|
Plagegeister aller Art und deren Bekämpfung: Positive Finds AdsWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
01.02.2015, 22:37 | #1 |
| Positive Finds Ads Guten Abend Ich habe seit heute ein Problem - bei fast allen Seiten die ich öffne (komischerweise bei allen außer Google und Facebook), öffnen sich mehrere Werbungen. Nach langwieriger Recherche hab ich herausgefunden dass es wohl Positive Finds Ads sind.... Ich hab heute schon zwei Mal einen Scan vom Norten AntiVirus ausgeführt, doch es wurde nie etwas gefunden! Leider bin ich alles andere als ein Genie im im Umgang mit Computern :-/ Ich hoffe mir kann hier jemand helfen! Vielen Dank! Liebe Grüße, Ivi |
01.02.2015, 22:41 | #2 |
/// TB-Ausbilder /// Anleitungs-Guru | Positive Finds AdsMein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das...
Hinweis: Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden. Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert. Adware & Co. können wir sehr gut entfernen. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean bekommst. Los geht's: Schritt 1 Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
Lesestoff Posten in CODE-Tags: So gehts... Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert uns massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
01.02.2015, 22:51 | #3 |
| Positive Finds Ads Hallo Jürgen!
__________________Vielen vielen Dank für deine Hilfe!! Hier das FRST.txt: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015 Ran by Cornelia (administrator) on CORNELIALAPTOP on 01-02-2015 22:46:20 Running from C:\Users\Cornelia\Desktop Loaded Profiles: UpdatusUser & Cornelia (Available profiles: UpdatusUser & Cornelia & Gast) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\nav.exe (Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\nst.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe () C:\Program Files (x86)\bob internetsoftware\bobInternetsoftware_Service.exe (Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\nst.exe (Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\nav.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe (CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe (Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Dropbox, Inc.) C:\Users\Cornelia\AppData\Roaming\Dropbox\bin\Dropbox.exe (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe (CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe (Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe () C:\Windows\Samsung\PanelMgr\SSMMgr.exe (Sony Corporation) C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe () C:\Windows\Samsung\PanelMgr\caller64.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe () C:\Program Files (x86)\bob internetsoftware\bobInternetsoftware_Launcher.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Apple Inc.) C:\Program Files\iTunes\iTunes.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe () C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugincontainer.exe () C:\Program Files (x86)\Common Files\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\updater.exe (WebToGo Gmbh) C:\Program Files (x86)\bob internetsoftware\bobInternetsoftware.exe (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe (Google Inc.) C:\Users\Cornelia\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Cornelia\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Cornelia\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Cornelia\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Cornelia\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Cornelia\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Cornelia\AppData\Local\Google\Chrome\Application\chrome.exe () C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugins\8\Plugin.exe () C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugins\5\Plugin.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [860040 2010-10-29] (Acer Incorporated) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11619432 2010-11-26] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2185832 2010-11-26] (Realtek Semiconductor) HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2280232 2010-07-29] (Synaptics Incorporated) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-01-27] (Apple Inc.) HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [340336 2010-09-28] (Egis Technology Inc.) HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-09-18] (Egis Technology Inc.) HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-09-18] (Egis Technology Inc.) HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-02] (Symantec Corporation) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-10-03] (Adobe Systems Incorporated) HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [296768 2010-11-12] (NTI Corporation) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-14] (Intel Corporation) HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation) HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1025616 2010-12-09] (Dritek System Inc.) HKLM-x32\...\Run: [MDS_Menu] => C:\Program Files (x86)\Acer\clear.fi\MediaEspresso\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.) HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2010-12-10] (CyberLink Corp.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-01-20] (Apple Inc.) HKLM-x32\...\Run: [Samsung PanelMgr] => C:\Windows\Samsung\PanelMgr\ssmmgr.exe [618496 2010-06-07] () HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [935288 2009-09-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Reader Application Helper] => C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe [899400 2014-05-23] (Sony Corporation) HKLM-x32\...\Run: [TAG_bobinternetsoftware_Launcher.exe] => C:\Program Files (x86)\bob internetsoftware\bobinternetsoftware_Launcher.exe [478192 2012-10-23] () HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-05-23] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [] => [X] Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} HKU\S-1-5-21-109719926-1927758322-2587551322-1000\...\RunOnce: [ScrSav] => C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-07-29] () HKU\S-1-5-21-109719926-1927758322-2587551322-1001\...\Run: [Google Update] => C:\Users\Cornelia\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-30] (Google Inc.) HKU\S-1-5-21-109719926-1927758322-2587551322-1001\...\Run: [GoogleChromeAutoLaunch_B25262183A7D0BB9D958785DE345946E] => C:\Users\Cornelia\AppData\Local\Google\Chrome\Application\chrome.exe [843592 2015-01-27] (Google Inc.) HKU\S-1-5-21-109719926-1927758322-2587551322-1001\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564992 2014-05-23] (Samsung) HKU\S-1-5-21-109719926-1927758322-2587551322-1001\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845120 2014-05-23] (Samsung) HKU\S-1-5-21-109719926-1927758322-2587551322-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23308256 2015-01-15] (Google) HKU\S-1-5-21-109719926-1927758322-2587551322-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.) HKU\S-1-5-21-109719926-1927758322-2587551322-1001\...\MountPoints2: {f0a87f3c-b662-11e2-97fd-b870f4b04956} - F:\.\Autorun.exe AUTORUN=1 HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [226920 2010-12-12] (NVIDIA Corporation) AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => "C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" File Not Found AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [192616 2010-12-12] (NVIDIA Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk ShortcutTarget: Adobe Gamma Loader.exe.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) Startup: C:\Users\Cornelia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Cornelia\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (No File) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NAV&pvid=21.6.0.32 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NAV&pvid=21.6.0.32 HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NAV&pvid=21.6.0.32 HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NAV&pvid=21.6.0.32 HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm HKU\S-1-5-21-109719926-1927758322-2587551322-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome HKU\S-1-5-21-109719926-1927758322-2587551322-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-109719926-1927758322-2587551322-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NAV&pvid=21.6.0.32 HKU\S-1-5-21-109719926-1927758322-2587551322-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-109719926-1927758322-2587551322-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm HKU\S-1-5-21-109719926-1927758322-2587551322-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NAV&pvid=21.6.0.32 HKU\S-1-5-21-109719926-1927758322-2587551322-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome HKU\S-1-5-21-109719926-1927758322-2587551322-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-109719926-1927758322-2587551322-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-109719926-1927758322-2587551322-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm SearchScopes: HKLM -> DefaultScope {71588120-FC17-4463-B07D-2C71FE6E057B} URL = hxxp://go.findrsearch.com/search/web?q={searchTerms} SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox SearchScopes: HKLM -> {71588120-FC17-4463-B07D-2C71FE6E057B} URL = hxxp://go.findrsearch.com/search/web?q={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-109719926-1927758322-2587551322-1001 -> DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=119816&babsrc=SP_ss_din2g&mntrId=C2B5CCAF7872A4D7 SearchScopes: HKU\S-1-5-21-109719926-1927758322-2587551322-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-109719926-1927758322-2587551322-1001 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=119816&babsrc=SP_ss_din2g&mntrId=C2B5CCAF7872A4D7 SearchScopes: HKU\S-1-5-21-109719926-1927758322-2587551322-1001 -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = SearchScopes: HKU\S-1-5-21-109719926-1927758322-2587551322-1001 -> {71588120-FC17-4463-B07D-2C71FE6E057B} URL = hxxp://go.findrsearch.com/search/web?q={searchTerms} BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.6.15\coIEPlg.dll (Symantec Corporation) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Positive Finds -> {30c85a3d-1d96-4589-b63f-91fb7ef45a41} -> C:\Program Files (x86)\Positive Finds\Extensions\30c85a3d-1d96-4589-b63f-91fb7ef45a41.dll () BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\coIEPlg.dll (Symantec Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll No File Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.6.15\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\coIEPlg.dll (Symantec Corporation) Tcpip\..\Interfaces\{5EA47198-71AC-4837-9E18-C7FC3143A626}: [NameServer] 194.48.139.254 194.48.128.199 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @sony.com/ReaderDesktop -> C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKU\S-1-5-21-109719926-1927758322-2587551322-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Cornelia\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKU\S-1-5-21-109719926-1927758322-2587551322-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Cornelia\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKU\S-1-5-21-109719926-1927758322-2587551322-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.) FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_21.3.0.12\IPSFF FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_21.3.0.12\IPSFF [2014-06-26] FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.0.43\coFFPlgn FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.0.43\coFFPlgn [2015-01-31] FF HKU\S-1-5-21-109719926-1927758322-2587551322-1001\...