| |
| |||||||
Log-Analyse und Auswertung: Vista 32 bit ServicePack 2 mit WindowsMangerProtect Problem und mehrWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
31.01.2015, 14:58
| #1 |
 |  Vista 32 bit ServicePack 2 mit WindowsMangerProtect Problem und mehr Hallo Zusammen, habe wie oben genannt ein Problem mit WindowsMangerProtect bestimmt auch noch andere Aufgefallen durch meldung von Kasperky und durch Performance-Probleme im I-Net. Würde mich freuen wenn sich jemand meiner Sache annehmen kann. Danke GCCDirk Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 13:52 on 31/01/2015 (Dirk)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
SPTD -> Disabled (Service running -> reboot required)
-=E.O.F=-
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-01-2015
Ran by Dirk (administrator) on HOME-PC on 31-01-2015 14:04:38
Running from C:\Users\Dirk\Desktop\TrojanerBoard
Loaded Profiles: Dirk (Available profiles: Dirk & Mcx1 & Pascal)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(SysTool PasSame LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
() C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
(Acronis) C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Infowatch) C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
() C:\Program Files\Canon\IJPLM\ijplmsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
(Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Deutsche Telekom AG) C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
(Prolific Technology Inc.) C:\Windows\System32\IoctlSvc.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe
(Rocket Division Software) C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
() C:\Windows\System32\atwtusb.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
() C:\Windows\System32\atwtusb.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(CANON INC.) C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Microsoft Corporation) C:\Windows\System32\wpcumi.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
() C:\Windows\System32\AtwtusbIcon.exe
(Acronis) C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis International GmbH) C:\Program Files\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
(Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(MATESO GmbH) C:\Program Files\Password Safe and Repository\psr.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Acronis) C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-18] (Microsoft Corporation)
HKLM\...\Run: [snpstd3] => C:\Windows\vsnpstd3.exe [339968 2005-09-05] ()
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-07-02] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4911104 2008-02-25] (Realtek Semiconductor)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3478600 2013-05-11] (Adobe Systems Inc.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2508104 2009-11-01] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-03] (CANON INC.)
HKLM\...\Run: [IJNetworkScanUtility] => C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [140640 2009-09-28] (CANON INC.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\Update\realsched.exe [295512 2014-05-20] (RealNetworks, Inc.)
HKLM\...\Run: [AVP] => C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-11] (Kaspersky Lab ZAO)
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-08-19] (DivX, LLC)
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM\...\Run: [WPCUMI] => C:\Windows\system32\WpcUmi.exe [176128 2006-11-02] (Microsoft Corporation)
HKLM\...\Run: [DriveUtilitiesHelper] => C:\Program Files\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1852264 2014-05-23] (Western Digital Technologies, Inc.)
HKLM\...\Run: [AtwtusbIcon] => C:\Windows\system32\AtwtusbIcon.exe [2963456 2012-09-10] ()
HKLM\...\Run: [TrueImageMonitor.exe] => C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [5343272 2014-11-27] (Acronis)
HKLM\...\Run: [AcronisTibMounterMonitor] => C:\Program Files\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [606096 2014-10-17] (Acronis International GmbH)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [409912 2014-08-14] (Acronis)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\Run: [ISUSPM] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [218032 2006-09-11] (Macrovision Corporation)
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-18] (Microsoft Corporation)
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files\Adobe\Acrobat 11.0\Acrobat\AdobeCollabSync.exe [694352 2013-05-11] (Adobe Systems Incorporated)
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\RunOnce: [Shockwave Updater] => C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1150600.exe [468408 2009-06-05] (Adobe Systems, Inc.)
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\MountPoints2: M - M:\AutoRun.exe
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\MountPoints2: {18515a3c-1d6b-11df-b645-0019db5bd77b} - M:\AutoRun.exe
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\MountPoints2: {18515a52-1d6b-11df-b645-0019db5bd77b} - M:\AutoRun.exe
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\MountPoints2: {18515a5a-1d6b-11df-b645-0019db5bd77b} - M:\AutoRun.exe
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\MountPoints2: {35d8dd1d-efc3-11df-b8af-806e6f6e6963} - H:\AutoRun.exe
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\MountPoints2: {39a36e28-1b6a-11e2-b865-0019db5bd77b} - Q:\LaunchU3.exe -a
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\MountPoints2: {39d4b926-df25-11e2-abf9-806e6f6e6963} - Q:\AutoRun.exe
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\MountPoints2: {3d4c75c4-2dba-11de-a81d-0019db5bd77b} - I:\AutoRun.exe
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\MountPoints2: {3d4c76ac-2dba-11de-a81d-0019db5bd77b} - M:\AutoRun.exe
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\MountPoints2: {442e28c7-3a2c-11df-8a55-0019db5bd77b} - I:\AutoRun.exe
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\MountPoints2: {442e28d1-3a2c-11df-8a55-0019db5bd77b} - I:\AutoRun.exe
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\MountPoints2: {442e28fc-3a2c-11df-8a55-0019db5bd77b} - I:\AutoRun.exe
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\MountPoints2: {442e292f-3a2c-11df-8a55-0019db5bd77b} - I:\AutoRun.exe
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\MountPoints2: {4b212984-3e86-11df-ab0b-0019db5bd77b} - I:\AutoRun.exe
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\MountPoints2: {54ef194e-6810-11df-a1a9-0019db5bd77b} - I:\AutoRun.exe
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\MountPoints2: {54ef198c-6810-11df-a1a9-0019db5bd77b} - I:\AutoRun.exe
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\MountPoints2: {6493d157-1324-11df-8bdd-0019db5bd77b} - I:\AutoRun.exe
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\MountPoints2: {6493d159-1324-11df-8bdd-0019db5bd77b} - I:\AutoRun.exe
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\MountPoints2: {77b9991f-f017-11df-899f-0019db5bd77b} - M:\AutoRun.exe
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\MountPoints2: {8fce1577-cde9-11df-95e1-0019db5bd77b} - I:\AutoRun.exe
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\MountPoints2: {945c1662-55d1-11de-a877-0019db5bd77b} - I:\AutoRun.exe
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\MountPoints2: {a9bece32-06a7-11df-87b5-0019db5bd77b} - I:\AutoRun.exe
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\MountPoints2: {a9bece34-06a7-11df-87b5-0019db5bd77b} - I:\AutoRun.exe
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\MountPoints2: {aa00422c-1c46-11de-a29e-0019db5bd77b} - I:\AutoRun.exe
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\MountPoints2: {aa00482d-1c46-11de-a29e-0019db5bd77b} - I:\AutoRun.exe
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\MountPoints2: {ab4e8eaf-fb14-11db-b44b-806e6f6e6963} - E:\start.exe /auto
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\MountPoints2: {b02e3bc0-b7e5-11de-910c-806e6f6e6963} - I:\AutoRun.exe
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\MountPoints2: {d424ea47-a20d-11de-87d1-0019db5bd77b} - I:\AutoRun.exe
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\MountPoints2: {d424ea49-a20d-11de-87d1-0019db5bd77b} - I:\AutoRun.exe
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\MountPoints2: {d5d7bddb-f25d-11df-ab36-0019db5bd77b} - H:\AutoRun.exe
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\MountPoints2: {dee467b9-31e3-11df-8440-0019db5bd77b} - M:\AutoRun.exe
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\MountPoints2: {dee467cd-31e3-11df-8440-0019db5bd77b} - M:\AutoRun.exe
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\MountPoints2: {e0f0150f-2c73-11df-9803-0019db5bd77b} - I:\AutoRun.exe
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\MountPoints2: {f037cb26-20d6-11de-b1ae-0019db5bd77b} - I:\AutoRun.exe
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\MountPoints2: {f037cb92-20d6-11de-b1ae-0019db5bd77b} - I:\AutoRun.exe
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\MountPoints2: {f037cbd1-20d6-11de-b1ae-0019db5bd77b} - I:\AutoRun.exe
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...0c966feabec1\InprocServer32: [Default-shell32] ATTENTION! ====> ZeroAccess?
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...409d6c4515e9\InprocServer32: [Default-shell32] <==== ATTENTION!
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...A8F59079A8D5}\localserver32: <==== ATTENTION!
ShellIconOverlayIdentifiers: [!1SYNCING.NET Unread] -> {5C9D3C37-2C95-4b5b-9EF0-4E0AFCA5E78A} => No File
ShellIconOverlayIdentifiers: [!2SYNCING.NET Shared Folder] -> {FB8CDFB0-B508-4F12-A91E-26E68ABB4DAE} => No File
ShellIconOverlayIdentifiers: [!3SYNCING.NET CheckedOutByTeammate] -> {5CBF1ABD-2D6A-4570-9A4F-A47798BBFC08} => No File
ShellIconOverlayIdentifiers: [!4SYNCING.NET CheckedOutByMe] -> {B133F3E9-124C-4669-BFFF-1B74508B5A84} => No File
ShellIconOverlayIdentifiers: [!5SYNCING.NET DownArrow] -> {0B914147-F836-4cfa-893A-ECE90B815982} => No File
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files\Acronis\TrueImageHome\tishell.dll (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files\Acronis\TrueImageHome\tishell.dll (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files\Acronis\TrueImageHome\tishell.dll (Acronis)
ShellIconOverlayIdentifiers: [KAVOverlayIcon] -> {dd230880-495a-11d1-b064-008048ec2fc5} => C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\shellex.dll (Kaspersky Lab ZAO)
GroupPolicyUsers\S-1-5-21-292042570-3503651505-2778631356-1019\User: Group Policy restriction detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:59356;https=127.0.0.1:59356
ProxyServer: [S-1-5-21-292042570-3503651505-2778631356-1000] => http=127.0.0.1:49876;https=127.0.0.1:49876
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1422099601&from=obw&uid=ST3250820AS_5QE2ABCQXXXX5QE2ABCQ&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1422099601&from=obw&uid=ST3250820AS_5QE2ABCQXXXX5QE2ABCQ&q={searchTerms}
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1422099601&from=obw&uid=ST3250820AS_5QE2ABCQXXXX5QE2ABCQ&q={searchTerms}
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.cipro.de/home.htm
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1422099601&from=obw&uid=ST3250820AS_5QE2ABCQXXXX5QE2ABCQ&q={searchTerms}
SearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKLM -> {F8C6023A-C536-4C0E-88D3-58898A3DC330} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_dsites_14_37_ff&cd=2XzuyEtN2Y1L1QzutDtDtCzy0D0ByD0B0DyByB0B0BtCtA0CtN0D0Tzu0SzyzzzztN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyDyB0DyEtD0B0F0BtG0AtByC0CtGtC0CyC0EtGyB0Dzy0AtGtC0DyDzytCyB0CtB0A0AtBtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DzzyDtAtA0BzzyEtGyDtCtAyCtGyEtA0A0FtGzytCtD0AtG0F0DyEyC0BtB0C0DtA0D0D0D2Q&cr=239421420&ir=
SearchScopes: HKU\S-1-5-21-292042570-3503651505-2778631356-1000 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-292042570-3503651505-2778631356-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-292042570-3503651505-2778631356-1000 -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL =
SearchScopes: HKU\S-1-5-21-292042570-3503651505-2778631356-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-292042570-3503651505-2778631356-1000 -> {F8C6023A-C536-4C0E-88D3-58898A3DC330} URL =
BHO: Adobe PDF Reader -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Adobe Acrobat Create PDF Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKU\S-1-5-21-292042570-3503651505-2778631356-1000 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-292042570-3503651505-2778631356-1000 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0017-0000-0055-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: CExecuteHook Object - {7B0E5486-E11D-437f-AC8B-7901C7D3FCCB} - No File [ ]
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 02 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 03 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 04 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 05 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 06 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 07 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 08 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 22 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF ProfilePath: C:\Users\Dirk\AppData\Roaming\Mozilla\Firefox\Profiles\m12ex9oq.default
FF DefaultSearchEngine: Google.de
FF SearchEngineOrder.1: SuchMaschine
FF SelectedSearchEngine: omiga-plus
FF Homepage: hxxp://www.cipro.de/home.htm
FF Keyword.URL: hxxp://www.sm.de/?q=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1211151.dll (Adobe Systems, Inc.)
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/VirtualEarth3D,version=2.5 -> C:\Program Files\Virtual Earth 3D\ ()
FF Plugin: @microsoft.com/VirtualEarth3D,version=3.0 -> C:\Program Files\Virtual Earth 3D\ ()
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pack.google.com/Google Updater;version=14 -> C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.448 -> C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll (BitComet)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF SearchPlugin: C:\Users\Dirk\AppData\Roaming\Mozilla\Firefox\Profiles\m12ex9oq.default\searchplugins\delta.xml
FF SearchPlugin: C:\Users\Dirk\AppData\Roaming\Mozilla\Firefox\Profiles\m12ex9oq.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\Dirk\AppData\Roaming\Mozilla\Firefox\Profiles\m12ex9oq.default\searchplugins\google-maps.xml
FF SearchPlugin: C:\Users\Dirk\AppData\Roaming\Mozilla\Firefox\Profiles\m12ex9oq.default\searchplugins\googlede.xml
FF HKLM\...\Firefox\Extensions: [{3112ca9c-de6d-4884-a869-9855de68056c}] - C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}
FF Extension: Google Toolbar for Firefox - C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2008-11-23]
FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013-04-27]
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-05-20]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM\...\Firefox\Extensions: - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com [2014-05-25]
FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com [2014-05-25]
FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com
FF Extension: Gevaarlijke websiteblokkering - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com [2014-05-25]
FF HKLM\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com [2014-05-25]
FF HKLM\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com [2014-05-25]
FF HKLM\...\Firefox\Extensions: [fftoolbar2014@etech.com] - C:\Users\Dirk\AppData\Roaming\Mozilla\Firefox\Profiles\m12ex9oq.default\extensions\fftoolbar2014@etech.com
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-01-31]
FF HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Dirk\AppData\Roaming\Mozilla\Firefox\Profiles\m12ex9oq.default\extensions\cliqz@cliqz.com
Chrome:
=======
CHR Profile: C:\Users\Dirk\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Iminent) - C:\Users\Dirk\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl [2013-04-08]
CHR HKLM\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\urladvisor.crx [2013-11-11]
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2013-05-11]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - https://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh [Not Found]
CHR HKLM\...\Chrome\Extension: [pfkfdlcdbajamklbneflfbcmfgddmpae] - No Path
CHR HKLM\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\ab.crx [2013-11-11]
CHR HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\Chrome\Extension: [pfkfdlcdbajamklbneflfbcmfgddmpae] - No Path
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [860504 2014-08-14] (Acronis)
R2 AdobeActiveFileMonitor5.0; C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe [108712 2006-12-22] ()
R2 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [4029432 2015-01-01] (Acronis)
R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-11] (Kaspersky Lab ZAO)
R2 CSObjectsSrv; C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [818888 2013-09-25] (Infowatch)
S4 DBService; C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe [187456 2009-06-14] (DATA BECKER GmbH & Co KG) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2007-12-22] (Macrovision Europe Ltd.) [File not signed]
S2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2014-09-18] (Freemake) [File not signed]
S2 gupdate1ca87fdcc7cbf74; C:\Program Files\Google\Update\GoogleUpdate.exe [107912 2014-10-20] (Google Inc.)
R2 HFGService; C:\Windows\System32\HFGService.dll [419224 2010-02-05] (CSR, plc)
S3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-11-06] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [116104 2009-09-08] ()
S3 Macromedia Licensing Service; C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [68096 2007-05-05] () [File not signed]
R2 Netzmanager Service; C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [2635776 2012-07-20] (Deutsche Telekom AG) [File not signed]
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
R2 PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [770944 2015-01-30] (Enigma Software Group USA, LLC.)
R2 StarMoney 9.0 OnlineUpdate; C:\Program Files\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe [697488 2014-07-04] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
R2 StarWindServiceAE; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [275968 2007-05-28] (Rocket Division Software) [File not signed]
R2 syncagentsrv; C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe [6857752 2014-09-13] (Acronis)
R2 WDDriveService; C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-10-23] (Western Digital Technologies, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-18] (Microsoft Corporation)
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [464384 2015-01-24] (SysTool PasSame LIMITED) [File not signed]
R2 WTService; C:\Windows\system32\atwtusb.exe [536064 2013-11-12] () [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 acedrv10; C:\Windows\system32\drivers\acedrv10.sys [583128 2007-10-28] (Protect Software GmbH)
R2 acedrv11; C:\Windows\system32\drivers\acedrv11.sys [501560 2008-01-23] (Protect Software GmbH)
R2 acehlp10; C:\Windows\system32\drivers\acehlp10.sys [250560 2007-10-26] (Protect Software GmbH)
R2 ARGUS; C:\Windows\System32\drivers\dvr100H.sys [65280 2007-12-14] (AVerMedia Systems, Inc.) [File not signed]
S3 BthAudioHF; C:\Windows\System32\DRIVERS\BthAudioHF.sys [48024 2010-02-05] (CSR, plc)
R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [88632 2011-06-02] (Infowatch)
R1 CSVirtualDiskDrv; C:\Windows\System32\DRIVERS\CSVirtualDiskDrv.sys [39736 2011-06-02] (Infowatch)
R3 dfmirage; C:\Windows\System32\DRIVERS\dfmirage.sys [34128 2008-03-26] (DemoForge, LLC)
S3 dptrackerd; C:\Windows\System32\drivers\dptrackerd.sys [44416 2005-12-18] (Windows (R) 2000 DDK provider) [File not signed]
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [19984 2015-01-30] ()
S3 FET5X86V; C:\Windows\System32\DRIVERS\fetnd5bv.sys [43520 2008-01-02] (VIA Technologies, Inc. )
R3 FETND6V; C:\Windows\System32\DRIVERS\fetnd6v.sys [51312 2011-05-13] (VIA Technologies, Inc. )
R0 file_tracker; C:\Windows\System32\DRIVERS\file_tracker.sys [214304 2015-01-01] (Acronis International GmbH)
R1 hugoio; C:\Program Files\i-Menu\hugoio.sys [9760 2008-04-14] ()
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2014-05-25] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [597568 2014-06-05] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25696 2014-05-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25696 2013-11-11] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2013-11-11] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [44000 2013-11-11] (Kaspersky Lab ZAO)
R3 KMWDFILTER; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [17408 2008-10-09] (Windows (R) Codename Longhorn DDK provider)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [145040 2013-11-11] (Kaspersky Lab ZAO)
R3 moufiltr; C:\Windows\System32\DRIVERS\moufiltr.sys [6144 2009-03-08] (Windows (R) Codename Longhorn DDK provider)
S3 MusCAudio; C:\Windows\System32\drivers\MusCAudio.sys [23608 2013-10-10] (Windows (R) Win 7 DDK provider)
S3 MusCDriverV32; C:\Windows\System32\drivers\MusCDriverV32.sys [22528 2007-07-18] (Windows (R) Codename Longhorn DDK provider) [File not signed]
S4 nvatabus; C:\Windows\system32\drivers\nvatabus.sys [105088 2006-07-14] (NVIDIA Corporation)
S3 s125mdfl; C:\Windows\System32\DRIVERS\s125mdfl.sys [15112 2007-04-24] (MCCI Corporation)
S3 s125mdm; C:\Windows\System32\DRIVERS\s125mdm.sys [108680 2007-04-24] (MCCI Corporation)
S3 SNPSTD3; C:\Windows\System32\DRIVERS\snpstd3.sys [8701824 2005-10-13] ()
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [320120 2014-07-16] (Duplex Secure Ltd.)
S3 teamviewervpn; C:\Windows\System32\DRIVERS\teamviewervpn.sys [25088 2010-03-11] (TeamViewer GmbH)
S3 TelekomNM3; C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys [35040 2010-09-16] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [867968 2015-01-01] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [169248 2015-01-01] (Acronis International GmbH)
S3 tosrfbd; C:\Windows\System32\DRIVERS\tosrfbd.sys [113792 2006-11-30] (TOSHIBA CORPORATION) [File not signed]
S3 tosrfbnp; C:\Windows\System32\Drivers\tosrfbnp.sys [36480 2006-11-20] (TOSHIBA Corporation) [File not signed]
S3 Tosrfhid; C:\Windows\System32\DRIVERS\Tosrfhid.sys [73600 2006-10-05] (TOSHIBA Corporation.) [File not signed]
S3 tosrfnds; C:\Windows\System32\DRIVERS\tosrfnds.sys [18612 2005-01-06] (TOSHIBA Corporation.) [File not signed]
S3 tosrfusb; C:\Windows\System32\DRIVERS\tosrfusb.sys [40960 2006-10-28] (TOSHIBA CORPORATION) [File not signed]
R2 v2imount; C:\Windows\System32\DRIVERS\v2imount.sys [38112 2008-01-19] (Symantec Corporation)
R3 vhidmini; C:\Windows\System32\DRIVERS\walvhid.sys [6144 2009-08-20] (Windows (R) Win 7 DDK provider)
S4 viamraid; C:\Windows\system32\drivers\viamraid.sys [100992 2006-03-31] (VIA Technologies inc,.ltd)
R0 videX32; C:\Windows\System32\drivers\videx32.sys [9216 2006-10-17] (VIA Technologies, Inc.)
