| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Quickstart eingefangen, Systemwiederherstellung gemacht, PC sehr langsamWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
27.01.2015, 12:28
| #1 |
 |  Quickstart eingefangen, Systemwiederherstellung gemacht, PC sehr langsam Hallo ihr lieben Helfer, Probleme gibt es mit meinem Rechner schon seit ca. November.. Aber zu allem Übel hatte ich mir letzte Woche auch noch Quickstart eingefangen. Spyhunter, den ich mir heruntergeladen hatte, hatte 3 große Adwareprobleme nach Scan festgestellt (insgesamt aber 356 Infektionen, incl. cookies). Nachdem ich gelesen hatte, dass auch Skyhunter nicht zu vertrauen sei, habe ich es nicht gekauft, sondern gestern eine Systemwiederherstellung gemacht. Dann eine vollständige Überprüfung über Microsoft Essentials (lief ca. 12 Stunden). Dort wurde noch ein Trojaner gefunden, den ich durch das Programm beseitigen lassen habe. Ich habe mehrere Durchläufe mit AdwCleaner gemacht. (Auch schon vor dem Befall mit Quickstart) Mit AdwCleaner09 wurden bei der letzten Reinigung gestern noch einige Ordner gelöscht. AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v4.109 - Bericht erstellt am 27/01/2015 um 12:12:19
# Aktualisiert 24/01/2015 von Xplode
# Database : 2015-01-26.1 [Live]
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : ************
# Gestartet von : C:\Users\**\Downloads\Firefox\AdwCleaner09.exe
# Option : Suchen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17496
-\\ Mozilla Firefox v35.0.1 (x86 de)
-\\ Google Chrome v
-\\ Opera v25.0.1614.68
*************************
AdwCleaner[R0].txt - [7332 octets] - [08/01/2015 19:07:14]
AdwCleaner[R1].txt - [7392 octets] - [12/01/2015 08:42:19]
AdwCleaner[R2].txt - [2609 octets] - [27/01/2015 10:28:14]
AdwCleaner[R3].txt - [876 octets] - [27/01/2015 12:12:19]
AdwCleaner[S0].txt - [7836 octets] - [12/01/2015 09:16:53]
AdwCleaner[S1].txt - [3061 octets] - [27/01/2015 10:32:50]
########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [1055 octets] ##########
MalWareBytes hat keine Infektionen mehr gefunden. edit: Unter "Suchlauf" konnte man in der vorliegenden Version keine Option auswählen... Trotzdem gibt es noch folgende Probleme: bei der Auswahl von Dateien im Explorer, zittert der Mauszeiger unkontrolliert, manchmal stürzt der Explorer ab.  Seit Ende letzten Jahres sind generell alle Programme sehr langsam: Das System fährt nur sehr langsam hoch, Firefox braucht Ewigkeiten, um zu starten. Defragmentierung und Registry-Cleaning, Cache Leerung läuft regelmäßig (wise registry cleaner, cc-cleaner, windows defragmentierung) Was würdet ihr mir raten?  Danke schon mal vorab für Eure Mühe  Geändert von moona (27.01.2015 um 12:38 Uhr) |
|
27.01.2015, 12:29
| #2 |
| /// the machine /// TB-Ausbilder    | Quickstart eingefangen, Systemwiederherstellung gemacht, PC sehr langsam hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
27.01.2015, 12:44
| #3 |
| | Quickstart eingefangen, Systemwiederherstellung gemacht, PC sehr langsam Internetzugriff gestatten?
__________________ |
|
27.01.2015, 12:59
| #4 |
| | Quickstart eingefangen, Systemwiederherstellung gemacht, PC sehr langsam Anhang 72206 Anhang 72207 FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01 Ran by ms (administrator) on KLEOPATRA on 27-01-2015 13:00:20 Running from C:\Users\ms\Downloads\Firefox\Neuer Ordner Loaded Profiles: ms (Available profiles: ms & Marina) Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (AVM Berlin) C:\Program Files\FRITZ!DSL\IGDCTRL.EXE (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) C:\Program Files\P4G\BatteryLife.exe (ASUS) C:\Program Files (x86)\ASUS\ASUS CopyProtect\ASPG.exe (ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe () C:\Program Files\ASUS\ASUS Secure Delete\ADDEL.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (AVM Berlin) C:\Program Files\FRITZ!DSL\FwebProt.exe () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (ScanSoft, Inc.) C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (Apple Inc.) C:\Program Files (x86)\QuickTime\QTTask.exe (Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (ASUS) C:\Windows\AsScrPro.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe (AVM Berlin) C:\Program Files\FRITZ!DSL\StCenter.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (asus) C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_257.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_257.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2010-04-28] () HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-06-10] (ELAN Microelectronic Corp.) HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation) HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-24] () HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [57393 2004-03-09] (ScanSoft, Inc.) HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.) HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [191528 2014-07-04] (Geek Software GmbH) HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.) HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.) HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2014-11-05] (RealNetworks, Inc.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-348309450-1816809450-22596906-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-21-348309450-1816809450-22596906-1001\...\MountPoints2: {789e5a69-283a-11e3-80c9-14dae951dcb4} - F:\Autorun.exe HKU\S-1-5-21-348309450-1816809450-22596906-1001\...\MountPoints2: {b64c869c-2b90-11e3-a03f-14dae951dcb4} - G:\Autorun.exe Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Protect.lnk ShortcutTarget: FRITZ!DSL Protect.lnk -> C:\Program Files\FRITZ!DSL\FwebProt.exe (AVM Berlin) Startup: C:\Users\ms\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Startcenter.lnk ShortcutTarget: FRITZ!DSL Startcenter.lnk -> C:\Users\ms\AppData\Roaming\Microsoft\Installer\{2D5D9603-22CF-4B99-83F6-0CD20330F62E}\Icon8CF9C550.exe () ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\ASUSWSShellExt64.dll (eCareme Technologies, Inc.) ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\ASUSWSShellExt64.dll (eCareme Technologies, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com HKU\S-1-5-21-348309450-1816809450-22596906-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-348309450-1816809450-22596906-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) Winsock: Catalog5 10 %ProgramFiles(x86)%\FRITZ!DSL\\sarah.dll File Not found () Winsock: Catalog5-x64 10 C:\Program Files\FRITZ!DSL\\sarah.dll [34104] (AVM Berlin) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\ms\AppData\Roaming\Mozilla\Firefox\Profiles\b8qlvk6x.default-1417579723982 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.) FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-348309450-1816809450-22596906-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll (Amazon.com, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer) FF Extension: NoScript - C:\Users\ms\AppData\Roaming\Mozilla\Firefox\Profiles\b8qlvk6x.default-1417579723982\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-12-03] FF Extension: eCleaner - C:\Users\ms\AppData\Roaming\Mozilla\Firefox\Profiles\b8qlvk6x.default-1417579723982\Extensions\{c72c0c73-4eb0-4fb3-af0f-074e97326cfd}.xpi [2015-01-26] FF Extension: Adblock Plus - C:\Users\ms\AppData\Roaming\Mozilla\Firefox\Profiles\b8qlvk6x.default-1417579723982\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-03] FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-11-05] FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext Chrome: ======= CHR Profile: C:\Users\ms\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (RealDownloader) - C:\Users\ms\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-03-06] CHR Extension: (Google Wallet) - C:\Users\ms\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-15] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AFBAgent; C:\Windows\system32\FBAgent.exe [377264 2010-09-30] (ASUSTeK Computer Inc.) [File not signed] R2 IGDCTRL; C:\Program Files\FRITZ!DSL\IGDCTRL.EXE [88888 2009-07-28] (AVM Berlin) R2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-10-01] (Intel Corporation) [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation) S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation) R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] () R2 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2314240 2009-10-01] (Intel Corporation) [File not signed] S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-07-14] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R0 assd; C:\Windows\System32\Drivers\assd.sys [27264 2010-04-28] (ASUS Corporation) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-10-02] (DT Soft Ltd) R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( ) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-27] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation) R1 MpKsl2ee2b510; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CCD1ED66-16F5-477A-8BCB-5F095394CA37}\MpKsl2ee2b510.sys [45352 2015-01-27] (Microsoft Corporation) S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation) R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1800192 2009-08-20] () R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-10-02] (Duplex Secure Ltd.) U3 ax2qs7pp; C:\Windows\System32\Drivers\ax2qs7pp.sys [0 ] (JMicron Technology Corporation) <==== ATTENTION (zero size file/folder) S3 ipswuio; System32\DRIVERS\ipswuio.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-27 12:45 - 2015-01-27 13:00 - 00000000 ___DC () C:\FRST 2015-01-27 11:08 - 2015-01-27 11:08 - 00120320 ____C () C:\Users\ms\AppData\Local\GDIPFONTCACHEV1.DAT 2015-01-27 10:53 - 2015-01-27 10:54 - 00129752 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-01-27 10:52 - 2015-01-27 10:52 - 00001100 ____C () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-01-27 10:52 - 2015-01-27 10:52 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-01-27 10:52 - 2015-01-27 10:52 - 00000000 ___DC () C:\ProgramData\Malwarebytes 2015-01-27 10:52 - 2015-01-27 10:52 - 00000000 ___DC () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-01-27 10:52 - 2014-11-21 06:14 - 00093400 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-01-27 10:52 - 2014-11-21 06:14 - 00063704 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-01-27 10:52 - 2014-11-21 06:14 - 00025816 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-01-26 23:09 - 2015-01-26 23:14 - 00002119 ____C () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk 2015-01-26 23:09 - 2015-01-26 23:14 - 00001912 ____C () C:\Windows\epplauncher.mif 2015-01-26 23:08 - 2015-01-26 23:13 - 00000000 ___DC () C:\Program Files (x86)\Microsoft Security Client 2015-01-26 23:07 - 2015-01-26 23:14 - 00000000 ___DC () C:\Program Files\Microsoft Security Client 2015-01-26 22:29 - 2015-01-26 22:29 - 00000000 ____C () C:\Windows\SysWOW64\sho9EF.tmp 2015-01-26 22:18 - 2015-01-26 22:20 - 00000000 ___DC () C:\Program Files (x86)\Mozilla Firefox 2015-01-26 19:11 - 2015-01-26 19:11 - 00000000 ____C () C:\autoexec.bat 2015-01-26 19:10 - 2015-01-26 19:10 - 00000000 ___DC () C:\sh4ldr 2015-01-26 19:09 - 2015-01-26 19:09 - 00000000 ___DC () C:\Program Files\Enigma Software Group 2015-01-23 15:26 - 2015-01-26 21:47 - 00000000 ___DC () C:\FreeOCR 2015-01-22 21:28 - 2015-01-26 21:46 - 00000000 ___DC () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7 2015-01-22 21:28 - 2015-01-26 21:46 - 00000000 ___DC () C:\Program Files\iTunes 2015-01-22 21:28 - 2015-01-26 21:46 - 00000000 ___DC () C:\Program Files (x86)\iTunes 2015-01-22 21:28 - 2015-01-22 21:28 - 00000000 ___DC () C:\Program Files\iPod 2015-01-22 21:18 - 2015-01-22 21:28 - 00000000 ___DC () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2015-01-22 21:16 - 2015-01-26 21:47 - 00000000 ___DC () C:\Program Files (x86)\Bonjour 2015-01-22 21:16 - 2015-01-26 21:46 - 00000000 ___DC () C:\Program Files\Bonjour 2015-01-22 15:38 - 2015-01-22 15:38 - 00000000 ____C () C:\Windows\SysWOW64\shoD692.tmp 2015-01-21 11:16 - 2015-01-27 10:38 - 00003336 ____C () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-348309450-1816809450-22596906-1001 2015-01-20 20:18 - 2015-01-20 20:18 - 00000000 ____C () C:\Windows\SysWOW64\sho97FF.tmp 2015-01-20 14:37 - 2015-01-20 14:37 - 00000000 ___DC () C:\Users\Default\AppData\Roaming\Real 2015-01-20 14:37 - 2015-01-20 14:37 - 00000000 ___DC () C:\Users\Default User\AppData\Roaming\Real 2015-01-14 12:43 - 2015-01-14 17:39 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2015-01-14 12:43 - 2015-01-14 17:38 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll 2015-01-14 12:43 - 2015-01-14 17:38 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2015-01-14 12:43 - 2015-01-14 17:38 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll 2015-01-14 12:43 - 2015-01-14 17:38 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll 2015-01-14 12:42 - 2015-01-14 17:38 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2015-01-14 12:37 - 2015-01-14 17:38 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-01-14 12:37 - 2015-01-14 17:38 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-01-14 12:37 - 2015-01-14 17:38 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-01-14 12:37 - 2015-01-14 17:38 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-01-14 12:37 - 2015-01-14 17:38 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-01-14 12:37 - 2015-01-14 17:38 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-01-14 12:37 - 2015-01-14 17:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-01-14 03:31 - 2015-01-14 03:31 - 00000000 ____C () C:\Windows\SysWOW64\sho72C1.tmp 2015-01-13 03:18 - 2015-01-13 03:18 - 00000000 ____C () C:\Windows\SysWOW64\shoD0BA.tmp 2015-01-12 09:28 - 2015-01-12 09:28 - 00000355 ____C () C:\Users\ms\Documents\Computer - Verknüpfung.lnk 2015-01-12 03:15 - 2015-01-12 03:15 - 00000000 ____C () C:\Windows\SysWOW64\sho83A.tmp 2015-01-11 19:31 - 2015-01-22 15:28 - 00000000 ___DC () C:\Users\ms\AppData\Roaming\WiseUpdate 2015-01-11 04:32 - 2015-01-11 04:33 - 00000000 ___DC () C:\afd82bc8219b0339f691aaa3fe6fd92e 2015-01-11 03:24 - 2015-01-11 03:26 - 00000000 ___DC () C:\e3e395ec3b549020b4354be2 2015-01-11 03:02 - 2015-01-11 03:04 - 00000000 ___DC () C:\a7a4e9af4fb6ec59e01508676f96de14 2015-01-10 03:05 - 2015-01-10 03:07 - 00000000 ___DC () C:\9b07d5d3e7a75a14c52ebd91 2015-01-09 10:43 - 2015-01-09 13:43 - 00011469 _____ () C:\Users\ms\Documents\0109_Teilnehmerliste.xlsx 2015-01-09 10:30 - 2015-01-09 10:31 - 00011373 _____ () C:\Users\ms\Documents\0901_Teilnehmerliste.xlsx 2015-01-09 03:02 - 2015-01-09 03:04 - 00000000 ___DC () C:\ef4261d189143e43de74b3bcadaa0c02 2015-01-09 01:23 - 2015-01-09 10:29 - 00011194 _____ () C:\Users\ms\Documents\Teilnehmerliste.xlsx 2015-01-08 18:43 - 2015-01-27 12:13 - 00000000 ___DC () C:\AdwCleaner 2015-01-08 12:34 - 2015-01-08 12:36 - 00000000 ___DC () C:\5eaf4e3b1df9bcb06a140e7579e784 2015-01-08 04:41 - 2015-01-08 04:43 - 00000000 ___DC () C:\ba3d6355d0e7b2ea68e63b 2015-01-08 03:03 - 2015-01-08 03:06 - 00000000 ___DC () C:\80f37e2564837500be 2015-01-07 16:24 - 2015-01-07 16:27 - 00000000 ___DC () C:\43936e5f1939b65c5a6953e6 2015-01-07 01:08 - 2015-01-07 01:10 - 00000000 ___DC () C:\f514b1ffda68a3a96d5c0bb2cf7e 2015-01-06 15:29 - 2015-01-06 15:29 - 00000000 ____C () C:\Windows\SysWOW64\shoECC8.tmp 2015-01-06 15:27 - 2015-01-06 15:29 - 00000000 ___DC () C:\e5f8571611fc9eb03290b00b33c2 2015-01-06 06:17 - 2015-01-06 06:17 - 00000000 ____C () C:\Windows\SysWOW64\shoA273.tmp 2015-01-06 06:15 - 2015-01-06 06:16 - 00000000 ___DC () C:\bc62b273202b2a2d3ba54f361f 2015-01-06 05:49 - 2015-01-26 21:44 - 00000000 ___DC () C:\Users\ms\AppData\Roaming\Skype 2015-01-06 05:49 - 2015-01-06 05:49 - 00002699 ____C () C:\Users\Public\Desktop\Skype.lnk 2015-01-06 05:49 - 2015-01-06 05:49 - 00000000 __RDC () C:\Program Files (x86)\Skype 2015-01-06 05:49 - 2015-01-06 05:49 - 00000000 ___DC () C:\Users\ms\AppData\Local\Skype 2015-01-06 05:49 - 2015-01-06 05:49 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2015-01-06 05:48 - 2015-01-06 05:48 - 00000000 ___DC () C:\ProgramData\Skype 2015-01-06 05:44 - 2015-01-06 05:46 - 00000000 ___DC () C:\Users\ms\Downloads\skype 2015-01-06 05:28 - 2015-01-06 05:30 - 00000000 ___DC () C:\cb6b89e93d762edf5c06cdb5 2015-01-05 03:52 - 2015-01-05 03:55 - 00000000 ___DC () C:\1822221633495573b8 2015-01-04 03:55 - 2015-01-04 03:57 - 00000000 ___DC () C:\3e4c7b04819d2bc4d5487e9b1eb7fa 2015-01-03 12:23 - 2015-01-03 12:23 - 00000000 _SHDC () C:\Users\ms\AppData\Local\EmieBrowserModeList 2015-01-03 03:10 - 2015-01-03 03:12 - 00000000 ___DC () C:\1fb40d568f5ec3a269cf756119412132 2015-01-02 23:46 - 2015-01-02 23:48 - 00000000 ___DC () C:\ce32657ca2cf6f6ecca3390055143a 2015-01-02 23:42 - 2015-01-02 23:42 - 00000000 ___DC () C:\Users\Marina\AppData\Roaming\PC-FAX TX 2015-01-02 05:25 - 2015-01-02 05:27 - 00000000 ___DC () C:\5c40cdc0d5f45c5e97b658a30b 2015-01-01 22:28 - 2015-01-01 22:30 - 00000000 ___DC () C:\07b9b2972ba5c9f28ae22bbe00126a1f 2015-01-01 06:07 - 2015-01-01 06:09 - 00000000 ___DC () C:\220425c0a1578e921a9f67 2015-01-01 05:07 - 2015-01-01 05:07 - 00000000 ____C () C:\Windows\SysWOW64\shoFEA7.tmp 2015-01-01 05:05 - 2015-01-01 05:06 - 00000000 ___DC () C:\387e8b1d129a9244d6 2015-01-01 03:01 - 2015-01-01 03:03 - 00000000 ___DC () C:\805116f115698068b3 2014-12-31 19:11 - 2014-12-31 19:13 - 00000000 ___DC () C:\Users\Marina\AppData\Roaming\Wise Registry Cleaner 2014-12-31 15:55 - 2014-12-31 15:55 - 00000000 ___DC () C:\Users\Marina\AppData\Roaming\Macromedia 2014-12-31 15:55 - 2014-12-31 15:55 - 00000000 ___DC () C:\Users\Marina\AppData\Local\Macromedia 2014-12-31 15:53 - 2015-01-18 02:48 - 00008234 ____C () C:\Users\Marina\DesktopStCenter.txt 2014-12-31 15:53 - 2014-12-31 15:53 - 00000000 ___DC () C:\Users\Marina\AppData\Roaming\Mozilla 2014-12-31 15:53 - 2014-12-31 15:53 - 00000000 ___DC () C:\Users\Marina\AppData\Local\Mozilla 2014-12-31 15:17 - 2014-12-31 15:23 - 00000000 ___DC () C:\335610c6c8e09682eb6a797c 2014-12-31 05:11 - 2014-12-31 05:13 - 00000000 ___DC () C:\edb757e063a3858ad4cd8526b755 2014-12-30 16:36 - 2014-12-30 16:41 - 00000000 ___DC () C:\6e302748143f7779516b3c465ea39c 2014-12-30 03:01 - 2014-12-30 03:03 - 00000000 ___DC () C:\c180fbd747f888624503 2014-12-29 03:09 - 2014-12-29 03:09 - 00000000 ____C () C:\Windows\SysWOW64\sho969F.tmp 2014-12-29 03:01 - 2014-12-29 03:03 - 00000000 ___DC () C:\910e892608bbb1491958 2014-12-28 15:59 - 2014-12-28 16:02 - 00000000 ___DC () C:\b95da1f66e8c460f601d ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-27 11:07 - 2012-06-16 11:37 - 00000000 ___DC () C:\Users\ms\Downloads\Firefox 2015-01-27 10:44 - 2014-04-15 13:45 - 01731521 ____C () C:\Windows\WindowsUpdate.log 2015-01-27 10:42 - 2009-07-14 05:45 - 00021472 ___HC () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-01-27 10:42 - 2009-07-14 05:45 - 00021472 ___HC () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-01-27 10:39 - 2012-04-04 12:06 - 06897662 ____C () C:\Users\ms\DesktopStCenter.txt 2015-01-27 10:38 - 2014-04-27 20:05 - 00003196 ____C () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-348309450-1816809450-22596906-1001 2015-01-27 10:35 - 2009-07-14 06:08 - 00000006 ___HC () C:\Windows\Tasks\SA.DAT 2015-01-27 10:34 - 2014-11-08 18:22 - 00000000 ___DC () C:\Program Files (x86)\Mozilla Maintenance Service 2015-01-27 03:05 - 2012-04-04 12:07 - 00000000 ___DC () C:\Users\ms\AppData\Roaming\FRITZ! 