\Firefox\Extensions: [lrcspal@xinghao.net] - C:\Program Files (x86)\XingHaoLyrics\FF FF Extension: LyricsPal - C:\Program Files (x86)\XingHaoLyrics\FF [2013-06-12] Chrome: ======= CHR HomePage: Default -> hxxp://www.delta-search.com/?affID=119816&babsrc=HP_ss&mntrId=C2B5CCAF7872A4D7 CHR StartupUrls: Default -> "hxxp://google.at/", "https://learn.wu.ac.at/" CHR Profile: C:\Users\Cornelia\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Drive) - C:\Users\Cornelia\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-07] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Cornelia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-06] CHR Extension: (YouTube) - C:\Users\Cornelia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-19] CHR Extension: (Google-Suche) - C:\Users\Cornelia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-19] CHR Extension: (Norton Identity Safe) - C:\Users\Cornelia\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-08-31] CHR Extension: (Google Wallet) - C:\Users\Cornelia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-12] CHR Extension: (Norton Security Toolbar) - C:\Users\Cornelia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob [2014-06-25] CHR Extension: (Google Mail) - C:\Users\Cornelia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-19] CHR HKU\S-1-5-21-109719926-1927758322-2587551322-1001\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Cornelia\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-05-06] CHR HKU\S-1-5-21-109719926-1927758322-2587551322-1001\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path CHR HKU\S-1-5-21-109719926-1927758322-2587551322-1001\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [Not Found] CHR HKLM-x32\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:\Users\Cornelia\AppData\Roaming\BabSolution\CR\Delta.crx [2013-04-22] CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path CHR HKLM-x32\...\Chrome\Extension: [mkcedibhemacmilmkpndpkoidlnmgngg] - C:\Users\Cornelia\ChromeExtensions\mkcedibhemacmilmkpndpkoidlnmgngg\amazon.crx [2013-06-01] CHR HKLM-x32\...\Chrome\Extension: [mmiopbgcekanlhpjkonogoljpfmhpkhf] - C:\Program Files (x86)\XingHaoLyrics\Chrome.crx [2013-06-04] CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\Exts\Chrome.crx [2014-08-07] StartMenuInternet: Google Chrome - C:\Users\Cornelia\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.) R2 NAV; C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\NAV.exe [262968 2014-09-21] (Symantec Corporation) R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\NST.exe [130104 2014-07-31] (Symantec Corporation) R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation) R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [257344 2010-11-12] (NTI Corporation) R2 Service Mgr PositiveFinds; C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugincontainer.exe [549624 2015-02-01] () S3 Sony SCSI Helper Service; C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe [73728 2014-04-25] (Sony Corporation) [File not signed] R2 TAG_Service; C:\Program Files (x86)\bob internetsoftware\bobinternetsoftware_Service.exe [497648 2012-10-23] () R2 Update Mgr PositiveFinds; C:\Program Files (x86)\Common Files\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\updater.exe [351992 2015-02-01] () S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 BHDrvx64; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.3.0.12\Definitions\BASHDefs\20150106.001\BHDrvx64.sys [1622744 2015-01-06] (Symantec Corporation) R1 ccSet_NAV; C:\Windows\system32\drivers\NAVx64\1506000.020\ccSetx64.sys [162392 2014-02-21] (Symantec Corporation) R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE07060.00F\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-11] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-11] (Symantec Corporation) S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-05-22] () [File not signed] S3 HTCAND64; C:\Windows\System32\Drivers\ANDROIDUSB.sys [33736 2009-11-02] (HTC, Corporation) [File not signed] R1 IDSVia64; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.3.0.12\Definitions\IPSDefs\20150130.001\IDSvia64.sys [668888 2015-01-14] (Symantec Corporation) R3 jrdusbser; C:\Windows\System32\DRIVERS\jrdusbser.sys [120832 2011-03-04] (TCT International Mobile Ltd) R3 NAVENG; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.3.0.12\Definitions\VirusDefs\20150131.003\ENG64.SYS [129752 2015-01-19] (Symantec Corporation) R3 NAVEX15; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.3.0.12\Definitions\VirusDefs\20150131.003\EX64.SYS [2137304 2015-01-19] (Symantec Corporation) R1 SRTSP; C:\Windows\System32\Drivers\NAVx64\1506000.020\SRTSP64.SYS [876248 2014-08-26] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\NAVx64\1506000.020\SRTSPX64.SYS [37592 2014-08-26] (Symantec Corporation) S2 SSPORT; C:\Windows\SysWOW64\Drivers\SSPORT.sys [11576 2009-07-29] (Samsung Electronics) S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [206080 2014-03-19] (DEVGURU Co., LTD.(www.devguru.co.kr)) R0 SymDS; C:\Windows\System32\drivers\NAVx64\1506000.020\SYMDS64.SYS [493656 2013-10-30] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\NAVx64\1506000.020\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-06-24] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\NAVx64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\NAVx64\1506000.020\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation) S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-01 22:46 - 2015-02-01 22:47 - 00030967 _____ () C:\Users\Cornelia\Desktop\FRST.txt 2015-02-01 22:46 - 2015-02-01 22:46 - 00000000 ____D () C:\FRST 2015-02-01 22:45 - 2015-02-01 22:45 - 02131456 _____ (Farbar) C:\Users\Cornelia\Desktop\frst64.exe 2015-01-31 23:10 - 2015-01-31 23:10 - 00000000 ____D () C:\Users\Cornelia\AppData\Roaming\OpenOffice 2015-01-31 23:09 - 2015-01-31 23:09 - 00001116 _____ () C:\Users\Public\Desktop\OpenOffice 4.1.1.lnk 2015-01-31 23:09 - 2015-01-31 23:09 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1 2015-01-31 23:08 - 2015-01-31 23:09 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4 2015-01-31 23:03 - 2015-01-31 23:03 - 00000000 ____D () C:\Users\Cornelia\Desktop\OpenOffice 4.1.1 (de) Installation Files 2015-01-31 22:59 - 2015-01-31 23:02 - 164858324 _____ () C:\Users\Cornelia\Downloads\Apache_OpenOffice_4.1.1_Win_x86_install_de.exe 2015-01-31 19:35 - 2015-01-31 19:35 - 00001757 _____ () C:\Users\Public\Desktop\iTunes.lnk 2015-01-31 19:35 - 2015-01-31 19:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2015-01-31 19:34 - 2015-01-31 19:35 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7 2015-01-31 19:34 - 2015-01-31 19:35 - 00000000 ____D () C:\Program Files\iTunes 2015-01-31 19:34 - 2015-01-31 19:34 - 00000000 ____D () C:\Program Files\iPod 2015-01-31 19:34 - 2015-01-31 19:34 - 00000000 ____D () C:\Program Files (x86)\iTunes 2015-01-31 19:32 - 2015-02-01 11:32 - 00000000 ____D () C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602 2015-01-31 19:32 - 2015-01-31 19:32 - 00000000 ____D () C:\Program Files (x86)\Positive Finds 2015-01-31 19:30 - 2015-01-31 19:30 - 00000000 ____D () C:\Users\Cornelia\AppData\Roaming\RHEng 2015-01-31 19:30 - 2015-01-31 19:30 - 00000000 ____D () C:\Program Files (x86)\Free Codec Pack 2015-01-31 19:26 - 2015-01-31 19:26 - 03533528 _____ (DVDVideoSoft Ltd. ) C:\Users\Cornelia\Downloads\FreeStudio.exe 2015-01-31 19:23 - 2015-01-31 19:24 - 03533008 _____ (DVDVideoSoft Ltd. ) C:\Users\Cornelia\Downloads\FreeYouTubeToMP3Converter (1).exe 2015-01-19 11:11 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-01-19 11:11 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-01-19 11:11 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-01-19 11:11 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-01-19 11:11 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-01-19 11:11 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-01-19 11:11 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-01-16 18:29 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2015-01-16 18:29 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2015-01-16 18:29 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2015-01-16 18:29 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll 2015-01-16 18:29 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll 2015-01-16 18:29 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-01 22:42 - 2011-12-04 00:08 - 00000000 ____D () C:\Users\Cornelia\AppData\Roaming\Skype 2015-02-01 22:41 - 2014-05-06 21:59 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-02-01 22:07 - 2013-02-28 17:29 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-02-01 22:06 - 2011-11-24 17:04 - 01612827 _____ () C:\Windows\WindowsUpdate.log 2015-02-01 21:54 - 2011-12-03 23:21 - 00001132 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-109719926-1927758322-2587551322-1001UA.job 2015-02-01 21:03 - 2011-12-05 22:16 - 00000099 _____ () C:\Users\Public\LMDebug.log 2015-02-01 20:54 - 2011-12-03 23:21 - 00001080 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-109719926-1927758322-2587551322-1001Core.job 2015-02-01 20:41 - 2014-05-06 21:59 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-02-01 20:41 - 2011-11-24 16:58 - 00699682 _____ () C:\Windows\system32\perfh007.dat 2015-02-01 20:41 - 2011-11-24 16:58 - 00149790 _____ () C:\Windows\system32\perfc007.dat 2015-02-01 20:41 - 2009-07-14 06:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-02-01 20:38 - 2011-11-24 17:44 - 00000000 ____D () C:\ProgramData\boost_interprocess 2015-01-31 23:10 - 2011-12-01 19:24 - 00068616 _____ () C:\Users\Cornelia\AppData\Local\GDIPFONTCACHEV1.DAT 2015-01-31 23:08 - 2011-12-08 13:34 - 00000000 ____D () C:\Program Files (x86)\OpenOffice.org 3 2015-01-31 23:03 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared 2015-01-31 19:49 - 2009-07-14 05:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-01-31 19:49 - 2009-07-14 05:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-01-31 19:46 - 2011-12-01 21:16 - 00000000 ____D () C:\ProgramData\clear.fi 2015-01-31 19:44 - 2012-11-25 17:12 - 00000000 ___RD () C:\Users\Cornelia\Dropbox 2015-01-31 19:44 - 2012-11-25 17:10 - 00000000 ____D () C:\Users\Cornelia\AppData\Roaming\Dropbox 2015-01-31 19:43 - 2014-05-06 22:01 - 00000000 ___RD () C:\Users\Cornelia\Google Drive 2015-01-31 19:41 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-01-31 19:41 - 2009-07-14 05:51 - 00089785 _____ () C:\Windows\setupact.log 2015-01-31 19:40 - 2011-11-24 17:01 - 00114628 _____ () C:\Windows\PFRO.log 2015-01-31 19:34 - 2011-12-03 23:57 - 00000000 ____D () C:\Program Files\Common Files\Apple 2015-01-31 19:32 - 2011-12-03 23:52 - 00000000 ____D () C:\Users\Cornelia\AppData\Roaming\DVDVideoSoft 2015-01-31 19:31 - 2014-05-12 10:57 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} 2015-01-31 19:31 - 2013-04-22 14:26 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft 2015-01-31 19:31 - 2013-03-15 12:28 - 00001536 _____ () C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk 2015-01-31 19:31 - 2013-03-15 12:28 - 00001245 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk 2015-01-31 19:31 - 2011-12-03 23:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft 2015-01-31 19:07 - 2013-02-28 17:29 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-01-31 19:07 - 2013-02-28 17:29 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-01-31 19:07 - 2013-02-28 17:29 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-01-31 19:07 - 2011-12-03 23:23 - 00002381 _____ () C:\Users\Cornelia\Desktop\Google Chrome.lnk 2015-01-29 22:46 - 2014-05-06 22:00 - 00002046 _____ () C:\Users\Public\Desktop\Google Slides.lnk 2015-01-29 22:46 - 2014-05-06 22:00 - 00002044 _____ () C:\Users\Public\Desktop\Google Sheets.lnk 2015-01-29 22:46 - 2014-05-06 22:00 - 00002034 _____ () C:\Users\Public\Desktop\Google Docs.lnk 2015-01-29 22:46 - 2014-05-06 22:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive 2015-01-19 10:57 - 2012-11-11 19:11 - 00000000 ____D () C:\Users\Cornelia\AppData\Local\CrashDumps 2015-01-16 20:03 - 2013-07-22 20:03 - 00000000 ____D () C:\Windows\system32\MRT 2015-01-16 20:03 - 2011-12-04 20:44 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-01-12 20:05 - 2012-05-27 20:28 - 01344512 ___SH () C:\Users\Cornelia\Downloads\Thumbs.db ==================== Files in the root of some directories ======= 2013-04-25 10:21 - 2013-02-09 22:55 - 0114176 _____ () C:\Users\Cornelia\AppData\Roaming\BabMaint.exe 2011-11-24 17:36 - 2011-11-24 17:39 - 0016108 _____ () C:\ProgramData\ArcadeDeluxe5.log 2011-01-11 16:25 - 2010-03-03 00:59 - 0131984 _____ () C:\ProgramData\FullRemove.exe Some content of TEMP: ==================== C:\Users\Cornelia\AppData\Local\Temp\amazonicon.exe C:\Users\Cornelia\AppData\Local\Temp\amazoninstallernircmdc.exe C:\Users\Cornelia\AppData\Local\Temp\COMAP.EXE C:\Users\Cornelia\AppData\Local\Temp\DeltaTB.exe C:\Users\Cornelia\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmph7iqvs.dll C:\Users\Cornelia\AppData\Local\Temp\DseShExt-x64.dll C:\Users\Cornelia\AppData\Local\Temp\DseShExt-x86.dll C:\Users\Cornelia\AppData\Local\Temp\FreeYouTubeToMP3Converter.exe C:\Users\Cornelia\AppData\Local\Temp\MSN7AFB.exe C:\Users\Cornelia\AppData\Local\Temp\nsi5C0F.exe C:\Users\Cornelia\AppData\Local\Temp\nsn548F.exe C:\Users\Cornelia\AppData\Local\Temp\nsnF91B.exe C:\Users\Cornelia\AppData\Local\Temp\nsxFED6.exe C:\Users\Cornelia\AppData\Local\Temp\sdanircmdc.exe C:\Users\Cornelia\AppData\Local\Temp\SDShelEx-win32.dll C:\Users\Cornelia\AppData\Local\Temp\SDShelEx-x64.dll C:\Users\Cornelia\AppData\Local\Temp\tmpB3CF.exe C:\Users\Cornelia\AppData\Local\Temp\tmpB8D8.exe C:\Users\Cornelia\AppData\Local\Temp\UpdateCheckerSetup.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-09-26 06:37 ==================== End Of Log ============================ --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2015 Ran by Cornelia at 2015-02-01 22:47:26 Running from C:\Users\Cornelia\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Norton AntiVirus (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB} AS: Norton AntiVirus (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.69 - NTI Corporation) Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1216 - CyberLink Corp.) Acer Crystal Eye Webcam (x32 Version: 1.0.1216 - CyberLink Corp.) Hidden Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3000 - Acer Incorporated) Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3002 - Acer Incorporated) Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated) Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.1130.2010 - Acer Incorporated) Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3001 - Acer Incorporated) Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.0.0.4080 - Adobe Systems Incorporated) Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated) Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated) Adobe Photoshop Elements (HKLM-x32\...\Adobe Photoshop Elements 1.0) (Version: 1.0 - Adobe Systems, Inc.) Adobe Reader 9.2 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.2.0 - Adobe Systems Incorporated) Airport Mania First Flight (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}) (Version: - Oberon Media) Amazon Kindle (HKU\S-1-5-21-109719926-1927758322-2587551322-1001\...\Amazon Kindle) (Version: - Amazon) Amazon MP3-Downloader 1.0.17 (HKLM-x32\...\Amazon MP3-Downloader) (Version: 1.0.17 - Amazon Services LLC) Amazonia (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}) (Version: - Oberon Media) Apple Application Support (32-Bit) (HKLM-x32\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.) Apple Application Support (64-Bit) (HKLM\...\{28791292-D18D-42FA-AE66-3D3D20AA8618}) (Version: 3.1.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{5ED7462B-EF58-4757-B609-53755021EC34}) (Version: 8.1.0.18 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Backup Manager V3 (x32 Version: 3.0.0.69 - NTI Corporation) Hidden bob internetsoftware (HKLM-x32\...\TAG) (Version: 2.0 - A1 Telekom Austria AG) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.100.235.19 - Broadcom Corporation) Broadcom Card Reader Driver Installer (HKLM\...\{4710662C-8204-4334-A977-B1AC9E547819}) (Version: 14.4.9.3 - Broadcom Corporation) Broadcom Gigabit NetLink Controller (HKLM\...\{029A4933-3F36-4E4F-AEC3-2207AB26463D}) (Version: 14.4.8.3 - Broadcom Corporation) BrowserProtect (HKLM-x32\...\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}) (Version: - Bit89 Inc) <==== ATTENTION Bundled software uninstaller (HKLM-x32\...\bi_uninstaller) (Version: - ) <==== ATTENTION Cake Mania (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}) (Version: - Oberon Media) Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden clear.fi (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 1.0.1223.00 - CyberLink Corp.) clear.fi (x32 Version: 1.0.1223.00 - CyberLink Corp.) Hidden clear.fi (x32 Version: 9.0.7209 - CyberLink Corp.) Hidden clear.fi Client (HKLM-x32\...\{43AAE145-83CF-4C96-9A5E-756CEFCE879F}) (Version: 1.00.3008 - Acer Incorporated) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Delta Chrome Toolbar (HKLM-x32\...\Delta Chrome Toolbar) (Version: - Visual Tools) <==== ATTENTION Dream Day First Home (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version: - Oberon Media) DriverTuner 3.0.1.0 (HKLM-x32\...\{520C1D80-935C-42B9-9340-E883849D804F}_is1) (Version: 3.0.0.1 - LionSea SoftWare) Dropbox (HKU\S-1-5-21-109719926-1927758322-2587551322-1001\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.) eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.) eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden Farm Frenzy 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}) (Version: - Oberon Media) Free Studio version 5.3.1 (HKLM-x32\...\Free Studio_is1) (Version: - DVDVideoSoft Ltd.) Free YouTube to MP3 Converter version 3.12.54.128 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.54.128 - DVDVideoSoft Ltd.) Galapago (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}) (Version: - Oberon Media) Google Chrome (HKU\S-1-5-21-109719926-1927758322-2587551322-1001\...\Google Chrome) (Version: 40.0.2214.94 - Google Inc.) Google Drive (HKLM-x32\...\{65EACBB4-B0B8-4A5B-AE46-22DBE15C70B5}) (Version: 1.19.8406.6504 - Google, Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Heroes of Hellas (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}) (Version: - Oberon Media) Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated) Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2266 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.0.0.1046 - Intel Corporation) Intel(R) Turbo Boost Technology Monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.0.82.0 - Intel) iTunes (HKLM\...\{7B8D4E8A-EA2B-4A71-BFEB-A4AAAB87C5D0}) (Version: 12.1.0.71 - Apple Inc.) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Launch Manager (HKLM-x32\...\LManager) (Version: 5.0.3 - Acer Inc.) LyricsPal (HKLM-x32\...\lrcspal@xinghao.net) (Version: - XingHao Software) <==== ATTENTION MediaEspresso (x32 Version: 1.0.1210_33255 - CyberLink Corp.) Hidden Merriam Websters Spell Jam (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}) (Version: - Oberon Media) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation) MyFreeCodec (HKU\S-1-5-21-109719926-1927758322-2587551322-1001\...\MyFreeCodec) (Version: - ) MyWinLocker (Version: 4.0.14.11 - Egis Technology Inc.) Hidden MyWinLocker 4 (x32 Version: 4.0.14.11 - Egis Technology Inc.) Hidden MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.11 - Egis Technology Inc.) MyWinLocker Suite (x32 Version: 4.0.14.11 - Egis Technology Inc.) Hidden Norton AntiVirus (HKLM-x32\...\NAV) (Version: 21.6.0.32 - Symantec Corporation) Norton Identity Safe (HKLM-x32\...\NST) (Version: 2014.7.6.15 - Symantec Corporation) Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation) NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8939 - NTI Corporation) NTI Media Maker 9 (x32 Version: 9.0.2.8939 - NTI Corporation) Hidden NVIDIA Graphics Driver 266.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 266.19 - NVIDIA Corporation) OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation) Poker Pop (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111355427}) (Version: - Oberon Media) Positive Finds (HKLM-x32\...\Positive Finds) (Version: 2.0.5509.12952 - Positive Finds) <==== ATTENTION! Reader for PC (HKLM-x32\...\{38FB32F7-5A2A-40E4-B106-4C35F75725CD}) (Version: 2.4.00.05230 - Sony Corporation) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6254 - Realtek Semiconductor Corp.) Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.26.0 - Renesas Electronics Corporation) Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.26.0 - Renesas Electronics Corporation) Hidden Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.14044_15 - Samsung Electronics Co., Ltd.) Samsung Kies (x32 Version: 2.6.3.14044_15 - Samsung Electronics Co., Ltd.) Hidden Samsung Story Album Viewer (HKLM-x32\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13052_1 - Samsung Electronics Co., Ltd.) Samsung Story Album Viewer (x32 Version: 1.0.0.13052_1 - Samsung Electronics Co., Ltd.) Hidden SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.40.0 - SAMSUNG Electronics Co., Ltd.) Shredder (Version: 2.0.8.7 - Egis Technology Inc.) Hidden Shredder (x32 Version: 2.0.8.7 - Egis Technology Inc.) Hidden Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.) Spin & Win (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}) (Version: - Oberon Media) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.6.0 - Synaptics Incorporated) Wartung Samsung ML-1660 Series (HKLM-x32\...\Samsung ML-1660 Series) (Version: - Samsung Electronics Co., Ltd.) Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3007 - Acer Incorporated) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation) Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-109719926-1927758322-2587551322-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Cornelia\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-109719926-1927758322-2587551322-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Cornelia\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-109719926-1927758322-2587551322-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Cornelia\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-109719926-1927758322-2587551322-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Cornelia\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-109719926-1927758322-2587551322-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Cornelia\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-109719926-1927758322-2587551322-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Cornelia\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-109719926-1927758322-2587551322-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cornelia\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-109719926-1927758322-2587551322-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cornelia\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-109719926-1927758322-2587551322-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cornelia\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-109719926-1927758322-2587551322-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cornelia\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-109719926-1927758322-2587551322-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cornelia\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-109719926-1927758322-2587551322-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cornelia\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-109719926-1927758322-2587551322-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cornelia\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-109719926-1927758322-2587551322-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cornelia\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-109719926-1927758322-2587551322-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Cornelia\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File ==================== Restore Points ========================= 10-12-2014 20:36:09 Windows Update 15-12-2014 23:20:50 Windows Update 16-12-2014 22:54:16 Windows Update 21-12-2014 23:02:24 Windows Update 16-01-2015 20:02:54 Windows Update 21-01-2015 21:33:00 Windows Modules Installer 31-01-2015 23:04:23 OpenOffice 4.1.1 wird installiert ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {06BA6298-290B-4817-86D4-8CD0D28C9EBE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {199D932C-0C4A-4439-B48E-220627C8FA35} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe Task: {2445FE38-BD4B-4FEF-89C4-45B6EB718D72} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-06] (Google Inc.) Task: {37410EB5-7B03-4E47-A2D3-97639690DEC5} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2010-12-23] (Acer Incorporated) Task: {476DE42C-46BB-436B-8D97-07B95EE9AED9} - System32\Tasks\BrowserProtect => Sc.exe start BrowserProtect <==== ATTENTION Task: {555F6ED2-2EB7-4C61-8086-9700931166FD} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation) Task: {75210ACE-464B-4BB1-A5FE-798842B5A5E6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-109719926-1927758322-2587551322-1001UA => C:\Users\Cornelia\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-30] (Google Inc.) Task: {9036EF6C-3105-4280-BEBB-A3A2967CF5C5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-31] (Adobe Systems Incorporated) Task: {95DEAF90-B330-4F36-890C-3FF5459F612F} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2010-12-23] (CyberLink Corp.) Task: {97584F22-C785-4C9F-9A19-108750BE6775} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2010-12-23] (CyberLink) Task: {98829D97-1101-46B9-8431-F612446E240F} - System32\Tasks\{C34F34C0-9C41-4EC5-9BCC-E825F7BE1B90} => Chrome.exe hxxp://ui.skype.com/ui/0/6.14.59.104/de/abandoninstall?page=tsProgressBar Task: {AD67AB1F-23A1-4E79-B991-E8665CFF4AD9} - System32\Tasks\EPUpdater => C:\Users\Cornelia\AppData\Roaming\BabSolution\Shared\BabMaint.exe [2013-06-06] () <==== ATTENTION Task: {B4C0D583-8889-452A-BD6D-5DBD8597CE26} - System32\Tasks\Recovery Management\Burn Notification => C:\Program Files\Acer\Acer eRecovery Management\NotificationCenter\Notification.exe [2010-12-01] (Acer) Task: {B55BD94B-FA1A-4B53-87CD-54E144EEC4A9} - System32\Tasks\Norton AntiVirus\Norton Error Analyzer => C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation) Task: {B5D864F1-76D5-4E4A-BF37-2D01A5F03AF6} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\SymErr.exe [2014-01-30] (Symantec Corporation) Task: {B763D147-978F-4725-AD4B-A67135B8AC4B} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\SymErr.exe [2014-01-30] (Symantec Corporation) Task: {D787E221-3558-4706-8D6A-63D816B97178} - System32\Tasks\{8D77CDAC-FE8C-4581-AE68-F85B6B60BE02} => Iexplore.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=4.1.0.179.367&LastError=404 Task: {F14F0E35-8A84-4080-A884-0CFA3EBC11B7} - System32\Tasks\Norton AntiVirus\Norton Error Processor => C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation) Task: {F1CE618E-1B8A-4816-8F34-2A7B3AAD40B8} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-109719926-1927758322-2587551322-1001Core => C:\Users\Cornelia\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-30] (Google Inc.) Task: {FCC870A9-3B61-4E41-A96D-0C0FDE8A9462} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-06] (Google Inc.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-109719926-1927758322-2587551322-1001Core.job => C:\Users\Cornelia\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-109719926-1927758322-2587551322-1001UA.job => C:\Users\Cornelia\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2011-06-22 06:48 - 2011-06-22 06:48 - 00034304 _____ () C:\Windows\System32\ssp7ml6.dll 2011-06-22 06:48 - 2011-06-22 06:48 - 00826880 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\ssp7mdu.dll 2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2015-01-20 22:35 - 2015-01-20 22:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2013-05-06 16:46 - 2012-10-23 12:27 - 00497648 _____ () C:\Program Files (x86)\bob internetsoftware\bobinternetsoftware_Service.exe 2009-01-22 01:45 - 2009-01-22 01:45 - 01401856 _____ () C:\Program Files (x86)\EgisTec MyWinLocker\x64\LIBEAY32.dll 2010-12-29 05:13 - 2010-12-17 01:37 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2011-12-05 22:12 - 2010-06-07 11:35 - 00618496 _____ () C:\Windows\Samsung\PanelMgr\SSMMgr.exe 2011-12-05 22:12 - 2009-07-29 11:13 - 00306688 _____ () C:\Windows\Samsung\PanelMgr\caller64.exe 2013-05-06 16:46 - 2012-10-23 12:27 - 00478192 _____ () C:\Program Files (x86)\bob internetsoftware\bobInternetsoftware_Launcher.exe 2015-01-20 22:35 - 2015-01-20 22:35 - 00306984 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxslt.dll 2015-01-31 12:48 - 2015-02-01 02:12 - 00549624 _____ () C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugincontainer.exe 2015-01-31 11:48 - 2015-02-01 01:12 - 00351992 _____ () C:\Program Files (x86)\Common Files\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\updater.exe 2015-02-01 09:12 - 2015-02-01 09:12 - 00503032 _____ () C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugins\8\plugin.exe 2015-02-01 07:59 - 2015-02-01 07:59 - 00518904 _____ () C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugins\5\plugin.exe 2010-11-12 02:22 - 2010-11-12 02:22 - 00465640 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll 2010-11-12 02:22 - 2010-11-12 02:22 - 01081664 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll 2010-11-12 02:22 - 2010-11-12 02:22 - 00125760 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll 2010-12-23 23:46 - 2010-12-23 23:46 - 00210312 _____ () C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll 2014-10-22 01:22 - 2014-10-22 01:22 - 00750080 _____ () C:\Users\Cornelia\AppData\Roaming\Dropbox\bin\libGLESv2.dll 2015-01-31 19:43 - 2015-01-31 19:43 - 00043008 _____ () c:\users\cornelia\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmph7iqvs.dll 2014-10-22 01:22 - 2014-10-22 01:22 - 00047616 _____ () C:\Users\Cornelia\AppData\Roaming\Dropbox\bin\libEGL.dll 2014-10-22 01:22 - 2014-10-22 01:22 - 00863744 _____ () C:\Users\Cornelia\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll 2014-10-22 01:22 - 2014-10-22 01:22 - 00200704 _____ () C:\Users\Cornelia\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll 2014-05-23 18:13 - 2014-05-23 18:13 - 00880640 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\fsk.dll 2014-05-23 18:15 - 2014-05-23 18:15 - 00040264 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMediaPlayers.dll 2014-05-23 18:15 - 2014-05-23 18:15 - 00239944 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\Fskin.dll 2014-05-23 18:15 - 2014-05-23 18:15 - 00026952 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskinLocalize.dll 2014-04-25 21:27 - 2014-04-25 21:27 - 00798720 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskSecurity.dll 2014-05-23 18:15 - 2014-05-23 18:15 - 00125256 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskDocumentViewer.dll 2014-05-23 18:15 - 2014-05-23 18:15 - 00016200 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskPower.dll 2014-05-23 18:15 - 2014-05-23 18:15 - 00024904 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskNetInterface.dll 2014-05-23 18:15 - 2014-05-23 18:15 - 00017224 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMobileMediaDevice.dll 2014-05-23 18:15 - 2014-05-23 18:15 - 00015176 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskTimeHardware.dll 2014-05-23 18:15 - 2014-05-23 18:15 - 00034632 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ticket.dll 2014-05-23 18:15 - 2014-05-23 18:15 - 00018760 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookDeviceNotifier.dll 2014-05-23 18:15 - 2014-05-23 18:15 - 00092488 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookUsb.dll 2014-05-23 18:15 - 2014-05-23 18:15 - 00149832 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\readerAppHelper.dll 2014-05-23 18:15 - 2014-05-23 18:15 - 00178504 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\USBDetector.dll 2015-01-31 19:42 - 2015-01-31 19:42 - 00098816 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI47882\win32api.pyd 2015-01-31 19:42 - 2015-01-31 19:42 - 00110080 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI47882\pywintypes27.dll 2015-01-31 19:42 - 2015-01-31 19:42 - 00364544 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI47882\pythoncom27.dll 2015-01-31 19:42 - 2015-01-31 19:42 - 00045568 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI47882\_socket.pyd 2015-01-31 19:42 - 2015-01-31 19:42 - 01160704 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI47882\_ssl.pyd 2015-01-31 19:42 - 2015-01-31 19:42 - 00320512 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI47882\win32com.shell.shell.pyd 2015-01-31 19:42 - 2015-01-31 19:42 - 00713216 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI47882\_hashlib.pyd 2015-01-31 19:42 - 2015-01-31 19:42 - 01175040 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI47882\wx._core_.pyd 2015-01-31 19:42 - 2015-01-31 19:42 - 00805888 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI47882\wx._gdi_.pyd 2015-01-31 19:42 - 2015-01-31 19:42 - 00811008 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI47882\wx._windows_.pyd 2015-01-31 19:42 - 2015-01-31 19:42 - 01062400 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI47882\wx._controls_.pyd 2015-01-31 19:42 - 2015-01-31 19:42 - 00735232 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI47882\wx._misc_.pyd 2015-01-31 19:42 - 2015-01-31 19:42 - 00557056 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI47882\pysqlite2._sqlite.pyd 2015-01-31 19:42 - 2015-01-31 19:42 - 00128512 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI47882\_elementtree.pyd 2015-01-31 19:42 - 2015-01-31 19:42 - 00127488 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI47882\pyexpat.pyd 2015-01-31 19:42 - 2015-01-31 19:42 - 00087552 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI47882\_ctypes.pyd 2015-01-31 19:42 - 2015-01-31 19:42 - 00119808 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI47882\win32file.pyd 2015-01-31 19:42 - 2015-01-31 19:42 - 00108544 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI47882\win32security.pyd 2015-01-31 19:42 - 2015-01-31 19:42 - 00007168 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI47882\hashobjs_ext.pyd 2015-01-31 19:42 - 2015-01-31 19:42 - 00167936 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI47882\win32gui.pyd 2015-01-31 19:42 - 2015-01-31 19:42 - 00018432 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI47882\win32event.pyd 2015-01-31 19:42 - 2015-01-31 19:42 - 00038912 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI47882\win32inet.pyd 2015-01-31 19:42 - 2015-01-31 19:42 - 00011264 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI47882\win32crypt.pyd 2015-01-31 19:42 - 2015-01-31 19:42 - 00070656 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI47882\wx._html2.pyd 2015-01-31 19:42 - 2015-01-31 19:42 - 00027136 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI47882\_multiprocessing.pyd 2015-01-31 19:41 - 