| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Meldung in Win7: Der Proxyserver reagiert nichtWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
02.02.2015, 15:02
| #16 | ||
| /// TB-Ausbilder /// Anleitungs-Guru  |  Meldung in Win7: Der Proxyserver reagiert nicht Das ESET-Log sieht OK aus weil alles in den Temps oder in der Quarantäne steckt. Schritt 1   Drücke bitte die  + R Taste und schreibe notepad in das Ausführen Fenster.Klicke auf OK und kopiere nun den Text aus der Codebox in das leere Textdokument: Code:
ATTFilter CloseProcesses:
EmptyTemp:
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:52515;https=127.0.0.1:52515
URLSearchHook: [S-1-5-21-2226251454-2989245828-1209764460-1001] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2226251454-2989245828-1209764460-1004 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKU\S-1-5-21-2226251454-2989245828-1209764460-1004 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ColorMedia => ""="service"
2015-01-27 21:16 - 2015-01-27 21:16 - 00000000 ____D () C:\Users\bfzadm\AppData\Roaming\dlg
2015-01-27 21:14 - 2015-01-30 20:07 - 00000000 ____D () C:\ProgramData\SecurityUtility
2015-01-27 21:14 - 2015-01-27 21:14 - 00000000 ____D () C:\ProgramData\SecurityUtilityData
2015-01-27 21:14 - 2015-01-27 17:31 - 00344440 _____ (CartCrunch Israel Ltd.) C:\windows\system32\ColorMedia64.dll
2015-01-27 21:14 - 2015-01-27 17:31 - 00301168 _____ (CartCrunch Israel Ltd.) C:\windows\SysWOW64\ColorMedia.dll
Schritt 2 Downloade dir bitte  Farbar Service Scanner
Poste bitte den Inhalt hier. Schritt 3 Zitat:
Zitat:
Bitte FRST vom Desktop mit Administrator-Rechten ausführen!  Bitte starte FRST erneut, markiere auch die checkbox  und drücke auf Scan. Bitte poste mir den Inhalt der beiden Logs die erstellt werden.
__________________ Gruß deeprybka  Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer Geändert von deeprybka (02.02.2015 um 15:10 Uhr) |
|
02.02.2015, 19:44
| #17 |
 | Meldung in Win7: Der Proxyserver reagiert nichtCode:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-02-2015
Ran by bfzadm at 2015-02-02 19:26:51 Run:1
Running from C:\Users\bfzn\Desktop
Loaded Profiles: bfzadm & bfzn (Available profiles: bfzadm & bfzn & DoKo)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
CloseProcesses:
EmptyTemp:
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:52515;https=127.0.0.1:52515
URLSearchHook: [S-1-5-21-2226251454-2989245828-1209764460-1001] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2226251454-2989245828-1209764460-1004 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKU\S-1-5-21-2226251454-2989245828-1209764460-1004 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ColorMedia => ""="service"
2015-01-27 21:16 - 2015-01-27 21:16 - 00000000 ____D () C:\Users\bfzadm\AppData\Roaming\dlg
2015-01-27 21:14 - 2015-01-30 20:07 - 00000000 ____D () C:\ProgramData\SecurityUtility
2015-01-27 21:14 - 2015-01-27 21:14 - 00000000 ____D () C:\ProgramData\SecurityUtilityData
2015-01-27 21:14 - 2015-01-27 17:31 - 00344440 _____ (CartCrunch Israel Ltd.) C:\windows\system32\ColorMedia64.dll
2015-01-27 21:14 - 2015-01-27 17:31 - 00301168 _____ (CartCrunch Israel Ltd.) C:\windows\SysWOW64\ColorMedia.dll
*****************
Processes closed successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
Error setting Default URLSearchHook.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-2226251454-2989245828-1209764460-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-2226251454-2989245828-1209764460-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\ColorMedia" => Key deleted successfully.
C:\Users\bfzadm\AppData\Roaming\dlg => Moved successfully.
C:\ProgramData\SecurityUtility => Moved successfully.
C:\ProgramData\SecurityUtilityData => Moved successfully.
C:\windows\system32\ColorMedia64.dll => Moved successfully.
C:\windows\SysWOW64\ColorMedia.dll => Moved successfully.
EmptyTemp: => Removed 2.5 GB temporary data.
The system needed a reboot.
==== End of Fixlog 19:30:45 ====
Code:
ATTFilter Farbar Service Scanner Version: 17-01-2015
Ran by bfzadm (administrator) on 02-02-2015 at 19:38:29
Running from "C:\Users\bfzn\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Policy:
========================
Action Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
Other Services:
==============
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
**** End of log ****
FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015 Ran by bfzadm (administrator) on SEVENUP on 02-02-2015 19:40:30 Running from C:\Users\bfzn\Desktop Loaded Profiles: bfzadm & bfzn (Available profiles: bfzadm & bfzn & DoKo) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe (McAfee, Inc.) C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (AMD) C:\Windows\System32\atiesrxx.exe (IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\stacsv64.exe (AMD) C:\Windows\System32\atieclxx.exe (Hewlett-Packard) C:\Windows\System32\hpservice.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe (ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe (APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Hewlett-Packard Development Company, L.P) C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe (Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe () C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe (ArcSoft, Inc.) C:\Windows\system\uArcCapture.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (McAfee, Inc.) C:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (DigitalPersona, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpAgent.exe (APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_16_0_0_296_ActiveX.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe (Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe (Farbar) C:\Users\bfzn\Desktop\FSS.exe (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [HPPowerAssistant] => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [1691192 2010-06-19] (Hewlett-Packard Company) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2174760 2010-06-04] (Synaptics Incorporated) HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-04-05] (Hewlett-Packard) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-03-17] (IDT, Inc.) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated) HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe [256056 2010-03-01] (Hewlett-Packard Company) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation) HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [563736 2009-10-23] (PDF Complete Inc) HKLM-x32\...\Run: [File Sanitizer] => C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [11265536 2009-12-12] (Hewlett-Packard) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-08-05] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [DTRun] => c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe [518656 2009-11-18] (ArcSoft Inc.) HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [600936 2009-06-29] (Symantec Corporation) HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3674576 2015-01-06] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [976320 2009-12-03] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.) HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [724576 2012-08-20] (Sony Corporation) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation) HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1949080 2014-12-23] (APN) HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe [54072 2014-11-21] (Malwarebytes Corporation) HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe, Winlogon\Notify\DeviceNP-x32: DeviceNP.dll [X] HKU\S-1-5-21-2226251454-2989245828-1209764460-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.) HKU\S-1-5-21-2226251454-2989245828-1209764460-1001\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-06-17] (Hewlett-Packard Company) HKU\S-1-5-21-2226251454-2989245828-1209764460-1001\...\RunOnce: [Report] => \AdwCleaner\AdwCleaner[S0].txt [7522 2015-01-31] () HKU\S-1-5-21-2226251454-2989245828-1209764460-1004\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-06-17] (Hewlett-Packard Company) HKU\S-1-5-21-2226251454-2989245828-1209764460-1004\...\Run: [Epson Stylus SX525WD(Netzwerk)] => C:\windows\system32\spool\DRIVERS\x64\3\E_IATIGAE.EXE [224768 2010-01-12] (SEIKO EPSON CORPORATION) HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\windows\System32\SPReview\SPReview.exe [301568 2014-12-02] (Microsoft Corporation) Lsa: [Notification Packages] DPPassFilter scecli Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\Users\bfzadm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\134E09AA1.lnk ShortcutTarget: 134E09AA1.lnk -> C:\PROGRA~3\1AA90E431.cpp (No File) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled. ProxyServer: [.DEFAULT] => http=127.0.0.1:52515;https=127.0.0.1:52515 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKU\S-1-5-21-2226251454-2989245828-1209764460-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/de-de/?ocid=U218DHP&pc=U218 HKU\S-1-5-21-2226251454-2989245828-1209764460-1001\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/1me10IE11DEDE/WOL_WCP HKU\S-1-5-21-2226251454-2989245828-1209764460-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKU\S-1-5-21-2226251454-2989245828-1209764460-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10 SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox SearchScopes: HKLM-x32 -> {AA5CC064-C92C-4050-82FD-3CA90F36F4FF} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2226251454-2989245828-1209764460-1001 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = hxxp://www.bing.com/search?FORM=U218DF&PC=U218&q={searchTerms}&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-2226251454-2989245828-1209764460-1004 -> {71883CF6-4AA3-44C6-A4AE-3678C8AFAA97} URL = hxxp://www.search.ask.com/web?tpid=ORJ-SPE&o=APN11406&pf=V7&p2=^BBE^OSJ000^YY^DE&gct=&itbv=12.23.0.15&apn_uid=DCAFEAF3-9DFA-4EE9-98FE-A94FD35FB539&apn_ptnrs=BBE&apn_dtid=^OSJ000^YY^DE&apn_dbr=ie_11.0.9600.17496&doi=2015-02-01&trgb=IE&q={searchTerms}&psv=&pt=tb SearchScopes: HKU\S-1-5-21-2226251454-2989245828-1209764460-1004 -> {AF0C3425-2B00-44B5-A39D-C644774ADC84} URL = https://www.google.com/search?q={searchTerms} BHO: HP ProtectTools Security Manager Extension -> {395610AE-C624-4f58-B89E-23733EA00F9A} -> c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.) BHO: Search App by Ask -> {4F524A2D-5350-4500-76A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport_x64.dll (APN LLC.) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: File Sanitizer for HP ProtectTools -> {3134413B-49B4-425C-98A5-893C1F195601} -> C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard) BHO-x32: HP ProtectTools Security Manager Extension -> {395610AE-C624-4f58-B89E-23733EA00F9A} -> c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.) BHO-x32: Search App by Ask -> {4F524A2D-5350-4500-76A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport.dll (APN LLC.) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Search App by Ask - {4F524A2D-5350-4500-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport_x64.dll (APN LLC.) Toolbar: HKLM-x32 - Search App by Ask - {4F524A2D-5350-4500-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport.dll (APN LLC.) Toolbar: HKU\S-1-5-21-2226251454-2989245828-1209764460-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt FF Extension: DigitalPersona Extension - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt [2010-12-07] Chrome: ======= CHR Profile: C:\Users\bfzadm\AppData\Local\Google\Chrome\User Data\Default ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY) S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-17] (Adobe Systems Incorporated) R2 AESTFilters; C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation) R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [177560 2014-12-23] (APN LLC.) R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3440080 2015-01-06] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [309232 2015-01-06] (AVG Technologies CZ, s.r.o.) R3 DEBridge; c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [704512 2009-12-16] (McAfee, Inc.) [File not signed] R2 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [462088 2009-11-25] (DigitalPersona, Inc.) R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed] S3 FLCDLOCK; c:\Windows\SysWOW64\flcdlock.exe [362040 2009-11-17] (Hewlett-Packard Ltd) R2 HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [121344 2010-07-01] (Hewlett-Packard Company) [File not signed] R2 HP ProtectTools Service; c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [36864 2009-11-19] (Hewlett-Packard Development Company, L.P) [File not signed] R2 HPDayStarterService; c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe [90112 2010-05-10] (Hewlett-Packard Company) [File not signed] R2 HpFkCryptService; c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [281192 2009-12-16] (McAfee, Inc.) R2 HPFSService; C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [297984 2009-12-12] (Hewlett-Packard) [File not signed] R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [264248 2010-03-01] (Hewlett-Packard Company) R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-06-17] (Hewlett-Packard Company) [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [635416 2009-10-23] (PDF Complete Inc) R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [474208 2012-08-20] (Sony Corporation) R2 Radio.fx; C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe [3673944 2011-11-18] () R2 STacSV; C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\STacSV64.exe [244736 2010-03-17] (IDT, Inc.) R2 uArcCapture; C:\windows\system\uArcCapture.exe [506472 2009-12-04] (ArcSoft, Inc.) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 ARCVCAM; C:\Windows\System32\DRIVERS\ArcSoftVCapture.sys [32640 2009-12-04] (ArcSoft, Inc.) R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [260888 2014-12-08] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-10-10] (AVG Technologies CZ, s.r.o.) S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [40760 2009-10-21] (Hewlett-Packard Development Company L.P.) R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [129752 2015-01-31] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation) R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-10] (Corel Corporation) R1 RsvLock; C:\Windows\System32\Drivers\RsvLock.sys [58184 2009-12-16] (McAfee, Inc.) R1 RsvLock; C:\Windows\SysWow64\Drivers\RsvLock.sys [40088 2009-12-16] (McAfee, Inc.) R0 SafeBoot; C:\Windows\System32\Drivers\SafeBoot.sys [56648 2009-12-16] () R0 SafeBoot; C:\Windows\SysWow64\Drivers\SafeBoot.sys [110520 2009-12-16] (McAfee, Inc.) R0 SbAlg; C:\Windows\System32\Drivers\SbAlg.sys [60160 2009-06-04] (McAfee, Inc.) R0 SbAlg; C:\Windows\SysWow64\Drivers\SbAlg.sys [51800 2009-12-16] (McAfee, Inc.) R0 SbFsLock; C:\Windows\System32\Drivers\SbFsLock.sys [15688 2009-12-16] (McAfee, Inc.) R0 SbFsLock; C:\Windows\SysWow64\Drivers\SbFsLock.sys [13256 2009-12-16] (McAfee, Inc.) R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1803904 2010-10-13] () ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-02 19:40 - 2015-02-02 19:40 - 00025918 _____ () C:\Users\bfzn\Desktop\FRST.txt 2015-02-02 19:38 - 2015-02-02 19:38 - 00002748 _____ () C:\Users\bfzn\Desktop\FSS.txt 2015-02-02 19:37 - 2015-02-02 19:37 - 00415232 _____ (Farbar) C:\Users\bfzn\Desktop\FSS.exe 2015-02-02 19:24 - 2015-02-02 19:24 - 02131456 _____ (Farbar) C:\Users\bfzn\Desktop\FRST64.exe 2015-02-01 22:22 - 2015-02-01 22:22 - 00000000 ____D () C:\Users\bfzn\AppData\Local\AskPartnerNetwork 2015-02-01 22:22 - 2015-02-01 22:22 - 00000000 ____D () C:\ProgramData\AskPartnerNetwork 2015-02-01 22:22 - 2015-02-01 22:22 - 00000000 ____D () C:\Program Files (x86)\AskPartnerNetwork 2015-02-01 22:21 - 2015-02-01 22:21 - 00000000 ____D () C:\ProgramData\APN 2015-02-01 22:19 - 2015-02-01 22:19 - 00000000 ____D () C:\ProgramData\Sun 2015-02-01 22:19 - 2015-02-01 22:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-02-01 22:19 - 2015-02-01 22:18 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll 2015-02-01 22:18 - 2015-02-01 22:20 - 00000000 ____D () C:\ProgramData\Oracle 2015-02-01 22:18 - 2015-02-01 22:18 - 00000000 ____D () C:\Program Files (x86)\Java 2015-01-31 15:38 - 2015-01-31 15:38 - 00000000 ____D () C:\Users\DoKo\AppData\Roaming\ATI 2015-01-31 15:38 - 2015-01-31 15:38 - 00000000 ____D () C:\Users\DoKo\AppData\Local\ATI 2015-01-31 15:37 - 2015-01-31 15:37 - 00088016 _____ () C:\Users\DoKo\AppData\Local\GDIPFONTCACHEV1.DAT 2015-01-31 15:37 - 2015-01-31 15:37 - 00000000 ____D () C:\Users\DoKo\Documents\Bluetooth-Exchange-Ordner 2015-01-31 15:37 - 2015-01-31 15:37 - 00000000 ____D () C:\Users\DoKo\AppData\Roaming\Intel Corporation 2015-01-31 15:37 - 2015-01-31 15:37 - 00000000 ____D () C:\Users\DoKo\AppData\Roaming\Epson 2015-01-31 15:37 - 2015-01-31 15:37 - 00000000 ____D () C:\Users\DoKo\AppData\Roaming\AVG2015 2015-01-31 15:37 - 2015-01-31 15:37 - 00000000 ____D () C:\Users\DoKo\AppData\Roaming\Apple Computer 2015-01-31 15:37 - 2015-01-31 15:37 - 00000000 ____D () C:\Users\DoKo\AppData\Local\PDFC 2015-01-31 15:37 - 2015-01-31 15:37 - 00000000 ____D () C:\Users\DoKo\AppData\Local\Broadcom 2015-01-31 15:37 - 2015-01-31 15:37 - 00000000 ____D () C:\Users\DoKo\AppData\Local\Avg2015 2015-01-31 15:37 - 2015-01-31 15:37 - 00000000 ____D () C:\Users\DoKo\AppData\Local\Adobe 2015-01-31 15:36 - 2015-01-31 15:36 - 00002251 _____ () C:\Users\DoKo\Desktop\Google Chrome.lnk 2015-01-31 15:36 - 2015-01-31 15:36 - 00001425 _____ () C:\Users\DoKo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-01-31 15:36 - 2015-01-31 15:36 - 00000000 _SHDL () C:\Users\DoKo\Vorlagen 2015-01-31 15:36 - 2015-01-31 15:36 - 00000000 _SHDL () C:\Users\DoKo\Startmenü 2015-01-31 15:36 - 2015-01-31 15:36 - 00000000 _SHDL () C:\Users\DoKo\Netzwerkumgebung 2015-01-31 15:36 - 2015-01-31 15:36 - 00000000 _SHDL () C:\Users\DoKo\Lokale Einstellungen 2015-01-31 15:36 - 2015-01-31 15:36 - 00000000 _SHDL () C:\Users\DoKo\Eigene Dateien 2015-01-31 15:36 - 2015-01-31 15:36 - 00000000 _SHDL () C:\Users\DoKo\Druckumgebung 2015-01-31 15:36 - 2015-01-31 15:36 - 00000000 _SHDL () C:\Users\DoKo\Documents\Eigene Musik 2015-01-31 15:36 - 2015-01-31 15:36 - 00000000 _SHDL () C:\Users\DoKo\Documents\Eigene Bilder 2015-01-31 15:36 - 2015-01-31 15:36 - 00000000 _SHDL () C:\Users\DoKo\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2015-01-31 15:36 - 2015-01-31 15:36 - 00000000 _SHDL () C:\Users\DoKo\AppData\Local\Verlauf 2015-01-31 15:36 - 2015-01-31 15:36 - 00000000 _SHDL () C:\Users\DoKo\AppData\Local\Anwendungsdaten 2015-01-31 15:36 - 2015-01-31 15:36 - 00000000 _SHDL () C:\Users\DoKo\Anwendungsdaten 2015-01-31 15:36 - 2015-01-31 15:36 - 00000000 ____D () C:\Users\DoKo\AppData\Roaming\DigitalPersona 2015-01-31 15:36 - 2015-01-31 15:36 - 00000000 ____D () C:\Users\DoKo\AppData\Roaming\Adobe 2015-01-31 15:36 - 2015-01-31 15:36 - 00000000 ____D () C:\Users\DoKo\AppData\Local\VirtualStore 2015-01-31 15:36 - 2015-01-31 15:36 - 00000000 ____D () C:\Users\DoKo\AppData\Local\Google 2015-01-31 15:36 - 2015-01-31 15:36 - 00000000 ____D () C:\Users\DoKo\AppData\Local\DigitalPersona 2015-01-31 15:36 - 2015-01-31 15:36 - 00000000 ____D () C:\Users\DoKo 2015-01-31 15:36 - 2015-01-12 19:07 - 00000000 ____D () C:\Users\DoKo\AppData\Roaming\TuneUp Software 2015-01-31 15:36 - 2014-12-11 01:36 - 00000000 ____D () C:\Users\DoKo\AppData\Local\Microsoft Help 2015-01-31 15:36 - 2014-12-05 22:48 - 00000000 ____D () C:\Users\DoKo\AppData\Roaming\Macromedia 2015-01-31 15:36 - 2009-07-27 15:09 - 00000020 ___SH () C:\Users\DoKo\ntuser.ini 2015-01-31 15:36 - 2009-07-14 05:54 - 00000000 ___RD () C:\Users\DoKo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-01-31 15:36 - 2009-07-14 05:49 - 00000000 ___RD () C:\Users\DoKo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2015-01-31 14:59 - 2015-01-31 14:59 - 02347384 _____ (ESET) C:\Users\bfzn\Downloads\esetsmartinstaller_deu.exe 2015-01-31 13:26 - 2015-01-31 13:27 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2015-01-31 13:25 - 2015-01-31 13:25 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-01-31 13:25 - 2015-01-31 13:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-01-31 13:25 - 2015-01-31 13:25 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-01-31 13:25 - 2015-01-31 13:25 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-01-31 13:25 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys 2015-01-31 13:25 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys 2015-01-31 13:25 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys 2015-01-31 13:06 - 2015-01-31 13:06 - 02194432 _____ () C:\Users\bfzn\Desktop\AdwCleaner_4.109.exe 2015-01-31 13:02 - 2015-01-31 13:10 - 00000000 ____D () C:\AdwCleaner 2015-01-31 12:55 - 2015-01-31 12:55 - 00000000 ____D () C:\Users\bfzn\Desktop\RevoUninstallerPortable 2015-01-30 20:46 - 2015-01-30 20:48 - 00035837 _____ () C:\Users\bfzadm\Downloads\Addition.txt 2015-01-30 20:44 - 2015-01-30 20:48 - 00049395 _____ () C:\Users\bfzadm\Downloads\FRST.txt 2015-01-30 20:43 - 2015-01-30 20:44 - 02130432 _____ (Farbar) C:\Users\bfzadm\Downloads\FRST64.exe 2015-01-28 23:02 - 2015-01-28 23:03 - 00020928 _____ () C:\Users\bfzn\Desktop\Result.txt 2015-01-28 22:32 - 2015-01-28 22:32 - 00000000 ____D () C:\Users\bfzadm\AppData\Local\CrashDumps 2015-01-28 22:22 - 2015-02-02 19:40 - 00000000 ____D () C:\FRST 2015-01-28 22:20 - 2015-01-28 22:20 - 00000474 _____ () C:\Users\bfzn\Desktop\defogger_disable.log 2015-01-28 22:20 - 2015-01-28 22:20 - 00000000 _____ () C:\Users\bfzadm\defogger_reenable 2015-01-28 21:21 - 2015-01-28 21:21 - 00000000 ___HD () C:\windows\msdownld.tmp 2015-01-28 21:20 - 2015-01-28 21:20 - 65495720 _____ (Microsoft Corporation) C:\Users\bfzadm\Downloads\EIE11_DE-DE_WOL_WIN764.EXE 2015-01-28 19:19 - 2015-01-28 19:19 - 00000000 ____D () C:\Users\bfzadm\AppData\Roaming\Apple Computer 2015-01-27 21:39 - 2015-01-27 21:39 - 00002607 _____ () C:\Users\Public\Desktop\HNK für Excel.lnk 2015-01-27 21:39 - 2015-01-27 21:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heiz- und Nebenkosten 2015-01-27 21:39 - 2015-01-27 21:39 - 00000000 ____D () C:\Program Files (x86)\KV Software 2015-01-27 21:19 - 2015-01-27 21:19 - 00000000 __SHD () C:\Users\bfzadm\AppData\Local\EmieUserList 2015-01-27 21:19 - 2015-01-27 21:19 - 00000000 __SHD () C:\Users\bfzadm\AppData\Local\EmieSiteList 2015-01-27 21:19 - 2015-01-27 21:19 - 00000000 __SHD () C:\Users\bfzadm\AppData\Local\EmieBrowserModeList 2015-01-27 21:17 - 2015-01-27 21:17 - 00000000 ____D () C:\Temp 2015-01-26 18:33 - 2015-01-26 18:33 - 480951400 _____ () C:\windows\MEMORY.DMP 2015-01-26 18:33 - 2015-01-26 18:33 - 00344552 _____ () C:\windows\Minidump\012615-38563-01.dmp 2015-01-26 18:33 - 2015-01-26 18:33 - 00000000 ____D () C:\windows\Minidump 2015-01-23 21:04 - 2015-01-23 21:18 - 00000000 ____D () C:\Program Files (x86)\No23 Recorder 2015-01-23 21:04 - 