2015-01-26 22:36 - 2011-08-17 01:03 - 00045056 ____C () C:\Windows\system32\acovcnt.exe 2015-01-26 21:59 - 2011-11-10 10:24 - 00000000 ___DC () C:\Users\ms 2015-01-26 21:47 - 2014-02-26 22:53 - 00000000 ___DC () C:\Users\Marina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite 2015-01-26 21:47 - 2014-02-26 22:53 - 00000000 ___DC () C:\Users\Marina 2015-01-26 21:47 - 2013-04-02 15:58 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cornelsen 2015-01-26 21:47 - 2013-02-01 22:16 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AC3Filter 2015-01-26 21:47 - 2013-01-02 00:15 - 00000000 ___DC () C:\Users\ms\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon 2015-01-26 21:47 - 2012-10-11 22:24 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-01-26 21:47 - 2012-09-05 08:13 - 00000000 ___DC () C:\Users\ms\Desktop\Computer-tools 2015-01-26 21:47 - 2012-09-04 15:23 - 00000000 ___DC () C:\Users\ms\Downloads\Brother 2015-01-26 21:47 - 2012-07-16 16:17 - 00000000 ___DC () C:\Users\ms\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CLC E-Learning Resource 2015-01-26 21:47 - 2012-07-06 23:54 - 00000000 ___DC () C:\Users\ms\Desktop\Deutsch 2015-01-26 21:47 - 2012-06-22 12:12 - 00000000 ___DC () C:\Users\ms\AppData\Roaming\Wise Registry Cleaner 2015-01-26 21:47 - 2012-06-22 12:12 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner 2015-01-26 21:47 - 2012-06-06 16:45 - 00000000 ___DC () C:\Users\ms\Documents\Audible 2015-01-26 21:47 - 2012-06-06 16:45 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AudibleManager 2015-01-26 21:47 - 2012-05-12 15:32 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Segmenti 2015-01-26 21:47 - 2012-05-12 14:45 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Puzzle! - Druckmaschine 2015-01-26 21:47 - 2012-05-06 20:55 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN 2015-01-26 21:47 - 2012-05-06 20:55 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Graboid Video 2015-01-26 21:47 - 2012-03-20 16:46 - 00000000 ___DC () C:\Windows\System32\Tasks\Apple 2015-01-26 21:47 - 2012-03-20 16:46 - 00000000 ___DC () C:\Program Files (x86)\Apple Software Update 2015-01-26 21:47 - 2012-01-10 00:02 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft 2015-01-26 21:47 - 2011-11-26 22:02 - 00000000 ___DC () C:\Windows\system32\Macromed 2015-01-26 21:47 - 2011-11-17 23:06 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon 2015-01-26 21:47 - 2011-11-11 17:41 - 00000000 ___DC () C:\Program Files (x86)\Brother 2015-01-26 21:47 - 2011-11-10 18:48 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (Deutsch) 2015-01-26 21:47 - 2011-11-10 10:24 - 00000000 ___DC () C:\Users\ms\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite 2015-01-26 21:47 - 2011-08-17 01:05 - 00000000 ___DC () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite 2015-01-26 21:47 - 2011-08-17 01:05 - 00000000 ___DC () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite 2015-01-26 21:47 - 2011-08-17 00:58 - 00000000 ___DC () C:\ProgramData\P4G 2015-01-26 21:47 - 2011-08-17 00:53 - 00000000 __RDC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel 2015-01-26 21:47 - 2011-08-17 00:46 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility 2015-01-26 21:47 - 2011-04-09 19:58 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS 2015-01-26 21:47 - 2011-04-09 19:47 - 00000000 __RDC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live 2015-01-26 21:47 - 2011-02-19 10:02 - 00000000 ___DC () C:\Windows\SysWOW64\XPSViewer 2015-01-26 21:47 - 2009-07-14 06:32 - 00000000 ___DC () C:\Program Files\Reference Assemblies 2015-01-26 21:47 - 2009-07-14 06:32 - 00000000 ___DC () C:\Program Files\MSBuild 2015-01-26 21:47 - 2009-07-14 06:32 - 00000000 ___DC () C:\Program Files (x86)\Reference Assemblies 2015-01-26 21:47 - 2009-07-14 06:32 - 00000000 ___DC () C:\Program Files (x86)\MSBuild 2015-01-26 21:47 - 2009-07-14 04:20 - 00000000 ___DC () C:\Windows\AppCompat 2015-01-26 21:47 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache 2015-01-26 21:46 - 2009-07-14 04:20 - 00000000 ___DC () C:\Windows\registration 2015-01-26 21:43 - 2014-11-06 16:02 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother 2015-01-26 21:43 - 2011-08-17 00:50 - 00000000 __HDC () C:\Program Files (x86)\InstallShield Installation Information 2015-01-23 05:52 - 2014-08-07 13:53 - 00000000 ___DC () C:\Users\ms\AppData\Local\Adobe 2015-01-22 21:12 - 2012-03-28 11:41 - 00000000 ___DC () C:\Users\ms\AppData\Roaming\Apple Computer 2015-01-22 20:04 - 2012-05-06 21:04 - 00000000 ___DC () C:\Users\ms\AppData\Roaming\vlc 2015-01-22 17:12 - 2014-12-02 14:37 - 00000000 ____D () C:\found.001 2015-01-22 17:12 - 2014-12-01 14:23 - 00000000 ____D () C:\found.000 2015-01-22 08:10 - 2012-09-20 11:43 - 00701616 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-01-22 08:10 - 2012-06-24 08:45 - 00071344 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-01-20 15:50 - 2009-07-14 06:09 - 00000000 ___DC () C:\Windows\System32\Tasks\WPD 2015-01-20 14:37 - 2011-08-17 00:56 - 00120320 ____C () C:\Users\Default\AppData\Local\GDIPFONTCACHEV1.DAT 2015-01-20 14:37 - 2011-08-17 00:56 - 00120320 ____C () C:\Users\Default User\AppData\Local\GDIPFONTCACHEV1.DAT 2015-01-20 14:37 - 2009-07-14 05:57 - 00001547 ____C () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2015-01-20 14:35 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-01-16 22:31 - 2014-02-26 22:54 - 00000000 ___DC () C:\Users\Marina\AppData\Roaming\FRITZ! 2015-01-15 09:17 - 2012-07-17 17:34 - 00000000 ___DC () C:\Users\ms\Documents\Wohnung 2015-01-14 17:38 - 2013-08-15 02:03 - 00000000 ___DC () C:\Windows\system32\MRT 2015-01-14 17:29 - 2011-11-11 16:07 - 113365784 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-01-14 16:18 - 2011-11-10 23:50 - 00004096 ____C () C:\Users\Public\Documents\00000044.LCS 2015-01-13 03:03 - 2011-11-10 12:34 - 01653160 ____C () C:\Windows\SysWOW64\PerfStringBackup.INI 2015-01-13 03:03 - 2011-02-19 10:08 - 00721112 ____C () C:\Windows\system32\perfh007.dat 2015-01-13 03:03 - 2011-02-19 10:08 - 00158288 ____C () C:\Windows\system32\perfc007.dat 2015-01-13 03:03 - 2009-07-14 06:13 - 01653160 ____C () C:\Windows\system32\PerfStringBackup.INI 2015-01-12 19:55 - 2013-10-16 18:55 - 00000460 ____C () C:\Windows\Tasks\Wise Registry Cleaner Schedule Task.job 2015-01-10 12:01 - 2012-06-16 11:43 - 00000000 ___DC () C:\Users\ms\Downloads\Adobe 2015-01-10 10:38 - 2012-06-16 12:09 - 00000000 ___DC () C:\Users\ms\Downloads\Firefox_Bookmarks 2015-01-08 09:55 - 2012-05-03 14:18 - 00298120 ____C (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2015-01-06 06:19 - 2011-08-17 01:01 - 00001386 ____C () C:\Windows\system32\ServiceFilter.ini 2015-01-02 23:42 - 2012-12-20 12:15 - 00000778 ____C () C:\Windows\Brpfx04a.ini ==================== Files in the root of some directories ======= 2014-06-26 02:01 - 2014-06-26 02:01 - 6010880 ____C () C:\Program Files (x86)\GUT87B5.tmp 2012-07-29 17:01 - 2006-06-02 13:27 - 0017542 ____C () C:\Program Files\Common Files\Net4Switch.ico 2007-06-12 17:34 - 2007-06-12 17:34 - 0035822 ____C () C:\Program Files (x86)\Common Files\ASPG_icon.ico 2008-05-22 16:35 - 2008-05-22 16:35 - 0051962 ____C () C:\Program Files (x86)\Common Files\banner.jpg 2009-04-08 18:31 - 2009-04-08 18:31 - 0106496 ____C () C:\Program Files (x86)\Common Files\CPInstallAction.dll 2014-05-26 17:47 - 2003-03-21 11:45 - 0250544 ____C (KeyWorks Software) C:\Program Files (x86)\Common Files\keyhelp.ocx 2008-08-12 05:45 - 2008-08-12 05:45 - 0155648 ____C (ASUS) C:\Program Files (x86)\Common Files\MSIactionall.dll 2012-07-29 17:01 - 2006-06-02 13:27 - 0017542 ____C () C:\Program Files (x86)\Common Files\Net4Switch.ico 2014-11-05 10:35 - 2014-11-05 10:35 - 0000115 ____C () C:\Users\ms\AppData\Roaming\Camdata.ini 2014-11-05 10:35 - 2014-11-05 10:35 - 0000408 ____C () C:\Users\ms\AppData\Roaming\CamLayout.ini 2014-11-05 10:35 - 2014-11-05 10:35 - 0000408 ____C () C:\Users\ms\AppData\Roaming\CamShapes.ini 2014-11-05 10:35 - 2014-11-05 10:35 - 0004416 ____C () C:\Users\ms\AppData\Roaming\CamStudio.cfg 2011-04-09 19:59 - 2010-07-07 00:10 - 0131472 ____C () C:\ProgramData\FullRemove.exe 2011-08-17 01:05 - 2011-08-17 01:06 - 0000105 ____C () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log 2011-08-17 01:04 - 2011-08-17 01:05 - 0000107 ____C () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-26 10:17 ==================== End Of Log ============================ Geändert von moona (27.01.2015 um 13:40 Uhr) |
|
27.01.2015, 15:43
| #5 |
| | Quickstart eingefangen, Systemwiederherstellung gemacht, PC sehr langsam ich hatte heute Mittag augenscheinlich die FRST-Datei doppelt kopiert... habe nochmal einen Lauf gemacht... nu sind beide da  FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01 Ran by ms (administrator) on KLEOPATRA on 27-01-2015 15:34:18 Running from C:\Users\ms\Downloads\Firefox\Neuer Ordner Loaded Profiles: ms (Available profiles: ms & Marina) Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS) C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (AVM Berlin) C:\Program Files\FRITZ!DSL\IGDCTRL.EXE (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (ASUS) C:\Windows\AsScrPro.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealUpgrade\realupgrade.exe () C:\Program Files\ASUS\ASUS Secure Delete\ADDEL.exe (ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe (ASUS) C:\Program Files\P4G\BatteryLife.exe (ASUS) C:\Program Files (x86)\ASUS\ASUS CopyProtect\ASPG.exe (ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (AVM Berlin) C:\Program Files\FRITZ!DSL\FwebProt.exe () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (ScanSoft, Inc.) C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (Apple Inc.) C:\Program Files (x86)\QuickTime\QTTask.exe (Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe (AVM Berlin) C:\Program Files\FRITZ!DSL\StCenter.exe (asus) C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2010-04-28] () HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-06-10] (ELAN Microelectronic Corp.) HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation) HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-24] () HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [57393 2004-03-09] (ScanSoft, Inc.) HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.) HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [191528 2014-07-04] (Geek Software GmbH) HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.) HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.) HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2014-11-05] (RealNetworks, Inc.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-348309450-1816809450-22596906-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-21-348309450-1816809450-22596906-1001\...\MountPoints2: {789e5a69-283a-11e3-80c9-14dae951dcb4} - F:\Autorun.exe HKU\S-1-5-21-348309450-1816809450-22596906-1001\...\MountPoints2: {b64c869c-2b90-11e3-a03f-14dae951dcb4} - G:\Autorun.exe Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Protect.lnk ShortcutTarget: FRITZ!DSL Protect.lnk -> C:\Program Files\FRITZ!DSL\FwebProt.exe (AVM Berlin) Startup: C:\Users\ms\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Startcenter.lnk ShortcutTarget: FRITZ!DSL Startcenter.lnk -> C:\Users\ms\AppData\Roaming\Microsoft\Installer\{2D5D9603-22CF-4B99-83F6-0CD20330F62E}\Icon8CF9C550.exe () ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\ASUSWSShellExt64.dll (eCareme Technologies, Inc.) ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\ASUSWSShellExt64.dll (eCareme Technologies, Inc.) CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com HKU\S-1-5-21-348309450-1816809450-22596906-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-348309450-1816809450-22596906-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) Winsock: Catalog5 10 C:\Program Files (x86)\FRITZ!DSL\\sarah.dll [28472] (AVM Berlin) Winsock: Catalog9 01 C:\Program Files (x86)\FRITZ!DSL\\sarah.dll [28472] (AVM Berlin) Winsock: Catalog9 02 C:\Program Files (x86)\FRITZ!DSL\\sarah.dll [28472] (AVM Berlin) Winsock: Catalog9 03 C:\Program Files (x86)\FRITZ!DSL\\sarah.dll [28472] (AVM Berlin) Winsock: Catalog9 15 C:\Program Files (x86)\FRITZ!DSL\\sarah.dll [28472] (AVM Berlin) Winsock: Catalog5-x64 10 C:\Program Files\FRITZ!DSL\\sarah.dll [34104] (AVM Berlin) Winsock: Catalog9-x64 01 C:\Program Files\FRITZ!DSL\\sarah.dll [34104] (AVM Berlin) Winsock: Catalog9-x64 02 C:\Program Files\FRITZ!DSL\\sarah.dll [34104] (AVM Berlin) Winsock: Catalog9-x64 03 C:\Program Files\FRITZ!DSL\\sarah.dll [34104] (AVM Berlin) Winsock: Catalog9-x64 15 C:\Program Files\FRITZ!DSL\\sarah.dll [34104] (AVM Berlin) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\ms\AppData\Roaming\Mozilla\Firefox\Profiles\b8qlvk6x.default-1417579723982 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.) FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-348309450-1816809450-22596906-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll (Amazon.com, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer) FF Extension: NoScript - C:\Users\ms\AppData\Roaming\Mozilla\Firefox\Profiles\b8qlvk6x.default-1417579723982\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-12-03] FF Extension: eCleaner - C:\Users\ms\AppData\Roaming\Mozilla\Firefox\Profiles\b8qlvk6x.default-1417579723982\Extensions\{c72c0c73-4eb0-4fb3-af0f-074e97326cfd}.xpi [2015-01-26] FF Extension: Adblock Plus - C:\Users\ms\AppData\Roaming\Mozilla\Firefox\Profiles\b8qlvk6x.default-1417579723982\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-03] FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-11-05] FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext Chrome: ======= CHR Profile: C:\Users\ms\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (RealDownloader) - C:\Users\ms\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-03-06] CHR Extension: (Google Wallet) - C:\Users\ms\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-15] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AFBAgent; C:\Windows\system32\FBAgent.exe [377264 2010-09-30] (ASUSTeK Computer Inc.) [File not signed] R2 IGDCTRL; C:\Program Files\FRITZ!DSL\IGDCTRL.EXE [88888 2009-07-28] (AVM Berlin) R2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-10-01] (Intel Corporation) [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation) S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation) R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] () R2 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2314240 2009-10-01] (Intel Corporation) [File not signed] S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-07-14] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R0 assd; C:\Windows\System32\Drivers\assd.sys [27264 2010-04-28] (ASUS Corporation) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-10-02] (DT Soft Ltd) R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( ) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-27] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation) S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation) R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1800192 2009-08-20] () R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-10-02] (Duplex Secure Ltd.) U3 amzp2tzh; C:\Windows\System32\Drivers\amzp2tzh.sys [0 ] (Intel Corporation) <==== ATTENTION (zero size file/folder) S3 ipswuio; System32\DRIVERS\ipswuio.