![]() |
|
Log-Analyse und Auswertung: Vista 32 bit ServicePack 2 mit WindowsMangerProtect Problem und mehrWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() | #1 |
![]() | ![]() Vista 32 bit ServicePack 2 mit WindowsMangerProtect Problem und mehr Hallo Zusammen, habe wie oben genannt ein Problem mit WindowsMangerProtect bestimmt auch noch andere Aufgefallen durch meldung von Kasperky und durch Performance-Probleme im I-Net. Würde mich freuen wenn sich jemand meiner Sache annehmen kann. Danke GCCDirk Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1) Log created at 13:52 on 31/01/2015 (Dirk) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... SPTD -> Disabled (Service running -> reboot required) -=E.O.F=- Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-01-2015 Ran by Dirk (administrator) on HOME-PC on 31-01-2015 14:04:38 Running from C:\Users\Dirk\Desktop\TrojanerBoard Loaded Profiles: Dirk (Available profiles: Dirk & Mcx1 & Pascal) Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 9 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe (AMD) C:\Windows\System32\atiesrxx.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (AMD) C:\Windows\System32\atieclxx.exe (Microsoft Corporation) C:\Windows\System32\wisptis.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe (SysTool PasSame LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe (Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe () C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe (Acronis) C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Infowatch) C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe () C:\Program Files\Canon\IJPLM\ijplmsvc.exe (Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Deutsche Telekom AG) C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe (Prolific Technology Inc.) C:\Windows\System32\IoctlSvc.exe () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe (Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe (Rocket Division Software) C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe (Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE () C:\Windows\System32\atwtusb.exe (Microsoft Corporation) C:\Windows\System32\wisptis.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe () C:\Windows\System32\atwtusb.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe (Realtek Semiconductor) C:\Windows\RtHDVCpl.exe (Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 11.0\Acrobat\acrotray.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.) C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe () C:\Program Files\DivX\DivX Update\DivXUpdate.exe (Microsoft Corporation) C:\Windows\System32\wpcumi.exe (Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe () C:\Windows\System32\AtwtusbIcon.exe (Acronis) C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis International GmbH) C:\Program Files\Common Files\Acronis\TibMounter\TibMounterMonitor.exe (Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Microsoft Corporation) C:\Windows\System32\mobsync.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\ehome\ehsched.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (MATESO GmbH) C:\Program Files\Password Safe and Repository\psr.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Acronis) C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-18] (Microsoft Corporation) HKLM\...\Run: [snpstd3] => C:\Windows\vsnpstd3.exe [339968 2005-09-05] () HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-07-02] (Advanced Micro Devices, Inc.) HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4911104 2008-02-25] (Realtek Semiconductor) HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated) HKLM\...\Run: [] => [X] HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3478600 2013-05-11] (Adobe Systems Inc.) HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2508104 2009-11-01] (CANON INC.) HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-03] (CANON INC.) HKLM\...\Run: [IJNetworkScanUtility] => C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [140640 2009-09-28] (CANON INC.) HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.) HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\Update\realsched.exe [295512 2014-05-20] (RealNetworks, Inc.) HKLM\...\Run: [AVP] => C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-11] (Kaspersky Lab ZAO) HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-08-19] (DivX, LLC) HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] () HKLM\...\Run: [WPCUMI] => C:\Windows\system32\WpcUmi.exe [176128 2006-11-02] (Microsoft Corporation) HKLM\...\Run: [DriveUtilitiesHelper] => C:\Program Files\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1852264 2014-05-23] (Western Digital Technologies, Inc.) HKLM\...\Run: [AtwtusbIcon] => C:\Windows\system32\AtwtusbIcon.exe [2963456 2012-09-10] () HKLM\...\Run: [TrueImageMonitor.exe] => C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [5343272 2014-11-27] (Acronis) HKLM\...