\windows\SysWOW64\srvany.exe [x] S2 PlantronicsUpdateService;Plantronics Update Service;c:\program files (x86)\Plantronics\Spokes3G\SpokesUpdateService.exe install;c:\program files (x86)\Plantronics\Spokes3G\SpokesUpdateService.exe install [x] S2 RGMUpdater;RG Manage Updater;c:\users\Pia Bausch\AppData\Local\RGMService\RGMUpdater.exe;c:\users\Pia Bausch\AppData\Local\RGMService\RGMUpdater.exe [x] S2 svcGenericHost;Trend Micro Client/Server Security Agent;c:\program files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe;c:\program files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [x] S2 TmFilter;Trend Micro Filter;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys [x] S2 TmPreFilter;Trend Micro PreFilter;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmPreFlt.sys;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmPreFlt.sys [x] S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x] S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x] S2 Verifies and fixes application compatibility issues;Compatibility Verify;c:\users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe;c:\users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe [x] S2 WMCoreService;Mobile Broadband Service;c:\program files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe servicemode;c:\program files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe servicemode [x] S2 ZcfgSvc7;Intel(R) PROSet/Wireless ZeroConfig Service;c:\program files\Intel\WiFi\bin\ZCfgSvc7.exe;c:\program files\Intel\WiFi\bin\ZCfgSvc7.exe [x] S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys;c:\windows\SYSNATIVE\DRIVERS\Accelern.sys [x] S3 d554scard;Dell Wireless HSPA Mini-Card USIM Port;c:\windows\system32\DRIVERS\d554scard.sys;c:\windows\SYSNATIVE\DRIVERS\d554scard.sys [x] S3 ecnssndis; Mobile Broadband Driver;c:\windows\system32\Drivers\wwuss64.sys;c:\windows\SYSNATIVE\Drivers\wwuss64.sys [x] S3 ecnssndisfltr; Mobile Broadband Driver Filter;c:\windows\system32\Drivers\wwussf64.sys;c:\windows\SYSNATIVE\Drivers\wwussf64.sys [x] S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 Mbm3CBus;Dell Wireless 5550 HSPA+ Mini-Card Device (WDM);c:\windows\system32\DRIVERS\Mbm3CBus.sys;c:\windows\SYSNATIVE\DRIVERS\Mbm3CBus.sys [x] S3 Mbm3DevMt;Dell Wireless HSPA Mini-Card Device Management Driver (WDM);c:\windows\system32\DRIVERS\Mbm3DevMt.sys;c:\windows\SYSNATIVE\DRIVERS\Mbm3DevMt.sys [x] S3 Mbm3mdfl;Dell Wireless HSPA Mini-Card Modem Filter;c:\windows\system32\DRIVERS\Mbm3mdfl.sys;c:\windows\SYSNATIVE\DRIVERS\Mbm3mdfl.sys [x] S3 Mbm3Mdm;Dell Wireless HSPA Mini-Card Modem Driver;c:\windows\system32\DRIVERS\Mbm3Mdm.sys;c:\windows\SYSNATIVE\DRIVERS\Mbm3Mdm.sys [x] S3 O2MDRRDR;O2MDRRDR;c:\windows\system32\DRIVERS\O2MDRw7x64.sys;c:\windows\SYSNATIVE\DRIVERS\O2MDRw7x64.sys [x] S3 O2SDJRDR;O2SDJRDR;c:\windows\system32\DRIVERS\o2sdjw7x64.sys;c:\windows\SYSNATIVE\DRIVERS\o2sdjw7x64.sys [x] S3 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys;c:\windows\SYSNATIVE\DRIVERS\tmevtmgr.sys [x] S3 TmProxy;Trend Micro Client/Server Security Agent Proxy-Dienst;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe [x] S3 WwanUsbServ;Mobile Broadband Driver;c:\windows\system32\DRIVERS\WwanUsbMp64.sys;c:\windows\SYSNATIVE\DRIVERS\WwanUsbMp64.sys [x] . . --- Andere Dienste/Treiber im Speicher --- . *NewlyCreated* - WS2IFSL . Inhalt des "geplante Tasks" Ordners . 2015-01-26 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-22 17:47] . 2015-01-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-14 16:39] . 2015-01-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-14 16:39] . 2015-01-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1140785117-3275974374-1152227498-1000Core.job - c:\users\Pia Bausch\AppData\Local\Google\Update\GoogleUpdate.exe [2012-12-06 09:17] . 2015-01-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1140785117-3275974374-1152227498-1000UA.job - c:\users\Pia Bausch\AppData\Local\Google\Update\GoogleUpdate.exe [2012-12-06 09:17] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}] 2014-08-08 08:34 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}] 2014-08-08 08:34 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}] 2014-08-08 08:34 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}] 2014-08-08 08:34 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}] 2014-08-08 08:34 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-04-05 608112] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-25 525312] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-28 167704] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-28 392472] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-28 416024] "IntelPROSet"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-12-23 1934608] "DBRMTray"="c:\dell\DBRM\Reminder\DbrmTrayIcon.exe" [2011-03-08 227328] "FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2011-07-25 686704] "Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488] . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxjMrI-tVCBBJAVXjH2c_ez7MAbFNRMw7vfozUDFYZDokGR3x5WmFGLtUGdHomRE66jyhMonN5_WMm_RxI4vr-DbljOiysZ1l680Nl6VXESZFGpYNps2gqqOJCVb6z20rAEEF_SeM69XlnMvryDaC3vj7nbGW_JnJQ3jYw,, mLocal Page = c:\windows\SysWOW64\blank.htm uSearchAssistant = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxjMrI-tVCBBJAVXjH2c_ez7MAbFNRMw7vfozUDFYZDokGR3x5WmFGLtUGdHomRE66j-k0nkzoGe31QXRZZ7hCnw7D-ULd5F0mnBXXgRp1mpvGnEjSXU77vHfRGVrJmK_R_7fhYodK-WzwLNRKTxy7fU52M7wPzRbMg0Dg,,&q={searchTerms} IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm FF - ProfilePath - c:\users\Pia Bausch\AppData\Roaming\Mozilla\Firefox\Profiles\455x0jfg.default\ FF - prefs.js: browser.search.selectedEngine - webssearches FF - prefs.js: browser.startup.homepage - hxxps://www.google.de/ FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=8E2B2572-183B-4907-87CE-E0BF9CC78E8E&n=77fc6747&ind=2013030215&p2=^Y6^xdm043^YY^de&si=swissconverter&searchfor= FF - ExtSQL: !HIDDEN! 2013-03-02 15:16; 65ffxtbr@FromDocToPDF_65.com; c:\program files (x86)\FromDocToPDF_65\bar\1.bin . - - - - Entfernte verwaiste Registrierungseinträge - - - - . Toolbar-Locked - (no file) Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) Wow6432Node-HKCU-Run-LookThisUp - c:\users\Pia Bausch\AppData\Roaming\LookThisUp\LookThisUp.exe Wow6432Node-HKLM-Run-<NO NAME> - (no file) Wow6432Node-HKLM-Run-NPSStartup - (no file) HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start Toolbar-Locked - (no file) AddRemove-ftp-uploader - c:\users\Pia Bausch\Documents\notepad++\ftp-uploader\uninstall.exe AddRemove-Notepad++ - c:\users\Pia Bausch\Desktop\Notepad++\uninstall.exe . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_296_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_296_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_296_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_296_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_296.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.16" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_296.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_296.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_296.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Weitere laufende Prozesse ------------------------ . c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\windows\temp\db25.exe c:\windows\system32\DRIVERS\o2flash.exe c:\windows\sysWOW64\SDIOAssist.exe c:\program files (x86)\Plantronics\Spokes3G\SpokesUpdateService.exe c:\program files (x86)\LPT\srptsl.exe c:\users\Pia Bausch\AppData\Local\RGMService\RGMLoader.exe c:\program files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe c:\program files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe c:\windows\temp\db25.exe c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe . ************************************************************************** . Zeit der Fertigstellung: 2015-01-26 21:58:26 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2015-01-26 20:58 . Vor Suchlauf: 14 Verzeichnis(se), 93.405.253.632 Bytes frei Nach Suchlauf: 18 Verzeichnis(se), 102.600.077.312 Bytes frei . - - End Of File - - 400826B9DAC8126B8CA55E8D36F7F4E5 |
27.01.2015, 07:43 | #8 |
/// the machine /// TB-Ausbilder | WIN 7: Zugriff auf Dateien nicht mehr möglich Downloade Dir bitte Malwarebytes Anti-Malware
Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
27.01.2015, 16:57 | #9 |
| WIN 7: Zugriff auf Dateien nicht mehr möglich Hallo schrauber, Hier sind die ganzen Logfiles: mbam.txt: dafür, dass das so lange gedauert hat, ist erstaunlich wenig bei rausgekommen... Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Update, 27.01.2015 15:19:17, SYSTEM, PIABAUSCH, Manual, Remediation Database, 2013.10.16.1, 2014.12.6.1, Update, 27.01.2015 15:19:17, SYSTEM, PIABAUSCH, Manual, Rootkit Database, 2014.11.18.1, 2015.1.14.1, Update, 27.01.2015 15:19:20, SYSTEM, PIABAUSCH, Manual, Malware Database, 2014.11.20.6, 2015.1.27.6, (end) AdwClearner(S0): Code:
ATTFilter # AdwCleaner v4.109 - Bericht erstellt am 27/01/2015 um 16:28:04 # Aktualisiert 24/01/2015 von Xplode # Database : 2015-01-26.1 [Live] # Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits) # Benutzername : Pia Bausch - PIABAUSCH # Gestartet von : C:\Users\Pia Bausch\Desktop\AdwCleaner_4.109.exe # Option : Löschen ***** [ Dienste ] ***** AdwCleaner(S1): Code:
ATTFilter # AdwCleaner v4.109 - Bericht erstellt am 27/01/2015 um 16:30:43 # Aktualisiert 24/01/2015 von Xplode # Database : 2015-01-26.1 [Live] # Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits) # Benutzername : Pia Bausch - PIABAUSCH # Gestartet von : C:\Users\Pia Bausch\Desktop\AdwCleaner_4.109.exe # Option : Löschen ***** [ Dienste ] ***** [#] Dienst Gelöscht : bupService Dienst Gelöscht : LPTSystemUpdater Dienst Gelöscht : netfilter64 [#] Dienst Gelöscht : SupraSavingsService64 Dienst Gelöscht : CouponArificService64 Dienst Gelöscht : RGMUpdater Dienst Gelöscht : jzmoeejfme64 ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\ProgramData\Ask Ordner Gelöscht : C:\ProgramData\SweetIM Ordner Gelöscht : C:\ProgramData\ecee4378ff64a2ea Ordner Gelöscht : C:\Program Files (x86)\FoxTab Ordner Gelöscht : C:\Program Files (x86)\globalUpdate Ordner Gelöscht : C:\Program Files (x86)\LPT Ordner Gelöscht : C:\Program Files (x86)\Check Point Software Technologies LTD Ordner Gelöscht : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe} Ordner Gelöscht : C:\Windows\Installer\{A0C9DF2B-89B5-4483-8983-18A68200F1B4} Ordner Gelöscht : C:\Windows\SysWOW64\ARFC Ordner Gelöscht : C:\Windows\SysWOW64\jmdp Ordner Gelöscht : C:\Program Files\003 Ordner Gelöscht : C:\Windows\System32\ljkb Ordner Gelöscht : C:\Users\Pia Bausch\AppData\Local\globalUpdate [#] Ordner Gelöscht : C:\Users\Pia Bausch\AppData\Local\RGMService Ordner Gelöscht : C:\Users\Pia Bausch\AppData\Roaming\1H1Q Ordner Gelöscht : C:\Users\Pia Bausch\AppData\Roaming\BupSystem Ordner Gelöscht : C:\Users\Pia Bausch\AppData\Roaming\FoxTab Ordner Gelöscht : C:\Users\Pia Bausch\AppData\Roaming\InetStat Ordner Gelöscht : C:\Users\Pia Bausch\AppData\Roaming\Optimizer Pro Ordner Gelöscht : C:\Users\Pia Bausch\AppData\Roaming\Security Systems Ordner Gelöscht : C:\Users\Pia Bausch\AppData\Roaming\Systweak Ordner Gelöscht : C:\Users\Pia Bausch\Documents\Optimizer Pro Ordner Gelöscht : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\s4hw1lte.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} Ordner Gelöscht : C:\Users\Pia Bausch\AppData\Roaming\Mozilla\Firefox\Profiles\455x0jfg.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} Datei Gelöscht : \END Datei Gelöscht : C:\Program Files\Uninstall.exe Datei Gelöscht : C:\Windows\System32\drivers\netfilter64.sys Datei Gelöscht : C:\Windows\System32\roboot64.exe Datei Gelöscht : C:\Users\Maximilian Bausch\AppData\LocalLow\SkwConfig.bin Datei Gelöscht : C:\Users\Pia Bausch\AppData\LocalLow\SkwConfig.bin ***** [ Tasks ] ***** Task Gelöscht : LaunchApp Task Gelöscht : LaunchSignup Task Gelöscht : Optimizer Pro Schedule Task Gelöscht : Scheduled Update for Ask Toolbar ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel Gelöscht : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\sim-packages Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{06DEB529-DE09-43EC-B6E2-451AAB0FF000} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{744E0E81-BC79-4719-A58B-C98F7E78EE5D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{987D9269-F8A1-408F-BF62-4397D2F5363E} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E0722BEB-FDA1-4AA1-A2A8-15A74A5B3F70} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{065C1A21-97F8-45FB-A9F0-861B60FACEC8} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3204358F-5904-46A6-841F-D6B5BE3EF4E3} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3AE67737-0E3E-44AA-AA5E-46A68BF017FF} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3EE5B726-044A-48D2-AA7B-049BD9A0F62A} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{60FBBE03-57FF-49D8-B38E-053D3F489825} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6A5182F1-C0B8-42B8-96CC-7F329CD46913} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6C153418-8E4D-4FAF-AF27-5201E38463A7} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A26A2F05-AC4D-4A1E-9531-9125F7309B78} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CC5D6240-7DF0-435D-9B9B-F8586A99DE86} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F343045E-E20A-46E1-82D8-9962C43EFC9E} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FBB360DC-CB6C-4D6A-808A-2C773151BFFF} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FFD7DDAC-EC28-42A5-8D39-917B9078604B} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{06DEB529-DE09-43EC-B6E2-451AAB0FF000} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E00DE9B9-B128-4C39-B732-B5D85013FA48} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847} Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{36B445BF-1B84-466A-A623-A360A8CFF8C3} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{6CBF5C01-C876-481B-867E-111CB1D2A7D6} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D97143C2-4282-496B-BDC4-7EC852F1497C} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847} Schlüssel