2015-01-31 19:42 - 00035840 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI47882\win32process.pyd 2015-01-31 19:42 - 2015-01-31 19:42 - 00686080 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI47882\unicodedata.pyd 2015-01-31 19:42 - 2015-01-31 19:42 - 00122368 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI47882\wx._wizard.pyd 2015-01-31 19:42 - 2015-01-31 19:42 - 00024064 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI47882\win32pipe.pyd 2015-01-31 19:42 - 2015-01-31 19:42 - 00025600 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI47882\win32pdh.pyd 2015-01-31 19:42 - 2015-01-31 19:42 - 00525640 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI47882\windows._lib_cacheinvalidation.pyd 2015-01-31 19:42 - 2015-01-31 19:42 - 00010240 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI47882\select.pyd 2015-01-31 19:42 - 2015-01-31 19:42 - 00017408 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI47882\win32profile.pyd 2015-01-31 19:42 - 2015-01-31 19:42 - 00022528 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI47882\win32ts.pyd 2015-01-31 19:42 - 2015-01-31 19:42 - 00078336 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI47882\wx._animate.pyd 2013-05-06 16:46 - 2012-10-23 12:26 - 00256512 _____ () C:\Program Files (x86)\bob internetsoftware\WtgMobileBroadband7.dll 2014-10-30 19:17 - 2014-10-30 19:17 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\ba8588c3319d63350220ec2ac3eb2c36\IsdiInterop.ni.dll 2011-11-24 17:14 - 2010-09-14 03:28 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll 2015-01-20 22:35 - 2015-01-20 22:35 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2013-05-06 16:46 - 2012-01-25 10:38 - 01097728 _____ () C:\Program Files (x86)\bob internetsoftware\NDISAPI.dll 2015-01-31 19:07 - 2015-01-27 04:44 - 01117512 _____ () C:\Users\Cornelia\AppData\Local\Google\Chrome\Application\40.0.2214.94\libglesv2.dll 2015-01-31 19:07 - 2015-01-27 04:44 - 00211272 _____ () C:\Users\Cornelia\AppData\Local\Google\Chrome\Application\40.0.2214.94\libegl.dll 2015-01-31 19:07 - 2015-01-27 04:44 - 09171272 _____ () C:\Users\Cornelia\AppData\Local\Google\Chrome\Application\40.0.2214.94\pdf.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\Temp:0B9176C0 AlternateDataStreams: C:\ProgramData\Temp:CDFF58FE AlternateDataStreams: C:\ProgramData\Temp:E36F5B57 ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-109719926-1927758322-2587551322-500 - Administrator - Disabled) Cornelia (S-1-5-21-109719926-1927758322-2587551322-1001 - Administrator - Enabled) => C:\Users\Cornelia Gast (S-1-5-21-109719926-1927758322-2587551322-501 - Limited - Enabled) => C:\Users\Gast HomeGroupUser$ (S-1-5-21-109719926-1927758322-2587551322-1003 - Limited - Enabled) UpdatusUser (S-1-5-21-109719926-1927758322-2587551322-1000 - Limited - Enabled) => C:\Users\UpdatusUser ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (02/01/2015 11:13:12 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 9969 Error: (02/01/2015 11:13:12 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 9969 Error: (02/01/2015 11:13:10 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (01/29/2015 10:56:00 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 21964 Error: (01/29/2015 10:56:00 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 21964 Error: (01/29/2015 10:56:00 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (01/29/2015 10:55:50 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 9952 Error: (01/29/2015 10:55:50 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 9952 Error: (01/29/2015 10:55:48 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (01/27/2015 10:19:57 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 9953 System errors: ============= Error: (02/01/2015 08:43:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (02/01/2015 08:43:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (02/01/2015 04:02:16 PM) (Source: Disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error: (02/01/2015 04:02:16 PM) (Source: Disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error: (02/01/2015 04:02:15 PM) (Source: Disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error: (02/01/2015 04:02:15 PM) (Source: Disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error: (02/01/2015 04:02:14 PM) (Source: Disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error: (01/31/2015 07:41:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (01/31/2015 07:41:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (01/31/2015 07:38:34 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {DC0C2640-1415-4644-875C-6F4D769839BA} Microsoft Office Sessions: ========================= Error: (02/01/2015 11:13:12 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 9969 Error: (02/01/2015 11:13:12 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 9969 Error: (02/01/2015 11:13:10 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (01/29/2015 10:56:00 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 21964 Error: (01/29/2015 10:56:00 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 21964 Error: (01/29/2015 10:56:00 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (01/29/2015 10:55:50 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 9952 Error: (01/29/2015 10:55:50 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 9952 Error: (01/29/2015 10:55:48 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (01/27/2015 10:19:57 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 9953 CodeIntegrity Errors: =================================== Date: 2013-07-17 20:55:48.783 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-07-17 20:55:48.630 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-07-17 20:55:46.310 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-07-17 20:55:46.157 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-07-17 20:55:42.867 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-07-17 20:55:42.718 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-07-17 20:55:40.460 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-07-17 20:55:40.310 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-07-17 20:55:38.055 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-07-17 20:55:37.906 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz Percentage of memory in use: 74% Total physical RAM: 3947.86 MB Available physical RAM: 1000.03 MB Total Pagefile: 7893.9 MB Available Pagefile: 4361.23 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: (Acer) (Fixed) (Total:224.87 GB) (Free:129.88 GB) NTFS Drive d: (DATA) (Fixed) (Total:225.17 GB) (Free:225.06 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: ACEEA5BB) Partition 1: (Not Active) - (Size=15.6 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=224.9 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=225.2 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
01.02.2015, 23:01 | #4 |
/// TB-Ausbilder /// Anleitungs-Guru | Positive Finds Ads Gerne! Schritt 1 Bitte deinstalliere folgende Programme: BrowserProtect Bundled software uninstaller Delta Chrome Toolbar LyricsPal Positive Finds Versuche es bei Windows 7 zunächst über Systemsteuerung/Programme deinstallieren. Sollte das nicht gehen, lade Dir bitte Revo Uninstallerhier herunter. Entpacke die zip-Datei auf den Desktop. Anleitung
Wenn Du ein Programm nicht deinstallieren kannst, mach mit dem nächsten weiter. Auch wenn am Ende noch Programme übrig geblieben sind, führe den nächsten Schritt aus: Schritt 2 Downloade Dir bitte AdwCleaner auf deinen Desktop.
Schritt 3
Schritt 4 Bitte starte FRST erneut, markiere auch die checkbox und drücke auf Scan. Bitte poste mir den Inhalt der beiden Logs die erstellt werden.
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
01.02.2015, 23:38 | #5 |
| Positive Finds Ads Das Log zum AdwCleaner: Code:
ATTFilter # AdwCleaner v4.109 - Bericht erstellt am 01/02/2015 um 23:29:17 # Aktualisiert 24/01/2015 von Xplode # Database : 2015-01-26.1 [Live] # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzername : Cornelia - CORNELIALAPTOP # Gestartet von : C:\Users\Cornelia\Desktop\AdwCleaner_4.109.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\ProgramData\Babylon Ordner Gelöscht : C:\ProgramData\BrowserProtect Ordner Gelöscht : C:\Users\Cornelia\AppData\Local\onlysearch Ordner Gelöscht : C:\Users\Cornelia\AppData\Roaming\BabSolution Ordner Gelöscht : C:\Users\Cornelia\AppData\Roaming\Babylon Ordner Gelöscht : C:\Users\Cornelia\AppData\Roaming\Delta Ordner Gelöscht : C:\Users\Cornelia\AppData\Roaming\dvdvideosoftiehelpers Ordner Gelöscht : C:\Users\Cornelia\AppData\Roaming\OpenCandy Ordner Gelöscht : C:\Users\Cornelia\AppData\Roaming\RHEng Ordner Gelöscht : C:\Users\Cornelia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect Ordner Gelöscht : C:\Users\Cornelia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob Datei Gelöscht : C:\Users\Cornelia\AppData\Roaming\BabMaint.exe Datei Gelöscht : C:\Users\Cornelia\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences Datei Gelöscht : C:\Users\Cornelia\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eooncjejnppfjjklapaamhcdmjbilmde_0.localstorage Datei Gelöscht : C:\Users\Cornelia\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage Datei Gelöscht : C:\Users\Cornelia\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal Datei Gelöscht : C:\Users\Cornelia\AppData\Local\Google\Chrome\User Data\Default\bprotector web data Datei Gelöscht : C:\Users\Cornelia\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage Datei Gelöscht : C:\Users\Cornelia\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal ***** [ Tasks ] ***** Task Gelöscht : BrowserProtect Task Gelöscht : EPUpdater ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\mkcedibhemacmilmkpndpkoidlnmgngg Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\nppllibpnmahfaklnpggkibhkapjkeob Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\babylon.com Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\d Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1 Schlüssel Gelöscht : HKCU\Software\Classes\keepmysearch Schlüssel Gelöscht : HKCU\Software\848cdcbd3ebf44 Schlüssel Gelöscht : HKLM\SOFTWARE\848cdcbd3ebf44 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE} Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909} Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{71588120-FC17-4463-B07D-2C71FE6E057B} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{71588120-FC17-4463-B07D-2C71FE6E057B} Schlüssel Gelöscht : HKCU\Software\BABSOLUTION Schlüssel Gelöscht : HKCU\Software\BI Schlüssel Gelöscht : HKCU\Software\DataMngr [#] Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar Schlüssel Gelöscht : HKCU\Software\Delta Schlüssel Gelöscht : HKCU\Software\Myfree Codec Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\XingHaoLyrics Schlüssel Gelöscht : HKLM\SOFTWARE\Babylon Schlüssel Gelöscht : HKLM\SOFTWARE\DataMngr Schlüssel Gelöscht : HKLM\SOFTWARE\Delta Schlüssel Gelöscht : HKLM\SOFTWARE\Myfree Codec Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA} Daten Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll Daten Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\isearch.babylon.com ***** [ Browser ] ***** -\\ Internet Explorer v11.0.9600.17496 -\\ Google Chrome v [C:\Users\Cornelia\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.delta-search.com/?q={searchTerms}&affID=119816&babsrc=SP_ss&mntrId=C2B5CCAF7872A4D7 ************************* AdwCleaner[R0].txt - [7825 octets] - [01/02/2015 23:16:03] AdwCleaner[S0].txt - [6713 octets] - [01/02/2015 23:29:17] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6773 octets] ########## |
01.02.2015, 23:39 | #6 |
/// TB-Ausbilder /// Anleitungs-Guru | Positive Finds Ads Prima!