\Run: [AcronisTibMounterMonitor] => C:\Program Files\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [606096 2014-10-17] (Acronis International GmbH) HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [409912 2014-08-14] (Acronis) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.) HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\Run: [ISUSPM] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [218032 2006-09-11] (Macrovision Corporation) HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-18] (Microsoft Corporation) HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files\Adobe\Acrobat 11.0\Acrobat\AdobeCollabSync.exe [694352 2013-05-11] (Adobe Systems Incorporated) HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\RunOnce: [Shockwave Updater] => C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1150600.exe [468408 2009-06-05] (Adobe Systems, Inc.) HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\MountPoints2: M - M:\AutoRun.exe HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\MountPoints2: {18515a3c-1d6b-11df-b645-0019db5bd77b} - M:\AutoRun.exe HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\MountPoints2: {18515a52-1d6b-11df-b645-0019db5bd77b} - M:\AutoRun.exe HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\MountPoints2: {18515a5a-1d6b-11df-b645-0019db5bd77b} - M:\AutoRun.exe HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\MountPoints2: {35d8dd1d-efc3-11df-b8af-806e6f6e6963} - H:\AutoRun.exe HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\MountPoints2: {39a36e28-1b6a-11e2-b865-0019db5bd77b} - Q:\LaunchU3.exe -a HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\MountPoints2: {39d4b926-df25-11e2-abf9-806e6f6e6963} - Q:\AutoRun.exe HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\MountPoints2: {3d4c75c4-2dba-11de-a81d-0019db5bd77b} - I:\AutoRun.exe HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\MountPoints2: {3d4c76ac-2dba-11de-a81d-0019db5bd77b} - M:\AutoRun.exe HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\MountPoints2: {442e28c7-3a2c-11df-8a55-0019db5bd77b} - I:\AutoRun.exe HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\MountPoints2: {442e28d1-3a2c-11df-8a55-0019db5bd77b} - I:\AutoRun.exe HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\MountPoints2: {442e28fc-3a2c-11df-8a55-0019db5bd77b} - I:\AutoRun.exe HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\MountPoints2: {442e292f-3a2c-11df-8a55-0019db5bd77b} - I:\AutoRun.exe HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\MountPoints2: {4b212984-3e86-11df-ab0b-0019db5bd77b} - I:\AutoRun.exe HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\MountPoints2: {54ef194e-6810-11df-a1a9-0019db5bd77b} - I:\AutoRun.exe HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\MountPoints2: {54ef198c-6810-11df-a1a9-0019db5bd77b} - I:\AutoRun.exe HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\MountPoints2: {6493d157-1324-11df-8bdd-0019db5bd77b} - I:\AutoRun.exe HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\MountPoints2: {6493d159-1324-11df-8bdd-0019db5bd77b} - I:\AutoRun.exe HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\MountPoints2: {77b9991f-f017-11df-899f-0019db5bd77b} - M:\AutoRun.exe HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\MountPoints2: {8fce1577-cde9-11df-95e1-0019db5bd77b} - I:\AutoRun.exe HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\MountPoints2: {945c1662-55d1-11de-a877-0019db5bd77b} - I:\AutoRun.exe HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\MountPoints2: {a9bece32-06a7-11df-87b5-0019db5bd77b} - I:\AutoRun.exe HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\MountPoints2: {a9bece34-06a7-11df-87b5-0019db5bd77b} - I:\AutoRun.exe HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\MountPoints2: {aa00422c-1c46-11de-a29e-0019db5bd77b} - I:\AutoRun.exe HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\MountPoints2: {aa00482d-1c46-11de-a29e-0019db5bd77b} - I:\AutoRun.exe HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\MountPoints2: {ab4e8eaf-fb14-11db-b44b-806e6f6e6963} - E:\start.exe /auto HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\MountPoints2: {b02e3bc0-b7e5-11de-910c-806e6f6e6963} - I:\AutoRun.exe HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\MountPoints2: {d424ea47-a20d-11de-87d1-0019db5bd77b} - I:\AutoRun.exe HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\MountPoints2: {d424ea49-a20d-11de-87d1-0019db5bd77b} - I:\AutoRun.exe HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\MountPoints2: {d5d7bddb-f25d-11df-ab36-0019db5bd77b} - H:\AutoRun.exe HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\MountPoints2: {dee467b9-31e3-11df-8440-0019db5bd77b} - M:\AutoRun.exe HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\MountPoints2: {dee467cd-31e3-11df-8440-0019db5bd77b} - M:\AutoRun.exe HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\MountPoints2: {e0f0150f-2c73-11df-9803-0019db5bd77b} - I:\AutoRun.exe HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\MountPoints2: {f037cb26-20d6-11de-b1ae-0019db5bd77b} - I:\AutoRun.exe HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\MountPoints2: {f037cb92-20d6-11de-b1ae-0019db5bd77b} - I:\AutoRun.exe HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\MountPoints2: {f037cbd1-20d6-11de-b1ae-0019db5bd77b} - I:\AutoRun.exe HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...0c966feabec1\InprocServer32: [Default-shell32] ATTENTION! ====> ZeroAccess? HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...409d6c4515e9\InprocServer32: [Default-shell32] <==== ATTENTION! HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...A8F59079A8D5}\localserver32: <==== ATTENTION! ShellIconOverlayIdentifiers: [!1SYNCING.NET Unread] -> {5C9D3C37-2C95-4b5b-9EF0-4E0AFCA5E78A} => No File ShellIconOverlayIdentifiers: [!2SYNCING.NET Shared Folder] -> {FB8CDFB0-B508-4F12-A91E-26E68ABB4DAE} => No File ShellIconOverlayIdentifiers: [!3SYNCING.NET