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-27 15:21 - 2015-01-27 15:21 - 00437400 ____C () C:\Windows\system32\FNTCACHE.DAT 2015-01-27 15:21 - 2015-01-27 15:21 - 00000376 ____C () C:\Windows\PFRO.log 2015-01-27 15:21 - 2015-01-27 15:21 - 00000056 ____C () C:\Windows\setupact.log 2015-01-27 15:21 - 2015-01-27 15:21 - 00000000 ____C () C:\Windows\setuperr.log 2015-01-27 14:07 - 2015-01-27 14:48 - 00000000 ___DC () C:\Program Files (x86)\SpywareBlaster 2015-01-27 14:07 - 2015-01-27 14:07 - 00001077 ____C () C:\Users\Public\Desktop\SpywareBlaster.lnk 2015-01-27 14:07 - 2015-01-27 14:07 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster 2015-01-27 14:07 - 2015-01-27 14:07 - 00000000 ___DC () C:\ProgramData\Licenses 2015-01-27 13:24 - 2015-01-27 13:24 - 00001191 ____C () C:\Users\ms\Desktop\JRT - Verknüpfung.lnk 2015-01-27 13:20 - 2015-01-27 13:20 - 00006741 ____C () C:\Users\ms\Desktop\JRT.txt 2015-01-27 13:12 - 2015-01-27 13:12 - 00000000 ___DC () C:\Windows\ERUNT 2015-01-27 12:45 - 2015-01-27 15:34 - 00000000 ___DC () C:\FRST 2015-01-27 11:08 - 2015-01-27 11:08 - 00120320 ____C () C:\Users\ms\AppData\Local\GDIPFONTCACHEV1.DAT 2015-01-27 10:53 - 2015-01-27 15:24 - 00129752 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-01-27 10:52 - 2015-01-27 13:07 - 00001100 ____C () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-01-27 10:52 - 2015-01-27 13:07 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-01-27 10:52 - 2015-01-27 13:07 - 00000000 ___DC () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-01-27 10:52 - 2015-01-27 10:52 - 00000000 ___DC () C:\ProgramData\Malwarebytes 2015-01-27 10:52 - 2014-11-21 06:14 - 00093400 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-01-27 10:52 - 2014-11-21 06:14 - 00063704 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-01-27 10:52 - 2014-11-21 06:14 - 00025816 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-01-26 23:09 - 2015-01-26 23:14 - 00002119 ____C () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk 2015-01-26 23:09 - 2015-01-26 23:14 - 00001912 ____C () C:\Windows\epplauncher.mif 2015-01-26 23:08 - 2015-01-26 23:13 - 00000000 ___DC () C:\Program Files (x86)\Microsoft Security Client 2015-01-26 23:07 - 2015-01-26 23:14 - 00000000 ___DC () C:\Program Files\Microsoft Security Client 2015-01-26 22:29 - 2015-01-26 22:29 - 00000000 ____C () C:\Windows\SysWOW64\sho9EF.tmp 2015-01-26 22:18 - 2015-01-26 22:20 - 00000000 ___DC () C:\Program Files (x86)\Mozilla Firefox 2015-01-26 19:11 - 2015-01-26 19:11 - 00000000 ____C () C:\autoexec.bat 2015-01-26 19:10 - 2015-01-26 19:10 - 00000000 ___DC () C:\sh4ldr 2015-01-26 19:09 - 2015-01-26 19:09 - 00000000 ___DC () C:\Program Files\Enigma Software Group 2015-01-23 15:26 - 2015-01-26 21:47 - 00000000 ___DC () C:\FreeOCR 2015-01-22 21:28 - 2015-01-26 21:46 - 00000000 ___DC () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7 2015-01-22 21:28 - 2015-01-26 21:46 - 00000000 ___DC () C:\Program Files\iTunes 2015-01-22 21:28 - 2015-01-26 21:46 - 00000000 ___DC () C:\Program Files (x86)\iTunes 2015-01-22 21:28 - 2015-01-22 21:28 - 00000000 ___DC () C:\Program Files\iPod 2015-01-22 21:18 - 2015-01-22 21:28 - 00000000 ___DC () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2015-01-22 21:16 - 2015-01-26 21:47 - 00000000 ___DC () C:\Program Files (x86)\Bonjour 2015-01-22 21:16 - 2015-01-26 21:46 - 00000000 ___DC () C:\Program Files\Bonjour 2015-01-22 15:38 - 2015-01-22 15:38 - 00000000 ____C () C:\Windows\SysWOW64\shoD692.tmp 2015-01-21 11:16 - 2015-01-27 15:31 - 00003336 ____C () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-348309450-1816809450-22596906-1001 2015-01-20 20:18 - 2015-01-20 20:18 - 00000000 ____C () C:\Windows\SysWOW64\sho97FF.tmp 2015-01-20 14:37 - 2015-01-20 14:37 - 00000000 ___DC () C:\Users\Default\AppData\Roaming\Real 2015-01-20 14:37 - 2015-01-20 14:37 - 00000000 ___DC () C:\Users\Default User\AppData\Roaming\Real 2015-01-14 12:43 - 2015-01-14 17:39 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2015-01-14 12:43 - 2015-01-14 17:38 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll 2015-01-14 12:43 - 2015-01-14 17:38 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2015-01-14 12:43 - 2015-01-14 17:38 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll 2015-01-14 12:43 - 2015-01-14 17:38 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll 2015-01-14 12:42 - 2015-01-14 17:38 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2015-01-14 12:37 - 2015-01-14 17:38 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-01-14 12:37 - 2015-01-14 17:38 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-01-14 12:37 - 2015-01-14 17:38 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-01-14 12:37 - 2015-01-14 17:38 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-01-14 12:37 - 2015-01-14 17:38 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-01-14 12:37 - 2015-01-14 17:38 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-01-14 12:37 - 2015-01-14 17:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-01-14 03:31 - 2015-01-14 03:31 - 00000000 ____C () C:\Windows\SysWOW64\sho72C1.tmp 2015-01-13 03:18 - 2015-01-13 03:18 - 00000000 ____C () C:\Windows\SysWOW64\shoD0BA.tmp 2015-01-12 09:28 - 2015-01-12 09:28 - 00000355 ____C () C:\Users\ms\Documents\Computer - Verknüpfung.lnk 2015-01-12 03:15 - 2015-01-12 03:15 - 00000000 ____C () C:\Windows\SysWOW64\sho83A.tmp 2015-01-11 19:31 - 2015-01-22 15:28 - 00000000 ___DC () C:\Users\ms\AppData\Roaming\WiseUpdate 2015-01-11 04:32 - 2015-01-11 04:33 - 00000000 ___DC () C:\afd82bc8219b0339f691aaa3fe6fd92e 2015-01-11 03:24 - 2015-01-11 03:26 - 00000000 ___DC () C:\e3e395ec3b549020b4354be2 2015-01-11 03:02 - 2015-01-11 03:04 - 00000000 ___DC () C:\a7a4e9af4fb6ec59e01508676f96de14 2015-01-10 03:05 - 2015-01-10 03:07 - 00000000 ___DC () C:\9b07d5d3e7a75a14c52ebd91 2015-01-09 10:43 - 2015-01-09 13:43 - 00011469 _____ () C:\Users\ms\Documents\0109_Teilnehmerliste.xlsx 2015-01-09 10:30 - 2015-01-09 10:31 - 00011373 _____ () C:\Users\ms\Documents\0901_Teilnehmerliste.xlsx 2015-01-09 03:02 - 2015-01-09 03:04 - 00000000 ___DC () C:\ef4261d189143e43de74b3bcadaa0c02 2015-01-09 01:23 - 2015-01-09 10:29 - 00011194 _____ () C:\Users\ms\Documents\Teilnehmerliste.xlsx 2015-01-08 18:43 - 2015-01-27 12:13 - 00000000 ___DC () C:\AdwCleaner 2015-01-08 12:34 - 2015-01-08 12:36 - 00000000 ___DC () C:\5eaf4e3b1df9bcb06a140e7579e784 2015-01-08 04:41 - 2015-01-08 04:43 - 00000000 ___DC () C:\ba3d6355d0e7b2ea68e63b 2015-01-08 03:03 - 2015-01-08 03:06 - 00000000 ___DC () C:\80f37e2564837500be 2015-01-07 16:24 - 2015-01-07 16:27 - 00000000 ___DC () C:\43936e5f1939b65c5a6953e6 2015-01-07 01:08 - 2015-01-07 01:10 - 00000000 ___DC () C:\f514b1ffda68a3a96d5c0bb2cf7e 2015-01-06 15:29 - 2015-01-06 15:29 - 00000000 ____C () C:\Windows\SysWOW64\shoECC8.tmp 2015-01-06 15:27 - 2015-01-06 15:29 - 00000000 ___DC () C:\e5f8571611fc9eb03290b00b33c2 2015-01-06 06:17 - 2015-01-06 06:17 - 00000000 ____C () C:\Windows\SysWOW64\shoA273.tmp 2015-01-06 06:15 - 2015-01-06 06:16 - 00000000 ___DC () C:\bc62b273202b2a2d3ba54f361f 2015-01-06 05:49 - 2015-01-26 21:44 - 00000000 ___DC () C:\Users\ms\AppData\Roaming\Skype 2015-01-06 05:49 - 2015-01-06 05:49 - 00000000 __RDC () C:\Program Files (x86)\Skype 2015-01-06 05:49 - 2015-01-06 05:49 - 00000000 ___DC () C:\Users\ms\AppData\Local\Skype 2015-01-06 05:49 - 2015-01-06 05:49 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2015-01-06 05:48 - 2015-01-06 05:48 - 00000000 ___DC () C:\ProgramData\Skype 2015-01-06 05:44 - 2015-01-06 05:46 - 00000000 ___DC () C:\Users\ms\Downloads\skype 2015-01-06 05:28 - 2015-01-06 05:30 - 00000000 ___DC () C:\cb6b89e93d762edf5c06cdb5 2015-01-05 03:52 - 2015-01-05 03:55 - 00000000 ___DC () C:\1822221633495573b8 2015-01-04 03:55 - 2015-01-04 03:57 - 00000000 ___DC () C:\3e4c7b04819d2bc4d5487e9b1eb7fa 2015-01-03 12:23 - 2015-01-03 12:23 - 00000000 _SHDC () C:\Users\ms\AppData\Local\EmieBrowserModeList 2015-01-03 03:10 - 2015-01-03 03:12 - 00000000 ___DC () C:\1fb40d568f5ec3a269cf756119412132 2015-01-02 23:46 - 2015-01-02 23:48 - 00000000 ___DC () C:\ce32657ca2cf6f6ecca3390055143a 2015-01-02 23:42 - 2015-01-02 23:42 - 00000000 ___DC () C:\Users\Marina\AppData\Roaming\PC-FAX TX 2015-01-02 05:25 - 2015-01-02 05:27 - 00000000 ___DC () C:\5c40cdc0d5f45c5e97b658a30b 2015-01-01 22:28 - 2015-01-01 22:30 - 00000000 ___DC () C:\07b9b2972ba5c9f28ae22bbe00126a1f 2015-01-01 06:07 - 2015-01-01 06:09 - 00000000 ___DC () C:\220425c0a1578e921a9f67 2015-01-01 05:07 - 2015-01-01 05:07 - 00000000 ____C () C:\Windows\SysWOW64\shoFEA7.tmp 2015-01-01 05:05 - 2015-01-01 05:06 - 00000000 ___DC () C:\387e8b1d129a9244d6 2015-01-01 03:01 - 2015-01-01 03:03 - 00000000 ___DC () C:\805116f115698068b3 2014-12-31 19:11 - 2014-12-31 19:13 - 00000000 ___DC () C:\Users\Marina\AppData\Roaming\Wise Registry Cleaner 2014-12-31 15:55 - 2014-12-31 15:55 - 00000000 ___DC () C:\Users\Marina\AppData\Roaming\Macromedia 2014-12-31 15:55 - 2014-12-31 15:55 - 00000000 ___DC () C:\Users\Marina\AppData\Local\Macromedia 2014-12-31 15:53 - 2015-01-18 02:48 - 00008234 ____C () C:\Users\Marina\DesktopStCenter.txt 2014-12-31 15:53 - 2014-12-31 15:53 - 00000000 ___DC () C:\Users\Marina\AppData\Roaming\Mozilla 2014-12-31 15:53 - 2014-12-31 15:53 - 00000000 ___DC () C:\Users\Marina\AppData\Local\Mozilla 2014-12-31 15:17 - 2014-12-31 15:23 - 00000000 ___DC () C:\335610c6c8e09682eb6a797c 2014-12-31 05:11 - 2014-12-31 05:13 - 00000000 ___DC () C:\edb757e063a3858ad4cd8526b755 2014-12-30 16:36 - 2014-12-30 16:41 - 00000000 ___DC () C:\6e302748143f7779516b3c465ea39c 2014-12-30 03:01 - 2014-12-30 03:03 - 00000000 ___DC () C:\c180fbd747f888624503 2014-12-29 03:09 - 2014-12-29 03:09 - 00000000 ____C () C:\Windows\SysWOW64\sho969F.tmp 2014-12-29 03:01 - 2014-12-29 03:03 - 00000000 ___DC () C:\910e892608bbb1491958 2014-12-28 15:59 - 2014-12-28 16:02 - 00000000 ___DC () C:\b95da1f66e8c460f601d ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-27 15:34 - 2014-04-15 13:45 - 01794547 ____C () C:\Windows\WindowsUpdate.log 2015-01-27 15:31 - 2014-04-27 20:05 - 00003196 ____C () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-348309450-1816809450-22596906-1001 2015-01-27 15:23 - 2012-04-04 12:06 - 06897963 ____C () C:\Users\ms\DesktopStCenter.txt 2015-01-27 15:22 - 2011-08-17 01:01 - 00001412 ____C () C:\Windows\system32\ServiceFilter.ini 2015-01-27 15:21 - 2009-07-14 06:08 - 00000006 ___HC () C:\Windows\Tasks\SA.DAT 2015-01-27 14:48 - 2012-06-16 11:43 - 00000000 ___DC () C:\Users\ms\Downloads\Adobe 2015-01-27 14:48 - 2011-08-17 01:01 - 00000000 ___DC () C:\ProgramData\Temp 2015-01-27 14:44 - 2012-09-20 11:43 - 00701616 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-01-27 14:44 - 2012-06-24 08:45 - 00071344 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-01-27 14:43 - 2014-08-07 13:53 - 00000000 ___DC () C:\Users\ms\AppData\Local\Adobe 2015-01-27 14:30 - 2014-08-08 18:55 - 00000000 ___DC () C:\Users\ms\Desktop\Tor Browser 2015-01-27 14:07 - 2012-06-16 11:37 - 00000000 ___DC () C:\Users\ms\Downloads\Firefox 2015-01-27 10:42 - 2009-07-14 05:45 - 00021472 ___HC () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-01-27 10:42 - 2009-07-14 05:45 - 00021472 ___HC () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-01-27 10:34 - 2014-11-08 18:22 - 00000000 ___DC () C:\Program Files (x86)\Mozilla Maintenance Service 2015-01-27 03:05 - 2012-04-04 12:07 - 00000000 ___DC () C:\Users\ms\AppData\Roaming\FRITZ! 2015-01-26 22:36 - 2011-08-17 01:03 - 00045056 ____C () C:\Windows\system32\acovcnt.exe 2015-01-26 21:59 - 2011-11-10 10:24 - 00000000 ___DC () C:\Users\ms 2015-01-26 21:47 - 2014-02-26 22:53 - 00000000 ___DC () C:\Users\Marina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite 2015-01-26 21:47 - 2014-02-26 22:53 - 00000000 ___DC () C:\Users\Marina 2015-01-26 21:47 - 2013-04-02 15:58 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cornelsen 2015-01-26 21:47 - 2013-02-01 22:16 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AC3Filter 2015-01-26 21:47 - 2013-01-02 00:15 - 00000000 ___DC () C:\Users\ms\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon 2015-01-26 21:47 - 2012-10-11 22:24 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-01-26 21:47 - 2012-09-05 08:13 - 00000000 ___DC () C:\Users\ms\Desktop\Computer-tools 2015-01-26 21:47 - 2012-09-04 15:23 - 00000000 ___DC () C:\Users\ms\Downloads\Brother 2015-01-26 21:47 - 2012-07-16 16:17 - 00000000 ___DC () C:\Users\ms\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CLC E-Learning Resource 2015-01-26 21:47 - 2012-07-06 23:54 - 00000000 ___DC () C:\Users\ms\Desktop\Deutsch 2015-01-26 21:47 - 2012-06-22 12:12 - 00000000 ___DC () C:\Users\ms\AppData\Roaming\Wise Registry Cleaner 2015-01-26 21:47 - 2012-06-22 12:12 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner 2015-01-26 21:47 - 2012-06-06 16:45 - 00000000 ___DC () C:\Users\ms\Documents\Audible 2015-01-26 21:47 - 2012-06-06 16:45 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AudibleManager 2015-01-26 21:47 - 2012-05-12 15:32 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Segmenti 2015-01-26 21:47 - 2012-05-12 14:45 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Puzzle! - Druckmaschine 2015-01-26 21:47 - 2012-05-06 20:55 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN 2015-01-26 21:47 - 2012-05-06 20:55 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Graboid Video 2015-01-26 21:47 - 2012-03-20 16:46 - 00000000 ___DC () C:\Windows\System32\Tasks\Apple 2015-01-26 21:47 - 2012-03-20 16:46 - 00000000 ___DC () C:\Program Files (x86)\Apple Software Update 2015-01-26 21:47 - 2012-01-10 00:02 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft 2015-01-26 21:47 - 2011-11-26 22:02 - 00000000 ___DC () C:\Windows\system32\Macromed 2015-01-26 21:47 - 2011-11-17 23:06 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon 2015-01-26 21:47 - 2011-11-11 17:41 - 00000000 ___DC () C:\Program Files (x86)\Brother 2015-01-26 21:47 - 2011-11-10 18:48 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (Deutsch) 2015-01-26 21:47 - 2011-11-10 10:24 - 00000000 ___DC () C:\Users\ms\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite 2015-01-26 21:47 - 2011-08-17 01:05 - 00000000 ___DC () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite 2015-01-26 21:47 - 2011-08-17 01:05 - 00000000 ___DC () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite 2015-01-26 21:47 - 2011-08-17 00:58 - 00000000 ___DC () C:\ProgramData\P4G 2015-01-26 21:47 - 2011-08-17 00:53 - 00000000 __RDC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel 2015-01-26 21:47 - 2011-08-17 00:46 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility 2015-01-26 21:47 - 2011-04-09 19:58 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS 2015-01-26 21:47 - 2011-04-09 19:47 - 00000000 __RDC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live 2015-01-26 21:47 - 2011-02-19 10:02 - 00000000 ___DC () C:\Windows\SysWOW64\XPSViewer 2015-01-26 21:47 - 2009-07-14 06:32 - 00000000 ___DC () C:\Program Files\Reference Assemblies 2015-01-26 21:47 - 2009-07-14 06:32 - 00000000 ___DC () C:\Program Files\MSBuild 2015-01-26 21:47 - 2009-07-14 06:32 - 00000000 ___DC () C:\Program Files (x86)\Reference Assemblies 2015-01-26 21:47 - 2009-07-14 06:32 - 00000000 ___DC () C:\Program Files (x86)\MSBuild 2015-01-26 21:47 - 2009-07-14 04:20 - 00000000 ___DC () C:\Windows\AppCompat 2015-01-26 21:47 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache 2015-01-26 21:46 - 2009-07-14 04:20 - 00000000 ___DC () C:\Windows\registration 2015-01-26 21:43 - 2014-11-06 16:02 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother 2015-01-26 21:43 - 2011-08-17 00:50 - 00000000 __HDC () C:\Program Files (x86)\InstallShield Installation Information 2015-01-22 21:12 - 2012-03-28 11:41 - 00000000 ___DC () C:\Users\ms\AppData\Roaming\Apple Computer 2015-01-22 20:04 - 2012-05-06 21:04 - 00000000 ___DC () C:\Users\ms\AppData\Roaming\vlc 2015-01-22 17:12 - 2014-12-02 14:37 - 00000000 ____D () C:\found.001 2015-01-22 17:12 - 2014-12-01 14:23 - 00000000 ____D () C:\found.000 2015-01-20 15:50 - 2009-07-14 06:09 - 00000000 ___DC () C:\Windows\System32\Tasks\WPD 2015-01-20 14:37 - 2011-08-17 00:56 - 00120320 ____C () C:\Users\Default\AppData\Local\GDIPFONTCACHEV1.DAT 2015-01-20 14:37 - 2011-08-17 00:56 - 00120320 ____C () C:\Users\Default User\AppData\Local\GDIPFONTCACHEV1.DAT 2015-01-20 14:37 - 2009-07-14 05:57 - 00001547 ____C () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2015-01-20 14:35 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-01-16 22:31 - 2014-02-26 22:54 - 00000000 ___DC () C:\Users\Marina\AppData\Roaming\FRITZ! 2015-01-15 09:17 - 2012-07-17 17:34 - 00000000 ___DC () C:\Users\ms\Documents\Wohnung 2015-01-14 17:38 - 2013-08-15 02:03 - 00000000 ___DC () C:\Windows\system32\MRT 2015-01-14 17:29 - 2011-11-11 16:07 - 113365784 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-01-14 16:18 - 2011-11-10 23:50 - 00004096 ____C () C:\Users\Public\Documents\00000044.LCS 2015-01-13 03:03 - 2011-11-10 12:34 - 01653160 ____C () C:\Windows\SysWOW64\PerfStringBackup.INI 2015-01-13 03:03 - 2011-02-19 10:08 - 00721112 ____C () C:\Windows\system32\perfh007.dat 2015-01-13 03:03 - 2011-02-19 10:08 - 00158288 ____C () C:\Windows\system32\perfc007.dat 2015-01-13 03:03 - 2009-07-14 06:13 - 01653160 ____C () C:\Windows\system32\PerfStringBackup.INI 2015-01-12 19:55 - 2013-10-16 18:55 - 00000460 ____C () C:\Windows\Tasks\Wise Registry Cleaner Schedule Task.job 2015-01-10 10:38 - 2012-06-16 12:09 - 00000000 ___DC () C:\Users\ms\Downloads\Firefox_Bookmarks 2015-01-08 09:55 - 2012-05-03 14:18 - 00298120 ____C (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2015-01-02 23:42 - 2012-12-20 12:15 - 00000778 ____C () C:\Windows\Brpfx04a.ini ==================== Files in the root of some directories ======= 2014-06-26 02:01 - 2014-06-26 02:01 - 6010880 ____C () C:\Program Files (x86)\GUT87B5.tmp 2012-07-29 17:01 - 2006-06-02 13:27 - 0017542 ____C () C:\Program Files\Common Files\Net4Switch.ico 2007-06-12 17:34 - 2007-06-12 17:34 - 0035822 ____C () C:\Program Files (x86)\Common Files\ASPG_icon.ico 2008-05-22 16:35 - 2008-05-22 16:35 - 0051962 ____C () C:\Program Files (x86)\Common Files\banner.jpg 2009-04-08 18:31 - 2009-04-08 18:31 - 0106496 ____C () C:\Program Files (x86)\Common Files\CPInstallAction.dll 2014-05-26 17:47 - 2003-03-21 11:45 - 0250544 ____C (KeyWorks Software) C:\Program Files (x86)\Common Files\keyhelp.ocx 2008-08-12 05:45 - 2008-08-12 05:45 - 0155648 ____C (ASUS) C:\Program Files (x86)\Common Files\MSIactionall.dll 2012-07-29 17:01 - 2006-06-02 13:27 - 0017542 ____C () C:\Program Files (x86)\Common Files\Net4Switch.ico 2014-11-05 10:35 - 2014-11-05 10:35 - 0000115 ____C () C:\Users\ms\AppData\Roaming\Camdata.ini 2014-11-05 10:35 - 2014-11-05 10:35 - 0000408 ____C () C:\Users\ms\AppData\Roaming\CamLayout.ini 2014-11-05 10:35 - 2014-11-05 10:35 - 0000408 ____C () C:\Users\ms\AppData\Roaming\CamShapes.ini 2014-11-05 10:35 - 2014-11-05 10:35 - 0004416 ____C () C:\Users\ms\AppData\Roaming\CamStudio.cfg 2011-04-09 19:59 - 2010-07-07 00:10 - 0131472 ____C () C:\ProgramData\FullRemove.exe 2011-08-17 01:05 - 2011-08-17 01:06 - 0000105 ____C () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log 2011-08-17 01:04 - 2011-08-17 01:05 - 0000107 ____C () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-26 10:17 ==================== End Of Log ============================ --- --- --- --- --- --- --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-01-2015 01
Ran by ms at 2015-01-27 13:00:48
Running from C:\Users\ms\Downloads\Firefox\Neuer Ordner
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Disabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Disabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
MFC-7420 (HKLM-x32\...\{C2530D63-B66B-48B5-BB50-7C6281FE7AA6}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
AC3Filter 2.5b (HKLM-x32\...\AC3Filter_is1) (Version: 2.5b - Alexander Vigovsky)
Acronis*True*Image*Home 2012 (HKLM-x32\...\{C1FDF2F0-2136-42D8-8A64-2B45BBF2C19E}Visible) (Version: 15.0.7119 - Acronis)
Acronis*True*Image*Home 2012 (x32 Version: 15.0.7119 - Acronis) Hidden
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
Amazon Cloud Drive (HKLM-x32\...\{9A766E33-BB01-480F-ABFC-424B8AC11212}) (Version: 0.11.12.0 - Amazon.com)
Amazon MP3-Downloader 1.0.17 (HKLM-x32\...\Amazon MP3-Downloader) (Version: 1.0.17 - Amazon Services LLC)
Apple Application Support (HKLM-x32\...\{21FC2093-6E43-460B-B9B0-5F5AA35BBB0F}) (Version: 3.0 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS AI Recovery (HKLM-x32\...\{38253529-D97D-4901-AE53-5CC9736D3A2E}) (Version: 1.0.13 - ASUS)
ASUS CopyProtect (HKLM-x32\...\{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}) (Version: 1.0.0015 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.21 - ASUS)
ASUS Live Update (HKLM-x32\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.9 - ASUS)
ASUS MultiFrame (HKLM-x32\...\{9D48531D-2135-49FC-BC29-ACCDA5396A76}) (Version: 1.0.0021 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.1.41 - ASUS)
ASUS Secure Delete (HKLM\...\{761C6783-D3BC-48AB-8E7C-61CE918A8436}) (Version: 1.00.0006 - ASUS)
ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0009 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0031 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.20 - asus)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 3.0.84.161 - eCareme Technologies, Inc.)