S3 vtcdrv; C:\Windows\System32\DRIVERS\vtcdrv.sys [18688 2010-05-17] (Windows (R) Codename Longhorn DDK provider)
S3 VX1000; C:\Windows\System32\DRIVERS\VX1000.sys [1961072 2010-05-20] (Microsoft Corporation)
R0 xfilt; C:\Windows\System32\drivers\xfilt.sys [17920 2006-10-18] (VIA Technologies,Inc)
S3 amdkmdap; system32\DRIVERS\atikmpag.sys [X]
S2 ASInsHelp; \??\C:\Windows\system32\drivers\AsInsHelp32.sys [X]
S3 AtiHDAudioService; system32\drivers\AtihdLH3.sys [X]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 cpuz134; \??\C:\Users\Dirk\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X]
S3 GenericMount; system32\DRIVERS\GenericMount.sys [X]
S4 HpCISSs; \SystemRoot\system32\drivers\hpcisss.sys [X]
S3 Huawei; system32\DRIVERS\ewdcsc.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [74848 2014-06-05] (Kaspersky Lab ZAO)
S3 mod7700; system32\DRIVERS\mod7700.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\WNt500x86\Sandra.sys [X]
S2 secdrv; No ImagePath
S3 SNP325; system32\DRIVERS\snp325.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-31 14:04 - 2015-01-31 14:04 - 00000000 ____D () C:\FRST
2015-01-31 13:52 - 2015-01-31 13:53 - 00000020 _____ () C:\Users\Dirk\defogger_reenable
2015-01-31 13:51 - 2015-01-31 14:06 - 00000000 ____D () C:\Users\Dirk\Desktop\TrojanerBoard
2015-01-31 12:59 - 2015-01-31 12:59 - 00001041 _____ () C:\Users\Dirk\Desktop\SpyHunter.lnk
2015-01-31 12:59 - 2015-01-31 12:59 - 00000000 ____D () C:\Users\Dirk\AppData\Roaming\Enigma Software Group
2015-01-31 12:59 - 2015-01-31 12:59 - 00000000 ____D () C:\sh4ldr
2015-01-31 12:59 - 2015-01-30 20:54 - 00019984 _____ () C:\Windows\system32\Drivers\EsgScanner.sys
2015-01-31 09:05 - 2006-11-02 07:21 - 00319456 _____ (Microsoft Corporation) C:\Windows\system32\DIFxAPI.dll
2015-01-31 09:04 - 2011-05-13 13:34 - 00051312 _____ (VIA Technologies, Inc. ) C:\Windows\system32\Drivers\fetnd6v.sys
2015-01-31 09:04 - 2006-10-27 16:26 - 00069632 _____ () C:\Windows\system32\vuins32.dll
2015-01-30 20:54 - 2015-01-30 20:54 - 00000000 ____D () C:\Program Files\Enigma Software Group
2015-01-28 21:51 - 2015-01-28 21:52 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-28 21:20 - 2015-01-28 21:20 - 00001842 _____ () C:\Users\Public\Desktop\WISO Steuer-Sparbuch 2015.lnk
2015-01-28 21:20 - 2015-01-28 21:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO Steuer-Sparbuch 2015
2015-01-26 20:40 - 2015-01-31 13:31 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-26 20:40 - 2015-01-26 20:56 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-01-26 20:40 - 2015-01-26 20:56 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-24 15:38 - 2015-01-24 15:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elcomsoft Password Recovery
2015-01-24 15:38 - 2015-01-24 15:38 - 00000000 ____D () C:\ProgramData\Elcomsoft Password Recovery
2015-01-24 15:38 - 2015-01-24 15:38 - 00000000 ____D () C:\Program Files\Elcomsoft Password Recovery
2015-01-24 13:27 - 2015-01-24 13:27 - 00000000 ____D () C:\digitalvideoconverter
2015-01-24 12:49 - 2015-01-24 12:49 - 00000825 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-01-24 12:48 - 2015-01-24 12:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-01-24 12:45 - 2015-01-26 17:28 - 00000000 ____D () C:\Program Files\Search Extensions
2015-01-24 12:41 - 2015-01-24 12:41 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2015-01-24 12:40 - 2015-01-24 12:53 - 00000000 ____D () C:\Users\Dirk\AppData\Roaming\MailUpdate
2015-01-24 12:40 - 2015-01-24 12:40 - 00000000 ____D () C:\ProgramData\MailUpdate
2015-01-24 12:32 - 2015-01-24 12:32 - 00001692 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2015-01-24 12:32 - 2015-01-24 12:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-01-24 12:20 - 2015-01-24 12:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AC3Filter
2015-01-24 12:20 - 2015-01-24 12:20 - 00000000 ____D () C:\Program Files\AC3Filter
2015-01-20 07:28 - 2015-01-20 07:28 - 00000083 _____ () C:\Windows\system32\gpupdate.bin
2015-01-15 03:13 - 2014-12-19 01:25 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-15 03:01 - 2014-12-06 04:14 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-15 03:01 - 2014-12-06 04:14 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-15 03:01 - 2014-12-06 04:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-01-15 03:00 - 2014-12-06 04:14 - 00153600 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-06 17:56 - 2015-01-06 17:56 - 00000000 ____D () C:\ProgramData\Avanquest Software
2015-01-01 15:05 - 2015-01-01 15:05 - 00214304 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\file_tracker.sys
2015-01-01 15:04 - 2015-01-01 15:04 - 00169248 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\tib_mounter.sys
2015-01-01 15:04 - 2015-01-01 15:04 - 00000000 ____D () C:\Users\Dirk\AppData\Roaming\53CD8B3D-3393-4451-8ACD-5B9F36CD7D31
2015-01-01 15:03 - 2015-01-01 15:03 - 00000982 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis True Image 2015.lnk
2015-01-01 15:03 - 2015-01-01 15:03 - 00000970 _____ () C:\Users\Public\Desktop\Acronis True Image 2015.lnk
2015-01-01 12:40 - 2015-01-01 15:08 - 00000000 ____D () C:\Users\Dirk\AppData\Roaming\Acronis
2015-01-01 12:34 - 2015-01-01 15:04 - 00867968 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\tib.sys
2015-01-01 12:34 - 2015-01-01 15:04 - 00208672 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\snapman.sys
2015-01-01 12:33 - 2015-01-02 18:42 - 00000000 ____D () C:\ProgramData\Acronis
2015-01-01 12:33 - 2015-01-01 15:03 - 00098592 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\fltsrv.sys
2015-01-01 12:33 - 2015-01-01 12:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis
2015-01-01 12:32 - 2015-01-01 15:07 - 00000000 ____D () C:\Program Files\Common Files\Acronis
2015-01-01 12:32 - 2015-01-01 12:32 - 00000000 ____D () C:\Program Files\Acronis
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-31 14:01 - 2012-05-03 16:45 - 01289246 _____ () C:\Windows\WindowsUpdate.log
2015-01-31 14:00 - 2007-05-05 16:56 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-01-31 13:59 - 2006-11-02 13:37 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-01-31 13:58 - 2011-10-19 07:19 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-31 13:57 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-31 13:57 - 2006-11-02 13:47 - 00003696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-31 13:57 - 2006-11-02 13:47 - 00003696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-31 13:57 - 2006-11-02 11:23 - 00000689 _____ () C:\Windows\win.ini
2015-01-31 13:53 - 2012-05-10 02:51 - 00032626 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-31 13:53 - 2008-09-14 13:16 - 00000012 _____ () C:\Windows\bthservsdp.dat
2015-01-31 13:52 - 2009-03-08 12:08 - 00000000 ____D () C:\Users\Dirk
2015-01-31 13:34 - 2011-10-19 07:19 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-31 13:30 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-01-31 13:23 - 2014-09-14 14:23 - 00000288 _____ () C:\Windows\Tasks\WSE_Astromenda.job
2015-01-31 13:19 - 2006-11-02 11:33 - 01424896 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-31 12:38 - 2009-03-09 19:52 - 00095744 _____ () C:\Users\Dirk\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-31 12:17 - 2007-09-25 15:18 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-01-31 09:34 - 2014-12-31 12:18 - 00207680 _____ () C:\Users\Dirk\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-31 09:32 - 2014-12-31 12:24 - 01969608 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-31 09:31 - 2014-12-31 12:24 - 00008500 _____ () C:\Windows\PFRO.log
2015-01-31 08:48 - 2008-06-14 15:28 - 00000000 ____D () C:\Program Files\Virtual Earth 3D
2015-01-31 08:45 - 2010-11-01 09:05 - 00000000 ____D () C:\Users\Dirk\AppData\Roaming\YoWindow
2015-01-31 08:40 - 2007-05-05 23:30 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-01-31 08:38 - 2009-03-29 10:57 - 00000000 ____D () C:\Program Files\Mobile Partner
2015-01-31 08:14 - 2007-09-25 15:23 - 00000000 ____D () C:\Program Files\Microsoft.NET
2015-01-31 08:10 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\de-DE
2015-01-31 07:48 - 2012-01-31 18:34 - 00000000 ___RD () C:\Users\Dirk\Dropbox
2015-01-31 07:28 - 2014-08-22 11:49 - 00000000 ____D () C:\Send
2015-01-31 00:00 - 2009-06-23 19:57 - 00000368 _____ () C:\Windows\Tasks\NeroLiveEpgUpdate-Home-PC_Dirk.job
2015-01-30 19:37 - 2014-07-12 11:20 - 00000000 ____D () C:\Users\Dirk\AppData\Roaming\Dropbox
2015-01-30 10:18 - 2011-09-10 11:15 - 00000974 _____ () C:\Windows\Tasks\Google Software Updater.job
2015-01-30 03:29 - 2013-05-10 06:45 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-29 20:41 - 2008-05-27 17:44 - 00000000 ____D () C:\MAGIX
2015-01-29 20:08 - 2014-05-13 17:02 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2015-01-29 20:08 - 2007-07-13 16:38 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-01-29 19:56 - 2007-10-14 09:28 - 00000000 ____D () C:\Program Files\WISO
2015-01-28 21:21 - 2007-11-27 19:09 - 00000000 ____D () C:\Users\Dirk\AppData\Local\Buhl
2015-01-28 21:21 - 2007-10-14 10:56 - 00001464 _____ () C:\Windows\wiso.ini
2015-01-28 20:51 - 2014-01-02 10:02 - 00000000 ____D () C:\Program Files\StarMoney 9.0
2015-01-28 20:50 - 2014-07-16 18:57 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-26 17:43 - 2007-05-05 18:56 - 00000000 ____D () C:\Users\Dirk\AppData\Local\Adobe
2015-01-24 12:53 - 2011-04-17 12:17 - 00000824 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-24 12:53 - 2009-03-08 14:14 - 00000955 _____ () C:\Users\Dirk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-24 12:53 - 2007-11-26 21:06 - 00001730 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-01-24 12:32 - 2007-05-14 19:27 - 00000000 ____D () C:\Program Files\QuickTime
2015-01-23 10:28 - 2014-12-28 14:52 - 00000000 ____D () C:\Users\Dirk\AppData\Local\Avanquest
2015-01-21 07:39 - 2014-08-02 15:09 - 00000000 ____D () C:\Users\Dirk\AppData\Roaming\vlc
2015-01-20 07:35 - 2007-05-05 23:51 - 00000000 ____D () C:\Program Files\AceBIT
2015-01-20 07:27 - 2013-10-16 11:37 - 00000000 ____D () C:\Users\Dirk\AppData\Local\AllMusicConverter
2015-01-19 09:19 - 2007-05-05 22:35 - 00000000 ____D () C:\Users\Dirk\AppData\Roaming\Skype
2015-01-15 03:13 - 2013-08-15 02:13 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 03:02 - 2006-11-02 11:24 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-01-13 20:26 - 2007-05-31 17:42 - 00000000 ____D () C:\Users\Dirk\AppData\Local\CutePDF Writer
2015-01-13 18:08 - 2011-03-05 15:27 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR
2015-01-07 15:35 - 2013-10-14 15:32 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2015-01-06 04:36 - 2009-10-03 11:53 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-05 18:49 - 2014-10-13 16:43 - 00207680 _____ () C:\Users\Pascal\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-01 15:22 - 2007-03-19 07:30 - 00000000 ____D () C:\ProgramData\Symantec
2015-01-01 15:22 - 2007-03-19 07:30 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2015-01-01 15:21 - 2013-08-12 15:30 - 00000000 ____D () C:\ProgramData\{1C6FDDD8-FC9E-4C12-9FA5-1AAD377097B3}
2015-01-01 15:21 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Registration
2015-01-01 12:11 - 2013-02-03 16:45 - 00000000 ____D () C:\Testbilder
2015-01-01 11:31 - 2010-10-30 17:27 - 00004096 ___SH () C:\VSNAP.IDX
2015-01-01 09:44 - 2013-08-13 06:08 - 00000000 ____D () C:\Users\Dirk\AppData\Roaming\AIMP3
2015-01-01 09:24 - 2010-03-27 06:19 - 00000000 ____D () C:\Users\Dirk\AppData\Roaming\Mp3tag
==================== Files in the root of some directories =======
1997-09-03 23:00 - 1997-09-03 23:00 - 0311296 _____ (Microsoft Corporation) C:\Program Files\Common Files\msacc8.olb
2007-08-26 16:20 - 2011-06-21 17:08 - 0000070 _____ () C:\Users\Dirk\AppData\Roaming\AVSDVDPlayer.m3u
2011-05-13 19:44 - 2011-01-14 21:07 - 0061440 _____ () C:\Users\Dirk\AppData\Roaming\chrtmp
2009-05-31 08:00 - 2009-05-31 08:00 - 0000029 _____ () C:\Users\Dirk\AppData\Roaming\default.rss
2009-05-31 08:00 - 2009-05-31 08:00 - 0000000 _____ () C:\Users\Dirk\AppData\Roaming\downloads.m3u
2007-08-26 19:14 - 2007-08-26 19:14 - 0087608 _____ () C:\Users\Dirk\AppData\Roaming\inst.exe
2009-06-07 22:11 - 2009-06-07 22:11 - 0038431 _____ () C:\Users\Dirk\AppData\Roaming\Kommagetrennte Werte (DOS).ADR
2007-10-01 20:38 - 2007-10-01 20:38 - 0012963 _____ () C:\Users\Dirk\AppData\Roaming\Kommagetrennte Werte (DOS).CAL
2007-09-15 10:33 - 2012-03-21 19:47 - 0038443 _____ () C:\Users\Dirk\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
2007-10-01 20:29 - 2007-10-01 20:29 - 0012967 _____ () C:\Users\Dirk\AppData\Roaming\Kommagetrennte Werte (Windows).CAL
2007-09-15 10:39 - 2007-09-15 10:39 - 0011425 _____ () C:\Users\Dirk\AppData\Roaming\Kommagetrennte Werte (Windows).TSK
2012-03-19 07:19 - 2012-03-21 19:44 - 0023496 _____ () C:\Users\Dirk\AppData\Roaming\Microsoft Excel 97-2003.ADR
2008-02-10 10:43 - 2008-12-07 12:16 - 0012965 _____ () C:\Users\Dirk\AppData\Roaming\Microsoft Excel 97-2003.CAL
2009-05-09 15:49 - 2009-05-09 15:54 - 0008261 _____ () C:\Users\Dirk\AppData\Roaming\Microsoft Excel 97-2003.JNL
2007-06-10 08:30 - 2007-06-10 08:30 - 0012944 _____ () C:\Users\Dirk\AppData\Roaming\Microsoft Excel.CAL
2007-08-26 19:14 - 2007-08-26 19:14 - 0007887 _____ () C:\Users\Dirk\AppData\Roaming\pcouffin.cat
2007-08-26 19:14 - 2007-08-26 19:14 - 0001144 _____ () C:\Users\Dirk\AppData\Roaming\pcouffin.inf
2007-08-26 19:15 - 2007-08-26 19:15 - 0000034 _____ () C:\Users\Dirk\AppData\Roaming\pcouffin.log
2007-08-26 19:14 - 2007-08-26 19:14 - 0047360 _____ (VSO Software) C:\Users\Dirk\AppData\Roaming\pcouffin.sys
2007-05-10 21:52 - 2007-05-10 21:52 - 0012962 _____ () C:\Users\Dirk\AppData\Roaming\Tabulatorgetrennte Werte (Windows).CAL
2009-02-23 10:10 - 2009-02-23 10:10 - 0006144 ___SH () C:\Users\Dirk\AppData\Roaming\Thumbs.db
2007-11-25 20:09 - 2008-05-25 10:22 - 0012201 _____ () C:\Users\Dirk\AppData\Roaming\UserTile.png
2014-09-14 15:23 - 2014-12-19 21:34 - 0000222 _____ () C:\Users\Dirk\AppData\Roaming\WB.CFG
2007-05-05 16:13 - 2007-05-10 21:56 - 0000112 _____ () C:\Users\Dirk\AppData\Roaming\wklnhst.dat
2014-11-10 00:23 - 2014-11-10 00:23 - 0022528 _____ () C:\Users\Dirk\AppData\Local\665549406extsetup6655645931.exe
2014-11-10 00:23 - 2014-11-10 00:23 - 0643948 _____ () C:\Users\Dirk\AppData\Local\665549406extsq.dll
2011-01-04 12:06 - 2011-08-14 11:03 - 0001188 _____ () C:\Users\Dirk\AppData\Local\crc32list11.txt
2009-09-10 16:35 - 2014-12-15 20:23 - 0001356 _____ () C:\Users\Dirk\AppData\Local\d3d9caps.dat
2009-03-09 19:52 - 2015-01-31 12:38 - 0095744 _____ () C:\Users\Dirk\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-02 03:23 - 2014-12-17 02:23 - 0000010 _____ () C:\Users\Dirk\AppData\Local\DSI.DAT
2014-12-17 02:23 - 2014-12-17 02:23 - 0022528 _____ () C:\Users\Dirk\AppData\Local\dsisetup1052016712.exe
2014-12-02 03:23 - 2014-12-02 03:23 - 0022528 _____ () C:\Users\Dirk\AppData\Local\dsisetup11431845002.exe
2014-11-10 00:23 - 2014-11-10 00:23 - 0000008 _____ () C:\Users\Dirk\AppData\Local\ext2.dat
2009-07-27 18:07 - 2009-07-27 18:07 - 0000036 _____ () C:\Users\Dirk\AppData\Local\housecall.guid.cache
2009-11-21 07:15 - 2009-11-21 07:15 - 0000600 _____ () C:\Users\Dirk\AppData\Local\PUTTY.RND
2010-04-17 09:15 - 2010-04-17 10:31 - 0000907 _____ () C:\Users\Dirk\AppData\Local\RAExpertHistory.xml
2010-04-17 10:19 - 2010-04-17 10:29 - 0000171 _____ () C:\Users\Dirk\AppData\Local\rahistory.xml
2014-10-26 12:42 - 2014-10-26 12:42 - 0001495 _____ () C:\Users\Dirk\AppData\Local\recently-used.xbel
2012-06-03 11:59 - 2012-06-03 11:59 - 0017408 _____ () C:\Users\Dirk\AppData\Local\WebpageIcons.db
2011-12-11 18:55 - 2014-02-07 20:59 - 0000394 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2009-07-26 20:59 - 2009-10-10 08:18 - 0000000 _____ () C:\ProgramData\xml48D1.tmp
2009-03-09 18:39 - 2009-03-09 18:39 - 0000000 _____ () C:\ProgramData\xml8C76.tmp
2009-03-08 18:53 - 2009-08-25 21:45 - 0007189 _____ () C:\ProgramData\xml902C.tmp
2009-08-25 21:45 - 2009-10-10 08:18 - 0008723 _____ () C:\ProgramData\xml90C7.tmp
2009-03-08 18:53 - 2009-03-08 18:53 - 0000000 _____ () C:\ProgramData\xmlA2DA.tmp
2009-03-08 18:53 - 2009-03-08 18:53 - 0000000 _____ () C:\ProgramData\xmlA4FE.tmp
2009-03-08 18:53 - 2009-10-10 08:18 - 0001621 _____ () C:\ProgramData\xmlA53D.tmp
2009-03-09 18:39 - 2009-03-09 18:39 - 0000000 _____ () C:\ProgramData\xmlD73C.tmp
Files to move or delete:
====================
C:\Users\Dirk\kavremover10.exe
C:\Users\Dirk\strmdll.dll
Some content of TEMP:
====================
C:\Users\Dirk\AppData\Local\Temp\bitool.dll
C:\Users\Dirk\AppData\Local\Temp\clrvu.exe
C:\Users\Dirk\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpcqp4ku.dll
C:\Users\Dirk\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Dirk\AppData\Local\Temp\System.Data.SQLitefe223d1d-f38c-4129-b2b6-d203fb32ed1e.dll
C:\Users\Dirk\AppData\Local\Temp\Update1.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-31 14:03
==================== End Of Log ============================
|
|
31.01.2015, 14:59
| #2 |
| | Vista 32 bit ServicePack 2 mit WindowsMangerProtect Problem und mehrCode:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 31-01-2015
Ran by Dirk at 2015-01-31 14:06:15
Running from C:\Users\Dirk\Desktop\TrojanerBoard
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Kaspersky PURE 3.0 (Enabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AS: Kaspersky PURE 3.0 (Enabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky PURE 3.0 (Enabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
"Nero SoundTrax Help (Version: 4.0.11.0 - Nero AG) Hidden
100H (HKLM\...\{D94E53DD-9428-11D6-90F5-0048545B0D01}) (Version: - )
32 Bit HP CIO Components Installer (Version: 1.0.0 - Hewlett-Packard) Hidden
AAA Logo 2008 2.0 (HKLM\...\AAA Logo 2008_is1) (Version: - SWGSoft.com)
AC3Filter 2.6.0b (HKLM\...\AC3Filter_is1) (Version: 2.6.0b - Alexander Vigovsky)
Acronis True Image 2015 (HKLM\...\{08DC7D7A-1CA0-4E96-B12F-9B9577FCF0F8}Visible) (Version: 18.0.6525 - Acronis)
Acronis True Image 2015 (Version: 18.0.6525 - Acronis) Hidden
Active@ ISO Burner (HKLM\...\{7694E0B1-2332-448B-9235-929F84B41E3F}) (Version: 2.5.1 - LSoft Technologies)
Adobe Acrobat XI Pro (HKLM\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.03 - Adobe Systems)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 16.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Photoshop 7.0 (HKLM\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Adobe Photoshop Elements 5.0 (HKLM\...\Adobe Photoshop Elements 5) (Version: 5.0 - Adobe Systems, Inc.)
Adobe Reader 9.5.5 - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.1.151 - Adobe Systems, Inc.)
Advanced Archive Password Recovery (HKLM\...\{6E356EEF-203C-451B-9144-CBF099E3738A}) (Version: 4.54.55.1642 - Elcomsoft Co. Ltd.)
Advertising Center (Version: 0.0.0.1 - Nero AG) Hidden
AIMP3 (HKLM\...\AIMP3) (Version: v3.51.1288, 07.08.2013 - AIMP DevTeam)
AllMusicConverter 4.4.8 (HKLM\...\{A1CDB5F3-4B89-404F-B6D8-879049265CE5}_is1) (Version: 4.4.8 - cyan soft ltd)
Allway Sync version 14.0.1 (HKLM\...\Allway Sync_is1) (Version: - Botkind Inc)
Apple Application Support (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Application Profiles (HKLM\...\{909E265A-037A-9177-248B-CF1B04D9DBB6}) (Version: 2.0.4273.33792 - Advanced Micro Devices, Inc.)
AquaSoft DiaShow 8 Ultimate (HKLM\...\AquaSoft DiaShow 8 Ultimate) (Version: 8.5.10 - AquaSoft)
AquaSoft DiaShow 8 Ultimate (Version: 8.5.10 - AquaSoft) Hidden
ARAMARK Easy 3.52 (10/2013) (HKLM\...\ARAMARK Easy_is1) (Version: 3.52 (10/2013) - ARAMARK)
ARAMARK focus 3.0 (HKLM\...\ARAMARK focus 3.0_is1) (Version: 3.0 - ARAMARK)
Aramark focus 3.5 (HKLM\...\Aramark focus 3.5_is1) (Version: 3.50 - Aramark)
Arclab Thumb Studio 2.11 (HKLM\...\Thumb Studio_is1) (Version: - Arclab Software GbR)
Artisteer 3 (HKLM\...\Artisteer 3) (Version: 3.0 - Extensoft)
Artisteer 4 (HKLM\...\Artisteer 4) (Version: 4.1 - Extensoft)
ATI AVIVO Codecs (Version: 10.7.0.40702 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{4142E5E1-1415-E7AF-8631-62DF8AFF4F73}) (Version: 3.0.732.0 - ATI Technologies, Inc.)
Audiocutpad v1.10 (HKLM\...\Audiocutpad_is1) (Version: - Audiocutpad Software)
Ausschneiden 2.0 (HKLM\...\{5F0C0CD8-77B1-4C3E-9F01-5AF10D85DBB4}) (Version: 6.01.0 - Avanquest Software)
Bildschutz Pro (HKLM\...\Bildschutz_is1) (Version: 2.0 - K-Lab Development)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Branding (Version: 1.00.0000 - Your Company Name) Hidden
BufferChm (Version: 100.0.170.000 - Hewlett-Packard) Hidden
C4340 (Version: 100.0.206.000 - Ihr Firmenname) Hidden
C4340_Help (Version: 100.0.206.000 - Hewlett-Packard) Hidden
Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version: 1.3.5.0 - Canon Inc.)
Canon IJ Network Scan Utility (HKLM\...\Canon_IJ_Network_Scan_UTILITY) (Version: - )
Canon IJ Network Tool (HKLM\...\Canon_IJ_Network_UTILITY) (Version: - )
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM\...\CANONIJPLM100) (Version: - )
Canon Kurzwahlprogramm (HKLM\...\Speed Dial Utility) (Version: - )
Canon MP Navigator EX 3.1 (HKLM\...\MP Navigator EX 3.1) (Version: - )
Canon MX870 series Benutzerregistrierung (HKLM\...\Canon MX870 series Benutzerregistrierung) (Version: - )
Canon MX870 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX870_series) (Version: - )
Canon Utilities Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version: - )
Canon Utilities My Printer (HKLM\...\CanonMyPrinter) (Version: - )
Canon Utilities Solution Menu (HKLM\...\CanonSolutionMenu) (Version: - )
ccc-core-static (Version: 2009.0702.1239.20840 - Ihr Firmenname) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
Codeur Windows Media Série 9 (HKLM\...\Windows Media Encoder 9) (Version: - )
Codeur Windows Media Série 9 (Version: 9.00.3374 - Microsoft Corporation) Hidden
ConvertXtoDVD 2.2.3.258 (HKLM\...\{BB406CEB-6207-4512-9BB2-89950DC9D6B6}_is1) (Version: 2.2.3.258 - VSO-Software SARL)
CutePDF Writer 2.7 (HKLM\...\CutePDF Writer Installation) (Version: - )
DATA BECKER MPEG2 Video Encoder (HKLM\...\MPEG2 Video Encoder_is1) (Version: - )
DATA BECKER Stream Catcher Premium (HKLM\...\Stream Catcher Premium_is1) (Version: - )
DC-Bass Source 1.3.0 (HKLM\...\DC-Bass Source) (Version: - )
Deutsche Post E-Porto (HKLM\...\{5CCF8330-F742-411A-8A04-719806D168B5}) (Version: 2.3.0 - Deutsche Post AG)
DHTML Editing Component (HKLM\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Digital Video Converter v1.7.0.24 (HKLM\...\{1AD473D7-7A47-5AEC-B45D-9B87414E7175}) (Version: - )
Digital Video Surveillance System - Fernsteuerungsmanager (HKLM\...\{F2A34EE8-F7E7-11D6-9D38-0050BAEF4D56}) (Version: - )
DirectVobSub 2.40.4209 (HKLM\...\vsfilter_is1) (Version: 2.40.4209 - MPC-HC Team)
DivX Plus Web Player (HKLM\...\{B7050CBDB2504B34BC2A9CA0A692CC29}) (Version: 2.0.0 - DivX,Inc.)
DivX-Setup (HKLM\...\DivX Setup) (Version: 2.6.3.88 - DivX, LLC)
DocProc (Version: 10.0.0.0 - Hewlett-Packard) Hidden
DocProcQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
DolbyFiles (Version: 2.0 - Nero AG) Hidden
Dropbox (HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
Fax (Version: 100.0.187.000 - Hewlett-Packard) Hidden
ffdshow v1.1.4399 [2012-03-22] (HKLM\...\ffdshow_is1) (Version: 1.1.4399.0 - )
Fotolia Desktop (HKLM\...\net.tw.fotolia-desktop) (Version: 2.0.3 - Fotolia LLC)
Fotolia Desktop (Version: 2.0.3 - Fotolia LLC) Hidden
Freemake Video Converter Version 4.1.4 (HKLM\...\Freemake Video Converter_is1) (Version: 4.1.4 - Ellora Assets Corporation)
Garmin USB Drivers (HKLM\...\{ABA5E381-EC46-425C-86C5-5CD15BBFB4BF}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM\...\{00FE2935-FB56-4410-AB5F-D6E70C1771D2}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Earth (HKLM\...\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}) (Version: 4.3.7284.3916 - Google)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Updater (HKLM\...\Google Updater) (Version: 2.4.2432.1652 - Google Inc.)
GSiteCrawler (HKLM\...\GSiteCrawler) (Version: v1.23 - SOFTplus Entwicklungen GmbH, CH-6340 Baar)
GTMaster (HKLM\...\{11435196-CF9F-4399-9AFB-CBCCE3C626D9}) (Version: 1.03.0000 - SoftwareService Gerald Thormann)
Haali Media Splitter (HKLM\...\HaaliMkx) (Version: - )
HAMA Joystick Outlandish (HKLM\...\HAMA Joystick Outlandish) (Version: - )
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
HTC BMP USB Driver (HKLM\...\{31A559C1-9E4D-423B-9DD3-34A6C5398752}) (Version: 1.0.5375 - HTC)
HTC Driver Installer (HKLM\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.1.0.001 - HTC Corporation)
HTC Driver Installer (HKLM\...\{6D6664A9-3342-4948-9B7E-034EFE366F0F}) (Version: 3.0.0.021 - HTC Corporation)
HUAWEI DataCard Driver 3.10.02.00 (HKLM\...\HUAWEI DataCard Driver) (Version: 3.10.02.00 - Huawei technologies Co., Ltd.)
HydraVision (Version: 4.2.108.0 - ATI Technologies Inc.) Hidden
ImageBlizzard 1.1 (HKLM\...\ImageBlizzard_is1) (Version: 1.1 - FlowerByte Software)
ImagXpress (Version: 7.0.74.0 - Nero AG) Hidden
i-Menu 2.2 (HKLM\...\i-Menu_is1) (Version: - AOC)
InstaCards (HKLM\...\{58259C24-7B5E-4977-93B0-E9EEA1B884CE}) (Version: 1.5.0 - Avanquest Software)
Ipswitch WS_FTP Professional 2007 (HKLM\...\{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}) (Version: 11.00.002 - Ipswitch)
IPTInstaller (HKLM\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.670 - Oracle)
Kaspersky PURE 3.0 (HKLM\...\InstallWIX_{D0702EE9-9DE4-419A-9C6C-4730B1C985BA}) (Version: 13.0.2.558 - Kaspersky Lab)
Kaspersky PURE 3.0 (Version: 13.0.2.558 - Kaspersky Lab) Hidden
K-Lite Mega Codec Pack 5.5.6 (HKLM\...\KLiteCodecPack_is1) (Version: 5.5.6 - )
Lagarith Lossless Codec (1.3.27) (HKLM\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version: - )
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version: - )
Macromedia Dreamweaver 8 (HKLM\...\{44025BD7-AD10-4769-99AE-6378FD0303D6}) (Version: 8.0.0.2751 - Macromedia)
Macromedia Dreamweaver MX 2004 (HKLM\...\{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}) (Version: 7.0.1 - Macromedia)
Macromedia Extension Manager (HKLM\...\{0F022A2E-7022-497D-90A5-0F46746D8275}) (Version: 1.7.270 - Ihr Firmenname)
Macromedia Flash 8 (HKLM\...\{2BD5C305-1B27-4D41-B690-7A61172D2FEB}) (Version: 8.00.0000 - Macromedia)
Macromedia Flash 8 Video Encoder (HKLM\...\{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}) (Version: 1.00.0000 - Macromedia)
MAGIX Speed burnR (MSI) (HKLM\...\MX.{D5531B86-70C2-4239-A889-F3FA2051097F}) (Version: 7.0.2.6 - MAGIX Software GmbH)
MAGIX Speed burnR (MSI) (Version: 7.0.2.6 - MAGIX Software GmbH) Hidden
Menu Templates - Pack 1 (Version: 9.0.4.0 - Nero AG) Hidden
Menu Templates - Pack 2 (Version: 9.0.4.0 - Nero AG) Hidden
Menu Templates - Pack 3 (Version: 9.0.4.0 - Nero AG) Hidden
Menu Templates - Starter Kit (Version: 9.0.4.0 - Nero AG) Hidden
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft Access Runtime 2010 (HKLM\...\Office14.AccessRT) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{BD71B413-9FEE-49BB-A6D1-2C0BFB99BDFE}) (Version: 3.60.253.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office XP Professional mit FrontPage (HKLM\...\{90280407-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Outlook-Sicherung für Persönliche Ordner (HKLM\...\{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}) (Version: 1.10.0.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 SP1 CRT Redistributable (HKLM\...\{CC038D57-788A-4544-BF8F-179E5CF50D2F}) (Version: 1.00.0000 - Buhl Data Service GmbH)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{4fd02573-5f12-4ae4-8027-c63f8e1115af}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM\...\{95140000-0137-0407-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Movie Templates - Pack 1 (Version: 9.0.4.0 - Nero AG) Hidden
Movie Templates - Starter Kit (Version: 9.0.4.0 - Nero AG) Hidden
Mozilla Firefox 35.0.1 (x86 de) (HKLM\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mp3tag v2.57 (HKLM\...\Mp3tag) (Version: v2.57 - Florian Heidenreich)
MSI to redistribute MS VS2005 CRT libraries (HKLM\...\{A8D93648-9F7F-407D-915C-62044644C3DA}) (Version: 8.0.50727.42 - The Firebird Project)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser und SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
MyDriveConnect 3.3.0.1812 (HKLM\...\MyDriveConnect) (Version: 3.3.0.1812 - TomTom)
MyFreeCodec (HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\MyFreeCodec) (Version: - )
MyPhoneExplorer (HKLM\...\MPE) (Version: 1.8.6 - F.J. Wechselberger)
Nero 9 (HKLM\...\{a86609ae-e360-41c2-ae14-2f6d1fab7108}) (Version: - Nero AG)
Netzmanager (HKLM\...\Netzmanager) (Version: 1.071 - Deutsche Telekom AG)
Netzmanager (Version: 1.071 - Deutsche Telekom AG, Marmiko IT-Solutions GmbH) Hidden
NVIDIA PhysX (HKLM\...\{5DB65884-C963-4454-AABA-4CA3089281FA}) (Version: 9.09.0720 - NVIDIA Corporation)
OCR Software by I.R.I.S. 10.0 (HKLM\...\HPOCR) (Version: 10.0 - HP)
OpenAL (HKLM\...\OpenAL) (Version: - )
OpenOffice 4.1.0 (HKLM\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation)
OpenSource Flash Video Splitter 1.0.0.5 (HKLM\...\OpenSource Flash Video Splitter) (Version: 1.0.0.5 - )
Orban/Coding Technologies AAC/aacPlus Player Plugin™ 1.0 (HKLM\...\{DB0A8A2A-4EA7-4FE3-802E-8A6DEE32696C}_is1) (Version: - Orban, Inc.)