CheckedOutByTeammate] -> {5CBF1ABD-2D6A-4570-9A4F-A47798BBFC08} => No File ShellIconOverlayIdentifiers: [!4SYNCING.NET CheckedOutByMe] -> {B133F3E9-124C-4669-BFFF-1B74508B5A84} => No File ShellIconOverlayIdentifiers: [!5SYNCING.NET DownArrow] -> {0B914147-F836-4cfa-893A-ECE90B815982} => No File ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files\Acronis\TrueImageHome\tishell.dll (Acronis) ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files\Acronis\TrueImageHome\tishell.dll (Acronis) ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files\Acronis\TrueImageHome\tishell.dll (Acronis) ShellIconOverlayIdentifiers: [KAVOverlayIcon] -> {dd230880-495a-11d1-b064-008048ec2fc5} => C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\shellex.dll (Kaspersky Lab ZAO) GroupPolicyUsers\S-1-5-21-292042570-3503651505-2778631356-1019\User: Group Policy restriction detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled. ProxyServer: [.DEFAULT] => http=127.0.0.1:59356;https=127.0.0.1:59356 ProxyServer: [S-1-5-21-292042570-3503651505-2778631356-1000] => http=127.0.0.1:49876;https=127.0.0.1:49876 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1422099601&from=obw&uid=ST3250820AS_5QE2ABCQXXXX5QE2ABCQ&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1422099601&from=obw&uid=ST3250820AS_5QE2ABCQXXXX5QE2ABCQ&q={searchTerms} HKU\S-1-5-21-292042570-3503651505-2778631356-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1422099601&from=obw&uid=ST3250820AS_5QE2ABCQXXXX5QE2ABCQ&q={searchTerms} HKU\S-1-5-21-292042570-3503651505-2778631356-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.cipro.de/home.htm HKU\S-1-5-21-292042570-3503651505-2778631356-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1422099601&from=obw&uid=ST3250820AS_5QE2ABCQXXXX5QE2ABCQ&q={searchTerms} SearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = hxxp://www.sm.de/?q={searchTerms} SearchScopes: HKLM -> {F8C6023A-C536-4C0E-88D3-58898A3DC330} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_dsites_14_37_ff&cd=2XzuyEtN2Y1L1QzutDtDtCzy0D0ByD0B0DyByB0B0BtCtA0CtN0D0Tzu0SzyzzzztN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyDyB0DyEtD0B0F0BtG0AtByC0CtGtC0CyC0EtGyB0Dzy0AtGtC0DyDzytCyB0CtB0A0AtBtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DzzyDtAtA0BzzyEtGyDtCtAyCtGyEtA0A0FtGzytCtD0AtG0F0DyEyC0BtB0C0DtA0D0D0D2Q&cr=239421420&ir= SearchScopes: HKU\S-1-5-21-292042570-3503651505-2778631356-1000 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-292042570-3503651505-2778631356-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-292042570-3503651505-2778631356-1000 -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = SearchScopes: HKU\S-1-5-21-292042570-3503651505-2778631356-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-292042570-3503651505-2778631356-1000 -> {F8C6023A-C536-4C0E-88D3-58898A3DC330} URL = BHO: Adobe PDF Reader -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO: Adobe Acrobat Create PDF Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) Toolbar: HKU\S-1-5-21-292042570-3503651505-2778631356-1000 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKU\S-1-5-21-292042570-3503651505-2778631356-1000 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {CAFEEFAC-0017-0000-0055-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) ShellExecuteHooks: CExecuteHook Object - {7B0E5486-E11D-437f-AC8B-7901C7D3FCCB} - No File [ ] Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Winsock: Catalog9 01 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation) Winsock: Catalog9 02 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation) Winsock: Catalog9 03 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation) Winsock: Catalog9 04 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation) Winsock: Catalog9 05 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation) Winsock: Catalog9 06 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation) Winsock: Catalog9 07 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation) Winsock: Catalog9 08 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation) Winsock: Catalog9 22 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF ProfilePath: C:\Users\Dirk\AppData\Roaming\Mozilla\Firefox\Profiles\m12ex9oq.default FF DefaultSearchEngine: Google.de FF SearchEngineOrder.1: SuchMaschine FF SelectedSearchEngine: omiga-plus FF Homepage: hxxp://www.cipro.de/home.htm FF Keyword.URL: hxxp://www.sm.de/?q= FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll () FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1211151.dll (Adobe Systems, Inc.) FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC) FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin: @microsoft.com/VirtualEarth3D,version=2.5 -> C:\Program Files\Virtual Earth 3D\ () FF Plugin: @microsoft.com/VirtualEarth3D,version=3.0 -> C:\Program Files\Virtual Earth 3D\ () FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @pack.google.com/Google Updater;version=14 -> C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=6.0.12.448 -> C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer) FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll No File FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll (BitComet) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll (RealPlayer) FF SearchPlugin: C:\Users\Dirk\AppData\Roaming\Mozilla\Firefox\Profiles\m12ex9oq.default\searchplugins\delta.xml FF SearchPlugin: C:\Users\Dirk\AppData\Roaming\Mozilla\Firefox\Profiles\m12ex9oq.default\searchplugins\google-images.xml FF SearchPlugin: C:\Users\Dirk\AppData\Roaming\Mozilla\Firefox\Profiles\m12ex9oq.default\searchplugins\google-maps.xml FF SearchPlugin: C:\Users\Dirk\AppData\Roaming\Mozilla\Firefox\Profiles\m12ex9oq.default\searchplugins\googlede.xml FF HKLM\...