Asus_PSeries_Screensaver (HKLM-x32\...\Asus_PSeries_Screensaver) (Version: 1.0.0001 - ASUS)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.10.168 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0007 - ASUS)
Audible Download Manager (HKLM-x32\...\AudibleDownloadManager) (Version: 6.6.0.15 - Audible, Inc.)
Avery Wizard 4.0 (HKLM-x32\...\{F5D84887-8A6F-4993-8560-B3AA44CB620D}) (Version: 4.0.201 - Avery)
Camden Town Gym 2 Lernerfolgskontrollen (HKLM-x32\...\{9B146E0C-AD3B-4CCC-AEFA-AF9B76534815}) (Version: 1.00.0000 - Bildungshaus Schulbuchverlage Westermann Schroedel Diesterweg Schöningh Winklers GmbH)
Camden Town Gym 5 Lernerfolgskontrollen (HKLM-x32\...\{67B06220-59F4-4959-9CBC-02792045CC0D}) (Version: 1.00.0000 - Bildungshaus Schulbuchverlage Westermann Schroedel Diesterweg Schöningh Winklers GmbH)
CCleaner (HKLM\...\CCleaner) (Version: 4.07 - Piriform)
Codecs for Windows 7 Pack 4.0.5 (HKLM-x32\...\Codecs for Windows 7 Pack) (Version: 4.0.5 - Codecs for Windows 7 Pack)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.127.0.61 - Conexant)
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
ControlDeck (HKLM-x32\...\{5B65EF64-1DFA-414A-8C94-7BB726158E21}) (Version: 1.0.9 - ASUS)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
ConvertHelper 2.2 (HKLM-x32\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version: - DownloadHelper)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1908 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)
CyberLink PowerRecover (HKLM-x32\...\InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.6.1622 - CyberLink Corp.)
CyberLink PowerRecover (Version: 5.6.1622 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0333 - Disc Soft Ltd)
deutsch ideen 7. Jahrgang Lernsoftware (HKLM-x32\...\{C8B30FEF-A214-408A-882A-FB819B04954E}) (Version: 1.00.0000 - Schroedel)
deutsch.ideen 5 Lernsoftware (HKLM-x32\...\{B14897A6-4825-496B-B7ED-9D99E5F9DB7F}) (Version: 1.00.0000 - Schroedel)
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.87 - DivX, LLC)
English G 21 e-Workbook A3 (HKLM-x32\...\{BE18B4ED-EC6C-4DA1-AC48-515E8D60BFFE}) (Version: 1.00.000 - Cornelsen)
ETDWare PS/2-x64 7.0.5.16_WHQL (HKLM\...\Elantech) (Version: 7.0.5.16 - ELAN Microelectronics Corp.)
Familia Romana (HKLM-x32\...\{1F45C99D-D5F7-4784-8A5A-DC19DDA2F051}) (Version: 1.5 - Domus Latina)
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.7 - ASUS)
Fences (Version: 1.0 - Stardock Corporation) Hidden
Free Studio version 2013 (HKLM-x32\...\Free Studio_is1) (Version: 6.1.1.426 - DVDVideoSoft Ltd.)
FRITZ!DSL64 (HKLM\...\{2D5D9603-22CF-4B99-83F6-0CD20330F62E}) (Version: 2.04.03 - AVM Berlin)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Garmin Training Center (HKLM-x32\...\{2A03B9F8-BE6D-43C6-A16A-B9998A194AF0}) (Version: 3.4.5 - Garmin Ltd or its subsidiaries)
Garmin Training Center (HKLM-x32\...\{7D542452-84EB-47C0-97BA-735C523AB555}) (Version: 3.6.5 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM-x32\...\{AE1EC58E-B2AC-4959-A4C2-C38202A25239}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Graboid Video 3.1 (HKLM-x32\...\Graboid Video) (Version: 3.1 - Graboid Inc.)
HotPotatoes v 6.3.0.5 (HKLM-x32\...\hotpot_is1) (Version: - HalfBaked)
ImageShack Uploader 2.2.0 (HKLM-x32\...\{8BCD7AE7-F713-4D50-BAB9-7839B9386870}) (Version: 2.2.0 - ImageShack Corp.)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2405 - Intel Corporation)
Java 7 Update 17 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.170 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
JMicron Ethernet Adapter NDIS Driver (HKLM-x32\...\{96DCEE2F-98EE-4F80-8C0F-7C04D1FB9D7F}) (Version: 6.0.27.6 - JMicron Technology Corp.)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.33.2 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
L&H TTS3000 Deutsch (HKLM-x32\...\LHTTSGED) (Version: - )
Latein@home – prima A - N Lektionen 1-25 (HKU\S-1-5-21-348309450-1816809450-22596906-1001\...\286989ac39316ff0) (Version: 1.0.8.0 - C.C.Buchner)
Lift Online (HKU\S-1-5-21-348309450-1816809450-22596906-1001\...\f12db597b42ce547) (Version: 1.4.14.0 - C.C.Buchner)
Mahjongg dimensions (HKLM-x32\...\Mahjongg dimensions) (Version: - Oberon Media Inc.)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mein CEWE FOTOBUCH (HKLM-x32\...\Mein CEWE FOTOBUCH) (Version: 5.0.4 - CEWE COLOR AG u Co. OHG)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Speech SDK 4.0 (HKLM-x32\...\MSSpchSDK) (Version: - )
Microsoft Speech SDK 4.0 ActiveX Components (HKLM-x32\...\ST5UNST #1) (Version: - )
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{D285FC5F-3021-32E9-9C59-24CA325BDC5C}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0.3 - Mozilla)
MTG Card Images for Magic Workstation (HKLM-x32\...\MTG Card Images for Magic Workstation_is1) (Version: - )
Navigium Maximum (HKLM-x32\...\{E22D9088-8A23-4EF0-915F-E3C671518D30}) (Version: 8.1 - Philipp Niederau)
Net4Switch (HKLM-x32\...\{9D6D7811-43B3-463C-BC79-5D1755269989}) (Version: 1.00.0020 - ASUS)
Opera Stable 23.0.1522.77 (HKLM-x32\...\Opera 23.0.1522.77) (Version: 23.0.1522.77 - Opera Software ASA)
Opera Stable 25.0.1614.68 (HKLM-x32\...\Opera 25.0.1614.68) (Version: 25.0.1614.68 - Opera Software ASA)
PaperPort (HKLM-x32\...\{A17EABB6-D0C6-44E5-820C-72DC7F495064}) (Version: 9.02.0814 - ScanSoft, Inc.)
PDF24 Creator 6.7.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
Pfadfinder 2.0 (HKLM-x32\...\{F0AF5265-0E76-4AC0-AE45-ACA6428D5EDA}) (Version: 1.0.26 - Bildungshaus Schulbuchverlage GmbH, Braunschweig)
ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.14 - ProtectDisc Software GmbH)
Puzzle! - Druckmaschine (HKLM-x32\...\PuzzlePrintmachine) (Version: - )
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Rund um (2.0) ... deutsch ideen 7 (HKLM-x32\...\{F1874632-E9F0-439C-9B7A-AE41F4073CB3}) (Version: 1.00.0000 - Bildungshaus Schulbuchverlage Westermann Schroedel Diesterweg Schöningh Winklers GmbH)
Rund um (2.0) ... deutsch ideen 8 (HKLM-x32\...\{C8279D79-3526-4582-9727-AA3E143D5775}) (Version: 1.00.0000 - Bildungshaus Schulbuchverlage Westermann Schroedel Diesterweg Schöningh Winklers GmbH)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
SceneSwitch (HKLM-x32\...\{5172E572-C175-4F80-A6D5-5CB45826AD61}) (Version: 1.0.6 - ASUS)
Segmenti (HKLM-x32\...\Segmenti) (Version: 5.01 - Ilya Morozov, Regine Müller)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
USB2.0 UVC VGA WebCam (HKLM\...\USB2.0 UVC VGA WebCam) (Version: 5.8.54000.207 - Sonix)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player 1.0.1 (HKLM-x32\...\VLC media player) (Version: 1.0.1 - VideoLAN Team)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.30.3 - ASUS)
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.19 - ASUS)
Wise Registry Cleaner 8.31 (HKLM-x32\...\Wise Registry Cleaner_is1) (Version: 8.31 - WiseCleaner.com, Inc.)
X Codec Pack (HKLM\...\X Codec Pack) (Version: 2.6.8 - X Codec Pack team)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-348309450-1816809450-22596906-1001_Classes\CLSID\{3d7edf71-d764-422f-88d3-aac18e4cef75}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-348309450-1816809450-22596906-1001_Classes\CLSID\{3f752dc2-9513-4366-aa36-982181f0d29f}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
==================== Restore Points =========================
26-01-2015 17:38:52 Windows Update
26-01-2015 17:50:04 Windows Update
26-01-2015 18:03:24 Windows Update
26-01-2015 21:19:20 Wiederherstellungsvorgang
26-01-2015 22:01:08 Windows-Sicherung
26-01-2015 22:12:19 Windows Update
26-01-2015 22:22:58 Windows Update
26-01-2015 22:56:25 Windows-Sicherung
26-01-2015 22:58:50 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ___AC C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {04F4257A-A026-4FA9-8DDD-5298AFBB1A27} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-08] (Google Inc.)
Task: {05DD6F52-BAC9-414C-B98B-3272EEA48AF1} - System32\Tasks\ASUS Secure Delete => C:\Program Files\ASUS\ASUS Secure Delete\ADDEL.exe [2010-05-12] ()
Task: {17E3A749-0324-4188-8D65-C69127A18A2D} - System32\Tasks\Real Player-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [2014-11-05] (RealNetworks, Inc.)
Task: {199FB700-5FEC-4015-AAB2-5AC7EAF8BE4A} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {20F86E17-680E-4E9C-B78F-B7DDBD0A5597} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2009-07-31] (ASUS)
Task: {2D29AA8A-728C-497D-B562-65578DA3E679} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-348309450-1816809450-22596906-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {30C7685B-B12A-43D0-88FF-16129671BA57} - System32\Tasks\ScanSoft Background Update => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2003-10-14] (Scansoft, Inc.)
Task: {45E95E6A-A579-4BD2-97FC-DDA2A22745E2} - System32\Tasks\ASUSControlDeck => C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe [2010-09-30] (asus)
Task: {47419099-36A6-4227-B014-1739382C6DF6} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe
Task: {50EE2FBE-D9F1-4254-B45B-5E5C7E34A8F4} - System32\Tasks\Wise Registry Cleaner Schedule Task => C:\Program Files (x86)\Wise\Wise Registry Cleaner\WiseRegCleaner.exe [2014-12-25] (WiseCleaner.com)
Task: {5D1FACE7-7CFF-46A2-B74C-D3099392E7C6} - System32\Tasks\Divx-Online-Aktualisierungsprogramm => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [2013-08-29] ()
Task: {5E5A8939-E8C7-4903-8E01-4391D6867EB9} - System32\Tasks\{5B6253FA-B677-4804-A842-E50F1E9D210C} => pcalua.exe -a C:\Users\ms\Downloads\Segmenti_Silbentrennung\Segmenti-Setup.exe -d C:\Users\ms\Documents
Task: {6320F722-2A8E-46A4-B291-0925AD626FA3} - System32\Tasks\{A539B467-32F5-45A8-8949-9F44FB14B6D4} => pcalua.exe -a C:\Users\ms\Downloads\Segmenti_Silbentrennung\spchapi.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {63C42DE6-94D2-445D-89BE-27CA7AFB0FCA} - System32\Tasks\{615FCAE0-66A4-44AD-BC96-9A6DE2C899F3} => pcalua.exe -a E:\PSetup.exe -d E:\
Task: {7CF3B680-CBC3-4CEB-A88F-8EA14B9F0134} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-17] (ASUS)
Task: {8B9C86DE-842A-445C-8889-C6A205233B4D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A3F794D9-89E3-487B-8E70-F31FC7760ED4} - System32\Tasks\Net4Switch => C:\Program Files (x86)\ASUS\Net4Switch\Net4Switch.exe [2009-09-23] (ASUS)
Task: {A48E9B57-FBBA-4A0E-B2CC-E2C0EC3E62B8} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-348309450-1816809450-22596906-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {AB27D89E-50FE-4E3F-ABAC-7BABD6392A24} - System32\Tasks\{375CE224-525E-4D31-AFC0-7E2D646B0019} => pcalua.exe -a C:\Users\ms\Pictures\Farmerama\34630icon_v1_24.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {AF4C5353-9046-4405-BBDE-BA41D3B2A5A5} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2010-10-15] (ASUS)
Task: {B6F7EDEB-AD13-4197-BA44-01461FA226A9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-10-22] (Piriform Ltd)
Task: {BAA70EA8-AC22-4B19-A960-6E5BA9D989A1} - System32\Tasks\ASPG => C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe [2009-06-29] (ASUS)
Task: {BF1CB080-3F22-4EF1-8BE6-847DAEB79F77} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2010-08-02] (ASUS)
Task: {C3EDFE5E-4816-4CE7-976C-BCB441AA4775} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {C542595D-E7B2-424A-84D7-6B00AED1DA91} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-348309450-1816809450-22596906-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {CADAC429-8F7C-4526-80C6-B65821CD2576} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-08] (Google Inc.)
Task: {D664D557-B4AC-4AB0-B3B2-316F9A45DEE7} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-348309450-1816809450-22596906-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {D9A463B6-CE59-484C-B9EE-C644EF23CEDF} - System32\Tasks\Opera scheduled Autoupdate 1407520237 => C:\Program Files (x86)\Opera\launcher.exe [2014-10-29] (Opera Software)
Task: {DF4FF136-50AE-4F3B-B259-FD0DBD186233} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-348309450-1816809450-22596906-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14] (RealNetworks, Inc.)
Task: {E251D0D4-4902-4039-9AFA-0A49151530CA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {E39394BF-260D-474A-8B17-541C011D5E3B} - System32\Tasks\{3E723F4A-A53F-4C4F-A9BE-1CC4B56A1F28} => pcalua.exe -a C:\Users\ms\Downloads\Fritzbox\fritzdsl2.04.03_german.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {EFB11D09-21FB-413D-B547-8CA1C925E9C5} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-348309450-1816809450-22596906-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {F83479DB-F54D-48EC-917E-2EC71D14F631} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-348309450-1816809450-22596906-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Wise Registry Cleaner Schedule Task.job => C:\Program Files (x86)\Wise\Wise Registry Cleaner\WiseRegCleaner.exe
==================== Loaded Modules (whitelisted) =============
2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 ____C () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2010-07-15 00:11 - 2010-07-15 00:11 - 00031360 _____ () C:\Program Files\P4G\DevMng.dll
2010-04-03 03:21 - 2008-10-01 07:08 - 00011264 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2010-05-12 01:35 - 2010-05-12 01:35 - 00489392 _____ () C:\Program Files\ASUS\ASUS Secure Delete\ADDEL.exe
2010-09-24 00:53 - 2010-09-24 00:53 - 01601536 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
2012-04-27 17:33 - 2012-04-27 17:33 - 00435552 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\Common\ulxmlrpcpp.dll
2009-11-02 22:20 - 2009-11-02 22:20 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-02 22:23 - 2009-11-02 22:23 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2015-01-26 22:18 - 2015-01-26 22:20 - 03925104 ____C () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2010-09-30 15:13 - 2010-09-30 15:13 - 00041472 _____ () C:\Program Files (x86)\ASUS\ControlDeck\HelpFunc.dll
2010-09-30 15:13 - 2010-09-30 15:13 - 00071680 _____ () C:\Program Files (x86)\ASUS\ControlDeck\Brightness.dll
2010-09-30 15:14 - 2010-09-30 15:14 - 00076288 _____ () C:\Program Files (x86)\ASUS\ControlDeck\Volume.dll
2010-09-30 15:13 - 2010-09-30 15:13 - 00186880 _____ () C:\Program Files (x86)\ASUS\ControlDeck\Resolution.dll
2015-01-22 08:10 - 2015-01-22 08:10 - 16844464 ____C () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:029E021F
AlternateDataStreams: C:\ProgramData\Temp:5D458568
AlternateDataStreams: C:\ProgramData\Temp:81F83028
AlternateDataStreams: C:\ProgramData\Temp:981884E7
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: ASUSWebStorage => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: DivXMediaServer => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: EssentialPIM Portable => "C:\Program Files (x86)\EssentialPIM Terminplanung\EssentialPIM.exe" /autorun
MSCONFIG\startupreg: ETDWare => %ProgramFiles%\Elantech\ETDCtrl.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SDP => C:\Users\ms\AppData\Local\FilesFrog Update Checker\update_checker.exe /auto
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
MSCONFIG\startupreg: UpdateLBPShortCut => "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
MSCONFIG\startupreg: UpdateP2GoShortCut => "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
========================= Accounts: ==========================
Administrator (S-1-5-21-348309450-1816809450-22596906-500 - Administrator - Disabled)
Gast (S-1-5-21-348309450-1816809450-22596906-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-348309450-1816809450-22596906-1002 - Limited - Enabled)
Marina (S-1-5-21-348309450-1816809450-22596906-1003 - Limited - Enabled) => C:\Users\Marina
ms (S-1-5-21-348309450-1816809450-22596906-1001 - Administrator - Enabled) => C:\Users\ms
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/26/2015 10:36:24 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Der Index kann nicht initialisiert werden.