Order-Form-Maker (HKLM\...\Order-Form-Maker_is1) (Version: 1.1.8.3 - Thomas Rudolph)
Password Safe and Repository 5.2.2.1625 (HKLM\...\{8AEF92D2-4E2C-44CD-ABDC-800E0BB8EDEE}) (Version: 5.2.2.1625 - MATESO GmbH)
PDF24 Creator 5.4.0 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
PoiEdit (HKLM\...\PoiEdit) (Version: - )
ProtectDisc Driver, Version 11 (HKLM\...\ProtectDisc Driver 11) (Version: 11.0.0.10 - ProtectDisc Software GmbH)
ProtectDisc Helper Driver 10 (HKLM\...\ProtectDisc Driver 10) (Version: 10.0.0.5 - )
PS_AIO_03_C4340_ProductContext (Version: 100.0.215.000 - Hewlett-Packard) Hidden
PS_AIO_03_C4340_Software (Version: 100.0.206.000 - Hewlett-Packard) Hidden
PS_AIO_03_C4340_Software_Min (Version: 100.0.213.000 - Hewlett-Packard) Hidden
PSPad editor (HKLM\...\PSPad editor_is1) (Version: - Jan Fiala)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
RealSpeak Solo fur Deutsch - Steffi (HKLM\...\{BFBB91DB-9F0F-4A9C-9669-A97DA3512CF2}) (Version: 4.00.0000 - ScanSoft)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - )
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Samsung Story Album Viewer (HKLM\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden
Scan (Version: 10.0.0.0 - Hewlett-Packard) Hidden
SDFormatter (HKLM\...\{A5355F15-F98B-4704-9BAE-E53B9FE48F48}) (Version: 3.1.0 - SD Association)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-001C-0000-0000-0000000FF1CE}_Office14.AccessRT_{54846D1D-E5D5-4A28-AA6D-7208259007EA}) (Version: - Microsoft)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Sothink DHTMLMenu (HKLM\...\{24D1FCDD-FE3F-43D4-96D6-EDA0A8F633E7}_is1) (Version: - SourceTec Software Co., LTD)
SoundTrax (Version: 4.0.11.0 - Nero AG) Hidden
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
SpyHunter 4 (HKLM\...\SpyHunter) (Version: 4.18.9.4384 - Enigma Software Group, LLC)
StarMoney (Version: 2.0 - StarFinanz) Hidden
StarMoney (Version: 3.0.2.50 - StarFinanz) Hidden
StarMoney (Version: 4.0.2.34 - StarFinanz) Hidden
StarMoney 9.0 (HKLM\...\{63CAC5B9-B55B-450A-8A3D-2D65F990BD91}) (Version: 9.0 - Star Finanz GmbH)
SupervisionCam (HKLM\...\SupervisionCam) (Version: - )
SWiSH Max2 (HKLM\...\SWiSH Max2) (Version: - )
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.26297 - TeamViewer)
TomTom HOME Visual Studio Merge Modules (HKLM\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Toolbox (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Ulead GIF Animator 5 ESD (HKLM\...\{8AF3E926-ED59-11D4-A44B-0000E86D2305}) (Version: - )
Ultimate Codecs Setup Wizard Packages (HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\Ultimate Codecs Setup Wizard Packages) (Version: - ) <==== ATTENTION
Ultimate ZIP Cracker Trial version (HKLM\...\{76F0FEBD-6C17-4D57-8CDC-7A250474EC61}) (Version: - )
UnloadSupport (Version: 10.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
USB Tablet Manager (HKLM\...\RmTablet) (Version: 5.05 - )
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VIA Rhine Family Fast Ethernet Adapter (HKLM\...\VN_VUIns_Rhine_VIA) (Version: - )
VirtualDJ Home FREE (HKLM\...\{4DF4CAB9-B628-4924-AD9A-1C457DD2960A}) (Version: 7.0.4 - Atomix Productions)
Visitenkarten in 2 Minuten (HKLM\...\Visitenkarten in 2 Minuten) (Version: - )
Visual Slideshow (HKLM\...\Visual Slideshow) (Version: - )
Visual Studio C++ 10.0 Runtime (HKLM\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player 2.0.5 (HKLM\...\VLC media player) (Version: 2.0.5 - VideoLAN)
WD Drive Utilities (HKLM\...\{59E0381C-1047-45A3-B68A-57F586EAF3C2}) (Version: 1.1.0.51 - Western Digital Technologies, Inc.)
WebReg (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live ID-Anmelde-Assistent (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Mobile-Gerätecenter (HKLM\...\{904CCF62-818D-4675-BC76-D37EB399F917}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Mobile-Gerätecenter: Treiberupdate (HKLM\...\{E7044E25-3038-4A76-9064-344AC038043E}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows-Treiberpaket - Telechips Inc (vtcdrv) USB (11/16/2011 5.0.0.3) (HKLM\...\E40BDFFBFD93EBFF5EF93A21BDA9030934851531) (Version: 11/16/2011 5.0.0.3 - Telechips Inc)
WinRAR (HKLM\...\WinRAR archiver) (Version: - )
WISO Steuer-Sparbuch 2014 (HKLM\...\{E439321B-A036-4617-B43D-4A752B5680F5}) (Version: 21.00.8480 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2015 (HKLM\...\{C2474473-B5D8-4898-B281-6159760F36BB}) (Version: 22.00.8811 - Buhl Data Service GmbH)
WOW Slider (HKLM\...\WOW Slider) (Version: - )
WSE_Astromenda (HKLM\...\WSE_Astromenda) (Version: - WSE_Astromenda) <==== ATTENTION!
Xvid Video Codec (HKLM\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)
ZOC Terminal 5.0 (HKLM\...\ZOC5) (Version: 5.08 - EmTec Innovative Software)
ZOC Terminal 6.1 (HKLM\...\ZOC6) (Version: 6.18 - EmTec Innovative Software)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{00021401-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Dirk\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{00EEBF57-477D-4084-9921-7AB3C2C9459D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{03C036F1-A186-11D0-824A-00AA005B4383}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{047DDC7E-F9C2-11DD-A093-79D855D89593}\InprocServer32 -> C:\Windows\system32\shdocvw.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{06EEE834-461C-42C2-8DCF-1502B527B1F9}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{090746F9-9F39-42C0-920A-4852C2EDE704}\InprocServer32 -> C:\Program Files\Avanquest\Ausschneiden 2.0\Photo Eraser\APAX.dll No File
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{0AF10CEC-2ECD-4B92-9581-34F6AE0637F3}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{0AFACED1-E828-11D1-9187-B532F1E9575D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{0B91A74B-AD7C-4A9D-B563-29EEF9167172}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{0BCE32B2-DA1B-41D7-A71F-C02A7D633CE5}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{0C15D503-D017-47CE-9016-7B3F978721CC}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{0D43FE01-F093-11CF-8940-00A0C9054228}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{16d51579-a30b-4c8b-a276-0ff4dc41e755}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{16F3DD56-1AF5-4347-846D-7C10C4192619}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{1F77B17B-F531-44DB-ACA4-76ABB5010A28}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\InprocServer32 -> C:\Windows\system32\MSWINSCK.OCX (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{25815CC0-43F4-3C75-8C3A-A139D9ADE740}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{25CD009F-FFBF-418A-8E11-7A877CAFCAF5}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{2B11E9B0-9F09-11D0-9484-00A0C91110ED}\InprocServer32 -> C:\Windows\System32\msstdfmt.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{35786D3C-B075-49B9-88DD-029876E11C01}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{42ED960B-3C77-4008-A81E-C655146B1FD5}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{4955DD33-B159-11D0-8FCF-00AA006BCC59}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{49F371E1-8C5C-4D9C-9A3B-54A6827F513C}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{4DF0C730-DF9D-4AE3-9153-AA6B82E9795A}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{50EE5B75-5635-11D1-AC2A-D4EA0B000000}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{50EF4544-AC9F-4A8E-B21B-8A26180DB13F}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{527C9A9B-B9A2-44B0-84F9-F0DC11C2BCFB}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{53BD6B4E-3780-4693-AFC3-7161C2F3EE9C}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{55C7A567-7B90-4885-9EDD-662D359ED389}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{603D3800-BD81-11D0-A3A5-00C04FD706EC}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{6311429E-2F1A-4777-880F-C7289FD10169}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{640167B4-59B0-47A6-B335-A6B3C0695AEA}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{648A5600-2C6E-101B-82B6-000000000014}\InprocServer32 -> C:\Windows\System32\mscomm32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{6C467336-8281-4E60-8204-430CED96822D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{6D49AC84-BEAD-11D1-A074-0080C740BFBD}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{6D835690-900B-11D0-9484-00A0C91110ED}\InprocServer32 -> C:\Windows\System32\msstdfmt.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{71C3BF7F-682F-4B5E-9E47-5C25D3AC9458}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{71F96385-DDD6-48D3-A0C1-AE06E8B055FB}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{72EB61E0-8672-4303-9175-F2E4C68B2E7C}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{7353C207-C0DA-45A1-93CC-47A853A736A1}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{73FCA462-9BD5-4065-A73F-A8E5F6904EF7}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{76765B11-3F95-4AF2-AC9D-EA55D8994F1A}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{77F419AA-771A-45FF-AC66-7567FA3243D3}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{780927D9-C564-4C09-8892-43E6EF2A8AFB}\InprocServer32 -> C:\Program Files\Avanquest\Ausschneiden 2.0\APAX.dll No File
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{797F3885-5429-11D4-8823-0050DA59922B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{7B81BE6A-CE2B-4676-A29E-EB907A5126C5}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{807C1E6C-1D00-453F-B920-B61BB7CDD997}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{82C588E7-E54B-408C-9F8C-6AF9ADF6F1E9}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{85E94D25-0712-47ED-8CDE-B0971177C6A1}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{875CB1A1-0F29-45DE-A1AE-CFB4950D0B78}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{8903F6C9-25E3-40AC-A98F-E6D35CD0469C}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{89D83576-6BD1-4C86-9454-BEB04E94C819}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{8E85D0CE-DEAF-4EA1-9410-FD1A2105CEB5}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{8F170678-2A97-4D59-89A1-7A0A71C1B677}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{9113A02D-00A3-46B9-BC5F-9C04DADDD5D7}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{920E6DB1-9907-4370-B3A0-BAFC03D81399}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{942BC614-676C-464E-B384-D3202AAA02DA}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{97E467B4-98C6-4F19-9588-161B7773D6F6}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{989D1DC0-B162-11D1-B6EC-D27DDCF9A923}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{99FD978C-D287-4F50-827F-B2C658EDA8E7}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{99FF4677-FFC3-11D0-BD02-00C04FC2FB86}\InprocServer32 -> C:\Windows\System32\msstdfmt.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{9A02E012-6303-4E1E-B9A1-630F802592C5}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{9C73F5E5-7AE7-4E32-A8E8-8D23B85255BF}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{9CFC2DF3-6BA3-46EF-A836-E519E81F0EC4}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{A372C6DF-7A85-41B1-B3B0-D1E24073DCBF}\InprocServer32 -> C:\Program Files\MyPhoneExplorer\DLL\ShellMgr.dll (F.J. Wechselberger)
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{A6595CD1-BF77-430A-A452-18696685F7C7}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{AB968F1E-E20B-403A-9EB8-72EB0EB6797E}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{B155BDF8-02F0-451E-9A26-AE317CFD7779}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{B54F3743-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{B77B1CBF-E827-44A9-A33A-6CCFEEAA142A}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{B8967F85-58AE-4F46-9FB2-5D7904798F4B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{BC48B32F-5910-47F5-8570-5074A8A5636A}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{BDEADF00-C265-11D0-BCED-00A0C90AB50F}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{C206F324-BB45-4765-93FF-3BCA7306FF2E}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{CACAF262-9370-4615-A13B-9F5539DA4C0A}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{cc5bbec3-db4a-4bed-828d-08d78ee3e1ed}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{D58960BA-2EF3-4910-9E34-C911B1710180}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{DD230880-495A-11D1-B064-008048EC2FC5}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{E03E85B0-7BE3-4000-BA98-6C13DE9FA486}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{E0629351-6F81-11D2-973F-00104B9B172F}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{E413D040-6788-4C22-957E-175D1C513A34}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{E88DCCE0-B7B3-11D1-A9F0-00AA0060FA31}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{E97F7176-7C91-4648-A0CE-94F37BF016F8}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{EDB5F444-CB8D-445A-A523-EC5AB6EA33C7}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{EFDB41B0-5538-42F1-995B-460DA31C0924}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{F1390A9A-A3F4-4E5D-9C5F-98F3BD8D935C}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{F3364BA0-65B9-11CE-A9BA-00AA004AE837}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{F40F3ACC-C350-40DE-8C67-9AA07004B8E5}\InprocServer32 -> C:\Program Files\Avanquest\Ausschneiden 2.0\Photo Eraser\APAX.dll No File
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{f414c262-6ac0-11cf-b6d1-00aa00bbbb58}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{F81E9010-6EA4-11CE-A7FF-00AA003CA9F6}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dirk\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dirk\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dirk\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dirk\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dirk\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dirk\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dirk\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dirk\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{FBF23B40-E3F0-101B-8488-00AA003E56F8}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-292042570-3503651505-2778631356-1000_Classes\CLSID\{FE841493-835C-4FA3-B6CC-B4B2D4719848}\InprocServer32 -> No File Path
==================== Restore Points =========================
31-01-2015 12:46:41 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-04-27 18:17 - 2013-04-27 18:17 - 00000863 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 activate.adobe.com
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {001B5A27-8BDF-401C-8028-02DA2C9F3119} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {014E1CCE-0F36-4534-960A-780D1ADECB7B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {0D2545FA-FA28-4F15-BE47-FFA4D965F0B8} - System32\Tasks\Microsoft_Hardware_Launch_vVX1000_exe => C:\Windows\vVX1000.exe [2010-05-20] (Microsoft Corporation)
Task: {0F8E4BBC-86B0-4EEB-89AC-A5507838AD2E} - System32\Tasks\{DB9079F9-F5EB-48AB-B17A-713176BB5175} => pcalua.exe -a C:\Windows\system32\ISUSPM.cpl -c Software Updates
Task: {2F4E9330-EC66-4B42-A065-39E5A64B8E1B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {4181A371-DF41-4E51-9908-5F66B8B66428} - System32\Tasks\{71AF9420-50F6-47BB-AF3D-7495DAFCAC23} => pcalua.exe -a E:\Registration.exe -d E:\
Task: {4AF16DB0-4034-47A1-8299-6B54DFCE213C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {4FE25273-F748-4066-B39E-D46F366CEE16} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\VistaSP1CEIP => C:\Windows\servicing\vsp1ceip.exe [2008-01-18] (Microsoft Corporation)
Task: {5506F850-C5A7-4EC6-82CC-E230E6AE6057} - System32\Tasks\{890ADB5E-8FA9-43E1-8EAA-2041CCAC3F76} => pcalua.exe -a "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma.cpl" -c Adobe Gamma
Task: {559768E4-A777-4107-A6A9-84BC0FBE8112} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe
Task: {60F39CCC-CE96-4846-B7BB-78D73EA3E232} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {6B3120CE-71D1-486F-8EE1-E557185C7837} - System32\Tasks\Update Manager => C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe
Task: {6E3B20B4-8B4C-41FD-833E-7B0BD6F6AC7E} - System32\Tasks\{CBFD0D82-80BB-4F07-B64F-467700D99B82} => pcalua.exe -a C:\Downloads\V2.3\V2.3\setup.exe -d C:\Downloads\V2.3\V2.3
Task: {756AC90A-42C5-4232-AFE2-9910CE51E1C1} - System32\Tasks\Google Software Updater => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-09-08] (Google)
Task: {7DFA92DE-1641-413A-BAFF-5B301D3B01EB} - System32\Tasks\{C41FB2F5-BA24-4EF5-8CD2-931E9AAECAB5} => pcalua.exe -a E:\setup.exe -d E:\
Task: {7F25717C-00F8-48B8-ACB0-DDDE4EBE7695} - System32\Tasks\Passwortsafe => C:\Program Files\Password Safe and Repository\psr.exe [2009-09-29] (MATESO GmbH)
Task: {7FE15A0E-9E56-4B6A-B33C-654BFC3E696C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-26] (Adobe Systems Incorporated)
Task: {8B14C691-FBAE-455C-A3CF-25EE2536A3F0} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2008-01-18] (Microsoft Corporation)
Task: {92FF8DA8-369B-436A-AE69-D91F51DFEC8A} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-292042570-3503651505-2778631356-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {93BB58C3-778F-4622-9CE3-92EA90EC17EC} - System32\Tasks\{2BFBC82C-D5A5-4E67-8E95-040BC5AA5B50} => pcalua.exe -a E:\setup.exe -d E:\
Task: {95D87642-EEB3-42B2-AFB0-C606EEAB5DA1} - System32\Tasks\Norten Ghost => C:\Program Files\Norton Ghost\Agent\VProTray.exe
Task: {99A8B605-FB21-4A97-B03A-0FEB6B42D992} - System32\Tasks\Guard.exe => C:\Program Files\FutureCode\KuDB\Guard.exe [2004-06-21] ()
Task: {AEA4B42E-8253-42FC-9278-3914274CB2B7} - System32\Tasks\{BA480BE6-2DD2-4B91-A170-B5A7134EBAFC} => pcalua.exe -a "C:\Program Files\QuickTime\QTSystem\QuickTime.cpl" -c QuickTime
Task: {B6C34560-C71D-4CAF-AC28-3449FF66CB67} - System32\Tasks\{59FC71BB-9EE1-48D0-B8A2-AF13062B3A58} => pcalua.exe -a E:\cdstart.exe -d E:\
Task: {BB9EFC66-E17E-470F-A09E-5A57E576CF3B} - System32\Tasks\{ED99F15F-D9BE-4649-AF9C-ECCDE0F0E3D8} => pcalua.exe -a E:\setup.exe -d E:\
Task: {BFF01119-0B20-45EE-82D1-F4A9B5F5E8AA} - System32\Tasks\{A4739EDA-4A69-46AD-BA6D-678C426EB451} => pcalua.exe -a "C:\Program Files\WinAce\SXUNINST.EXE" -c "C:\Program Files\WinAce\SXUNINST.INI"
Task: {C019144B-C770-41B4-920B-491C8CB50D4A} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated)
Task: {C0DF53A6-CDE2-4D79-ACF3-102722C3B9AD} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance => C:\Program Files\TuneUp Utilities 2010\OneClick.exe
Task: {C3439226-C7AD-4C34-9D43-F24EEEFB88DF} - System32\Tasks\NeroLiveEpgUpdate-Home-PC_Dirk => C:\Program Files\Nero\Nero 9\Nero Live\NeroLive.exe [2008-09-01] (Nero AG)
Task: {D09F536B-0B6A-490D-BFEF-4D1222761C79} - System32\Tasks\WSE_Astromenda => C:\Users\Dirk\AppData\Roaming\WSE_AS~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {D4380103-8D70-4728-ACF8-63F4C555BAA3} - System32\Tasks\HP-Online-Aktualisierungsprogramm => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
Task: {D55D5AFB-A029-4A48-BE50-36C82255DC3B} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-292042570-3503651505-2778631356-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {E241D4ED-E262-4B76-8C40-97F01E76933B} - System32\Tasks\{2A8E682A-E361-461C-AAAA-D61AEC270BE6} => pcalua.exe -a E:\setup.exe -d E:\ -c /AUTORUN
Task: {ED1FAEC1-D55C-408C-BB0B-65604CEFF424} - System32\Tasks\{2A0B4C11-3104-413B-9A99-92487403E12E} => pcalua.exe -a F:\setup.exe -d F:\
Task: {F24A5087-0D06-4B42-A4E6-4D6FC6333A5E} - System32\Tasks\{BBB74362-63FB-4AFD-BE00-D7C0B5BB0286} => pcalua.exe -a E:\SETUP.EXE -d E:\
Task: {F3C0BA31-BEF1-411C-991E-0DDA651EA6C0} - System32\Tasks\{AD84C8C0-FE89-410C-A36F-B8078DE2DA1B} => pcalua.exe -a E:\ShelExec.exe -d E:\ -c open.htm
Task: {F646B518-A20C-4431-BA8C-46D162E12E60} - System32\Tasks\{AE648955-76B7-4723-919A-A7915F52D3AF} => pcalua.exe -a E:\cdstart.exe -d E:\
Task: {F9A8CD18-D2A9-41F6-B795-C63E6D449C52} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Dirk => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)
Task: {FC9FD8FB-539F-4305-83BA-5B58A8D8A716} - System32\Tasks\{3E3C9F52-7F98-43BB-8884-BF7629FFC584} => pcalua.exe -a "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma.cpl" -c Adobe Gamma
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\NeroLiveEpgUpdate-Home-PC_Dirk.job => C:\Program Files\Nero\Nero 9\Nero Live\NeroLive.exe
Task: C:\Windows\Tasks\WSE_Astromenda.job => C:\Users\Dirk\AppData\Roaming\WSE_AS~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
==================== Loaded Modules (whitelisted) =============
2007-05-31 17:38 - 2007-04-25 18:09 - 00087808 _____ () C:\Windows\System32\cpwmon2k.dll
2006-12-22 06:31 - 2006-12-22 06:31 - 00108712 _____ () C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-12-20 17:19 - 2012-12-20 17:19 - 00479752 _____ () C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\dblite.dll
2012-12-20 17:19 - 2012-12-20 17:19 - 01310728 _____ () C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\kpcengine.2.2.dll
2013-10-14 15:32 - 2009-09-08 13:12 - 00116104 _____ () C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
2013-09-25 06:28 - 2012-12-07 16:26 - 00167424 _____ () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
2013-08-14 14:19 - 2013-08-14 14:19 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-08-06 11:59 - 2011-01-13 11:44 - 00232800 _____ () C:\Program Files\StarMoney 9.0\ouservice\PATCHW32.dll
2014-12-29 20:40 - 2013-11-12 15:47 - 00536064 _____ () C:\Windows\system32\atwtusb.exe
2014-09-09 10:00 - 2014-09-09 10:00 - 00023576 _____ () C:\Program Files\Acronis\TrueImageHome\ti_managers_proxy_stub.dll
2007-05-11 18:47 - 2003-09-02 18:13 - 00024576 _____ () C:\Program Files\WS_FTP Pro\nsftpch.dll
2007-05-11 18:41 - 2007-09-20 17:34 - 00129024 _____ () C:\Program Files\WinRAR\rarext.dll
2012-09-23 19:43 - 2012-09-23 19:43 - 00010240 _____ () C:\Program Files\Adobe\Acrobat 11.0\Acrobat\locale\de_de\acrotray.deu
2014-01-10 06:26 - 2014-01-10 06:26 - 01861968 _____ () C:\Program Files\DivX\DivX Update\DivXUpdate.exe
2014-01-10 06:28 - 2014-01-10 06:28 - 00100688 _____ () C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
2014-12-29 20:40 - 2012-09-10 14:53 - 02963456 _____ () C:\Windows\System32\AtwtusbIcon.exe
2014-11-27 10:42 - 2014-11-27 10:42 - 00037696 _____ () C:\Program Files\Acronis\TrueImageHome\qt_icontray_ex.dll
2014-11-27 10:42 - 2014-11-27 10:42 - 00034624 _____ () C:\Program Files\Common Files\Acronis\Home\thread_pool.dll
2015-01-28 21:51 - 2015-01-28 21:52 - 03925104 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2008-10-30 13:39 - 2008-10-30 13:39 - 00016384 ____R () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-09-19 17:48 - 2011-09-19 17:48 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-11-27 10:47 - 2014-11-27 10:47 - 00420160 _____ () C:\Program Files\Common Files\Acronis\Home\ulxmlrpcpp.dll
2014-11-27 10:44 - 2014-11-27 10:44 - 00129344 _____ () C:\Program Files\Common Files\Acronis\Home\EXPAT.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\Software\Classes\.exe: => <===== ATTENTION!
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: XboxStat => "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
========================= Accounts: ==========================
Administrator (S-1-5-21-292042570-3503651505-2778631356-500 - Administrator - Disabled)
Dirk (S-1-5-21-292042570-3503651505-2778631356-1000 - Administrator - Enabled) => C:\Users\Dirk
Gast (S-1-5-21-292042570-3503651505-2778631356-501 - Limited - Disabled)
Mcx1 (S-1-5-21-292042570-3503651505-2778631356-1018 - Administrator - Enabled) => C:\Users\Mcx1.Home-PC
Pascal (S-1-5-21-292042570-3503651505-2778631356-1019 - Limited - Enabled) => C:\Users\Pascal
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/31/2015 01:58:23 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (01/31/2015 01:58:23 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (01/31/2015 01:30:27 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Failed to compile: System.Web.Extensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070002
Error: (01/31/2015 01:30:25 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Failed to compile: System.Web.Entity.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80070002
Error: (01/31/2015 01:30:22 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Failed to compile: System.Web.Entity, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80070002
Error: (01/31/2015 01:30:18 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Failed to compile: System.Web.DynamicData.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070002
Error: (01/31/2015 01:30:16 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Failed to compile: System.Web.DynamicData, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070002
Error: (01/31/2015 01:30:06 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Failed to compile: System.Web.DataVisualization.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070002
Error: (01/31/2015 01:30:06 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Failed to compile: System.Web.DataVisualization, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070002
Error: (01/31/2015 01:30:05 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Failed to compile: System.Web.Abstractions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070002
System errors:
=============
Error: (01/31/2015 01:58:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Security Driver%%2
Error: (01/31/2015 01:58:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Freemake Improver%%1053
Error: (01/31/2015 01:58:17 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Freemake Improver
Error: (01/31/2015 01:58:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: ASInsHelp%%2
Error: (01/31/2015 01:53:27 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {1EF75F33-893B-4E8F-9655-C3D602BA4897}
Error: (01/31/2015 00:55:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Security Driver%%2
Error: (01/31/2015 00:55:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Freemake Improver%%1053
Error: (01/31/2015 00:55:27 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Freemake Improver
Error: (01/31/2015 00:55:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: ASInsHelp%%2
Error: (01/31/2015 00:07:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Security Driver%%2
Microsoft Office Sessions:
=========================
Error: (10/14/2013 06:20:17 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 8 seconds with 0 seconds of active time. This session ended with a crash.
Error: (04/23/2013 04:16:46 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 4 seconds with 0 seconds of active time. This session ended with a crash.
Error: (05/06/2012 03:16:06 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2872 seconds with 240 seconds of active time. This session ended with a crash.
Error: (03/30/2012 02:30:22 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 7816 seconds with 600 seconds of active time. This session ended with a crash.
Error: (08/30/2011 08:50:08 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 4924 seconds with 540 seconds of active time. This session ended with a crash.
Error: (08/10/2011 08:23:47 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 429 seconds with 300 seconds of active time. This session ended with a crash.
Error: (07/15/2011 03:45:50 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 504 seconds with 120 seconds of active time. This session ended with a crash.
Error: (03/02/2011 07:03:42 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 2096 seconds with 960 seconds of active time. This session ended with a crash.
Error: (02/23/2011 08:58:03 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 595 seconds with 300 seconds of active time. This session ended with a crash.
Error: (02/19/2011 08:52:29 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2 seconds with 0 seconds of active time. This session ended with a crash.
CodeIntegrity Errors:
===================================
Date: 2015-01-31 14:05:24.469
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\kl1.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-31 14:05:24.078
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\kl1.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-31 14:05:23.672
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\kl1.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-31 14:05:23.266
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\kl1.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-31 13:07:00.546
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\kneps.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-31 13:07:00.030
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\kneps.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-31 13:06:59.515
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\kneps.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-31 13:06:59.015
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\kneps.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-31 13:06:58.405
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\kltdi.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-31 13:06:57.905
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\kltdi.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz
Percentage of memory in use: 50%
Total physical RAM: 3069.76 MB
Available physical RAM: 1504.55 MB
Total Pagefile: 9737.42 MB
Available Pagefile: 7903.89 MB
Total Virtual: 2047.88 MB
Available Virtual: 1888.71 MB
==================== Drives ================================
Drive c: (SYSTEM) (Fixed) (Total:843.71 GB) (Free:758.26 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:76.08 GB) (Free:72.69 GB) NTFS
Drive e: (SO2015) (CDROM) (Total:4.05 GB) (Free:0 GB) UDF
Drive i: (My Book) (Fixed) (Total:3725.99 GB) (Free:3433.7 GB) NTFS
Drive o: (Backup) (Fixed) (Total:931.51 GB) (Free:623.8 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: 00E8E465)
Partition 1: (Not Active) - (Size=11.7 GB) - (Type=27)
Partition 2: (Active) - (Size=843.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=76.1 GB) - (Type=07 NTFS)
Attempted reading MBR returned 0 bytes.
Could not read MBR for disk 6.