Gelöscht : HKCU\Software\GlobalUpdate Schlüssel Gelöscht : HKCU\Software\IM Schlüssel Gelöscht : HKCU\Software\ImInstaller Schlüssel Gelöscht : HKCU\Software\InetStat Schlüssel Gelöscht : HKCU\Software\OCS Schlüssel Gelöscht : HKCU\Software\Optimizer Pro Schlüssel Gelöscht : HKCU\Software\systweak Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F} Schlüssel Gelöscht : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F} Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} Schlüssel Gelöscht : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C} Schlüssel Gelöscht : HKLM\SOFTWARE\GlobalUpdate Schlüssel Gelöscht : HKLM\SOFTWARE\InstallCore Schlüssel Gelöscht : HKLM\SOFTWARE\systweak Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A0C9DF2B-89B5-4483-8983-18A68200F1B4} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DD85D6BF-4787-4A93-99A5-3F0CF0AE8834} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Features\B2FD9C0A5B9838449838816A28001F4B Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Products\B2FD9C0A5B9838449838816A28001F4B Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\427EA997C413D1D47907CBFC7B2DB432 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4318DF19719275242801CBE292063A4C Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75D5168E5E176C24981B4E5DBD991078 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8724E58E6C7D00C48A0D4F3345EB2C26 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB676B0E1B9EFA049B9F7DDDA9645734 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B31BBB0B825EDEF45AB0FE7099C68C81 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B471D8D7319336B4CA89374ED0D7B806 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BC30043663AA2CA4DA1DAA9CA5FDCC75 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E1C820A74ED67374BA048B52CB3C3804 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FDC83385E6C239F4C876A77A37DF581D Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B2FD9C0A5B9838449838816A28001F4B Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9 ***** [ Browser ] ***** -\\ Internet Explorer v11.0.9600.17496 Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs] -\\ Mozilla Firefox v34.0.5 (x86 de) [s4hw1lte.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.selectedEngine", "Web Search"); [455x0jfg.default\prefs.js] - Zeile gelöscht : user_pref("browser.newtab.url", "chrome://quick_start/content/index.html"); [455x0jfg.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.selectedEngine", "webssearches"); [455x0jfg.default\prefs.js] - Zeile gelöscht : user_pref("extensions.crossrider.bic", "1497672287961daa40c86e3d2d639d32"); [455x0jfg.default\prefs.js] - Zeile gelöscht : user_pref("extensions.mywebsearch.prevDefaultEngine", "Google"); [455x0jfg.default\prefs.js] - Zeile gelöscht : user_pref("extensions.mywebsearch.prevKwdEnabled", true); [455x0jfg.default\prefs.js] - Zeile gelöscht : user_pref("extensions.mywebsearch.prevKwdURL", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=8E2B2572-183B-4907-87CE-E0BF9CC78E8E&n=77fc6747&ind=2013030215&p2=^Y6^xdm043^YY^de&si=[...] [455x0jfg.default\prefs.js] - Zeile gelöscht : user_pref("extensions.mywebsearch.prevSelectedEngine", "Google"); [455x0jfg.default\prefs.js] - Zeile gelöscht : user_pref("extensions.quick_start.enable_search1", false); [455x0jfg.default\prefs.js] - Zeile gelöscht : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false); [455x0jfg.default\prefs.js] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=8E2B2572-183B-4907-87CE-E0BF9CC78E8E&n=77fc6747&p2=^Y6^xdm043^YY^de&si=swissconverter"); [455x0jfg.default\prefs.js] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.hp.enabled", false); [455x0jfg.default\prefs.js] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.hp.lastGuardTime", 730122569); [455x0jfg.default\prefs.js] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.hp.numGuards", 1); [455x0jfg.default\prefs.js] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.hp.user.defined", true); [455x0jfg.default\prefs.js] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.initialized", true); [455x0jfg.default\prefs.js] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.installation.contextKey", ""); [455x0jfg.default\prefs.js] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.installation.installDate", "2013030215"); [455x0jfg.default\prefs.js] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.installation.partnerId", "^Y6^xdm043^YY^de"); [455x0jfg.default\prefs.js] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.installation.partnerSubId", "swissconverter"); [455x0jfg.default\prefs.js] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.installation.success", true); [455x0jfg.default\prefs.js] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.installation.toolbarId", "8E2B2572-183B-4907-87CE-E0BF9CC78E8E"); [455x0jfg.default\prefs.js] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.lastActivePing", "1415132108696"); [455x0jfg.default\prefs.js] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.options.defaultSearch", true); [455x0jfg.default\prefs.js] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.options.homePageEnabled", true); [455x0jfg.default\prefs.js] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.options.keywordEnabled", true); [455x0jfg.default\prefs.js] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.options.tabEnabled", true); [455x0jfg.default\prefs.js] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.searchHistory", "Sie haben alle Nachrichten in Ihrem Posteingang gelesen!\r\nAlles andere\r\n \r\n11 von 1\r\n \r\n \r\n Nicht markiert \r\n \r\nMa[...] [455x0jfg.default\prefs.js] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.weather.location", "10001"); [455x0jfg.default\prefs.js] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark.hp.enabled", false); [455x0jfg.default\prefs.js] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark.hp.enabled.guid", ""); [455x0jfg.default\prefs.js] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark.lastInstalled", "fromdoctopdf@mindspark.com"); [455x0jfg.default\prefs.js] - Zeile gelöscht : user_pref("extensions.zonealarm.hmpgUrl", "hxxp://search.zonealarm.com/?src=hp&tbid=HFA5&Lan=de&gu=8954336f73fa43c3820da234747df770&tu=11Igy00EC1C01x0&sku=&tstsId=&ver=&"); [455x0jfg.default\prefs.js] - Zeile gelöscht : user_pref("extensions.zonealarm.kw_url", "hxxp://search.zonealarm.com/search?src=sp&tbid=HFA5&Lan=de&gu=8954336f73fa43c3820da234747df770&tu=11Igy00EC1C01x0&sku=&tstsId=&ver=&&q="); [455x0jfg.default\prefs.js] - Zeile gelöscht : user_pref("extensions.zonealarm.newTabUrl", "hxxp://search.zonealarm.com/?src=nt&tbid=HFA5&Lan=de&gu=8954336f73fa43c3820da234747df770&tu=11Igy00EC1C01x0&sku=&tstsId=&ver=&"); [455x0jfg.default\prefs.js] - Zeile gelöscht : user_pref("extensions.zonealarm.tlbrSrchUrl", "hxxp://search.zonealarm.com/search?src=tb&tbid=HFA5&Lan={dfltLng}&gu=8954336f73fa43c3820da234747df770&tu=11Igy00EC1C01x0&sku=&tstsId=&ver=&&q="); [455x0jfg.default\prefs.js] - Zeile gelöscht : user_pref("keyword.URL", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=8E2B2572-183B-4907-87CE-E0BF9CC78E8E&n=77fc6747&ind=2013030215&p2=^Y6^xdm043^YY^de&si=swissconverter&searchf[...] ************************* AdwCleaner[R0].txt - [642 octets] - [27/01/2015 16:22:55] AdwCleaner[R1].txt - [31672 octets] - [27/01/2015 16:25:31] AdwCleaner[R2].txt - [31792 octets] - [27/01/2015 16:29:01] AdwCleaner[S0].txt - [364 octets] - [27/01/2015 16:28:04] AdwCleaner[S1].txt - [29344 octets] - [27/01/2015 16:30:43] ########## EOF - \AdwCleaner\AdwCleaner[S1].txt - [29405 octets] ########## JRT: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.4.1 (12.28.2014:1) OS: Windows 7 Professional x64 Ran by Pia Bausch on 27.01.2015 at 16:40:40,54 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}" ~~~ Files ~~~ Folders Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{01F3BF82-C77D-442F-95BF-5571731A905E} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{027302D5-872E-4A70-9197-DBE4F2D2BE17} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{02A7239F-F9D0-4950-A1A3-AF12222D4C96} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{048539E1-A349-4036-9E4D-2D33FD8B1299} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{04DC9CA1-216E-4644-A351-1868F852BC34} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{05BA55F6-08A5-456C-A6AB-C136C8E65B12} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{080BE315-2275-4753-ACA6-6D211FEC3379} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{087E286B-6093-4AF7-A290-A9A6288B8BE3} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{0CA95CDC-C66E-4E10-ADBC-45F9885CC121} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{0D9C279D-E1CC-48DC-B4DF-7F5265CCE8D1} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{0DD92B12-4E31-4028-9645-825C3AD6279A} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{0EBE6271-5CDE-4A23-A469-4ABC228361E6} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{0EE95296-89C5-4A7C-AA98-EDAF21920728} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{0F9B86F6-489E-4E41-B790-623C1DCD14EA} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{0FE6EA69-7334-4630-9263-D492DF3FDAC8} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{110C489A-1BC4-4941-9AFA-7D325EA94594} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{13905D80-7CF5-4BF4-A744-C195AE677F1A} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{1453CB1E-DA7E-4111-880D-02A5A5811651} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{146A5B59-FBCA-4448-9E29-F1663CBE4CF3} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{154D92A2-37BE-4570-9AB0-F0B27855A852} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{158C8D92-D246-4CCB-A546-39EF66DDF131} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{178DD9CB-586A-4651-9835-41C709823F3A} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{1A35D901-6C9B-47A6-BC83-9F11B39AF444} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{1B446DC8-E130-426F-814A-B54E7E873FED} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{1B4DC712-454A-45C2-8704-B44F63EFAF4C} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{1C38C485-777D-4895-89DA-9D0C7339A2C6} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{1CA7245B-810B-490D-8DC8-3ABF4F533AD6} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{216DF6FE-D67C-418D-B8DE-268DEE50C3D6} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{22D3FF5C-9EE7-4EEF-A9E6-C74FA6C486B8} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{27DE73A7-4427-4C5E-B05A-65B3ECB8C7FF} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{2840498A-ABC7-4BC6-8A75-9FB459790EC5} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{28C0B3E3-DDA6-4B3E-8433-2930CEEFD251} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{2979A18C-74B4-4AFF-9638-B474177992A2} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{29E1DDF8-F7B3-4460-B315-F7DFB318D46E} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{2A3C0D3B-5E1F-416F-BD6C-04148BB4714C} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{2BAB8D95-04AD-46EA-A70F-88E8DFE524D9} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{2D5674F0-AC97-4490-B82E-D357E9B40250} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{2DF84EB2-96E3-45CF-A99F-9C1B331DAC3A} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{3084A338-80FE-4A6F-BD8E-4BBD28C7FFDD} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{30ED4CBA-F7E4-4699-869D-18F4EDCC65CC} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{3114927D-46CA-4787-AFDB-D371B9EFA555} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{31B0B7A2-C462-4528-B943-F2076E8BA55C} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{32D5A5EF-8AAC-4488-88AA-E42F56D5DEAD} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{355BECD2-AE09-42BC-A72D-22C630218516} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{35EEF18D-4DDD-4149-8540-4B3D106A19E7} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{3656C9F9-2871-4B0A-A3C8-3CD69D4E61DC} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{365A4ABB-2650-441A-9FB1-646121B9C1B9} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{38121AC1-5BD4-4A50-915D-0DC3DB79F044} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{3B5CC18B-FE28-402D-97B6-186648735441} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{3DC61A3A-859E-47DB-9CA8-5804008D6C87} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{41D36D23-3A7C-4E4F-8D70-9EB75354A019} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{430D18B3-FB16-488F-A60B-5CE6ED718EEB} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{44580556-DE08-4DCF-AEEC-67CAEDFB077B} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{47142B64-3B1F-499A-A8A3-E839857851F7} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{4851C15C-093C-430F-910C-6D29905CEEB6} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{4AB5EC1F-A342-401A-B4DB-1423997D0180} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{4D128925-66D5-45F9-A38F-C376CCD23520} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{4E4AB21A-6D26-4E02-B8CF-69CE84E0D888} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{4E7D7D02-A965-4F70-B494-F3FEAFAD181A} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{4FE3F93D-A5EA-44D1-B520-E75A3DDAD7F8} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{51E3A318-930C-43DD-A9DE-FEF11820648D} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{52B9705D-54F8-483A-8616-33BED31A7BD0} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{533B5FC2-0DE8-4397-AFFD-D0409AFC086E} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{5352BFC8-0456-4F6A-80FD-A093862E9D29} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{541473DC-5489-48EA-A7B5-F9496C5EA9AB} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{557DBCBB-8748-44F2-8E95-54581FB9D3B7} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{55A0A13A-FA88-40E3-89EB-C8A215DF4A00} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{57320A9A-FDE6-45B3-B46D-E8FA2EB806EF} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{577BD930-7F33-4513-ACFA-4B6DD5920A66} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{59F9C295-5D35-4415-9422-689CE4518CE1} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{5A06D204-F294-4B69-9C2C-E7930B300C3C} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{5AC6FF44-D6BE-419B-BC2A-A1020815498F} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{5F754BD1-45C5-4A7C-B307-1D0C74FD9969} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{61757730-0430-4E8C-BFF9-8BBCE1BB2567} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{62187C01-37E5-4D03-A18C-32896476E003} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{63D479E2-4637-4481-B43B-1275E0B0140C} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{65654212-F451-4283-AA60-6072664C27AD} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{67EB3D4E-0BC6-419F-B3D2-D7286DF42F4E} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{686DBE52-24A1-41EA-951E-585B0303400B} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{698FE566-0F5B-4164-B149-295064DDD932} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{6AB33023-E331-4BAC-9108-1AF1D81FFDB6} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{6AC7F96A-F798-4EC0-8EF0-1F5363A0D5A3} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{6BEF7B82-EF8F-4395-A5A9-DA4ED90A0578} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{6C20F74F-1317-438C-A846-C1096190D01E} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{6D8B17AA-F4C5-4F88-B4B2-37304EB3C1B0} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{6ED5AD95-2570-437B-992A-8918634764B8} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{6FFD89AC-9BC8-4511-9095-193773903C8C} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{70983BBF-B666-4598-A60C-BEEA2D0B4D71} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{70A691DC-38D9-4D72-B405-D116C30CBC16} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{71826EEA-CAB7-4366-91F8-95EE69943FB0} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{71DF1915-F23D-40E3-856B-4BEE8FA89033} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{7254B237-E3DE-4EB6-896F-D6AED1ADABC8} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{74B66D00-8AA8-4BC0-AD99-838DCA967B5F} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{74D2C44D-26C4-4601-B11E-246879E6F023} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{76D3D8DA-C960-4069-AF01-2B1BAA8D44A1} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{77C46E40-5F08-4952-A984-225F5542A8FA} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{7852E1B7-705B-4B11-B687-37BD597103A5} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{79E65F58-6701-49F4-A2EA-1E4FC2D1B67E} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{7BEB1F5A-D04A-4562-BB70-F791C60755AC} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{7C385310-CD6E-408C-9E85-F1B96E88F4CB} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{8155D7E0-B942-4CEF-B1D9-8D164C475A59} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{81EB9CFA-C147-4743-A020-934E3DCB9D3C} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{83B85099-3EB7-48E5-9DA5-F41FF9CDF66B} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{860D57A2-B657-441C-A0F7-E6D43981E7DE} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{878CEAC5-DA90-454D-BD3C-F744A89154F2} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{883C2572-9717-4B6E-9106-9BE1A7C58198} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{89DD8C9D-29FC-48E8-A16E-A7524190A76B} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{8AE01F11-8A18-4D5D-A982-126D604BA2D6} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{8B7FB949-CEA9-44E9-A4A3-05A24228C0E2} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{8C046970-55E1-410B-B4E6-464696BB27D8} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{8DD1699E-5295-4970-9166-B4C9ABDE7B14} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{8E831672-26C1-4ED5-8FA1-ACC5EF8DC0E2} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{900C9AA3-0E23-4AE4-982F-58925840203D} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{90B9FBD8-7D94-484F-A152-5A388259FB3E} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{9272929D-F927-4174-94D1-92B58CC9702E} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{92C4F806-E414-4B50-B05B-B4E68591757F} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{944AFDD8-EEDF-4F68-B45B-2E12073BDABD} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{94501B59-1F9A-4470-BE53-CBAFA5368402} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{95520C54-E7A6-40C4-8A3B-580A69F49677} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{9567C1DD-8DAB-47BC-B99C-75DF110FB34B} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{974326E3-785E-46C1-8CF8-9F8159869BE5} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{9748D2AA-85C3-4F41-8CD2-0D974EF81724} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{97A831AD-7DDC-4E42-9BEC-AAB5E6D3EBDD} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{98662463-424B-4584-B092-2D06A65F810C} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{999F5B80-7B69-4BD3-ADE2-199A8657DA86} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{9BC616EA-7901-476C-A0C4-2716E6698E52} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{9CE086D1-FCFA-4ECB-B38D-36C181CA24D0} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{9D21CF03-6546-46AE-9565-2F6DCB0BD0F3} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{9DFCF418-141E-4971-8148-4B9E78B7B855} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{9F351756-96CA-431C-ABA4-53F2E0E334BF} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{9F89ABC1-360D-41B8-8783-55565BECDB60} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{9FABCA0A-50F5-4561-BBFC-C8663F85C6A4} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{A07D9E5C-DCB0-4338-A3E7-59E9A366676F} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{A0C92320-C905-4514-BDB9-BF3F31315707} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{A5737A2D-0E86-43FA-87EA-86059B34A294} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{A8780F5C-6D39-4CC3-8724-1195C42E7D72} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{A8C27417-7D35-47E1-8118-B4162407C43E} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{A8C8216C-2BC5-4FA3-8E05-F81CDFB4386A} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{A9A287BC-99FB-45D8-90C1-61D9A179BE14} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{AB0AA8DB-E976-4C9F-A40A-CA874C0335DB} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{ACCB4563-619B-430B-980F-52E5FCC4F6C5} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{B0491C09-6041-4278-844A-6C370F2C5CD8} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{B15C8211-77D3-4731-A4DF-6AE33B595C9D} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{B211B5F0-8382-4215-9395-D8FA56648C1A} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{B45E2CEA-6975-4B06-B257-1E8F901C0F44} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{B70F0999-1CCF-4038-98CB-4028BAF3AF25} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{B799F5F0-6D48-4F3E-BA0C-368989649632} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{B887C78E-AFB3-47C4-8675-4AB53CDE92A1} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{B9D39252-6ABE-4F18-9065-E2897CDA72A5} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{BB24D11A-EA4F-44FC-A96F-D5593FC0FED1} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{BF915CDC-E5AC-4EFA-8554-04045C8E19CE} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{C5CE8C17-2991-4894-9C22-700372E2DCFF} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{C75D616C-A444-4E13-BE73-84DEBCD2AFFA} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{C7924354-9C8D-4640-9AA1-ECFD29192ECA} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{C7EA81DC-047C-41B0-A452-87F6FCC8317F} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{CAD2BE22-4EE2-4FA6-85D3-FAAA29858013} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{CB6293BB-4C38-4E2F-BF4A-F570D39CBF61} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{CB841598-F5C6-462A-B8E8-A09ECCD53BF4} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{CBA15479-EFDD-4DD9-A276-BF130C1DF0CA} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{CEAEA331-BCB5-4731-8D32-148744C55930} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{CF9EDEEF-C8DE-4621-BD9C-B63305051417} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{CFB3A00D-76D9-4277-B167-426EB3B8E3DE} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{D1EC619E-052F-4DFC-A3DF-2E2F524592D8} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{D441CEB5-CBC8-426C-BE62-1024B7DE3741} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{D53C5286-D72E-4D88-AF0D-43B2DD52A70C} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{D7B4791F-346F-4D5F-89A6-AA0E316BDD96} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{D89BE8B3-9102-49D9-808F-26A4FB975B32} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{D9797F17-B0C2-426B-9FEC-73923D0519ED} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{D9970B65-6E34-416B-9A4F-7F7F756E3752} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{DA5057AF-9459-43F0-93B9-632323CD08F2} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{DAC59757-A9B0-4BA1-8F6E-EB3E88C4B195} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{DB2D68B4-6062-4485-B8DC-91796C7F37A8} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{DD7B08DF-9345-41F4-9F16-7C78944C1987} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{DDF6F121-A6AD-4DC2-8827-EBC64B54275B} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{DE358A14-E454-466A-9E6F-36CDCAB38DAA} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{DF0DA3A1-8405-4453-94A4-5B5C80ECAF39} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{DF33F295-83A4-423A-A09E-ABB537450D69} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{DFA12B72-0D4C-4E7D-982C-BA24997DED82} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{E144533C-CF19-4927-8A66-DCC451DBDC06} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{E30D0E98-49EF-4FA9-A32F-49E993918D8D} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{E33127D6-FFDB-4556-8254-144012982F65} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{E3F58A50-647A-4B98-A8FE-723D720A1D4E} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{E5DC1230-FEAE-49E9-879B-FF29465D265A} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{E6A14B3F-7A23-417B-8FF6-BE3502A16F5C} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{E74C00E8-4AB1-4053-920F-25DD038BA59E} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{E8603699-3FA5-4632-B23E-25D5E5402FA2} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{E87184AE-D9EE-4188-8302-C50BE8F30F2B} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{E97F41AD-FEE6-4149-9A2D-C4259703412E} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{EB3A69B1-7DB4-4B80-B32A-3EF2237C6DE9} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{EC46D0C1-2C5B-49D4-93C7-F7C8B88F56A6} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{ED86AF6E-0CB8-494C-B37D-9B4848E6E153} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{EECE4B38-B98F-40B4-A576-65E3BE3B5ECB} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{EFAAE7E8-1F18-44AA-8602-5BC65C4EFD9F} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{F056AEC3-FB6C-4228-B8EF-2E3D8A5CD443} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{F0A99E17-0A23-456E-8BB3-8141B974DCD9} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{F365BFAE-BB7E-4F59-B81C-99C2781BF56D} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{F36F328C-89B0-42D2-889D-7B1BA1A84E3A} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{F54A9937-A717-4A49-9996-C05F04FE8012} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{F590B518-387A-4098-A464-D1D19D1AC819} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{F71233D2-0681-4391-AC02-5A91F098865A} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{F8F39365-1A15-428E-911F-9BEABC21FB04} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{F90A913A-3902-4A07-9011-E8FB3FF32EDE} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{F9507CAE-BF64-4484-9CF4-86C19AD3D151} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{F9936B17-EEFB-48CA-B98C-2BDFC721C188} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{F9FF37FF-A089-4799-8AE2-7B0167B45C14} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{FB2C6C3F-9A13-4496-82C7-28BFAC64163E} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{FD4EBB00-3581-40A7-AE63-83D4FCEF43DF} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{FE5747C4-7A98-477E-A67F-F102A6A4131F} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{FE68109A-6C90-49E4-9528-9B24A13E1273} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{FF7A9E08-223C-448A-81D6-163F39594706} Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{FFFDD4A7-F7C3-4130-B987-E3CAA00A2264} ~~~ FireFox Emptied folder: C:\Users\Pia Bausch\AppData\Roaming\mozilla\firefox\profiles\455x0jfg.default\minidumps [839 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 27.01.2015 at 16:44:50,50 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Frst: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01 Ran by Pia Bausch (administrator) on PIABAUSCH on 27-01-2015 16:47:25 Running from C:\Users\Pia Bausch\Desktop\Virus Programme Loaded Profiles: Pia Bausch (Available profiles: Pia Bausch & Gast) Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AuthenTec, Inc.) C:\Program Files\Fingerprint Sensor\ATService.