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (01/26/2015 10:36:24 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Die Anwendung kann nicht initialisiert werden.
Kontext: Windows Anwendung
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (01/26/2015 10:36:24 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Das Gatherer-Objekt kann nicht initialisiert werden.
Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (01/26/2015 10:36:24 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden.
Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Element nicht gefunden. (HRESULT : 0x80070490) (0x80070490)
Error: (01/26/2015 10:36:24 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Plug-In in <Search.JetPropStore> kann nicht initialisiert werden.
Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (01/26/2015 10:36:24 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Die Eigenschaftenspeicherdaten können von Windows Search nicht geladen werden.
Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Die Inhaltsindexdatenbank ist fehlerhaft. (HRESULT : 0xc0041800) (0xc0041800)
Error: (01/26/2015 10:36:24 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: Windows Search wird aufgrund eines Problems bei der Indizierung The catalog is corrupt beendet.
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (01/26/2015 10:36:24 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: Vom Suchdienst wurden beschädigte Datendateien im Index {id=4700} erkannt. Vom Dienst wird versucht, dieses Problem durch Neuerstellung des Indexes automatisch zu beheben.
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (01/26/2015 10:36:24 PM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: Der Jet-Eigenschaftenspeicher kann von Windows Search nicht geöffnet werden.
Details:
0x%08x (0xc0041800 - Die Inhaltsindexdatenbank ist fehlerhaft. (HRESULT : 0xc0041800))
Error: (01/26/2015 10:36:24 PM) (Source: ESENT) (EventID: 455) (User: )
Description: Windows (3976) Windows: Fehler -1811 beim Öffnen von Protokolldatei C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS0003D.log.
System errors:
=============
Error: (01/27/2015 10:37:48 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Google Update Service (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (01/27/2015 10:37:48 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Google Update Service (gupdate) erreicht.
Error: (01/27/2015 10:32:59 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.
Error: (01/27/2015 10:32:59 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (01/27/2015 10:32:59 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Presentation Foundation-Schriftartcache 3.0.0.0 erreicht.
Error: (01/27/2015 10:32:55 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.
Error: (01/27/2015 10:32:53 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (01/27/2015 10:32:53 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Druckwarteschlange" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (01/27/2015 10:32:53 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Application Virtualization Client" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (01/27/2015 10:32:53 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Adobe Acrobat Update Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Microsoft Office Sessions:
=========================
Error: (01/26/2015 10:36:24 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description:
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (01/26/2015 10:36:24 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Kontext: Windows Anwendung
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (01/26/2015 10:36:24 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (01/26/2015 10:36:24 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Element nicht gefunden. (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer
Error: (01/26/2015 10:36:24 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore
Error: (01/26/2015 10:36:24 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Die Inhaltsindexdatenbank ist fehlerhaft. (HRESULT : 0xc0041800) (0xc0041800)
Error: (01/26/2015 10:36:24 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description:
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt
Error: (01/26/2015 10:36:24 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description:
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
4700
Error: (01/26/2015 10:36:24 PM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description:
Details:
0x%08x (0xc0041800 - Die Inhaltsindexdatenbank ist fehlerhaft. (HRESULT : 0xc0041800))
Error: (01/26/2015 10:36:24 PM) (Source: ESENT) (EventID: 455) (User: )
Description: Windows3976Windows: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS0003D.log-1811
CodeIntegrity Errors:
===================================
Date: 2014-02-15 21:53:58.784
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\ETD.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-02-15 21:53:58.644
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\ETD.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz
Percentage of memory in use: 77%
Total physical RAM: 1900.3 MB
Available physical RAM: 435.17 MB
Total Pagefile: 5700.89 MB
Available Pagefile: 2979.17 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:119.24 GB) (Free:39.96 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: () (Fixed) (Total:153.85 GB) (Free:22.11 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: AA9693FE)
Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)
Partition 2: (Active) - (Size=119.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=153.9 GB) - (Type=OF Extended)
==================== End Of Log ============================
Geändert von moona (27.01.2015 um 15:41 Uhr) |
|
27.01.2015, 17:21
| #6 |
| | Windows Update gescheitertFehlermeldung bei wichtigem Windows Update: Fehler 800B0100 Updateverlauf habe ich als Datei angehängt, da ich nicht weiß, wie ich hier einen Screenshot einbinden kann |
|
27.01.2015, 20:19
| #7 |
| /// the machine /// TB-Ausbilder | Quickstart eingefangen, Systemwiederherstellung gemacht, PC sehr langsam hi, Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
28.01.2015, 02:03
| #8 |
| | Quickstart eingefangen, Systemwiederherstellung gemacht, PC sehr langsam was kannst du daraus lesen? Code:
ATTFilter ComboFix 15-01-27.01 - ms 28.01.2015 1:36.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.1900.551 [GMT 1:00]
ausgeführt von:: c:\users\ms\Downloads\Firefox\Neuer Ordner\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Disabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\esupport\eDriver\Software\ASUS\MultiFrame\XP32_Vista32_Vista64_Win7_32_Win7_64_1.0.0021\Desktop_.ini
c:\program files (x86)\Common Files\ASPG_icon.ico
c:\program files (x86)\Common Files\Net4Switch.ico
c:\users\ms\Documents\~WRL2638.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ACEDRV11
-------\Service_acedrv11
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-12-28 bis 2015-01-28 ))))))))))))))))))))))))))))))
.
.
2015-01-28 00:46 . 2015-01-28 00:46 -------- dc----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2015-01-28 00:46 . 2015-01-28 00:46 -------- dc----w- c:\users\Marina\AppData\Local\temp
2015-01-28 00:46 . 2015-01-28 00:46 -------- dc----w- c:\users\Default\AppData\Local\temp
2015-01-27 18:46 . 2015-01-27 18:46 0 -c--a-w- c:\windows\SysWow64\shoC61C.tmp
2015-01-27 18:44 . 2015-01-27 18:44 -------- dc----w- C:\3a7f6e15900cee526f1fbc
2015-01-27 17:47 . 2014-12-15 03:13 11870360 -c--a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{61CB4123-A3EE-483E-9E1E-EC1FB2417879}\mpengine.dll
2015-01-27 17:44 . 2015-01-27 17:45 3179520 ----a-w- c:\windows\system32\rdpcorets.dll
2015-01-27 17:44 . 2015-01-27 17:45 16384 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2015-01-27 15:11 . 2015-01-27 15:13 19456 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
2015-01-27 15:11 . 2012-08-23 14:08 30208 -c--a-w- c:\windows\system32\drivers\TsUsbGD.sys
2015-01-27 15:11 . 2015-01-27 15:13 243200 ----a-w- c:\windows\system32\rdpudd.dll
2015-01-27 15:11 . 2015-01-27 15:13 228864 ----a-w- c:\windows\system32\rdpendp_winip.dll
2015-01-27 15:11 . 2015-01-27 15:13 192000 ----a-w- c:\windows\SysWow64\rdpendp_winip.dll
2015-01-27 15:07 . 2015-01-27 15:17 792576 ----a-w- c:\windows\SysWow64\TSWorkspace.dll
2015-01-27 15:06 . 2015-01-27 15:17 1030144 ----a-w- c:\windows\system32\TSWorkspace.dll
2015-01-27 13:07 . 2015-01-27 13:07 -------- dc----w- c:\programdata\Licenses
2015-01-27 13:07 . 2015-01-28 00:28 -------- dc----w- c:\program files (x86)\SpywareBlaster
2015-01-27 12:12 . 2015-01-27 12:12 -------- dc----w- c:\windows\ERUNT
2015-01-27 11:45 . 2015-01-27 14:36 -------- dc----w- C:\FRST
2015-01-27 09:53 . 2015-01-28 00:24 129752 -c--a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-01-27 09:52 . 2015-01-27 12:07 -------- dc----w- c:\program files (x86)\ Malwarebytes Anti-Malware
2015-01-27 09:52 . 2015-01-27 09:52 -------- dc----w- c:\programdata\Malwarebytes
2015-01-27 09:52 . 2014-11-21 05:14 63704 -c--a-w- c:\windows\system32\drivers\mwac.sys
2015-01-27 09:52 . 2014-11-21 05:14 93400 -c--a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-01-27 09:52 . 2014-11-21 05:14 25816 -c--a-w- c:\windows\system32\drivers\mbam.sys
2015-01-26 22:34 . 2014-12-15 03:13 11870360 -c--a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-01-26 22:27 . 2015-01-26 22:27 1188440 -c--a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8D8510D5-6424-46EC-B4FA-6F4C5104841B}\gapaengine.dll
2015-01-26 22:08 . 2015-01-26 22:13 -------- dc----w- c:\program files (x86)\Microsoft Security Client
2015-01-26 22:07 . 2015-01-26 22:14 -------- dc----w- c:\program files\Microsoft Security Client
2015-01-26 21:29 . 2015-01-26 21:29 0 -c--a-w- c:\windows\SysWow64\sho9EF.tmp
2015-01-26 21:17 . 2014-12-02 10:26 11870360 -c--a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{465EB45E-9387-440D-81C9-0B3981A1F9CA}\mpengine.dll
2015-01-26 18:10 . 2015-01-26 18:10 -------- dc----w- C:\sh4ldr
2015-01-26 18:09 . 2015-01-26 18:09 -------- dc----w- c:\program files\Enigma Software Group
2015-01-23 14:26 . 2015-01-26 20:47 -------- dc----w- C:\FreeOCR
2015-01-22 20:28 . 2015-01-22 20:28 -------- dc----w- c:\program files\iPod
2015-01-22 20:28 . 2015-01-26 20:46 -------- dc----w- c:\program files (x86)\iTunes
2015-01-22 20:28 . 2015-01-26 20:46 -------- dc----w- c:\programdata\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-01-22 20:28 . 2015-01-26 20:46 -------- dc----w- c:\program files\iTunes
2015-01-22 20:18 . 2015-01-22 20:28 -------- dc----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2015-01-22 20:16 . 2015-01-26 20:47 -------- dc----w- c:\program files (x86)\Bonjour
2015-01-22 20:16 . 2015-01-26 20:46 -------- dc----w- c:\program files\Bonjour
2015-01-22 14:38 . 2015-01-22 14:38 0 -c--a-w- c:\windows\SysWow64\shoD692.tmp
2015-01-20 19:18 . 2015-01-20 19:18 0 -c--a-w- c:\windows\SysWow64\sho97FF.tmp
2015-01-20 13:37 . 2015-01-20 13:37 -------- dc----w- c:\windows\system32\config\systemprofile\AppData\Roaming\Stardock
2015-01-14 11:43 . 2015-01-14 16:38 210432 ----a-w- c:\windows\system32\profsvc.dll
2015-01-14 11:43 . 2015-01-14 16:38 52224 ----a-w- c:\windows\SysWow64\nlaapi.dll
2015-01-14 11:43 . 2015-01-14 16:38 303616 ----a-w- c:\windows\system32\nlasvc.dll
2015-01-14 11:43 . 2015-01-14 16:38 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
2015-01-14 11:42 . 2015-01-14 16:38 141312 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2015-01-14 11:37 . 2015-01-14 16:38 5553592 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-01-14 11:37 . 2015-01-14 16:38 3971512 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2015-01-14 11:37 . 2015-01-14 16:38 3916728 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2015-01-14 11:37 . 2015-01-14 16:38 503808 ----a-w- c:\windows\system32\srcore.dll
2015-01-14 11:37 . 2015-01-14 16:38 50176 ----a-w- c:\windows\system32\srclient.dll
2015-01-14 11:37 . 2015-01-14 16:38 296960 ----a-w- c:\windows\system32\rstrui.exe
2015-01-14 11:37 . 2015-01-14 16:38 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2015-01-14 02:31 . 2015-01-14 02:31 0 -c--a-w- c:\windows\SysWow64\sho72C1.tmp
2015-01-13 02:18 . 2015-01-13 02:18 0 -c--a-w- c:\windows\SysWow64\shoD0BA.tmp
2015-01-12 02:15 . 2015-01-12 02:15 0 -c--a-w- c:\windows\SysWow64\sho83A.tmp
2015-01-11 18:31 . 2015-01-22 14:28 -------- dc----w- c:\users\ms\AppData\Roaming\WiseUpdate
2015-01-11 03:32 . 2015-01-11 03:33 -------- dc----w- C:\afd82bc8219b0339f691aaa3fe6fd92e
2015-01-11 02:24 . 2015-01-11 02:26 -------- dc----w- C:\e3e395ec3b549020b4354be2
2015-01-11 02:02 . 2015-01-11 02:04 -------- dc----w- C:\a7a4e9af4fb6ec59e01508676f96de14
2015-01-10 02:05 . 2015-01-10 02:07 -------- dc----w- C:\9b07d5d3e7a75a14c52ebd91
2015-01-09 02:02 . 2015-01-09 02:04 -------- dc----w- C:\ef4261d189143e43de74b3bcadaa0c02
2015-01-08 17:43 . 2015-01-27 11:13 -------- dc----w- C:\AdwCleaner
2015-01-08 11:34 . 2015-01-08 11:36 -------- dc----w- C:\5eaf4e3b1df9bcb06a140e7579e784
2015-01-08 03:41 . 2015-01-08 03:43 -------- dc----w- C:\ba3d6355d0e7b2ea68e63b
2015-01-08 02:03 . 2015-01-08 02:06 -------- dc----w- C:\80f37e2564837500be
2015-01-07 15:24 . 2015-01-07 15:27 -------- dc----w- C:\43936e5f1939b65c5a6953e6
2015-01-07 00:08 . 2015-01-07 00:10 -------- dc----w- C:\f514b1ffda68a3a96d5c0bb2cf7e
2015-01-06 14:29 . 2015-01-06 14:29 0 -c--a-w- c:\windows\SysWow64\shoECC8.tmp
2015-01-06 14:27 . 2015-01-06 14:29 -------- dc----w- C:\e5f8571611fc9eb03290b00b33c2
2015-01-06 05:17 . 2015-01-06 05:17 0 -c--a-w- c:\windows\SysWow64\shoA273.tmp
2015-01-06 05:15 . 2015-01-06 05:16 -------- dc----w- C:\bc62b273202b2a2d3ba54f361f
2015-01-06 04:49 . 2015-01-06 04:49 -------- dc----w- c:\users\ms\AppData\Local\Skype
2015-01-06 04:49 . 2015-01-26 20:44 -------- dc----w- c:\users\ms\AppData\Roaming\Skype
2015-01-06 04:49 . 2015-01-06 04:49 -------- dc----w- c:\program files (x86)\Common Files\Skype
2015-01-06 04:49 . 2015-01-06 04:49 -------- dc----r- c:\program files (x86)\Skype
2015-01-06 04:48 . 2015-01-06 04:48 -------- dc----w- c:\programdata\Skype
2015-01-06 04:28 . 2015-01-06 04:30 -------- dc----w- C:\cb6b89e93d762edf5c06cdb5
2015-01-05 02:52 . 2015-01-05 02:55 -------- dc----w- C:\1822221633495573b8
2015-01-04 02:55 . 2015-01-04 02:57 -------- dc----w- C:\3e4c7b04819d2bc4d5487e9b1eb7fa
2015-01-03 11:23 . 2015-01-03 11:23 -------- dcsh--w- c:\users\ms\AppData\Local\EmieBrowserModeList
2015-01-03 02:10 . 2015-01-03 02:12 -------- dc----w- C:\1fb40d568f5ec3a269cf756119412132
2015-01-02 22:46 . 2015-01-02 22:48 -------- dc----w- C:\ce32657ca2cf6f6ecca3390055143a
2015-01-02 22:42 . 2015-01-02 22:42 -------- dc----w- c:\users\Marina\AppData\Roaming\PC-FAX TX
2015-01-02 04:25 . 2015-01-02 04:27 -------- dc----w- C:\5c40cdc0d5f45c5e97b658a30b
2015-01-01 21:28 . 2015-01-01 21:30 -------- dc----w- C:\07b9b2972ba5c9f28ae22bbe00126a1f
2015-01-01 05:07 . 2015-01-01 05:09 -------- dc----w- C:\220425c0a1578e921a9f67
2015-01-01 04:07 . 2015-01-01 04:07 0 -c--a-w- c:\windows\SysWow64\shoFEA7.tmp
2015-01-01 04:05 . 2015-01-01 04:06 -------- dc----w- C:\387e8b1d129a9244d6
2015-01-01 02:01 . 2015-01-01 02:03 -------- dc----w- C:\805116f115698068b3
2014-12-31 18:11 . 2014-12-31 18:13 -------- dc----w- c:\users\Marina\AppData\Roaming\Wise Registry Cleaner
2014-12-31 14:55 . 2014-12-31 14:55 -------- dc----w- c:\users\Marina\AppData\Local\Macromedia
2014-12-31 14:53 . 2014-12-31 14:53 -------- dc----w- c:\users\Marina\AppData\Local\Mozilla
2014-12-31 14:17 . 2014-12-31 14:23 -------- dc----w- C:\335610c6c8e09682eb6a797c
2014-12-31 04:11 . 2014-12-31 04:13 -------- dc----w- C:\edb757e063a3858ad4cd8526b755
2014-12-30 15:36 . 2014-12-30 15:41 -------- dc----w- C:\6e302748143f7779516b3c465ea39c
2014-12-30 02:01 . 2014-12-30 02:03 -------- dc----w- C:\c180fbd747f888624503
2014-12-29 02:09 . 2014-12-29 02:09 0 -c--a-w- c:\windows\SysWow64\sho969F.tmp
2014-12-29 02:01 . 2014-12-29 02:03 -------- dc----w- C:\910e892608bbb1491958
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-28 00:52 . 2011-08-17 00:03 45056 -c--a-w- c:\windows\system32\acovcnt.exe
2015-01-27 13:44 . 2012-09-20 10:43 701616 -c--a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-01-27 13:44 . 2012-06-24 07:45 71344 -c--a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-01-14 16:29 . 2011-11-11 15:07 113365784 -c--a-w- c:\windows\system32\MRT.exe
2015-01-08 08:55 . 2012-05-03 13:18 298120 -c----w- c:\windows\system32\MpSigStub.exe
2014-12-24 02:19 . 2014-12-24 02:19 0 -c--a-w- c:\windows\SysWow64\sho3820.tmp
2014-12-22 19:43 . 2014-12-22 19:43 0 -c--a-w- c:\windows\SysWow64\shoE793.tmp
2014-12-21 02:23 . 2014-12-21 02:23 0 -c--a-w- c:\windows\SysWow64\sho7EFB.tmp
2014-12-19 06:23 . 2014-12-18 20:45 144384 ----a-w- c:\windows\system32\ieUnatt.exe
2014-12-19 06:23 . 2014-12-18 20:45 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2014-12-12 02:20 . 2014-12-12 02:20 0 -c--a-w- c:\windows\SysWow64\shoAAB2.tmp
2014-12-11 00:50 . 2014-12-11 00:15 830976 ----a-w- c:\windows\system32\appraiser.dll
2014-12-11 00:50 . 2014-12-11 00:15 396800 ----a-w- c:\windows\system32\devinv.dll
2014-12-11 00:50 . 2014-12-11 00:15 1232040 ----a-w- c:\windows\system32\aitstatic.exe
2014-12-11 00:50 . 2014-12-11 00:15 741376 ----a-w- c:\windows\system32\invagent.dll
2014-12-11 00:50 . 2014-12-11 00:15 413184 ----a-w- c:\windows\system32\generaltel.dll
2014-12-11 00:50 . 2014-12-11 00:15 192000 ----a-w- c:\windows\system32\aepic.dll
2014-12-11 00:50 . 2014-12-11 00:15 1083392 ----a-w- c:\windows\system32\aeinv.dll
