| |
| |||||||
Log-Analyse und Auswertung: Vista 32 bit ServicePack 2 mit WindowsMangerProtect Problem und mehrWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
31.01.2015, 14:58
| #1 |
 |  Vista 32 bit ServicePack 2 mit WindowsMangerProtect Problem und mehr Hallo Zusammen, habe wie oben genannt ein Problem mit WindowsMangerProtect bestimmt auch noch andere Aufgefallen durch meldung von Kasperky und durch Performance-Probleme im I-Net. Würde mich freuen wenn sich jemand meiner Sache annehmen kann. Danke GCCDirk Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 13:52 on 31/01/2015 (Dirk)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
SPTD -> Disabled (Service running -> reboot required)
-=E.O.F=-
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-01-2015
Ran by Dirk (administrator) on HOME-PC on 31-01-2015 14:04:38
Running from C:\Users\Dirk\Desktop\TrojanerBoard
Loaded Profiles: Dirk (Available profiles: Dirk & Mcx1 & Pascal)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(SysTool PasSame LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
() C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
(Acronis) C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Infowatch) C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
() C:\Program Files\Canon\IJPLM\ijplmsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
(Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Deutsche Telekom AG) C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
(Prolific Technology Inc.) C:\Windows\System32\IoctlSvc.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe
(Rocket Division Software) C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
() C:\Windows\System32\atwtusb.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
() C:\Windows\System32\atwtusb.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(CANON INC.) C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Microsoft Corporation) C:\Windows\System32\wpcumi.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
() C:\Windows\System32\AtwtusbIcon.exe
(Acronis) C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis International GmbH) C:\Program Files\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
(Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(MATESO GmbH) C:\Program Files\Password Safe and Repository\psr.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Acronis) C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-18] (Microsoft Corporation)
HKLM\...\Run: [snpstd3] => C:\Windows\vsnpstd3.exe [339968 2005-09-05] ()
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-07-02] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4911104 2008-02-25] (Realtek Semiconductor)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3478600 2013-05-11] (Adobe Systems Inc.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2508104 2009-11-01] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-03] (CANON INC.)
HKLM\...\Run: [IJNetworkScanUtility] => C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [140640 2009-09-28] (CANON INC.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\Update\realsched.exe [295512 2014-05-20] (RealNetworks, Inc.)
HKLM\...\Run: [AVP] => C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-11] (Kaspersky Lab ZAO)
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-08-19] (DivX, LLC)
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM\...\Run: [WPCUMI] => C:\Windows\system32\WpcUmi.exe [176128 2006-11-02] (Microsoft Corporation)
HKLM\...\Run: [DriveUtilitiesHelper] => C:\Program Files\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1852264 2014-05-23] (Western Digital Technologies, Inc.)
HKLM\...\Run: [AtwtusbIcon] => C:\Windows\system32\AtwtusbIcon.exe [2963456 2012-09-10] ()
HKLM\...\Run: [TrueImageMonitor.exe] => C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [5343272 2014-11-27] (Acronis)
HKLM\...\Run: [AcronisTibMounterMonitor] => C:\Program Files\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [606096 2014-10-17] (Acronis International GmbH)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [409912 2014-08-14] (Acronis)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\Run: [ISUSPM] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [218032 2006-09-11] (Macrovision Corporation)
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-18] (Microsoft Corporation)
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files\Adobe\Acrobat 11.0\Acrobat\AdobeCollabSync.exe [694352 2013-05-11] (Adobe Systems Incorporated)
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\RunOnce: [Shockwave Updater] => C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1150600.exe [468408 2009-06-05] (Adobe Systems, Inc.)
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\MountPoints2: M - M:\AutoRun.exe
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\MountPoints2: {18515a3c-1d6b-11df-b645-0019db5bd77b} - M:\AutoRun.exe
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\MountPoints2: {18515a52-1d6b-11df-b645-0019db5bd77b} - M:\AutoRun.exe
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\MountPoints2: {18515a5a-1d6b-11df-b645-0019db5bd77b} - M:\AutoRun.exe
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\MountPoints2: {35d8dd1d-efc3-11df-b8af-806e6f6e6963} - H:\AutoRun.exe
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\MountPoints2: {39a36e28-1b6a-11e2-b865-0019db5bd77b} - Q:\LaunchU3.exe -a
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\MountPoints2: {39d4b926-df25-11e2-abf9-806e6f6e6963} - Q:\AutoRun.exe
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\MountPoints2: {3d4c75c4-2dba-11de-a81d-0019db5bd77b} - I:\AutoRun.exe
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\MountPoints2: {3d4c76ac-2dba-11de-a81d-0019db5bd77b} - M:\AutoRun.exe
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\MountPoints2: {442e28c7-3a2c-11df-8a55-0019db5bd77b} - I:\AutoRun.exe
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\MountPoints2: {442e28d1-3a2c-11df-8a55-0019db5bd77b} - I:\AutoRun.exe
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\MountPoints2: {442e28fc-3a2c-11df-8a55-0019db5bd77b} - I:\AutoRun.exe
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\MountPoints2: {442e292f-3a2c-11df-8a55-0019db5bd77b} - I:\AutoRun.exe
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\MountPoints2: {4b212984-3e86-11df-ab0b-0019db5bd77b} - I:\AutoRun.exe
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\MountPoints2: {54ef194e-6810-11df-a1a9-0019db5bd77b} - I:\AutoRun.exe
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\MountPoints2: {54ef198c-6810-11df-a1a9-0019db5bd77b} - I:\AutoRun.exe
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\MountPoints2: {6493d157-1324-11df-8bdd-0019db5bd77b} - I:\AutoRun.exe
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\MountPoints2: {6493d159-1324-11df-8bdd-0019db5bd77b} - I:\AutoRun.exe