2015-01-23 21:04 - 00001061 _____ () C:\Users\Public\Desktop\No23 Recorder.lnk 2015-01-23 21:04 - 2015-01-23 21:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\No23 Recorder 2015-01-23 21:04 - 2015-01-23 21:04 - 00000000 ____D () C:\ProgramData\Caphyon 2015-01-23 21:03 - 2015-01-23 21:03 - 04144094 _____ (No23) C:\Users\bfzn\Downloads\No23Recorder.exe 2015-01-22 00:03 - 2015-01-22 00:03 - 00000000 ____D () C:\Users\bfzn\AppData\Local\Apple 2015-01-19 21:12 - 2015-01-19 21:12 - 00101691 _____ () C:\Users\bfzn\Downloads\ComparePlugin.v1.5.6.2.bin.zip 2015-01-16 21:36 - 2015-01-16 21:36 - 00000000 ____D () C:\Users\bfzn\AppData\Local\ascendere_IT_Systeme 2015-01-16 20:50 - 2015-01-20 21:04 - 00000000 ____D () C:\Program Files (x86)\Isovar 2015 2015-01-16 20:50 - 2015-01-16 20:50 - 00001047 _____ () C:\Users\Public\Desktop\Isovar 2015.lnk 2015-01-16 20:50 - 2015-01-16 20:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Isovar 2015 2015-01-16 20:49 - 2015-01-16 20:49 - 07572386 _____ (ascendere IT-Systeme ) C:\Users\bfzn\Downloads\Isovar2015_Setup.exe 2015-01-16 20:44 - 2015-01-16 20:44 - 00000000 ____D () C:\Datensicherung_Beihilfe_V1_1 2015-01-16 20:36 - 2015-01-16 20:36 - 00000000 ____D () C:\Datensicherung_Beihilfe_V1_2 2015-01-16 20:25 - 2015-01-16 20:26 - 00000000 ____D () C:\ProgramData\HaNaSoftware 2015-01-16 20:18 - 2015-01-16 20:18 - 22386176 _____ (Microsoft Corporation) C:\Users\bfzn\Downloads\Install_Beihilfe_1.5.0.0.EXE 2015-01-13 23:25 - 2015-01-13 23:34 - 00000000 ____D () C:\Users\bfzn\AppData\Roaming\Mp3tag 2015-01-13 23:25 - 2015-01-13 23:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag 2015-01-13 23:25 - 2015-01-13 23:25 - 00000000 ____D () C:\Program Files (x86)\Mp3tag 2015-01-13 23:24 - 2015-01-13 23:24 - 02707360 _____ () C:\Users\bfzn\Downloads\mp3tagv266setup.exe 2015-01-13 21:42 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll 2015-01-13 21:42 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys 2015-01-13 21:42 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe 2015-01-13 21:42 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll 2015-01-13 21:42 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe 2015-01-13 21:42 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll 2015-01-13 21:42 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe 2015-01-13 21:42 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe 2015-01-13 21:42 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll 2015-01-13 21:42 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe 2015-01-13 21:42 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll 2015-01-13 21:42 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncsi.dll 2015-01-13 21:42 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlaapi.dll 2015-01-13 11:16 - 2015-01-13 11:17 - 00000000 ____D () C:\Users\bfzn\Documents\Sony PMB 2015-01-12 19:07 - 2015-01-12 19:07 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software 2015-01-12 19:07 - 2015-01-12 19:07 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software 2015-01-11 18:38 - 2015-01-11 18:38 - 00002103 _____ () C:\Users\Public\Desktop\PlayMemories Home-Hilfe.lnk 2015-01-11 18:38 - 2015-01-11 18:38 - 00001319 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayMemories Home.lnk 2015-01-11 18:38 - 2015-01-11 18:38 - 00001307 _____ () C:\Users\Public\Desktop\PlayMemories Home.lnk 2015-01-11 18:38 - 2015-01-11 18:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayMemories Home 2015-01-11 18:34 - 2015-01-11 18:34 - 00000394 _____ () C:\windows\DirectX.log 2015-01-11 18:34 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_35.dll 2015-01-11 18:34 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_35.dll 2015-01-11 18:34 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_30.dll 2015-01-11 18:34 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_30.dll 2015-01-10 12:23 - 2015-01-10 12:23 - 00000000 ____D () C:\Users\bfzn\Documents\ArcSoft 2015-01-10 12:22 - 2015-01-10 12:23 - 00000000 ____D () C:\Users\bfzn\AppData\Roaming\ArcSoft 2015-01-09 05:35 - 2015-01-09 05:35 - 00000000 ____D () C:\Users\bfzn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte 2015-01-08 00:39 - 2015-01-08 00:43 - 00000000 ____D () C:\Program Files (x86)\SonyEditor 2015-01-08 00:39 - 2015-01-08 00:39 - 00001035 _____ () C:\Users\bfzn\Desktop\SonyEditor.lnk 2015-01-08 00:39 - 2015-01-08 00:39 - 00001035 _____ () C:\Users\bfzadm\Desktop\SonyEditor.lnk 2015-01-08 00:39 - 2015-01-08 00:39 - 00000000 ____D () C:\Users\bfzadm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SonyEditor 2015-01-08 00:39 - 2015-01-08 00:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SonyEditor 2015-01-05 19:02 - 2015-01-05 19:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung YH-925 2015-01-05 19:00 - 2015-01-05 19:01 - 00000000 ____D () C:\Users\bfzn\Downloads\neu 2015-01-05 18:55 - 2015-01-05 18:57 - 08808960 _____ () C:\Users\bfzn\Downloads\20051010100207250_YH-925_Utility_Program.exe 2015-01-05 18:53 - 2015-01-05 19:02 - 00000000 ____D () C:\Program Files (x86)\Samsung 2015-01-05 18:53 - 2015-01-05 18:53 - 00001133 _____ () C:\Users\bfzn\Desktop\Multimedia Studio.lnk 2015-01-05 18:53 - 2015-01-05 18:53 - 00001133 _____ () C:\Users\bfzadm\Desktop\Multimedia Studio.lnk 2015-01-05 18:53 - 2015-01-05 18:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung 2015-01-05 18:51 - 2015-01-05 18:53 - 13437996 _____ (Samsung ) C:\Users\bfzn\Downloads\20050617180246421_MMSSetup.exe 2015-01-05 18:49 - 2015-01-05 18:49 - 00009993 _____ () C:\Users\bfzn\Downloads\20041229084503828_YH-925_Driver.zip 2015-01-04 22:57 - 2015-01-04 22:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2015-01-04 22:56 - 2015-01-04 22:56 - 00000000 ____D () C:\windows\PCHEALTH 2015-01-04 22:53 - 2015-01-04 22:53 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services 2015-01-04 22:51 - 2015-01-04 22:51 - 00000000 __RHD () C:\MSOCache 2015-01-04 22:35 - 2015-01-04 22:48 - 1025493776 _____ (Microsoft Corporation) C:\Users\bfzn\Downloads\MicrosoftInstaller.exe 2015-01-04 21:21 - 2015-01-04 21:22 - 00000000 ____D () C:\Program Files (x86)\MeineBeihilfe2009 2015-01-04 21:21 - 2015-01-04 21:21 - 00001832 _____ () C:\Users\Public\Desktop\MeineBeihilfe 2009.lnk 2015-01-04 21:21 - 2015-01-04 21:21 - 00000000 ____D () C:\Users\Public\Documents\MeineBeihilfe2009 2015-01-04 21:21 - 2015-01-04 21:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MeineBeihilfe2009 2015-01-04 21:11 - 2015-01-04 23:30 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-02 19:40 - 2009-07-14 05:45 - 00022480 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-02-02 19:40 - 2009-07-14 05:45 - 00022480 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-02-02 19:36 - 2014-11-29 20:50 - 01312963 _____ () C:\windows\WindowsUpdate.log 2015-02-02 19:33 - 2014-11-29 22:00 - 00001106 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-02-02 19:33 - 2010-12-07 13:05 - 00000000 ____D () C:\ProgramData\HPQLOG 2015-02-02 19:32 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2015-02-02 19:32 - 2009-07-14 05:51 - 00108878 _____ () C:\windows\setupact.log 2015-02-02 19:25 - 2014-12-04 23:44 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job 2015-02-02 19:10 - 2014-11-29 22:00 - 00001110 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-02-02 19:09 - 2014-11-29 21:18 - 00000000 ____D () C:\ProgramData\MFAData 2015-02-02 19:04 - 2014-11-29 21:43 - 00325964 _____ () C:\windows\PFRO.log 2015-02-01 21:21 - 2014-12-18 20:54 - 00000000 ____D () C:\Users\bfzn\AppData\Roaming\XnView 2015-01-31 15:00 - 2010-12-07 13:06 - 00699340 _____ () C:\windows\system32\perfh007.dat 2015-01-31 15:00 - 2010-12-07 13:06 - 00149448 _____ () C:\windows\system32\perfc007.dat 2015-01-31 15:00 - 2009-07-14 06:13 - 01619272 _____ () C:\windows\system32\PerfStringBackup.INI 2015-01-31 12:48 - 2014-12-09 00:47 - 00002251 _____ () C:\Users\bfzadm\Desktop\Google Chrome.lnk 2015-01-31 12:48 - 2014-11-29 21:12 - 00001425 _____ () C:\Users\bfzadm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-01-31 11:19 - 2010-12-07 13:05 - 00000000 ____D () C:\ProgramData\PDFC 2015-01-28 22:34 - 2014-11-29 21:32 - 00000000 ____D () C:\Users\bfzn\AppData\Local\PDFC 2015-01-28 22:20 - 2014-11-29 20:52 - 00000000 ____D () C:\Users\bfzadm 2015-01-28 21:21 - 2014-12-04 05:16 - 00024932 _____ () C:\windows\IE11_main.log 2015-01-26 19:07 - 2014-12-30 21:59 - 00000000 ____D () C:\Users\bfzn\AppData\Local\Microsoft Help 2015-01-25 21:25 - 2014-12-04 23:44 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe 2015-01-25 21:25 - 2014-12-04 23:44 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-01-25 21:25 - 2014-12-04 23:44 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater 2015-01-25 14:19 - 2014-11-29 21:21 - 00000000 ____D () C:\ProgramData\AVG2015 2015-01-25 14:17 - 2014-11-29 21:21 - 00000981 _____ () C:\Users\Public\Desktop\AVG 2015.lnk 2015-01-25 14:17 - 2014-11-29 21:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2015-01-16 20:26 - 2014-11-30 01:15 - 00000000 ____D () C:\Users\bfzn\AppData\Local\CrashDumps 2015-01-11 18:38 - 2014-12-15 21:18 - 00000000 ____D () C:\Users\bfzn\AppData\Roaming\Sony Corporation 2015-01-11 18:34 - 2014-12-15 20:27 - 00000000 ____D () C:\Program Files (x86)\Sony 2015-01-11 18:31 - 2014-12-15 20:27 - 00002358 _____ () C:\Users\Public\Desktop\Image Data Converter Ver. 4.lnk 2015-01-10 12:23 - 2014-11-29 21:04 - 00000000 ___HD () C:\ProgramData\ArcSoft 2015-01-08 00:37 - 2014-11-29 21:10 - 00088016 _____ () C:\Users\bfzadm\AppData\Local\GDIPFONTCACHEV1.DAT 2015-01-07 19:17 - 2014-12-10 21:12 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-01-05 19:02 - 2010-12-07 13:00 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2015-01-05 18:30 - 2014-11-29 21:32 - 00088016 _____ () C:\Users\bfzn\AppData\Local\GDIPFONTCACHEV1.DAT 2015-01-05 18:27 - 2009-07-14 05:45 - 00422224 _____ () C:\windows\system32\FNTCACHE.DAT 2015-01-04 22:55 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared 2015-01-04 22:53 - 2014-12-10 21:13 - 00000000 ____D () C:\Program Files\Microsoft Office 2015-01-04 22:53 - 2009-07-27 15:26 - 00000000 ____D () C:\windows\ShellNew 2015-01-04 21:12 - 2014-11-29 23:00 - 00000400 _____ () C:\windows\ODBC.INI 2015-01-04 21:07 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\system 2015-01-04 20:56 - 2009-07-14 03:34 - 00000438 _____ () C:\windows\win.ini 2015-01-04 20:23 - 2014-11-29 23:33 - 00000000 ____D () C:\_Daten ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-24 00:55 ==================== End Of Log ============================ --- --- --- --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2015
Ran by bfzadm at 2015-02-02 19:41:24
Running from C:\Users\bfzn\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212 - ABBYY) Hidden
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Photoshop Elements 11 (HKLM-x32\...\Adobe Photoshop Elements 11) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.7 64-bit (HKLM\...\{1B77B02E-17E4-4B6D-B8A1-74B29AF3D8DD}) (Version: 5.7.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft TotalMedia (HKLM-x32\...\ArcSoft TotalMedia) (Version: 1.0.23.26 - ArcSoft)
ArcSoft TotalMedia (x32 Version: 1.0.43.25 - ArcSoft) Hidden
ArcSoft Webcam Sharing Manager (HKLM-x32\...\{190A7D93-3823-439C-91B9-ADCE3EC2A6A2}) (Version: 1.0.0.26 - ArcSoft)
ATI Catalyst Install Manager (HKLM\...\{E534C3AC-6D49-4EAC-8993-C1F0FF545B67}) (Version: 3.0.778.0 - ATI Technologies, Inc.)