2014-12-11 00:50 . 2014-12-11 00:15 227328 ----a-w- c:\windows\system32\aepdu.dll
2014-12-11 00:38 . 2014-12-11 00:14 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-12-11 00:38 . 2014-12-11 00:14 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-12-11 00:35 . 2014-12-11 00:14 119296 ----a-w- c:\windows\system32\drivers\tdx.sys
2014-12-11 00:35 . 2014-12-11 00:14 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-12-11 00:35 . 2014-12-11 00:14 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2014-12-11 00:35 . 2014-12-11 00:14 114688 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-12-11 00:35 . 2014-12-11 00:14 77824 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-12-11 00:35 . 2014-12-11 00:14 718848 ----a-w- c:\windows\system32\ie4uinit.exe
2014-12-11 00:35 . 2014-12-11 00:14 60416 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-12-11 00:35 . 2014-12-11 00:14 34304 ----a-w- c:\windows\system32\iernonce.dll
2014-12-11 00:35 . 2014-12-11 00:14 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-12-11 00:35 . 2014-12-11 00:14 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-12-11 00:35 . 2014-12-11 00:14 968704 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-12-11 00:35 . 2014-12-11 00:14 62464 ----a-w- c:\windows\SysWow64\iesetup.dll
2014-12-11 00:35 . 2014-12-11 00:14 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2014-12-11 00:35 . 2014-12-11 00:14 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-12-11 00:35 . 2014-12-11 00:14 389296 ----a-w- c:\windows\system32\iedkcs32.dll
2014-12-11 00:35 . 2014-12-11 00:14 2052096 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2014-12-11 00:35 . 2014-12-11 00:14 1548288 ----a-w- c:\windows\system32\urlmon.dll
2014-12-11 00:35 . 2014-12-11 00:14 800768 ----a-w- c:\windows\system32\msfeeds.dll
2014-12-11 00:35 . 2014-12-11 00:14 316928 ----a-w- c:\windows\system32\dxtrans.dll
2014-12-11 00:35 . 2014-12-11 00:14 800768 ----a-w- c:\windows\system32\ieapfltr.dll
2014-12-11 00:35 . 2014-12-11 00:14 66560 ----a-w- c:\windows\system32\iesetup.dll
2014-12-11 00:35 . 2014-12-11 00:14 2125312 ----a-w- c:\windows\system32\inetcpl.cpl
2014-12-11 00:35 . 2014-12-11 00:14 501248 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-12-11 00:35 . 2014-12-11 00:14 4299264 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-12-11 00:35 . 2014-12-11 00:14 2885120 ----a-w- c:\windows\system32\iertutil.dll
2014-12-11 00:35 . 2014-12-11 00:14 1888256 ----a-w- c:\windows\SysWow64\wininet.dll
2014-12-11 00:35 . 2014-12-11 00:14 1155072 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2014-12-11 00:35 . 2014-12-11 00:14 64000 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2014-12-11 00:35 . 2014-12-11 00:14 54784 ----a-w- c:\windows\system32\jsproxy.dll
2014-12-11 00:35 . 2014-12-11 00:14 633856 ----a-w- c:\windows\system32\ieui.dll
2014-12-11 00:35 . 2014-12-11 00:14 490496 ----a-w- c:\windows\system32\dxtmsft.dll
2014-12-11 00:35 . 2014-12-11 00:14 92160 ----a-w- c:\windows\system32\mshtmled.dll
2014-12-11 00:35 . 2014-12-11 00:14 14412800 ----a-w- c:\windows\system32\ieframe.dll
2014-12-11 00:35 . 2014-12-11 00:14 1359360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-12-11 00:35 . 2014-12-11 00:14 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2014-12-11 00:35 . 2014-12-11 00:14 6039552 ----a-w- c:\windows\system32\jscript9.dll
2014-12-11 00:35 . 2014-12-11 00:14 580096 ----a-w- c:\windows\system32\vbscript.dll
2014-12-11 00:35 . 2014-12-11 00:14 2358272 ----a-w- c:\windows\system32\wininet.dll
2014-12-11 00:35 . 2014-12-11 00:14 88064 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-12-11 00:35 . 2014-12-11 00:14 25059840 ----a-w- c:\windows\system32\mshtml.dll
2014-12-11 00:35 . 2014-12-11 00:14 199680 ----a-w- c:\windows\system32\msrating.dll
2014-12-11 00:34 . 2014-12-11 00:34 55808 ----a-w- c:\windows\system32\rrinstaller.exe
2014-12-11 00:34 . 2014-12-11 00:34 50176 ----a-w- c:\windows\SysWow64\rrinstaller.exe
2014-12-11 00:34 . 2014-12-11 00:34 3209728 ----a-w- c:\windows\SysWow64\mf.dll
2014-12-11 00:34 . 2014-12-11 00:34 24576 ----a-w- c:\windows\system32\mfpmp.exe
2014-12-11 00:34 . 2014-12-11 00:34 23040 ----a-w- c:\windows\SysWow64\mfpmp.exe
2014-12-11 00:34 . 2014-12-11 00:34 206848 ----a-w- c:\windows\system32\mfps.dll
2014-12-11 00:34 . 2014-12-11 00:34 2048 ----a-w- c:\windows\SysWow64\mferror.dll
2014-12-11 00:34 . 2014-12-11 00:34 2048 ----a-w- c:\windows\system32\mferror.dll
2014-12-11 00:34 . 2014-12-11 00:34 103424 ----a-w- c:\windows\SysWow64\mfps.dll
2014-12-11 00:34 . 2014-12-11 00:34 4121600 ----a-w- c:\windows\system32\mf.dll
2014-12-11 00:32 . 2014-12-11 00:11 165888 ----a-w- c:\windows\system32\charmap.exe
2014-12-11 00:32 . 2014-12-11 00:11 155136 ----a-w- c:\windows\SysWow64\charmap.exe
2014-12-11 00:31 . 2014-12-11 00:11 2020352 ----a-w- c:\windows\system32\WsmSvc.dll
2014-12-11 00:31 . 2014-12-11 00:11 1177088 ----a-w- c:\windows\SysWow64\WsmSvc.dll
2014-12-11 00:31 . 2014-12-11 00:11 346624 ----a-w- c:\windows\system32\WSManMigrationPlugin.dll
2014-12-11 00:31 . 2014-12-11 00:11 310272 ----a-w- c:\windows\system32\WsmWmiPl.dll
2014-12-11 00:31 . 2014-12-11 00:11 266240 ----a-w- c:\windows\system32\WSManHTTPConfig.exe
2014-12-11 00:31 . 2014-12-11 00:11 248832 ----a-w- c:\windows\SysWow64\WSManMigrationPlugin.dll
2014-12-11 00:31 . 2014-12-11 00:11 214016 ----a-w- c:\windows\SysWow64\WsmWmiPl.dll
2014-12-11 00:31 . 2014-12-11 00:11 198656 ----a-w- c:\windows\SysWow64\WSManHTTPConfig.exe
2014-12-11 00:31 . 2014-12-11 00:11 181248 ----a-w- c:\windows\system32\WsmAuto.dll
2014-12-11 00:31 . 2014-12-11 00:11 145920 ----a-w- c:\windows\SysWow64\WsmAuto.dll
2014-12-11 00:31 . 2014-12-11 00:11 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-12-11 00:31 . 2014-12-11 00:11 2048 ----a-w- c:\windows\system32\tzres.dll
2014-12-04 02:30 . 2014-12-04 02:30 0 -c--a-w- c:\windows\SysWow64\sho62E6.tmp
2014-12-04 02:07 . 2014-12-03 13:04 7168 ----a-w- c:\windows\SysWow64\KBDYAK.DLL
2014-12-04 02:07 . 2014-12-03 13:04 7168 ----a-w- c:\windows\system32\KBDYAK.DLL
2014-12-04 02:07 . 2014-12-03 13:04 7168 ----a-w- c:\windows\system32\KBDTAT.DLL
2014-12-04 02:07 . 2014-12-03 13:04 7168 ----a-w- c:\windows\system32\KBDRU1.DLL
2014-12-04 02:07 . 2014-12-03 13:04 7168 ----a-w- c:\windows\system32\KBDBASH.DLL
2014-12-04 02:07 . 2014-12-03 13:04 6656 ----a-w- c:\windows\SysWow64\KBDBASH.DLL
2014-12-04 02:07 . 2014-12-03 13:04 6656 ----a-w- c:\windows\system32\KBDRU.DLL
2014-12-03 12:45 . 2014-12-03 12:45 0 -c--a-w- c:\windows\SysWow64\shoAA5B.tmp
2014-12-02 19:47 . 2014-12-01 13:11 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-12-02 19:47 . 2014-12-01 13:11 683520 ----a-w- c:\windows\system32\termsrv.dll
2014-12-02 19:47 . 2014-12-01 13:11 681984 ----a-w- c:\windows\SysWow64\adtschema.dll
2014-12-02 19:47 . 2014-12-01 13:11 681984 ----a-w- c:\windows\system32\adtschema.dll
2014-12-02 19:47 . 2014-12-01 13:11 155064 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]
"PaperPort PTD"="c:\program files (x86)\ScanSoft\PaperPort\pptd40nt.exe" [2004-03-09 57393]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-01-17 421888]
"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2014-07-04 191528]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2014-11-05 295512]
.
c:\users\ms\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
FRITZ!DSL Startcenter.lnk - c:\users\ms\AppData\Roaming\Microsoft\Installer\{2D5D9603-22CF-4B99-83F6-0CD20330F62E}\Icon8CF9C550.exe [2012-4-4 80896]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FRITZ!DSL Protect.lnk - c:\program files\FRITZ!DSL\FwebProt.exe [2009-4-17 1105208]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE"
"ATKMEDIA"=c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 ipswuio;ipswuio;c:\windows\system32\DRIVERS\ipswuio.sys;c:\windows\SYSNATIVE\DRIVERS\ipswuio.sys [x]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 assd;assd; [x]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys;c:\windows\SYSNATIVE\DRIVERS\fltsrv.sys [x]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys;c:\windows\SYSNATIVE\DRIVERS\lullaby.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys;c:\windows\SYSNATIVE\DRIVERS\vididr.sys [x]
S0 vidsflt67;Acronis Disk Storage Filter (67);c:\windows\system32\DRIVERS\vsflt67.sys;c:\windows\SYSNATIVE\DRIVERS\vsflt67.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 IGDCTRL;AVM IGD CTRL Service;c:\program files\FRITZ!DSL\IGDCTRL.EXE;c:\program files\FRITZ!DSL\IGDCTRL.EXE [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 syncagentsrv;Acronis Sync Agent Service;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys;c:\windows\SYSNATIVE\DRIVERS\afcdp.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys;c:\windows\SYSNATIVE\DRIVERS\JME.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-09-26 12:03 1096520 -c--a-w- c:\program files (x86)\Google\Chrome\Application\37.0.2062.124\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-12-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-11 17:36]
.
2014-12-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-11 17:36]
.
2015-01-12 c:\windows\Tasks\Wise Registry Cleaner Schedule Task.job
- c:\program files (x86)\Wise\Wise Registry Cleaner\WiseRegCleaner.exe [2012-06-30 09:21]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-04-28 307768]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-10 167704]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 1331288]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2010-06-22 253288]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
LSP: %ProgramFiles%\FRITZ!DSL\\sarah.dll
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\ms\AppData\Roaming\Mozilla\Firefox\Profiles\b8qlvk6x.default-1417579723982\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
ShellIconOverlayIdentifiers- - (no file)
ShellIconOverlayIdentifiers- - (no file)
ShellIconOverlayIdentifiers- - (no file)
HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
"Key"="ActionsPane3"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
c:\windows\AsScrPro.exe
c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe
c:\program files (x86)\ASUS\ControlDeck\ControlDeck.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-01-28 01:59:11 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2015-01-28 00:59
.
Vor Suchlauf: 92 Verzeichnis(se), 41.876.635.648 Bytes frei
Nach Suchlauf: 100 Verzeichnis(se), 41.392.832.512 Bytes frei
.
- - End Of File - - 195CC70D5D4421CF58C7501159EBFCF8
Geändert von moona (28.01.2015 um 02:13 Uhr) |
|
28.01.2015, 12:42
| #9 |
| /// the machine /// TB-Ausbilder | Quickstart eingefangen, Systemwiederherstellung gemacht, PC sehr langsam Das es nur halb so wild is. Noch bissl Adware. Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
28.01.2015, 18:08
| #10 |
| | Quickstart eingefangen, Systemwiederherstellung gemacht, PC sehr langsamCode:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 28.01.2015 Suchlauf-Zeit: 17:18:02 Logdatei: Administrator: Ja Version: 2.00.4.1028 Malware Datenbank: v2015.01.28.07 Rootkit Datenbank: v2015.01.14.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: ms Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 416358 Verstrichene Zeit: 22 Min, 16 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Tiefer Rootkit-Suchlauf: Aktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 0 (Keine schädliche Elemente erkannt) Registrierungswerte: 0 (Keine schädliche Elemente erkannt) Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 0 (Keine schädliche Elemente erkannt) Dateien: 0 (Keine schädliche Elemente erkannt) Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) Code:
ATTFilter # AdwCleaner v4.109 - Bericht erstellt am 28/01/2015 um 17:50:48
# Aktualisiert 24/01/2015 von Xplode
# Database : 2015-01-26.1 [Live]
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : ms - KLEOPATRA
# Gestartet von : C:\Users\ms\Downloads\Firefox\AdwCleaner_4.109.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17496
-\\ Mozilla Firefox v35.0.1 (x86 de)
-\\ Google Chrome v
-\\ Opera v25.0.1614.68
*************************
AdwCleaner[R0].txt - [7332 octets] - [08/01/2015 19:07:14]
AdwCleaner[R1].txt - [7392 octets] - [12/01/2015 08:42:19]
AdwCleaner[R2].txt - [2609 octets] - [27/01/2015 10:28:14]
AdwCleaner[R3].txt - [1135 octets] - [27/01/2015 12:12:19]
AdwCleaner[R4].txt - [1199 octets] - [28/01/2015 17:48:09]
AdwCleaner[S0].txt - [7836 octets] - [12/01/2015 09:16:53]
AdwCleaner[S1].txt - [3061 octets] - [27/01/2015 10:32:50]
AdwCleaner[S2].txt - [1121 octets] - [28/01/2015 17:50:48]
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1181 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Professional x64
Ran by ms on 28.01.2015 at 17:59:12,47
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\ms\AppData\Roaming\mozilla\firefox\profiles\b8qlvk6x.default-1417579723982\minidumps [1 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 28.01.2015 at 18:03:57,87
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
und warum scheitert das Sicherheitsupdate von Microsoft? |
|
28.01.2015, 18:53
| #11 |
| /// the machine /// TB-Ausbilder | Quickstart eingefangen, Systemwiederherstellung gemacht, PC sehr langsamESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
29.01.2015, 06:03
| #12 |
| | Quickstart eingefangen, Systemwiederherstellung gemacht, PC sehr langsamCode:
ATTFilter C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\MUServer.apk.vir Variante von Android/Mobserv.A evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\ver5BlockAndSurf\j6BlockAndSurfZ54.exe_rm_.vir Variante von Win32/Adware.AddLyrics.DN Anwendung
C:\Users\ms\Downloads\pcbeschleunigen_e1c19d3adc4c46ad89317768d7a8cdec_.exe Variante von Win32/Speedchecker.B evtl. unerwünschte Anwendung
C:\Users\ms\Downloads\ccleaner\CCleaner - CHIP-Downloader.exe Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung
C:\Users\ms\Downloads\daemon tools\DTLite4471-0333.exe Win32/DownWare.L evtl. unerwünschte Anwendung
C:\Users\ms\Downloads\DIVX\Afreecodec_downloader_For_K_Lite_Mega_Codec_Pack.exe Variante von Win32/BSDownloader evtl. unerwünschte Anwendung
C:\Users\ms\Downloads\Free Studio\FreeAudioCDToMP3Converter.exe Win32/Toolbar.Conduit evtl. unerwünschte Anwendung
C:\Users\ms\Downloads\Free Studio\FreeDiscBurner.exe Win32/Toolbar.Conduit evtl. unerwünschte Anwendung
C:\Users\ms\Downloads\Ghostery..stoppt Skripts\ghostery-5.1.2-sm_fx_an.xpi - CHIP-Downloader.exe Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung
C:\Users\ms\Downloads\Mediathekendownload\MediathekView - CHIP-Downloader.exe Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung
C:\Users\ms\Downloads\Segmenti_Silbentrennung\TVSetup.exe Win32/Toolbar.Inbox.A evtl. unerwünschte Anwendung
C:\Users\ms\Downloads\Wörterbuch Türkisch\LingoPad - CHIP-Installer.exe Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung
D:\KLEOPATRA\Backup Set 2015-01-18 220916\Backup Files 2015-01-18 220916\Backup files 8.zip Variante von Win32/Speedchecker.B evtl. unerwünschte Anwendung
D:\KLEOPATRA\Backup Set 2015-01-26 000040\Backup Files 2015-01-26 000040\Backup files 10.zip Win32/DownWare.L evtl. unerwünschte Anwendung
D:\KLEOPATRA\Backup Set 2015-01-26 000040\Backup Files 2015-01-26 000040\Backup files 11.zip Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung
D:\KLEOPATRA\Backup Set 2015-01-26 000040\Backup Files 2015-01-26 000040\Backup files 12.zip Win32/Toolbar.Inbox.A evtl. unerwünschte Anwendung
D:\KLEOPATRA\Backup Set 2015-01-26 000040\Backup Files 2015-01-26 000040\Backup files 13.zip Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung
D:\KLEOPATRA\Backup Set 2015-01-26 000040\Backup Files 2015-01-26 000040\Backup files 8.zip Variante von Win32/Speedchecker.B evtl. unerwünschte Anwendung
D:\KLEOPATRA\Backup Set 2015-01-26 000040\Backup Files 2015-01-26 000040\Backup files 9.zip Win32/InstallMonetizer.BB evtl. unerwünschte Anwendung
D:\KLEOPATRA\Backup Set 2015-01-26 215945\Backup Files 2015-01-26 225543\Backup files 10.zip Win32/Toolbar.Inbox.A evtl. unerwünschte Anwendung
D:\KLEOPATRA\Backup Set 2015-01-26 215945\Backup Files 2015-01-26 225543\Backup files 11.zip Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung
D:\KLEOPATRA\Backup Set 2015-01-26 215945\Backup Files 2015-01-26 225543\Backup files 6.zip Variante von Win32/Speedchecker.B evtl. unerwünschte Anwendung
D:\KLEOPATRA\Backup Set 2015-01-26 215945\Backup Files 2015-01-26 225543\Backup files 7.zip Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung
D:\KLEOPATRA\Backup Set 2015-01-26 215945\Backup Files 2015-01-26 225543\Backup files 8.zip Win32/DownWare.L evtl. unerwünschte Anwendung
D:\KLEOPATRA\Backup Set 2015-01-26 215945\Backup Files 2015-01-26 225543\Backup files 9.zip Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung
Auf "Programme" kann ich nicht mehr zugreifen um den Ordner zu löschen, ( weil der Explorer abstürzt? ) Wenn ich "Programme" oder "Programme(*86) anklicke, lande ich sofort wieder auf dem Desktop. Ein ähnliches Phänomen hatte ich bereits vor einigen Tagen, war dann aber wieder verschwunden. Was soll ich tun? Trotzdem noch "Security Check" starten? Geändert von moona (29.01.2015 um 06:38 Uhr) |
|
29.01.2015, 12:12
| #13 |
| /// the machine /// TB-Ausbilder | Quickstart eingefangen, Systemwiederherstellung gemacht, PC sehr langsam Ja, und das frische FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
29.01.2015, 20:39
| #14 |
| | Quickstart eingefangen, Systemwiederherstellung gemacht, PC sehr langsamCode:
ATTFilter Results of screen317's Security Check version 0.99.95
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Microsoft Security Essentials
(On Access scanning disabled!)