__________________ --> Positive Finds Ads |
02.02.2015, 00:59 | #7 |
| Positive Finds Ads So next one...Inhalt der Log Datei von Anti-Melware Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Scan, 02.02.2015 00:43:10, SYSTEM, CORNELIALAPTOP, Manual, Start: % 1 "% 2", Dauer: % 1 min 51 Sekunden, Bedrohungs-Suchlauf, Abgeschlossen, 2 Malwareerkennung, 66-Malwareerkennung, Protection, 02.02.2015 00:46:47, SYSTEM, CORNELIALAPTOP, Protection, Malware Protection, Starting, Protection, 02.02.2015 00:46:47, SYSTEM, CORNELIALAPTOP, Protection, Malware Protection, Started, Protection, 02.02.2015 00:46:47, SYSTEM, CORNELIALAPTOP, Protection, Malicious Website Protection, Starting, Protection, 02.02.2015 00:47:11, SYSTEM, CORNELIALAPTOP, Protection, Malicious Website Protection, Started, (end) FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015 Ran by Cornelia (administrator) on CORNELIALAPTOP on 02-02-2015 00:54:14 Running from C:\Users\Cornelia\Desktop Loaded Profiles: UpdatusUser & Cornelia (Available profiles: UpdatusUser & Cornelia & Gast) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\nav.exe (Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\nst.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe () C:\Program Files (x86)\bob internetsoftware\bobInternetsoftware_Service.exe (Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\nst.exe (Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe (CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\nav.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Dropbox, Inc.) C:\Users\Cornelia\AppData\Roaming\Dropbox\bin\Dropbox.exe (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe () C:\Windows\Samsung\PanelMgr\SSMMgr.exe (Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Sony Corporation) C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe () C:\Program Files (x86)\bob internetsoftware\bobInternetsoftware_Launcher.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe () C:\Windows\Samsung\PanelMgr\caller64.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (WebToGo Gmbh) C:\Program Files (x86)\bob internetsoftware\bobInternetsoftware.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Google Inc.) C:\Users\Cornelia\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Cornelia\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Cornelia\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Cornelia\AppData\Local\Google\Chrome\Application\chrome.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [860040 2010-10-29] (Acer Incorporated) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11619432 2010-11-26] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2185832 2010-11-26] (Realtek Semiconductor) HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2280232 2010-07-29] (Synaptics Incorporated) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-01-27] (Apple Inc.) HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [340336 2010-09-28] (Egis Technology Inc.) HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-09-18] (Egis Technology Inc.) HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-09-18] (Egis Technology Inc.) HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-02] (Symantec Corporation) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-10-03] (Adobe Systems Incorporated) HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [296768 2010-11-12] (NTI Corporation) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-14] (Intel Corporation) HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation) HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1025616 2010-12-09] (Dritek System Inc.) HKLM-x32\...\Run: [MDS_Menu] => C:\Program Files (x86)\Acer\clear.fi\MediaEspresso\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.) HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2010-12-10] (CyberLink Corp.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-01-20] (Apple Inc.) HKLM-x32\...\Run: [Samsung PanelMgr] => C:\Windows\Samsung\PanelMgr\ssmmgr.exe [618496 2010-06-07] () HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [935288 2009-09-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Reader Application Helper] => C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe [899400 2014-05-23] (Sony Corporation) HKLM-x32\...\Run: [TAG_bobinternetsoftware_Launcher.exe] => C:\Program Files (x86)\bob internetsoftware\bobinternetsoftware_Launcher.exe [478192 2012-10-23] () HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-05-23] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [] => [X] Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} HKU\S-1-5-21-109719926-1927758322-2587551322-1000\...\RunOnce: [ScrSav] => C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-07-29] () HKU\S-1-5-21-109719926-1927758322-2587551322-1001\...\Run: [Google Update] => C:\Users\Cornelia\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-30] (Google Inc.) HKU\S-1-5-21-109719926-1927758322-2587551322-1001\...\Run: [GoogleChromeAutoLaunch_B25262183A7D0BB9D958785DE345946E] => C:\Users\Cornelia\AppData\Local\Google\Chrome\Application\chrome.exe [843592 2015-01-27] (Google Inc.) HKU\S-1-5-21-109719926-1927758322-2587551322-1001\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564992 2014-05-23] (Samsung) HKU\S-1-5-21-109719926-1927758322-2587551322-1001\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845120 2014-05-23] (Samsung) HKU\S-1-5-21-109719926-1927758322-2587551322-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23308256 2015-01-15] (Google) HKU\S-1-5-21-109719926-1927758322-2587551322-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.) HKU\S-1-5-21-109719926-1927758322-2587551322-1001\...\MountPoints2: {f0a87f3c-b662-11e2-97fd-b870f4b04956} - F:\.\Autorun.exe AUTORUN=1 HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [226920 2010-12-12] (NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [192616 2010-12-12] (NVIDIA Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk ShortcutTarget: Adobe Gamma Loader.exe.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) Startup: C:\Users\Cornelia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Cornelia\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (No File) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NAV&pvid=21.6.0.32 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NAV&pvid=21.6.0.32 HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NAV&pvid=21.6.0.32 HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NAV&pvid=21.6.0.32 HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm HKU\S-1-5-21-109719926-1927758322-2587551322-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome HKU\S-1-5-21-109719926-1927758322-2587551322-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-109719926-1927758322-2587551322-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NAV&pvid=21.6.0.32 HKU\S-1-5-21-109719926-1927758322-2587551322-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-109719926-1927758322-2587551322-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm HKU\S-1-5-21-109719926-1927758322-2587551322-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NAV&pvid=21.6.0.32 HKU\S-1-5-21-109719926-1927758322-2587551322-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome HKU\S-1-5-21-109719926-1927758322-2587551322-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-109719926-1927758322-2587551322-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-109719926-1927758322-2587551322-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-109719926-1927758322-2587551322-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.6.15\coIEPlg.dll (Symantec Corporation) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\coIEPlg.dll (Symantec Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll No File Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.6.15\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\coIEPlg.dll (Symantec Corporation) Tcpip\..\Interfaces\{5EA47198-71AC-4837-9E18-C7FC3143A626}: [NameServer] 194.48.139.254 194.48.128.199 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @sony.com/ReaderDesktop -> C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKU\S-1-5-21-109719926-1927758322-2587551322-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Cornelia\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKU\S-1-5-21-109719926-1927758322-2587551322-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Cornelia\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKU\S-1-5-21-109719926-1927758322-2587551322-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.) FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_21.3.0.12\IPSFF FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_21.3.0.12\IPSFF [2014-06-26] FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.0.43\coFFPlgn FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.0.43\coFFPlgn [2015-02-02] Chrome: ======= CHR HomePage: Default -> hxxp://www.delta-search.com/?affID=119816&babsrc=HP_ss&mntrId=C2B5CCAF7872A4D7 CHR StartupUrls: Default -> "hxxp://google.at/", "https://learn.wu.ac.at/" CHR Profile: C:\Users\Cornelia\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Drive) - C:\Users\Cornelia\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-07] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Cornelia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-06] CHR Extension: (YouTube) - C:\Users\Cornelia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-19] CHR Extension: (Google-Suche) - C:\Users\Cornelia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-19] CHR Extension: (Norton Identity Safe) - C:\Users\Cornelia\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-08-31] CHR Extension: (Google Wallet) - C:\Users\Cornelia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-12] CHR Extension: (Google Mail) - C:\Users\Cornelia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-19] CHR HKU\S-1-5-21-109719926-1927758322-2587551322-1001\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Cornelia\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-05-06] CHR HKU\S-1-5-21-109719926-1927758322-2587551322-1001\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path StartMenuInternet: Google Chrome - C:\Users\Cornelia\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 NAV; C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\NAV.exe [262968 2014-09-21] (Symantec Corporation) R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\NST.exe [130104 2014-07-31] (Symantec Corporation) R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation) R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [257344 2010-11-12] (NTI Corporation) S3 Sony SCSI Helper Service; C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe [73728 2014-04-25] (Sony Corporation) [File not signed] R2 TAG_Service; C:\Program Files (x86)\bob internetsoftware\bobinternetsoftware_Service.exe [497648 2012-10-23] () S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 BHDrvx64; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.3.0.12\Definitions\BASHDefs\20150106.001\BHDrvx64.sys [1622744 2015-01-06] (Symantec Corporation) R1 ccSet_NAV; C:\Windows\system32\drivers\NAVx64\1506000.020\ccSetx64.sys [162392 2014-02-21] (Symantec Corporation) R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE07060.00F\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-11] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-11] (Symantec Corporation) S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-05-22] () [File not signed] S3 HTCAND64; C:\Windows\System32\Drivers\ANDROIDUSB.sys [33736 2009-11-02] (HTC, Corporation) [File not signed] R1 IDSVia64; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.3.0.12\Definitions\IPSDefs\20150130.001\IDSvia64.sys [668888 2015-01-14] (Symantec Corporation) R3 jrdusbser; C:\Windows\System32\DRIVERS\jrdusbser.sys [120832 2011-03-04] (TCT International Mobile Ltd) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-02] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation) R3 NAVENG; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.3.0.12\Definitions\VirusDefs\20150131.003\ENG64.SYS [129752 2015-01-19] (Symantec Corporation) R3 NAVEX15; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.3.0.12\Definitions\VirusDefs\20150131.003\EX64.SYS [2137304 2015-01-19] (Symantec Corporation) R1 SRTSP; C:\Windows\System32\Drivers\NAVx64\1506000.020\SRTSP64.SYS [876248 2014-08-26] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\NAVx64\1506000.020\SRTSPX64.SYS [37592 2014-08-26] (Symantec Corporation) S2 SSPORT; C:\Windows\SysWOW64\Drivers\SSPORT.sys [11576 2009-07-29] (Samsung Electronics) S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [206080 2014-03-19] (DEVGURU Co., LTD.