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Broadcom Corporation) C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe (Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe (Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\Ntrtscan.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (O2Micro International) C:\Windows\System32\drivers\o2flash.exe () C:\Windows\SysWOW64\srvany.exe (O2Micro.) C:\Windows\SysWOW64\SDIOAssist.exe (Plantronics, Inc.) C:\Program Files (x86)\Plantronics\Spokes3G\SpokesUpdateService.exe (Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe (Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmListen.exe (Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Ericsson AB) C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\PccNtMon.exe () C:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Dell Computer Corporation) C:\dell\DBRM\Reminder\DbrmTrayicon.exe () C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe (PixArt Imaging Incorporation) C:\Windows\PixArt\Pac207\Monitor.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe (Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe (Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe (Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe (Plantronics, Inc.) C:\Program Files (x86)\Plantronics\Spokes3G\PLTSpokes.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Dell Inc.) C:\Program Files\Dell\Dell System Manager\PanelHelper32.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [608112 2011-04-05] (Alps Electric Co., Ltd.) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-25] (IDT, Inc.) HKLM\...\Run: [IntelPROSet] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1934608 2010-12-23] (Intel(R) Corporation) HKLM\...\Run: [DBRMTray] => C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe [227328 2011-03-08] (Dell Computer Corporation) HKLM\...\Run: [FreeFallProtection] => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2011-07-25] () HKLM\...\Run: [Monitor] => C:\Windows\PixArt\PAC207\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation) HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2009-07-06] (CyberLink Corp.) HKLM-x32\...\Run: [PDVD9LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-04-29] (CyberLink Corp.) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions) HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] () HKLM-x32\...\Run: [OfficeScanNT Monitor] => c:\Program Files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe [2112536 2013-03-19] (Trend Micro Inc.) HKLM-x32\...\Run: [OE] => c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TMAS_OE\TMAS_OEMon.exe [846672 2010-08-10] (Trend Micro Inc.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.) HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [832272 2014-05-21] (BlueStack Systems, Inc.) HKLM-x32\...\Run: [PLTSpokes.exe] => C:\Program Files (x86)\Plantronics\Spokes3G\PLTSpokes.exe [6579600 2014-10-23] (Plantronics, Inc.) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3977576 2015-01-20] (LogMeIn Inc.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.) HKU\S-1-5-21-1140785117-3275974374-1152227498-1000\...\Run: [AutoStartNPSAgent] => C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe [95576 2010-07-04] (Samsung Electronics Co., Ltd.) HKU\S-1-5-21-1140785117-3275974374-1152227498-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google) HKU\S-1-5-21-1140785117-3275974374-1152227498-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-12-17] (Garmin Ltd or its subsidiaries) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell System Manager.lnk ShortcutTarget: Dell System Manager.lnk -> C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe (Dell Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files (x86)\Digital Line Detect\DLG.exe (Avanquest Software ) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.) Startup: C:\Users\Pia Bausch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-1140785117-3275974374-1152227498-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-1140785117-3275974374-1152227498-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-1140785117-3275974374-1152227498-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://g.uk.msn.com/USREL/8 StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM -> {935B0526-B2BB-4248-A009-C85668DE6358} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1056\TmIEPlg.dll (Trend Micro Inc.) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1056\TmIEPlg32.dll (Trend Micro Inc.) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKU\.DEFAULT -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1056\TmIEPlg.dll (Trend Micro Inc.) Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1056\TmIEPlg32.dll (Trend Micro Inc.) FireFox: ======== FF ProfilePath: C:\Users\Pia Bausch\AppData\Roaming\Mozilla\Firefox\Profiles\455x0jfg.default FF Homepage: https://www.google.de/ FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll () FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1140785117-3275974374-1152227498-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Pia Bausch\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF Plugin HKU\S-1-5-21-1140785117-3275974374-1152227498-1000: @talk.google.com/O1DPlugin -> C:\Users\Pia Bausch\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) FF Plugin HKU\S-1-5-21-1140785117-3275974374-1152227498-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Pia Bausch\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKU\S-1-5-21-1140785117-3275974374-1152227498-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Pia Bausch\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKU\S-1-5-21-1140785117-3275974374-1152227498-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10174.dll (Amazon.com, Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\Pia Bausch\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC) FF Plugin ProgramFiles/Appdata: C:\Users\Pia Bausch\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google) FF Plugin ProgramFiles/Appdata: C:\Users\Pia Bausch\AppData\Roaming\mozilla\plugins\npo1d.dll (Google) FF Extension: jid1xKH0EoS44u1a2wjetpack - C:\Users\Pia Bausch\AppData\Roaming\Mozilla\Firefox\Profiles\455x0jfg.default\Extensions\jid1-xKH0EoS44u1a2w@jetpack [2014-11-07] FF Extension: Foxy Security - C:\Users\Pia Bausch\AppData\Roaming\Mozilla\Firefox\Profiles\455x0jfg.default\Extensions\sys@foxysecurity.com [2014-05-30] FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\Pia Bausch\AppData\Roaming\Mozilla\Firefox\Profiles\455x0jfg.default\Extensions\elemhidehelper@adblockplus.org.xpi [2014-11-16] FF Extension: NoScript - C:\Users\Pia Bausch\AppData\Roaming\Mozilla\Firefox\Profiles\455x0jfg.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-11-16] FF Extension: Adblock Plus - C:\Users\Pia Bausch\AppData\Roaming\Mozilla\Firefox\Profiles\455x0jfg.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-16] FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1056\FirefoxExtension FF Extension: Trend Micro NSC Firefox Extension - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1056\FirefoxExtension [2012-10-07] FF HKU\S-1-5-21-1140785117-3275974374-1152227498-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] Chrome: ======= CHR dev: Chrome dev build detected! <======= ATTENTION CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 BrcmMgmtAgent; C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [158720 2010-06-29] (Broadcom Corporation) [File not signed] S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [402192 2014-05-21] (BlueStack Systems, Inc.) R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385808 2014-05-21] (BlueStack Systems, Inc.) R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [774928 2014-05-21] (BlueStack Systems, Inc.) R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [451416 2014-12-17] (Garmin Ltd or its subsidiaries) R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-01-14] (LogMeIn, Inc.) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.) R2 ntrtscan; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\ntrtscan.exe [1824800 2013-03-18] (Trend Micro Inc.) R2 O2SDIOAssist; c:\Windows\SysWOW64\srvany.exe [8192 2003-04-19] () [File not signed] R2 PlantronicsUpdateService; C:\Program Files (x86)\Plantronics\Spokes3G\SpokesUpdateService.exe [1183120 2014-10-23] (Plantronics, Inc.) S3 ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [430592 2008-04-07] (Nokia.) [File not signed] R2 svcGenericHost; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [50208 2013-01-11] (Trend Micro Inc.) S2 tcsd_win32.exe; C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1629696 2010-07-13] () [File not signed] R3 TMBMServer; c:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe [571928 2013-03-13] () [File not signed] R2 tmlisten; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmlisten.exe [2060904 2013-03-18] (Trend Micro Inc.) R3 TmProxy; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe [918064 2012-08-08] (Trend Micro Inc.) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 WMCoreService; C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe [586280 2011-02-23] (Ericsson AB) R2 ZcfgSvc7; C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe [992256 2010-12-23] (Intel(R) Corporation) [File not signed] S3 SecureStorageService; "C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe" [X] S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [123152 2014-05-21] (BlueStack Systems) S3 d554gps; C:\Windows\System32\DRIVERS\d554gps64.sys [101416 2010-12-02] (Ericsson AB) R3 d554scard; C:\Windows\System32\DRIVERS\d554scard.sys [61992 2010-11-19] (Ericsson AB) R3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2010-02-24] (Ericsson AB) R3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [30248 2010-02-24] (Ericsson AB) S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-01-20] () S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [44480 2011-05-17] (hxxp://libusb-win32.sourceforge.net) R3 Mbm3CBus; C:\Windows\System32\DRIVERS\Mbm3CBus.sys [411208 2010-11-01] (MCCI Corporation) R3 Mbm3DevMt; C:\Windows\System32\DRIVERS\Mbm3DevMt.sys [419912 2010-11-01] (MCCI Corporation) R3 Mbm3mdfl; C:\Windows\System32\DRIVERS\Mbm3mdfl.sys [19528 2010-11-01] (MCCI Corporation) R3 Mbm3Mdm; C:\Windows\System32\DRIVERS\Mbm3Mdm.sys [472648 2010-11-01] (MCCI Corporation) S3 PAC207; C:\Windows\System32\DRIVERS\PFC027.SYS [572416 2006-12-05] (PixArt Imaging Inc.) R3 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [82840 2012-10-30] () [File not signed] R1 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [174016 2012-11-13] () [File not signed] R3 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [65872 2012-10-30] () [File not signed] R2 TmFilter; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys [344376 2012-07-17] (Trend Micro Inc.) R2 TmPreFilter; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmPreFlt.sys [42808 2012-07-17] (Trend Micro Inc.) R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [109080 2013-01-09] (Trend Micro Inc.) R2 VSApiNt; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\VSApiNt.sys [2224952 2012-07-17] (Trend Micro Inc.) R3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp64.sys [276520 2011-02-08] (Ericsson AB) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-27 16:44 - 2015-01-27 16:44 - 00024354 _____ () C:\Users\Pia Bausch\Desktop\JRT.txt 2015-01-27 16:40 - 2015-01-27 16:40 - 01707939 _____ (Thisisu) C:\Users\Pia Bausch\Desktop\JRT.exe 2015-01-27 16:40 - 2015-01-27 16:40 - 00000000 ____D () C:\Windows\ERUNT 2015-01-27 16:39 - 2015-01-27 16:31 - 00029896 _____ () C:\Users\Pia Bausch\Desktop\AdwCleaner[S1].txt 2015-01-27 16:39 - 2015-01-27 16:28 - 00000364 _____ () C:\Users\Pia Bausch\Desktop\AdwCleaner[S0].txt 2015-01-27 16:21 - 2015-01-27 16:31 - 00000000 ____D () C:\AdwCleaner 2015-01-27 16:17 - 2015-01-27 16:19 - 00000373 _____ () C:\Users\Pia Bausch\Desktop\mbam.txt 2015-01-27 15:19 - 2015-01-27 15:19 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-01-27 15:18 - 2015-01-27 15:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-01-27 15:18 - 2015-01-27 15:18 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-01-27 15:18 - 2015-01-27 15:18 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-01-27 15:18 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-01-27 15:18 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-01-27 15:18 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-01-26 21:58 - 2015-01-26 21:58 - 00044901 _____ () C:\ComboFix.txt 2015-01-26 21:20 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe 2015-01-26 21:20 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe 2015-01-26 21:20 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-01-26 21:20 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-01-26 21:20 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-01-26 21:20 