========================================================
Disk: 7 (Size: 931.5 GB) (Disk ID: 98F202B9)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit quick scan 2015-01-31 14:29:07
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD10EALS-00Z8A0 rev.05.01D05 931,51GB
Running: Gmer-19357.exe; Driver: C:\Users\Dirk\AppData\Local\Temp\kwtdipow.sys
---- Devices - GMER 2.1 ----
AttachedDevice \FileSystem\Ntfs \Ntfs fltsrv.sys
AttachedDevice \Driver\tdx \Device\Ip kltdi.sys
AttachedDevice \Driver\tdx \Device\Tcp kltdi.sys
AttachedDevice \Driver\tdx \Device\Udp kltdi.sys
AttachedDevice \Driver\tdx \Device\RawIp kltdi.sys
---- EOF - GMER 2.1 ----
|
|
31.01.2015, 15:48
| #3 |
| /// the machine /// TB-Ausbilder    | Vista 32 bit ServicePack 2 mit WindowsMangerProtect Problem und mehr hi,
__________________Lade Dir bitte von hier  Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Scan mit Combofix
__________________ |
|
31.01.2015, 19:07
| #4 |
| | Vista 32 bit ServicePack 2 mit WindowsMangerProtect Problem und mehr Hallo Schrauber, erst mal vielen Dank für deine Hilfe! Hier die Combifix Code:
ATTFilter ComboFix 15-01-29.01 - Dirk 31.01.2015 18:32:31.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3070.1415 [GMT 1:00]
ausgeführt von:: c:\users\Dirk\Desktop\ComboFix.exe
AV: Kaspersky PURE 3.0 *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
FW: Kaspersky PURE 3.0 *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
SP: Kaspersky PURE 3.0 *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\xml48D1.tmp
c:\programdata\xml8C76.tmp
c:\programdata\xml902C.tmp
c:\programdata\xml90C7.tmp
c:\programdata\xmlA2DA.tmp
c:\programdata\xmlA4FE.tmp
c:\programdata\xmlA53D.tmp
c:\programdata\xmlD73C.tmp
c:\users\Dirk\AppData\Local\665549406extsetup6655645931.exe
c:\users\Dirk\AppData\Local\665549406extsq.dll
c:\users\Dirk\AppData\Local\assembly\tmp
c:\users\Dirk\AppData\Local\dsisetup1052016712.exe
c:\users\Dirk\AppData\Local\dsisetup11431845002.exe
c:\users\Dirk\AppData\Roaming\1&1
c:\users\Dirk\AppData\Roaming\1&1\1&1 EasyLogin\EasyLogin.log
c:\users\Dirk\AppData\Roaming\1&1\1&1 EasyLogin\update\EasyLogin_setup_DE.exe
c:\users\Dirk\AppData\Roaming\Microsoft\Windows\Recent\Password.url
c:\users\Pascal\AppData\Local\Microsoft\Windows\Temporary Internet Files\pplCsv.txt
c:\users\Pascal\AppData\Local\Microsoft\Windows\Temporary Internet Files\tempCsv.txt
c:\windows\IsUn0407.exe
c:\windows\msdownld.tmp
c:\windows\system32\drivers\SET2CB8.tmp
c:\windows\system32\drivers\SET4802.tmp
c:\windows\system32\drivers\SET4D95.tmp
c:\windows\system32\drivers\SET4E4C.tmp
c:\windows\system32\drivers\SET5347.tmp
c:\windows\system32\drivers\SET5512.tmp
c:\windows\system32\drivers\SET5B1D.tmp
c:\windows\system32\drivers\SET6052.tmp
c:\windows\system32\drivers\SET75BE.tmp
c:\windows\system32\drivers\SET83F.tmp
c:\windows\system32\drivers\SETB7F7.tmp
c:\windows\system32\drivers\SETBA0A.tmp
c:\windows\system32\drivers\SETBF3.tmp
c:\windows\system32\is-1U4UO.tmp
c:\windows\system32\is-4BOOJ.tmp
c:\windows\system32\is-BKU4L.tmp
c:\windows\system32\is-GB0S9.tmp
c:\windows\system32\is-HVPRL.tmp
c:\windows\system32\is-OAO4S.tmp
c:\windows\system32\is-OC3JG.tmp
c:\windows\system32\is-S9BFL.tmp
c:\windows\system32\is-UHUMS.tmp
c:\windows\system32\SETF678.tmp
c:\windows\system32\SETF87E.tmp
c:\windows\system32\tmpCA01.tmp
c:\windows\system32\tmpCABD.tmp
c:\windows\UA000096.DLL
c:\windows\unin0407.exe
I:\AUTORUN.INF
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ACEDRV11
-------\Service_acedrv11
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-12-28 bis 2015-01-31 ))))))))))))))))))))))))))))))
.
.
2015-01-31 17:46 . 2015-01-31 17:53 -------- d-----w- c:\users\Dirk\AppData\Local\temp
2015-01-31 17:46 . 2015-01-31 17:46 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2015-01-31 17:46 . 2015-01-31 17:46 -------- d-----w- c:\users\Mcx1.Home-PC\AppData\Local\temp
2015-01-31 17:46 . 2015-01-31 17:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-01-31 17:00 . 2015-01-31 17:00 -------- d-----w- c:\program files\VS Revo Group
2015-01-31 13:04 . 2015-01-31 13:07 -------- d-----w- C:\FRST
2015-01-31 11:59 . 2015-01-31 11:59 -------- d-----w- c:\users\Dirk\AppData\Roaming\Enigma Software Group
2015-01-31 11:59 . 2015-01-31 11:59 -------- d-----w- C:\sh4ldr
2015-01-31 11:59 . 2015-01-30 19:54 19984 ----a-w- c:\windows\system32\drivers\EsgScanner.sys
2015-01-31 08:05 . 2006-11-02 06:21 319456 ----a-w- c:\windows\system32\DIFxAPI.dll
2015-01-31 08:04 . 2011-05-13 12:34 51312 ----a-w- c:\windows\system32\drivers\fetnd6v.sys
2015-01-31 08:04 . 2006-10-27 15:26 69632 ----a-w- c:\windows\system32\vuins32.dll
2015-01-30 19:54 . 2015-01-30 19:54 -------- d-----w- c:\program files\Enigma Software Group
2015-01-30 18:43 . 2014-12-02 11:01 9054624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A8A37E81-31CF-4716-AC6C-0483EC49CDBE}\mpengine.dll
2015-01-26 19:40 . 2015-01-26 19:56 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-01-26 19:40 . 2015-01-26 19:56 701616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-01-24 14:38 . 2015-01-24 14:38 -------- d-----w- c:\programdata\Elcomsoft Password Recovery
2015-01-24 14:38 . 2015-01-24 14:38 -------- d-----w- c:\program files\Elcomsoft Password Recovery
2015-01-24 12:27 . 2015-01-24 12:27 -------- d-----w- C:\digitalvideoconverter
2015-01-24 11:45 . 2015-01-26 16:28 -------- d-----w- c:\program files\Search Extensions
2015-01-24 11:41 . 2015-01-24 11:41 -------- d-----w- c:\programdata\WindowsMangerProtect
2015-01-24 11:40 . 2015-01-24 11:40 -------- d-----w- c:\programdata\MailUpdate
2015-01-24 11:40 . 2015-01-24 11:53 -------- d-----w- c:\users\Dirk\AppData\Roaming\MailUpdate
2015-01-24 11:33 . 2015-01-24 11:33 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2015-01-24 11:33 . 2015-01-24 11:33 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2015-01-24 11:33 . 2015-01-24 11:32 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2015-01-24 11:33 . 2015-01-24 11:32 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2015-01-24 11:33 . 2015-01-24 11:32 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2015-01-24 11:20 . 2015-01-24 11:20 -------- d-----w- c:\program files\AC3Filter
2015-01-20 06:28 . 2015-01-20 06:28 83 ----a-w- c:\windows\system32\gpupdate.bin
2015-01-15 02:13 . 2014-12-19 00:25 115200 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2015-01-15 02:01 . 2014-12-06 03:14 48640 ----a-w- c:\windows\system32\nlaapi.dll
2015-01-15 02:01 . 2014-12-06 03:14 174080 ----a-w- c:\windows\system32\nlasvc.dll
2015-01-15 02:01 . 2014-12-06 03:14 93184 ----a-w- c:\windows\system32\ncsi.dll
2015-01-15 02:00 . 2014-12-06 03:14 153600 ----a-w- c:\windows\system32\profsvc.dll
2015-01-06 16:56 . 2015-01-06 16:56 -------- d-----w- c:\programdata\Avanquest Software
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-06 03:36 . 2009-10-03 10:53 249488 ------w- c:\windows\system32\MpSigStub.exe
2015-01-01 14:05 . 2015-01-01 14:05 214304 ----a-w- c:\windows\system32\drivers\file_tracker.sys
2015-01-01 14:04 . 2015-01-01 14:04 169248 ----a-w- c:\windows\system32\drivers\tib_mounter.sys
2015-01-01 14:04 . 2015-01-01 11:34 867968 ----a-w- c:\windows\system32\drivers\tib.sys
2015-01-01 14:04 . 2015-01-01 11:34 208672 ----a-w- c:\windows\system32\drivers\snapman.sys
2015-01-01 14:03 . 2015-01-01 11:33 98592 ----a-w- c:\windows\system32\drivers\fltsrv.sys
2014-12-03 02:06 . 2014-12-10 17:47 278528 ----a-w- c:\windows\system32\schannel.dll
2014-11-24 20:44 . 2014-12-10 03:55 367104 ----a-w- c:\windows\system32\html.iec
2014-11-24 20:40 . 2014-12-10 03:55 1810944 ----a-w- c:\windows\system32\jscript9.dll
2014-11-24 20:35 . 2014-12-10 03:55 1129472 ----a-w- c:\windows\system32\wininet.dll
2014-11-24 20:34 . 2014-12-10 03:55 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2014-11-24 20:33 . 2014-12-10 03:55 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2014-11-24 20:33 . 2014-12-10 03:55 421376 ----a-w- c:\windows\system32\vbscript.dll
2014-11-24 20:32 . 2014-12-10 03:55 11776 ----a-w- c:\windows\system32\mshta.exe
2014-11-24 20:32 . 2014-12-10 03:55 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2014-11-19 03:31 . 2014-11-19 03:31 1217192 ----a-w- c:\windows\system32\FM20.DLL
2014-11-07 01:33 . 2014-12-10 18:02 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-11-04 00:19 . 2014-12-10 18:02 2048 ----a-w- c:\windows\system32\tzres.dll
1997-09-03 22:00 . 1997-09-03 22:00 311296 ----a-w- c:\program files\Common Files\msacc8.olb
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 131480 ----a-w- c:\users\Dirk\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 131480 ----a-w- c:\users\Dirk\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 131480 ----a-w- c:\users\Dirk\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 131480 ----a-w- c:\users\Dirk\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 131480 ----a-w- c:\users\Dirk\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 131480 ----a-w- c:\users\Dirk\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 131480 ----a-w- c:\users\Dirk\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 131480 ----a-w- c:\users\Dirk\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncError]
@="{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}"
[HKEY_CLASSES_ROOT\CLSID\{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}]
2014-09-09 09:04 2644776 ----a-w- c:\program files\Acronis\TrueImageHome\tishell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncInProgress]
@="{00F848DC-B1D4-4892-9C25-CAADC86A215D}"
[HKEY_CLASSES_ROOT\CLSID\{00F848DC-B1D4-4892-9C25-CAADC86A215D}]
2014-09-09 09:04 2644776 ----a-w- c:\program files\Acronis\TrueImageHome\tishell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncOk]
@="{71573297-552E-46fc-BE3D-3DFAF88D47B7}"
[HKEY_CLASSES_ROOT\CLSID\{71573297-552E-46fc-BE3D-3DFAF88D47B7}]
2014-09-09 09:04 2644776 ----a-w- c:\program files\Acronis\TrueImageHome\tishell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2014-05-25 15:17 458944 ----a-w- c:\program files\Kaspersky Lab\Kaspersky PURE 3.0\shellex.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"Adobe Acrobat Synchronizer"="c:\program files\Adobe\Acrobat 11.0\Acrobat\AdobeCollabSync.exe" [2013-05-11 694352]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"snpstd3"="c:\windows\vsnpstd3.exe" [2005-09-05 339968]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-02 98304]
"RtHDVCpl"="RtHDVCpl.exe" [2008-02-24 4911104]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe" [2013-05-11 3478600]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-11-01 2508104]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-03 767312]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2009-09-28 140640]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-12 43848]
"TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" [2014-05-20 295512]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe" [2013-11-11 356128]
"DivXMediaServer"="c:\program files\DivX\DivX Media Server\DivXMediaServer.exe" [2014-08-19 448856]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2014-01-10 1861968]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"DriveUtilitiesHelper"="c:\program files\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe" [2014-05-23 1852264]
"AtwtusbIcon"="AtwtusbIcon.exe" [2012-09-10 2963456]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2014-11-27 5343272]
"AcronisTibMounterMonitor"="c:\program files\Common Files\Acronis\TibMounter\TibMounterMonitor.exe" [2014-10-17 606096]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2014-08-14 409912]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2014-10-02 421888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"ehTray.exe"=c:\windows\ehome\ehTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"FixCamera"=c:\windows\FixCamera.exe
"VX1000"=c:\windows\vVX1000.exe
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe"
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"mspd"=c:\windows\system32\mspd.exe
"Windows Mobile Device Center"=%windir%\WindowsMobile\wmdc.exe
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
"TotalMediaTVMonitor"="c:\program files\ArcSoft\TotalMedia TV 1.0\TotalMediaTVMonitor.exe"
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-292042570-3503651505-2778631356-1000]
"EnableNotificationsRef"=dword:00000003
.
S2 acedrv10;acedrv10;c:\windows\system32\drivers\acedrv10.sys [2007-10-28 583128]
S2 acehlp10;acehlp10;c:\windows\system32\drivers\acehlp10.sys [2007-10-26 250560]
S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [2015-01-01 4029432]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
hpdevmgmt REG_MULTI_SZ hpqcxs08
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
bthsvcs REG_MULTI_SZ BthServ
bthaudiosvc REG_MULTI_SZ HFGService
.
Inhalt des "geplante Tasks" Ordners
.
2015-01-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-26 19:56]
.
2015-01-30 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-05-06 15:56]
.
2015-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-28 17:23]
.
2015-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-28 17:23]
.
2015-01-30 c:\windows\Tasks\NeroLiveEpgUpdate-Home-PC_Dirk.job
- c:\program files\Nero\Nero 9\Nero Live\NeroLive.exe [2008-09-01 12:58]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.cipro.de/home.htm
uDefault_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1422099601&from=obw&uid=ST3250820AS_5QE2ABCQXXXX5QE2ABCQ&q={searchTerms}
mStart Page = about:blank
mWindow Title = Microsoft Internet Explorer
uInternet Settings,ProxyOverride = <-loopback>
uInternet Settings,ProxyServer = http=127.0.0.1:49876;https=127.0.0.1:49876
uSearchURL,(Default) = hxxp://go.1und1.de/suchbox/1und1suche?su=%s
LSP: c:\windows\system32\wpclsp.dll
Trusted Zone: creative-webpages.de\www
Trusted Zone: profiseller.de\www
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Dirk\AppData\Roaming\Mozilla\Firefox\Profiles\m12ex9oq.default\
FF - prefs.js: browser.search.selectedEngine - omiga-plus
FF - prefs.js: browser.startup.homepage - hxxp://www.cipro.de/home.htm
FF - prefs.js: keyword.URL - hxxp://www.sm.de/?q=
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
ShellIconOverlayIdentifiers-{5C9D3C37-2C95-4b5b-9EF0-4E0AFCA5E78A} - (no file)
ShellIconOverlayIdentifiers-{FB8CDFB0-B508-4F12-A91E-26E68ABB4DAE} - (no file)
ShellIconOverlayIdentifiers-{5CBF1ABD-2D6A-4570-9A4F-A47798BBFC08} - (no file)
ShellIconOverlayIdentifiers-{B133F3E9-124C-4669-BFFF-1B74508B5A84} - (no file)
ShellIconOverlayIdentifiers-{0B914147-F836-4cfa-893A-ECE90B815982} - (no file)
ShellExecuteHooks-{7B0E5486-E11D-437f-AC8B-7901C7D3FCCB} - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-XboxStat - c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe
HKLM_ActiveSetup-{5CCF8330-F742-411A-8A04-719806D168B5} - msiexec
AddRemove-Adobe Flash Player ActiveX - c:\windows\system32\Macromed\Flash\FlashUtil32_16_0_0_296_ActiveX.exe
AddRemove-Adobe Photoshop 7.0 - c:\windows\ISUN0407.EXE
AddRemove-WS_FTP Pro - c:\program files\WS_FTP Pro\uninst.isu
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2015-01-31 18:53
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-292042570-3503651505-2778631356-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{596EF8BC-0429-09B2-8B8F-0455F5A6C1E2}*]
"hagmnfnmdamaicbj"=hex:6b,61,6c,70,64,6b,70,6d,68,6d,63,6d,66,6d,68,67,65,6c,
6c,61,70,6e,00,00
"iamjciikbdilocdpoi"=hex:63,61,70,70,62,6c,00,00
"iaalhdnjknpcjhoill"=hex:6a,61,6c,70,65,6b,69,6d,68,66,66,68,63,61,64,6b,6f,6a,
70,69,00,00
"dbopimaeploebcmfhonjbgejndfocffnnpenehgc"=hex:68,61,64,6f,68,63,6b,6f,67,67,
6d,64,67,6c,6a,65,00,00
"jbopimaeploebcmfhonjajipfjcefjbnlfbjkljoeddacdplipji"=hex:68,61,64,6f,68,63,
6b,6f,67,67,6d,64,67,6c,6a,65,00,00
"dbopimaeploebcmfhonjoipklfdelfmanfpdmgnp"=hex:6a,61,67,63,69,6c,64,68,6a,67,
64,6e,6b,65,6e,6a,6e,67,62,6d,00,00
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(7368)
c:\program files\WS_FTP Pro\nsftpch.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Enigma Software Group\SpyHunter\SH4Service.exe
c:\windows\system32\atiesrxx.exe
c:\windows\system32\atieclxx.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\programdata\WindowsMangerProtect\ProtectWindowsManager.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\TeamViewer\Version9\TeamViewer_Service.exe
c:\program files\Western Digital\WD Drive Manager\WDDriveService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\atwtusb.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\RtHDVCpl.exe
c:\windows\System32\AtwtusbIcon.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Password Safe and Repository\psr.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\ehome\ehmsas.exe
c:\windows\ehome\ehsched.exe
c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
c:\windows\ehome\ehRecvr.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Common Files\Acronis\SyncAgent\syncagentsrv.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
c:\windows\system32\UI0Detect.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-01-31 19:00:55 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2015-01-31 18:00
.
Vor Suchlauf: 31 Verzeichnis(se), 806.013.136.896 Bytes frei
Nach Suchlauf: 36 Verzeichnis(se), 805.256.613.888 Bytes frei
.
- - End Of File - - EA39B93AC0A2B388330294B457F2D7AF
5C616939100B85E558DA92B899A0FC36
|
|
01.02.2015, 10:00
| #5 |
| /// the machine /// TB-Ausbilder | Vista 32 bit ServicePack 2 mit WindowsMangerProtect Problem und mehr Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
01.02.2015, 21:50
| #6 |
| | Vista 32 bit ServicePack 2 mit WindowsMangerProtect Problem und mehr Hi, zuerst kurze Info AdwCleaner ist hängen geblieben daher 2 Logs unten Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Protection, 01.02.2015 19:13:07, SYSTEM, HOME-PC, Protection, Malware Protection, Starting, Protection, 01.02.2015 19:13:07, SYSTEM, HOME-PC, Protection, Malware Protection, Started, Protection, 01.02.2015 19:13:07, SYSTEM, HOME-PC, Protection, Malicious Website Protection, Starting, Update, 01.02.2015 19:13:11, SYSTEM, HOME-PC, Manual, Remediation Database, 2013.10.16.1, 2014.12.6.1, Update, 01.02.2015 19:13:11, SYSTEM, HOME-PC, Manual, Rootkit Database, 2014.11.18.1, 2015.1.14.1, Protection, 01.02.2015 19:13:12, SYSTEM, HOME-PC, Protection, Malicious Website Protection, Started, Update, 01.02.2015 19:13:13, SYSTEM, HOME-PC, Manual, Malware Database, 2014.11.20.6, 2015.2.1.6, Protection, 01.02.2015 19:13:13, SYSTEM, HOME-PC, Protection, Refresh, Starting, Protection, 01.02.2015 19:13:13, SYSTEM, HOME-PC, Protection, Malicious Website Protection, Stopping, Protection, 01.02.2015 19:13:13, SYSTEM, HOME-PC, Protection, Malicious Website Protection, Stopped, Protection, 01.02.2015 19:13:23, SYSTEM, HOME-PC, Protection, Refresh, Success, Protection, 01.02.2015 19:13:23, SYSTEM, HOME-PC, Protection, Malicious Website Protection, Starting, Protection, 01.02.2015 19:13:23, SYSTEM, HOME-PC, Protection, Malicious Website Protection, Started, Protection, 01.02.2015 19:37:07, SYSTEM, HOME-PC, Protection, Malware Protection, Starting, Protection, 01.02.2015 19:37:07, SYSTEM, HOME-PC, Protection, Malware Protection, Started, Protection, 01.02.2015 19:37:07, SYSTEM, HOME-PC, Protection, Malicious Website Protection, Starting, Protection, 01.02.2015 19:39:09, SYSTEM, HOME-PC, Protection, Malicious Website Protection, Started, Detection, 01.02.2015 19:41:22, SYSTEM, HOME-PC, Protection, Malware Protection, File, PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe, Quarantine, [301a3bdeaedce254b15310500df614ec] (end) Code:
ATTFilter # AdwCleaner v4.109 - Bericht erstellt am 01/02/2015 um 19:50:37
# Aktualisiert 24/01/2015 von Xplode
# Database : 2015-01-26.1 [Live]
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzername : Dirk - HOME-PC
# Gestartet von : C:\Users\Dirk\Desktop\AdwCleaner_4.109.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\IBUpdaterService
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\ProgramData\WindowsMangerProtect
Ordner Gelöscht : C:\ProgramData\MailUpdate
Ordner Gelöscht : C:\Program Files\AskTBar
Ordner Gelöscht : C:\Program Files\Search Extensions
Ordner Gelöscht : C:\Users\Dirk\AppData\Local\Astromenda
Ordner Gelöscht : C:\Users\Dirk\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Dirk\AppData\Local\FileViewPro
Ordner Gelöscht : C:\Users\Dirk\AppData\Roaming\1H1Q
Ordner Gelöscht : C:\Users\Dirk\AppData\Roaming\Astromenda
Ordner Gelöscht : C:\Users\Dirk\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Dirk\AppData\Roaming\OCS
Ordner Gelöscht : C:\Users\Dirk\AppData\Roaming\MailUpdate
Code:
ATTFilter # AdwCleaner v4.109 - Bericht erstellt am 01/02/2015 um 20:08:23
# Aktualisiert 24/01/2015 von Xplode
# Database : 2015-01-26.1 [Live]
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzername : Dirk - HOME-PC
# Gestartet von : C:\Users\Dirk\Desktop\AdwCleaner_4.109.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Users\Dirk\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl
Datei Gelöscht : C:\Users\Dirk\Favorites\Startfenster.lnk
Datei Gelöscht : C:\Users\Dirk\Favorites\Links\Startfenster.lnk
Datei Gelöscht : C:\Windows\Reimage.ini
Datei Gelöscht : C:\Users\Dirk\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Startfenster.lnk
Datei Gelöscht : C:\Users\Dirk\AppData\Roaming\Mozilla\Firefox\Profiles\m12ex9oq.default\bProtector_extensions.rdf
Datei Gelöscht : C:\Users\Dirk\AppData\Roaming\Mozilla\Firefox\Profiles\m12ex9oq.default\invalidprefs.js
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Schlüssel Gelöscht : HKCU\Software\Mozilla\Extends
Schlüssel Gelöscht : HKCU\Software\d28dd0e63def12
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9CB2CD61-FFA0-406C-9D2D-8FDE6F4A4D8A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0194532A-A99C-4337-937E-2A452C8957BE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4260E0CC-0F75-462E-88A3-1E05C248BF4C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CB65206-89C4-402C-BA80-02D8C59F9B1D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F8C6023A-C536-4C0E-88D3-58898A3DC330}
Schlüssel Gelöscht : HKCU\Software\BRS
Schlüssel Gelöscht : HKCU\Software\Myfree Codec
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Orbit
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\Reimage
Schlüssel Gelöscht : HKLM\SOFTWARE\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\InstallCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Myfree Codec
Schlüssel Gelöscht : HKLM\SOFTWARE\Solvusoft
Schlüssel Gelöscht : HKLM\SOFTWARE\Reimage
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WSE_Astromenda
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WaInterEnhance
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:49876;hxxps=127.0.0.1:49876
***** [ Browser ] *****
-\\ Internet Explorer v9.0.8112.16599
-\\ Mozilla Firefox v35.0.1 (x86 de)
[m12ex9oq.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.searchengine.alias", "omiga-plus");
[m12ex9oq.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.searchengine.iconURL", "hxxp://isearch.omiga-plus.com/favicon.ico");
[m12ex9oq.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.searchengine.name", "omiga-plus");
[m12ex9oq.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.searchengine.url", "hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1422099601&from=obw&uid=ST3250820AS_5QE2ABCQXXXX5QE2ABCQ&q={searchTerms}");
[m12ex9oq.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.selectedEngine", "omiga-plus");
[m12ex9oq.default\prefs.js] - Zeile gelöscht : user_pref("extensions.astrmndasr.hmpgUrl", "hxxp://astromenda.com/?f=1&a=ast_dsites_14_37_ff&cd=2XzuyEtN2Y1L1QzutDtDtCzy0D0ByD0B0DyByB0B0BtCtA0CtN0D0Tzu0SzyzzzztN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytD[...]
[m12ex9oq.default\prefs.js] - Zeile gelöscht : user_pref("extensions.astrmndasr.newTabUrl", "hxxp://astromenda.com/?f=2&a=ast_dsites_14_37_ff&cd=2XzuyEtN2Y1L1QzutDtDtCzy0D0ByD0B0DyByB0B0BtCtA0CtN0D0Tzu0SzyzzzztN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzy[...]
[m12ex9oq.default\prefs.js] - Zeile gelöscht : user_pref("extensions.astrmndasr.prtnrId", "WSE_Astromenda");
[m12ex9oq.default\prefs.js] - Zeile gelöscht : user_pref("extensions.astrmndasr.srchPrvdr", "Astromenda");
[m12ex9oq.default\prefs.js] - Zeile gelöscht : user_pref("extensions.astrmndasr.tlbrSrchUrl", "hxxp://astromenda.com/?f=3&a=ast_dsites_14_37_ff&cd=2XzuyEtN2Y1L1QzutDtDtCzy0D0ByD0B0DyByB0B0BtCtA0CtN0D0Tzu0SzyzzzztN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtB[...]
[m12ex9oq.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.admin", false);
[m12ex9oq.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.aflt", "babsst");
[m12ex9oq.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
[m12ex9oq.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.autoRvrt", "false");
[m12ex9oq.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.dfltLng", "en");
[m12ex9oq.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.excTlbr", false);
[m12ex9oq.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.id", "f4c9b13c0000000000000019db5bd77b");
[m12ex9oq.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.instlDay", "15803");
[m12ex9oq.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.instlRef", "sst");
[m12ex9oq.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.newTab", false);
[m12ex9oq.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.prdct", "delta");
[m12ex9oq.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.prtnrId", "delta");
[m12ex9oq.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.rvrt", "false");
[m12ex9oq.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.smplGrp", "none");
[m12ex9oq.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.tlbrId", "base");
[m12ex9oq.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.tlbrSrchUrl", "");
[m12ex9oq.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.vrsn", "1.8.10.0");
[m12ex9oq.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.vrsnTs", "1.8.10.022:11:56");
[m12ex9oq.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.vrsni", "1.8.10.0");
[m12ex9oq.default\prefs.js] - Zeile gelöscht : user_pref("keyword.URL", "hxxp://www.sm.de/?q=");
-\\ Google Chrome v
[C:\Users\Dirk\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://de.ask.com/web?q={searchTerms}
[C:\Users\Dirk\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.sm.de/?q={searchTerms}
*************************
AdwCleaner[R0].txt - [13779 octets] - [01/02/2015 19:47:12]
AdwCleaner[R1].txt - [13098 octets] - [01/02/2015 20:05:14]
AdwCleaner[S0].txt - [1199 octets] - [01/02/2015 19:50:37]
AdwCleaner[S1].txt - [13164 octets] - [01/02/2015 20:08:23]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [13225 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Dirk on 01.02.2015 at 21:15:45,54
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011501160}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Users\Dirk\AppData\Roaming\software informer"
Successfully deleted: [Folder] "C:\Program Files\myfree codec"
Successfully deleted: [Empty Folder] C:\Users\Dirk\appdata\local\{E96BD664-60D7-4577-AD7E-0BFB55F2E708}
~~~ FireFox
Successfully deleted the following from C:\Users\Dirk\AppData\Roaming\mozilla\firefox\profiles\m12ex9oq.default\prefs.js
user_pref("browser.search.searchengine.desc", "this is my first firefox searchEngine");
user_pref("browser.search.searchengine.ptid", "obw");
user_pref("browser.search.searchengine.uid", "ST3250820AS_5QE2ABCQXXXX5QE2ABCQ");
Emptied folder: C:\Users\Dirk\AppData\Roaming\mozilla\firefox\profiles\m12ex9oq.default\minidumps [614 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01.02.2015 at 21:20:06,11
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-01-2015
Ran by Dirk (administrator) on HOME-PC on 01-02-2015 21:43:18
Running from C:\Users\Dirk\Desktop\TrojanerBoard
Loaded Profiles: Dirk (Available profiles: Dirk & Mcx1 & Pascal)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
() C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
(Acronis) C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Infowatch) C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(CANON INC.) C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Microsoft Corporation) C:\Windows\System32\wpcumi.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
() C:\Windows\System32\AtwtusbIcon.exe
() C:\Program Files\Canon\IJPLM\ijplmsvc.exe
(Acronis) C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis International GmbH) C:\Program Files\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Deutsche Telekom AG) C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
(Prolific Technology Inc.) C:\Windows\System32\IoctlSvc.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Rocket Division Software) C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
() C:\Windows\System32\atwtusb.exe
() C:\Windows\System32\atwtusb.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Acronis) C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [snpstd3] => C:\Windows\vsnpstd3.exe [339968 2005-09-05] ()
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-07-02] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4911104 2008-02-25] (Realtek Semiconductor)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3478600 2013-05-11] (Adobe Systems Inc.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2508104 2009-11-01] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-03] (CANON INC.)