Avery Wizard 5.0 (HKLM-x32\...\{FC3B3A5D-7058-4627-9F1E-F95CC38B6054}) (Version: 5.0.5 - Avery)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5646 - AVG Technologies)
AVG 2015 (Version: 15.0.4273 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5646 - AVG Technologies) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 2070 Bluetooth 3.0 (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.5600 - Broadcom Corporation)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.60.350.6 - Broadcom Corporation)
ccc-core-static (x32 Version: 2010.0805.358.5180 - ATI) Hidden
CDex - Open Source Digital Audio CD Extractor (HKLM-x32\...\CDex) (Version: 1.75.0.2014 - Georgy Berdyshev)
Corel Home Office - CS Templates (x32 Version: 5.6 - 公司名称) Hidden
Corel Home Office - CT Templates (x32 Version: 5.6 - 您的公司名稱) Hidden
Corel Home Office - IPM (x32 Version: 5.6 - Corel Corporation) Hidden
Corel Home Office - JP Templates (x32 Version: 5.6 - 会社名) Hidden
Corel Home Office - KR Templates (x32 Version: 5.6 - 회사명) Hidden
Corel Home Office - Launcher (x32 Version: 5.6 - Corel Corporation) Hidden
Corel Home Office - Templates RU (x32 Version: 5.6 - Название организации) Hidden
Corel Home Office - Templates1 (x32 Version: 5.6 - Your Company Name) Hidden
Corel Home Office (HKLM-x32\...\_{36C95AD3-D330-4BAA-884A-9F3EFD15A5EA}) (Version: 5.0.85.588 - Corel Corporation)
Corel Home Office (x32 Version: 5.6 - Corel Corporation) Hidden
CUEcards 2000 (HKLM-x32\...\CUEcards 2000) (Version: - Marcus Humann Software-Technik)
Device Access Manager for HP ProtectTools (HKLM\...\{55B52830-024A-443E-AF61-61E1E71AFA1B}) (Version: 5.0.1.5 - Hewlett-Packard)
Drive Encryption for HP ProtectTools (HKLM-x32\...\Drive Encryption) (Version: 5.0.4.0 - Hewlett-Packard)
Drive Encryption for HP ProtectTools (Version: 5.0.4.0 - Hewlett-Packard) Hidden
Elements 11 Organizer (x32 Version: 11.0 - Ihr Firmenname) Hidden
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
Epson Event Manager (HKLM-x32\...\{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}) (Version: 2.40.0001 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON SX525WD Series Handbuch (HKLM-x32\...\EPSON SX525WD Series Manual) (Version: - )
EPSON SX525WD Series Netzwerk-Handbuch (HKLM-x32\...\EPSON SX525WD Series Network Guide) (Version: - )
EPSON SX525WD Series Printer Uninstall (HKLM\...\EPSON SX525WD Series) (Version: - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)
EpsonNet Setup 3.3 (HKLM-x32\...\{C9D8A041-2963-4B31-8FFC-1500F3DB9293}) (Version: 3.3a - SEIKO EPSON CORPORATION)
Face Recognition for HP ProtectTools (HKLM\...\{E793990C-90BE-4B69-AC29-BF5E8FD4ED54}) (Version: 2.02.4007 - Hewlett-Packard)
File Sanitizer For HP ProtectTools (HKLM-x32\...\{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}) (Version: 5.0.1.2 - Hewlett-Packard)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.93 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Heizkosten (HKLM-x32\...\{373F123D-878C-4B89-B2D4-218C29273B98}) (Version: 6.5.0 - KV Software)
HP 3D DriveGuard (HKLM\...\{67C090D6-109A-47D7-8DED-4160C4D96F32}) (Version: 4.0.4.1 - Hewlett-Packard)
HP Documentation (HKLM-x32\...\{D21160A2-8B5F-409C-99C8-03582F5324B7}) (Version: 1.7.0.0 - Hewlett-Packard)
HP ESU for Microsoft Windows 7 (HKLM-x32\...\{D9989A13-B173-4048-B8A5-93C204DCB1B3}) (Version: 1.1.6.1 - Hewlett-Packard Company)
HP HotKey Support (HKLM\...\{4BBA5224-C5B1-4B8C-AAA4-68DA6654B9C1}) (Version: 3.5.15.1 - Hewlett-Packard Company)
HP Power Assistant (HKLM\...\{32C278B2-BC1F-4018-8FB4-2012A40D9FC1}) (Version: 1.0.9.0 - Hewlett-Packard Company)
HP Power Data (HKLM\...\{F2177395-FD90-44B0-AFB8-2E0566855E5C}) (Version: 1.0.31.182 - Hewlett-Packard)
HP ProtectTools Security Manager (HKLM\...\HPProtectTools) (Version: 5.03.637 - Hewlett-Packard)
HP QuickLook (HKLM\...\{E6BEE2A9-04CF-42FF-B95B-BB70FAD2DC3E}) (Version: 3.3.1.2 - Hewlett-Packard Company)
HP QuickWeb (HKLM-x32\...\{7861911B-4270-498A-8F7A-FCF0570F487D}) (Version: 1.0.1.63 - DeviceVM, Inc.)
HP Setup (HKLM-x32\...\{E7C34ED4-BBB6-4C57-9FBD-B29CA5878051}) (Version: 8.5.4371.3505 - Hewlett-Packard Company)
HP SoftPaq Download Manager (HKLM-x32\...\{2DA697D7-FED3-4DE2-A174-92A2A12F9688}) (Version: 3.0.5.0 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{E05DB9F9-C8E7-45F2-BE9E-76D4C447CE9B}) (Version: 4.0.39.1 - Hewlett-Packard Company)
HP Software Setup (HKLM-x32\...\{04801E42-B1A6-4C52-9F3D-CADB5A050433}) (Version: 7.0.1.9 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{FC17E0A7-EAA9-4902-92F8-C83B9FD02246}) (Version: 5.0.14.2 - Hewlett-Packard Company)
HP Webcam Driver (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.8.50016.0 - Sonix)
HP Wireless Assistant (HKLM\...\{EC720706-3F19-4B7F-BDDD-E31D9B3921D2}) (Version: 4.0.6.0 - Hewlett-Packard)
HPAsset component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6275.0 - IDT)
Image Data Converter (HKLM-x32\...\{87998E4E-6D9C-411B-AAE9-B8523FFE357D}) (Version: 4.2.00.07270 - Sony Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.01.01.1007 - Intel Corporation)
Isovar 2015 Version 1.3.7.0 (HKLM-x32\...\{79E7FC4B-F866-48A0-85AA-0A44DFB3E208}_is1) (Version: 1.3.7.0 - ascendere IT-Systeme)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
LightScribe System Software (HKLM-x32\...\{82EF29B1-9B60-4142-A155-0599216DD053}) (Version: 1.18.6.1 - LightScribe)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MeineBeihilfe2009 (HKLM-x32\...\{AE926A81-E487-4D5D-9031-1EDB3242F943}) (Version: 10.54.0.0 - ComputerService)
Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme (HKLM-x32\...\{90120000-00B2-0407-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Access Runtime (German) 2007 (HKLM-x32\...\{90120000-001C-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mp3tag v2.66 (HKLM-x32\...\Mp3tag) (Version: v2.66 - Florian Heidenreich)
No23 Recorder (HKLM-x32\...\No23 Recorder) (Version: 2.1.0.3 - No23)
No23 Recorder (x32 Version: 2.1.0.3 - No23) Hidden
Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.20.0 - Symantec)
paint.net (HKLM\...\{19BD2C33-16A8-4ED1-B9EA-D9E35B21EC42}) (Version: 4.0.5 - dotPDN LLC)
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 3.5.112 - PDF Complete, Inc)
PlayMemories Home (HKLM-x32\...\{8EB84CEC-6819-4E51-9E32-C756835637B0}) (Version: 6.3.03.08201 - Sony Corporation)
Pre-Boot Security for HP ProtectTools (Version: 5.0.7.1 - Hewlett-Packard) Hidden
Privacy Manager for HP ProtectTools (HKLM\...\{04255D34-6C6D-4F63-A218-EE8FD2D13AF0}) (Version: 5.10.796 - Hewlett-Packard)
PSE11 STI Installer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 1.12.0011 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30109 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Saal Design Software (HKLM-x32\...\SaalDesignSoftware) (Version: 3.2.43 - Saal Digital Fotoservice GmbH)
Saal Design Software (x32 Version: 3.2.43 - Saal Digital Fotoservice GmbH) Hidden
Samsung Multimedia Studio 1.0 (HKLM-x32\...\Samsung Multimedia Studio_is1) (Version: - Samsung)
Search App by Ask (HKLM-x32\...\{4F524A2D-5350-4500-76A7-A758B70C1700}) (Version: 12.23.0.15 - APN, LLC) <==== ATTENTION
SecurityUtility (HKLM-x32\...\SecurityUtility) (Version: 1.0.0.1919 - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SonyEditor (remove only) (HKLM-x32\...\SonyEditor) (Version: - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.24.0 - Synaptics Incorporated)
Theft Recovery (HKLM-x32\...\InstallShield_{33C9F24B-1D92-4632-A915-81E3BB1D5D6B}) (Version: 5.1.0.18 - Hewlett-Packard)
Theft Recovery (x32 Version: 5.1.0.18 - Hewlett-Packard) Hidden
Validity Fingerprint Driver (HKLM\...\{516DA517-73A0-40F8-8CD9-E5ED4EC383E5}) (Version: 4.0.10.0 - Validity Sensors, Inc.)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WDR RadioRecorder (HKLM-x32\...\Tobit Radio.fx Server 1) (Version: - Tobit.Software)
Windows 7 Default Setting (HKLM-x32\...\{5BF8E079-D6E2-4323-B794-75152371122A}) (Version: 1.0.1.6 - Hewlett-Packard Company)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinZip 14.5 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}) (Version: 14.5.9095 - WinZip Computing, S.L. )
XnView 2.25 (HKLM-x32\...\XnView_is1) (Version: 2.25 - Gougelet Pierre-e)
YH-925 Driver & Utilities (HKLM-x32\...\{5C0BFEB4-4A1B-439C-91AC-9AED106DA213}) (Version: - )
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
14-01-2015 17:47:58 Windows Update
16-01-2015 20:20:40 Beihilfe wird installiert
16-01-2015 23:43:56 Beihilfe wird entfernt
23-01-2015 21:04:10 No23 Recorder wird installiert
25-01-2015 14:15:40 Installed AVG 2015
27-01-2015 21:38:27 Heizkosten wird installiert
31-01-2015 12:57:57 Revo Uninstaller's restore point - Vosteran
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {02F6F5CC-CAC2-4BE6-88EC-62F7099CE190} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-29] (Google Inc.)