\Firefox\Extensions: [{3112ca9c-de6d-4884-a869-9855de68056c}] - C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} FF Extension: Google Toolbar for Firefox - C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2008-11-23] FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn FF Extension: Adobe Acrobat - Create PDF - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013-04-27] FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-05-20] FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF HKLM\...\Firefox\Extensions: - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com FF Extension: Kaspersky URL Advisor - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com [2014-05-25] FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com FF Extension: Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com [2014-05-25] FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com FF Extension: Gevaarlijke websiteblokkering - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com [2014-05-25] FF HKLM\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com FF Extension: Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com [2014-05-25] FF HKLM\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com FF Extension: Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com [2014-05-25] FF HKLM\...\Firefox\Extensions: [fftoolbar2014@etech.com] - C:\Users\Dirk\AppData\Roaming\Mozilla\Firefox\Profiles\m12ex9oq.default\extensions\fftoolbar2014@etech.com FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-01-31] FF HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Dirk\AppData\Roaming\Mozilla\Firefox\Profiles\m12ex9oq.default\extensions\cliqz@cliqz.com Chrome: ======= CHR Profile: C:\Users\Dirk\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Iminent) - C:\Users\Dirk\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl [2013-04-08] CHR HKLM\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\urladvisor.crx [2013-11-11] CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2013-05-11] CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14] CHR HKLM\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - https://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh [Not Found] CHR HKLM\...\Chrome\Extension: [pfkfdlcdbajamklbneflfbcmfgddmpae] - No Path CHR HKLM\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\ab.crx [2013-11-11] CHR HKU\S-1-5-21-292042570-3503651505-2778631356-1000\...\Chrome\Extension: [pfkfdlcdbajamklbneflfbcmfgddmpae] - No Path ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [860504 2014-08-14] (Acronis) R2 AdobeActiveFileMonitor5.0; C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe [108712 2006-12-22] () R2 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [4029432 2015-01-01] (Acronis) R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-11] (Kaspersky Lab ZAO) R2 CSObjectsSrv; C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [818888 2013-09-25] (Infowatch) S4 DBService; C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe [187456 2009-06-14] (DATA BECKER GmbH & Co KG) [File not signed] S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2007-12-22] (Macrovision Europe Ltd.) [File not signed] S2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2014-09-18] (Freemake) [File not signed] S2 gupdate1ca87fdcc7cbf74; C:\Program Files\Google\Update\GoogleUpdate.exe [107912 2014-10-20] (Google Inc.) R2 HFGService; C:\Windows\System32\HFGService.dll [419224 2010-02-05] (CSR, plc) S3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-11-06] (Hewlett-Packard Co.) [File not signed] S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed] R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [116104 2009-09-08] () S3 Macromedia Licensing Service; C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [68096 2007-05-05] () [File not signed] R2 Netzmanager Service; C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [2635776 2012-07-20] (Deutsche Telekom AG) [File not signed] R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed] R2 PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed] R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] () R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [770944 2015-01-30] (Enigma Software Group USA, LLC.) R2 StarMoney 9.0 OnlineUpdate; C:\Program Files\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe [697488 2014-07-04] (Star Finanz-Software Entwicklung und Vertriebs GmbH) R2 StarWindServiceAE; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [275968 2007-05-28] (Rocket Division Software) [File not signed] R2 syncagentsrv; C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe [6857752 2014-09-13] (Acronis) R2 WDDriveService; C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-10-23] (Western Digital Technologies, Inc.) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-18] (Microsoft Corporation) R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [464384 2015-01-24] (SysTool PasSame LIMITED) [File not signed] R2 WTService; C:\Windows\system32\atwtusb.exe [536064 2013-11-12] () [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 acedrv10; C:\Windows\system32\drivers\acedrv10.sys [583128 2007-10-28] (Protect Software GmbH) R2 acedrv11; C:\Windows\system32\drivers\acedrv11.sys [501560 2008-01-23] (Protect Software GmbH) R2 acehlp10; C:\Windows\system32\drivers\acehlp10.sys [250560 2007-10-26] (Protect Software GmbH) R2 ARGUS; C:\Windows\System32\drivers\dvr100H.sys [65280 2007-12-14] (AVerMedia Systems, Inc.) [File not signed] S3 BthAudioHF; C:\Windows\System32\DRIVERS\BthAudioHF.sys [48024 2010-02-05] (CSR, plc) R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [88632 2011-06-02] (Infowatch) R1 CSVirtualDiskDrv; C:\Windows\System32\DRIVERS\CSVirtualDiskDrv.sys [39736 2011-06-02] (Infowatch) R3 dfmirage; C:\Windows\System32\DRIVERS\dfmirage.sys [34128 2008-03-26] (DemoForge, LLC) S3 dptrackerd; C:\Windows\System32\drivers\dptrackerd.sys [44416 2005-12-18] (Windows (R) 2000 DDK provider) [File not signed] S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [19984 2015-01-30] () S3 FET5X86V; C:\Windows\System32\DRIVERS\fetnd5bv.sys [43520 2008-01-02] (VIA Technologies, Inc. ) R3 FETND6V; C:\Windows\System32\DRIVERS\fetnd6v.sys [51312 2011-05-13] (VIA Technologies, Inc. ) R0 file_tracker; C:\Windows\System32\DRIVERS\file_tracker.sys [214304 2015-01-01] (Acronis International GmbH) R1 hugoio; C:\Program Files\i-Menu\hugoio.sys [9760 2008-04-14] () R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2014-05-25] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [597568 2014-06-05] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25696 2014-05-25] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25696 2013-11-11] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2013-11-11] (Kaspersky Lab ZAO) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [44000 2013-11-11] (Kaspersky Lab ZAO) R3 KMWDFILTER; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [17408 2008-10-09] (Windows (R) Codename Longhorn DDK provider) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [145040 2013-11-11] (Kaspersky Lab ZAO) R3 moufiltr; C:\Windows\System32\DRIVERS\moufiltr.sys [6144 2009-03-08] (Windows (R) Codename Longhorn DDK provider) S3 MusCAudio; C:\Windows\System32\drivers\MusCAudio.sys [23608 2013-10-10] (Windows (R) Win 7 DDK provider) S3 MusCDriverV32; C:\Windows\System32\drivers\MusCDriverV32.sys [22528 2007-07-18] (Windows (R) Codename Longhorn DDK provider) [File not signed] S4 nvatabus; C:\Windows\system32\drivers\nvatabus.sys [105088 2006-07-14] (NVIDIA Corporation) S3 s125mdfl; C:\Windows\System32\DRIVERS\s125mdfl.sys [15112 2007-04-24] (MCCI Corporation) S3 s125mdm; C:\Windows\System32\DRIVERS\s125mdm.sys [108680 2007-04-24] (MCCI Corporation) S3 SNPSTD3; C:\Windows\System32\DRIVERS\snpstd3.sys [8701824 2005-10-13] () S4 sptd; C:\Windows\System32\Drivers\sptd.sys [320120 2014-07-16] (Duplex Secure Ltd.) S3 teamviewervpn; C:\Windows\System32\DRIVERS\teamviewervpn.sys [25088 2010-03-11] (TeamViewer GmbH) S3 TelekomNM3; C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys [35040 2010-09-16] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) R0 tib; C:\Windows\System32\DRIVERS\tib.sys [867968 2015-01-01] (Acronis International GmbH) R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [169248 2015-01-01] (Acronis International GmbH) S3 tosrfbd; C:\Windows\System32\DRIVERS\tosrfbd.sys [113792 2006-11-30] (TOSHIBA CORPORATION) [File not signed] S3 tosrfbnp; C:\Windows\System32\Drivers\tosrfbnp.sys [36480 2006-11-20] (TOSHIBA Corporation) [File not signed] S3 Tosrfhid; C:\Windows\System32\DRIVERS\Tosrfhid.sys [73600 2006-10-05] (TOSHIBA Corporation.) [File not signed] S3 tosrfnds; C:\Windows\System32\DRIVERS\tosrfnds.sys [18612 2005-01-06] (TOSHIBA Corporation.) [File not signed] S3 tosrfusb; C:\Windows\System32\DRIVERS\tosrfusb.sys [40960 2006-10-28] (TOSHIBA CORPORATION) [File not signed] R2 v2imount; C:\Windows\System32\DRIVERS\v2imount.sys [38112 2008-01-19] (Symantec Corporation) R3 vhidmini; C:\Windows\System32\DRIVERS\walvhid.sys [6144 2009-08-20] (Windows (R) Win 7 DDK provider) S4 viamraid; C:\Windows\system32\drivers\viamraid.sys [100992 2006-03-31] (VIA Technologies inc,.ltd) R0 videX32; C:\Windows\System32\drivers\videx32.sys [9216 2006-10-17] (VIA Technologies, Inc.) S3 vtcdrv; C:\Windows\System32\DRIVERS\vtcdrv.sys [18688 2010-05-17] (Windows (R) Codename Longhorn DDK provider) S3 VX1000; C:\Windows\System32\DRIVERS\VX1000.sys [1961072 2010-05-20] (Microsoft Corporation) R0 xfilt; C:\Windows\System32\drivers\xfilt.sys [17920 2006-10-18] (VIA Technologies,Inc) S3 amdkmdap; system32\DRIVERS\atikmpag.sys [X] S2 ASInsHelp; \??\C:\Windows\system32\drivers\AsInsHelp32.sys [X] S3 AtiHDAudioService; system32\drivers\AtihdLH3.sys [X] S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X] S3 cpuz134; \??\C:\Users\Dirk\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X] S3 GenericMount; system32\DRIVERS\GenericMount.sys [X] S4 HpCISSs; \SystemRoot\system32\drivers\hpcisss.sys [X] S3 Huawei; system32\DRIVERS\ewdcsc.sys [X] S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] U5 klflt; C:\Windows\System32\Drivers\klflt.sys [74848 2014-06-05] (Kaspersky Lab ZAO) S3 mod7700; system32\DRIVERS\mod7700.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] S3 SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\WNt500x86\Sandra.sys [X] S2 secdrv; No ImagePath S3 SNP325; system32\DRIVERS\snp325.