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\MountPoints2: {77b9991f-f017-11df-899f-0019db5bd77b} - M:\AutoRun.exe
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\MountPoints2: {8fce1577-cde9-11df-95e1-0019db5bd77b} - I:\AutoRun.exe
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\MountPoints2: {945c1662-55d1-11de-a877-0019db5bd77b} - I:\AutoRun.exe
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\MountPoints2: {a9bece32-06a7-11df-87b5-0019db5bd77b} - I:\AutoRun.exe
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\MountPoints2: {a9bece34-06a7-11df-87b5-0019db5bd77b} - I:\AutoRun.exe
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\MountPoints2: {aa00422c-1c46-11de-a29e-0019db5bd77b} - I:\AutoRun.exe
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\MountPoints2: {aa00482d-1c46-11de-a29e-0019db5bd77b} - I:\AutoRun.exe
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\MountPoints2: {ab4e8eaf-fb14-11db-b44b-806e6f6e6963} - E:\start.exe /auto
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\MountPoints2: {b02e3bc0-b7e5-11de-910c-806e6f6e6963} - I:\AutoRun.exe
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\MountPoints2: {d424ea47-a20d-11de-87d1-0019db5bd77b} - I:\AutoRun.exe
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\MountPoints2: {d424ea49-a20d-11de-87d1-0019db5bd77b} - I:\AutoRun.exe
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\MountPoints2: {d5d7bddb-f25d-11df-ab36-0019db5bd77b} - H:\AutoRun.exe
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\MountPoints2: {dee467b9-31e3-11df-8440-0019db5bd77b} - M:\AutoRun.exe
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\MountPoints2: {dee467cd-31e3-11df-8440-0019db5bd77b} - M:\AutoRun.exe
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\MountPoints2: {e0f0150f-2c73-11df-9803-0019db5bd77b} - I:\AutoRun.exe
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\MountPoints2: {f037cb26-20d6-11de-b1ae-0019db5bd77b} - I:\AutoRun.exe
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\MountPoints2: {f037cb92-20d6-11de-b1ae-0019db5bd77b} - I:\AutoRun.exe
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\MountPoints2: {f037cbd1-20d6-11de-b1ae-0019db5bd77b} - I:\AutoRun.exe
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...0c966feabec1\InprocServer32: [Default-shell32] ATTENTION! ====> ZeroAccess?
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...409d6c4515e9\InprocServer32: [Default-shell32] <==== ATTENTION!
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...A8F59079A8D5}\localserver32: <==== ATTENTION!
ShellIconOverlayIdentifiers: [!1SYNCING.NET Unread] -> {5C9D3C37-2C95-4b5b-9EF0-4E0AFCA5E78A} => No File
ShellIconOverlayIdentifiers: [!2SYNCING.NET Shared Folder] -> {FB8CDFB0-B508-4F12-A91E-26E68ABB4DAE} => No File
ShellIconOverlayIdentifiers: [!3SYNCING.NET CheckedOutByTeammate] -> {5CBF1ABD-2D6A-4570-9A4F-A47798BBFC08} => No File
ShellIconOverlayIdentifiers: [!4SYNCING.NET CheckedOutByMe] -> {B133F3E9-124C-4669-BFFF-1B74508B5A84} => No File
ShellIconOverlayIdentifiers: [!5SYNCING.NET DownArrow] -> {0B914147-F836-4cfa-893A-ECE90B815982} => No File
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files\Acronis\TrueImageHome\tishell.dll (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files\Acronis\TrueImageHome\tishell.dll (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files\Acronis\TrueImageHome\tishell.dll (Acronis)
ShellIconOverlayIdentifiers: [KAVOverlayIcon] -> {dd230880-495a-11d1-b064-008048ec2fc5} => C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\shellex.dll (Kaspersky Lab ZAO)
GroupPolicyUsers\S-1-5-21-292042570-3503651505-2778631356-1019\User: Group Policy restriction detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:59356;https=127.0.0.1:59356
ProxyServer: [S-1-5-21-292042570-3503651505-2778631356-1000] => http=127.0.0.1:49876;https=127.0.0.1:49876
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1422099601&from=obw&uid=ST3250820AS_5QE2ABCQXXXX5QE2ABCQ&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1422099601&from=obw&uid=ST3250820AS_5QE2ABCQXXXX5QE2ABCQ&q={searchTerms}
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1422099601&from=obw&uid=ST3250820AS_5QE2ABCQXXXX5QE2ABCQ&q={searchTerms}
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.cipro.de/home.htm
HKU\S-1-5-21-292042570-3503651505-2778631356-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1422099601&from=obw&uid=ST3250820AS_5QE2ABCQXXXX5QE2ABCQ&q={searchTerms}
SearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKLM -> {F8C6023A-C536-4C0E-88D3-58898A3DC330} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_dsites_14_37_ff&cd=2XzuyEtN2Y1L1QzutDtDtCzy0D0ByD0B0DyByB0B0BtCtA0CtN0D0Tzu0SzyzzzztN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyDyB0DyEtD0B0F0BtG0AtByC0CtGtC0CyC0EtGyB0Dzy0AtGtC0DyDzytCyB0CtB0A0AtBtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DzzyDtAtA0BzzyEtGyDtCtAyCtGyEtA0A0FtGzytCtD0AtG0F0DyEyC0BtB0C0DtA0D0D0D2Q&cr=239421420&ir=
SearchScopes: HKU\S-1-5-21-292042570-3503651505-2778631356-1000 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-292042570-3503651505-2778631356-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-292042570-3503651505-2778631356-1000 -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL =
SearchScopes: HKU\S-1-5-21-292042570-3503651505-2778631356-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-292042570-3503651505-2778631356-1000 -> {F8C6023A-C536-4C0E-88D3-58898A3DC330} URL =
BHO: Adobe PDF Reader -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Adobe Acrobat Create PDF Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKU\S-1-5-21-292042570-3503651505-2778631356-1000 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-292042570-3503651505-2778631356-1000 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0017-0000-0055-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: CExecuteHook Object - {7B0E5486-E11D-437f-AC8B-7901C7D3FCCB} - No File [ ]
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 02 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 03 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 04 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 05 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 06 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 07 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 08 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 22 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF ProfilePath: C:\Users\Dirk\AppData\Roaming\Mozilla\Firefox\Profiles\m12ex9oq.default
FF DefaultSearchEngine: Google.de
FF SearchEngineOrder.1: SuchMaschine
FF SelectedSearchEngine: omiga-plus
FF Homepage: hxxp://www.cipro.de/home.htm
FF Keyword.URL: hxxp://www.sm.de/?q=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1211151.dll (Adobe Systems, Inc.)