Error obtaining update status for antivirus!
`````````Anti-malware/Other Utilities Check:`````````
SpywareBlaster 5.0
Wise Registry Cleaner 8.31
JavaFX 2.1.1
Java 7 Update 17
Java version 32-bit out of Date!
Java 64-bit 8 Update 31
Adobe Flash Player 16.0.0.296
Adobe Reader XI
Mozilla Firefox (35.0.1)
Google Chrome 36.0.1985.143 Google Chrome out of date!
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
)Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Professional x64
Ran by ms on 29.01.2015 at 13:34:30,44
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29.01.2015 at 13:38:34,83
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-01-2015
Ran by ms (administrator) on KLEOPATRA on 29-01-2015 13:43:01
Running from C:\Users\ms\Downloads\Firefox\Neuer Ordner
Loaded Profiles: ms (Available profiles: ms & Marina)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(AVM Berlin) C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
() C:\Program Files\ASUS\ASUS Secure Delete\ADDEL.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(ASUS) C:\Program Files\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS CopyProtect\ASPG.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(AVM Berlin) C:\Program Files\FRITZ!DSL\FwebProt.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(ScanSoft, Inc.) C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(ASUS) C:\Windows\AsScrPro.exe
(Apple Inc.) C:\Program Files (x86)\QuickTime\QTTask.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(AVM Berlin) C:\Program Files\FRITZ!DSL\StCenter.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(asus) C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Users\ms\Downloads\Firefox\Neuer Ordner\SecurityCheck.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Thisisu) C:\Users\ms\Downloads\Firefox\JRT.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2010-04-28] ()
HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-06-10] (ELAN Microelectronic Corp.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-24] ()
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [57393 2004-03-09] (ScanSoft, Inc.)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [191528 2014-07-04] (Geek Software GmbH)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2014-11-05] (RealNetworks, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-348309450-1816809450-22596906-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Protect.lnk
ShortcutTarget: FRITZ!DSL Protect.lnk -> C:\Program Files\FRITZ!DSL\FwebProt.exe (AVM Berlin)
Startup: C:\Users\ms\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Startcenter.lnk
ShortcutTarget: FRITZ!DSL Startcenter.lnk -> C:\Users\ms\AppData\Roaming\Microsoft\Installer\{2D5D9603-22CF-4B99-83F6-0CD20330F62E}\Icon8CF9C550.exe ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-348309450-1816809450-22596906-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
HKU\S-1-5-21-348309450-1816809450-22596906-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-348309450-1816809450-22596906-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Winsock: Catalog5 10 C:\Program Files (x86)\FRITZ!DSL\\sarah.dll [28472] (AVM Berlin)
Winsock: Catalog9 01 C:\Program Files (x86)\FRITZ!DSL\\sarah.dll [28472] (AVM Berlin)
Winsock: Catalog9 02 C:\Program Files (x86)\FRITZ!DSL\\sarah.dll [28472] (AVM Berlin)
Winsock: Catalog9 03 C:\Program Files (x86)\FRITZ!DSL\\sarah.dll [28472] (AVM Berlin)
Winsock: Catalog9 15 C:\Program Files (x86)\FRITZ!DSL\\sarah.dll [28472] (AVM Berlin)
Winsock: Catalog5-x64 10 C:\Program Files\FRITZ!DSL\\sarah.dll [34104] (AVM Berlin)
Winsock: Catalog9-x64 01 C:\Program Files\FRITZ!DSL\\sarah.dll [34104] (AVM Berlin)
Winsock: Catalog9-x64 02 C:\Program Files\FRITZ!DSL\\sarah.dll [34104] (AVM Berlin)
Winsock: Catalog9-x64 03 C:\Program Files\FRITZ!DSL\\sarah.dll [34104] (AVM Berlin)
Winsock: Catalog9-x64 15 C:\Program Files\FRITZ!DSL\\sarah.dll [34104] (AVM Berlin)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\ms\AppData\Roaming\Mozilla\Firefox\Profiles\b8qlvk6x.default-1417579723982
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-348309450-1816809450-22596906-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF Extension: NoScript - C:\Users\ms\AppData\Roaming\Mozilla\Firefox\Profiles\b8qlvk6x.default-1417579723982\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-12-03]
FF Extension: eCleaner - C:\Users\ms\AppData\Roaming\Mozilla\Firefox\Profiles\b8qlvk6x.default-1417579723982\Extensions\{c72c0c73-4eb0-4fb3-af0f-074e97326cfd}.xpi [2015-01-26]
FF Extension: Adblock Plus - C:\Users\ms\AppData\Roaming\Mozilla\Firefox\Profiles\b8qlvk6x.default-1417579723982\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-03]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-11-05]
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
Chrome:
=======
CHR Profile: C:\Users\ms\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (RealDownloader) - C:\Users\ms\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-03-06]
CHR Extension: (Google Wallet) - C:\Users\ms\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-15]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AFBAgent; C:\Windows\system32\FBAgent.exe [377264 2010-09-30] (ASUSTeK Computer Inc.) [File not signed]
R2 IGDCTRL; C:\Program Files\FRITZ!DSL\IGDCTRL.EXE [88888 2009-07-28] (AVM Berlin)
R2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-10-01] (Intel Corporation) [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2314240 2009-10-01] (Intel Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-07-14] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R0 assd; C:\Windows\System32\Drivers\assd.sys [27264 2010-04-28] (ASUS Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-10-02] (DT Soft Ltd)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1800192 2009-08-20] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-10-02] (Duplex Secure Ltd.)
U3 af9h1m4f; C:\Windows\System32\Drivers\af9h1m4f.sys [0 ] (JMicron Technology Corporation) <==== ATTENTION (zero size file/folder)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 ipswuio; System32\DRIVERS\ipswuio.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-29 13:38 - 2015-01-29 13:38 - 00000622 ____C () C:\Users\ms\Desktop\JRT.txt
2015-01-28 17:17 - 2015-01-28 17:17 - 00129752 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-28 17:16 - 2015-01-28 17:16 - 00001100 ____C () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-28 17:16 - 2015-01-28 17:16 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-01-28 17:16 - 2015-01-28 17:16 - 00000000 ___DC () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-01-28 17:16 - 2014-11-21 06:14 - 00093400 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-28 17:16 - 2014-11-21 06:14 - 00063704 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-28 17:16 - 2014-11-21 06:14 - 00025816 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-28 02:19 - 2015-01-28 02:21 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-28 02:19 - 2015-01-28 02:20 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-01-28 02:19 - 2015-01-28 02:20 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-01-28 01:59 - 2015-01-28 01:59 - 00032331 ____C () C:\ComboFix.txt
2015-01-28 01:32 - 2015-01-28 01:59 - 00000000 ___DC () C:\Qoobox
2015-01-28 01:32 - 2011-06-26 07:45 - 00256000 ____C () C:\Windows\PEV.exe
2015-01-28 01:32 - 2010-11-07 18:20 - 00208896 ____C () C:\Windows\MBR.exe
2015-01-28 01:32 - 2009-04-20 05:56 - 00060416 ____C (NirSoft) C:\Windows\NIRCMD.exe
2015-01-28 01:32 - 2000-08-31 01:00 - 00518144 ____C (SteelWerX) C:\Windows\SWREG.exe
2015-01-28 01:32 - 2000-08-31 01:00 - 00406528 ____C (SteelWerX) C:\Windows\SWSC.exe
2015-01-28 01:32 - 2000-08-31 01:00 - 00098816 ____C () C:\Windows\sed.exe
2015-01-28 01:32 - 2000-08-31 01:00 - 00080412 ____C () C:\Windows\grep.exe
2015-01-28 01:32 - 2000-08-31 01:00 - 00068096 ____C () C:\Windows\zip.exe
2015-01-28 01:31 - 2015-01-28 01:55 - 00000000 ___DC () C:\Windows\erdnt
2015-01-27 19:46 - 2015-01-27 19:46 - 00000000 ____C () C:\Windows\SysWOW64\shoC61C.tmp
2015-01-27 19:44 - 2015-01-27 19:44 - 00000000 ___DC () C:\3a7f6e15900cee526f1fbc
2015-01-27 19:40 - 2015-01-27 19:40 - 00000000 ___DC () C:\Users\ms\Downloads\windows updates störungsfreier
2015-01-27 18:44 - 2015-01-27 18:45 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-01-27 18:44 - 2015-01-27 18:45 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-01-27 16:15 - 2015-01-27 16:16 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2015-01-27 16:15 - 2015-01-27 16:16 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2015-01-27 16:15 - 2015-01-27 16:16 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-01-27 16:15 - 2015-01-27 16:16 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-01-27 16:15 - 2015-01-27 16:16 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-01-27 16:15 - 2015-01-27 16:16 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-01-27 16:15 - 2015-01-27 16:16 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2015-01-27 16:15 - 2015-01-27 16:16 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2015-01-27 16:15 - 2015-01-27 16:16 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-01-27 16:15 - 2015-01-27 16:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2015-01-27 16:15 - 2015-01-27 16:16 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2015-01-27 16:15 - 2015-01-27 16:16 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2015-01-27 16:15 - 2015-01-27 16:16 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2015-01-27 16:15 - 2015-01-27 16:16 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2015-01-27 16:15 - 2015-01-27 16:16 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2015-01-27 16:11 - 2015-01-27 16:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-01-27 16:11 - 2015-01-27 16:13 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2015-01-27 16:11 - 2015-01-27 16:13 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2015-01-27 16:11 - 2015-01-27 16:13 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2015-01-27 16:11 - 2012-08-23 15:08 - 00030208 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
2015-01-27 16:07 - 2015-01-27 16:17 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2015-01-27 16:06 - 2015-01-27 16:17 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2015-01-27 15:21 - 2015-01-29 12:48 - 00000672 ____C () C:\Windows\setupact.log
2015-01-27 15:21 - 2015-01-28 17:52 - 00001804 ____C () C:\Windows\PFRO.log
2015-01-27 15:21 - 2015-01-27 15:21 - 00437400 ____C () C:\Windows\system32\FNTCACHE.DAT
2015-01-27 15:21 - 2015-01-27 15:21 - 00000000 ____C () C:\Windows\setuperr.log
2015-01-27 14:07 - 2015-01-28 01:28 - 00000000 ___DC () C:\Program Files (x86)\SpywareBlaster
2015-01-27 14:07 - 2015-01-27 14:07 - 00001077 ____C () C:\Users\Public\Desktop\SpywareBlaster.lnk
2015-01-27 14:07 - 2015-01-27 14:07 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2015-01-27 14:07 - 2015-01-27 14:07 - 00000000 ___DC () C:\ProgramData\Licenses
2015-01-27 13:24 - 2015-01-27 13:24 - 00001191 ____C () C:\Users\ms\Desktop\JRT - Verknüpfung.lnk
2015-01-27 13:12 - 2015-01-27 13:12 - 00000000 ___DC () C:\Windows\ERUNT
2015-01-27 12:45 - 2015-01-29 13:43 - 00000000 ___DC () C:\FRST
2015-01-27 11:08 - 2015-01-27 11:08 - 00120320 ____C () C:\Users\ms\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-27 10:52 - 2015-01-27 10:52 - 00000000 ___DC () C:\ProgramData\Malwarebytes
2015-01-26 23:09 - 2015-01-26 23:14 - 00002119 ____C () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-01-26 23:09 - 2015-01-26 23:14 - 00001912 ____C () C:\Windows\epplauncher.mif
2015-01-26 23:08 - 2015-01-26 23:13 - 00000000 ___DC () C:\Program Files (x86)\Microsoft Security Client
2015-01-26 23:07 - 2015-01-26 23:14 - 00000000 ___DC () C:\Program Files\Microsoft Security Client
2015-01-26 22:29 - 2015-01-26 22:29 - 00000000 ____C () C:\Windows\SysWOW64\sho9EF.tmp
2015-01-26 22:18 - 2015-01-26 22:20 - 00000000 ___DC () C:\Program Files (x86)\Mozilla Firefox
2015-01-26 19:11 - 2015-01-26 19:11 - 00000000 ____C () C:\autoexec.bat
2015-01-26 19:10 - 2015-01-26 19:10 - 00000000 ___DC () C:\sh4ldr
2015-01-26 19:09 - 2015-01-26 19:09 - 00000000 ___DC () C:\Program Files\Enigma Software Group
2015-01-23 15:26 - 2015-01-26 21:47 - 00000000 ___DC () C:\FreeOCR
2015-01-22 21:28 - 2015-01-26 21:46 - 00000000 ___DC () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-01-22 21:28 - 2015-01-26 21:46 - 00000000 ___DC () C:\Program Files\iTunes
2015-01-22 21:28 - 2015-01-26 21:46 - 00000000 ___DC () C:\Program Files (x86)\iTunes
2015-01-22 21:28 - 2015-01-22 21:28 - 00000000 ___DC () C:\Program Files\iPod
2015-01-22 21:18 - 2015-01-22 21:28 - 00000000 ___DC () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2015-01-22 21:16 - 2015-01-26 21:47 - 00000000 ___DC () C:\Program Files (x86)\Bonjour
2015-01-22 21:16 - 2015-01-26 21:46 - 00000000 ___DC () C:\Program Files\Bonjour
2015-01-22 15:38 - 2015-01-22 15:38 - 00000000 ____C () C:\Windows\SysWOW64\shoD692.tmp
2015-01-20 20:18 - 2015-01-20 20:18 - 00000000 ____C () C:\Windows\SysWOW64\sho97FF.tmp
2015-01-20 14:37 - 2015-01-20 14:37 - 00000000 ___DC () C:\Users\Default\AppData\Roaming\Real
2015-01-20 14:37 - 2015-01-20 14:37 - 00000000 ___DC () C:\Users\Default User\AppData\Roaming\Real
2015-01-14 12:43 - 2015-01-14 17:38 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 12:43 - 2015-01-14 17:38 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 12:43 - 2015-01-14 17:38 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 12:43 - 2015-01-14 17:38 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-14 12:42 - 2015-01-14 17:38 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 12:37 - 2015-01-14 17:38 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 12:37 - 2015-01-14 17:38 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 12:37 - 2015-01-14 17:38 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 12:37 - 2015-01-14 17:38 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 12:37 - 2015-01-14 17:38 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 12:37 - 2015-01-14 17:38 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 12:37 - 2015-01-14 17:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 03:31 - 2015-01-14 03:31 - 00000000 ____C () C:\Windows\SysWOW64\sho72C1.tmp
2015-01-13 03:18 - 2015-01-13 03:18 - 00000000 ____C () C:\Windows\SysWOW64\shoD0BA.tmp
2015-01-12 09:28 - 2015-01-12 09:28 - 00000355 ____C () C:\Users\ms\Documents\Computer - Verknüpfung.lnk
2015-01-12 03:15 - 2015-01-12 03:15 - 00000000 ____C () C:\Windows\SysWOW64\sho83A.tmp
2015-01-11 19:31 - 2015-01-22 15:28 - 00000000 ___DC () C:\Users\ms\AppData\Roaming\WiseUpdate
2015-01-11 04:32 - 2015-01-11 04:33 - 00000000 ___DC () C:\afd82bc8219b0339f691aaa3fe6fd92e
2015-01-11 03:24 - 2015-01-11 03:26 - 00000000 ___DC () C:\e3e395ec3b549020b4354be2
2015-01-11 03:02 - 2015-01-11 03:04 - 00000000 ___DC () C:\a7a4e9af4fb6ec59e01508676f96de14
2015-01-10 03:05 - 2015-01-10 03:07 - 00000000 ___DC () C:\9b07d5d3e7a75a14c52ebd91
2015-01-09 10:43 - 2015-01-09 13:43 - 00011469 _____ () C:\Users\ms\Documents\0109_Teilnehmerliste.xlsx
2015-01-09 10:30 - 2015-01-09 10:31 - 00011373 _____ () C:\Users\ms\Documents\0901_Teilnehmerliste.xlsx
2015-01-09 03:02 - 2015-01-09 03:04 - 00000000 ___DC () C:\ef4261d189143e43de74b3bcadaa0c02
2015-01-09 01:23 - 2015-01-09 10:29 - 00011194 _____ () C:\Users\ms\Documents\Teilnehmerliste.xlsx
2015-01-08 18:43 - 2015-01-28 17:50 - 00000000 ___DC () C:\AdwCleaner
2015-01-08 12:34 - 2015-01-08 12:36 - 00000000 ___DC () C:\5eaf4e3b1df9bcb06a140e7579e784
2015-01-08 04:41 - 2015-01-08 04:43 - 00000000 ___DC () C:\ba3d6355d0e7b2ea68e63b
2015-01-08 03:03 - 2015-01-08 03:06 - 00000000 ___DC () C:\80f37e2564837500be
2015-01-07 16:24 - 2015-01-07 16:27 - 00000000 ___DC () C:\43936e5f1939b65c5a6953e6
2015-01-07 01:08 - 2015-01-07 01:10 - 00000000 ___DC () C:\f514b1ffda68a3a96d5c0bb2cf7e
2015-01-06 15:29 - 2015-01-06 15:29 - 00000000 ____C () C:\Windows\SysWOW64\shoECC8.tmp
2015-01-06 15:27 - 2015-01-06 15:29 - 00000000 ___DC () C:\e5f8571611fc9eb03290b00b33c2
2015-01-06 06:17 - 2015-01-06 06:17 - 00000000 ____C () C:\Windows\SysWOW64\shoA273.tmp
2015-01-06 06:15 - 2015-01-06 06:16 - 00000000 ___DC () C:\bc62b273202b2a2d3ba54f361f
2015-01-06 05:49 - 2015-01-29 05:50 - 00000000 ___DC () C:\Users\ms\AppData\Roaming\Skype
2015-01-06 05:49 - 2015-01-28 18:08 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-01-06 05:49 - 2015-01-06 05:49 - 00002141 ____C () C:\Users\ms\Desktop\Skype.lnk
2015-01-06 05:49 - 2015-01-06 05:49 - 00000000 __RDC () C:\Program Files (x86)\Skype
2015-01-06 05:49 - 2015-01-06 05:49 - 00000000 ___DC () C:\Users\ms\AppData\Local\Skype
2015-01-06 05:48 - 2015-01-06 05:48 - 00000000 ___DC () C:\ProgramData\Skype
2015-01-06 05:44 - 2015-01-06 05:46 - 00000000 ___DC () C:\Users\ms\Downloads\skype
2015-01-06 05:28 - 2015-01-06 05:30 - 00000000 ___DC () C:\cb6b89e93d762edf5c06cdb5
2015-01-05 03:52 - 2015-01-05 03:55 - 00000000 ___DC () C:\1822221633495573b8
2015-01-04 03:55 - 2015-01-04 03:57 - 00000000 ___DC () C:\3e4c7b04819d2bc4d5487e9b1eb7fa
2015-01-03 12:23 - 2015-01-03 12:23 - 00000000 _SHDC () C:\Users\ms\AppData\Local\EmieBrowserModeList
2015-01-03 03:10 - 2015-01-03 03:12 - 00000000 ___DC () C:\1fb40d568f5ec3a269cf756119412132
2015-01-02 23:46 - 2015-01-02 23:48 - 00000000 ___DC () C:\ce32657ca2cf6f6ecca3390055143a
2015-01-02 23:42 - 2015-01-02 23:42 - 00000000 ___DC () C:\Users\Marina\AppData\Roaming\PC-FAX TX
2015-01-02 05:25 - 2015-01-02 05:27 - 00000000 ___DC () C:\5c40cdc0d5f45c5e97b658a30b
2015-01-01 22:28 - 2015-01-01 22:30 - 00000000 ___DC () C:\07b9b2972ba5c9f28ae22bbe00126a1f
2015-01-01 06:07 - 2015-01-01 06:09 - 00000000 ___DC () C:\220425c0a1578e921a9f67
2015-01-01 05:07 - 2015-01-01 05:07 - 00000000 ____C () C:\Windows\SysWOW64\shoFEA7.tmp
2015-01-01 05:05 - 2015-01-01 05:06 - 00000000 ___DC () C:\387e8b1d129a9244d6
2015-01-01 03:01 - 2015-01-01 03:03 - 00000000 ___DC () C:\805116f115698068b3
2014-12-31 19:11 - 2014-12-31 19:13 - 00000000 ___DC () C:\Users\Marina\AppData\Roaming\Wise Registry Cleaner
2014-12-31 15:55 - 2014-12-31 15:55 - 00000000 ___DC () C:\Users\Marina\AppData\Roaming\Macromedia
2014-12-31 15:55 - 2014-12-31 15:55 - 00000000 ___DC () C:\Users\Marina\AppData\Local\Macromedia
2014-12-31 15:53 - 2015-01-18 02:48 - 00008234 ____C () C:\Users\Marina\DesktopStCenter.txt
2014-12-31 15:53 - 2014-12-31 15:53 - 00000000 ___DC () C:\Users\Marina\AppData\Roaming\Mozilla
2014-12-31 15:53 - 2014-12-31 15:53 - 00000000 ___DC () C:\Users\Marina\AppData\Local\Mozilla
2014-12-31 15:17 - 2014-12-31 15:23 - 00000000 ___DC () C:\335610c6c8e09682eb6a797c
2014-12-31 05:11 - 2014-12-31 05:13 - 00000000 ___DC () C:\edb757e063a3858ad4cd8526b755
2014-12-30 16:36 - 2014-12-30 16:41 - 00000000 ___DC () C:\6e302748143f7779516b3c465ea39c
2014-12-30 03:01 - 2014-12-30 03:03 - 00000000 ___DC () C:\c180fbd747f888624503
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-29 13:17 - 2014-04-15 13:45 - 01144467 ____C () C:\Windows\WindowsUpdate.log
2015-01-29 13:16 - 2012-04-04 12:06 - 06901986 ____C () C:\Users\ms\DesktopStCenter.txt
2015-01-29 12:55 - 2009-07-14 05:45 - 00021472 ___HC () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-29 12:55 - 2009-07-14 05:45 - 00021472 ___HC () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-29 12:48 - 2009-07-14 06:08 - 00000006 ___HC () C:\Windows\Tasks\SA.DAT
2015-01-29 06:47 - 2012-04-04 12:07 - 00000000 ___DC () C:\Users\ms\AppData\Roaming\FRITZ!