Task: {417AB1ED-8EBA-42AF-845C-2C9132BDEABF} - System32\Tasks\AdobeAAMUpdater-1.0-SEVENUP-bfzn => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-06-16] (Adobe Systems Incorporated)
Task: {4753D026-8E22-4FD3-B113-1F6B025E4117} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2010-07-01] (Hewlett-Packard Company)
Task: {4D226E32-9183-470E-8397-4012691F9E0B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {B0B2142C-01B3-40B5-847F-103794439AD1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-29] (Google Inc.)
Task: {CB66F620-6DAE-4565-98C2-1420E5883D67} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2010-07-01] (Hewlett-Packard Company)
Task: {D12B18D2-4469-41B0-892E-287E678A2AAE} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {D25C78D7-9D75-402B-9EEA-8F4002FF99DC} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-25] (Adobe Systems Incorporated)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2010-02-11 22:50 - 2010-02-11 22:50 - 00746256 _____ () C:\windows\system32\SUPSDK.dll
2009-11-23 18:24 - 2009-11-23 18:24 - 01412608 ____R () C:\windows\system32\LIBEAY32.dll
2009-10-29 02:57 - 2009-10-29 02:57 - 00100864 _____ () c:\Program Files\Hewlett-Packard\Pre-Boot Security for HP ProtectTools\BIOSDomainPlugin.dll
2014-12-06 00:56 - 2011-11-18 14:51 - 03673944 _____ () C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe
2010-06-19 01:25 - 2010-06-19 01:25 - 00052280 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\HardwareAccess.dll
2010-06-19 01:25 - 2010-06-19 01:25 - 00267832 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\HPCommon.XmlSerializers.dll
2010-06-19 01:25 - 2010-06-19 01:25 - 00055864 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\Graphs.dll
2010-06-08 23:55 - 2010-06-08 23:55 - 00173856 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2010-06-22 02:54 - 2010-06-22 02:54 - 00098304 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-08-05 12:57 - 2010-08-05 12:57 - 00270336 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2010-04-05 20:12 - 2010-04-05 20:12 - 00267832 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPCommon.XmlSerializers.dll
2010-04-05 20:11 - 2010-04-05 20:11 - 00030264 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll
2010-04-05 20:12 - 2010-04-05 20:12 - 00052280 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll
2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2009-06-17 20:40 - 2009-06-17 20:40 - 02121728 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
2009-06-17 20:40 - 2009-06-17 20:40 - 07745536 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
2009-06-17 20:40 - 2009-06-17 20:40 - 00135168 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2014-12-04 18:48 - 2014-12-04 18:48 - 00170496 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\3d576cbc4ffc5ad06fd61510c5d8f326\IsdiInterop.ni.dll
2010-12-07 13:00 - 2010-03-04 05:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-2226251454-2989245828-1209764460-500 - Administrator - Disabled)
bfzadm (S-1-5-21-2226251454-2989245828-1209764460-1001 - Administrator - Enabled) => C:\Users\bfzadm
bfzn (S-1-5-21-2226251454-2989245828-1209764460-1004 - Limited - Enabled) => C:\Users\bfzn
DoKo (S-1-5-21-2226251454-2989245828-1209764460-1006 - Limited - Enabled) => C:\Users\DoKo
Gast (S-1-5-21-2226251454-2989245828-1209764460-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2226251454-2989245828-1209764460-1005 - Limited - Enabled)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (02/02/2015 05:44:34 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (02/02/2015 01:51:31 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "1, 2, 0, 17" des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (02/01/2015 10:55:35 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (02/01/2015 10:55:29 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (02/01/2015 06:40:14 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm lightroom.exe, Version 5.7.0.10 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 32dc
Startzeit: 01d03e46074a7ae2
Endzeit: 46
Anwendungspfad: C:\Program Files\Adobe\Adobe Photoshop Lightroom 5.7\lightroom.exe
Berichts-ID: 5a57a86a-aa39-11e4-9155-e02a829ab71c
Error: (02/01/2015 00:26:54 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "1, 2, 0, 17" des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (01/31/2015 02:59:29 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (01/31/2015 02:59:24 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (01/31/2015 02:59:24 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (01/31/2015 02:59:18 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
System errors:
=============
Error: (02/02/2015 07:31:16 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.
Modulpfad: C:\windows\System32\bcmihvsrv64.dll
Error: (02/02/2015 07:31:16 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.
Modulpfad: C:\windows\System32\bcmihvsrv64.dll
Error: (02/02/2015 07:31:11 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.
Modulpfad: C:\windows\System32\bcmihvsrv64.dll
Error: (02/02/2015 07:27:23 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {9E175B6D-F52A-11D8-B9A5-505054503030}
Error: (02/02/2015 07:26:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Live ID Sign-in Assistant" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (02/02/2015 07:26:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Intel(R) Management and Security Application Local Management Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (02/02/2015 07:26:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "ArcCapture" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (02/02/2015 07:26:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "HP ProtectTools Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 4000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (02/02/2015 07:26:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Biometric Authentication Service (Biometrischer Authentifizierungsservice)" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (02/02/2015 07:26:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "HP Wireless Assistant Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Microsoft Office Sessions:
=========================
Error: (02/02/2015 05:44:34 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
Error: (02/02/2015 01:51:31 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversion1, 2, 0, 17c:\Program Files (x86)\Arcsoft\TotalMedia Suite\TotalMedia Studio MV\CaptureModule.exe.Manifestc:\Program Files (x86)\Arcsoft\TotalMedia Suite\TotalMedia Studio MV\CaptureModule.exe.Manifest3
Error: (02/01/2015 10:55:35 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\bfzn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RRM2JF02\esetsmartinstaller_deu.exe
Error: (02/01/2015 10:55:29 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\bfzn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RRM2JF02\esetsmartinstaller_deu.exe
Error: (02/01/2015 06:40:14 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: lightroom.exe5.7.0.1032dc01d03e46074a7ae246C:\Program Files\Adobe\Adobe Photoshop Lightroom 5.7\lightroom.exe5a57a86a-aa39-11e4-9155-e02a829ab71c
Error: (02/01/2015 00:26:54 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversion1, 2, 0, 17c:\Program Files (x86)\Arcsoft\TotalMedia Suite\TotalMedia Studio MV\CaptureModule.exe.Manifestc:\Program Files (x86)\Arcsoft\TotalMedia Suite\TotalMedia Studio MV\CaptureModule.exe.Manifest3
Error: (01/31/2015 02:59:29 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\bfzn\Downloads\esetsmartinstaller_deu.exe
Error: (01/31/2015 02:59:24 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\bfzn\Downloads\esetsmartinstaller_deu.exe
Error: (01/31/2015 02:59:24 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\bfzn\Downloads\esetsmartinstaller_deu.exe
Error: (01/31/2015 02:59:18 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\bfzn\Downloads\esetsmartinstaller_deu.exe
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5 CPU M 480 @ 2.67GHz
Percentage of memory in use: 51%
Total physical RAM: 3951.43 MB
Available physical RAM: 1908.11 MB
Total Pagefile: 7901.04 MB
Available Pagefile: 4739.52 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:448.47 GB) (Free:188.15 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.48 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: EC9CDE1C)
Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=448.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2 GB) - (Type=0C)
==================== End Of Log ============================
|
|
02.02.2015, 20:46
| #18 |
| /// TB-Ausbilder /// Anleitungs-Guru | Meldung in Win7: Der Proxyserver reagiert nicht Da haste Dir schon wieder Adware eingefangen...
__________________ Bitte deinstallieren: Search App by Ask Schritt 1
Schritt 2 Bitte starte FRST erneut, und drücke auf Scan. Bitte poste mir den Inhalt des Logs.