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/VirtualEarth3D,version=2.5 -> C:\Program Files\Virtual Earth 3D\ ()
FF Plugin: @microsoft.com/VirtualEarth3D,version=3.0 -> C:\Program Files\Virtual Earth 3D\ ()
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pack.google.com/Google Updater;version=14 -> C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.448 -> C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll (BitComet)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF SearchPlugin: C:\Users\Dirk\AppData\Roaming\Mozilla\Firefox\Profiles\m12ex9oq.default\searchplugins\delta.xml
FF SearchPlugin: C:\Users\Dirk\AppData\Roaming\Mozilla\Firefox\Profiles\m12ex9oq.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\Dirk\AppData\Roaming\Mozilla\Firefox\Profiles\m12ex9oq.default\searchplugins\google-maps.xml
FF SearchPlugin: C:\Users\Dirk\AppData\Roaming\Mozilla\Firefox\Profiles\m12ex9oq.default\searchplugins\googlede.xml
FF HKLM\...\Firefox\Extensions: [{3112ca9c-de6d-4884-a869-9855de68056c}] - C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}
FF Extension: Google Toolbar for Firefox - C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2008-11-23]
FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013-04-27]
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-05-20]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM\...\Firefox\Extensions: - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com [2014-05-25]
FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com [2014-05-25]
FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com
FF Extension: Gevaarlijke websiteblokkering - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com [2014-05-25]
FF HKLM\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com [2014-05-25]
FF HKLM\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com [2014-05-25]
FF HKLM\...\Firefox\Extensions: [fftoolbar2014@etech.com] - C:\Users\Dirk\AppData\Roaming\Mozilla\Firefox\Profiles\m12ex9oq.default\extensions\fftoolbar2014@etech.com
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-01-31]
FF HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Dirk\AppData\Roaming\Mozilla\Firefox\Profiles\m12ex9oq.default\extensions\cliqz@cliqz.com
Chrome:
=======
CHR Profile: C:\Users\Dirk\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Iminent) - C:\Users\Dirk\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl [2013-04-08]
CHR HKLM\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\urladvisor.crx [2013-11-11]
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2013-05-11]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - https://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh [Not Found]
CHR HKLM\...\Chrome\Extension: [pfkfdlcdbajamklbneflfbcmfgddmpae] - No Path
CHR HKLM\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\ab.crx [2013-11-11]
CHR HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\Chrome\Extension: [pfkfdlcdbajamklbneflfbcmfgddmpae] - No Path
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [860504 2014-08-14] (Acronis)
R2 AdobeActiveFileMonitor5.0; C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe [108712 2006-12-22] ()
R2 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [4029432 2015-01-01] (Acronis)
R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-11] (Kaspersky Lab ZAO)
R2 CSObjectsSrv; C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [818888 2013-09-25] (Infowatch)
S4 DBService; C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe [187456 2009-06-14] (DATA BECKER GmbH & Co KG) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2007-12-22] (Macrovision Europe Ltd.) [File not signed]
S2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2014-09-18] (Freemake) [File not signed]
S2 gupdate1ca87fdcc7cbf74; C:\Program Files\Google\Update\GoogleUpdate.exe [107912 2014-10-20] (Google Inc.)
R2 HFGService; C:\Windows\System32\HFGService.dll [419224 2010-02-05] (CSR, plc)
S3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-11-06] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [116104 2009-09-08] ()
S3 Macromedia Licensing Service; C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [68096 2007-05-05] () [File not signed]
R2 Netzmanager Service; C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [2635776 2012-07-20] (Deutsche Telekom AG) [File not signed]
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
R2 PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [770944 2015-01-30] (Enigma Software Group USA, LLC.)