2015-01-29 06:42 - 2012-06-20 17:59 - 00000000 ___DC () C:\Users\ms\AppData\Local\Apps\2.0
2015-01-29 06:24 - 2011-08-17 01:03 - 00045056 ____C () C:\Windows\system32\acovcnt.exe
2015-01-28 21:43 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-01-28 17:47 - 2012-06-16 11:37 - 00000000 ___DC () C:\Users\ms\Downloads\Firefox
2015-01-28 01:59 - 2009-07-14 04:20 - 00000000 _RHDC () C:\Users\Default
2015-01-28 01:52 - 2009-07-14 03:34 - 00000215 ____C () C:\Windows\system.ini
2015-01-28 01:49 - 2009-07-14 03:34 - 92274688 _____ () C:\Windows\system32\config\software.bak
2015-01-28 01:49 - 2009-07-14 03:34 - 18350080 _____ () C:\Windows\system32\config\system.bak
2015-01-28 01:49 - 2009-07-14 03:34 - 01220608 _____ () C:\Windows\system32\config\default.bak
2015-01-28 01:49 - 2009-07-14 03:34 - 00061440 _____ () C:\Windows\system32\config\sam.bak
2015-01-28 01:49 - 2009-07-14 03:34 - 00024576 _____ () C:\Windows\system32\config\security.bak
2015-01-28 01:41 - 2011-08-17 01:01 - 00000000 ___DC () C:\ProgramData\Temp
2015-01-27 17:59 - 2009-07-14 04:20 - 00000000 __RDC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-27 17:56 - 2009-07-14 04:20 - 00000000 ___DC () C:\Windows\PolicyDefinitions
2015-01-27 17:16 - 2014-09-18 15:06 - 00000000 ___DC () C:\Users\ms\Documents\Rechnerprobs
2015-01-27 15:54 - 2013-09-26 12:07 - 00000000 ___DC () C:\Program Files (x86)\Magic Workstation
2015-01-27 15:22 - 2011-08-17 01:01 - 00001412 ____C () C:\Windows\system32\ServiceFilter.ini
2015-01-27 14:48 - 2012-06-16 11:43 - 00000000 ___DC () C:\Users\ms\Downloads\Adobe
2015-01-27 14:44 - 2014-08-07 13:53 - 00000000 ___DC () C:\Users\ms\AppData\Local\Adobe
2015-01-27 14:44 - 2012-09-20 11:43 - 00701616 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-27 14:44 - 2012-06-24 08:45 - 00071344 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-27 14:30 - 2014-08-08 18:55 - 00000000 ___DC () C:\Users\ms\Desktop\Tor Browser
2015-01-27 10:34 - 2014-11-08 18:22 - 00000000 ___DC () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-26 21:59 - 2011-11-10 10:24 - 00000000 ___DC () C:\Users\ms
2015-01-26 21:47 - 2014-02-26 22:53 - 00000000 ___DC () C:\Users\Marina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite
2015-01-26 21:47 - 2014-02-26 22:53 - 00000000 ___DC () C:\Users\Marina
2015-01-26 21:47 - 2013-04-02 15:58 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cornelsen
2015-01-26 21:47 - 2013-02-01 22:16 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AC3Filter
2015-01-26 21:47 - 2013-01-02 00:15 - 00000000 ___DC () C:\Users\ms\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2015-01-26 21:47 - 2012-10-11 22:24 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-26 21:47 - 2012-09-05 08:13 - 00000000 ___DC () C:\Users\ms\Desktop\Computer-tools
2015-01-26 21:47 - 2012-09-04 15:23 - 00000000 ___DC () C:\Users\ms\Downloads\Brother
2015-01-26 21:47 - 2012-07-16 16:17 - 00000000 ___DC () C:\Users\ms\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CLC E-Learning Resource
2015-01-26 21:47 - 2012-07-06 23:54 - 00000000 ___DC () C:\Users\ms\Desktop\Deutsch
2015-01-26 21:47 - 2012-06-22 12:12 - 00000000 ___DC () C:\Users\ms\AppData\Roaming\Wise Registry Cleaner
2015-01-26 21:47 - 2012-06-22 12:12 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner
2015-01-26 21:47 - 2012-06-06 16:45 - 00000000 ___DC () C:\Users\ms\Documents\Audible
2015-01-26 21:47 - 2012-06-06 16:45 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AudibleManager
2015-01-26 21:47 - 2012-05-12 15:32 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Segmenti
2015-01-26 21:47 - 2012-05-12 14:45 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Puzzle! - Druckmaschine
2015-01-26 21:47 - 2012-05-06 20:55 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-01-26 21:47 - 2012-05-06 20:55 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Graboid Video
2015-01-26 21:47 - 2012-03-20 16:46 - 00000000 ___DC () C:\Windows\System32\Tasks\Apple
2015-01-26 21:47 - 2012-03-20 16:46 - 00000000 ___DC () C:\Program Files (x86)\Apple Software Update
2015-01-26 21:47 - 2012-01-10 00:02 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-01-26 21:47 - 2011-11-26 22:02 - 00000000 ___DC () C:\Windows\system32\Macromed
2015-01-26 21:47 - 2011-11-17 23:06 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon
2015-01-26 21:47 - 2011-11-11 17:41 - 00000000 ___DC () C:\Program Files (x86)\Brother
2015-01-26 21:47 - 2011-11-10 18:48 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (Deutsch)
2015-01-26 21:47 - 2011-11-10 10:24 - 00000000 ___DC () C:\Users\ms\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite
2015-01-26 21:47 - 2011-08-17 01:05 - 00000000 ___DC () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite
2015-01-26 21:47 - 2011-08-17 01:05 - 00000000 ___DC () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite
2015-01-26 21:47 - 2011-08-17 00:58 - 00000000 ___DC () C:\ProgramData\P4G
2015-01-26 21:47 - 2011-08-17 00:53 - 00000000 __RDC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2015-01-26 21:47 - 2011-08-17 00:46 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility
2015-01-26 21:47 - 2011-04-09 19:58 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2015-01-26 21:47 - 2011-04-09 19:47 - 00000000 __RDC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2015-01-26 21:47 - 2011-02-19 10:02 - 00000000 ___DC () C:\Windows\SysWOW64\XPSViewer
2015-01-26 21:47 - 2009-07-14 06:32 - 00000000 ___DC () C:\Program Files\Reference Assemblies
2015-01-26 21:47 - 2009-07-14 06:32 - 00000000 ___DC () C:\Program Files\MSBuild
2015-01-26 21:47 - 2009-07-14 06:32 - 00000000 ___DC () C:\Program Files (x86)\Reference Assemblies
2015-01-26 21:47 - 2009-07-14 06:32 - 00000000 ___DC () C:\Program Files (x86)\MSBuild
2015-01-26 21:47 - 2009-07-14 04:20 - 00000000 ___DC () C:\Windows\AppCompat
2015-01-26 21:46 - 2009-07-14 04:20 - 00000000 ___DC () C:\Windows\registration
2015-01-26 21:43 - 2014-11-06 16:02 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
2015-01-26 21:43 - 2011-08-17 00:50 - 00000000 __HDC () C:\Program Files (x86)\InstallShield Installation Information
2015-01-22 21:12 - 2012-03-28 11:41 - 00000000 ___DC () C:\Users\ms\AppData\Roaming\Apple Computer
2015-01-22 20:04 - 2012-05-06 21:04 - 00000000 ___DC () C:\Users\ms\AppData\Roaming\vlc
2015-01-22 17:12 - 2014-12-02 14:37 - 00000000 ____D () C:\found.001
2015-01-22 17:12 - 2014-12-01 14:23 - 00000000 ____D () C:\found.000
2015-01-20 15:50 - 2009-07-14 06:09 - 00000000 ___DC () C:\Windows\System32\Tasks\WPD
2015-01-20 14:37 - 2011-08-17 00:56 - 00120320 ____C () C:\Users\Default\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-20 14:37 - 2011-08-17 00:56 - 00120320 ____C () C:\Users\Default User\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-20 14:37 - 2009-07-14 05:57 - 00001547 ____C () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-01-20 14:35 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-16 22:31 - 2014-02-26 22:54 - 00000000 ___DC () C:\Users\Marina\AppData\Roaming\FRITZ!
2015-01-15 09:17 - 2012-07-17 17:34 - 00000000 ___DC () C:\Users\ms\Documents\Wohnung
2015-01-14 17:38 - 2013-08-15 02:03 - 00000000 ___DC () C:\Windows\system32\MRT
2015-01-14 17:29 - 2011-11-11 16:07 - 113365784 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-14 16:18 - 2011-11-10 23:50 - 00004096 ____C () C:\Users\Public\Documents\00000044.LCS
2015-01-13 03:03 - 2011-11-10 12:34 - 01653160 ____C () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-13 03:03 - 2011-02-19 10:08 - 00721112 ____C () C:\Windows\system32\perfh007.dat
2015-01-13 03:03 - 2011-02-19 10:08 - 00158288 ____C () C:\Windows\system32\perfc007.dat
2015-01-13 03:03 - 2009-07-14 06:13 - 01653160 ____C () C:\Windows\system32\PerfStringBackup.INI
2015-01-12 19:55 - 2013-10-16 18:55 - 00000460 ____C () C:\Windows\Tasks\Wise Registry Cleaner Schedule Task.job
2015-01-10 10:38 - 2012-06-16 12:09 - 00000000 ___DC () C:\Users\ms\Downloads\Firefox_Bookmarks
2015-01-08 09:55 - 2012-05-03 14:18 - 00298120 ____C (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-02 23:42 - 2012-12-20 12:15 - 00000778 ____C () C:\Windows\Brpfx04a.ini
==================== Files in the root of some directories =======
2014-06-26 02:01 - 2014-06-26 02:01 - 6010880 ____C () C:\Program Files (x86)\GUT87B5.tmp
2012-07-29 17:01 - 2006-06-02 13:27 - 0017542 ____C () C:\Program Files\Common Files\Net4Switch.ico
2008-05-22 16:35 - 2008-05-22 16:35 - 0051962 ____C () C:\Program Files (x86)\Common Files\banner.jpg
2009-04-08 18:31 - 2009-04-08 18:31 - 0106496 ____C () C:\Program Files (x86)\Common Files\CPInstallAction.dll
2014-05-26 17:47 - 2003-03-21 11:45 - 0250544 ____C (KeyWorks Software) C:\Program Files (x86)\Common Files\keyhelp.ocx
2008-08-12 05:45 - 2008-08-12 05:45 - 0155648 ____C (ASUS) C:\Program Files (x86)\Common Files\MSIactionall.dll
2014-11-05 10:35 - 2014-11-05 10:35 - 0000115 ____C () C:\Users\ms\AppData\Roaming\Camdata.ini
2014-11-05 10:35 - 2014-11-05 10:35 - 0000408 ____C () C:\Users\ms\AppData\Roaming\CamLayout.ini
2014-11-05 10:35 - 2014-11-05 10:35 - 0000408 ____C () C:\Users\ms\AppData\Roaming\CamShapes.ini
2014-11-05 10:35 - 2014-11-05 10:35 - 0004416 ____C () C:\Users\ms\AppData\Roaming\CamStudio.cfg
2011-04-09 19:59 - 2010-07-07 00:10 - 0131472 ____C () C:\ProgramData\FullRemove.exe
2011-08-17 01:05 - 2011-08-17 01:06 - 0000105 ____C () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2011-08-17 01:04 - 2011-08-17 01:05 - 0000107 ____C () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
Some content of TEMP:
====================
C:\Users\ms\AppData\Local\Temp\Quarantine.exe
C:\Users\ms\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-26 10:17
==================== End Of Log ============================
--- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- Interessant... nu hat sich in Firefox der Bildschirm rauf und runter bewegt.... und was ich getippt hab (also der Satz von "Interessant" bis "bewegt"), ist direkt übernommen worden in den Post ohne dass ich es abschicken musste zwei Boldtags wurden ohne mein Zutun eingefügt und eben hat der gesamte Bildschirm geflackert Hast du schon herausgefunden, was die Ursache der ganzen Störungen ist? p.s: Windows Explorer stürzt immer noch ständig ab 14:44 eben grad nen totalen Schreck gekriegt: Rechner wieder hochgefahren.. schwarzer Bildschirm mit Start-Leiste am unteren Rand nur mit IE, ohne Firefox und der Rechner hat keinerlei Dateien gefunden.., wollte Berechtigungen für IE auf Internet zuzugreifen. Rechner wieder runtergefahren, dann war die Oberfläche wieder richtig... aber es gibt zzt. nach wie vor merkwürdige Effekte bei Firefox: z.B. unkontrolliertes Flimmern des Bildschirms... auch der Windows Explorer stürzt nach wie vor ständig ab... 15:24 Totaler Systemcrash... habe Windows im abgesicherten Modus hochgefahren und den Zustand von gestern, 11:06 wiederhergestellt hab nochmal ComboFix (wurde heute auch gleich upgedatet) gestartet: Code:
ATTFilter Combofix Logfile: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 29.01.2015 Suchlauf-Zeit: 17:34:30 Logdatei: Administrator: Ja Version: 2.00.4.1028 Malware Datenbank: v2015.01.29.08 Rootkit Datenbank: v2015.01.14.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: ms Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 416651 Verstrichene Zeit: 24 Min, 25 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Tiefer Rootkit-Suchlauf: Aktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 0 (Keine schädliche Elemente erkannt) Registrierungswerte: 0 (Keine schädliche Elemente erkannt) Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 0 (Keine schädliche Elemente erkannt) Dateien: 0 (Keine schädliche Elemente erkannt) Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) Code:
ATTFilter # AdwCleaner v4.109 - Bericht erstellt am 28/01/2015 um 17:48:09
# Aktualisiert 24/01/2015 von Xplode
# Database : 2015-01-26.1 [Live]
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : ms - KLEOPATRA
# Gestartet von : C:\Users\ms\Downloads\Firefox\AdwCleaner_4.109.exe
# Option : Suchen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17496
-\\ Mozilla Firefox v35.0.1 (x86 de)
-\\ Google Chrome v
-\\ Opera v25.0.1614.68
*************************
AdwCleaner[R0].txt - [7332 octets] - [08/01/2015 19:07:14]
AdwCleaner[R1].txt - [7392 octets] - [12/01/2015 08:42:19]
AdwCleaner[R2].txt - [2609 octets] - [27/01/2015 10:28:14]
AdwCleaner[R3].txt - [1135 octets] - [27/01/2015 12:12:19]
AdwCleaner[R4].txt - [940 octets] - [28/01/2015 17:48:09]
AdwCleaner[S0].txt - [7836 octets] - [12/01/2015 09:16:53]
AdwCleaner[S1].txt - [3061 octets] - [27/01/2015 10:32:50]
########## EOF - C:\AdwCleaner\AdwCleaner[R4].txt - [1119 octets] ##########
AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v4.109 - Bericht erstellt am 29/01/2015 um 18:08:11
# Aktualisiert 24/01/2015 von Xplode
# Database : 2015-01-26.1 [Live]
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : ms - KLEOPATRA
# Gestartet von : C:\Users\ms\Desktop\AdwCleaner_4.109.exe
# Option : Suchen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17496
-\\ Mozilla Firefox v35.0.1 (x86 de)
-\\ Google Chrome v
-\\ Opera v25.0.1614.68
*************************
AdwCleaner[R0].txt - [7332 octets] - [08/01/2015 19:07:14]
AdwCleaner[R1].txt - [7392 octets] - [12/01/2015 08:42:19]
AdwCleaner[R2].txt - [2609 octets] - [27/01/2015 10:28:14]
AdwCleaner[R3].txt - [1135 octets] - [27/01/2015 12:12:19]
AdwCleaner[R4].txt - [2129 octets] - [28/01/2015 17:48:09]
AdwCleaner[S0].txt - [7836 octets] - [12/01/2015 09:16:53]
AdwCleaner[S1].txt - [3061 octets] - [27/01/2015 10:32:50]
AdwCleaner[S2].txt - [1261 octets] - [28/01/2015 17:50:48]
########## EOF - C:\AdwCleaner\AdwCleaner[R4].txt - [2369 octets] ##########
--- --- --- Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Professional x64
Ran by ms on 29.01.2015 at 18:18:44,29
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29.01.2015 at 18:23:00,58
End of JRT log
~~~~~~C~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Hast du ne Ahnung oder ne Idee, wodran der System-Absturz lag? Was soll ich als nächstes tun? P.S. Windows Explorer stürzt immer noch ab  P.P.S. dieses - von Microsoft als wichtig eingestuftes Sicherheitsupdate lässt sich nach wie vor nicht installieren Code:
ATTFilter Sicherheitsupdate für Windows 7 für x64-basierte Systeme (KB3011780)
Installationsdatum: 29.01.2015 19:55
Installationsstatus: Fehlgeschlagen
Fehlerdetails: Code 800B0100
Updatetyp: Wichtig
In einem Microsoft-Softwareprodukt wurde ein Sicherheitsproblem festgestellt, das Auswirkungen auf Ihr System haben könnte. Durch die Installation dieses Updates von Microsoft können Sie zum Schutz Ihres Systems beitragen. Eine vollständige Liste der Problembehebungen in diesem Update finden Sie in dem entsprechenden Microsoft Knowledge Base-Artikel. Nach der Installation dieses Updates müssen Sie das System gegebenenfalls neu starten.
Weitere Informationen:
hxxp://support.microsoft.com/kb/3011780
Geändert von moona (29.01.2015 um 14:53 Uhr) |
|
30.01.2015, 08:52
| #15 |
| /// the machine /// TB-Ausbilder | Quickstart eingefangen, Systemwiederherstellung gemacht, PC sehr langsam Sichere jetzt bitte erstmal alle deine Daten extern. Dann machen wir weiter. Sieht so aus als würde da in naher Zukunft was hopps gehen.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Quickstart eingefangen, Systemwiederherstellung gemacht, PC sehr langsam |
| bericht, betriebssystem, browser, dateien, explorer, festgestellt, firefox, folge, google, internet, internet explorer, langsam, live, microsoft, microsoft essentials, mozilla, opera, ordner, pc sehr langsam, programm, programme, rojaner gefunden, scan, skyhunter, suche, systemwiederherstellung, trojaner, windows |
WARNUNG an die MITLESER: 
Linear-Darstellung