HKLM\...\Run: [IJNetworkScanUtility] => C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [140640 2009-09-28] (CANON INC.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\Update\realsched.exe [295512 2014-05-20] (RealNetworks, Inc.)
HKLM\...\Run: [AVP] => C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-11] (Kaspersky Lab ZAO)
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-08-19] (DivX, LLC)
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM\...\Run: [WPCUMI] => C:\Windows\system32\WpcUmi.exe [176128 2006-11-02] (Microsoft Corporation)
HKLM\...\Run: [DriveUtilitiesHelper] => C:\Program Files\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1852264 2014-05-23] (Western Digital Technologies, Inc.)
HKLM\...\Run: [AtwtusbIcon] => C:\Windows\system32\AtwtusbIcon.exe [2963456 2012-09-10] ()
HKLM\...\Run: [TrueImageMonitor.exe] => C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [5343272 2014-11-27] (Acronis)
HKLM\...\Run: [AcronisTibMounterMonitor] => C:\Program Files\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [606096 2014-10-17] (Acronis International GmbH)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [409912 2014-08-14] (Acronis)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\Run: [ISUSPM] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [218032 2006-09-11] (Macrovision Corporation)
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-18] (Microsoft Corporation)
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files\Adobe\Acrobat 11.0\Acrobat\AdobeCollabSync.exe [694352 2013-05-11] (Adobe Systems Incorporated)
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files\Acronis\TrueImageHome\tishell.dll (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files\Acronis\TrueImageHome\tishell.dll (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files\Acronis\TrueImageHome\tishell.dll (Acronis)
ShellIconOverlayIdentifiers: [KAVOverlayIcon] -> {dd230880-495a-11d1-b064-008048ec2fc5} => C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\shellex.dll (Kaspersky Lab ZAO)
GroupPolicyUsers\S-1-5-21-292042570-3503651505-2778631356-1019\User: Group Policy restriction detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:59356;https=127.0.0.1:59356
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.cipro.de/home.htm
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-292042570-3503651505-2778631356-1000 -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL =
SearchScopes: HKU\S-1-5-21-292042570-3503651505-2778631356-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-292042570-3503651505-2778631356-1000 -> {F8C6023A-C536-4C0E-88D3-58898A3DC330} URL =
BHO: Adobe PDF Reader -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Adobe Acrobat Create PDF Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKU\S-1-5-21-292042570-3503651505-2778631356-1000 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-292042570-3503651505-2778631356-1000 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0017-0000-0055-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Dirk\AppData\Roaming\Mozilla\Firefox\Profiles\m12ex9oq.default
FF DefaultSearchEngine: Google.de
FF SearchEngineOrder.1: SuchMaschine
FF Homepage: hxxp://www.cipro.de/home.htm
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1211151.dll (Adobe Systems, Inc.)
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/VirtualEarth3D,version=2.5 -> C:\Program Files\Virtual Earth 3D\ ()
FF Plugin: @microsoft.com/VirtualEarth3D,version=3.0 -> C:\Program Files\Virtual Earth 3D\ ()
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pack.google.com/Google Updater;version=14 -> C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.448 -> C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll (BitComet)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF SearchPlugin: C:\Users\Dirk\AppData\Roaming\Mozilla\Firefox\Profiles\m12ex9oq.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\Dirk\AppData\Roaming\Mozilla\Firefox\Profiles\m12ex9oq.default\searchplugins\google-maps.xml
FF SearchPlugin: C:\Users\Dirk\AppData\Roaming\Mozilla\Firefox\Profiles\m12ex9oq.default\searchplugins\googlede.xml
FF HKLM\...\Firefox\Extensions: [{3112ca9c-de6d-4884-a869-9855de68056c}] - C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}
FF Extension: Google Toolbar for Firefox - C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2008-11-23]
FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013-04-27]
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-05-20]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM\...\Firefox\Extensions: - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com [2014-05-25]
FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com [2014-05-25]
FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com
FF Extension: Gevaarlijke websiteblokkering - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com [2014-05-25]
FF HKLM\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com [2014-05-25]
FF HKLM\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com [2014-05-25]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-01-31]
FF HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Dirk\AppData\Roaming\Mozilla\Firefox\Profiles\m12ex9oq.default\extensions\cliqz@cliqz.com
Chrome:
=======
CHR Profile: C:\Users\Dirk\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\urladvisor.crx [2013-11-11]
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2013-05-11]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - https://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh [Not Found]
CHR HKLM\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\ab.crx [2013-11-11]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [860504 2014-08-14] (Acronis)
R2 AdobeActiveFileMonitor5.0; C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe [108712 2006-12-22] ()
R2 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [4029432 2015-01-01] (Acronis)
R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-11] (Kaspersky Lab ZAO)
R2 CSObjectsSrv; C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [818888 2013-09-25] (Infowatch)
S4 DBService; C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe [187456 2009-06-14] (DATA BECKER GmbH & Co KG) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2007-12-22] (Macrovision Europe Ltd.) [File not signed]
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2014-09-18] (Freemake) [File not signed]
S2 gupdate1ca87fdcc7cbf74; C:\Program Files\Google\Update\GoogleUpdate.exe [107912 2014-10-20] (Google Inc.)
R2 HFGService; C:\Windows\System32\HFGService.dll [419224 2010-02-05] (CSR, plc)
S3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-11-06] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [116104 2009-09-08] ()
S3 Macromedia Licensing Service; C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [68096 2007-05-05] () [File not signed]
S2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 Netzmanager Service; C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [2635776 2012-07-20] (Deutsche Telekom AG) [File not signed]
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
R2 PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S2 StarMoney 9.0 OnlineUpdate; C:\Program Files\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe [697488 2014-07-04] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
R2 StarWindServiceAE; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [275968 2007-05-28] (Rocket Division Software) [File not signed]
R2 syncagentsrv; C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe [6857752 2014-09-13] (Acronis)
R2 WDDriveService; C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-10-23] (Western Digital Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-18] (Microsoft Corporation)
R2 WTService; C:\Windows\system32\atwtusb.exe [536064 2013-11-12] () [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 acedrv10; C:\Windows\system32\drivers\acedrv10.sys [583128 2007-10-28] (Protect Software GmbH)
R2 acehlp10; C:\Windows\system32\drivers\acehlp10.sys [250560 2007-10-26] (Protect Software GmbH)
R2 ARGUS; C:\Windows\System32\drivers\dvr100H.sys [65280 2007-12-14] (AVerMedia Systems, Inc.) [File not signed]
S3 BthAudioHF; C:\Windows\System32\DRIVERS\BthAudioHF.sys [48024 2010-02-05] (CSR, plc)
R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [88632 2011-06-02] (Infowatch)
R1 CSVirtualDiskDrv; C:\Windows\System32\DRIVERS\CSVirtualDiskDrv.sys [39736 2011-06-02] (Infowatch)
R3 dfmirage; C:\Windows\System32\DRIVERS\dfmirage.sys [34128 2008-03-26] (DemoForge, LLC)
S3 dptrackerd; C:\Windows\System32\drivers\dptrackerd.sys [44416 2005-12-18] (Windows (R) 2000 DDK provider) [File not signed]
S3 FET5X86V; C:\Windows\System32\DRIVERS\fetnd5bv.sys [43520 2008-01-02] (VIA Technologies, Inc. )
R3 FETND6V; C:\Windows\System32\DRIVERS\fetnd6v.sys [51312 2011-05-13] (VIA Technologies, Inc. )
R0 file_tracker; C:\Windows\System32\DRIVERS\file_tracker.sys [214304 2015-01-01] (Acronis International GmbH)
R1 hugoio; C:\Program Files\i-Menu\hugoio.sys [9760 2008-04-14] ()
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2014-05-25] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [597568 2014-06-05] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25696 2014-05-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25696 2013-11-11] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2013-11-11] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [44000 2013-11-11] (Kaspersky Lab ZAO)
R3 KMWDFILTER; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [17408 2008-10-09] (Windows (R) Codename Longhorn DDK provider)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [145040 2013-11-11] (Kaspersky Lab ZAO)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R3 moufiltr; C:\Windows\System32\DRIVERS\moufiltr.sys [6144 2009-03-08] (Windows (R) Codename Longhorn DDK provider)
S3 MusCAudio; C:\Windows\System32\drivers\MusCAudio.sys [23608 2013-10-10] (Windows (R) Win 7 DDK provider)
S3 MusCDriverV32; C:\Windows\System32\drivers\MusCDriverV32.sys [22528 2007-07-18] (Windows (R) Codename Longhorn DDK provider) [File not signed]
S4 nvatabus; C:\Windows\system32\drivers\nvatabus.sys [105088 2006-07-14] (NVIDIA Corporation)
S3 s125mdfl; C:\Windows\System32\DRIVERS\s125mdfl.sys [15112 2007-04-24] (MCCI Corporation)
S3 s125mdm; C:\Windows\System32\DRIVERS\s125mdm.sys [108680 2007-04-24] (MCCI Corporation)
S3 SNPSTD3; C:\Windows\System32\DRIVERS\snpstd3.sys [8701824 2005-10-13] ()
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [320120 2014-07-16] (Duplex Secure Ltd.)
S3 teamviewervpn; C:\Windows\System32\DRIVERS\teamviewervpn.sys [25088 2010-03-11] (TeamViewer GmbH)
S3 TelekomNM3; C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys [35040 2010-09-16] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [867968 2015-01-01] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [169248 2015-01-01] (Acronis International GmbH)
S3 tosrfbd; C:\Windows\System32\DRIVERS\tosrfbd.sys [113792 2006-11-30] (TOSHIBA CORPORATION) [File not signed]
S3 tosrfbnp; C:\Windows\System32\Drivers\tosrfbnp.sys [36480 2006-11-20] (TOSHIBA Corporation) [File not signed]
S3 Tosrfhid; C:\Windows\System32\DRIVERS\Tosrfhid.sys [73600 2006-10-05] (TOSHIBA Corporation.) [File not signed]
S3 tosrfnds; C:\Windows\System32\DRIVERS\tosrfnds.sys [18612 2005-01-06] (TOSHIBA Corporation.) [File not signed]
S3 tosrfusb; C:\Windows\System32\DRIVERS\tosrfusb.sys [40960 2006-10-28] (TOSHIBA CORPORATION) [File not signed]
R2 v2imount; C:\Windows\System32\DRIVERS\v2imount.sys [38112 2008-01-19] (Symantec Corporation)
R3 vhidmini; C:\Windows\System32\DRIVERS\walvhid.sys [6144 2009-08-20] (Windows (R) Win 7 DDK provider)
S4 viamraid; C:\Windows\system32\drivers\viamraid.sys [100992 2006-03-31] (VIA Technologies inc,.ltd)
R0 videX32; C:\Windows\System32\drivers\videx32.sys [9216 2006-10-17] (VIA Technologies, Inc.)
S3 vtcdrv; C:\Windows\System32\DRIVERS\vtcdrv.sys [18688 2010-05-17] (Windows (R) Codename Longhorn DDK provider)
S3 VX1000; C:\Windows\System32\DRIVERS\VX1000.sys [1961072 2010-05-20] (Microsoft Corporation)
R0 xfilt; C:\Windows\System32\drivers\xfilt.sys [17920 2006-10-18] (VIA Technologies,Inc)
S3 amdkmdap; system32\DRIVERS\atikmpag.sys [X]
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-18] (Microsoft Corporation)
S2 ASInsHelp; \??\C:\Windows\system32\drivers\AsInsHelp32.sys [X]
S3 AtiHDAudioService; system32\drivers\AtihdLH3.sys [X]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz134; \??\C:\Users\Dirk\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X]
S3 GenericMount; system32\DRIVERS\GenericMount.sys [X]
S4 HpCISSs; \SystemRoot\system32\drivers\hpcisss.sys [X]
S3 Huawei; system32\DRIVERS\ewdcsc.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [74848 2014-06-05] (Kaspersky Lab ZAO)
S3 mod7700; system32\DRIVERS\mod7700.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\WNt500x86\Sandra.sys [X]
S2 secdrv; No ImagePath
S3 SNP325; system32\DRIVERS\snp325.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-01 21:15 - 2015-02-01 21:15 - 00000000 ____D () C:\Windows\ERUNT
2015-02-01 19:47 - 2015-02-01 20:30 - 00000000 ____D () C:\AdwCleaner
2015-02-01 19:13 - 2015-02-01 21:12 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-01 19:12 - 2015-02-01 19:12 - 00000865 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-02-01 19:12 - 2015-02-01 19:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-02-01 19:11 - 2015-02-01 19:11 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2015-02-01 19:11 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-01 19:11 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-01 19:11 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-01 19:08 - 2015-02-01 19:08 - 02194432 _____ () C:\Users\Dirk\Desktop\AdwCleaner_4.109.exe
2015-02-01 19:08 - 2015-02-01 19:08 - 01707939 _____ (Thisisu) C:\Users\Dirk\Desktop\JRT.exe
2015-01-31 18:27 - 2015-01-31 19:01 - 00000000 ____D () C:\Qoobox
2015-01-31 18:27 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-01-31 18:27 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-01-31 18:27 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-01-31 18:27 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-01-31 18:27 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-01-31 18:27 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-01-31 18:27 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-01-31 18:27 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-01-31 18:25 - 2015-01-31 18:58 - 00000000 ____D () C:\Windows\erdnt
2015-01-31 18:24 - 2015-01-31 18:24 - 05611408 ____R (Swearware) C:\Users\Dirk\Desktop\ComboFix.exe
2015-01-31 18:00 - 2015-01-31 18:00 - 00001023 _____ () C:\Users\Dirk\Desktop\Revo Uninstaller.lnk
2015-01-31 18:00 - 2015-01-31 18:00 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-01-31 14:04 - 2015-02-01 21:43 - 00000000 ____D () C:\FRST
2015-01-31 13:52 - 2015-01-31 13:53 - 00000020 _____ () C:\Users\Dirk\defogger_reenable
2015-01-31 13:51 - 2015-02-01 21:43 - 00000000 ____D () C:\Users\Dirk\Desktop\TrojanerBoard
2015-01-31 09:05 - 2006-11-02 07:21 - 00319456 _____ (Microsoft Corporation) C:\Windows\system32\DIFxAPI.dll
2015-01-31 09:04 - 2011-05-13 13:34 - 00051312 _____ (VIA Technologies, Inc. ) C:\Windows\system32\Drivers\fetnd6v.sys
2015-01-31 09:04 - 2006-10-27 16:26 - 00069632 _____ () C:\Windows\system32\vuins32.dll
2015-01-28 21:51 - 2015-01-28 21:52 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-28 21:20 - 2015-01-28 21:20 - 00001842 _____ () C:\Users\Public\Desktop\WISO Steuer-Sparbuch 2015.lnk
2015-01-28 21:20 - 2015-01-28 21:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO Steuer-Sparbuch 2015
2015-01-26 20:40 - 2015-02-01 21:31 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-26 20:40 - 2015-01-26 20:56 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-01-26 20:40 - 2015-01-26 20:56 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-24 15:38 - 2015-01-24 15:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elcomsoft Password Recovery
2015-01-24 15:38 - 2015-01-24 15:38 - 00000000 ____D () C:\ProgramData\Elcomsoft Password Recovery
2015-01-24 15:38 - 2015-01-24 15:38 - 00000000 ____D () C:\Program Files\Elcomsoft Password Recovery
2015-01-24 13:27 - 2015-01-24 13:27 - 00000000 ____D () C:\digitalvideoconverter
2015-01-24 12:49 - 2015-01-24 12:49 - 00000825 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-01-24 12:48 - 2015-01-24 12:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-01-24 12:32 - 2015-01-24 12:32 - 00001692 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2015-01-24 12:32 - 2015-01-24 12:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-01-24 12:20 - 2015-01-24 12:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AC3Filter
2015-01-24 12:20 - 2015-01-24 12:20 - 00000000 ____D () C:\Program Files\AC3Filter
2015-01-20 07:28 - 2015-01-20 07:28 - 00000083 _____ () C:\Windows\system32\gpupdate.bin
2015-01-15 03:13 - 2014-12-19 01:25 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-15 03:01 - 2014-12-06 04:14 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-15 03:01 - 2014-12-06 04:14 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-15 03:01 - 2014-12-06 04:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-01-15 03:00 - 2014-12-06 04:14 - 00153600 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-06 17:56 - 2015-01-06 17:56 - 00000000 ____D () C:\ProgramData\Avanquest Software
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-01 21:42 - 2007-05-05 16:56 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-02-01 21:34 - 2011-10-19 07:19 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-01 21:17 - 2012-05-03 16:45 - 01882056 _____ () C:\Windows\WindowsUpdate.log
2015-02-01 21:12 - 2006-11-02 13:37 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-02-01 21:10 - 2014-12-31 12:24 - 00010360 _____ () C:\Windows\PFRO.log
2015-02-01 21:10 - 2011-10-19 07:19 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-01 21:10 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-01 21:10 - 2006-11-02 13:47 - 00003696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-01 21:10 - 2006-11-02 13:47 - 00003696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-01 21:10 - 2006-11-02 11:23 - 00000689 _____ () C:\Windows\win.ini
2015-02-01 21:07 - 2012-05-10 02:51 - 00032626 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-01 21:07 - 2008-09-14 13:16 - 00000012 _____ () C:\Windows\bthservsdp.dat
2015-02-01 19:11 - 2010-06-07 07:52 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-01 17:07 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-02-01 16:18 - 2013-10-14 15:32 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2015-02-01 16:14 - 2009-03-09 19:52 - 00096256 _____ () C:\Users\Dirk\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-01 16:02 - 2014-11-29 09:20 - 00000461 _____ () C:\Users\Dirk\Desktop\Daten-SIG.lnk
2015-02-01 14:03 - 2006-11-02 11:33 - 01461506 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-01 00:00 - 2009-06-23 19:57 - 00000368 _____ () C:\Windows\Tasks\NeroLiveEpgUpdate-Home-PC_Dirk.job
2015-01-31 19:00 - 2006-11-02 12:18 - 00000000 __RHD () C:\Users\Default
2015-01-31 19:00 - 2006-11-02 12:18 - 00000000 ___RD () C:\Users\Public
2015-01-31 18:52 - 2006-11-02 11:23 - 00000215 _____ () C:\Windows\system.ini
2015-01-31 18:48 - 2006-11-02 11:22 - 81395712 _____ () C:\Windows\system32\config\SOFTWARE.bak
2015-01-31 18:48 - 2006-11-02 11:22 - 78381056 _____ () C:\Windows\system32\config\SYSTEM.bak
2015-01-31 18:48 - 2006-11-02 11:22 - 50069504 _____ () C:\Windows\system32\config\COMPON~1.bak
2015-01-31 18:48 - 2006-11-02 11:22 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak
2015-01-31 18:48 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2015-01-31 18:48 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2015-01-31 18:00 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\de-DE
2015-01-31 17:55 - 2007-09-25 15:23 - 00000000 ____D () C:\Program Files\Microsoft.NET
2015-01-31 13:52 - 2009-03-08 12:08 - 00000000 ____D () C:\Users\Dirk
2015-01-31 08:48 - 2008-06-14 15:28 - 00000000 ____D () C:\Program Files\Virtual Earth 3D
2015-01-31 08:45 - 2010-11-01 09:05 - 00000000 ____D () C:\Users\Dirk\AppData\Roaming\YoWindow
2015-01-31 08:40 - 2007-05-05 23:30 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-01-31 08:38 - 2009-03-29 10:57 - 00000000 ____D () C:\Program Files\Mobile Partner
2015-01-31 07:48 - 2012-01-31 18:34 - 00000000 ___RD () C:\Users\Dirk\Dropbox
2015-01-31 07:28 - 2014-08-22 11:49 - 00000000 ____D () C:\Send
2015-01-30 19:37 - 2014-07-12 11:20 - 00000000 ____D () C:\Users\Dirk\AppData\Roaming\Dropbox
2015-01-30 03:29 - 2013-05-10 06:45 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-29 20:41 - 2008-05-27 17:44 - 00000000 ____D () C:\MAGIX
2015-01-29 20:08 - 2014-05-13 17:02 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2015-01-29 20:08 - 2007-07-13 16:38 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-01-29 19:56 - 2007-10-14 09:28 - 00000000 ____D () C:\Program Files\WISO
2015-01-29 10:18 - 2011-09-10 11:15 - 00000974 _____ () C:\Windows\Tasks\Google Software Updater.job
2015-01-29 09:12 - 2013-01-08 19:10 - 00000000 ____D () C:\ProgramData\Netzmanager
2015-01-29 09:06 - 2014-12-31 12:18 - 00207680 _____ () C:\Users\Dirk\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-29 09:05 - 2014-12-31 12:24 - 01963128 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-29 09:00 - 2007-09-25 15:18 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-01-29 08:59 - 2011-03-19 07:41 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2015-01-29 08:58 - 2006-11-02 12:18 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-01-28 21:21 - 2007-11-27 19:09 - 00000000 ____D () C:\Users\Dirk\AppData\Local\Buhl
2015-01-28 21:21 - 2007-10-14 10:56 - 00001464 _____ () C:\Windows\wiso.ini
2015-01-28 20:51 - 2014-01-02 10:02 - 00000000 ____D () C:\Program Files\StarMoney 9.0
2015-01-28 20:50 - 2014-07-16 18:57 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-26 17:43 - 2007-05-05 18:56 - 00000000 ____D () C:\Users\Dirk\AppData\Local\Adobe
2015-01-24 12:53 - 2011-04-17 12:17 - 00000824 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-24 12:53 - 2009-03-08 14:14 - 00000955 _____ () C:\Users\Dirk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-24 12:53 - 2007-11-26 21:06 - 00001730 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-01-24 12:32 - 2007-05-14 19:27 - 00000000 ____D () C:\Program Files\QuickTime
2015-01-23 10:28 - 2014-12-28 14:52 - 00000000 ____D () C:\Users\Dirk\AppData\Local\Avanquest
2015-01-21 07:39 - 2014-08-02 15:09 - 00000000 ____D () C:\Users\Dirk\AppData\Roaming\vlc
2015-01-20 07:35 - 2007-05-05 23:51 - 00000000 ____D () C:\Program Files\AceBIT
2015-01-20 07:27 - 2013-10-16 11:37 - 00000000 ____D () C:\Users\Dirk\AppData\Local\AllMusicConverter
2015-01-19 09:19 - 2007-05-05 22:35 - 00000000 ____D () C:\Users\Dirk\AppData\Roaming\Skype
2015-01-15 03:13 - 2013-08-15 02:13 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 03:02 - 2006-11-02 11:24 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-01-13 20:26 - 2007-05-31 17:42 - 00000000 ____D () C:\Users\Dirk\AppData\Local\CutePDF Writer
2015-01-13 18:08 - 2011-03-05 15:27 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR
2015-01-06 04:36 - 2009-10-03 11:53 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-05 18:49 - 2014-10-13 16:43 - 00207680 _____ () C:\Users\Pascal\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-02 18:42 - 2015-01-01 12:33 - 00000000 ____D () C:\ProgramData\Acronis
==================== Files in the root of some directories =======
1997-09-03 23:00 - 1997-09-03 23:00 - 0311296 _____ (Microsoft Corporation) C:\Program Files\Common Files\msacc8.olb
2007-08-26 16:20 - 2011-06-21 17:08 - 0000070 _____ () C:\Users\Dirk\AppData\Roaming\AVSDVDPlayer.m3u
2011-05-13 19:44 - 2011-01-14 21:07 - 0061440 _____ () C:\Users\Dirk\AppData\Roaming\chrtmp
2009-05-31 08:00 - 2009-05-31 08:00 - 0000029 _____ () C:\Users\Dirk\AppData\Roaming\default.rss
2009-05-31 08:00 - 2009-05-31 08:00 - 0000000 _____ () C:\Users\Dirk\AppData\Roaming\downloads.m3u
2007-08-26 19:14 - 2007-08-26 19:14 - 0087608 _____ () C:\Users\Dirk\AppData\Roaming\inst.exe
2009-06-07 22:11 - 2009-06-07 22:11 - 0038431 _____ () C:\Users\Dirk\AppData\Roaming\Kommagetrennte Werte (DOS).ADR
2007-10-01 20:38 - 2007-10-01 20:38 - 0012963 _____ () C:\Users\Dirk\AppData\Roaming\Kommagetrennte Werte (DOS).CAL