R2 StarMoney 9.0 OnlineUpdate; C:\Program Files\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe [697488 2014-07-04] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
R2 StarWindServiceAE; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [275968 2007-05-28] (Rocket Division Software) [File not signed]
R2 syncagentsrv; C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe [6857752 2014-09-13] (Acronis)
R2 WDDriveService; C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-10-23] (Western Digital Technologies, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-18] (Microsoft Corporation)
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [464384 2015-01-24] (SysTool PasSame LIMITED) [File not signed]
R2 WTService; C:\Windows\system32\atwtusb.exe [536064 2013-11-12] () [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 acedrv10; C:\Windows\system32\drivers\acedrv10.sys [583128 2007-10-28] (Protect Software GmbH)
R2 acedrv11; C:\Windows\system32\drivers\acedrv11.sys [501560 2008-01-23] (Protect Software GmbH)
R2 acehlp10; C:\Windows\system32\drivers\acehlp10.sys [250560 2007-10-26] (Protect Software GmbH)
R2 ARGUS; C:\Windows\System32\drivers\dvr100H.sys [65280 2007-12-14] (AVerMedia Systems, Inc.) [File not signed]
S3 BthAudioHF; C:\Windows\System32\DRIVERS\BthAudioHF.sys [48024 2010-02-05] (CSR, plc)
R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [88632 2011-06-02] (Infowatch)
R1 CSVirtualDiskDrv; C:\Windows\System32\DRIVERS\CSVirtualDiskDrv.sys [39736 2011-06-02] (Infowatch)
R3 dfmirage; C:\Windows\System32\DRIVERS\dfmirage.sys [34128 2008-03-26] (DemoForge, LLC)
S3 dptrackerd; C:\Windows\System32\drivers\dptrackerd.sys [44416 2005-12-18] (Windows (R) 2000 DDK provider) [File not signed]
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [19984 2015-01-30] ()
S3 FET5X86V; C:\Windows\System32\DRIVERS\fetnd5bv.sys [43520 2008-01-02] (VIA Technologies, Inc. )
R3 FETND6V; C:\Windows\System32\DRIVERS\fetnd6v.sys [51312 2011-05-13] (VIA Technologies, Inc. )
R0 file_tracker; C:\Windows\System32\DRIVERS\file_tracker.sys [214304 2015-01-01] (Acronis International GmbH)
R1 hugoio; C:\Program Files\i-Menu\hugoio.sys [9760 2008-04-14] ()
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2014-05-25] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [597568 2014-06-05] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25696 2014-05-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25696 2013-11-11] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2013-11-11] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [44000 2013-11-11] (Kaspersky Lab ZAO)
R3 KMWDFILTER; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [17408 2008-10-09] (Windows (R) Codename Longhorn DDK provider)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [145040 2013-11-11] (Kaspersky Lab ZAO)
R3 moufiltr; C:\Windows\System32\DRIVERS\moufiltr.sys [6144 2009-03-08] (Windows (R) Codename Longhorn DDK provider)
S3 MusCAudio; C:\Windows\System32\drivers\MusCAudio.sys [23608 2013-10-10] (Windows (R) Win 7 DDK provider)
S3 MusCDriverV32; C:\Windows\System32\drivers\MusCDriverV32.sys [22528 2007-07-18] (Windows (R) Codename Longhorn DDK provider) [File not signed]
S4 nvatabus; C:\Windows\system32\drivers\nvatabus.sys [105088 2006-07-14] (NVIDIA Corporation)
S3 s125mdfl; C:\Windows\System32\DRIVERS\s125mdfl.sys [15112 2007-04-24] (MCCI Corporation)
S3 s125mdm; C:\Windows\System32\DRIVERS\s125mdm.sys [108680 2007-04-24] (MCCI Corporation)
S3 SNPSTD3; C:\Windows\System32\DRIVERS\snpstd3.sys [8701824 2005-10-13] ()
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [320120 2014-07-16] (Duplex Secure Ltd.)
S3 teamviewervpn; C:\Windows\System32\DRIVERS\teamviewervpn.sys [25088 2010-03-11] (TeamViewer GmbH)
S3 TelekomNM3; C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys [35040 2010-09-16] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [867968 2015-01-01] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [169248 2015-01-01] (Acronis International GmbH)
S3 tosrfbd; C:\Windows\System32\DRIVERS\tosrfbd.sys [113792 2006-11-30] (TOSHIBA CORPORATION) [File not signed]
S3 tosrfbnp; C:\Windows\System32\Drivers\tosrfbnp.sys [36480 2006-11-20] (TOSHIBA Corporation) [File not signed]
S3 Tosrfhid; C:\Windows\System32\DRIVERS\Tosrfhid.sys [73600 2006-10-05] (TOSHIBA Corporation.) [File not signed]
S3 tosrfnds; C:\Windows\System32\DRIVERS\tosrfnds.sys [18612 2005-01-06] (TOSHIBA Corporation.) [File not signed]
S3 tosrfusb; C:\Windows\System32\DRIVERS\tosrfusb.sys [40960 2006-10-28] (TOSHIBA CORPORATION) [File not signed]
R2 v2imount; C:\Windows\System32\DRIVERS\v2imount.sys [38112 2008-01-19] (Symantec Corporation)
R3 vhidmini; C:\Windows\System32\DRIVERS\walvhid.sys [6144 2009-08-20] (Windows (R) Win 7 DDK provider)
S4 viamraid; C:\Windows\system32\drivers\viamraid.sys [100992 2006-03-31] (VIA Technologies inc,.ltd)
R0 videX32; C:\Windows\System32\drivers\videx32.sys [9216 2006-10-17] (VIA Technologies, Inc.)