__________________ |
|
02.02.2015, 21:24
| #19 |
| | Meldung in Win7: Der Proxyserver reagiert nichtCode:
ATTFilter # AdwCleaner v4.109 - Bericht erstellt am 02/02/2015 um 21:01:36
# Aktualisiert 24/01/2015 von Xplode
# Database : 2015-02-02.1 [Live]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : bfzadm - SEVENUP
# Gestartet von : C:\Users\bfzn\Desktop\AdwCleaner_4.109.exe
# Option : Suchen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gefunden : C:\ProgramData\apn
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17496
-\\ Google Chrome v40.0.2214.93
*************************
AdwCleaner[R0].txt - [9360 octets] - [31/01/2015 13:07:09]
AdwCleaner[R1].txt - [733 octets] - [02/02/2015 21:01:36]
AdwCleaner[S0].txt - [7522 octets] - [31/01/2015 13:10:35]
########## EOF - \AdwCleaner\AdwCleaner[R1].txt - [852 octets] ##########
Code:
ATTFilter # AdwCleaner v4.109 - Bericht erstellt am 02/02/2015 um 21:03:44
# Aktualisiert 24/01/2015 von Xplode
# Database : 2015-02-02.1 [Live]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : bfzadm - SEVENUP
# Gestartet von : C:\Users\bfzn\Desktop\AdwCleaner_4.109.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\apn
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17496
-\\ Google Chrome v40.0.2214.93
*************************
AdwCleaner[R0].txt - [9360 octets] - [31/01/2015 13:07:09]
AdwCleaner[R1].txt - [929 octets] - [02/02/2015 21:01:36]
AdwCleaner[S0].txt - [7522 octets] - [31/01/2015 13:10:35]
AdwCleaner[S1].txt - [853 octets] - [02/02/2015 21:03:44]
########## EOF - \AdwCleaner\AdwCleaner[S1].txt - [912 octets] ##########
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015 Ran by bfzadm (administrator) on SEVENUP on 02-02-2015 21:22:36 Running from C:\Users\bfzn\Desktop Loaded Profiles: bfzadm & bfzn (Available profiles: bfzadm & bfzn & DoKo) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe (McAfee, Inc.) C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (AMD) C:\Windows\System32\atiesrxx.exe (IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\stacsv64.exe (AMD) C:\Windows\System32\atieclxx.exe (Hewlett-Packard) C:\Windows\System32\hpservice.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe (ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Hewlett-Packard Development Company, L.P) C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe (Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe () C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe (ArcSoft, Inc.) C:\Windows\system\uArcCapture.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe (McAfee, Inc.) C:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (DigitalPersona, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpAgent.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_16_0_0_296_ActiveX.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe (Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [HPPowerAssistant] => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [1691192 2010-06-19] (Hewlett-Packard Company) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2174760 2010-06-04] (Synaptics Incorporated) HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-04-05] (Hewlett-Packard) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-03-17] (IDT, Inc.) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated) HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe [256056 2010-03-01] (Hewlett-Packard Company) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation) HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [563736 2009-10-23] (PDF Complete Inc) HKLM-x32\...\Run: [File Sanitizer] => C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [11265536 2009-12-12] (Hewlett-Packard) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-08-05] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [DTRun] => c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe [518656 2009-11-18] (ArcSoft Inc.) HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [600936 2009-06-29] (Symantec Corporation) HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3674576 2015-01-06] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [976320 2009-12-03] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.) HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [724576 2012-08-20] (Sony Corporation) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation) HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe [54072 2014-11-21] (Malwarebytes Corporation) HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe, Winlogon\Notify\DeviceNP-x32: DeviceNP.dll [X] HKU\S-1-5-21-2226251454-2989245828-1209764460-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.) HKU\S-1-5-21-2226251454-2989245828-1209764460-1001\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-06-17] (Hewlett-Packard Company) HKU\S-1-5-21-2226251454-2989245828-1209764460-1001\...\RunOnce: [Report] => \AdwCleaner\AdwCleaner[S1].txt [989 2015-02-02] () HKU\S-1-5-21-2226251454-2989245828-1209764460-1004\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-06-17] (Hewlett-Packard Company) HKU\S-1-5-21-2226251454-2989245828-1209764460-1004\...\Run: [Epson Stylus SX525WD(Netzwerk)] => C:\windows\system32\spool\DRIVERS\x64\3\E_IATIGAE.EXE [224768 2010-01-12] (SEIKO EPSON CORPORATION) HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\windows\System32\SPReview\SPReview.exe [301568 2014-12-02] (Microsoft Corporation) Lsa: [Notification Packages] DPPassFilter scecli Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\Users\bfzadm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\134E09AA1.lnk ShortcutTarget: 134E09AA1.lnk -> C:\PROGRA~3\1AA90E431.cpp (No File) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled. ProxyServer: [.DEFAULT] => http=127.0.0.1:52515;https=127.0.0.1:52515 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKU\S-1-5-21-2226251454-2989245828-1209764460-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/de-de/?ocid=U218DHP&pc=U218 HKU\S-1-5-21-2226251454-2989245828-1209764460-1001\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/1me10IE11DEDE/WOL_WCP HKU\S-1-5-21-2226251454-2989245828-1209764460-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKU\S-1-5-21-2226251454-2989245828-1209764460-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10 SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox SearchScopes: HKLM-x32 -> {AA5CC064-C92C-4050-82FD-3CA90F36F4FF} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2226251454-2989245828-1209764460-1001 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = hxxp://www.bing.com/search?FORM=U218DF&PC=U218&q={searchTerms}&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-2226251454-2989245828-1209764460-1004 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2226251454-2989245828-1209764460-1004 -> {71883CF6-4AA3-44C6-A4AE-3678C8AFAA97} URL = hxxp://www.search.ask.com/web?tpid=ORJ-SPE&o=APN11406&pf=V7&p2=^BBE^OSJ000^YY^DE&gct=&itbv=12.23.0.15&apn_uid=DCAFEAF3-9DFA-4EE9-98FE-A94FD35FB539&apn_ptnrs=BBE&apn_dtid=^OSJ000^YY^DE&apn_dbr=ie_11.0.9600.17496&doi=2015-02-01&trgb=IE&q={searchTerms}&psv=&pt=tb SearchScopes: HKU\S-1-5-21-2226251454-2989245828-1209764460-1004 -> {AF0C3425-2B00-44B5-A39D-C644774ADC84} URL = https://www.google.com/search?q={searchTerms} BHO: HP ProtectTools Security Manager Extension -> {395610AE-C624-4f58-B89E-23733EA00F9A} -> c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: File Sanitizer for HP ProtectTools -> {3134413B-49B4-425C-98A5-893C1F195601} -> C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard) BHO-x32: HP ProtectTools Security Manager Extension -> {395610AE-C624-4f58-B89E-23733EA00F9A} -> c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKU\S-1-5-21-2226251454-2989245828-1209764460-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt FF Extension: DigitalPersona Extension - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt [2010-12-07] Chrome: ======= CHR Profile: C:\Users\bfzadm\AppData\Local\Google\Chrome\User Data\Default ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY) S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-17] (Adobe Systems Incorporated) R2 AESTFilters; C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation) R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3440080 2015-01-06] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [309232 2015-01-06] (AVG Technologies CZ, s.r.o.) R3 DEBridge; c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [704512 2009-12-16] (McAfee, Inc.) [File not signed] R2 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [462088 2009-11-25] (DigitalPersona, Inc.) R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed] S3 FLCDLOCK; c:\Windows\SysWOW64\flcdlock.exe [362040 2009-11-17] (Hewlett-Packard Ltd) R2 HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [121344 2010-07-01] (Hewlett-Packard Company) [File not signed] R2 HP ProtectTools Service; c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [36864 2009-11-19] (Hewlett-Packard Development Company, L.P) [File not signed] R2 HPDayStarterService; c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe [90112 2010-05-10] (Hewlett-Packard Company) [File not signed] R2 HpFkCryptService; c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [281192 2009-12-16] (McAfee, Inc.) R2 HPFSService; C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [297984 2009-12-12] (Hewlett-Packard) [File not signed] R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [264248 2010-03-01] (Hewlett-Packard Company) R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-06-17] (Hewlett-Packard Company) [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [635416 2009-10-23] (PDF Complete Inc) R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [474208 2012-08-20] (Sony Corporation) R2 Radio.fx; C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe [3673944 2011-11-18] () R2 STacSV; C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\STacSV64.exe [244736 2010-03-17] (IDT, Inc.) R2 uArcCapture; C:\windows\system\uArcCapture.exe [506472 2009-12-04] (ArcSoft, Inc.) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 ARCVCAM; C:\Windows\System32\DRIVERS\ArcSoftVCapture.sys [32640 2009-12-04] (ArcSoft, Inc.) R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [260888 2014-12-08] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-10-10] (AVG Technologies CZ, s.r.o.) S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [40760 2009-10-21] (Hewlett-Packard Development Company L.P.) R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [129752 2015-01-31] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation) R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-10] (Corel Corporation) R1 RsvLock; C:\Windows\System32\Drivers\RsvLock.sys [58184 2009-12-16] (McAfee, Inc.) R1 RsvLock; C:\Windows\SysWow64\Drivers\RsvLock.sys [40088 2009-12-16] (McAfee, Inc.) R0 SafeBoot; C:\Windows\System32\Drivers\SafeBoot.sys [56648 2009-12-16] () R0 SafeBoot; C:\Windows\SysWow64\Drivers\SafeBoot.sys [110520 2009-12-16] (McAfee, Inc.) R0 SbAlg; C:\Windows\System32\Drivers\SbAlg.sys [60160 2009-06-04] (McAfee, Inc.) R0 SbAlg; C:\Windows\SysWow64\Drivers\SbAlg.sys [51800 2009-12-16] (McAfee, Inc.) R0 SbFsLock; C:\Windows\System32\Drivers\SbFsLock.sys [15688 2009-12-16] (McAfee, Inc.) R0 SbFsLock; C:\Windows\SysWow64\Drivers\SbFsLock.sys [13256 2009-12-16] (McAfee, Inc.) R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1803904 2010-10-13] () ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-02 19:41 - 2015-02-02 19:42 - 00038500 _____ () C:\Users\bfzn\Desktop\Addition.txt 2015-02-02 19:40 - 2015-02-02 21:22 - 00025018 _____ () C:\Users\bfzn\Desktop\FRST.txt 2015-02-02 19:38 - 2015-02-02 19:38 - 00002748 _____ () C:\Users\bfzn\Desktop\FSS.txt 2015-02-02 19:37 - 2015-02-02 19:37 - 00415232 _____ (Farbar) C:\Users\bfzn\Desktop\FSS.exe 2015-02-02 19:24 - 2015-02-02 19:24 - 02131456 _____ (Farbar) C:\Users\bfzn\Desktop\FRST64.exe 2015-02-01 22:19 - 2015-02-01 22:19 - 00000000 ____D () C:\ProgramData\Sun 2015-02-01 22:19 - 2015-02-01 22:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-02-01 22:19 - 2015-02-01 22:18 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll 2015-02-01 22:18 - 2015-02-01 22:20 - 00000000 ____D () C:\ProgramData\Oracle 2015-02-01 22:18 - 2015-02-01 22:18 - 00000000 ____D () C:\Program Files (x86)\Java 2015-01-31 15:38 - 2015-01-31 15:38 - 00000000 ____D () C:\Users\DoKo\AppData\Roaming\ATI 2015-01-31 15:38 - 2015-01-31 15:38 - 00000000 ____D () C:\Users\DoKo\AppData\Local\ATI 2015-01-31 15:37 - 2015-01-31 15:37 - 00088016 _____ () C:\Users\DoKo\AppData\Local\GDIPFONTCACHEV1.DAT 2015-01-31 15:37 - 2015-01-31 15:37 - 00000000 ____D () C:\Users\DoKo\Documents\Bluetooth-Exchange-Ordner 2015-01-31 15:37 - 2015-01-31 15:37 - 00000000 ____D () C:\Users\DoKo\AppData\Roaming\Intel Corporation 2015-01-31 15:37 - 2015-01-31 15:37 - 00000000 ____D () C:\Users\DoKo\AppData\Roaming\Epson 2015-01-31 15:37 - 2015-01-31 15:37 - 00000000 ____D () C:\Users\DoKo\AppData\Roaming\AVG2015 2015-01-31 15:37 - 2015-01-31 15:37 - 00000000 ____D () C:\Users\DoKo\AppData\Roaming\Apple Computer 2015-01-31 15:37 - 2015-01-31 15:37 - 00000000 ____D () C:\Users\DoKo\AppData\Local\PDFC 2015-01-31 15:37 - 2015-01-31 15:37 - 00000000 ____D () C:\Users\DoKo\AppData\Local\Broadcom 2015-01-31 15:37 - 2015-01-31 15:37 - 00000000 ____D () C:\Users\DoKo\AppData\Local\Avg2015 2015-01-31 15:37 - 2015-01-31 15:37 - 00000000 ____D () C:\Users\DoKo\AppData\Local\Adobe 2015-01-31 15:36 - 2015-01-31 15:36 - 00002251 _____ () C:\Users\DoKo\Desktop\Google Chrome.lnk 2015-01-31 15:36 - 2015-01-31 15:36 - 00001425 _____ () C:\Users\DoKo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-01-31 15:36 - 2015-01-31 15:36 - 00000000 _SHDL () C:\Users\DoKo\Vorlagen 2015-01-31 15:36 - 2015-01-31 15:36 - 00000000 _SHDL () C:\Users\DoKo\Startmenü 2015-01-31 15:36 - 2015-01-31 15:36 - 00000000 _SHDL () C:\Users\DoKo\Netzwerkumgebung 2015-01-31 15:36 - 2015-01-31 15:36 - 00000000 _SHDL () C:\Users\DoKo\Lokale Einstellungen 2015-01-31 15:36 - 2015-01-31 15:36 - 00000000 _SHDL () C:\Users\DoKo\Eigene Dateien 2015-01-31 15:36 - 2015-01-31 15:36 - 00000000 _SHDL () C:\Users\DoKo\Druckumgebung 2015-01-31 15:36 - 2015-01-31 15:36 - 00000000 _SHDL () C:\Users\DoKo\Documents\Eigene Musik 2015-01-31 15:36 - 2015-01-31 15:36 - 00000000 _SHDL () C:\Users\DoKo\Documents\Eigene Bilder 2015-01-31 15:36 - 2015-01-31 15:36 - 00000000 _SHDL () C:\Users\DoKo\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2015-01-31 15:36 - 2015-01-31 15:36 - 00000000 _SHDL () C:\Users\DoKo\AppData\Local\Verlauf 2015-01-31 15:36 - 2015-01-31 15:36 - 00000000 _SHDL () C:\Users\DoKo\AppData\Local\Anwendungsdaten 2015-01-31 15:36 - 2015-01-31 15:36 - 00000000 _SHDL () C:\Users\DoKo\Anwendungsdaten 2015-01-31 15:36 - 2015-01-31 15:36 - 00000000 ____D () C:\Users\DoKo\AppData\Roaming\DigitalPersona 2015-01-31 15:36 - 2015-01-31 15:36 - 00000000 ____D () C:\Users\DoKo\AppData\Roaming\Adobe 2015-01-31 15:36 - 2015-01-31 15:36 - 00000000 ____D () C:\Users\DoKo\AppData\Local\VirtualStore 2015-01-31 15:36 - 2015-01-31 15:36 - 00000000 ____D () C:\Users\DoKo\AppData\Local\Google 2015-01-31 15:36 - 2015-01-31 15:36 - 00000000 ____D () C:\Users\DoKo\AppData\Local\DigitalPersona 2015-01-31 15:36 - 2015-01-31 15:36 - 00000000 ____D () C:\Users\DoKo 2015-01-31 15:36 - 2015-01-12 19:07 - 00000000 ____D () C:\Users\DoKo\AppData\Roaming\TuneUp Software 2015-01-31 15:36 - 2014-12-11 01:36 - 00000000 ____D () C:\Users\DoKo\AppData\Local\Microsoft Help 2015-01-31 15:36 - 2014-12-05 22:48 - 00000000 ____D () C:\Users\DoKo\AppData\Roaming\Macromedia 2015-01-31 15:36 - 2009-07-27 15:09 - 00000020 ___SH () C:\Users\DoKo\ntuser.ini 2015-01-31 15:36 - 2009-07-14 05:54 - 00000000 ___RD () C:\Users\DoKo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-01-31 15:36 - 2009-07-14 05:49 - 00000000 ___RD () C:\Users\DoKo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2015-01-31 14:59 - 2015-01-31 14:59 - 02347384 _____ (ESET) C:\Users\bfzn\Downloads\esetsmartinstaller_deu.exe 2015-01-31 13:26 - 2015-01-31 13:27 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2015-01-31 13:25 - 2015-01-31 13:25 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-01-31 13:25 - 2015-01-31 13:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-01-31 13:25 - 2015-01-31 13:25 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-01-31 13:25 - 2015-01-31 13:25 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-01-31 13:25 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys 2015-01-31 13:25 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys 2015-01-31 13:25 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys 2015-01-31 13:06 - 2015-01-31 13:06 - 02194432 _____ () C:\Users\bfzn\Desktop\AdwCleaner_4.109.exe 2015-01-31 13:02 - 2015-02-02 21:03 - 00000000 ____D () C:\AdwCleaner 2015-01-31 12:55 - 2015-01-31 12:55 - 00000000 ____D () C:\Users\bfzn\Desktop\RevoUninstallerPortable 2015-01-30 20:46 - 2015-01-30 20:48 - 00035837 _____ () C:\Users\bfzadm\Downloads\Addition.txt 2015-01-30 20:44 - 2015-01-30 20:48 - 00049395 _____ () C:\Users\bfzadm\Downloads\FRST.txt 2015-01-30 20:43 - 2015-01-30 20:44 - 02130432 _____ (Farbar) C:\Users\bfzadm\Downloads\FRST64.exe 2015-01-28 23:02 - 2015-01-28 23:03 - 00020928 _____ () C:\Users\bfzn\Desktop\Result.txt 2015-01-28 22:32 - 2015-01-28 22:32 - 00000000 ____D () C:\Users\bfzadm\AppData\Local\CrashDumps 2015-01-28 22:22 - 2015-02-02 21:22 - 00000000 ____D () C:\FRST 2015-01-28 22:20 - 2015-01-28 22:20 - 00000474 _____ () C:\Users\bfzn\Desktop\defogger_disable.log 2015-01-28 22:20 - 2015-01-28 22:20 - 00000000 _____ () C:\Users\bfzadm\defogger_reenable 2015-01-28 21:21 - 2015-01-28 21:21 - 00000000 ___HD () C:\windows\msdownld.tmp 2015-01-28 21:20 - 2015-01-28 21:20 - 65495720 _____ (Microsoft Corporation) C:\Users\bfzadm\Downloads\EIE11_DE-DE_WOL_WIN764.EXE 2015-01-28 19:19 - 2015-01-28 19:19 - 00000000 ____D () C:\Users\bfzadm\AppData\Roaming\Apple Computer 2015-01-27 21:39 - 2015-01-27 21:39 - 00002607 _____ () C:\Users\Public\Desktop\HNK für Excel.lnk 2015-01-27 21:39 - 2015-01-27 21:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heiz- und Nebenkosten 2015-01-27 21:39 - 2015-01-27 21:39 - 00000000 ____D () C:\Program Files (x86)\KV Software 2015-01-27 21:19 - 2015-01-27 21:19 - 00000000 __SHD () C:\Users\bfzadm\AppData\Local\EmieUserList 2015-01-27 21:19 - 2015-01-27 21:19 - 00000000 __SHD () C:\Users\bfzadm\AppData\Local\EmieSiteList 2015-01-27 21:19 - 2015-01-27 21:19 - 00000000 __SHD () C:\Users\bfzadm\AppData\Local\EmieBrowserModeList 2015-01-27 21:17 - 2015-01-27 21:17 - 00000000 ____D () C:\Temp 2015-01-26 18:33 - 2015-01-26 18:33 - 480951400 _____ () C:\windows\MEMORY.DMP 2015-01-26 18:33 - 2015-01-26 18:33 - 00344552 _____ () C:\windows\Minidump\012615-38563-01.dmp 2015-01-26 18:33 - 2015-01-26 18:33 - 00000000 ____D () C:\windows\Minidump 2015-01-23 21:04 - 2015-01-23 21:18 - 00000000 ____D () C:\Program Files (x86)\No23 Recorder 2015-01-23 21:04 - 2015-01-23 21:04 - 00001061 _____ () C:\Users\Public\Desktop\No23 Recorder.lnk 2015-01-23 21:04 - 2015-01-23 21:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\No23 Recorder 2015-01-23 21:04 - 2015-01-23 21:04 - 00000000 ____D () C:\ProgramData\Caphyon 2015-01-23 21:03 - 2015-01-23 21:03 - 04144094 _____ (No23) C:\Users\bfzn\Downloads\No23Recorder.exe 2015-01-22 00:03 - 2015-01-22 00:03 - 00000000 ____D () C:\Users\bfzn\AppData\Local\Apple 2015-01-19 21:12 - 2015-01-19 21:12 - 00101691 _____ () C:\Users\bfzn\Downloads\ComparePlugin.v1.5.6.2.bin.zip 2015-01-16 21:36 - 2015-01-16 21:36 - 00000000 ____D () C:\Users\bfzn\AppData\Local\ascendere_IT_Systeme 2015-01-16 20:50 - 2015-01-20 21:04 - 00000000 ____D () C:\Program Files (x86)\Isovar 2015 2015-01-16 20:50 - 2015-01-16 20:50 - 00001047 _____ () C:\Users\Public\Desktop\Isovar 2015.lnk 2015-01-16 20:50 - 2015-01-16 20:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Isovar 2015 2015-01-16 20:49 - 2015-01-16 20:49 - 07572386 _____ (ascendere IT-Systeme ) C:\Users\bfzn\Downloads\Isovar2015_Setup.exe 2015-01-16 20:44 - 2015-01-16 20:44 - 00000000 ____D () C:\Datensicherung_Beihilfe_V1_1 2015-01-16 20:36 - 2015-01-16 20:36 - 00000000 ____D () C:\Datensicherung_Beihilfe_V1_2 2015-01-16 20:25 - 2015-01-16 20:26 - 00000000 ____D () C:\ProgramData\HaNaSoftware 2015-01-16 20:18 - 2015-01-16 20:18 - 22386176 _____ (Microsoft Corporation) C:\Users\bfzn\Downloads\Install_Beihilfe_1.5.0.0.EXE 2015-01-13 23:25 - 2015-01-13 23:34 - 00000000 ____D () C:\Users\bfzn\AppData\Roaming\Mp3tag 2015-01-13 23:25 - 2015-01-13 23:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag 2015-01-13 23:25 - 2015-01-13 23:25 - 00000000 ____D () C:\Program Files (x86)\Mp3tag 2015-01-13 23:24 - 2015-01-13 23:24 - 02707360 _____ () C:\Users\bfzn\Downloads\mp3tagv266setup.exe 2015-01-13 21:42 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll 2015-01-13 21:42 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys 2015-01-13 21:42 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe 2015-01-13 21:42 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll 2015-01-13 21:42 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe 2015-01-13 21:42 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll 2015-01-13 21:42 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe 2015-01-13 21:42 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe 2015-01-13 21:42 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll 2015-01-13 21:42 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe 2015-01-13 21:42 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll 2015-01-13 21:42 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncsi.dll 2015-01-13 21:42 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlaapi.dll 2015-01-13 11:16 - 2015-01-13 11:17 - 00000000 ____D () C:\Users\bfzn\Documents\Sony PMB 2015-01-12 19:07 - 2015-01-12 19:07 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software 2015-01-12 19:07 - 2015-01-12 19:07 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software 2015-01-11 18:38 - 2015-01-11 18:38 - 00002103 _____ () C:\Users\Public\Desktop\PlayMemories Home-Hilfe.lnk 2015-01-11 18:38 - 2015-01-11 18:38 - 00001319 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayMemories Home.lnk 2015-01-11 18:38 - 2015-01-11 18:38 - 00001307 _____ () C:\Users\Public\Desktop\PlayMemories Home.lnk 2015-01-11 18:38 - 2015-01-11 18:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayMemories Home 2015-01-11 18:34 - 2015-01-11 18:34 - 00000394 _____ () C:\windows\DirectX.log 2015-01-11 18:34 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_35.dll 2015-01-11 18:34 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_35.dll 2015-01-11 18:34 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_30.dll 2015-01-11 18:34 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_30.dll 2015-01-10 12:23 - 2015-01-10 12:23 - 00000000 ____D () C:\Users\bfzn\Documents\ArcSoft 