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-31 14:04 - 2015-01-31 14:04 - 00000000 ____D () C:\FRST 2015-01-31 13:52 - 2015-01-31 13:53 - 00000020 _____ () C:\Users\Dirk\defogger_reenable 2015-01-31 13:51 - 2015-01-31 14:06 - 00000000 ____D () C:\Users\Dirk\Desktop\TrojanerBoard 2015-01-31 12:59 - 2015-01-31 12:59 - 00001041 _____ () C:\Users\Dirk\Desktop\SpyHunter.lnk 2015-01-31 12:59 - 2015-01-31 12:59 - 00000000 ____D () C:\Users\Dirk\AppData\Roaming\Enigma Software Group 2015-01-31 12:59 - 2015-01-31 12:59 - 00000000 ____D () C:\sh4ldr 2015-01-31 12:59 - 2015-01-30 20:54 - 00019984 _____ () C:\Windows\system32\Drivers\EsgScanner.sys 2015-01-31 09:05 - 2006-11-02 07:21 - 00319456 _____ (Microsoft Corporation) C:\Windows\system32\DIFxAPI.dll 2015-01-31 09:04 - 2011-05-13 13:34 - 00051312 _____ (VIA Technologies, Inc. ) C:\Windows\system32\Drivers\fetnd6v.sys 2015-01-31 09:04 - 2006-10-27 16:26 - 00069632 _____ () C:\Windows\system32\vuins32.dll 2015-01-30 20:54 - 2015-01-30 20:54 - 00000000 ____D () C:\Program Files\Enigma Software Group 2015-01-28 21:51 - 2015-01-28 21:52 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2015-01-28 21:20 - 2015-01-28 21:20 - 00001842 _____ () C:\Users\Public\Desktop\WISO Steuer-Sparbuch 2015.lnk 2015-01-28 21:20 - 2015-01-28 21:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO Steuer-Sparbuch 2015 2015-01-26 20:40 - 2015-01-31 13:31 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-01-26 20:40 - 2015-01-26 20:56 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-01-26 20:40 - 2015-01-26 20:56 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2015-01-24 15:38 - 2015-01-24 15:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elcomsoft Password Recovery 2015-01-24 15:38 - 2015-01-24 15:38 - 00000000 ____D () C:\ProgramData\Elcomsoft Password Recovery 2015-01-24 15:38 - 2015-01-24 15:38 - 00000000 ____D () C:\Program Files\Elcomsoft Password Recovery 2015-01-24 13:27 - 2015-01-24 13:27 - 00000000 ____D () C:\digitalvideoconverter 2015-01-24 12:49 - 2015-01-24 12:49 - 00000825 _____ () C:\Users\Public\Desktop\VLC media player.lnk 2015-01-24 12:48 - 2015-01-24 12:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN 2015-01-24 12:45 - 2015-01-26 17:28 - 00000000 ____D () C:\Program Files\Search Extensions 2015-01-24 12:41 - 2015-01-24 12:41 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect 2015-01-24 12:40 - 2015-01-24 12:53 - 00000000 ____D () C:\Users\Dirk\AppData\Roaming\MailUpdate 2015-01-24 12:40 - 2015-01-24 12:40 - 00000000 ____D () C:\ProgramData\MailUpdate 2015-01-24 12:32 - 2015-01-24 12:32 - 00001692 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk 2015-01-24 12:32 - 2015-01-24 12:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime 2015-01-24 12:20 - 2015-01-24 12:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AC3Filter 2015-01-24 12:20 - 2015-01-24 12:20 - 00000000 ____D () C:\Program Files\AC3Filter 2015-01-20 07:28 - 2015-01-20 07:28 - 00000083 _____ () C:\Windows\system32\gpupdate.bin 2015-01-15 03:13 - 2014-12-19 01:25 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2015-01-15 03:01 - 2014-12-06 04:14 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll 2015-01-15 03:01 - 2014-12-06 04:14 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll 2015-01-15 03:01 - 2014-12-06 04:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll 2015-01-15 03:00 - 2014-12-06 04:14 - 00153600 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2015-01-06 17:56 - 2015-01-06 17:56 - 00000000 ____D () C:\ProgramData\Avanquest Software 2015-01-01 15:05 - 2015-01-01 15:05 - 00214304 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\file_tracker.sys 2015-01-01 15:04 - 2015-01-01 15:04 - 00169248 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\tib_mounter.sys 2015-01-01 15:04 - 2015-01-01 15:04 - 00000000 ____D () C:\Users\Dirk\AppData\Roaming\53CD8B3D-3393-4451-8ACD-5B9F36CD7D31 2015-01-01 15:03 - 2015-01-01 15:03 - 00000982 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis True Image 2015.lnk 2015-01-01 15:03 - 2015-01-01 15:03 - 00000970 _____ () C:\Users\Public\Desktop\Acronis True Image 2015.lnk 2015-01-01 12:40 - 2015-01-01 15:08 - 00000000 ____D () C:\Users\Dirk\AppData\Roaming\Acronis 2015-01-01 12:34 - 2015-01-01 15:04 - 00867968 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\tib.sys 2015-01-01 12:34 - 2015-01-01 15:04 - 00208672 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\snapman.sys 2015-01-01 12:33 - 2015-01-02 18:42 - 00000000 ____D () C:\ProgramData\Acronis 2015-01-01 12:33 - 2015-01-01 15:03 - 00098592 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\fltsrv.sys 2015-01-01 12:33 - 2015-01-01 12:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis 2015-01-01 12:32 - 2015-01-01 15:07 - 00000000 ____D () C:\Program Files\Common Files\Acronis 2015-01-01 12:32 - 2015-01-01 12:32 - 00000000 ____D () C:\Program Files\Acronis ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-31 14:01 - 2012-05-03 16:45 - 01289246 _____ () C:\Windows\WindowsUpdate.log 2015-01-31 14:00 - 2007-05-05 16:56 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2015-01-31 13:59 - 2006-11-02 13:37 - 00000000 ___RD () C:\Users\Public\Recorded TV 2015-01-31 13:58 - 2011-10-19 07:19 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-01-31 13:57 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-01-31 13:57 - 2006-11-02 13:47 - 00003696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2015-01-31 13:57 - 2006-11-02 13:47 - 00003696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2015-01-31 13:57 - 2006-11-02 11:23 - 00000689 _____ () C:\Windows\win.ini 2015-01-31 13:53 - 2012-05-10 02:51 - 00032626 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-01-31 13:53 - 2008-09-14 13:16 - 00000012 _____ () C:\Windows\bthservsdp.dat 2015-01-31 13:52 - 2009-03-08 12:08 - 00000000 ____D () C:\Users\Dirk 2015-01-31 13:34 - 2011-10-19 07:19 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-01-31 13:30 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET 2015-01-31 13:23 - 2014-09-14 14:23 - 00000288 _____ () C:\Windows\Tasks\WSE_Astromenda.job 2015-01-31 13:19 - 2006-11-02 11:33 - 01424896 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-01-31 12:38 - 2009-03-09 19:52 - 00095744 _____ () C:\Users\Dirk\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-01-31 12:17 - 2007-09-25 15:18 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-01-31 09:34 - 2014-12-31 12:18 - 00207680 _____ () C:\Users\Dirk\AppData\Local\GDIPFONTCACHEV1.DAT 2015-01-31 09:32 - 2014-12-31 12:24 - 01969608 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-01-31 09:31 - 2014-12-31 12:24 - 00008500 _____ () C:\Windows\PFRO.log 2015-01-31 08:48 - 2008-06-14 15:28 - 00000000 ____D () C:\Program Files\Virtual Earth 3D 2015-01-31 08:45 - 2010-11-01 09:05 - 00000000 ____D () C:\Users\Dirk\AppData\Roaming\YoWindow 2015-01-31 08:40 - 2007-05-05 23:30 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information 2015-01-31 08:38 - 2009-03-29 10:57 - 00000000 ____D () C:\Program Files\Mobile Partner 2015-01-31 08:14 - 2007-09-25 15:23 - 00000000 ____D () C:\Program Files\Microsoft.NET 2015-01-31 08:10 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\de-DE 2015-01-31 07:48 - 2012-01-31 18:34 - 00000000 ___RD () C:\Users\Dirk\Dropbox 2015-01-31 07:28 - 2014-08-22 11:49 - 00000000 ____D () C:\Send 2015-01-31 00:00 - 2009-06-23 19:57 - 00000368 _____ () C:\Windows\Tasks\NeroLiveEpgUpdate-Home-PC_Dirk.job 2015-01-30 19:37 - 2014-07-12 11:20 - 00000000 ____D () C:\Users\Dirk\AppData\Roaming\Dropbox 2015-01-30 10:18 - 2011-09-10 11:15 - 00000974 _____ () C:\Windows\Tasks\Google Software Updater.job 2015-01-30 03:29 - 2013-05-10 06:45 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2015-01-29 20:41 - 2008-05-27 17:44 - 00000000 ____D () C:\MAGIX 2015-01-29 20:08 - 2014-05-13 17:02 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 2015-01-29 20:08 - 2007-07-13 16:38 - 00000000 ____D () C:\Program Files\Common Files\Apple 2015-01-29 19:56 - 2007-10-14 09:28 - 00000000 ____D () C:\Program Files\WISO 2015-01-28 21:21 - 2007-11-27 19:09 - 00000000 ____D () C:\Users\Dirk\AppData\Local\Buhl 2015-01-28 21:21 - 2007-10-14 10:56 - 00001464 _____ () C:\Windows\wiso.ini 2015-01-28 20:51 - 2014-01-02 10:02 - 00000000 ____D () C:\Program Files\StarMoney 9.0 2015-01-28 20:50 - 2014-07-16 18:57 - 00000000 ____D () C:\ProgramData\Package Cache 2015-01-26 17:43 - 2007-05-05 18:56 - 00000000 ____D () C:\Users\Dirk\AppData\Local\Adobe 2015-01-24 12:53 - 2011-04-17 12:17 - 00000824 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-01-24 12:53 - 2009-03-08 14:14 - 00000955 _____ () C:\Users\Dirk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-01-24 12:53 - 2007-11-26 21:06 - 00001730 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2015-01-24 12:32 - 2007-05-14 19:27 - 00000000 ____D () C:\Program Files\QuickTime 2015-01-23 10:28 - 2014-12-28 14:52 - 00000000 ____D () C:\Users\Dirk\AppData\Local\Avanquest 2015-01-21 07:39 - 2014-08-02 15:09 - 00000000 ____D () C:\Users\Dirk\AppData\Roaming\vlc 2015-01-20 07:35 - 2007-05-05 23:51 - 00000000 ____D () C:\Program Files\AceBIT 2015-01-20 07:27 - 2013-10-16 11:37 - 00000000 ____D () C:\Users\Dirk\AppData\Local\AllMusicConverter 2015-01-19 09:19 - 2007-05-05 22:35 - 00000000 ____D () C:\Users\Dirk\AppData\Roaming\Skype 2015-01-15 03:13 - 2013-08-15 02:13 - 00000000 ____D () C:\Windows\system32\MRT 2015-01-15 03:02 - 2006-11-02 11:24 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2015-01-13 20:26 - 2007-05-31 17:42 - 00000000 ____D () C:\Users\Dirk\AppData\Local\CutePDF Writer 2015-01-13 18:08 - 2011-03-05 15:27 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR 2015-01-07 15:35 - 2013-10-14 15:32 - 00000000 ____D () C:\ProgramData\CanonIJPLM 2015-01-06 04:36 - 2009-10-03 11:53 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2015-01-05 18:49 - 2014-10-13 16:43 - 00207680 _____ () C:\Users\Pascal\AppData\Local\GDIPFONTCACHEV1.DAT 2015-01-01 15:22 - 2007-03-19 07:30 - 00000000 ____D () C:\ProgramData\Symantec 2015-01-01 15:22 - 2007-03-19 07:30 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared 2015-01-01 15:21 - 2013-08-12 15:30 - 00000000 ____D () C:\ProgramData\{1C6FDDD8-FC9E-4C12-9FA5-1AAD377097B3} 2015-01-01 15:21 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Registration 2015-01-01 12:11 - 2013-02-03 16:45 - 00000000 ____D () C:\Testbilder 2015-01-01 11:31 - 2010-10-30 17:27 - 00004096 ___SH () C:\VSNAP.IDX 2015-01-01 09:44 - 2013-08-13 06:08 - 00000000 ____D () C:\Users\Dirk\AppData\Roaming\AIMP3 2015-01-01 09:24 - 2010-03-27 06:19 - 00000000 ____D () C:\Users\Dirk\AppData\Roaming\Mp3tag ==================== Files in the root of some directories ======= 1997-09-03 23:00 - 1997-09-03 23:00 - 0311296 _____ (Microsoft Corporation) C:\Program Files\Common Files\msacc8.olb 2007-08-26 16:20 - 2011-06-21 17:08 - 0000070 _____ () C:\Users\Dirk\AppData\Roaming\AVSDVDPlayer.m3u 2011-05-13 19:44 - 2011-01-14 21:07 - 0061440 _____ () C:\Users\Dirk\AppData\Roaming\chrtmp 2009-05-31 08:00 - 