S3 vtcdrv; C:\Windows\System32\DRIVERS\vtcdrv.sys [18688 2010-05-17] (Windows (R) Codename Longhorn DDK provider)
S3 VX1000; C:\Windows\System32\DRIVERS\VX1000.sys [1961072 2010-05-20] (Microsoft Corporation)
R0 xfilt; C:\Windows\System32\drivers\xfilt.sys [17920 2006-10-18] (VIA Technologies,Inc)
S3 amdkmdap; system32\DRIVERS\atikmpag.sys [X]
S2 ASInsHelp; \??\C:\Windows\system32\drivers\AsInsHelp32.sys [X]
S3 AtiHDAudioService; system32\drivers\AtihdLH3.sys [X]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 cpuz134; \??\C:\Users\Dirk\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X]
S3 GenericMount; system32\DRIVERS\GenericMount.sys [X]
S4 HpCISSs; \SystemRoot\system32\drivers\hpcisss.sys [X]
S3 Huawei; system32\DRIVERS\ewdcsc.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [74848 2014-06-05] (Kaspersky Lab ZAO)
S3 mod7700; system32\DRIVERS\mod7700.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\WNt500x86\Sandra.sys [X]
S2 secdrv; No ImagePath
S3 SNP325; system32\DRIVERS\snp325.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-31 14:04 - 2015-01-31 14:04 - 00000000 ____D () C:\FRST
2015-01-31 13:52 - 2015-01-31 13:53 - 00000020 _____ () C:\Users\Dirk\defogger_reenable
2015-01-31 13:51 - 2015-01-31 14:06 - 00000000 ____D () C:\Users\Dirk\Desktop\TrojanerBoard
2015-01-31 12:59 - 2015-01-31 12:59 - 00001041 _____ () C:\Users\Dirk\Desktop\SpyHunter.lnk
2015-01-31 12:59 - 2015-01-31 12:59 - 00000000 ____D () C:\Users\Dirk\AppData\Roaming\Enigma Software Group
2015-01-31 12:59 - 2015-01-31 12:59 - 00000000 ____D () C:\sh4ldr
2015-01-31 12:59 - 2015-01-30 20:54 - 00019984 _____ () C:\Windows\system32\Drivers\EsgScanner.sys
2015-01-31 09:05 - 2006-11-02 07:21 - 00319456 _____ (Microsoft Corporation) C:\Windows\system32\DIFxAPI.dll
2015-01-31 09:04 - 2011-05-13 13:34 - 00051312 _____ (VIA Technologies, Inc. ) C:\Windows\system32\Drivers\fetnd6v.sys
2015-01-31 09:04 - 2006-10-27 16:26 - 00069632 _____ () C:\Windows\system32\vuins32.dll
2015-01-30 20:54 - 2015-01-30 20:54 - 00000000 ____D () C:\Program Files\Enigma Software Group
2015-01-28 21:51 - 2015-01-28 21:52 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-28 21:20 - 2015-01-28 21:20 - 00001842 _____ () C:\Users\Public\Desktop\WISO Steuer-Sparbuch 2015.lnk
2015-01-28 21:20 - 2015-01-28 21:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO Steuer-Sparbuch 2015
2015-01-26 20:40 - 2015-01-31 13:31 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-26 20:40 - 2015-01-26 20:56 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-01-26 20:40 - 2015-01-26 20:56 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-24 15:38 - 2015-01-24 15:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elcomsoft Password Recovery
2015-01-24 15:38 - 2015-01-24 15:38 - 00000000 ____D () C:\ProgramData\Elcomsoft Password Recovery
2015-01-24 15:38 - 2015-01-24 15:38 - 00000000 ____D () C:\Program Files\Elcomsoft Password Recovery
2015-01-24 13:27 - 2015-01-24 13:27 - 00000000 ____D () C:\digitalvideoconverter
2015-01-24 12:49 - 2015-01-24 12:49 - 00000825 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-01-24 12:48 - 2015-01-24 12:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-01-24 12:45 - 2015-01-26 17:28 - 00000000 ____D () C:\Program Files\Search Extensions
2015-01-24 12:41 - 2015-01-24 12:41 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2015-01-24 12:40 - 2015-01-24 12:53 - 00000000 ____D () C:\Users\Dirk\AppData\Roaming\MailUpdate
2015-01-24 12:40 - 2015-01-24 12:40 - 00000000 ____D () C:\ProgramData\MailUpdate
2015-01-24 12:32 - 2015-01-24 12:32 - 00001692 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2015-01-24 12:32 - 2015-01-24 12:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-01-24 12:20 - 2015-01-24 12:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AC3Filter
2015-01-24 12:20 - 2015-01-24 12:20 - 00000000 ____D () C:\Program Files\AC3Filter
2015-01-20 07:28 - 2015-01-20 07:28 - 00000083 _____ () C:\Windows\system32\gpupdate.bin
2015-01-15 03:13 - 2014-12-19 01:25 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-15 03:01 - 2014-12-06 04:14 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-15 03:01 - 2014-12-06 04:14 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-15 03:01 - 2014-12-06 04:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-01-15 03:00 - 2014-12-06 04:14 - 00153600 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-06 17:56 - 2015-01-06 17:56 - 00000000 ____D () C:\ProgramData\Avanquest Software