(www.devguru.co.kr)) R0 SymDS; C:\Windows\System32\drivers\NAVx64\1506000.020\SYMDS64.SYS [493656 2013-10-30] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\NAVx64\1506000.020\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-06-24] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\NAVx64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\NAVx64\1506000.020\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation) S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-01 23:42 - 2015-02-02 00:47 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-02-01 23:42 - 2015-02-01 23:42 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-02-01 23:42 - 2015-02-01 23:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-02-01 23:42 - 2015-02-01 23:42 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-02-01 23:42 - 2015-02-01 23:42 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-02-01 23:42 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-02-01 23:42 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-02-01 23:42 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-02-01 23:39 - 2015-02-01 23:40 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Cornelia\Desktop\mbam-setup-2.0.4.1028.exe 2015-02-01 23:33 - 2015-02-01 23:33 - 00006881 _____ () C:\Users\Cornelia\Desktop\AdwCleaner[S0].txt 2015-02-01 23:15 - 2015-02-01 23:29 - 00000000 ____D () C:\AdwCleaner 2015-02-01 23:13 - 2015-02-01 23:13 - 02194432 _____ () C:\Users\Cornelia\Desktop\AdwCleaner_4.109.exe 2015-02-01 23:08 - 2015-02-01 23:08 - 00000000 ____D () C:\Users\Cornelia\Desktop\RevoUninstallerPortable 2015-02-01 23:07 - 2015-02-01 23:07 - 02785665 _____ (PortableApps.com) C:\Users\Cornelia\Desktop\RevoUninstallerPortable_1.95_Rev_2.paf.exe 2015-02-01 23:03 - 2015-02-01 23:03 - 00003440 _____ () C:\Windows\System32\Tasks\{0B05C414-15BC-4BEC-9826-3E03612A7BA4} 2015-02-01 22:47 - 2015-02-01 22:48 - 00045384 _____ () C:\Users\Cornelia\Desktop\Addition.txt 2015-02-01 22:46 - 2015-02-02 00:55 - 00027952 _____ () C:\Users\Cornelia\Desktop\FRST.txt 2015-02-01 22:46 - 2015-02-02 00:54 - 00000000 ____D () C:\FRST 2015-02-01 22:45 - 2015-02-01 22:45 - 02131456 _____ (Farbar) C:\Users\Cornelia\Desktop\frst64.exe 2015-01-31 23:10 - 2015-01-31 23:10 - 00000000 ____D () C:\Users\Cornelia\AppData\Roaming\OpenOffice 2015-01-31 23:09 - 2015-01-31 23:09 - 00001116 _____ () C:\Users\Public\Desktop\OpenOffice 4.1.1.lnk 2015-01-31 23:09 - 2015-01-31 23:09 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1 2015-01-31 23:08 - 2015-01-31 23:09 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4 2015-01-31 23:03 - 2015-01-31 23:03 - 00000000 ____D () C:\Users\Cornelia\Desktop\OpenOffice 4.1.1 (de) Installation Files 2015-01-31 22:59 - 2015-01-31 23:02 - 164858324 _____ () C:\Users\Cornelia\Downloads\Apache_OpenOffice_4.1.1_Win_x86_install_de.exe 2015-01-31 19:35 - 2015-01-31 19:35 - 00001757 _____ () C:\Users\Public\Desktop\iTunes.lnk 2015-01-31 19:35 - 2015-01-31 19:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2015-01-31 19:34 - 2015-01-31 19:35 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7 2015-01-31 19:34 - 2015-01-31 19:35 - 00000000 ____D () C:\Program Files\iTunes 2015-01-31 19:34 - 2015-01-31 19:34 - 00000000 ____D () C:\Program Files\iPod 2015-01-31 19:34 - 2015-01-31 19:34 - 00000000 ____D () C:\Program Files (x86)\iTunes 2015-01-31 19:30 - 2015-01-31 19:30 - 00000000 ____D () C:\Program Files (x86)\Free Codec Pack 2015-01-31 19:26 - 2015-01-31 19:26 - 03533528 _____ (DVDVideoSoft Ltd. ) C:\Users\Cornelia\Downloads\FreeStudio.exe 2015-01-31 19:23 - 2015-01-31 19:24 - 03533008 _____ (DVDVideoSoft Ltd. ) C:\Users\Cornelia\Downloads\FreeYouTubeToMP3Converter (1).exe 2015-01-19 11:11 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-01-19 11:11 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-01-19 11:11 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-01-19 11:11 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-01-19 11:11 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-01-19 11:11 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-01-19 11:11 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-01-16 18:29 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2015-01-16 18:29 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2015-01-16 18:29 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2015-01-16 18:29 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll 2015-01-16 18:29 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll 2015-01-16 18:29 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-02 00:55 - 2009-07-14 05:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-02-02 00:55 - 2009-07-14 05:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-02-02 00:54 - 2011-12-03 23:21 - 00001132 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-109719926-1927758322-2587551322-1001UA.job 2015-02-02 00:53 - 2011-11-24 17:04 - 01638936 _____ () C:\Windows\WindowsUpdate.log 2015-02-02 00:50 - 2014-05-06 22:01 - 00000000 ___RD () C:\Users\Cornelia\Google Drive 2015-02-02 00:50 - 2012-11-25 17:12 - 00000000 ___RD () C:\Users\Cornelia\Dropbox 2015-02-02 00:50 - 2012-11-25 17:10 - 00000000 ____D () C:\Users\Cornelia\AppData\Roaming\Dropbox 2015-02-02 00:50 - 2011-12-04 00:08 - 00000000 ____D () C:\Users\Cornelia\AppData\Roaming\Skype 2015-02-02 00:48 - 2011-11-24 17:44 - 00000000 ____D () C:\ProgramData\boost_interprocess 2015-02-02 00:47 - 2011-12-01 21:16 - 00000000 ____D () C:\ProgramData\clear.fi 2015-02-02 00:46 - 2014-05-06 21:59 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-02-02 00:46 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-02-02 00:46 - 2009-07-14 05:51 - 00089897 _____ () C:\Windows\setupact.log 2015-02-02 00:45 - 2011-11-24 17:01 - 00131970 _____ () C:\Windows\PFRO.log 2015-02-02 00:43 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\Performance 2015-02-02 00:41 - 2014-05-06 21:59 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-02-02 00:07 - 2013-02-28 17:29 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-02-01 23:38 - 2011-11-24 16:58 - 00699682 _____ () C:\Windows\system32\perfh007.dat 2015-02-01 23:38 - 2011-11-24 16:58 - 00149790 _____ () C:\Windows\system32\perfc007.dat 2015-02-01 23:38 - 2009-07-14 06:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-02-01 23:31 - 2009-07-14 05:45 - 00295672 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-02-01 21:03 - 2011-12-05 22:16 - 00000099 _____ () C:\Users\Public\LMDebug.log 2015-02-01 20:54 - 2011-12-03 23:21 - 00001080 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-109719926-1927758322-2587551322-1001Core.job 2015-01-31 23:10 - 2011-12-01 19:24 - 00068616 _____ () C:\Users\Cornelia\AppData\Local\GDIPFONTCACHEV1.DAT 2015-01-31 23:08 - 2011-12-08 13:34 - 00000000 ____D () C:\Program Files (x86)\OpenOffice.org 3 2015-01-31 23:03 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared 2015-01-31 19:34 - 2011-12-03 23:57 - 00000000 ____D () C:\Program Files\Common Files\Apple 2015-01-31 19:32 - 2011-12-03 23:52 - 00000000 ____D () C:\Users\Cornelia\AppData\Roaming\DVDVideoSoft 2015-01-31 19:31 - 2014-05-12 10:57 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} 2015-01-31 19:31 - 2013-04-22 14:26 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft 2015-01-31 19:31 - 2013-03-15 12:28 - 00001536 _____ () C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk 2015-01-31 19:31 - 2013-03-15 12:28 - 00001245 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk 2015-01-31 19:31 - 2011-12-03 23:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft 2015-01-31 19:07 - 2013-02-28 17:29 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-01-31 19:07 - 2013-02-28 17:29 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-01-31 19:07 - 2013-02-28 17:29 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-01-31 19:07 - 2011-12-03 23:23 - 00002381 _____ () C:\Users\Cornelia\Desktop\Google Chrome.lnk 2015-01-29 22:46 - 2014-05-06 22:00 - 00002046 _____ () C:\Users\Public\Desktop\Google Slides.lnk 2015-01-29 22:46 - 2014-05-06 22:00 - 00002044 _____ () C:\Users\Public\Desktop\Google Sheets.lnk 2015-01-29 22:46 - 2014-05-06 22:00 - 00002034 _____ () C:\Users\Public\Desktop\Google Docs.lnk 2015-01-29 22:46 - 2014-05-06 22:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive 2015-01-19 10:57 - 2012-11-11 19:11 - 00000000 ____D () C:\Users\Cornelia\AppData\Local\CrashDumps 2015-01-16 20:03 - 2013-07-22 20:03 - 00000000 ____D () C:\Windows\system32\MRT 2015-01-16 20:03 - 2011-12-04 20:44 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-01-12 20:05 - 2012-05-27 20:28 - 01344512 ___SH () C:\Users\Cornelia\Downloads\Thumbs.db ==================== Files in the root of some directories ======= 2011-11-24 17:36 - 2011-11-24 17:39 - 0016108 _____ () C:\ProgramData\ArcadeDeluxe5.log 2011-01-11 16:25 - 2010-03-03 00:59 - 0131984 _____ () C:\ProgramData\FullRemove.exe Some content of TEMP: ==================== C:\Users\Cornelia\AppData\Local\Temp\amazonicon.exe C:\Users\Cornelia\AppData\Local\Temp\amazoninstallernircmdc.exe C:\Users\Cornelia\AppData\Local\Temp\COMAP.EXE C:\Users\Cornelia\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpoiw0lo.dll C:\Users\Cornelia\AppData\Local\Temp\DseShExt-x64.dll C:\Users\Cornelia\AppData\Local\Temp\DseShExt-x86.dll C:\Users\Cornelia\AppData\Local\Temp\FreeYouTubeToMP3Converter.exe C:\Users\Cornelia\AppData\Local\Temp\MSN7AFB.exe C:\Users\Cornelia\AppData\Local\Temp\Quarantine.exe C:\Users\Cornelia\AppData\Local\Temp\sdanircmdc.exe C:\Users\Cornelia\AppData\Local\Temp\SDShelEx-win32.dll C:\Users\Cornelia\AppData\Local\Temp\SDShelEx-x64.dll C:\Users\Cornelia\AppData\Local\Temp\sqlite3.dll C:\Users\Cornelia\AppData\Local\Temp\tmpB3CF.exe C:\Users\Cornelia\AppData\Local\Temp\tmpB8D8.exe C:\Users\Cornelia\AppData\Local\Temp\uninst1.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-09-26 06:37 ==================== End Of Log ============================ --- --- --- --- --- --- Und Addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2015 Ran by Cornelia at 2015-02-02 00:56:17 Running from C:\Users\Cornelia\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Norton AntiVirus (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB} AS: Norton AntiVirus (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.69 - NTI Corporation) Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1216 - CyberLink Corp.) Acer Crystal Eye Webcam (x32 Version: 1.0.1216 - CyberLink Corp.) Hidden Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3000 - Acer Incorporated) Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3002 - Acer Incorporated) Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated) Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.1130.2010 - Acer Incorporated) Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.0.0.4080 - Adobe Systems Incorporated) Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated) Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated) Adobe Photoshop Elements (HKLM-x32\...\Adobe Photoshop Elements 1.0) (Version: 1.0 - Adobe Systems, Inc.) Adobe Reader 9.2 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.2.0 - Adobe Systems Incorporated) Airport Mania First Flight (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}) (Version: - Oberon Media) Amazon Kindle (HKU\S-1-5-21-109719926-1927758322-2587551322-1001\...\Amazon Kindle) (Version: - Amazon) Amazon MP3-Downloader 1.0.17 (HKLM-x32\...\Amazon MP3-Downloader) (Version: 1.0.17 - Amazon Services LLC) Amazonia (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}) (Version: - Oberon Media) Apple Application Support (32-Bit) (HKLM-x32\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.) Apple Application Support (64-Bit) (HKLM\...\{28791292-D18D-42FA-AE66-3D3D20AA8618}) (Version: 3.1.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{5ED7462B-EF58-4757-B609-53755021EC34}) (Version: 8.1.0.18 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Backup Manager V3 (x32 Version: 3.0.0.69 - NTI Corporation) Hidden bob internetsoftware (HKLM-x32\...\TAG) (Version: 2.0 - A1 Telekom Austria AG) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.100.235.19 - Broadcom Corporation) Broadcom Card Reader Driver Installer (HKLM\...\{4710662C-8204-4334-A977-B1AC9E547819}) (Version: 14.4.9.3 - Broadcom Corporation) Broadcom Gigabit NetLink Controller (HKLM\...\{029A4933-3F36-4E4F-AEC3-2207AB26463D}) (Version: 14.4.8.3 - Broadcom Corporation) Cake Mania (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}) (Version: - Oberon Media) Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden clear.fi (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 1.0.1223.00 - CyberLink Corp.) clear.fi (x32 Version: 1.0.1223.00 - CyberLink Corp.) Hidden clear.fi (x32 Version: 9.0.7209 - CyberLink Corp.) Hidden clear.fi Client (HKLM-x32\...\{43AAE145-83CF-4C96-9A5E-756CEFCE879F}) (Version: 1.00.3008 - Acer Incorporated) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Dream Day First Home (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version: - Oberon Media) DriverTuner 3.0.1.0 (HKLM-x32\...\{520C1D80-935C-42B9-9340-E883849D804F}_is1) (Version: 3.0.0.1 - LionSea SoftWare) Dropbox (HKU\S-1-5-21-109719926-1927758322-2587551322-1001\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.) eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.) eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden Farm Frenzy 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}) (Version: - Oberon Media) Free Studio version 5.3.1 (HKLM-x32\...\Free Studio_is1) (Version: - DVDVideoSoft Ltd.) Free YouTube to MP3 Converter version 3.12.54.128 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.54.128 - DVDVideoSoft Ltd.) Galapago (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}) (Version: - Oberon Media) Google Chrome (HKU\S-1-5-21-109719926-1927758322-2587551322-1001\...\Google Chrome) (Version: 40.0.2214.94 - Google Inc.) Google Drive (HKLM-x32\...\{65EACBB4-B0B8-4A5B-AE46-22DBE15C70B5}) (Version: 1.19.8406.6504 - Google, Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Heroes of Hellas (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}) (Version: - Oberon Media) Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated) Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2266 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.0.0.1046 - Intel Corporation) Intel(R) Turbo Boost Technology Monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.0.82.0 - Intel) iTunes (HKLM\...