2007-09-15 10:33 - 2012-03-21 19:47 - 0038443 _____ () C:\Users\Dirk\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
2007-10-01 20:29 - 2007-10-01 20:29 - 0012967 _____ () C:\Users\Dirk\AppData\Roaming\Kommagetrennte Werte (Windows).CAL
2007-09-15 10:39 - 2007-09-15 10:39 - 0011425 _____ () C:\Users\Dirk\AppData\Roaming\Kommagetrennte Werte (Windows).TSK
2012-03-19 07:19 - 2012-03-21 19:44 - 0023496 _____ () C:\Users\Dirk\AppData\Roaming\Microsoft Excel 97-2003.ADR
2008-02-10 10:43 - 2008-12-07 12:16 - 0012965 _____ () C:\Users\Dirk\AppData\Roaming\Microsoft Excel 97-2003.CAL
2009-05-09 15:49 - 2009-05-09 15:54 - 0008261 _____ () C:\Users\Dirk\AppData\Roaming\Microsoft Excel 97-2003.JNL
2007-06-10 08:30 - 2007-06-10 08:30 - 0012944 _____ () C:\Users\Dirk\AppData\Roaming\Microsoft Excel.CAL
2007-08-26 19:14 - 2007-08-26 19:14 - 0007887 _____ () C:\Users\Dirk\AppData\Roaming\pcouffin.cat
2007-08-26 19:14 - 2007-08-26 19:14 - 0001144 _____ () C:\Users\Dirk\AppData\Roaming\pcouffin.inf
2007-08-26 19:15 - 2007-08-26 19:15 - 0000034 _____ () C:\Users\Dirk\AppData\Roaming\pcouffin.log
2007-08-26 19:14 - 2007-08-26 19:14 - 0047360 _____ (VSO Software) C:\Users\Dirk\AppData\Roaming\pcouffin.sys
2007-05-10 21:52 - 2007-05-10 21:52 - 0012962 _____ () C:\Users\Dirk\AppData\Roaming\Tabulatorgetrennte Werte (Windows).CAL
2009-02-23 10:10 - 2009-02-23 10:10 - 0006144 ___SH () C:\Users\Dirk\AppData\Roaming\Thumbs.db
2007-11-25 20:09 - 2008-05-25 10:22 - 0012201 _____ () C:\Users\Dirk\AppData\Roaming\UserTile.png
2014-09-14 15:23 - 2014-12-19 21:34 - 0000222 _____ () C:\Users\Dirk\AppData\Roaming\WB.CFG
2007-05-05 16:13 - 2007-05-10 21:56 - 0000112 _____ () C:\Users\Dirk\AppData\Roaming\wklnhst.dat
2011-01-04 12:06 - 2011-08-14 11:03 - 0001188 _____ () C:\Users\Dirk\AppData\Local\crc32list11.txt
2009-09-10 16:35 - 2014-12-15 20:23 - 0001356 _____ () C:\Users\Dirk\AppData\Local\d3d9caps.dat
2009-03-09 19:52 - 2015-02-01 16:14 - 0096256 _____ () C:\Users\Dirk\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-02 03:23 - 2014-12-17 02:23 - 0000010 _____ () C:\Users\Dirk\AppData\Local\DSI.DAT
2014-11-10 00:23 - 2014-11-10 00:23 - 0000008 _____ () C:\Users\Dirk\AppData\Local\ext2.dat
2009-07-27 18:07 - 2009-07-27 18:07 - 0000036 _____ () C:\Users\Dirk\AppData\Local\housecall.guid.cache
2009-11-21 07:15 - 2009-11-21 07:15 - 0000600 _____ () C:\Users\Dirk\AppData\Local\PUTTY.RND
2010-04-17 09:15 - 2010-04-17 10:31 - 0000907 _____ () C:\Users\Dirk\AppData\Local\RAExpertHistory.xml
2010-04-17 10:19 - 2010-04-17 10:29 - 0000171 _____ () C:\Users\Dirk\AppData\Local\rahistory.xml
2014-10-26 12:42 - 2014-10-26 12:42 - 0001495 _____ () C:\Users\Dirk\AppData\Local\recently-used.xbel
2012-06-03 11:59 - 2012-06-03 11:59 - 0017408 _____ () C:\Users\Dirk\AppData\Local\WebpageIcons.db
2011-12-11 18:55 - 2014-02-07 20:59 - 0000394 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
Files to move or delete:
====================
C:\Users\Dirk\kavremover10.exe
C:\Users\Dirk\strmdll.dll
Some content of TEMP:
====================
C:\Users\Dirk\AppData\Local\temp\Quarantine.exe
C:\Users\Dirk\AppData\Local\temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-02-01 21:18
==================== End Of Log ============================
--- --- --- |
|
02.02.2015, 09:26
| #7 |
| /// the machine /// TB-Ausbilder | Vista 32 bit ServicePack 2 mit WindowsMangerProtect Problem und mehrESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
03.02.2015, 17:06
| #8 |
| | Vista 32 bit ServicePack 2 mit WindowsMangerProtect Problem und mehr Hallo Schrauber, Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=7e6d4680b17c8e44b858495eeffbd9d0
# engine=22269
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-02-03 01:18:56
# local_time=2015-02-03 02:18:56 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1='Kaspersky PURE 3.0'
# compatibility_mode=1289 16777214 100 100 33053 115176004 0 0
# compatibility_mode_1=''
# compatibility_mode=5892 16776574 100 100 221535 260459064 0 0
# scanned=863264
# found=31
# cleaned=0
# scan_time=23623
sh=FDF58E805D0E01F04E0B2EC4BFC80075CD7FD871 ft=1 fh=8bda3db495ef4fbe vn="Variante von MSIL/Adware.iBryte.G Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Search Extensions\uninstall.exe.vir"
sh=1A504BFEF05063ACA3B2545BF8ACB3C49F6CBB55 ft=0 fh=0000000000000000 vn="Win32/Packed.Autoit.C.Gen evtl. unerwünschte Anwendung" ac=I fn="C:\ProgramData\VistaCodecs\{17AB5817-D9CA-42A3-8B97-172350DB8A41}\Vista Codec Package.msi"
sh=B8390AF9BF87F2B51B3C97DD5ABD9EBC49016602 ft=0 fh=0000000000000000 vn="Win32/Packed.Autoit.C.Gen evtl. unerwünschte Anwendung" ac=I fn="C:\ProgramData\VistaCodecs\{B01BCF4E-B877-4C3B-8747-9D79CC0EE84D}\Vista Codec Package.msi"
sh=D81D2ADCECEB2F691070CF58609C0B0AB3ADFC8A ft=0 fh=0000000000000000 vn="Win32/Packed.Autoit.C.Gen evtl. unerwünschte Anwendung" ac=I fn="C:\ProgramData\VistaCodecs\{C216372C-E1D6-40B4-AFD9-4BA118AE0095}\Vista Codec Package.msi"
sh=1A504BFEF05063ACA3B2545BF8ACB3C49F6CBB55 ft=0 fh=0000000000000000 vn="Win32/Packed.Autoit.C.Gen evtl. unerwünschte Anwendung" ac=I fn="C:\Users\All Users\VistaCodecs\{17AB5817-D9CA-42A3-8B97-172350DB8A41}\Vista Codec Package.msi"
sh=B8390AF9BF87F2B51B3C97DD5ABD9EBC49016602 ft=0 fh=0000000000000000 vn="Win32/Packed.Autoit.C.Gen evtl. unerwünschte Anwendung" ac=I fn="C:\Users\All Users\VistaCodecs\{B01BCF4E-B877-4C3B-8747-9D79CC0EE84D}\Vista Codec Package.msi"
sh=D81D2ADCECEB2F691070CF58609C0B0AB3ADFC8A ft=0 fh=0000000000000000 vn="Win32/Packed.Autoit.C.Gen evtl. unerwünschte Anwendung" ac=I fn="C:\Users\All Users\VistaCodecs\{C216372C-E1D6-40B4-AFD9-4BA118AE0095}\Vista Codec Package.msi"
sh=D03FB2F36539640C5C3C84686CBE465E6E466316 ft=1 fh=6ee776d5f517fb67 vn="Variante von Win32/KillProc.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\FixCamera.exe"
sh=4D903C6C708D434793D579ABD3E08084BC004E7F ft=0 fh=0000000000000000 vn="Variante von Android/AdDisplay.Wiyun.E evtl. unerwünschte Anwendung" ac=I fn="I:\CatNova\Sicherung Android 2.3\DatenträgerR\road_fighter.apk"
sh=57D224681A3F369BA3FD5D3D0701589DC68993C5 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="I:\CatNova\Sicherung Android 2.3\DatenträgerR\UniversalAndroot.apk"
sh=4D903C6C708D434793D579ABD3E08084BC004E7F ft=0 fh=0000000000000000 vn="Variante von Android/AdDisplay.Wiyun.E evtl. unerwünschte Anwendung" ac=I fn="I:\CatNova\Sicherung Android 4.0\DatenträgerR\road_fighter.apk"
sh=57D224681A3F369BA3FD5D3D0701589DC68993C5 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="I:\CatNova\Sicherung Android 4.0\DatenträgerR\UniversalAndroot.apk"
sh=C3BA6846767CA1B92C45CC5BF7EDECBA38A29970 ft=1 fh=20b11a561d752b2b vn="Win32/Adware.WhenU.SaveNow evtl. unerwünschte Anwendung" ac=I fn="I:\Dokumente\digital locker Downloads\Lucky Fisherman\luckyfishsetup.exe"
sh=E8942317F8357B41808A15576880C21D2F4AB80A ft=0 fh=0000000000000000 vn="Variante von Android/TrojanSMS.Feejar.E Trojaner" ac=I fn="I:\Dokumente\samsung\Handy\angel\videostore_1000000001.apk"
sh=15183B4E8878C1FE8B7231C4B8CF158FBB1B525A ft=0 fh=0000000000000000 vn="Variante von Android/TrojanSMS.Feejar.E Trojaner" ac=I fn="I:\Dokumente\samsung\Handy\angel\videostore_yw_1000000001.apk"
sh=E8942317F8357B41808A15576880C21D2F4AB80A ft=0 fh=0000000000000000 vn="Variante von Android/TrojanSMS.Feejar.E Trojaner" ac=I fn="I:\Dokumente\samsung\Kies\Backup\GT-I9300\GT-I9300_\GT-I9300_20131010051847\Others\angel\videostore_1000000001.apk"
sh=15183B4E8878C1FE8B7231C4B8CF158FBB1B525A ft=0 fh=0000000000000000 vn="Variante von Android/TrojanSMS.Feejar.E Trojaner" ac=I fn="I:\Dokumente\samsung\Kies\Backup\GT-I9300\GT-I9300_\GT-I9300_20131010051847\Others\angel\videostore_yw_1000000001.apk"
sh=19876B0C21073CE7AC4725124851FC36B7EA7301 ft=1 fh=31b372839de59c7b vn="Variante von Win32/CNETInstaller.B evtl. unerwünschte Anwendung" ac=I fn="I:\Download\cbsidlm-cbsi188-WinTopo-ORG-10521641.exe"
sh=AF418EA41E7EAE9A7ADE37ACF7D97564E2B88D0A ft=1 fh=f47a7e491defe97c vn="Win32/DownWare.L evtl. unerwünschte Anwendung" ac=I fn="I:\Download\MyPhoneExplorer_Setup_1.8.5.exe"
sh=770C205A2EF90EBFD167EC3E77BA69DC90EED52E ft=1 fh=c8e3d08d6c1f6c02 vn="Win32/SoftonicDownloader.E evtl. unerwünschte Anwendung" ac=I fn="I:\Download\SoftonicDownloader_for_surveillizcam-lite.exe"
sh=59837D77CAFEEA9F6DC28999C1A0841290182873 ft=1 fh=3f0f9dfc8b20fcae vn="Variante von Win32/InstallCore.UE evtl. unerwünschte Anwendung" ac=I fn="I:\Download\UltimateCodecsSetup.exe"
sh=9FEDDA5E2FBD7A1C43BA2D924AB1475AE96690C3 ft=1 fh=3daaad025b8f03d2 vn="NSIS/StartPage.CC Trojaner" ac=I fn="I:\Download\vlc-2.1.5-win32.exe"
sh=F950F32119F48EB359AF7AD6C6A4D06C653DB3E8 ft=1 fh=61cad4cdc119a58c vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="I:\Download\x264 Video Codec - CHIP-Installer.exe"
sh=FBBDD5C74AF921834A3A3D50B437C443F63D0A7A ft=1 fh=7aee29554b3b3221 vn="Win32/DownWare.L evtl. unerwünschte Anwendung" ac=I fn="I:\Download\Download\rpc420_setup.exe"
sh=2113E1432F7A8F74AC5BD2DB6D9D3FAE2F924971 ft=0 fh=0000000000000000 vn="PHP/Obfuscated.F evtl. unerwünschte Anwendung" ac=I fn="I:\Download\easymobilehomepage\software\admin\home.php"
sh=C73552A831AAD7DBB0C73651AE55DAF9985CE906 ft=0 fh=0000000000000000 vn="PHP/Obfuscated.F evtl. unerwünschte Anwendung" ac=I fn="I:\Download\easymobilehomepage\software\admin\index.php"
sh=D503559666C4E8F2CF28529B5FAF5F193698A4B8 ft=0 fh=0000000000000000 vn="PHP/Obfuscated.F evtl. unerwünschte Anwendung" ac=I fn="I:\Download\easymobilehomepage\software\admin\inc\leftsidebar.php"
sh=A57CFA9B2932848CC425C7C988C82845C1FEDCF4 ft=0 fh=0000000000000000 vn="Win32/Toolbar.AskSBar evtl. unerwünschte Anwendung" ac=I fn="I:\Download\Software\Nero.9.MULTiLANGUAGE.DVD-RESTORE\nero9m\nero9.iso"
sh=2113E1432F7A8F74AC5BD2DB6D9D3FAE2F924971 ft=0 fh=0000000000000000 vn="PHP/Obfuscated.F evtl. unerwünschte Anwendung" ac=I fn="I:\Eigene Webs\creative-webpages.de\WWW-Neu\web\mobil\admin\home.php"
sh=C73552A831AAD7DBB0C73651AE55DAF9985CE906 ft=0 fh=0000000000000000 vn="PHP/Obfuscated.F evtl. unerwünschte Anwendung" ac=I fn="I:\Eigene Webs\creative-webpages.de\WWW-Neu\web\mobil\admin\index.php"
sh=D503559666C4E8F2CF28529B5FAF5F193698A4B8 ft=0 fh=0000000000000000 vn="PHP/Obfuscated.F evtl. unerwünschte Anwendung" ac=I fn="I:\Eigene Webs\creative-webpages.de\WWW-Neu\web\mobil\admin\inc\leftsidebar.php"
Code:
ATTFilter Results of screen317's Security Check version 0.99.95
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Kaspersky PURE 3.0
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
CCleaner
Java 7 Update 67
Java version 32-bit out of Date!
Java 64-bit 8 Update 31
Adobe Flash Player 16.0.0.296
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (35.0.1)
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-01-2015
Ran by Dirk (administrator) on HOME-PC on 03-02-2015 05:15:37
Running from C:\Users\Dirk\Desktop\TrojanerBoard
Loaded Profiles: Dirk (Available profiles: Dirk & Mcx1 & Pascal)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
() C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
(Acronis) C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Infowatch) C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
() C:\Program Files\Canon\IJPLM\ijplmsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
(Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Deutsche Telekom AG) C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
(Prolific Technology Inc.) C:\Windows\System32\IoctlSvc.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Rocket Division Software) C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
() C:\Windows\System32\atwtusb.exe
() C:\Windows\System32\atwtusb.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Acronis) C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(CANON INC.) C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Microsoft Corporation) C:\Windows\System32\wpcumi.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
() C:\Windows\System32\AtwtusbIcon.exe
(Acronis) C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis International GmbH) C:\Program Files\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
(Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Dropbox, Inc.) C:\Users\Dirk\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
() C:\Users\Dirk\Desktop\SecurityCheck.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [snpstd3] => C:\Windows\vsnpstd3.exe [339968 2005-09-05] ()
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-07-02] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4911104 2008-02-25] (Realtek Semiconductor)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3478600 2013-05-11] (Adobe Systems Inc.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2508104 2009-11-01] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-03] (CANON INC.)
HKLM\...\Run: [IJNetworkScanUtility] => C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [140640 2009-09-28] (CANON INC.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\Update\realsched.exe [295512 2014-05-20] (RealNetworks, Inc.)
HKLM\...\Run: [AVP] => C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-11] (Kaspersky Lab ZAO)
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-08-19] (DivX, LLC)
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM\...\Run: [WPCUMI] => C:\Windows\system32\WpcUmi.exe [176128 2006-11-02] (Microsoft Corporation)
HKLM\...\Run: [DriveUtilitiesHelper] => C:\Program Files\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1852264 2014-05-23] (Western Digital Technologies, Inc.)
HKLM\...\Run: [AtwtusbIcon] => C:\Windows\system32\AtwtusbIcon.exe [2963456 2012-09-10] ()
HKLM\...\Run: [TrueImageMonitor.exe] => C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [5343272 2014-11-27] (Acronis)
HKLM\...\Run: [AcronisTibMounterMonitor] => C:\Program Files\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [606096 2014-10-17] (Acronis International GmbH)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [409912 2014-08-14] (Acronis)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\Run: [ISUSPM] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [218032 2006-09-11] (Macrovision Corporation)
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-18] (Microsoft Corporation)
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files\Adobe\Acrobat 11.0\Acrobat\AdobeCollabSync.exe [694352 2013-05-11] (Adobe Systems Incorporated)
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files\Acronis\TrueImageHome\tishell.dll (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files\Acronis\TrueImageHome\tishell.dll (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files\Acronis\TrueImageHome\tishell.dll (Acronis)
ShellIconOverlayIdentifiers: [KAVOverlayIcon] -> {dd230880-495a-11d1-b064-008048ec2fc5} => C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\shellex.dll (Kaspersky Lab ZAO)
GroupPolicyUsers\S-1-5-21-292042570-3503651505-2778631356-1019\User: Group Policy restriction detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:59356;https=127.0.0.1:59356
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.cipro.de/home.htm
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-292042570-3503651505-2778631356-1000 -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL =
SearchScopes: HKU\S-1-5-21-292042570-3503651505-2778631356-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-292042570-3503651505-2778631356-1000 -> {F8C6023A-C536-4C0E-88D3-58898A3DC330} URL =
BHO: Adobe PDF Reader -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Adobe Acrobat Create PDF Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKU\S-1-5-21-292042570-3503651505-2778631356-1000 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-292042570-3503651505-2778631356-1000 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0017-0000-0055-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Dirk\AppData\Roaming\Mozilla\Firefox\Profiles\m12ex9oq.default
FF DefaultSearchEngine: Google.de
FF SearchEngineOrder.1: SuchMaschine
FF Homepage: hxxp://www.cipro.de/home.htm
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1211151.dll (Adobe Systems, Inc.)
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/VirtualEarth3D,version=2.5 -> C:\Program Files\Virtual Earth 3D\ ()
FF Plugin: @microsoft.com/VirtualEarth3D,version=3.0 -> C:\Program Files\Virtual Earth 3D\ ()
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pack.google.com/Google Updater;version=14 -> C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.448 -> C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll (BitComet)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF SearchPlugin: C:\Users\Dirk\AppData\Roaming\Mozilla\Firefox\Profiles\m12ex9oq.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\Dirk\AppData\Roaming\Mozilla\Firefox\Profiles\m12ex9oq.default\searchplugins\google-maps.xml
FF SearchPlugin: C:\Users\Dirk\AppData\Roaming\Mozilla\Firefox\Profiles\m12ex9oq.default\searchplugins\googlede.xml
FF HKLM\...\Firefox\Extensions: [{3112ca9c-de6d-4884-a869-9855de68056c}] - C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}
FF Extension: Google Toolbar for Firefox - C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2008-11-23]
FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013-04-27]
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-05-20]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM\...\Firefox\Extensions: - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com [2014-05-25]
FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com [2014-05-25]
FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com
FF Extension: Gevaarlijke websiteblokkering - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com [2014-05-25]
FF HKLM\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com [2014-05-25]
FF HKLM\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com [2014-05-25]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-01-31]
FF HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Dirk\AppData\Roaming\Mozilla\Firefox\Profiles\m12ex9oq.default\extensions\cliqz@cliqz.com
Chrome:
=======
CHR Profile: C:\Users\Dirk\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\urladvisor.crx [2013-11-11]
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2013-05-11]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - https://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh [Not Found]
CHR HKLM\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\ab.crx [2013-11-11]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [860504 2014-08-14] (Acronis)
R2 AdobeActiveFileMonitor5.0; C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe [108712 2006-12-22] ()
R2 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [4029432 2015-01-01] (Acronis)
S2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-11] (Kaspersky Lab ZAO)
R2 CSObjectsSrv; C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [818888 2013-09-25] (Infowatch)
S4 DBService; C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe [187456 2009-06-14] (DATA BECKER GmbH & Co KG) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2007-12-22] (Macrovision Europe Ltd.) [File not signed]
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2014-09-18] (Freemake) [File not signed]
S2 gupdate1ca87fdcc7cbf74; C:\Program Files\Google\Update\GoogleUpdate.exe [107912 2014-10-20] (Google Inc.)
R2 HFGService; C:\Windows\System32\HFGService.dll [419224 2010-02-05] (CSR, plc)
S3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-11-06] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [116104 2009-09-08] ()
S3 Macromedia Licensing Service; C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [68096 2007-05-05] () [File not signed]
S2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 Netzmanager Service; C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [2635776 2012-07-20] (Deutsche Telekom AG) [File not signed]
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
R2 PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S2 StarMoney 9.0 OnlineUpdate; C:\Program Files\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe [697488 2014-07-04] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
R2 StarWindServiceAE; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [275968 2007-05-28] (Rocket Division Software) [File not signed]
R2 syncagentsrv; C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe [6857752 2014-09-13] (Acronis)
R2 WDDriveService; C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-10-23] (Western Digital Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-18] (Microsoft Corporation)
R2 WTService; C:\Windows\system32\atwtusb.exe [536064 2013-11-12] () [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 acedrv10; C:\Windows\system32\drivers\acedrv10.sys [583128 2007-10-28] (Protect Software GmbH)
R2 acehlp10; C:\Windows\system32\drivers\acehlp10.sys [250560 2007-10-26] (Protect Software GmbH)
R2 ARGUS; C:\Windows\System32\drivers\dvr100H.sys [65280 2007-12-14] (AVerMedia Systems, Inc.) [File not signed]
S3 BthAudioHF; C:\Windows\System32\DRIVERS\BthAudioHF.sys [48024 2010-02-05] (CSR, plc)
R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [88632 2011-06-02] (Infowatch)
R1 CSVirtualDiskDrv; C:\Windows\System32\DRIVERS\CSVirtualDiskDrv.sys [39736 2011-06-02] (Infowatch)
R3 dfmirage; C:\Windows\System32\DRIVERS\dfmirage.sys [34128 2008-03-26] (DemoForge, LLC)
S3 dptrackerd; C:\Windows\System32\drivers\dptrackerd.sys [44416 2005-12-18] (Windows (R) 2000 DDK provider) [File not signed]
S3 FET5X86V; C:\Windows\System32\DRIVERS\fetnd5bv.sys [43520 2008-01-02] (VIA Technologies, Inc. )
R3 FETND6V; C:\Windows\System32\DRIVERS\fetnd6v.sys [51312 2011-05-13] (VIA Technologies, Inc. )
R0 file_tracker; C:\Windows\System32\DRIVERS\file_tracker.sys [214304 2015-01-01] (Acronis International GmbH)
R1 hugoio; C:\Program Files\i-Menu\hugoio.sys [9760 2008-04-14] ()
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2014-05-25] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [597568 2014-06-05] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25696 2014-05-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25696 2013-11-11] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2013-11-11] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [44000 2013-11-11] (Kaspersky Lab ZAO)
R3 KMWDFILTER; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [17408 2008-10-09] (Windows (R) Codename Longhorn DDK provider)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [145040 2013-11-11] (Kaspersky Lab ZAO)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R3 moufiltr; C:\Windows\System32\DRIVERS\moufiltr.sys [6144 2009-03-08] (Windows (R) Codename Longhorn DDK provider)
S3 MusCAudio; C:\Windows\System32\drivers\MusCAudio.sys [23608 2013-10-10] (Windows (R) Win 7 DDK provider)
S3 MusCDriverV32; C:\Windows\System32\drivers\MusCDriverV32.sys [22528 2007-07-18] (Windows (R) Codename Longhorn DDK provider) [File not signed]
S4 nvatabus; C:\Windows\system32\drivers\nvatabus.sys [105088 2006-07-14] (NVIDIA Corporation)
S3 s125mdfl; C:\Windows\System32\DRIVERS\s125mdfl.sys [15112 2007-04-24] (MCCI Corporation)
S3 s125mdm; C:\Windows\System32\DRIVERS\s125mdm.sys [108680 2007-04-24] (MCCI Corporation)
S3 SNPSTD3; C:\Windows\System32\DRIVERS\snpstd3.sys [8701824 2005-10-13] ()
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [320120 2014-07-16] (Duplex Secure Ltd.)
S3 teamviewervpn; C:\Windows\System32\DRIVERS\teamviewervpn.sys [25088 2010-03-11] (TeamViewer GmbH)
S3 TelekomNM3; C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys [35040 2010-09-16] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [867968 2015-01-01] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [169248 2015-01-01] (Acronis International GmbH)
S3 tosrfbd; C:\Windows\System32\DRIVERS\tosrfbd.sys [113792 2006-11-30] (TOSHIBA CORPORATION) [File not signed]
S3 tosrfbnp; C:\Windows\System32\Drivers\tosrfbnp.sys [36480 2006-11-20] (TOSHIBA Corporation) [File not signed]
S3 Tosrfhid; C:\Windows\System32\DRIVERS\Tosrfhid.sys [73600 2006-10-05] (TOSHIBA Corporation.) [File not signed]
S3 tosrfnds; C:\Windows\System32\DRIVERS\tosrfnds.sys [18612 2005-01-06] (TOSHIBA Corporation.) [File not signed]
S3 tosrfusb; C:\Windows\System32\DRIVERS\tosrfusb.sys [40960 2006-10-28] (TOSHIBA CORPORATION) [File not signed]
R2 v2imount; C:\Windows\System32\DRIVERS\v2imount.sys [38112 2008-01-19] (Symantec Corporation)
R3 vhidmini; C:\Windows\System32\DRIVERS\walvhid.sys [6144 2009-08-20] (Windows (R) Win 7 DDK provider)
S4 viamraid; C:\Windows\system32\drivers\viamraid.sys [100992 2006-03-31] (VIA Technologies inc,.ltd)
R0 videX32; C:\Windows\System32\drivers\videx32.sys [9216 2006-10-17] (VIA Technologies, Inc.)