2015-01-01 15:05 - 2015-01-01 15:05 - 00214304 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\file_tracker.sys
2015-01-01 15:04 - 2015-01-01 15:04 - 00169248 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\tib_mounter.sys
2015-01-01 15:04 - 2015-01-01 15:04 - 00000000 ____D () C:\Users\Dirk\AppData\Roaming\53CD8B3D-3393-4451-8ACD-5B9F36CD7D31
2015-01-01 15:03 - 2015-01-01 15:03 - 00000982 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis True Image 2015.lnk
2015-01-01 15:03 - 2015-01-01 15:03 - 00000970 _____ () C:\Users\Public\Desktop\Acronis True Image 2015.lnk
2015-01-01 12:40 - 2015-01-01 15:08 - 00000000 ____D () C:\Users\Dirk\AppData\Roaming\Acronis
2015-01-01 12:34 - 2015-01-01 15:04 - 00867968 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\tib.sys
2015-01-01 12:34 - 2015-01-01 15:04 - 00208672 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\snapman.sys
2015-01-01 12:33 - 2015-01-02 18:42 - 00000000 ____D () C:\ProgramData\Acronis
2015-01-01 12:33 - 2015-01-01 15:03 - 00098592 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\fltsrv.sys
2015-01-01 12:33 - 2015-01-01 12:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis
2015-01-01 12:32 - 2015-01-01 15:07 - 00000000 ____D () C:\Program Files\Common Files\Acronis
2015-01-01 12:32 - 2015-01-01 12:32 - 00000000 ____D () C:\Program Files\Acronis
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-31 14:01 - 2012-05-03 16:45 - 01289246 _____ () C:\Windows\WindowsUpdate.log
2015-01-31 14:00 - 2007-05-05 16:56 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-01-31 13:59 - 2006-11-02 13:37 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-01-31 13:58 - 2011-10-19 07:19 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-31 13:57 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-31 13:57 - 2006-11-02 13:47 - 00003696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-31 13:57 - 2006-11-02 13:47 - 00003696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-31 13:57 - 2006-11-02 11:23 - 00000689 _____ () C:\Windows\win.ini
2015-01-31 13:53 - 2012-05-10 02:51 - 00032626 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-31 13:53 - 2008-09-14 13:16 - 00000012 _____ () C:\Windows\bthservsdp.dat
2015-01-31 13:52 - 2009-03-08 12:08 - 00000000 ____D () C:\Users\Dirk
2015-01-31 13:34 - 2011-10-19 07:19 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-31 13:30 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-01-31 13:23 - 2014-09-14 14:23 - 00000288 _____ () C:\Windows\Tasks\WSE_Astromenda.job
2015-01-31 13:19 - 2006-11-02 11:33 - 01424896 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-31 12:38 - 2009-03-09 19:52 - 00095744 _____ () C:\Users\Dirk\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-31 12:17 - 2007-09-25 15:18 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-01-31 09:34 - 2014-12-31 12:18 - 00207680 _____ () C:\Users\Dirk\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-31 09:32 - 2014-12-31 12:24 - 01969608 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-31 09:31 - 2014-12-31 12:24 - 00008500 _____ () C:\Windows\PFRO.log
2015-01-31 08:48 - 2008-06-14 15:28 - 00000000 ____D () C:\Program Files\Virtual Earth 3D
2015-01-31 08:45 - 2010-11-01 09:05 - 00000000 ____D () C:\Users\Dirk\AppData\Roaming\YoWindow
2015-01-31 08:40 - 2007-05-05 23:30 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-01-31 08:38 - 2009-03-29 10:57 - 00000000 ____D () C:\Program Files\Mobile Partner
2015-01-31 08:14 - 2007-09-25 15:23 - 00000000 ____D () C:\Program Files\Microsoft.NET
2015-01-31 08:10 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\de-DE
2015-01-31 07:48 - 2012-01-31 18:34 - 00000000 ___RD () C:\Users\Dirk\Dropbox
2015-01-31 07:28 - 2014-08-22 11:49 - 00000000 ____D () C:\Send
2015-01-31 00:00 - 2009-06-23 19:57 - 00000368 _____ () C:\Windows\Tasks\NeroLiveEpgUpdate-Home-PC_Dirk.job
2015-01-30 19:37 - 2014-07-12 11:20 - 00000000 ____D () C:\Users\Dirk\AppData\Roaming\Dropbox
2015-01-30 10:18 - 2011-09-10 11:15 - 00000974 _____ () C:\Windows\Tasks\Google Software Updater.job
2015-01-30 03:29 - 2013-05-10 06:45 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-29 20:41 - 2008-05-27 17:44 - 00000000 ____D () C:\MAGIX