2009-05-31 08:00 - 0000029 _____ () C:\Users\Dirk\AppData\Roaming\default.rss 2009-05-31 08:00 - 2009-05-31 08:00 - 0000000 _____ () C:\Users\Dirk\AppData\Roaming\downloads.m3u 2007-08-26 19:14 - 2007-08-26 19:14 - 0087608 _____ () C:\Users\Dirk\AppData\Roaming\inst.exe 2009-06-07 22:11 - 2009-06-07 22:11 - 0038431 _____ () C:\Users\Dirk\AppData\Roaming\Kommagetrennte Werte (DOS).ADR 2007-10-01 20:38 - 2007-10-01 20:38 - 0012963 _____ () C:\Users\Dirk\AppData\Roaming\Kommagetrennte Werte (DOS).CAL 2007-09-15 10:33 - 2012-03-21 19:47 - 0038443 _____ () C:\Users\Dirk\AppData\Roaming\Kommagetrennte Werte (Windows).ADR 2007-10-01 20:29 - 2007-10-01 20:29 - 0012967 _____ () C:\Users\Dirk\AppData\Roaming\Kommagetrennte Werte (Windows).CAL 2007-09-15 10:39 - 2007-09-15 10:39 - 0011425 _____ () C:\Users\Dirk\AppData\Roaming\Kommagetrennte Werte (Windows).TSK 2012-03-19 07:19 - 2012-03-21 19:44 - 0023496 _____ () C:\Users\Dirk\AppData\Roaming\Microsoft Excel 97-2003.ADR 2008-02-10 10:43 - 2008-12-07 12:16 - 0012965 _____ () C:\Users\Dirk\AppData\Roaming\Microsoft Excel 97-2003.CAL 2009-05-09 15:49 - 2009-05-09 15:54 - 0008261 _____ () C:\Users\Dirk\AppData\Roaming\Microsoft Excel 97-2003.JNL 2007-06-10 08:30 - 2007-06-10 08:30 - 0012944 _____ () C:\Users\Dirk\AppData\Roaming\Microsoft Excel.CAL 2007-08-26 19:14 - 2007-08-26 19:14 - 0007887 _____ () C:\Users\Dirk\AppData\Roaming\pcouffin.cat 2007-08-26 19:14 - 2007-08-26 19:14 - 0001144 _____ () C:\Users\Dirk\AppData\Roaming\pcouffin.inf 2007-08-26 19:15 - 2007-08-26 19:15 - 0000034 _____ () C:\Users\Dirk\AppData\Roaming\pcouffin.log 2007-08-26 19:14 - 2007-08-26 19:14 - 0047360 _____ (VSO Software) C:\Users\Dirk\AppData\Roaming\pcouffin.sys 2007-05-10 21:52 - 2007-05-10 21:52 - 0012962 _____ () C:\Users\Dirk\AppData\Roaming\Tabulatorgetrennte Werte (Windows).CAL 2009-02-23 10:10 - 2009-02-23 10:10 - 0006144 ___SH () C:\Users\Dirk\AppData\Roaming\Thumbs.db 2007-11-25 20:09 - 2008-05-25 10:22 - 0012201 _____ () C:\Users\Dirk\AppData\Roaming\UserTile.png 2014-09-14 15:23 - 2014-12-19 21:34 - 0000222 _____ () C:\Users\Dirk\AppData\Roaming\WB.CFG 2007-05-05 16:13 - 2007-05-10 21:56 - 0000112 _____ () C:\Users\Dirk\AppData\Roaming\wklnhst.dat 2014-11-10 00:23 - 2014-11-10 00:23 - 0022528 _____ () C:\Users\Dirk\AppData\Local\665549406extsetup6655645931.exe 2014-11-10 00:23 - 2014-11-10 00:23 - 0643948 _____ () C:\Users\Dirk\AppData\Local\665549406extsq.dll 2011-01-04 12:06 - 2011-08-14 11:03 - 0001188 _____ () C:\Users\Dirk\AppData\Local\crc32list11.txt 2009-09-10 16:35 - 2014-12-15 20:23 - 0001356 _____ () C:\Users\Dirk\AppData\Local\d3d9caps.dat 2009-03-09 19:52 - 2015-01-31 12:38 - 0095744 _____ () C:\Users\Dirk\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-12-02 03:23 - 2014-12-17 02:23 - 0000010 _____ () C:\Users\Dirk\AppData\Local\DSI.DAT 2014-12-17 02:23 - 2014-12-17 02:23 - 0022528 _____ () C:\Users\Dirk\AppData\Local\dsisetup1052016712.exe 2014-12-02 03:23 - 2014-12-02 03:23 - 0022528 _____ () C:\Users\Dirk\AppData\Local\dsisetup11431845002.exe 2014-11-10 00:23 - 2014-11-10 00:23 - 0000008 _____ () C:\Users\Dirk\AppData\Local\ext2.dat 2009-07-27 18:07 - 2009-07-27 18:07 - 0000036 _____ () C:\Users\Dirk\AppData\Local\housecall.guid.cache 2009-11-21 07:15 - 2009-11-21 07:15 - 0000600 _____ () C:\Users\Dirk\AppData\Local\PUTTY.RND 2010-04-17 09:15 - 2010-04-17 10:31 - 0000907 _____ () C:\Users\Dirk\AppData\Local\RAExpertHistory.xml 2010-04-17 10:19 - 2010-04-17 10:29 - 0000171 _____ () C:\Users\Dirk\AppData\Local\rahistory.xml 2014-10-26 12:42 - 2014-10-26 12:42 - 0001495 _____ () C:\Users\Dirk\AppData\Local\recently-used.xbel 2012-06-03 11:59 - 2012-06-03 11:59 - 0017408 _____ () C:\Users\Dirk\AppData\Local\WebpageIcons.db 2011-12-11 18:55 - 2014-02-07 20:59 - 0000394 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc 2009-07-26 20:59 - 2009-10-10 08:18 - 0000000 _____ () C:\ProgramData\xml48D1.tmp 2009-03-09 18:39 - 2009-03-09 18:39 - 0000000 _____ () C:\ProgramData\xml8C76.tmp 2009-03-08 18:53 - 2009-08-25 21:45 - 0007189 _____ () C:\ProgramData\xml902C.tmp 2009-08-25 21:45 - 2009-10-10 08:18 - 0008723 _____ () C:\ProgramData\xml90C7.tmp 2009-03-08 18:53 - 2009-03-08 18:53 - 0000000 _____ () C:\ProgramData\xmlA2DA.tmp 2009-03-08 18:53 - 2009-03-08 18:53 - 0000000 _____ () C:\ProgramData\xmlA4FE.tmp 2009-03-08 18:53 - 2009-10-10 08:18 - 0001621 _____ () C:\ProgramData\xmlA53D.tmp 2009-03-09 18:39 - 2009-03-09 18:39 - 0000000 _____ () C:\ProgramData\xmlD73C.tmp Files to move or delete: ==================== C:\Users\Dirk\kavremover10.exe C:\Users\Dirk\strmdll.dll Some content of TEMP: ==================== C:\Users\Dirk\AppData\Local\Temp\bitool.dll C:\Users\Dirk\AppData\Local\Temp\clrvu.exe C:\Users\Dirk\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpcqp4ku.dll C:\Users\Dirk\AppData\Local\Temp\System.Data.SQLite.dll C:\Users\Dirk\AppData\Local\Temp\System.Data.SQLitefe223d1d-f38c-4129-b2b6-d203fb32ed1e.dll C:\Users\Dirk\AppData\Local\Temp\Update1.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-31 14:03 ==================== End Of Log ============================ |
Themen zu Vista 32 bit ServicePack 2 mit WindowsMangerProtect Problem und mehr |
adobe, bonjour, browser, canon, defender, desktop, ebanking, esgscanner.sys, excel, firefox, flash player, homepage, iexplore.exe, installation, kaspersky, mozilla, problem, realtek, registry, required, rundll, scan, services.exe, software, starmoney, svchost.exe, symantec, system, vista, wiso |