S3 vtcdrv; C:\Windows\System32\DRIVERS\vtcdrv.sys [18688 2010-05-17] (Windows (R) Codename Longhorn DDK provider)
S3 VX1000; C:\Windows\System32\DRIVERS\VX1000.sys [1961072 2010-05-20] (Microsoft Corporation)
R0 xfilt; C:\Windows\System32\drivers\xfilt.sys [17920 2006-10-18] (VIA Technologies,Inc)
S3 amdkmdap; system32\DRIVERS\atikmpag.sys [X]
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-18] (Microsoft Corporation)
S2 ASInsHelp; \??\C:\Windows\system32\drivers\AsInsHelp32.sys [X]
S3 AtiHDAudioService; system32\drivers\AtihdLH3.sys [X]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz134; \??\C:\Users\Dirk\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X]
S3 GenericMount; system32\DRIVERS\GenericMount.sys [X]
S4 HpCISSs; \SystemRoot\system32\drivers\hpcisss.sys [X]
S3 Huawei; system32\DRIVERS\ewdcsc.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [74848 2014-06-05] (Kaspersky Lab ZAO)
S3 mod7700; system32\DRIVERS\mod7700.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\WNt500x86\Sandra.sys [X]
S2 secdrv; No ImagePath
S3 SNP325; system32\DRIVERS\snp325.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-03 04:46 - 2015-02-03 04:46 - 00852573 _____ () C:\Users\Dirk\Desktop\SecurityCheck.exe
2015-02-02 19:42 - 2015-02-02 19:42 - 02347384 _____ (ESET) C:\Users\Dirk\Desktop\esetsmartinstaller_deu.exe
2015-02-01 21:15 - 2015-02-01 21:15 - 00000000 ____D () C:\Windows\ERUNT
2015-02-01 19:47 - 2015-02-01 20:30 - 00000000 ____D () C:\AdwCleaner
2015-02-01 19:13 - 2015-02-02 17:25 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-01 19:12 - 2015-02-01 19:12 - 00000865 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-02-01 19:12 - 2015-02-01 19:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-02-01 19:11 - 2015-02-01 19:11 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2015-02-01 19:11 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-01 19:11 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-01 19:11 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-01 19:08 - 2015-02-01 19:08 - 02194432 _____ () C:\Users\Dirk\Desktop\AdwCleaner_4.109.exe
2015-02-01 19:08 - 2015-02-01 19:08 - 01707939 _____ (Thisisu) C:\Users\Dirk\Desktop\JRT.exe
2015-01-31 18:27 - 2015-01-31 19:01 - 00000000 ____D () C:\Qoobox
2015-01-31 18:27 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-01-31 18:27 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-01-31 18:27 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-01-31 18:27 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-01-31 18:27 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-01-31 18:27 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-01-31 18:27 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-01-31 18:27 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-01-31 18:25 - 2015-01-31 18:58 - 00000000 ____D () C:\Windows\erdnt
2015-01-31 18:24 - 2015-01-31 18:24 - 05611408 ____R (Swearware) C:\Users\Dirk\Desktop\ComboFix.exe
2015-01-31 18:00 - 2015-01-31 18:00 - 00001023 _____ () C:\Users\Dirk\Desktop\Revo Uninstaller.lnk
2015-01-31 18:00 - 2015-01-31 18:00 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-01-31 14:04 - 2015-02-03 05:15 - 00000000 ____D () C:\FRST
2015-01-31 13:52 - 2015-01-31 13:53 - 00000020 _____ () C:\Users\Dirk\defogger_reenable
2015-01-31 13:51 - 2015-02-03 05:15 - 00000000 ____D () C:\Users\Dirk\Desktop\TrojanerBoard
2015-01-31 09:05 - 2006-11-02 07:21 - 00319456 _____ (Microsoft Corporation) C:\Windows\system32\DIFxAPI.dll
2015-01-31 09:04 - 2011-05-13 13:34 - 00051312 _____ (VIA Technologies, Inc. ) C:\Windows\system32\Drivers\fetnd6v.sys
2015-01-31 09:04 - 2006-10-27 16:26 - 00069632 _____ () C:\Windows\system32\vuins32.dll
2015-01-28 21:51 - 2015-01-28 21:52 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-28 21:20 - 2015-01-28 21:20 - 00001842 _____ () C:\Users\Public\Desktop\WISO Steuer-Sparbuch 2015.lnk
2015-01-28 21:20 - 2015-01-28 21:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO Steuer-Sparbuch 2015
2015-01-26 20:40 - 2015-02-03 04:31 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-26 20:40 - 2015-01-26 20:56 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-01-26 20:40 - 2015-01-26 20:56 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-24 15:38 - 2015-01-24 15:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elcomsoft Password Recovery
2015-01-24 15:38 - 2015-01-24 15:38 - 00000000 ____D () C:\ProgramData\Elcomsoft Password Recovery
2015-01-24 15:38 - 2015-01-24 15:38 - 00000000 ____D () C:\Program Files\Elcomsoft Password Recovery
2015-01-24 13:27 - 2015-01-24 13:27 - 00000000 ____D () C:\digitalvideoconverter
2015-01-24 12:49 - 2015-01-24 12:49 - 00000825 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-01-24 12:48 - 2015-01-24 12:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-01-24 12:32 - 2015-01-24 12:32 - 00001692 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2015-01-24 12:32 - 2015-01-24 12:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-01-24 12:20 - 2015-01-24 12:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AC3Filter
2015-01-24 12:20 - 2015-01-24 12:20 - 00000000 ____D () C:\Program Files\AC3Filter
2015-01-20 07:28 - 2015-01-20 07:28 - 00000083 _____ () C:\Windows\system32\gpupdate.bin
2015-01-15 03:13 - 2014-12-19 01:25 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-15 03:01 - 2014-12-06 04:14 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-15 03:01 - 2014-12-06 04:14 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-15 03:01 - 2014-12-06 04:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-01-15 03:00 - 2014-12-06 04:14 - 00153600 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-06 17:56 - 2015-01-06 17:56 - 00000000 ____D () C:\ProgramData\Avanquest Software
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-03 05:07 - 2006-11-02 13:47 - 00003696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-03 05:07 - 2006-11-02 13:47 - 00003696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-03 04:45 - 2012-05-03 16:45 - 01915613 _____ () C:\Windows\WindowsUpdate.log
2015-02-03 04:34 - 2011-10-19 07:19 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-03 01:34 - 2011-10-19 07:19 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-03 00:00 - 2009-06-23 19:57 - 00000368 _____ () C:\Windows\Tasks\NeroLiveEpgUpdate-Home-PC_Dirk.job
2015-02-02 17:36 - 2014-07-12 11:20 - 00000000 ____D () C:\Users\Dirk\AppData\Roaming\Dropbox
2015-02-02 17:36 - 2012-01-31 18:34 - 00000000 ___RD () C:\Users\Dirk\Dropbox
2015-02-02 17:26 - 2007-05-05 16:56 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-02-02 17:10 - 2006-11-02 13:37 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-02-02 17:08 - 2006-11-02 11:23 - 00000689 _____ () C:\Windows\win.ini
2015-02-02 17:07 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-01 21:52 - 2012-05-10 02:51 - 00032626 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-01 21:52 - 2008-09-14 13:16 - 00000012 _____ () C:\Windows\bthservsdp.dat
2015-02-01 21:10 - 2014-12-31 12:24 - 00010360 _____ () C:\Windows\PFRO.log
2015-02-01 19:11 - 2010-06-07 07:52 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-01 17:07 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-02-01 16:18 - 2013-10-14 15:32 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2015-02-01 16:14 - 2009-03-09 19:52 - 00096256 _____ () C:\Users\Dirk\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-01 16:02 - 2014-11-29 09:20 - 00000461 _____ () C:\Users\Dirk\Desktop\Daten-SIG.lnk
2015-02-01 14:03 - 2006-11-02 11:33 - 01461506 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-31 19:00 - 2006-11-02 12:18 - 00000000 __RHD () C:\Users\Default
2015-01-31 19:00 - 2006-11-02 12:18 - 00000000 ___RD () C:\Users\Public
2015-01-31 18:52 - 2006-11-02 11:23 - 00000215 _____ () C:\Windows\system.ini
2015-01-31 18:48 - 2006-11-02 11:22 - 81395712 _____ () C:\Windows\system32\config\SOFTWARE.bak
2015-01-31 18:48 - 2006-11-02 11:22 - 78381056 _____ () C:\Windows\system32\config\SYSTEM.bak
2015-01-31 18:48 - 2006-11-02 11:22 - 50069504 _____ () C:\Windows\system32\config\COMPON~1.bak
2015-01-31 18:48 - 2006-11-02 11:22 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak
2015-01-31 18:48 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2015-01-31 18:48 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2015-01-31 18:00 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\de-DE
2015-01-31 17:55 - 2007-09-25 15:23 - 00000000 ____D () C:\Program Files\Microsoft.NET
2015-01-31 13:52 - 2009-03-08 12:08 - 00000000 ____D () C:\Users\Dirk
2015-01-31 08:48 - 2008-06-14 15:28 - 00000000 ____D () C:\Program Files\Virtual Earth 3D
2015-01-31 08:45 - 2010-11-01 09:05 - 00000000 ____D () C:\Users\Dirk\AppData\Roaming\YoWindow
2015-01-31 08:40 - 2007-05-05 23:30 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-01-31 08:38 - 2009-03-29 10:57 - 00000000 ____D () C:\Program Files\Mobile Partner
2015-01-31 07:28 - 2014-08-22 11:49 - 00000000 ____D () C:\Send
2015-01-30 03:29 - 2013-05-10 06:45 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-29 20:41 - 2008-05-27 17:44 - 00000000 ____D () C:\MAGIX
2015-01-29 20:08 - 2014-05-13 17:02 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2015-01-29 20:08 - 2007-07-13 16:38 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-01-29 19:56 - 2007-10-14 09:28 - 00000000 ____D () C:\Program Files\WISO
2015-01-29 10:18 - 2011-09-10 11:15 - 00000974 _____ () C:\Windows\Tasks\Google Software Updater.job
2015-01-29 09:12 - 2013-01-08 19:10 - 00000000 ____D () C:\ProgramData\Netzmanager
2015-01-29 09:06 - 2014-12-31 12:18 - 00207680 _____ () C:\Users\Dirk\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-29 09:05 - 2014-12-31 12:24 - 01963128 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-29 09:00 - 2007-09-25 15:18 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-01-29 08:59 - 2011-03-19 07:41 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2015-01-29 08:58 - 2006-11-02 12:18 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-01-28 21:21 - 2007-11-27 19:09 - 00000000 ____D () C:\Users\Dirk\AppData\Local\Buhl
2015-01-28 21:21 - 2007-10-14 10:56 - 00001464 _____ () C:\Windows\wiso.ini
2015-01-28 20:51 - 2014-01-02 10:02 - 00000000 ____D () C:\Program Files\StarMoney 9.0
2015-01-28 20:50 - 2014-07-16 18:57 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-26 17:43 - 2007-05-05 18:56 - 00000000 ____D () C:\Users\Dirk\AppData\Local\Adobe
2015-01-24 12:53 - 2011-04-17 12:17 - 00000824 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-24 12:53 - 2009-03-08 14:14 - 00000955 _____ () C:\Users\Dirk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-24 12:53 - 2007-11-26 21:06 - 00001730 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-01-24 12:32 - 2007-05-14 19:27 - 00000000 ____D () C:\Program Files\QuickTime
2015-01-23 10:28 - 2014-12-28 14:52 - 00000000 ____D () C:\Users\Dirk\AppData\Local\Avanquest
2015-01-21 07:39 - 2014-08-02 15:09 - 00000000 ____D () C:\Users\Dirk\AppData\Roaming\vlc
2015-01-20 07:35 - 2007-05-05 23:51 - 00000000 ____D () C:\Program Files\AceBIT
2015-01-20 07:27 - 2013-10-16 11:37 - 00000000 ____D () C:\Users\Dirk\AppData\Local\AllMusicConverter
2015-01-19 09:19 - 2007-05-05 22:35 - 00000000 ____D () C:\Users\Dirk\AppData\Roaming\Skype
2015-01-15 03:13 - 2013-08-15 02:13 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 03:02 - 2006-11-02 11:24 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-01-13 20:26 - 2007-05-31 17:42 - 00000000 ____D () C:\Users\Dirk\AppData\Local\CutePDF Writer
2015-01-13 18:08 - 2011-03-05 15:27 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR
2015-01-06 04:36 - 2009-10-03 11:53 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-05 18:49 - 2014-10-13 16:43 - 00207680 _____ () C:\Users\Pascal\AppData\Local\GDIPFONTCACHEV1.DAT
==================== Files in the root of some directories =======
1997-09-03 23:00 - 1997-09-03 23:00 - 0311296 _____ (Microsoft Corporation) C:\Program Files\Common Files\msacc8.olb
2007-08-26 16:20 - 2011-06-21 17:08 - 0000070 _____ () C:\Users\Dirk\AppData\Roaming\AVSDVDPlayer.m3u
2011-05-13 19:44 - 2011-01-14 21:07 - 0061440 _____ () C:\Users\Dirk\AppData\Roaming\chrtmp
2009-05-31 08:00 - 2009-05-31 08:00 - 0000029 _____ () C:\Users\Dirk\AppData\Roaming\default.rss
2009-05-31 08:00 - 2009-05-31 08:00 - 0000000 _____ () C:\Users\Dirk\AppData\Roaming\downloads.m3u
2007-08-26 19:14 - 2007-08-26 19:14 - 0087608 _____ () C:\Users\Dirk\AppData\Roaming\inst.exe
2009-06-07 22:11 - 2009-06-07 22:11 - 0038431 _____ () C:\Users\Dirk\AppData\Roaming\Kommagetrennte Werte (DOS).ADR
2007-10-01 20:38 - 2007-10-01 20:38 - 0012963 _____ () C:\Users\Dirk\AppData\Roaming\Kommagetrennte Werte (DOS).CAL
2007-09-15 10:33 - 2012-03-21 19:47 - 0038443 _____ () C:\Users\Dirk\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
2007-10-01 20:29 - 2007-10-01 20:29 - 0012967 _____ () C:\Users\Dirk\AppData\Roaming\Kommagetrennte Werte (Windows).CAL
2007-09-15 10:39 - 2007-09-15 10:39 - 0011425 _____ () C:\Users\Dirk\AppData\Roaming\Kommagetrennte Werte (Windows).TSK
2012-03-19 07:19 - 2012-03-21 19:44 - 0023496 _____ () C:\Users\Dirk\AppData\Roaming\Microsoft Excel 97-2003.ADR
2008-02-10 10:43 - 2008-12-07 12:16 - 0012965 _____ () C:\Users\Dirk\AppData\Roaming\Microsoft Excel 97-2003.CAL
2009-05-09 15:49 - 2009-05-09 15:54 - 0008261 _____ () C:\Users\Dirk\AppData\Roaming\Microsoft Excel 97-2003.JNL
2007-06-10 08:30 - 2007-06-10 08:30 - 0012944 _____ () C:\Users\Dirk\AppData\Roaming\Microsoft Excel.CAL
2007-08-26 19:14 - 2007-08-26 19:14 - 0007887 _____ () C:\Users\Dirk\AppData\Roaming\pcouffin.cat
2007-08-26 19:14 - 2007-08-26 19:14 - 0001144 _____ () C:\Users\Dirk\AppData\Roaming\pcouffin.inf
2007-08-26 19:15 - 2007-08-26 19:15 - 0000034 _____ () C:\Users\Dirk\AppData\Roaming\pcouffin.log
2007-08-26 19:14 - 2007-08-26 19:14 - 0047360 _____ (VSO Software) C:\Users\Dirk\AppData\Roaming\pcouffin.sys
2007-05-10 21:52 - 2007-05-10 21:52 - 0012962 _____ () C:\Users\Dirk\AppData\Roaming\Tabulatorgetrennte Werte (Windows).CAL
2009-02-23 10:10 - 2009-02-23 10:10 - 0006144 ___SH () C:\Users\Dirk\AppData\Roaming\Thumbs.db
2007-11-25 20:09 - 2008-05-25 10:22 - 0012201 _____ () C:\Users\Dirk\AppData\Roaming\UserTile.png
2014-09-14 15:23 - 2014-12-19 21:34 - 0000222 _____ () C:\Users\Dirk\AppData\Roaming\WB.CFG
2007-05-05 16:13 - 2007-05-10 21:56 - 0000112 _____ () C:\Users\Dirk\AppData\Roaming\wklnhst.dat
2011-01-04 12:06 - 2011-08-14 11:03 - 0001188 _____ () C:\Users\Dirk\AppData\Local\crc32list11.txt
2009-09-10 16:35 - 2014-12-15 20:23 - 0001356 _____ () C:\Users\Dirk\AppData\Local\d3d9caps.dat
2009-03-09 19:52 - 2015-02-01 16:14 - 0096256 _____ () C:\Users\Dirk\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-02 03:23 - 2014-12-17 02:23 - 0000010 _____ () C:\Users\Dirk\AppData\Local\DSI.DAT
2014-11-10 00:23 - 2014-11-10 00:23 - 0000008 _____ () C:\Users\Dirk\AppData\Local\ext2.dat
2009-07-27 18:07 - 2009-07-27 18:07 - 0000036 _____ () C:\Users\Dirk\AppData\Local\housecall.guid.cache
2009-11-21 07:15 - 2009-11-21 07:15 - 0000600 _____ () C:\Users\Dirk\AppData\Local\PUTTY.RND
2010-04-17 09:15 - 2010-04-17 10:31 - 0000907 _____ () C:\Users\Dirk\AppData\Local\RAExpertHistory.xml
2010-04-17 10:19 - 2010-04-17 10:29 - 0000171 _____ () C:\Users\Dirk\AppData\Local\rahistory.xml
2014-10-26 12:42 - 2014-10-26 12:42 - 0001495 _____ () C:\Users\Dirk\AppData\Local\recently-used.xbel
2012-06-03 11:59 - 2012-06-03 11:59 - 0017408 _____ () C:\Users\Dirk\AppData\Local\WebpageIcons.db
2011-12-11 18:55 - 2014-02-07 20:59 - 0000394 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
Files to move or delete:
====================
C:\Users\Dirk\kavremover10.exe
C:\Users\Dirk\strmdll.dll
Some content of TEMP:
====================
C:\Users\Dirk\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpun_ww9.dll
C:\Users\Dirk\AppData\Local\temp\Quarantine.exe
C:\Users\Dirk\AppData\Local\temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-02-02 18:21
==================== End Of Log ============================
--- --- --- --- --- --- Probleme bisher keine mehr Nur die Frage was ist mit den 31 Funden von Eset? |
|
03.02.2015, 19:42
| #9 |
| /// the machine /// TB-Ausbilder | Vista 32 bit ServicePack 2 mit WindowsMangerProtect Problem und mehr Entfernen wir jetzt. Java und Adobe updaten. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\AdwCleaner\Quarantine\C\Program Files\Search Extensions\uninstall.exe.vir
C:\ProgramData\VistaCodecs\{17AB5817-D9CA-42A3-8B97-172350DB8A41}\Vista Codec Package.msi
C:\ProgramData\VistaCodecs\{B01BCF4E-B877-4C3B-8747-9D79CC0EE84D}\Vista Codec Package.msi
C:\ProgramData\VistaCodecs\{C216372C-E1D6-40B4-AFD9-4BA118AE0095}\Vista Codec Package.msi
C:\Users\All Users\VistaCodecs\{17AB5817-D9CA-42A3-8B97-172350DB8A41}\Vista Codec Package.msi
C:\Users\All Users\VistaCodecs\{B01BCF4E-B877-4C3B-8747-9D79CC0EE84D}\Vista Codec Package.msi
C:\Users\All Users\VistaCodecs\{C216372C-E1D6-40B4-AFD9-4BA118AE0095}\Vista Codec Package.msi
C:\Windows\FixCamera.exe
I:\CatNova\Sicherung Android 2.3\DatenträgerR\road_fighter.apk
I:\CatNova\Sicherung Android 2.3\DatenträgerR\UniversalAndroot.apk
I:\CatNova\Sicherung Android 4.0\DatenträgerR\road_fighter.apk
I:\CatNova\Sicherung Android 4.0\DatenträgerR\UniversalAndroot.apk
I:\Dokumente\digital locker Downloads\Lucky Fisherman\luckyfishsetup.exe
I:\Dokumente\samsung\Handy\angel\videostore_1000000001.apk
I:\Dokumente\samsung\Handy\angel\videostore_yw_1000000001.apk
I:\Dokumente\samsung\Kies\Backup\GT-I9300\GT-I9300_\GT-I9300_20131010051847\Others\angel\videostore_1000000001.apk
I:\Dokumente\samsung\Kies\Backup\GT-I9300\GT-I9300_\GT-I9300_20131010051847\Others\angel\videostore_yw_1000000001.apk
I:\Download\cbsidlm-cbsi188-WinTopo-ORG-10521641.exe
I:\Download\MyPhoneExplorer_Setup_1.8.5.exe
I:\Download\SoftonicDownloader_for_surveillizcam-lite.exe
I:\Download\UltimateCodecsSetup.exe
I:\Download\vlc-2.1.5-win32.exe
I:\Download\x264 Video Codec - CHIP-Installer.exe
I:\Download\Download\rpc420_setup.exe
I:\Download\easymobilehomepage\software\admin\home.php
I:\Download\easymobilehomepage\software\admin\index.php
I:\Download\easymobilehomepage\software\admin\inc\leftsidebar.php
I:\Download\Software\Nero.9.MULTiLANGUAGE.DVD-RESTORE\nero9m\nero9.iso
I:\Eigene Webs\creative-webpages.de\WWW-Neu\web\mobil\admin\home.php
I:\Eigene Webs\creative-webpages.de\WWW-Neu\web\mobil\admin\index.php
I:\Eigene Webs\creative-webpages.de\WWW-Neu\web\mobil\admin\inc\leftsidebar.php
GroupPolicyUsers\S-1-5-21-292042570-3503651505-2778631356-1019\User: Group Policy restriction detected <======= ATTENTION
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:59356;https=127.0.0.1:59356
C:\Users\Dirk\strmdll.dll
Emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
03.02.2015, 21:20
| #10 |
| | Vista 32 bit ServicePack 2 mit WindowsMangerProtect Problem und mehr Hi, Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 31-01-2015
Ran by Dirk at 2015-02-03 21:02:23 Run:1
Running from C:\Users\Dirk\Desktop\TrojanerBoard
Loaded Profiles: Dirk (Available profiles: Dirk & Mcx1 & Pascal)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
C:\AdwCleaner\Quarantine\C\Program Files\Search Extensions\uninstall.exe.vir
C:\ProgramData\VistaCodecs\{17AB5817-D9CA-42A3-8B97-172350DB8A41}\Vista Codec Package.msi
C:\ProgramData\VistaCodecs\{B01BCF4E-B877-4C3B-8747-9D79CC0EE84D}\Vista Codec Package.msi
C:\ProgramData\VistaCodecs\{C216372C-E1D6-40B4-AFD9-4BA118AE0095}\Vista Codec Package.msi
C:\Users\All Users\VistaCodecs\{17AB5817-D9CA-42A3-8B97-172350DB8A41}\Vista Codec Package.msi
C:\Users\All Users\VistaCodecs\{B01BCF4E-B877-4C3B-8747-9D79CC0EE84D}\Vista Codec Package.msi
C:\Users\All Users\VistaCodecs\{C216372C-E1D6-40B4-AFD9-4BA118AE0095}\Vista Codec Package.msi
C:\Windows\FixCamera.exe
I:\CatNova\Sicherung Android 2.3\DatenträgerR\road_fighter.apk
I:\CatNova\Sicherung Android 2.3\DatenträgerR\UniversalAndroot.apk
I:\CatNova\Sicherung Android 4.0\DatenträgerR\road_fighter.apk
I:\CatNova\Sicherung Android 4.0\DatenträgerR\UniversalAndroot.apk
I:\Dokumente\digital locker Downloads\Lucky Fisherman\luckyfishsetup.exe
I:\Dokumente\samsung\Handy\angel\videostore_1000000001.apk
I:\Dokumente\samsung\Handy\angel\videostore_yw_1000000001.apk
I:\Dokumente\samsung\Kies\Backup\GT-I9300\GT-I9300_\GT-I9300_20131010051847\Others\angel\videostore_1000000001.apk
I:\Dokumente\samsung\Kies\Backup\GT-I9300\GT-I9300_\GT-I9300_20131010051847\Others\angel\videostore_yw_1000000001.apk
I:\Download\cbsidlm-cbsi188-WinTopo-ORG-10521641.exe
I:\Download\MyPhoneExplorer_Setup_1.8.5.exe
I:\Download\SoftonicDownloader_for_surveillizcam-lite.exe
I:\Download\UltimateCodecsSetup.exe
I:\Download\vlc-2.1.5-win32.exe
I:\Download\x264 Video Codec - CHIP-Installer.exe
I:\Download\Download\rpc420_setup.exe
I:\Download\easymobilehomepage\software\admin\home.php
I:\Download\easymobilehomepage\software\admin\index.php
I:\Download\easymobilehomepage\software\admin\inc\leftsidebar.php
I:\Download\Software\Nero.9.MULTiLANGUAGE.DVD-RESTORE\nero9m\nero9.iso
I:\Eigene Webs\creative-webpages.de\WWW-Neu\web\mobil\admin\home.php
I:\Eigene Webs\creative-webpages.de\WWW-Neu\web\mobil\admin\index.php
I:\Eigene Webs\creative-webpages.de\WWW-Neu\web\mobil\admin\inc\leftsidebar.php
GroupPolicyUsers\S-1-5-21-292042570-3503651505-2778631356-1019\User: Group Policy restriction detected <======= ATTENTION
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:59356;https=127.0.0.1:59356
C:\Users\Dirk\strmdll.dll
Emptytemp:
*****************
C:\AdwCleaner\Quarantine\C\Program Files\Search Extensions\uninstall.exe.vir => Moved successfully.
C:\ProgramData\VistaCodecs\{17AB5817-D9CA-42A3-8B97-172350DB8A41}\Vista Codec Package.msi => Moved successfully.
C:\ProgramData\VistaCodecs\{B01BCF4E-B877-4C3B-8747-9D79CC0EE84D}\Vista Codec Package.msi => Moved successfully.
C:\ProgramData\VistaCodecs\{C216372C-E1D6-40B4-AFD9-4BA118AE0095}\Vista Codec Package.msi => Moved successfully.
"C:\Users\All Users\VistaCodecs\{17AB5817-D9CA-42A3-8B97-172350DB8A41}\Vista Codec Package.msi" => File/Directory not found.
"C:\Users\All Users\VistaCodecs\{B01BCF4E-B877-4C3B-8747-9D79CC0EE84D}\Vista Codec Package.msi" => File/Directory not found.
"C:\Users\All Users\VistaCodecs\{C216372C-E1D6-40B4-AFD9-4BA118AE0095}\Vista Codec Package.msi" => File/Directory not found.
C:\Windows\FixCamera.exe => Moved successfully.
I:\CatNova\Sicherung Android 2.3\DatenträgerR\road_fighter.apk => Moved successfully.
I:\CatNova\Sicherung Android 2.3\DatenträgerR\UniversalAndroot.apk => Moved successfully.
I:\CatNova\Sicherung Android 4.0\DatenträgerR\road_fighter.apk => Moved successfully.
I:\CatNova\Sicherung Android 4.0\DatenträgerR\UniversalAndroot.apk => Moved successfully.
I:\Dokumente\digital locker Downloads\Lucky Fisherman\luckyfishsetup.exe => Moved successfully.
I:\Dokumente\samsung\Handy\angel\videostore_1000000001.apk => Moved successfully.
I:\Dokumente\samsung\Handy\angel\videostore_yw_1000000001.apk => Moved successfully.
I:\Dokumente\samsung\Kies\Backup\GT-I9300\GT-I9300_\GT-I9300_20131010051847\Others\angel\videostore_1000000001.apk => Moved successfully.
I:\Dokumente\samsung\Kies\Backup\GT-I9300\GT-I9300_\GT-I9300_20131010051847\Others\angel\videostore_yw_1000000001.apk => Moved successfully.
I:\Download\cbsidlm-cbsi188-WinTopo-ORG-10521641.exe => Moved successfully.
I:\Download\MyPhoneExplorer_Setup_1.8.5.exe => Moved successfully.
I:\Download\SoftonicDownloader_for_surveillizcam-lite.exe => Moved successfully.
I:\Download\UltimateCodecsSetup.exe => Moved successfully.
I:\Download\vlc-2.1.5-win32.exe => Moved successfully.
I:\Download\x264 Video Codec - CHIP-Installer.exe => Moved successfully.
I:\Download\Download\rpc420_setup.exe => Moved successfully.
I:\Download\easymobilehomepage\software\admin\home.php => Moved successfully.
I:\Download\easymobilehomepage\software\admin\index.php => Moved successfully.
I:\Download\easymobilehomepage\software\admin\inc\leftsidebar.php => Moved successfully.
I:\Download\Software\Nero.9.MULTiLANGUAGE.DVD-RESTORE\nero9m\nero9.iso => Moved successfully.
I:\Eigene Webs\creative-webpages.de\WWW-Neu\web\mobil\admin\home.php => Moved successfully.
I:\Eigene Webs\creative-webpages.de\WWW-Neu\web\mobil\admin\index.php => Moved successfully.
I:\Eigene Webs\creative-webpages.de\WWW-Neu\web\mobil\admin\inc\leftsidebar.php => Moved successfully.
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-292042570-3503651505-2778631356-1019\User => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKU\S-1-5-21-292042570-3503651505-2778631356-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
C:\Users\Dirk\strmdll.dll => Moved successfully.
EmptyTemp: => Removed 979.3 MB temporary data.
The system needed a reboot.