2015-01-29 20:08 - 2014-05-13 17:02 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2015-01-29 20:08 - 2007-07-13 16:38 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-01-29 19:56 - 2007-10-14 09:28 - 00000000 ____D () C:\Program Files\WISO
2015-01-28 21:21 - 2007-11-27 19:09 - 00000000 ____D () C:\Users\Dirk\AppData\Local\Buhl
2015-01-28 21:21 - 2007-10-14 10:56 - 00001464 _____ () C:\Windows\wiso.ini
2015-01-28 20:51 - 2014-01-02 10:02 - 00000000 ____D () C:\Program Files\StarMoney 9.0
2015-01-28 20:50 - 2014-07-16 18:57 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-26 17:43 - 2007-05-05 18:56 - 00000000 ____D () C:\Users\Dirk\AppData\Local\Adobe
2015-01-24 12:53 - 2011-04-17 12:17 - 00000824 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-24 12:53 - 2009-03-08 14:14 - 00000955 _____ () C:\Users\Dirk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-24 12:53 - 2007-11-26 21:06 - 00001730 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-01-24 12:32 - 2007-05-14 19:27 - 00000000 ____D () C:\Program Files\QuickTime
2015-01-23 10:28 - 2014-12-28 14:52 - 00000000 ____D () C:\Users\Dirk\AppData\Local\Avanquest
2015-01-21 07:39 - 2014-08-02 15:09 - 00000000 ____D () C:\Users\Dirk\AppData\Roaming\vlc
2015-01-20 07:35 - 2007-05-05 23:51 - 00000000 ____D () C:\Program Files\AceBIT
2015-01-20 07:27 - 2013-10-16 11:37 - 00000000 ____D () C:\Users\Dirk\AppData\Local\AllMusicConverter
2015-01-19 09:19 - 2007-05-05 22:35 - 00000000 ____D () C:\Users\Dirk\AppData\Roaming\Skype
2015-01-15 03:13 - 2013-08-15 02:13 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 03:02 - 2006-11-02 11:24 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-01-13 20:26 - 2007-05-31 17:42 - 00000000 ____D () C:\Users\Dirk\AppData\Local\CutePDF Writer
2015-01-13 18:08 - 2011-03-05 15:27 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR
2015-01-07 15:35 - 2013-10-14 15:32 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2015-01-06 04:36 - 2009-10-03 11:53 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-05 18:49 - 2014-10-13 16:43 - 00207680 _____ () C:\Users\Pascal\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-01 15:22 - 2007-03-19 07:30 - 00000000 ____D () C:\ProgramData\Symantec
2015-01-01 15:22 - 2007-03-19 07:30 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2015-01-01 15:21 - 2013-08-12 15:30 - 00000000 ____D () C:\ProgramData\{1C6FDDD8-FC9E-4C12-9FA5-1AAD377097B3}
2015-01-01 15:21 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Registration
2015-01-01 12:11 - 2013-02-03 16:45 - 00000000 ____D () C:\Testbilder
2015-01-01 11:31 - 2010-10-30 17:27 - 00004096 ___SH () C:\VSNAP.IDX
2015-01-01 09:44 - 2013-08-13 06:08 - 00000000 ____D () C:\Users\Dirk\AppData\Roaming\AIMP3
2015-01-01 09:24 - 2010-03-27 06:19 - 00000000 ____D () C:\Users\Dirk\AppData\Roaming\Mp3tag
==================== Files in the root of some directories =======
1997-09-03 23:00 - 1997-09-03 23:00 - 0311296 _____ (Microsoft Corporation) C:\Program Files\Common Files\msacc8.olb
2007-08-26 16:20 - 2011-06-21 17:08 - 0000070 _____ () C:\Users\Dirk\AppData\Roaming\AVSDVDPlayer.m3u
2011-05-13 19:44 - 2011-01-14 21:07 - 0061440 _____ () C:\Users\Dirk\AppData\Roaming\chrtmp
2009-05-31 08:00 - 2009-05-31 08:00 - 0000029 _____ () C:\Users\Dirk\AppData\Roaming\default.rss
2009-05-31 08:00 - 2009-05-31 08:00 - 0000000 _____ () C:\Users\Dirk\AppData\Roaming\downloads.m3u
2007-08-26 19:14 - 2007-08-26 19:14 - 0087608 _____ () C:\Users\Dirk\AppData\Roaming\inst.exe
2009-06-07 22:11 - 2009-06-07 22:11 - 0038431 _____ () C:\Users\Dirk\AppData\Roaming\Kommagetrennte Werte (DOS).ADR
2007-10-01 20:38 - 2007-10-01 20:38 - 0012963 _____ () C:\Users\Dirk\AppData\Roaming\Kommagetrennte Werte (DOS).CAL
2007-09-15 10:33 - 2012-03-21 19:47 - 0038443 _____ () C:\Users\Dirk\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
2007-10-01 20:29 - 2007-10-01 20:29 - 0012967 _____ () C:\Users\Dirk\AppData\Roaming\Kommagetrennte Werte (Windows).CAL
2007-09-15 10:39 - 2007-09-15 10:39 - 0011425 _____ () C:\Users\Dirk\AppData\Roaming\Kommagetrennte Werte (Windows).TSK
2012-03-19 07:19 - 2012-03-21 19:44 - 0023496 _____ () C:\Users\Dirk\AppData\Roaming\Microsoft Excel 97-2003.ADR
2008-02-10 10:43 - 2008-12-07 12:16 - 0012965 _____ () C:\Users\Dirk\AppData\Roaming\Microsoft Excel 97-2003.CAL