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe 2015-01-26 21:20 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe 2015-01-26 21:20 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe 2015-01-26 21:18 - 2015-01-26 21:58 - 00000000 ____D () C:\Qoobox 2015-01-26 21:17 - 2015-01-26 21:56 - 00000000 ____D () C:\Windows\erdnt 2015-01-26 21:04 - 2015-01-26 21:04 - 05609462 ____R (Swearware) C:\Users\Pia Bausch\Desktop\ComboFix.exe 2015-01-26 18:20 - 2015-01-26 18:20 - 00001373 _____ () C:\Users\Pia Bausch\Desktop\Minecraft.lnk 2015-01-26 17:37 - 2015-01-27 16:47 - 00000000 ____D () C:\Users\Pia Bausch\Desktop\Virus Programme 2015-01-26 16:46 - 2015-01-26 16:46 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2015-01-25 21:53 - 2015-01-25 21:53 - 00000074 _____ () C:\Users\Default\AppData\Roaming\WB.CFG 2015-01-25 21:53 - 2015-01-25 21:53 - 00000074 _____ () C:\Users\Default User\AppData\Roaming\WB.CFG 2015-01-25 16:09 - 2015-01-27 16:47 - 00000000 ____D () C:\FRST 2015-01-25 16:05 - 2015-01-25 16:05 - 00000000 _____ () C:\Users\Pia Bausch\defogger_reenable 2015-01-24 13:43 - 2015-01-24 13:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi 2015-01-24 13:43 - 2015-01-24 13:43 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi 2015-01-20 22:17 - 2015-01-20 22:17 - 00000000 _____ () C:\autoexec.bat 2015-01-20 20:21 - 2015-01-20 20:21 - 00000000 __SHD () C:\Users\Pia Bausch\AppData\Local\EmieBrowserModeList 2015-01-20 19:53 - 2015-01-20 19:53 - 00000000 ____D () C:\sh4ldr 2015-01-20 19:52 - 2015-01-26 17:19 - 00000000 ____D () C:\Program Files\Enigma Software Group 2015-01-20 19:52 - 2015-01-20 19:52 - 00022704 _____ () C:\Windows\system32\Drivers\EsgScanner.sys 2015-01-16 22:10 - 2015-01-24 14:50 - 00000112 _____ () C:\ProgramData\42G8625p.dat 2015-01-14 16:19 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2015-01-14 16:19 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2015-01-14 16:19 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-01-14 16:19 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-01-14 16:19 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-01-14 16:19 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-01-14 16:19 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-01-14 16:19 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-01-14 16:19 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-01-14 16:19 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2015-01-14 16:19 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll 2015-01-14 16:19 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll 2015-01-14 16:19 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll 2015-01-12 18:35 - 2015-01-12 18:35 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia 2015-01-12 18:35 - 2015-01-12 18:35 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Adobe 2015-01-12 18:35 - 2015-01-12 18:35 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia 2015-01-12 18:35 - 2015-01-12 18:35 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Adobe 2015-01-12 17:44 - 2015-01-12 17:44 - 06388344 _____ (Tim Kosse) C:\Users\Pia Bausch\Downloads\FileZilla_3.10.0_win32-setup.exe 2014-12-30 18:49 - 2014-12-30 18:49 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-12-30 18:49 - 2014-12-30 18:49 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-12-30 18:49 - 2014-12-30 18:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-27 16:47 - 2012-07-22 11:23 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-01-27 16:42 - 2009-07-14 05:45 - 00031088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-01-27 16:42 - 2009-07-14 05:45 - 00031088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-01-27 16:36 - 2014-05-19 16:38 - 00000000 ___RD () C:\Users\Pia Bausch\Google Drive 2015-01-27 16:36 - 2011-08-25 16:57 - 00000000 ____D () C:\ProgramData\Sonic 2015-01-27 16:35 - 2014-12-05 15:37 - 00000000 ____D () C:\Users\Pia Bausch\AppData\Local\LogMeIn Hamachi 2015-01-27 16:33 - 2012-01-14 17:39 - 00001114 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-01-27 16:33 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-01-27 16:33 - 2009-07-14 05:51 - 00169000 _____ () C:\Windows\setupact.log 2015-01-27 16:32 - 2010-11-21 04:47 - 00728116 _____ () C:\Windows\PFRO.log 2015-01-27 16:31 - 2012-03-14 18:52 - 00005019 _____ () C:\Windows\TMFilter.log 2015-01-27 16:31 - 2011-08-25 09:10 - 01393640 _____ () C:\Windows\WindowsUpdate.log 2015-01-27 16:22 - 2012-01-14 17:39 - 00001118 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-01-27 16:21 - 2012-12-06 18:14 - 00001140 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1140785117-3275974374-1152227498-1000UA.job 2015-01-27 16:17 - 2014-11-03 17:08 - 00000000 ____D () C:\Program Files\E52BA74C-5F88-4F08-A1B8-3FC89D881FD1 2015-01-27 16:17 - 2014-11-03 17:08 - 00000000 ____D () C:\Program Files (x86)\E52BA74C-5F88-4F08-A1B8-3FC89D881FD1 2015-01-27 16:17 - 2014-04-13 12:29 - 00000000 ____D () C:\Program Files\CamStudio 2.7 2015-01-26 22:08 - 2014-11-25 19:18 - 00000000 ____D () C:\Users\Pia Bausch\AppData\Roaming\.minecraft 2015-01-26 21:58 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default 2015-01-26 21:53 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini 2015-01-26 21:38 - 2009-07-14 03:34 - 98041856 _____ () C:\Windows\system32\config\SOFTWARE.bak 2015-01-26 21:38 - 2009-07-14 03:34 - 22020096 _____ () C:\Windows\system32\config\SYSTEM.bak 2015-01-26 21:38 - 2009-07-14 03:34 - 01835008 _____ () C:\Windows\system32\config\DEFAULT.bak 2015-01-26 21:38 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak 2015-01-26 21:38 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak 2015-01-26 20:00 - 2012-12-06 18:14 - 00001088 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1140785117-3275974374-1152227498-1000Core.job 2015-01-26 18:51 - 2014-10-01 20:04 - 00000000 ____D () C:\Users\Pia Bausch\Desktop\Instagram 2015-01-26 18:47 - 2012-07-22 11:23 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-01-26 18:47 - 2012-07-22 11:23 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-01-26 18:47 - 2011-08-25 16:17 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-01-26 17:46 - 2013-03-16 11:30 - 00007597 _____ () C:\Users\Pia Bausch\AppData\Local\resmon.resmoncfg 2015-01-26 17:32 - 2010-11-21 07:50 - 00902840 _____ () C:\Windows\system32\perfh007.dat 2015-01-26 17:32 - 2010-11-21 07:50 - 00215232 _____ () C:\Windows\system32\perfc007.dat 2015-01-26 17:32 - 2009-07-14 06:13 - 02165128 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-01-26 17:27 - 2012-01-14 17:39 - 00000000 ____D () C:\Program Files\Google 2015-01-26 17:27 - 2012-01-14 17:39 - 00000000 ____D () C:\Program Files (x86)\Google 2015-01-26 17:13 - 2012-01-14 17:39 - 00000000 ____D () C:\Users\Pia Bausch\AppData\Local\Google 2015-01-26 17:10 - 2012-02-11 17:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Purplehills 2015-01-26 17:10 - 2011-11-26 15:31 - 00000000 ____D () C:\Program Files (x86)\Purplehills 2015-01-26 17:08 - 2012-11-13 15:48 - 00000000 ____D () C:\Users\Pia Bausch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Purplehills 2015-01-26 17:04 - 2011-12-11 15:18 - 00000000 ____D () C:\Program Files (x86)\WB Games 2015-01-26 17:03 - 2012-08-20 14:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LEGO Media 2015-01-25 16:05 - 2011-11-03 09:02 - 00000000 ____D () C:\Users\Pia Bausch 2015-01-23 17:24 - 2013-12-14 17:00 - 00000000 ____D () C:\Users\Pia Bausch\AppData\Roaming\Skype 2015-01-21 20:06 - 2011-02-11 18:45 - 02139408 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2015-01-20 18:21 - 2011-11-03 09:03 - 00000000 ____D () C:\Windows\System32\Tasks\Dell 2015-01-15 03:15 - 2013-08-13 17:30 - 00000000 ____D () C:\Windows\system32\MRT 2015-01-15 03:02 - 2012-08-09 16:27 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-01-14 11:32 - 2013-08-29 12:53 - 00033856 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys 2015-01-12 17:59 - 2014-07-21 16:15 - 00000000 ____D () C:\Users\Pia Bausch\AppData\Roaming\FileZilla 2014-12-30 18:49 - 2013-12-14 17:00 - 00000000 ____D () C:\ProgramData\Skype ==================== Files in the root of some directories ======= 2013-02-26 07:28 - 2013-02-26 07:28 - 0027762 _____ () C:\Program Files\changes.txt 2013-02-26 07:34 - 2013-02-26 07:34 - 2547384 _____ (Beepa P/L) C:\Program Files\fraps.exe 2013-02-26 07:34 - 2013-02-26 07:34 - 0234168 _____ (Beepa P/L) C:\Program Files\fraps32.dll 2013-02-26 07:34 - 2013-02-26 07:34 - 0068792 _____ (Beepa P/L) C:\Program Files\fraps64.dat 2013-02-26 07:34 - 2013-02-26 07:34 - 0186552 _____ (Beepa P/L) C:\Program Files\fraps64.dll 2013-02-26 07:30 - 2013-02-26 07:30 - 0140288 _____ (Beepa P/L) C:\Program Files\frapslcd.dll 2014-11-27 16:04 - 2014-11-27 16:04 - 0000180 _____ () C:\Program Files\FRAPSLOG.TXT 2013-02-26 07:27 - 2013-02-26 07:27 - 0001894 _____ () C:\Program Files\README.HTM 2014-04-13 12:30 - 2014-04-13 15:41 - 0000108 _____ () C:\Users\Pia Bausch\AppData\Roaming\Camdata.ini 2014-04-13 12:30 - 2014-04-13 15:41 - 0000408 _____ () C:\Users\Pia Bausch\AppData\Roaming\CamLayout.ini 2014-04-13 12:30 - 2014-04-13 15:41 - 0000408 _____ () C:\Users\Pia Bausch\AppData\Roaming\CamShapes.ini 2014-04-13 12:30 - 2014-04-13 12:33 - 0004535 _____ () C:\Users\Pia Bausch\AppData\Roaming\CamStudio.cfg 2014-04-13 12:29 - 2014-04-13 12:30 - 0000096 _____ () C:\Users\Pia Bausch\AppData\Roaming\version2.xml 2014-01-29 14:54 - 2014-11-17 16:53 - 0000181 _____ () C:\Users\Pia Bausch\AppData\Roaming\WB.CFG 2014-11-29 19:28 - 2014-11-29 19:28 - 0002085 _____ () C:\Users\Pia Bausch\AppData\Local\recently-used.xbel 2013-03-16 11:30 - 2015-01-26 17:46 - 0007597 _____ () C:\Users\Pia Bausch\AppData\Local\resmon.resmoncfg 2015-01-16 22:10 - 2015-01-24 14:50 - 0000112 _____ () C:\ProgramData\42G8625p.dat Files to move or delete: ==================== C:\ProgramData\42G8625p.dat Some content of TEMP: ==================== C:\Users\Pia Bausch\AppData\Local\Temp\Quarantine.exe C:\Users\Pia Bausch\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-15 03:51 ==================== End Of Log ============================ Noch was? LG Nailimixam |
27.01.2015, 20:18 | #10 |
/// the machine /// TB-Ausbilder | WIN 7: Zugriff auf Dateien nicht mehr möglichESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
29.01.2015, 20:43 | #11 |
| WIN 7: Zugriff auf Dateien nicht mehr möglich Hallo Schrauber, Seit nun 4 Tagen läuft alles wieder normal und hier hast du die LogFiles: Nach einem 4 Stunden Scan hast du hier einmal das ESET File: Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=9bc18d6d79fe504bb54934c2ab30458d # engine=22191 # end=stopped # remove_checked=false # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2015-01-28 07:36:26 # local_time=2015-01-28 08:36:26 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='' # compatibility_mode=5893 16776574 100 94 47535192 174103636 0 0 # scanned=165522 # found=9 # cleaned=0 # scan_time=5346 sh=76F8B6DA213CC978ED725C6692C923DAC98F376A ft=1 fh=50739a65f3f6c9e3 vn="Win32/Toolbar.Montiera.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.28.13\uninstall.exe.vir" sh=9102A32937AB48CBB7B5C231DFB137544E6A7292 ft=1 fh=c71c001111686caf vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.28.13\zonealarmEng.dll.vir" sh=45EFACCD20D1336144DEE1F28327C680BA7A5013 ft=1 fh=68f55a713b39f592 vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.28.13\zonealarmsrv.exe.vir" sh=76B997BE33132963D2D177908AB15DC0C69C7E89 ft=1 fh=b39dacf1316c7436 vn="Variante von Win32/Adware.Synatix.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Pia Bausch\AppData\Roaming\BupSystem\bup.exe.vir" sh=CB5FE6296C4D941C0D43D41F59BB19163C55ED77 ft=1 fh=30812d360a4b1b62 vn="Variante von Win32/Adware.Synatix.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Pia Bausch\AppData\Roaming\Security Systems\uninstaller.exe.vir" sh=985AE5B998513B7D9C2749DF15CAE7C04C3BDC9E ft=1 fh=2f9831d32275f6eb vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir" sh=32EEE1864E49A4FA06A68005D78A42202771D551 ft=1 fh=d4756073afcc2186 vn="Variante von Win32/Toolbar.Perion.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\SysWOW64\jmdp\lmrn.dll.vir" sh=1F4C2E6BCF89CECF7E57FCA218A3ED10A5879828 ft=1 fh=ecb34756e46ac693 vn="Variante von Win32/Toolbar.Perion.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\SysWOW64\jmdp\stij.exe.vir" sh=3D31E87F70321B6CB922AC99E29EBC123628DD95 ft=1 fh=c71c0011006e2f22 vn="Variante von Win32/InstallCore.PO evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Pia Bausch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileZilla_3.8.1_win32-setup.exe" ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=9bc18d6d79fe504bb54934c2ab30458d # engine=22206 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2015-01-29 07:31:02 # local_time=2015-01-29 08:31:02 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='' # compatibility_mode=5893 16776574 100 94 47621268 174189712 0 0 # scanned=394849 # found=68 # cleaned=68 # scan_time=14192 sh=76F8B6DA213CC978ED725C6692C923DAC98F376A ft=1 fh=50739a65f3f6c9e3 vn="Win32/Toolbar.Montiera.