2015-01-10 12:22 - 2015-01-10 12:23 - 00000000 ____D () C:\Users\bfzn\AppData\Roaming\ArcSoft 2015-01-09 05:35 - 2015-01-09 05:35 - 00000000 ____D () C:\Users\bfzn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte 2015-01-08 00:39 - 2015-01-08 00:43 - 00000000 ____D () C:\Program Files (x86)\SonyEditor 2015-01-08 00:39 - 2015-01-08 00:39 - 00001035 _____ () C:\Users\bfzn\Desktop\SonyEditor.lnk 2015-01-08 00:39 - 2015-01-08 00:39 - 00001035 _____ () C:\Users\bfzadm\Desktop\SonyEditor.lnk 2015-01-08 00:39 - 2015-01-08 00:39 - 00000000 ____D () C:\Users\bfzadm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SonyEditor 2015-01-08 00:39 - 2015-01-08 00:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SonyEditor 2015-01-05 19:02 - 2015-01-05 19:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung YH-925 2015-01-05 19:00 - 2015-01-05 19:01 - 00000000 ____D () C:\Users\bfzn\Downloads\neu 2015-01-05 18:55 - 2015-01-05 18:57 - 08808960 _____ () C:\Users\bfzn\Downloads\20051010100207250_YH-925_Utility_Program.exe 2015-01-05 18:53 - 2015-01-05 19:02 - 00000000 ____D () C:\Program Files (x86)\Samsung 2015-01-05 18:53 - 2015-01-05 18:53 - 00001133 _____ () C:\Users\bfzn\Desktop\Multimedia Studio.lnk 2015-01-05 18:53 - 2015-01-05 18:53 - 00001133 _____ () C:\Users\bfzadm\Desktop\Multimedia Studio.lnk 2015-01-05 18:53 - 2015-01-05 18:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung 2015-01-05 18:51 - 2015-01-05 18:53 - 13437996 _____ (Samsung ) C:\Users\bfzn\Downloads\20050617180246421_MMSSetup.exe 2015-01-05 18:49 - 2015-01-05 18:49 - 00009993 _____ () C:\Users\bfzn\Downloads\20041229084503828_YH-925_Driver.zip 2015-01-04 22:57 - 2015-01-04 22:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2015-01-04 22:56 - 2015-01-04 22:56 - 00000000 ____D () C:\windows\PCHEALTH 2015-01-04 22:53 - 2015-01-04 22:53 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services 2015-01-04 22:51 - 2015-01-04 22:51 - 00000000 __RHD () C:\MSOCache 2015-01-04 22:35 - 2015-01-04 22:48 - 1025493776 _____ (Microsoft Corporation) C:\Users\bfzn\Downloads\MicrosoftInstaller.exe 2015-01-04 21:21 - 2015-01-04 21:22 - 00000000 ____D () C:\Program Files (x86)\MeineBeihilfe2009 2015-01-04 21:21 - 2015-01-04 21:21 - 00001832 _____ () C:\Users\Public\Desktop\MeineBeihilfe 2009.lnk 2015-01-04 21:21 - 2015-01-04 21:21 - 00000000 ____D () C:\Users\Public\Documents\MeineBeihilfe2009 2015-01-04 21:21 - 2015-01-04 21:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MeineBeihilfe2009 2015-01-04 21:11 - 2015-01-04 23:30 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-02 21:13 - 2009-07-14 05:45 - 00022480 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-02-02 21:13 - 2009-07-14 05:45 - 00022480 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-02-02 21:10 - 2014-11-29 22:00 - 00001110 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-02-02 21:07 - 2014-11-29 22:00 - 00001106 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-02-02 21:07 - 2010-12-07 13:05 - 00000000 ____D () C:\ProgramData\HPQLOG 2015-02-02 21:05 - 2014-11-29 21:43 - 00326270 _____ () C:\windows\PFRO.log 2015-02-02 21:05 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2015-02-02 21:05 - 2009-07-14 05:51 - 00108934 _____ () C:\windows\setupact.log 2015-02-02 21:04 - 2014-11-29 20:50 - 01324929 _____ () C:\windows\WindowsUpdate.log 2015-02-02 20:25 - 2014-12-04 23:44 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job 2015-02-02 19:09 - 2014-11-29 21:18 - 00000000 ____D () C:\ProgramData\MFAData 2015-02-01 21:21 - 2014-12-18 20:54 - 00000000 ____D () C:\Users\bfzn\AppData\Roaming\XnView 2015-01-31 15:00 - 2010-12-07 13:06 - 00699340 _____ () C:\windows\system32\perfh007.dat 2015-01-31 15:00 - 2010-12-07 13:06 - 00149448 _____ () C:\windows\system32\perfc007.dat 2015-01-31 15:00 - 2009-07-14 06:13 - 01619272 _____ () C:\windows\system32\PerfStringBackup.INI 2015-01-31 12:48 - 2014-12-09 00:47 - 00002251 _____ () C:\Users\bfzadm\Desktop\Google Chrome.lnk 2015-01-31 12:48 - 2014-11-29 21:12 - 00001425 _____ () C:\Users\bfzadm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-01-31 11:19 - 2010-12-07 13:05 - 00000000 ____D () C:\ProgramData\PDFC 2015-01-28 22:34 - 2014-11-29 21:32 - 00000000 ____D () C:\Users\bfzn\AppData\Local\PDFC 2015-01-28 22:20 - 2014-11-29 20:52 - 00000000 ____D () C:\Users\bfzadm 2015-01-28 21:21 - 2014-12-04 05:16 - 00024932 _____ () C:\windows\IE11_main.log 2015-01-26 19:07 - 2014-12-30 21:59 - 00000000 ____D () C:\Users\bfzn\AppData\Local\Microsoft Help 2015-01-25 21:25 - 2014-12-04 23:44 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe 2015-01-25 21:25 - 2014-12-04 23:44 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-01-25 21:25 - 2014-12-04 23:44 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater 2015-01-25 14:19 - 2014-11-29 21:21 - 00000000 ____D () C:\ProgramData\AVG2015 2015-01-25 14:17 - 2014-11-29 21:21 - 00000981 _____ () C:\Users\Public\Desktop\AVG 2015.lnk 2015-01-25 14:17 - 2014-11-29 21:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2015-01-16 20:26 - 2014-11-30 01:15 - 00000000 ____D () C:\Users\bfzn\AppData\Local\CrashDumps 2015-01-11 18:38 - 2014-12-15 21:18 - 00000000 ____D () C:\Users\bfzn\AppData\Roaming\Sony Corporation 2015-01-11 18:34 - 2014-12-15 20:27 - 00000000 ____D () C:\Program Files (x86)\Sony 2015-01-11 18:31 - 2014-12-15 20:27 - 00002358 _____ () C:\Users\Public\Desktop\Image Data Converter Ver. 4.lnk 2015-01-10 12:23 - 2014-11-29 21:04 - 00000000 ___HD () C:\ProgramData\ArcSoft 2015-01-08 00:37 - 2014-11-29 21:10 - 00088016 _____ () C:\Users\bfzadm\AppData\Local\GDIPFONTCACHEV1.DAT 2015-01-07 19:17 - 2014-12-10 21:12 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-01-05 19:02 - 2010-12-07 13:00 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2015-01-05 18:30 - 2014-11-29 21:32 - 00088016 _____ () C:\Users\bfzn\AppData\Local\GDIPFONTCACHEV1.DAT 2015-01-05 18:27 - 2009-07-14 05:45 - 00422224 _____ () C:\windows\system32\FNTCACHE.DAT 2015-01-04 22:55 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared 2015-01-04 22:53 - 2014-12-10 21:13 - 00000000 ____D () C:\Program Files\Microsoft Office 2015-01-04 22:53 - 2009-07-27 15:26 - 00000000 ____D () C:\windows\ShellNew 2015-01-04 21:12 - 2014-11-29 23:00 - 00000400 _____ () C:\windows\ODBC.INI 2015-01-04 21:07 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\system 2015-01-04 20:56 - 2009-07-14 03:34 - 00000438 _____ () C:\windows\win.ini 2015-01-04 20:23 - 2014-11-29 23:33 - 00000000 ____D () C:\_Daten Some content of TEMP: ==================== C:\Users\bfzadm\AppData\Local\Temp\Quarantine.exe C:\Users\bfzadm\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-24 00:55 ==================== End Of Log ============================ --- --- --- |
|
02.02.2015, 21:58
| #20 |
| /// TB-Ausbilder /// Anleitungs-Guru | Meldung in Win7: Der Proxyserver reagiert nicht Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2226251454-2989245828-1209764460-1004 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2226251454-2989245828-1209764460-1004 -> {71883CF6-4AA3-44C6-A4AE-3678C8AFAA97} URL = hxxp://www.search.ask.com/web?tpid=ORJ-SPE&o=
Toolbar: HKU\S-1-5-21-2226251454-2989245828-1209764460-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
 Cleanup: (Die Reihenfolge ist hier entscheidend) Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken.  Falls Combofix verwendet wurde:  Combofix-Deinstallation.
Alle Logs gepostet? Ja! Dann lade Dir bitte  DelFix herunter.
Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst. Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen. >>clean<< Wir haben es geschafft!  Die Logs sehen für mich im Moment sauber aus. Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...  und/oder das Forum mit einer kleinen Spende  unterstützen.  Es bleibt mir nur noch, Dir unbeschwertes und sicheres Surfen zu wünschen und dass wir uns hier so bald nicht wiedersehen.   Wie kann ich mich in Zukunft besser schützen?Tipps, Dos & Don'ts  Updates & Software
Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren. Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen. Firewall, Antivirus & Co.
 Cracks, Downloads & Co.Neben unbemerkten Drive-by Installationen wird Malware aber auch oft mehr oder weniger aktiv vom Benutzer selbst installiert. Der Besuch dubioser Websites kann bereits Risiken bergen. Auch wenn der Virenscanner im Moment darin keine Bedrohung erkennt, muss das nichts bedeuten. Illegale Cracks, Keygens und Serials sind ein ausgesprochen einfacher und beliebter Weg um Malware zu verbreiten. Bei Dateien aus Peer-to-Peer- und Filesharingprogrammen oder von Filehostern kann man nie sicher sein, ob auch wirklich drin ist, was drauf steht. (Trojanisches Pferd^^)
Oft wird auch versucht, den Benutzer mit mehr oder weniger trickreichen Methoden zu verleiten, eine für ihn verhängnisvolle Handlung selbst auszuführen (Überbegriff Social Engineering).
Nervige Adware (Werbung) und unnötige Toolbars werden auch meist durch den Benutzer selbst mitinstalliert.
Abschließend noch ein paar grundsätzliche Bemerkungen:
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
02.02.2015, 22:36
| #21 |
| | Meldung in Win7: Der Proxyserver reagiert nichtCode:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-02-2015
Ran by bfzadm at 2015-02-02 22:35:23 Run:2
Running from C:\Users\bfzn\Desktop
Loaded Profiles: bfzadm & bfzn (Available profiles: bfzadm & bfzn & DoKo)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2226251454-2989245828-1209764460-1004 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2226251454-2989245828-1209764460-1004 -> {71883CF6-4AA3-44C6-A4AE-3678C8AFAA97} URL = hxxp://www.search.ask.com/web?tpid=ORJ-SPE&o=
Toolbar: HKU\S-1-5-21-2226251454-2989245828-1209764460-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
*****************
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-2226251454-2989245828-1209764460-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-2226251454-2989245828-1209764460-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{71883CF6-4AA3-44C6-A4AE-3678C8AFAA97}" => Key deleted successfully.
HKCR\CLSID\{71883CF6-4AA3-44C6-A4AE-3678C8AFAA97} => Key not found.
HKU\S-1-5-21-2226251454-2989245828-1209764460-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found.
==== End of Fixlog 22:35:23 ====
|
|
02.02.2015, 22:40
| #22 |
| /// TB-Ausbilder /// Anleitungs-Guru | Meldung in Win7: Der Proxyserver reagiert nicht OK... 
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
02.02.2015, 22:46
| #23 |
| | Meldung in Win7: Der Proxyserver reagiert nicht Ich hab "Cleanup" und "Combofix" schon gelöscht, jedenfalls finde ich sie nicht mehr. Soll ich zuerst wieder installieren und dann nochmal nach Anleitung deinstallieren oder kann das so bleiben? |
|
02.02.2015, 22:51
| #24 |
| /// TB-Ausbilder /// Anleitungs-Guru | Meldung in Win7: Der Proxyserver reagiert nicht Cleanup? Defogger und Combofix falls verwendet! Defogger wurde verwendet. Wie gesagt Re-enable klicken. Dann Delfix.
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
| Themen zu Meldung in Win7: Der Proxyserver reagiert nicht |
| andere, aufruf, aufrufe, erhalte, erscheine, erscheinen, genannt, laufe, laufen, lästige, meldung, proxyserver, reagiert, reagiert nicht, seite, seiten, tagen, tools, vermehrt, win, win7, windows7 proxyserver |
Adwarecleaner.
Windows die 
automatischen Updates
Firewall. Die in Windows integrierte genügt im Normalfall völlig.
ESET
NoScript
Linear-Darstellung