2009-05-09 15:49 - 2009-05-09 15:54 - 0008261 _____ () C:\Users\Dirk\AppData\Roaming\Microsoft Excel 97-2003.JNL
2007-06-10 08:30 - 2007-06-10 08:30 - 0012944 _____ () C:\Users\Dirk\AppData\Roaming\Microsoft Excel.CAL
2007-08-26 19:14 - 2007-08-26 19:14 - 0007887 _____ () C:\Users\Dirk\AppData\Roaming\pcouffin.cat
2007-08-26 19:14 - 2007-08-26 19:14 - 0001144 _____ () C:\Users\Dirk\AppData\Roaming\pcouffin.inf
2007-08-26 19:15 - 2007-08-26 19:15 - 0000034 _____ () C:\Users\Dirk\AppData\Roaming\pcouffin.log
2007-08-26 19:14 - 2007-08-26 19:14 - 0047360 _____ (VSO Software) C:\Users\Dirk\AppData\Roaming\pcouffin.sys
2007-05-10 21:52 - 2007-05-10 21:52 - 0012962 _____ () C:\Users\Dirk\AppData\Roaming\Tabulatorgetrennte Werte (Windows).CAL
2009-02-23 10:10 - 2009-02-23 10:10 - 0006144 ___SH () C:\Users\Dirk\AppData\Roaming\Thumbs.db
2007-11-25 20:09 - 2008-05-25 10:22 - 0012201 _____ () C:\Users\Dirk\AppData\Roaming\UserTile.png
2014-09-14 15:23 - 2014-12-19 21:34 - 0000222 _____ () C:\Users\Dirk\AppData\Roaming\WB.CFG
2007-05-05 16:13 - 2007-05-10 21:56 - 0000112 _____ () C:\Users\Dirk\AppData\Roaming\wklnhst.dat
2014-11-10 00:23 - 2014-11-10 00:23 - 0022528 _____ () C:\Users\Dirk\AppData\Local\665549406extsetup6655645931.exe
2014-11-10 00:23 - 2014-11-10 00:23 - 0643948 _____ () C:\Users\Dirk\AppData\Local\665549406extsq.dll
2011-01-04 12:06 - 2011-08-14 11:03 - 0001188 _____ () C:\Users\Dirk\AppData\Local\crc32list11.txt
2009-09-10 16:35 - 2014-12-15 20:23 - 0001356 _____ () C:\Users\Dirk\AppData\Local\d3d9caps.dat
2009-03-09 19:52 - 2015-01-31 12:38 - 0095744 _____ () C:\Users\Dirk\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-02 03:23 - 2014-12-17 02:23 - 0000010 _____ () C:\Users\Dirk\AppData\Local\DSI.DAT
2014-12-17 02:23 - 2014-12-17 02:23 - 0022528 _____ () C:\Users\Dirk\AppData\Local\dsisetup1052016712.exe
2014-12-02 03:23 - 2014-12-02 03:23 - 0022528 _____ () C:\Users\Dirk\AppData\Local\dsisetup11431845002.exe
2014-11-10 00:23 - 2014-11-10 00:23 - 0000008 _____ () C:\Users\Dirk\AppData\Local\ext2.dat
2009-07-27 18:07 - 2009-07-27 18:07 - 0000036 _____ () C:\Users\Dirk\AppData\Local\housecall.guid.cache
2009-11-21 07:15 - 2009-11-21 07:15 - 0000600 _____ () C:\Users\Dirk\AppData\Local\PUTTY.RND
2010-04-17 09:15 - 2010-04-17 10:31 - 0000907 _____ () C:\Users\Dirk\AppData\Local\RAExpertHistory.xml
2010-04-17 10:19 - 2010-04-17 10:29 - 0000171 _____ () C:\Users\Dirk\AppData\Local\rahistory.xml
2014-10-26 12:42 - 2014-10-26 12:42 - 0001495 _____ () C:\Users\Dirk\AppData\Local\recently-used.xbel
2012-06-03 11:59 - 2012-06-03 11:59 - 0017408 _____ () C:\Users\Dirk\AppData\Local\WebpageIcons.db
2011-12-11 18:55 - 2014-02-07 20:59 - 0000394 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2009-07-26 20:59 - 2009-10-10 08:18 - 0000000 _____ () C:\ProgramData\xml48D1.tmp
2009-03-09 18:39 - 2009-03-09 18:39 - 0000000 _____ () C:\ProgramData\xml8C76.tmp
2009-03-08 18:53 - 2009-08-25 21:45 - 0007189 _____ () C:\ProgramData\xml902C.tmp
2009-08-25 21:45 - 2009-10-10 08:18 - 0008723 _____ () C:\ProgramData\xml90C7.tmp
2009-03-08 18:53 - 2009-03-08 18:53 - 0000000 _____ () C:\ProgramData\xmlA2DA.tmp
2009-03-08 18:53 - 2009-03-08 18:53 - 0000000 _____ () C:\ProgramData\xmlA4FE.tmp
2009-03-08 18:53 - 2009-10-10 08:18 - 0001621 _____ () C:\ProgramData\xmlA53D.tmp
2009-03-09 18:39 - 2009-03-09 18:39 - 0000000 _____ () C:\ProgramData\xmlD73C.tmp
Files to move or delete:
====================
C:\Users\Dirk\kavremover10.exe
C:\Users\Dirk\strmdll.dll
Some content of TEMP:
====================
C:\Users\Dirk\AppData\Local\Temp\bitool.dll
C:\Users\Dirk\AppData\Local\Temp\clrvu.exe
C:\Users\Dirk\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpcqp4ku.dll
C:\Users\Dirk\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Dirk\AppData\Local\Temp\System.Data.SQLitefe223d1d-f38c-4129-b2b6-d203fb32ed1e.dll
C:\Users\Dirk\AppData\Local\Temp\Update1.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-31 14:03
==================== End Of Log ============================
|
| Themen zu Vista 32 bit ServicePack 2 mit WindowsMangerProtect Problem und mehr |
| adobe, bonjour, browser, canon, defender, desktop, ebanking, esgscanner.sys, excel, firefox, flash player, homepage, iexplore.exe, installation, kaspersky, mozilla, problem, realtek, registry, required, rundll, scan, services.exe, software, starmoney, svchost.exe, symantec, system, vista, wiso |
Baum-Darstellung