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.28.13\uninstall.exe.vir" sh=9102A32937AB48CBB7B5C231DFB137544E6A7292 ft=1 fh=c71c001111686caf vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.28.13\zonealarmEng.dll.vir" sh=45EFACCD20D1336144DEE1F28327C680BA7A5013 ft=1 fh=68f55a713b39f592 vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.28.13\zonealarmsrv.exe.vir" sh=76B997BE33132963D2D177908AB15DC0C69C7E89 ft=1 fh=b39dacf1316c7436 vn="Variante von Win32/Adware.Synatix.A Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Pia Bausch\AppData\Roaming\BupSystem\bup.exe.vir" sh=CB5FE6296C4D941C0D43D41F59BB19163C55ED77 ft=1 fh=30812d360a4b1b62 vn="Variante von Win32/Adware.Synatix.A Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Pia Bausch\AppData\Roaming\Security Systems\uninstaller.exe.vir" sh=985AE5B998513B7D9C2749DF15CAE7C04C3BDC9E ft=1 fh=2f9831d32275f6eb vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir" sh=32EEE1864E49A4FA06A68005D78A42202771D551 ft=1 fh=d4756073afcc2186 vn="Variante von Win32/Toolbar.Perion.H evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Windows\SysWOW64\jmdp\lmrn.dll.vir" sh=1F4C2E6BCF89CECF7E57FCA218A3ED10A5879828 ft=1 fh=ecb34756e46ac693 vn="Variante von Win32/Toolbar.Perion.H evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Windows\SysWOW64\jmdp\stij.exe.vir" sh=3D31E87F70321B6CB922AC99E29EBC123628DD95 ft=1 fh=c71c0011006e2f22 vn="Variante von Win32/InstallCore.PO evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Pia Bausch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileZilla_3.8.1_win32-setup.exe" sh=60D983B6E4BBE6948D6D3843B496A16F08EC8732 ft=1 fh=e9f93426d08f6c3e vn="Variante von Win32/InstallCore.IK evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Pia Bausch\Downloads\MineCraftSetup.exe" sh=10E7E2EFE0BEE60E7E739345FB3173EF72B6317E ft=1 fh=7ae656790eead3cc vn="Variante von Win32/AdGazelle.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Pia Bausch\Downloads\setup.exe" sh=40943BBEF6EB8DB24A2E9992B2738E800A1DD817 ft=1 fh=ef4af3541a9ac90b vn="Variante von Win32/TrojanDownloader.Agent.SEQ Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Windows\temp\db25.exe" sh=297AB44B22D59DC00DA6E7138A6F57CAAA379D74 ft=1 fh=a263ea30718c1c6d vn="Variante von Win64/Adware.Adpeak.C Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="G:\$RECYCLE.BIN\$R6V6X5E\Program Files\003\jzmoeejfme64.exe" sh=9CC0144E22C42369A64211F8A575BE30220654C3 ft=1 fh=02d73a0dd3fb975b vn="Variante von Win32/AdWare.CouponAmazing.B Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="G:\$RECYCLE.BIN\$R6V6X5E\Program Files\E52BA74C-5F88-4F08-A1B8-3FC89D881FD1\xkymsyyrfh.dll" sh=977B60DEF45F24048D040ECDCAA65BB332C6B449 ft=1 fh=164dad5fc31d40af vn="Variante von Win32/AdSuproot Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="G:\$RECYCLE.BIN\$R6V6X5E\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe" sh=2C8981A59216CCB644BE5FBC92DBB7F8F0188F99 ft=1 fh=6aad921543298e71 vn="Variante von Win32/AdSuproot.A Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="G:\$RECYCLE.BIN\$R6V6X5E\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe" sh=D95DA6EB1B41CE144BC78AA7EF8FDBA782692156 ft=1 fh=038f0e9c2aa6fcd9 vn="Variante von Win32/AdSuproot Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="G:\$RECYCLE.BIN\$R6V6X5E\Users\Default\AppData\Roaming\Compatibility Verifier\d3dcompiler_46.dll" sh=6FAC18F40A0B9D8591E636CB3B40208DE00A527D ft=1 fh=f4fb7f62c46286d7 vn="Variante von Win32/AdSuproot Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="G:\$RECYCLE.BIN\$R6V6X5E\Users\Default\AppData\Roaming\Compatibility Verifier\ffmpegsumo.dll" sh=2E6E4C2FDF55F1E6CB989861ABC276BF28DE1F0C ft=1 fh=ab455342bbbbf6b6 vn="Variante von Win32/AdSuproot Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="G:\$RECYCLE.BIN\$R6V6X5E\Users\Default\AppData\Roaming\Compatibility Verifier\libEGL.dll" sh=A759EFBF880BDF0268F7ACA91E5C7CFA184EC6BA ft=1 fh=8b9d0fa7f7d4506b vn="Variante von Win32/AdSuproot Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="G:\$RECYCLE.BIN\$R6V6X5E\Users\Default\AppData\Roaming\Compatibility Verifier\libGLESv2.dll" sh=560236056E7C0D6603562B7296CBA8EDA6B081D5 ft=1 fh=27394455615c306e vn="Variante von Win32/AdSuproot Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="G:\$RECYCLE.BIN\$R6V6X5E\Users\Default\AppData\Roaming\Compatibility Verifier\NPSWF32_15_0_0_189.dll" sh=73098BBBA6CBC76BF206226FBDC659758EAC7F0B ft=1 fh=6c165ff8a046d46e vn="Win32/Adware.Synatix.B Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="G:\$RECYCLE.BIN\$R6V6X5E\Users\Pia Bausch\AppData\LocalLow\systems ie bho\bho.dll" sh=0E674FAFB4638D9AC4331B408BC7CBAA10365BCF ft=1 fh=088f5814993f5afe vn="Variante von Win32/Toolbar.CrossRider.AX evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="G:\$RECYCLE.BIN\$R6V6X5E\Users\Pia Bausch\AppData\Roaming\BCQYCY.exe" sh=D9700A0A02694AE608B22E0D80FC1DDFF69C7CB5 ft=1 fh=7db8db801c48cbad vn="Variante von Win32/Toolbar.CrossRider.AX evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="G:\$RECYCLE.BIN\$R6V6X5E\Users\Pia Bausch\AppData\Roaming\CJJORAH.exe" sh=5946107EAC2E4827BB97223C060DC63CAC00EBF6 ft=1 fh=d505eef8383e67ac vn="Variante von Win64/Adware.Adpeak.F Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="G:\$RECYCLE.BIN\$R6V6X5E\Program Files (x86)\0892CCEA-3029-46F2-BD98-F3177431F5F8\xtloowpkjv64.exe" sh=76F8B6DA213CC978ED725C6692C923DAC98F376A ft=1 fh=50739a65f3f6c9e3 vn="Win32/Toolbar.Montiera.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="G:\$RECYCLE.BIN\$R6V6X5E\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.28.13\uninstall.exe" sh=9102A32937AB48CBB7B5C231DFB137544E6A7292 ft=1 fh=c71c001111686caf vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="G:\$RECYCLE.BIN\$R6V6X5E\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.28.13\zonealarmEng.dll" sh=45EFACCD20D1336144DEE1F28327C680BA7A5013 ft=1 fh=68f55a713b39f592 vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="G:\$RECYCLE.BIN\$R6V6X5E\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.28.13\zonealarmsrv.exe" sh=268979BC94F89E29C10C925824C49D5C9B5B1C09 ft=1 fh=029569cfdc034e29 vn="Variante von Win64/Adware.Adpeak.F Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="G:\$RECYCLE.BIN\$R6V6X5E\Program Files (x86)\E52BA74C-5F88-4F08-A1B8-3FC89D881FD1\hmhfslexky64.exe" sh=99DF98DFEF4B483889FA88162D20EE46340A5DBE ft=1 fh=e6e2c196b2ffcb6f vn="Win32/Toolbar.MyWebSearch.W evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="G:\$RECYCLE.BIN\$R6V6X5E\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65auxstb.dll" sh=023614C5AD02AA589BB785CA5CF50DCF194C7AA8 ft=1 fh=38e3c675fc09b45d vn="Win32/Toolbar.MyWebSearch.W evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="G:\$RECYCLE.BIN\$R6V6X5E\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65bar.dll" sh=56CF4F2AC44C6ADD5CDCD419BA4B99D22DC7A0E3 ft=1 fh=46ed14ba69906e9f vn="Win32/Toolbar.MyWebSearch.X evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="G:\$RECYCLE.BIN\$R6V6X5E\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65barsvc.exe" sh=0F78FE90AF015B0A511EDE007BD1791A341E891E ft=1 fh=d4fd6df3b7cf992d vn="Win32/Toolbar.MyWebSearch.W evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="G:\$RECYCLE.BIN\$R6V6X5E\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65brmon.exe" sh=12FF3195BDACA5482034AAC3C3E132D5ADA421A9 ft=1 fh=982f80d197512813 vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="G:\$RECYCLE.BIN\$R6V6X5E\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65brstub.dll" sh=BAEFCB03679575349E01668C4F0938643BAAA022 ft=1 fh=45ba6b521529362d vn="Variante von Win32/Toolbar.MyWebSearch.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="G:\$RECYCLE.BIN\$R6V6X5E\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65datact.dll" sh=0C88EFCFA1C77D597111125A6C031CEB47B18BA7 ft=1 fh=b856def4c7346ea3 vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="G:\$RECYCLE.BIN\$R6V6X5E\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65dlghk.dll" sh=8090E240F528004402B29C11E5072BED79D95384 ft=1 fh=73e118282d8d3c4a vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="G:\$RECYCLE.BIN\$R6V6X5E\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65dyn.dll" sh=2CA2EA6CF1AD1FE87C25D4AB6B1C7729E48C6390 ft=1 fh=a34a8b9082c46c86 vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="G:\$RECYCLE.BIN\$R6V6X5E\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65feedmg.dll" sh=9788294F2B8AB28DBAE4C73BB61A6B1200BDD89D ft=1 fh=af8ed8fd644fe8ac vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="G:\$RECYCLE.BIN\$R6V6X5E\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65highin.exe" sh=9D54BAF23397E5F1444BC6471052AD234B76FBD3 ft=1 fh=2ab58862c927227b vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="G:\$RECYCLE.BIN\$R6V6X5E\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65hkstub.dll" sh=EAA9D46B8FAB8F3D48BB239ADFE46BA312434017 ft=1 fh=2506fdd3752ff6fe vn="Variante von Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="G:\$RECYCLE.BIN\$R6V6X5E\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65htmlmu.dll" sh=978867B422339E68971E56C49C66F14F2ACD745D ft=1 fh=dd289cd2c7a55037 vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="G:\$RECYCLE.BIN\$R6V6X5E\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65httpct.dll" sh=DC971C75FFCE77CC952FB6660A2603E09D62D4D9 ft=1 fh=ac2f97e786bfc982 vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="G:\$RECYCLE.BIN\$R6V6X5E\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65idle.dll" sh=92AC05FFF3AD68271062A3DCB87E12EE6B816DDB ft=1 fh=acec1e59f99ab2fd vn="Variante von Win32/Toolbar.MyWebSearch.P evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="G:\$RECYCLE.BIN\$R6V6X5E\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65ieovr.dll" sh=5AE09DF85A30864BBE5F3E6D782358C8F95CDB95 ft=1 fh=a6fc020f2a9ed637 vn="Win32/Toolbar.MyWebSearch.W evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="G:\$RECYCLE.BIN\$R6V6X5E\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65impipe.exe" sh=556C4FCA5D890F17B7B5040A601B42452A205E29 ft=1 fh=0f2a31b21601aeb5 vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="G:\$RECYCLE.BIN\$R6V6X5E\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65medint.exe" sh=3EB4A6A25199E6339EC04F36189C71738DE63CE7 ft=1 fh=eafb3b5bfaf84345 vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="G:\$RECYCLE.BIN\$R6V6X5E\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65mlbtn.dll" sh=DFD07B722E317D1CDDAAB7D5B31BFAB57CC5E739 ft=1 fh=507b4871517a4ad4 vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="G:\$RECYCLE.BIN\$R6V6X5E\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65msg.dll" sh=A62045168FE92EC16E7764ECD96F592D2D63BB7C ft=1 fh=681e62fc23c41c6e vn="Variante von Win32/Toolbar.MyWebSearch evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="G:\$RECYCLE.BIN\$R6V6X5E\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65Plugin.dll" sh=77C8DC985373B1E5D9035ECB3A831C7DD1ABFD55 ft=1 fh=e1f880731de07609 vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="G:\$RECYCLE.BIN\$R6V6X5E\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65radio.dll" sh=C5F26031D5E0C487BFF0D60AA44603135BF60395 ft=1 fh=a846ae5344ec78c3 vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="G:\$RECYCLE.BIN\$R6V6X5E\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65regfft.dll" sh=C9C4AAE19A349C578399BAC5A5D780ED8BE3AB00 ft=1 fh=b136be0af2d0d6fc vn="Variante von Win32/Toolbar.MyWebSearch.W evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="G:\$RECYCLE.BIN\$R6V6X5E\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65reghk.dll" sh=65D604A070334183E5034CDEEC5838E46D705794 ft=1 fh=3d9a604351eb1640 vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="G:\$RECYCLE.BIN\$R6V6X5E\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65regiet.dll" sh=72E48F7F37E208A52AD975EAECAB29FC50223C27 ft=1 fh=958a563919bf5cc2 vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="G:\$RECYCLE.BIN\$R6V6X5E\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65script.dll" sh=857980A7B7AB77FF8E34A090CCD76B8BA628E7E4 ft=1 fh=6c9ac10ea3ee1cdd vn="Variante von Win32/Toolbar.MyWebSearch.P evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="G:\$RECYCLE.BIN\$R6V6X5E\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65skin.dll" sh=496310EE0816B49176E03226DB102FAE9AA452B4 ft=1 fh=ceffc168909c0690 vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="G:\$RECYCLE.BIN\$R6V6X5E\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65sknlcr.dll" sh=F5946D49A70A64072739370E7BAD592FE4799EA1 ft=1 fh=5bc3efb780caf8fa vn="Win32/Toolbar.MyWebSearch.W evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="G:\$RECYCLE.BIN\$R6V6X5E\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65skplay.exe" sh=BE21D76E502D546B2D88093E13F07923EB59380B ft=1 fh=7424967c664ed914 vn="Variante von Win32/Toolbar.MyWebSearch.AC evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="G:\$RECYCLE.BIN\$R6V6X5E\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65SrcAs.dll" sh=585A73EB1DFA6B0B5C5FF5D76212FD8D0CEF4DF4 ft=1 fh=4b5f86942f564423 vn="Variante von Win32/Toolbar.MyWebSearch.W evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="G:\$RECYCLE.BIN\$R6V6X5E\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65SrchMn.exe" sh=41D9D722E583CBEB3DA15061BE203C4428E6EF60 ft=1 fh=ea5ef91dc0a8d24b vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="G:\$RECYCLE.BIN\$R6V6X5E\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65tpinst.dll" sh=110033F4A78DCA521E8BA73F75747E4E3B6AE545 ft=1 fh=21686246ae128bdd vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="G:\$RECYCLE.BIN\$R6V6X5E\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65uabtn.dll" sh=1A9718003447798445400B9F6D232AF3077D2A93 ft=1 fh=900c8fac5a4df2da vn="Win32/Toolbar.MyWebSearch.W evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="G:\$RECYCLE.BIN\$R6V6X5E\Program Files (x86)\FromDocToPDF_65\bar\1.bin\CREXT.DLL" sh=3A657ACEB92289972EFA3565B6FEDD7238C3A4B1 ft=1 fh=bc1ec2ace187a07a vn="Win32/Toolbar.MyWebSearch.W evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="G:\$RECYCLE.BIN\$R6V6X5E\Program Files (x86)\FromDocToPDF_65\bar\1.bin\CrExtP65.exe" sh=DAA1C73CAAFEAB79763F1D930CF923FDF0BC17C1 ft=1 fh=d1f5167ec82f0e89 vn="Win32/Toolbar.MyWebSearch.T evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="G:\$RECYCLE.BIN\$R6V6X5E\Program Files (x86)\FromDocToPDF_65\bar\1.bin\NP65Stub.dll" sh=244310F981448E11F34B9981614B6FA9BE973446 ft=1 fh=a66d4ad4dd5d0c5d vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="G:\$RECYCLE.BIN\$R6V6X5E\Program Files (x86)\FromDocToPDF_65\bar\1.bin\T8EXTEX.DLL" sh=B8944722E8D577E67925DD4A72D1D8E44C3BC6CA ft=1 fh=6f8a20cf4b11d7b0 vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="G:\$RECYCLE.BIN\$R6V6X5E\Program Files (x86)\FromDocToPDF_65\bar\1.bin\T8EXTPEX.DLL" sh=A8B583E2BFA2B7E04C3719FF000CCF7151AEEA7F ft=1 fh=c7c54f98ed54b65c vn="Variante von Win32/Toolbar.MyWebSearch.F evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="G:\$RECYCLE.BIN\$R6V6X5E\Program Files (x86)\FromDocToPDF_65\bar\1.bin\T8HTML.DLL" sh=6299F84C0BE27BB9FA1F8ED7823B2CCD27F090B5 ft=1 fh=b986eb091e1005cc vn="Win32/Toolbar.MyWebSearch.W evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="G:\$RECYCLE.BIN\$R6V6X5E\Program Files (x86)\FromDocToPDF_65\bar\1.bin\T8TICKER.DLL" Code:
ATTFilter Results of screen317's Security Check version 0.99.95 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Trend Micro Client/Server Security Agent Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Java 8 Update 25 Java version 32-bit out of Date! Java 64-bit 8 Update 31 Adobe Flash Player 16.0.0.296 Adobe Reader 10.1.10 Adobe Reader out of Date! Mozilla Firefox 34.0.5 Firefox out of Date! ````````Process Check: objlist.exe by Laurent```````` Trend Micro OfficeScan Client pccntmon.exe Trend Micro Client Server Security Agent ntrtscan.exe Trend Micro Client Server Security Agent HostedAgent svcGenericHost.exe Trend Micro Client Server Security Agent tmlisten.exe Trend Micro Client Server Security Agent HostedAgent HostedAgent.exe Trend Micro BM TMBMSRV.exe Trend Micro Client Server Security Agent TmProxy.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-01-2015 Ran by Pia Bausch (administrator) on PIABAUSCH on 29-01-2015 20:38:43 Running from C:\Users\Pia Bausch\Desktop\Virus Programme Loaded Profiles: Pia Bausch (Available profiles: Pia Bausch & Gast) Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AuthenTec, Inc.) C:\Program Files\Fingerprint Sensor\ATService.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe (Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Broadcom Corporation) C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Dell Computer Corporation) C:\dell\DBRM\Reminder\DbrmTrayicon.exe () C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe (PixArt Imaging Incorporation) C:\Windows\PixArt\Pac207\Monitor.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe (Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe (Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\PccNtMon.exe (Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe (Plantronics, Inc.) C:\Program Files (x86)\Plantronics\Spokes3G\PLTSpokes.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe (Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\Ntrtscan.exe (O2Micro International) C:\Windows\System32\drivers\o2flash.exe (Dell Inc.) C:\Program Files\Dell\Dell System Manager\PanelHelper32.exe () C:\Windows\SysWOW64\srvany.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (O2Micro.) C:\Windows\SysWOW64\SDIOAssist.exe (Plantronics, Inc.) C:\Program Files (x86)\Plantronics\Spokes3G\SpokesUpdateService.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe (Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmListen.exe (Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Ericsson AB) C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe () C:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe (Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Google Inc.) C:\Users\Pia Bausch\AppData\Local\Google\Update\GoogleUpdate.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe () C:\Users\Pia Bausch\Desktop\SecurityCheck.exe (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [608112 2011-04-05] (Alps Electric Co., Ltd.) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-25] (IDT, Inc.) HKLM\...\Run: [IntelPROSet] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1934608 2010-12-23] (Intel(R) Corporation) HKLM\...\Run: [DBRMTray] => C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe [227328 2011-03-08] (Dell Computer Corporation) HKLM\...\Run: [FreeFallProtection] => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2011-07-25] () HKLM\...\Run: [Monitor] => C:\Windows\PixArt\PAC207\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation) HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2009-07-06] (CyberLink Corp.) HKLM-x32\...\Run: [PDVD9LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-04-29] (CyberLink Corp.) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions) HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] () HKLM-x32\...\Run: [OfficeScanNT Monitor] => c:\Program Files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe [2112536 2013-03-19] (Trend Micro Inc.) HKLM-x32\...\Run: [OE] => c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TMAS_OE\TMAS_OEMon.exe [846672 2010-08-10] (Trend Micro Inc.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.) HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [832272 2014-05-21] (BlueStack Systems, Inc.) HKLM-x32\...\Run: [PLTSpokes.exe] => C:\Program Files (x86)\Plantronics\Spokes3G\PLTSpokes.exe [6579600 2014-10-23] (Plantronics, Inc.) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3977576 2015-01-20] (LogMeIn Inc.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.) HKU\S-1-5-21-1140785117-3275974374-1152227498-1000\...\Run: [AutoStartNPSAgent] => C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe [95576 2010-07-04] (Samsung Electronics Co., Ltd.) HKU\S-1-5-21-1140785117-3275974374-1152227498-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google) HKU\S-1-5-21-1140785117-3275974374-1152227498-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-12-17] (Garmin Ltd or its subsidiaries) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell System Manager.lnk ShortcutTarget: Dell System Manager.lnk -> C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe (Dell Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files (x86)\Digital Line Detect\DLG.exe (Avanquest Software ) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.) Startup: C:\Users\Pia Bausch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-1140785117-3275974374-1152227498-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-1140785117-3275974374-1152227498-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-1140785117-3275974374-1152227498-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://g.uk.msn.com/USREL/8 SearchScopes: HKLM -> {935B0526-B2BB-4248-A009-C85668DE6358} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1056\TmIEPlg.dll (Trend Micro Inc.) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1056\TmIEPlg32.dll (Trend Micro Inc.) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKU\.DEFAULT -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1056\TmIEPlg.dll (Trend Micro Inc.) Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1056\TmIEPlg32.dll (Trend Micro Inc.) FireFox: ======== FF ProfilePath: C:\Users\Pia Bausch\AppData\Roaming\Mozilla\Firefox\Profiles\455x0jfg.default FF Homepage: https://www.google.de/ FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll () FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1140785117-3275974374-1152227498-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Pia Bausch\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF Plugin HKU\S-1-5-21-1140785117-3275974374-1152227498-1000: @talk.google.com/O1DPlugin -> C:\Users\Pia Bausch\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) FF Plugin HKU\S-1-5-21-1140785117-3275974374-1152227498-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Pia Bausch\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKU\S-1-5-21-1140785117-3275974374-1152227498-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Pia Bausch\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKU\S-1-5-21-1140785117-3275974374-1152227498-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10174.dll (Amazon.com, Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\Pia Bausch\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC) FF Plugin ProgramFiles/Appdata: C:\Users\Pia Bausch\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google) FF Plugin ProgramFiles/Appdata: C:\Users\Pia Bausch\AppData\Roaming\mozilla\plugins\npo1d.dll (Google) FF Extension: jid1xKH0EoS44u1a2wjetpack - C:\Users\Pia Bausch\AppData\Roaming\Mozilla\Firefox\Profiles\455x0jfg.default\Extensions\jid1-xKH0EoS44u1a2w@jetpack [2014-11-07] FF Extension: Foxy Security - C:\Users\Pia Bausch\AppData\Roaming\Mozilla\Firefox\Profiles\455x0jfg.default\Extensions\sys@foxysecurity.com [2014-05-30] FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\Pia Bausch\AppData\Roaming\Mozilla\Firefox\Profiles\455x0jfg.default\Extensions\elemhidehelper@adblockplus.org.xpi [2014-11-16] FF Extension: NoScript - C:\Users\Pia Bausch\AppData\Roaming\Mozilla\Firefox\Profiles\455x0jfg.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-11-16] FF Extension: Adblock Plus - C:\Users\Pia Bausch\AppData\Roaming\Mozilla\Firefox\Profiles\455x0jfg.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-16] FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1056\FirefoxExtension FF Extension: Trend Micro NSC Firefox Extension - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1056\FirefoxExtension [2012-10-07] FF HKU\S-1-5-21-1140785117-3275974374-1152227498-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] Chrome: ======= CHR dev: Chrome dev build detected! <======= ATTENTION CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 BrcmMgmtAgent; C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [158720 2010-06-29] (Broadcom Corporation) [File not signed] S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [402192 2014-05-21] (BlueStack Systems, Inc.) R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385808 2014-05-21] (BlueStack Systems, Inc.) R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [774928 2014-05-21] (BlueStack Systems, Inc.) R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [451416 2014-12-17] (Garmin Ltd or its subsidiaries) R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-01-14] (LogMeIn, Inc.) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.) R2 ntrtscan; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\ntrtscan.exe [1824800 2013-03-18] (Trend Micro Inc.) R2 O2SDIOAssist; c:\Windows\SysWOW64\srvany.exe [8192 2003-04-19] () [File not signed] R2 PlantronicsUpdateService; C:\Program Files (x86)\Plantronics\Spokes3G\SpokesUpdateService.exe [1183120 2014-10-23] (Plantronics, Inc.) S3 ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [430592 2008-04-07] (Nokia.) [File not signed] R2 svcGenericHost; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [50208 2013-01-11] (Trend Micro Inc.) S2 tcsd_win32.exe; C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1629696 2010-07-13] () [File not signed] R3 TMBMServer; c:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe [571928 2013-03-13] () [File not signed] R2 tmlisten; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmlisten.exe [2060904 2013-03-18] (Trend Micro Inc.) R3 TmProxy; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe [918064 2012-08-08] (Trend Micro Inc.) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 WMCoreService; C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe [586280 2011-02-23] (Ericsson AB) R2 ZcfgSvc7; C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe [992256 2010-12-23] (Intel(R) Corporation) [File not signed] S3 SecureStorageService; "C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe" [X] S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [123152 2014-05-21] (BlueStack Systems) S3 d554gps; C:\Windows\System32\DRIVERS\d554gps64.sys [101416 2010-12-02] (Ericsson AB) R3 d554scard; C:\Windows\System32\DRIVERS\d554scard.sys [61992 2010-11-19] (Ericsson AB) R3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2010-02-24] (Ericsson AB) R3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [30248 2010-02-24] (Ericsson AB) S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-01-20] () S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [44480 2011-05-17] (hxxp://libusb-win32.sourceforge.net) R3 Mbm3CBus; C:\Windows\System32\DRIVERS\Mbm3CBus.sys [411208 2010-11-01] (MCCI Corporation) R3 Mbm3DevMt; C:\Windows\System32\DRIVERS\Mbm3DevMt.sys [419912 2010-11-01] (MCCI Corporation) R3 Mbm3mdfl; C:\Windows\System32\DRIVERS\Mbm3mdfl.sys [19528 2010-11-01] (MCCI Corporation) R3 Mbm3Mdm; C:\Windows\System32\DRIVERS\Mbm3Mdm.sys [472648 2010-11-01] (MCCI Corporation) S3 PAC207; C:\Windows\System32\DRIVERS\PFC027.SYS [572416 2006-12-05] (PixArt Imaging Inc.) R3 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [82840 2012-10-30] () [File not signed] R1 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [174016 2012-11-13] () [File not signed] R3 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [65872 2012-10-30] () [File not signed] R2 TmFilter; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys [344376 2012-07-17] (Trend Micro Inc.) R2 TmPreFilter; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmPreFlt.sys [42808 2012-07-17] (Trend Micro Inc.) R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [109080 2013-01-09] (Trend Micro Inc.) R2 VSApiNt; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\VSApiNt.sys [2224952 2012-07-17] (Trend Micro Inc.) R3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp64.sys [276520 2011-02-08] (Ericsson AB) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-29 20:33 - 2015-01-29 20:33 - 00852573 _____ () C:\Users\Pia Bausch\Desktop\SecurityCheck.exe 2015-01-28 19:05 - 2015-01-28 19:05 - 02347384 _____ (ESET) C:\Users\Pia Bausch\Desktop\esetsmartinstaller_deu.exe 2015-01-28 19:05 - 2015-01-28 19:05 - 00000000 ____D () C:\Program Files (x86)\ESET 2015-01-27 16:40 - 2015-01-27 16:40 - 00000000 ____D () C:\Windows\ERUNT 2015-01-27 16:21 - 2015-01-27 16:31 - 00000000 ____D () C:\AdwCleaner 2015-01-27 15:19 - 2015-01-27 15:19 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-01-27 15:18 - 2015-01-27 15:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-01-27 15:18 - 2015-01-27 15:18 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-01-27 15:18 - 2015-01-27 15:18 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-01-27 15:18 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-01-27 15:18 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-01-27 15:18 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-01-26 21:58 - 2015-01-26 21:58 - 00044901 _____ () C:\ComboFix.txt 2015-01-26 21:20 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe 2015-01-26 21:20 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe 2015-01-26 21:20 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-01-26 21:20 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-01-26 21:20 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-01-26 21:20 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe 2015-01-26 21:20 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe 2015-01-26 21:20 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe 2015-01-26 21:18 - 2015-01-26 21:58 - 00000000 ____D () C:\Qoobox 2015-01-26 21:17 - 2015-01-26 21:56 - 00000000 ____D () C:\Windows\erdnt 2015-01-26 21:04 - 2015-01-26 21:04 - 05609462 ____R (Swearware) C:\Users\Pia Bausch\Desktop\ComboFix.exe 2015-01-26 18:20 - 2015-01-26 18:20 - 00001373 _____ () C:\Users\Pia Bausch\Desktop\Minecraft.lnk 2015-01-26 17:37 - 2015-01-29 20:38 - 00000000 ____D () C:\Users\Pia Bausch\Desktop\Virus Programme 2015-01-26 16:46 - 2015-01-26 16:46 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2015-01-25 21:53 - 2015-01-25 21:53 - 00000074 _____ () C:\Users\Default\AppData\Roaming\WB.CFG 2015-01-25 21:53 - 2015-01-25 21:53 - 00000074 _____ () C:\Users\Default User\AppData\Roaming\WB.CFG 2015-01-25 16:09 - 2015-01-29 20:39 - 00000000 ____D () C:\FRST 2015-01-25 16:05 - 2015-01-25 16:05 - 00000000 _____ () C:\Users\Pia Bausch\defogger_reenable 2015-01-24 13:43 - 2015-01-24 13:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi 2015-01-24 13:43 - 2015-01-24 13:43 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi 2015-01-20 22:17 - 2015-01-20 22:17 - 00000000 _____ () C:\autoexec.bat 2015-01-20 20:21 - 2015-01-20 20:21 - 00000000 __SHD () C:\Users\Pia Bausch\AppData\Local\EmieBrowserModeList 2015-01-20 19:53 - 2015-01-20 19:53 - 00000000 ____D () C:\sh4ldr 2015-01-20 19:52 - 2015-01-26 17:19 - 00000000 ____D () C:\Program Files\Enigma Software Group 2015-01-20 19:52 - 2015-01-20 19:52 - 00022704 _____ () C:\Windows\system32\Drivers\EsgScanner.sys 2015-01-16 22:10 - 2015-01-24 14:50 - 00000112 _____ () C:\ProgramData\42G8625p.dat 2015-01-14 16:19 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2015-01-14 16:19 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2015-01-14 16:19 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-01-14 16:19 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-01-14 16:19 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-01-14 16:19 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-01-14 16:19 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-01-14 16:19 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-01-14 16:19 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-01-14 16:19 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2015-01-14 16:19 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll 2015-01-14 16:19 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll 2015-01-14 16:19 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll 2015-01-12 18:35 - 2015-01-12 18:35 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia 2015-01-12 18:35 - 2015-01-12 18:35 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Adobe 2015-01-12 18:35 - 2015-01-12 18:35 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia 2015-01-12 18:35 - 2015-01-12 18:35 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Adobe 2015-01-12 17:44 - 2015-01-12 17:44 - 06388344 _____ (Tim Kosse) C:\Users\Pia Bausch\Downloads\FileZilla_3.10.0_win32-setup.exe 2014-12-30 18:49 - 2014-12-30 18:49 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-12-30 18:49 - 2014-12-30 18:49 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-12-30 18:49 - 2014-12-30 18:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-29 20:22 - 2012-01-14 17:39 - 00001118 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-01-29 20:21 - 2012-12-06 18:14 - 00001140 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1140785117-3275974374-1152227498-1000UA.job 2015-01-29 20:05 - 2014-11-25 19:18 - 00000000 ____D () C:\Users\Pia Bausch\AppData\Roaming\.minecraft 2015-01-29 19:58 - 2014-10-01 20:04 - 00000000 ____D () C:\Users\Pia Bausch\Desktop\Instagram 2015-01-29 19:47 - 2012-07-22 11:23 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-01-29 19:45 - 2011-08-25 09:10 - 01464615 _____ () C:\Windows\WindowsUpdate.log 2015-01-29 19:22 - 2012-01-14 17:39 - 00001114 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-01-29 19:21 - 2012-12-06 18:14 - 00001088 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1140785117-3275974374-1152227498-1000Core.job 2015-01-29 16:37 - 2009-07-14 05:45 - 00031088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-01-29 16:37 - 2009-07-14 05:45 - 00031088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-01-29 16:29 - 2014-05-19 16:38 - 00000000 ___RD () C:\Users\Pia Bausch\Google Drive 2015-01-29 16:28 - 2014-12-05 15:37 - 00000000 ____D () C:\Users\Pia Bausch\AppData\Local\LogMeIn Hamachi 2015-01-29 16:28 - 2011-08-25 16:57 - 00000000 ____D () C:\ProgramData\Sonic 2015-01-29 16:27 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-01-29 16:26 - 2009-07-14 05:51 - 00169112 _____ () C:\Windows\setupact.log 2015-01-28 18:57 - 2010-11-21 04:47 - 00728466 _____ () C:\Windows\PFRO.log 2015-01-27 16:31 - 2012-03-14 18:52 - 00005019 _____ () C:\Windows\TMFilter.log 2015-01-27 16:17 - 2014-11-03 17:08 - 00000000 ____D () C:\Program Files\E52BA74C-5F88-4F08-A1B8-3FC89D881FD1 2015-01-27 16:17 - 2014-11-03 17:08 - 00000000 ____D () C:\Program Files (x86)\E52BA74C-5F88-4F08-A1B8-3FC89D881FD1 2015-01-27 16:17 - 2014-04-13 12:29 - 00000000 ____D () C:\Program Files\CamStudio 2.7 2015-01-26 21:58 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default 2015-01-26 21:53 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini 2015-01-26 21:38 - 2009-07-14 03:34 - 98041856 _____ () C:\Windows\system32\config\SOFTWARE.bak 2015-01-26 21:38 - 2009-07-14 03:34 - 22020096 _____ () C:\Windows\system32\config\SYSTEM.bak 2015-01-26 21:38 - 2009-07-14 03:34 - 01835008 _____ () C:\Windows\system32\config\DEFAULT.bak 2015-01-26 21:38 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak 2015-01-26 21:38 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak 2015-01-26 18:47 - 2012-07-22 11:23 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-01-26 18:47 - 2012-07-22 11:23 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-01-26 18:47 - 2011-08-25 16:17 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-01-26 17:46 - 2013-03-16 11:30 - 00007597 _____ () C:\Users\Pia Bausch\AppData\Local\resmon.resmoncfg 2015-01-26 17:32 - 2010-11-21 07:50 - 00902840 _____ () C:\Windows\system32\perfh007.dat 2015-01-26 17:32 - 2010-11-21 07:50 - 00215232 _____ () C:\Windows\system32\perfc007.dat 2015-01-26 17:32 - 2009-07-14 06:13 - 02165128 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-01-26 17:27 - 2012-01-14 17:39 - 00000000 ____D () C:\Program Files\Google 2015-01-26 17:27 - 2012-01-14 17:39 - 00000000 ____D () C:\Program Files (x86)\Google 2015-01-26 17:13 - 2012-01-14 17:39 - 00000000 ____D () C:\Users\Pia Bausch\AppData\Local\Google 2015-01-26 17:10 - 2012-02-11 17:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Purplehills 2015-01-26 17:10 - 2011-11-26 15:31 - 00000000 ____D () C:\Program Files (x86)\Purplehills 2015-01-26 17:08 - 2012-11-13 15:48 - 00000000 ____D () C:\Users\Pia Bausch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Purplehills 2015-01-26 17:04 - 2011-12-11 15:18 - 00000000 ____D () C:\Program Files (x86)\WB Games 2015-01-26 17:03 - 2012-08-20 14:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LEGO Media 2015-01-25 16:05 - 2011-11-03 09:02 - 00000000 ____D () C:\Users\Pia Bausch 2015-01-23 17:24 - 2013-12-14 17:00 - 00000000 ____D () C:\Users\Pia Bausch\AppData\Roaming\Skype 2015-01-21 20:06 - 2011-02-11 18:45 - 02139408 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2015-01-20 18:21 - 2011-11-03 09:03 - 00000000 ____D () C:\Windows\System32\Tasks\Dell 2015-01-15 03:15 - 2013-08-13 17:30 - 00000000 ____D () C:\Windows\system32\MRT 2015-01-15 03:02 - 2012-08-09 16:27 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-01-14 11:32 - 2013-08-29 12:53 - 00033856 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys 2015-01-12 17:59 - 2014-07-21 16:15 - 00000000 ____D () C:\Users\Pia Bausch\AppData\Roaming\FileZilla 2014-12-30 18:49 - 2013-12-14 17:00 - 00000000 ____D () C:\ProgramData\Skype ==================== Files in the root of some directories ======= 2013-02-26 07:28 - 2013-02-26 07:28 - 0027762 _____ () C:\Program Files\changes.txt 2013-02-26 07:34 - 2013-02-26 07:34 - 2547384 _____ (Beepa P/L) C:\Program Files\fraps.exe 2013-02-26 07:34 - 2013-02-26 07:34 - 0234168 _____ (Beepa P/L) C:\Program Files\fraps32.dll 2013-02-26 07:34 - 2013-02-26 07:34 - 0068792 _____ (Beepa P/L) C:\Program Files\fraps64.dat 2013-02-26 07:34 - 2013-02-26 07:34 - 0186552 _____ (Beepa P/L) C:\Program Files\fraps64.dll 2013-02-26 07:30 - 2013-02-26 07:30 - 0140288 _____ (Beepa P/L) C:\Program Files\frapslcd.dll 2014-11-27 16:04 - 2014-11-27 16:04 - 0000180 _____ () C:\Program Files\FRAPSLOG.TXT 2013-02-26 07:27 - 2013-02-26 07:27 - 0001894 _____ () C:\Program Files\README.HTM 2014-04-13 12:30 - 2014-04-13 15:41 - 0000108 _____ () C:\Users\Pia Bausch\AppData\Roaming\Camdata.ini 2014-04-13 12:30 - 2014-04-13 15:41 - 0000408 _____ () C:\Users\Pia Bausch\AppData\Roaming\CamLayout.ini 2014-04-13 12:30 - 2014-04-13 15:41 - 0000408 _____ () C:\Users\Pia Bausch\AppData\Roaming\CamShapes.ini 2014-04-13 12:30 - 2014-04-13 12:33 - 0004535 _____ () C:\Users\Pia Bausch\AppData\Roaming\CamStudio.cfg 2014-04-13 12:29 - 2014-04-13 12:30 - 0000096 _____ () C:\Users\Pia Bausch\AppData\Roaming\version2.xml 2014-01-29 14:54 - 2014-11-17 16:53 - 0000181 _____ () C:\Users\Pia Bausch\AppData\Roaming\WB.CFG 2014-11-29 19:28 - 2014-11-29 19:28 - 0002085 _____ () C:\Users\Pia Bausch\AppData\Local\recently-used.xbel 2013-03-16 11:30 - 2015-01-26 17:46 - 0007597 _____ () C:\Users\Pia Bausch\AppData\Local\resmon.resmoncfg 2015-01-16 22:10 - 2015-01-24 14:50 - 0000112 _____ () C:\ProgramData\42G8625p.dat Files to move or delete: ==================== C:\ProgramData\42G8625p.dat Some content of TEMP: ==================== C:\Users\Pia Bausch\AppData\Local\Temp\Quarantine.exe C:\Users\Pia Bausch\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-15 03:51 ==================== End Of Log ============================ Und wie schauts nun aus? LG Nailimixam Geändert von Nailimixam (29.01.2015 um 20:49 Uhr) |
30.01.2015, 08:59 | #12 |
/// the machine /// TB-Ausbilder | WIN 7: Zugriff auf Dateien nicht mehr möglich Java, Adobe und Fierof updaten. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [X] S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] C:\ProgramData\42G8625p.dat Emptytemp: Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
30.01.2015, 12:23 | #13 |
| WIN 7: Zugriff auf Dateien nicht mehr möglich Hallo Schrauber, Vielen Dank, dass du mir geholfen hast, es sind auch sehr nützkiche Programme dabei die mir auch weiterhin helfen können. Hier ist der Fixlog: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-01-2015 Ran by Pia Bausch at 2015-01-30 11:52:18 Run:1 Running from C:\Users\Pia Bausch\Desktop\Virus Programme Loaded Profiles: Pia Bausch (Available profiles: Pia Bausch & Gast) Boot Mode: Normal ============================================== Content of fixlist: ***************** S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [X] S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] C:\ProgramData\42G8625p.dat Emptytemp: ***************** SpyHunter 4 Service => Service deleted successfully. esgiguard => Service deleted successfully. C:\ProgramData\42G8625p.dat => Moved successfully. EmptyTemp: => Removed 956.4 MB temporary data. The system needed a reboot. ==== End of Fixlog 11:53:37 ==== LG Nailimixam |
30.01.2015, 14:30 | #14 |
/// the machine /// TB-Ausbilder | WIN 7: Zugriff auf Dateien nicht mehr möglich Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu WIN 7: Zugriff auf Dateien nicht mehr möglich |
abgesicherten, ausführung, compatibilitycheck.exe, dateien, desktop, fehlermeldung, funktioniert, gesucht, hintergrund, langsamer, log, logfiles, namen, nicht mehr, problem, scan, scanner, seltsam, taskmanager, virenscan, virenscanner, win, win 7 64 bit, woche, wochen, zugriff, öffnen, öffnen von dateien nicht möglich |