==== End of Fixlog 21:07:35 ====
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-01-2015 Ran by Dirk (administrator) on HOME-PC on 03-02-2015 21:16:01 Running from C:\Users\Dirk\Desktop\TrojanerBoard Loaded Profiles: Dirk (Available profiles: Dirk & Mcx1 & Pascal) Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 9 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (AMD) C:\Windows\System32\atieclxx.exe (Microsoft Corporation) C:\Windows\System32\wisptis.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe (Microsoft Corporation) C:\Windows\System32\wisptis.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe (Realtek Semiconductor) C:\Windows\RtHDVCpl.exe (Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 11.0\Acrobat\acrotray.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.) C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe () C:\Program Files\DivX\DivX Update\DivXUpdate.exe (Microsoft Corporation) C:\Windows\System32\wpcumi.exe (Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe () C:\Windows\System32\AtwtusbIcon.exe (Acronis) C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis International GmbH) C:\Program Files\Common Files\Acronis\TibMounter\TibMounterMonitor.exe (Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe () C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe (Acronis) C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Infowatch) C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe (Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe () C:\Program Files\Canon\IJPLM\ijplmsvc.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe (Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Deutsche Telekom AG) C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe (Prolific Technology Inc.) C:\Windows\System32\IoctlSvc.exe () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe (Rocket Division Software) C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe (Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE () C:\Windows\System32\atwtusb.exe () C:\Windows\System32\atwtusb.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Windows\ehome\ehsched.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (MATESO GmbH) C:\Program Files\Password Safe and Repository\psr.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\wmi32.exe (Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Acronis) C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [snpstd3] => C:\Windows\vsnpstd3.exe [339968 2005-09-05] () HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-07-02] (Advanced Micro Devices, Inc.) HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4911104 2008-02-25] (Realtek Semiconductor) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated) HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3478600 2013-05-11] (Adobe Systems Inc.) HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2508104 2009-11-01] (CANON INC.) HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-03] (CANON INC.) HKLM\...\Run: [IJNetworkScanUtility] => C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [140640 2009-09-28] (CANON INC.) HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.) HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [295512 2014-05-20] (RealNetworks, Inc.) HKLM\...\Run: [AVP] => C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-11] (Kaspersky Lab ZAO) HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-08-19] (DivX, LLC) HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] () HKLM\...\Run: [WPCUMI] => C:\Windows\system32\WpcUmi.exe [176128 2006-11-02] (Microsoft Corporation) HKLM\...\Run: [DriveUtilitiesHelper] => C:\Program Files\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1852264 2014-05-23] (Western Digital Technologies, Inc.) HKLM\...\Run: [AtwtusbIcon] => C:\Windows\system32\AtwtusbIcon.exe [2963456 2012-09-10] () HKLM\...\Run: [TrueImageMonitor.exe] => C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [5343272 2014-11-27] (Acronis) HKLM\...\Run: [AcronisTibMounterMonitor] => C:\Program Files\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [606096 2014-10-17] (Acronis International GmbH) HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [409912 2014-08-14] (Acronis) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.) HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\Run: [ISUSPM] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [218032 2006-09-11] (Macrovision Corporation) HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-18] (Microsoft Corporation) HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files\Adobe\Acrobat 11.0\Acrobat\AdobeCollabSync.exe [694352 2013-05-11] (Adobe Systems Incorporated) ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files\Acronis\TrueImageHome\tishell.dll (Acronis) ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files\Acronis\TrueImageHome\tishell.dll (Acronis) ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files\Acronis\TrueImageHome\tishell.dll (Acronis) ShellIconOverlayIdentifiers: [KAVOverlayIcon] -> {dd230880-495a-11d1-b064-008048ec2fc5} => C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\shellex.dll (Kaspersky Lab ZAO) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-292042570-3503651505-2778631356-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-292042570-3503651505-2778631356-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.cipro.de/home.htm SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-292042570-3503651505-2778631356-1000 -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = SearchScopes: HKU\S-1-5-21-292042570-3503651505-2778631356-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-292042570-3503651505-2778631356-1000 -> {F8C6023A-C536-4C0E-88D3-58898A3DC330} URL = BHO: Adobe PDF Reader -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO: Adobe Acrobat Create PDF Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) Toolbar: HKU\S-1-5-21-292042570-3503651505-2778631356-1000 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKU\S-1-5-21-292042570-3503651505-2778631356-1000 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {CAFEEFAC-0017-0000-0055-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Dirk\AppData\Roaming\Mozilla\Firefox\Profiles\m12ex9oq.default FF DefaultSearchEngine: Google.de FF SearchEngineOrder.1: SuchMaschine FF Homepage: hxxp://www.cipro.de/home.htm FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll () FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1211151.dll (Adobe Systems, Inc.) FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC) FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin: @microsoft.com/VirtualEarth3D,version=2.5 -> C:\Program Files\Virtual Earth 3D\ () FF Plugin: @microsoft.com/VirtualEarth3D,version=3.0 -> C:\Program Files\Virtual Earth 3D\ () FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @pack.google.com/Google Updater;version=14 -> C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=6.0.12.448 -> C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer) FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll No File FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll (BitComet) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll (RealPlayer) FF SearchPlugin: C:\Users\Dirk\AppData\Roaming\Mozilla\Firefox\Profiles\m12ex9oq.default\searchplugins\google-images.xml FF SearchPlugin: C:\Users\Dirk\AppData\Roaming\Mozilla\Firefox\Profiles\m12ex9oq.default\searchplugins\google-maps.xml FF SearchPlugin: C:\Users\Dirk\AppData\Roaming\Mozilla\Firefox\Profiles\m12ex9oq.default\searchplugins\googlede.xml FF HKLM\...\Firefox\Extensions: [{3112ca9c-de6d-4884-a869-9855de68056c}] - C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} FF Extension: Google Toolbar for Firefox - C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2008-11-23] FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn FF Extension: Adobe Acrobat - Create PDF - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013-04-27] FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-05-20] FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF HKLM\...\Firefox\Extensions: - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com FF Extension: Kaspersky URL Advisor - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com [2014-05-25] FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com FF Extension: Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com [2014-05-25] FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com FF Extension: Gevaarlijke websiteblokkering - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com [2014-05-25] FF HKLM\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com FF Extension: Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com [2014-05-25] FF HKLM\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com FF Extension: Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com [2014-05-25] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-01-31] FF HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Dirk\AppData\Roaming\Mozilla\Firefox\Profiles\m12ex9oq.default\extensions\cliqz@cliqz.com Chrome: ======= CHR Profile: C:\Users\Dirk\AppData\Local\Google\Chrome\User Data\Default CHR HKLM\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\urladvisor.crx [2013-11-11] CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2013-05-11] CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14] CHR HKLM\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - https://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh [Not Found] CHR HKLM\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\ab.crx [2013-11-11] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [860504 2014-08-14] (Acronis) R2 AdobeActiveFileMonitor5.0; C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe [108712 2006-12-22] () R2 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [4029432 2015-01-01] (Acronis) R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-11] (Kaspersky Lab ZAO) R2 CSObjectsSrv; C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [818888 2013-09-25] (Infowatch) S4 DBService; C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe [187456 2009-06-14] (DATA BECKER GmbH & Co KG) [File not signed] S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2007-12-22] (Macrovision Europe Ltd.) [File not signed] R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2014-09-18] (Freemake) [File not signed] S2 gupdate1ca87fdcc7cbf74; C:\Program Files\Google\Update\GoogleUpdate.exe [107912 2014-10-20] (Google Inc.) R2 HFGService; C:\Windows\System32\HFGService.dll [419224 2010-02-05] (CSR, plc) S3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-11-06] (Hewlett-Packard Co.) [File not signed] S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed] R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [116104 2009-09-08] () S3 Macromedia Licensing Service; C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [68096 2007-05-05] () [File not signed] R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 Netzmanager Service; C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [2635776 2012-07-20] (Deutsche Telekom AG) [File not signed] R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed] R2 PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed] R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] () S2 StarMoney 9.0 OnlineUpdate; C:\Program Files\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe [697488 2014-07-04] (Star Finanz-Software Entwicklung und Vertriebs GmbH) R2 StarWindServiceAE; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [275968 2007-05-28] (Rocket Division Software) [File not signed] R2 syncagentsrv; C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe [6857752 2014-09-13] (Acronis) R2 WDDriveService; C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-10-23] (Western Digital Technologies, Inc.) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-18] (Microsoft Corporation) R2 WTService; C:\Windows\system32\atwtusb.exe [536064 2013-11-12] () [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 acedrv10; C:\Windows\system32\drivers\acedrv10.sys [583128 2007-10-28] (Protect Software GmbH) R2 acehlp10; C:\Windows\system32\drivers\acehlp10.sys [250560 2007-10-26] (Protect Software GmbH) R2 ARGUS; C:\Windows\System32\drivers\dvr100H.sys [65280 2007-12-14] (AVerMedia Systems, Inc.) [File not signed] S3 BthAudioHF; C:\Windows\System32\DRIVERS\BthAudioHF.sys [48024 2010-02-05] (CSR, plc) R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [88632 2011-06-02] (Infowatch) R1 CSVirtualDiskDrv; C:\Windows\System32\DRIVERS\CSVirtualDiskDrv.sys [39736 2011-06-02] (Infowatch) R3 dfmirage; C:\Windows\System32\DRIVERS\dfmirage.sys [34128 2008-03-26] (DemoForge, LLC) S3 dptrackerd; C:\Windows\System32\drivers\dptrackerd.sys [44416 2005-12-18] (Windows (R) 2000 DDK provider) [File not signed] S3 FET5X86V; C:\Windows\System32\DRIVERS\fetnd5bv.sys [43520 2008-01-02] (VIA Technologies, Inc. ) R3 FETND6V; C:\Windows\System32\DRIVERS\fetnd6v.sys [51312 2011-05-13] (VIA Technologies, Inc. ) R0 file_tracker; C:\Windows\System32\DRIVERS\file_tracker.sys [214304 2015-01-01] (Acronis International GmbH) R1 hugoio; C:\Program Files\i-Menu\hugoio.sys [9760 2008-04-14] () R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2014-05-25] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [597568 2014-06-05] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25696 2014-05-25] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25696 2013-11-11] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2013-11-11] (Kaspersky Lab ZAO) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [44000 2013-11-11] (Kaspersky Lab ZAO) R3 KMWDFILTER; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [17408 2008-10-09] (Windows (R) Codename Longhorn DDK provider) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [145040 2013-11-11] (Kaspersky Lab ZAO) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-02-03] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation) R3 moufiltr; C:\Windows\System32\DRIVERS\moufiltr.sys [6144 2009-03-08] (Windows (R) Codename Longhorn DDK provider) S3 MusCAudio; C:\Windows\System32\drivers\MusCAudio.sys [23608 2013-10-10] (Windows (R) Win 7 DDK provider) S3 MusCDriverV32; C:\Windows\System32\drivers\MusCDriverV32.sys [22528 2007-07-18] (Windows (R) Codename Longhorn DDK provider) [File not signed] S4 nvatabus; C:\Windows\system32\drivers\nvatabus.sys [105088 2006-07-14] (NVIDIA Corporation) S3 s125mdfl; C:\Windows\System32\DRIVERS\s125mdfl.sys [15112 2007-04-24] (MCCI Corporation) S3 s125mdm; C:\Windows\System32\DRIVERS\s125mdm.sys [108680 2007-04-24] (MCCI Corporation) S3 SNPSTD3; C:\Windows\System32\DRIVERS\snpstd3.sys [8701824 2005-10-13] () S4 sptd; C:\Windows\System32\Drivers\sptd.sys [320120 2014-07-16] (Duplex Secure Ltd.) S3 teamviewervpn; C:\Windows\System32\DRIVERS\teamviewervpn.sys [25088 2010-03-11] (TeamViewer GmbH) S3 TelekomNM3; C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys [35040 2010-09-16] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) R0 tib; C:\Windows\System32\DRIVERS\tib.sys [867968 2015-01-01] (Acronis International GmbH) R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [169248 2015-01-01] (Acronis International GmbH) S3 tosrfbd; C:\Windows\System32\DRIVERS\tosrfbd.sys [113792 2006-11-30] (TOSHIBA CORPORATION) [File not signed] S3 tosrfbnp; C:\Windows\System32\Drivers\tosrfbnp.sys [36480 2006-11-20] (TOSHIBA Corporation) [File not signed] S3 Tosrfhid; C:\Windows\System32\DRIVERS\Tosrfhid.sys [73600 2006-10-05] (TOSHIBA Corporation.) [File not signed] S3 tosrfnds; C:\Windows\System32\DRIVERS\tosrfnds.sys [18612 2005-01-06] (TOSHIBA Corporation.) [File not signed] S3 tosrfusb; C:\Windows\System32\DRIVERS\tosrfusb.sys [40960 2006-10-28] (TOSHIBA CORPORATION) [File not signed] R2 v2imount; C:\Windows\System32\DRIVERS\v2imount.sys [38112 2008-01-19] (Symantec Corporation) R3 vhidmini; C:\Windows\System32\DRIVERS\walvhid.sys [6144 2009-08-20] (Windows (R) Win 7 DDK provider) S4 viamraid; C:\Windows\system32\drivers\viamraid.sys [100992 2006-03-31] (VIA Technologies inc,.ltd) R0 videX32; C:\Windows\System32\drivers\videx32.sys [9216 2006-10-17] (VIA Technologies, Inc.) S3 vtcdrv; C:\Windows\System32\DRIVERS\vtcdrv.sys [18688 2010-05-17] (Windows (R) Codename Longhorn DDK provider) S3 VX1000; C:\Windows\System32\DRIVERS\VX1000.sys [1961072 2010-05-20] (Microsoft Corporation) R0 xfilt; C:\Windows\System32\drivers\xfilt.sys [17920 2006-10-18] (VIA Technologies,Inc) S3 amdkmdap; system32\DRIVERS\atikmpag.sys [X] U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-18] (Microsoft Corporation) S2 ASInsHelp; \??\C:\Windows\system32\drivers\AsInsHelp32.sys [X] S3 AtiHDAudioService; system32\drivers\AtihdLH3.sys [X] S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X] S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 cpuz134; \??\C:\Users\Dirk\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X] S3 GenericMount; system32\DRIVERS\GenericMount.sys [X] S4 HpCISSs; \SystemRoot\system32\drivers\hpcisss.sys [X] S3 Huawei; system32\DRIVERS\ewdcsc.sys [X] S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] U5 klflt; C:\Windows\System32\Drivers\klflt.sys [74848 2014-06-05] (Kaspersky Lab ZAO) S3 mod7700; system32\DRIVERS\mod7700.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] S3 SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\WNt500x86\Sandra.sys [X] S2 secdrv; No ImagePath S3 SNP325; system32\DRIVERS\snp325.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-03 20:38 - 2015-02-03 20:38 - 00001922 _____ () C:\Users\Public\Desktop\Ausschneiden 2.0.lnk 2015-02-03 04:46 - 2015-02-03 04:46 - 00852573 _____ () C:\Users\Dirk\Desktop\SecurityCheck.exe 2015-02-02 19:42 - 2015-02-02 19:42 - 02347384 _____ (ESET) C:\Users\Dirk\Desktop\esetsmartinstaller_deu.exe 2015-02-01 21:15 - 2015-02-01 21:15 - 00000000 ____D () C:\Windows\ERUNT 2015-02-01 19:47 - 2015-02-01 20:30 - 00000000 ____D () C:\AdwCleaner 2015-02-01 19:13 - 2015-02-03 21:13 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-02-01 19:12 - 2015-02-01 19:12 - 00000865 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-02-01 19:12 - 2015-02-01 19:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-02-01 19:11 - 2015-02-01 19:11 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2015-02-01 19:11 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-02-01 19:11 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-02-01 19:11 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-02-01 19:08 - 2015-02-01 19:08 - 02194432 _____ () C:\Users\Dirk\Desktop\AdwCleaner_4.109.exe 2015-02-01 19:08 - 2015-02-01 19:08 - 01707939 _____ (Thisisu) C:\Users\Dirk\Desktop\JRT.exe 2015-01-31 18:27 - 2015-01-31 19:01 - 00000000 ____D () C:\Qoobox 2015-01-31 18:27 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe 2015-01-31 18:27 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe 2015-01-31 18:27 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-01-31 18:27 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-01-31 18:27 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-01-31 18:27 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe 2015-01-31 18:27 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe 2015-01-31 18:27 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe 2015-01-31 18:25 - 2015-01-31 18:58 - 00000000 ____D () C:\Windows\erdnt 2015-01-31 18:24 - 2015-01-31 18:24 - 05611408 ____R (Swearware) C:\Users\Dirk\Desktop\ComboFix.exe 2015-01-31 18:00 - 2015-01-31 18:00 - 00001023 _____ () C:\Users\Dirk\Desktop\Revo Uninstaller.lnk 2015-01-31 18:00 - 2015-01-31 18:00 - 00000000 ____D () C:\Program Files\VS Revo Group 2015-01-31 14:04 - 2015-02-03 21:16 - 00000000 ____D () C:\FRST 2015-01-31 13:52 - 2015-01-31 13:53 - 00000020 _____ () C:\Users\Dirk\defogger_reenable 2015-01-31 13:51 - 2015-02-03 21:16 - 00000000 ____D () C:\Users\Dirk\Desktop\TrojanerBoard 2015-01-31 09:05 - 2006-11-02 07:21 - 00319456 _____ (Microsoft Corporation) C:\Windows\system32\DIFxAPI.dll 2015-01-31 09:04 - 2011-05-13 13:34 - 00051312 _____ (VIA Technologies, Inc. ) C:\Windows\system32\Drivers\fetnd6v.sys 2015-01-31 09:04 - 2006-10-27 16:26 - 00069632 _____ () C:\Windows\system32\vuins32.dll 2015-01-28 21:51 - 2015-01-28 21:52 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2015-01-28 21:20 - 2015-01-28 21:20 - 00001842 _____ () C:\Users\Public\Desktop\WISO Steuer-Sparbuch 2015.lnk 2015-01-28 21:20 - 2015-01-28 21:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO Steuer-Sparbuch 2015 2015-01-26 20:40 - 2015-02-03 20:32 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-01-26 20:40 - 2015-01-26 20:56 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-01-26 20:40 - 2015-01-26 20:56 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2015-01-24 15:38 - 2015-01-24 15:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elcomsoft Password Recovery 2015-01-24 15:38 - 2015-01-24 15:38 - 00000000 ____D () C:\ProgramData\Elcomsoft Password Recovery 2015-01-24 15:38 - 2015-01-24 15:38 - 00000000 ____D () C:\Program Files\Elcomsoft Password Recovery 2015-01-24 13:27 - 2015-01-24 13:27 - 00000000 ____D () C:\digitalvideoconverter 2015-01-24 12:49 - 2015-01-24 12:49 - 00000825 _____ () C:\Users\Public\Desktop\VLC media player.lnk 2015-01-24 12:48 - 2015-01-24 12:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN 2015-01-24 12:32 - 2015-01-24 12:32 - 00001692 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk 2015-01-24 12:32 - 2015-01-24 12:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime 2015-01-24 12:20 - 2015-01-24 12:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AC3Filter 2015-01-24 12:20 - 2015-01-24 12:20 - 00000000 ____D () C:\Program Files\AC3Filter 2015-01-20 07:28 - 2015-01-20 07:28 - 00000083 _____ () C:\Windows\system32\gpupdate.bin 2015-01-15 03:13 - 2014-12-19 01:25 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2015-01-15 03:01 - 2014-12-06 04:14 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll 2015-01-15 03:01 - 2014-12-06 04:14 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll 2015-01-15 03:01 - 2014-12-06 04:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll 2015-01-15 03:00 - 2014-12-06 04:14 - 00153600 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2015-01-06 17:56 - 2015-01-06 17:56 - 00000000 ____D () C:\ProgramData\Avanquest Software ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-03 21:14 - 2007-05-05 16:56 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2015-02-03 21:14 - 2006-11-02 13:37 - 00000000 ___RD () C:\Users\Public\Recorded TV 2015-02-03 21:12 - 2009-03-08 14:13 - 00000008 __RSH () C:\Users\Dirk\ntuser.pol 2015-02-03 21:12 - 2009-03-08 12:08 - 00000000 ____D () C:\Users\Dirk 2015-02-03 21:12 - 2007-06-01 17:40 - 00000008 __RSH () C:\ProgramData\ntuser.pol 2015-02-03 21:12 - 2006-11-02 11:23 - 00000689 _____ () C:\Windows\win.ini 2015-02-03 21:11 - 2014-12-31 12:24 - 00072622 _____ () C:\Windows\PFRO.log 2015-02-03 21:11 - 2011-10-19 07:19 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-02-03 21:11 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-02-03 21:11 - 2006-11-02 13:47 - 00003696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2015-02-03 21:11 - 2006-11-02 13:47 - 00003696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2015-02-03 21:09 - 2012-05-10 02:51 - 00032626 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-02-03 21:08 - 2012-05-03 16:45 - 01984937 _____ () C:\Windows\WindowsUpdate.log 2015-02-03 21:08 - 2008-09-14 13:16 - 00000012 _____ () C:\Windows\bthservsdp.dat 2015-02-03 21:04 - 2006-11-02 12:18 - 00000000 ___HD () C:\Windows\system32\GroupPolicy 2015-02-03 20:56 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET 2015-02-03 20:53 - 2006-11-02 11:33 - 01588394 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-02-03 20:38 - 2014-12-28 14:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avanquest 2015-02-03 20:37 - 2007-05-05 23:30 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information 2015-02-03 20:34 - 2011-10-19 07:19 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-02-03 20:14 - 2014-12-28 14:51 - 00000000 ____D () C:\ProgramData\Configuration 2015-02-03 17:22 - 2007-05-05 18:56 - 00000000 ____D () C:\Users\Dirk\AppData\Local\Adobe 2015-02-03 10:18 - 2011-09-10 11:15 - 00000974 _____ () C:\Windows\Tasks\Google Software Updater.job 2015-02-03 00:00 - 2009-06-23 19:57 - 00000368 _____ () C:\Windows\Tasks\NeroLiveEpgUpdate-Home-PC_Dirk.job 2015-02-02 17:36 - 2014-07-12 11:20 - 00000000 ____D () C:\Users\Dirk\AppData\Roaming\Dropbox 2015-02-02 17:36 - 2012-01-31 18:34 - 00000000 ___RD () C:\Users\Dirk\Dropbox 2015-02-01 19:11 - 2010-06-07 07:52 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-02-01 16:18 - 2013-10-14 15:32 - 00000000 ____D () C:\ProgramData\CanonIJPLM 2015-02-01 16:14 - 2009-03-09 19:52 - 00096256 _____ () C:\Users\Dirk\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-02-01 16:02 - 2014-11-29 09:20 - 00000461 _____ () C:\Users\Dirk\Desktop\Daten-SIG.lnk 2015-01-31 19:00 - 2006-11-02 12:18 - 00000000 __RHD () C:\Users\Default 2015-01-31 19:00 - 2006-11-02 12:18 - 00000000 ___RD () C:\Users\Public 2015-01-31 18:52 - 2006-11-02 11:23 - 00000215 _____ () C:\Windows\system.ini 2015-01-31 18:48 - 2006-11-02 11:22 - 81395712 _____ () C:\Windows\system32\config\SOFTWARE.bak 2015-01-31 18:48 - 2006-11-02 11:22 - 78381056 _____ () C:\Windows\system32\config\SYSTEM.bak 2015-01-31 18:48 - 2006-11-02 11:22 - 50069504 _____ () C:\Windows\system32\config\COMPON~1.bak 2015-01-31 18:48 - 2006-11-02 11:22 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak 2015-01-31 18:48 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak 2015-01-31 18:48 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\SAM.bak 2015-01-31 18:00 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\de-DE 2015-01-31 17:55 - 2007-09-25 15:23 - 00000000 ____D () C:\Program Files\Microsoft.NET 2015-01-31 08:48 - 2008-06-14 15:28 - 00000000 ____D () C:\Program Files\Virtual Earth 3D 2015-01-31 08:45 - 2010-11-01 09:05 - 00000000 ____D () C:\Users\Dirk\AppData\Roaming\YoWindow 2015-01-31 08:38 - 2009-03-29 10:57 - 00000000 ____D () C:\Program Files\Mobile Partner 2015-01-31 07:28 - 2014-08-22 11:49 - 00000000 ____D () C:\Send 2015-01-30 03:29 - 2013-05-10 06:45 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2015-01-29 20:41 - 2008-05-27 17:44 - 00000000 ____D () C:\MAGIX 2015-01-29 20:08 - 2014-05-13 17:02 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 2015-01-29 20:08 - 2007-07-13 16:38 - 00000000 ____D () C:\Program Files\Common Files\Apple 2015-01-29 19:56 - 2007-10-14 09:28 - 00000000 ____D () C:\Program Files\WISO 2015-01-29 09:12 - 2013-01-08 19:10 - 00000000 ____D () C:\ProgramData\Netzmanager 2015-01-29 09:06 - 2014-12-31 12:18 - 00207680 _____ () C:\Users\Dirk\AppData\Local\GDIPFONTCACHEV1.DAT 2015-01-29 09:05 - 2014-12-31 12:24 - 01963128 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-01-29 09:00 - 2007-09-25 15:18 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-01-29 08:59 - 2011-03-19 07:41 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER 2015-01-29 08:58 - 2006-11-02 12:18 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared 2015-01-28 21:21 - 2007-11-27 19:09 - 00000000 ____D () C:\Users\Dirk\AppData\Local\Buhl 2015-01-28 21:21 - 2007-10-14 10:56 - 00001464 _____ () C:\Windows\wiso.ini 2015-01-28 20:51 - 2014-01-02 10:02 - 00000000 ____D () C:\Program Files\StarMoney 9.0 2015-01-28 20:50 - 2014-07-16 18:57 - 00000000 ____D () C:\ProgramData\Package Cache 2015-01-24 12:53 - 2011-04-17 12:17 - 00000824 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-01-24 12:53 - 2009-03-08 14:14 - 00000955 _____ () C:\Users\Dirk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-01-24 12:53 - 2007-11-26 21:06 - 00001730 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2015-01-24 12:32 - 2007-05-14 19:27 - 00000000 ____D () C:\Program Files\QuickTime 2015-01-23 10:28 - 2014-12-28 14:52 - 00000000 ____D () C:\Users\Dirk\AppData\Local\Avanquest 2015-01-21 07:39 - 2014-08-02 15:09 - 00000000 ____D () C:\Users\Dirk\AppData\Roaming\vlc 2015-01-20 07:35 - 2007-05-05 23:51 - 00000000 ____D () C:\Program Files\AceBIT 2015-01-20 07:27 - 2013-10-16 11:37 - 00000000 ____D () C:\Users\Dirk\AppData\Local\AllMusicConverter 2015-01-19 09:19 - 2007-05-05 22:35 - 00000000 ____D () C:\Users\Dirk\AppData\Roaming\Skype 2015-01-15 03:13 - 2013-08-15 02:13 - 00000000 ____D () C:\Windows\system32\MRT 2015-01-15 03:02 - 2006-11-02 11:24 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2015-01-13 20:26 - 2007-05-31 17:42 - 00000000 ____D () C:\Users\Dirk\AppData\Local\CutePDF Writer 2015-01-13 18:08 - 2011-03-05 15:27 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR 2015-01-06 04:36 - 2009-10-03 11:53 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2015-01-05 18:49 - 2014-10-13 16:43 - 00207680 _____ () C:\Users\Pascal\AppData\Local\GDIPFONTCACHEV1.DAT ==================== Files in the root of some directories ======= 1997-09-03 23:00 - 1997-09-03 23:00 - 0311296 _____ (Microsoft Corporation) C:\Program Files\Common Files\msacc8.olb 2007-08-26 16:20 - 2011-06-21 17:08 - 0000070 _____ () C:\Users\Dirk\AppData\Roaming\AVSDVDPlayer.m3u 2011-05-13 19:44 - 2011-01-14 21:07 - 0061440 _____ () C:\Users\Dirk\AppData\Roaming\chrtmp 2009-05-31 08:00 - 2009-05-31 08:00 - 0000029 _____ () C:\Users\Dirk\AppData\Roaming\default.rss 2009-05-31 08:00 - 2009-05-31 08:00 - 0000000 _____ () C:\Users\Dirk\AppData\Roaming\downloads.m3u 2007-08-26 19:14 - 2007-08-26 19:14 - 0087608 _____ () C:\Users\Dirk\AppData\Roaming\inst.exe 2009-06-07 22:11 - 2009-06-07 22:11 - 0038431 _____ () C:\Users\Dirk\AppData\Roaming\Kommagetrennte Werte (DOS).ADR 2007-10-01 20:38 - 2007-10-01 20:38 - 0012963 _____ () C:\Users\Dirk\AppData\Roaming\Kommagetrennte Werte (DOS).CAL 2007-09-15 10:33 - 2012-03-21 19:47 - 0038443 _____ () C:\Users\Dirk\AppData\Roaming\Kommagetrennte Werte (Windows).ADR 2007-10-01 20:29 - 2007-10-01 20:29 - 0012967 _____ () C:\Users\Dirk\AppData\Roaming\Kommagetrennte Werte (Windows).CAL 2007-09-15 10:39 - 2007-09-15 10:39 - 0011425 _____ () C:\Users\Dirk\AppData\Roaming\Kommagetrennte Werte (Windows).TSK 2012-03-19 07:19 - 2012-03-21 19:44 - 0023496 _____ () C:\Users\Dirk\AppData\Roaming\Microsoft Excel 97-2003.ADR 2008-02-10 10:43 - 2008-12-07 12:16 - 0012965 _____ () C:\Users\Dirk\AppData\Roaming\Microsoft Excel 97-2003.CAL 2009-05-09 15:49 - 2009-05-09 15:54 - 0008261 _____ () C:\Users\Dirk\AppData\Roaming\Microsoft Excel 97-2003.JNL 2007-06-10 08:30 - 2007-06-10 08:30 - 0012944 _____ () C:\Users\Dirk\AppData\Roaming\Microsoft Excel.CAL 2007-08-26 19:14 - 2007-08-26 19:14 - 0007887 _____ () C:\Users\Dirk\AppData\Roaming\pcouffin.cat 2007-08-26 19:14 - 2007-08-26 19:14 - 0001144 _____ () C:\Users\Dirk\AppData\Roaming\pcouffin.inf 2007-08-26 19:15 - 2007-08-26 19:15 - 0000034 _____ () C:\Users\Dirk\AppData\Roaming\pcouffin.log 2007-08-26 19:14 - 2007-08-26 19:14 - 0047360 _____ (VSO Software) C:\Users\Dirk\AppData\Roaming\pcouffin.sys 2007-05-10 21:52 - 2007-05-10 21:52 - 0012962 _____ () C:\Users\Dirk\AppData\Roaming\Tabulatorgetrennte Werte (Windows).CAL 2009-02-23 10:10 - 2009-02-23 10:10 - 0006144 ___SH () C:\Users\Dirk\AppData\Roaming\Thumbs.db 2007-11-25 20:09 - 2008-05-25 10:22 - 0012201 _____ () C:\Users\Dirk\AppData\Roaming\UserTile.png 2014-09-14 15:23 - 2014-12-19 21:34 - 0000222 _____ () C:\Users\Dirk\AppData\Roaming\WB.CFG 2007-05-05 16:13 - 2007-05-10 21:56 - 0000112 _____ () C:\Users\Dirk\AppData\Roaming\wklnhst.dat 2011-01-04 12:06 - 2011-08-14 11:03 - 0001188 _____ () C:\Users\Dirk\AppData\Local\crc32list11.txt 2009-09-10 16:35 - 2014-12-15 20:23 - 0001356 _____ () C:\Users\Dirk\AppData\Local\d3d9caps.dat 2009-03-09 19:52 - 2015-02-01 16:14 - 0096256 _____ () C:\Users\Dirk\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-12-02 03:23 - 2014-12-17 02:23 - 0000010 _____ () C:\Users\Dirk\AppData\Local\DSI.DAT 2014-11-10 00:23 - 2014-11-10 00:23 - 0000008 _____ () C:\Users\Dirk\AppData\Local\ext2.dat 2009-07-27 18:07 - 2009-07-27 18:07 - 0000036 _____ () C:\Users\Dirk\AppData\Local\housecall.guid.cache 2009-11-21 07:15 - 2009-11-21 07:15 - 0000600 _____ () C:\Users\Dirk\AppData\Local\PUTTY.RND 2010-04-17 09:15 - 2010-04-17 10:31 - 0000907 _____ () C:\Users\Dirk\AppData\Local\RAExpertHistory.xml 2010-04-17 10:19 - 2010-04-17 10:29 - 0000171 _____ () C:\Users\Dirk\AppData\Local\rahistory.xml 2014-10-26 12:42 - 2014-10-26 12:42 - 0001495 _____ () C:\Users\Dirk\AppData\Local\recently-used.xbel 2012-06-03 11:59 - 2012-06-03 11:59 - 0017408 _____ () C:\Users\Dirk\AppData\Local\WebpageIcons.db 2011-12-11 18:55 - 2014-02-07 20:59 - 0000394 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc Files to move or delete: ==================== C:\Users\Dirk\kavremover10.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-02-03 20:36 ==================== End Of Log ============================ --- --- --- |
|
04.02.2015, 18:49
| #11 |
| /// the machine /// TB-Ausbilder | Vista 32 bit ServicePack 2 mit WindowsMangerProtect Problem und mehr Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
06.02.2015, 19:48
| #12 |
| | Vista 32 bit ServicePack 2 mit WindowsMangerProtect Problem und mehr Hi Schrauber, soweit alles klar kannst schließen Danke |
|
07.02.2015, 12:04
| #13 |
| /// the machine /// TB-Ausbilder | Vista 32 bit ServicePack 2 mit WindowsMangerProtect Problem und mehr Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Vista 32 bit ServicePack 2 mit WindowsMangerProtect Problem und mehr |
| adobe, bonjour, browser, canon, defender, desktop, ebanking, esgscanner.sys, excel, firefox, flash player, homepage, iexplore.exe, installation, kaspersky, mozilla, problem, realtek, registry, required, rundll, scan, services.exe, software, starmoney, svchost.exe, symantec, system, vista, wiso |
dann auf 
und dann auf 
. 
WARNUNG an die MITLESER: 
Linear-Darstellung