\{7B8D4E8A-EA2B-4A71-BFEB-A4AAAB87C5D0}) (Version: 12.1.0.71 - Apple Inc.) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Launch Manager (HKLM-x32\...\LManager) (Version: 5.0.3 - Acer Inc.) Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) MediaEspresso (x32 Version: 1.0.1210_33255 - CyberLink Corp.) Hidden Merriam Websters Spell Jam (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}) (Version: - Oberon Media) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation) MyFreeCodec (HKU\S-1-5-21-109719926-1927758322-2587551322-1001\...\MyFreeCodec) (Version: - ) MyWinLocker (Version: 4.0.14.11 - Egis Technology Inc.) Hidden MyWinLocker 4 (x32 Version: 4.0.14.11 - Egis Technology Inc.) Hidden MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.11 - Egis Technology Inc.) MyWinLocker Suite (x32 Version: 4.0.14.11 - Egis Technology Inc.) Hidden Norton AntiVirus (HKLM-x32\...\NAV) (Version: 21.6.0.32 - Symantec Corporation) Norton Identity Safe (HKLM-x32\...\NST) (Version: 2014.7.6.15 - Symantec Corporation) Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation) NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8939 - NTI Corporation) NTI Media Maker 9 (x32 Version: 9.0.2.8939 - NTI Corporation) Hidden NVIDIA Graphics Driver 266.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 266.19 - NVIDIA Corporation) OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation) Poker Pop (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111355427}) (Version: - Oberon Media) Reader for PC (HKLM-x32\...\{38FB32F7-5A2A-40E4-B106-4C35F75725CD}) (Version: 2.4.00.05230 - Sony Corporation) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6254 - Realtek Semiconductor Corp.) Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.26.0 - Renesas Electronics Corporation) Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.26.0 - Renesas Electronics Corporation) Hidden Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.14044_15 - Samsung Electronics Co., Ltd.) Samsung Kies (x32 Version: 2.6.3.14044_15 - Samsung Electronics Co., Ltd.) Hidden Samsung Story Album Viewer (HKLM-x32\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13052_1 - Samsung Electronics Co., Ltd.) Samsung Story Album Viewer (x32 Version: 1.0.0.13052_1 - Samsung Electronics Co., Ltd.) Hidden SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.40.0 - SAMSUNG Electronics Co., Ltd.) Shredder (Version: 2.0.8.7 - Egis Technology Inc.) Hidden Shredder (x32 Version: 2.0.8.7 - Egis Technology Inc.) Hidden Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.) Spin & Win (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}) (Version: - Oberon Media) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.6.0 - Synaptics Incorporated) Wartung Samsung ML-1660 Series (HKLM-x32\...\Samsung ML-1660 Series) (Version: - Samsung Electronics Co., Ltd.) Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3007 - Acer Incorporated) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation) Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-109719926-1927758322-2587551322-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Cornelia\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-109719926-1927758322-2587551322-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Cornelia\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-109719926-1927758322-2587551322-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Cornelia\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-109719926-1927758322-2587551322-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Cornelia\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-109719926-1927758322-2587551322-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Cornelia\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-109719926-1927758322-2587551322-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Cornelia\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-109719926-1927758322-2587551322-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cornelia\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-109719926-1927758322-2587551322-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cornelia\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-109719926-1927758322-2587551322-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cornelia\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-109719926-1927758322-2587551322-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cornelia\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-109719926-1927758322-2587551322-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cornelia\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-109719926-1927758322-2587551322-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cornelia\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-109719926-1927758322-2587551322-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cornelia\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-109719926-1927758322-2587551322-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cornelia\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-109719926-1927758322-2587551322-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Cornelia\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File ==================== Restore Points ========================= 10-12-2014 20:36:09 Windows Update 15-12-2014 23:20:50 Windows Update 16-12-2014 22:54:16 Windows Update 21-12-2014 23:02:24 Windows Update 16-01-2015 20:02:54 Windows Update 21-01-2015 21:33:00 Windows Modules Installer 31-01-2015 23:04:23 OpenOffice 4.1.1 wird installiert 01-02-2015 23:09:59 Revo Uninstaller's restore point - Bundled software uninstaller ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {06BA6298-290B-4817-86D4-8CD0D28C9EBE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {199D932C-0C4A-4439-B48E-220627C8FA35} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe Task: {220C245B-25BA-4C9D-BEE8-003CA43A5BD9} - System32\Tasks\{0B05C414-15BC-4BEC-9826-3E03612A7BA4} => pcalua.exe -a "C:\Users\Cornelia\Local Settings\Application Data\Bundled software uninstaller\biclient.exe" -c /initurl hxxp://bi.bisrv.com/:affid:/:sid:/:uid:? /affid uninstall /id uninstall /name "Bundled software uninstaller" Task: {2445FE38-BD4B-4FEF-89C4-45B6EB718D72} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-06] (Google Inc.) Task: {37410EB5-7B03-4E47-A2D3-97639690DEC5} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2010-12-23] (Acer Incorporated) Task: {555F6ED2-2EB7-4C61-8086-9700931166FD} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation) Task: {75210ACE-464B-4BB1-A5FE-798842B5A5E6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-109719926-1927758322-2587551322-1001UA => C:\Users\Cornelia\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-30] (Google Inc.) Task: {9036EF6C-3105-4280-BEBB-A3A2967CF5C5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-31] (Adobe Systems Incorporated) Task: {95DEAF90-B330-4F36-890C-3FF5459F612F} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2010-12-23] (CyberLink Corp.) Task: {97584F22-C785-4C9F-9A19-108750BE6775} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2010-12-23] (CyberLink) Task: {98829D97-1101-46B9-8431-F612446E240F} - System32\Tasks\{C34F34C0-9C41-4EC5-9BCC-E825F7BE1B90} => Chrome.exe hxxp://ui.skype.com/ui/0/6.14.59.104/de/abandoninstall?page=tsProgressBar Task: {B4C0D583-8889-452A-BD6D-5DBD8597CE26} - System32\Tasks\Recovery Management\Burn Notification => C:\Program Files\Acer\Acer eRecovery Management\NotificationCenter\Notification.exe [2010-12-01] (Acer) Task: {B55BD94B-FA1A-4B53-87CD-54E144EEC4A9} - System32\Tasks\Norton AntiVirus\Norton Error Analyzer => C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation) Task: {B5D864F1-76D5-4E4A-BF37-2D01A5F03AF6} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\SymErr.exe [2014-01-30] (Symantec Corporation) Task: {B763D147-978F-4725-AD4B-A67135B8AC4B} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\SymErr.exe [2014-01-30] (Symantec Corporation) Task: {D787E221-3558-4706-8D6A-63D816B97178} - System32\Tasks\{8D77CDAC-FE8C-4581-AE68-F85B6B60BE02} => Iexplore.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=4.1.0.179.367&LastError=404 Task: {F14F0E35-8A84-4080-A884-0CFA3EBC11B7} - System32\Tasks\Norton AntiVirus\Norton Error Processor => C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation) Task: {F1CE618E-1B8A-4816-8F34-2A7B3AAD40B8} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-109719926-1927758322-2587551322-1001Core => C:\Users\Cornelia\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-30] (Google Inc.) Task: {FCC870A9-3B61-4E41-A96D-0C0FDE8A9462} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-06] (Google Inc.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-109719926-1927758322-2587551322-1001Core.job => C:\Users\Cornelia\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-109719926-1927758322-2587551322-1001UA.job => C:\Users\Cornelia\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2011-06-22 06:48 - 2011-06-22 06:48 - 00034304 _____ () C:\Windows\System32\ssp7ml6.dll 2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2015-01-20 22:35 - 2015-01-20 22:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2013-05-06 16:46 - 2012-10-23 12:27 - 00497648 _____ () C:\Program Files (x86)\bob internetsoftware\bobinternetsoftware_Service.exe 2010-12-29 05:13 - 2010-12-17 01:37 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2011-12-05 22:12 - 2010-06-07 11:35 - 00618496 _____ () C:\Windows\Samsung\PanelMgr\SSMMgr.exe 2013-05-06 16:46 - 2012-10-23 12:27 - 00478192 _____ () C:\Program Files (x86)\bob internetsoftware\bobInternetsoftware_Launcher.exe 2011-12-05 22:12 - 2009-07-29 11:13 - 00306688 _____ () C:\Windows\Samsung\PanelMgr\caller64.exe 2010-11-12 02:22 - 2010-11-12 02:22 - 00465640 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll 2010-11-12 02:22 - 2010-11-12 02:22 - 01081664 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll 2010-11-12 02:22 - 2010-11-12 02:22 - 00125760 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll 2010-12-23 23:46 - 2010-12-23 23:46 - 00210312 _____ () C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll 2014-10-22 01:22 - 2014-10-22 01:22 - 00750080 _____ () C:\Users\Cornelia\AppData\Roaming\Dropbox\bin\libGLESv2.dll 2015-02-02 00:48 - 2015-02-02 00:48 - 00043008 _____ () c:\users\cornelia\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpoiw0lo.dll 2014-10-22 01:22 - 2014-10-22 01:22 - 00047616 _____ () C:\Users\Cornelia\AppData\Roaming\Dropbox\bin\libEGL.dll 2014-10-22 01:22 - 2014-10-22 01:22 - 00863744 _____ () C:\Users\Cornelia\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll 2014-10-22 01:22 - 2014-10-22 01:22 - 00200704 _____ () C:\Users\Cornelia\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll 2014-05-23 18:13 - 2014-05-23 18:13 - 00880640 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\fsk.dll 2014-05-23 18:15 - 2014-05-23 18:15 - 00040264 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMediaPlayers.dll 2014-05-23 18:15 - 2014-05-23 18:15 - 00239944 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\Fskin.dll 2014-05-23 18:15 - 2014-05-23 18:15 - 00026952 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskinLocalize.dll 2014-04-25 21:27 - 2014-04-25 21:27 - 00798720 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskSecurity.dll 2014-05-23 18:15 - 2014-05-23 18:15 - 00125256 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskDocumentViewer.dll 2014-05-23 18:15 - 2014-05-23 18:15 - 00016200 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskPower.dll 2014-05-23 18:15 - 2014-05-23 18:15 - 00024904 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskNetInterface.dll 2014-05-23 18:15 - 2014-05-23 18:15 - 00017224 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMobileMediaDevice.dll 2014-05-23 18:15 - 2014-05-23 18:15 - 00015176 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskTimeHardware.dll 2014-05-23 18:15 - 2014-05-23 18:15 - 00034632 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ticket.dll 2014-05-23 18:15 - 2014-05-23 18:15 - 00018760 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookDeviceNotifier.dll 2014-05-23 18:15 - 2014-05-23 18:15 - 00092488 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookUsb.dll 2014-05-23 18:15 - 2014-05-23 18:15 - 00149832 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\readerAppHelper.dll 2014-05-23 18:15 - 2014-05-23 18:15 - 00178504 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\USBDetector.dll 2013-05-06 16:46 - 2012-10-23 12:26 - 00256512 _____ () C:\Program Files (x86)\bob internetsoftware\WtgMobileBroadband7.dll 2015-02-02 00:47 - 2015-02-02 00:47 - 00098816 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI20402\win32api.pyd 2015-02-02 00:47 - 2015-02-02 00:47 - 00110080 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI20402\pywintypes27.dll 2015-02-02 00:47 - 2015-02-02 00:47 - 00364544 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI20402\pythoncom27.dll 2015-02-02 00:47 - 2015-02-02 00:47 - 00045568 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI20402\_socket.pyd 2015-02-02 00:47 - 2015-02-02 00:47 - 01160704 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI20402\_ssl.pyd 2015-02-02 00:47 - 2015-02-02 00:47 - 00320512 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI20402\win32com.shell.shell.pyd 2015-02-02 00:47 - 2015-02-02 00:47 - 00713216 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI20402\_hashlib.pyd 2015-02-02 00:47 - 2015-02-02 00:47 - 01175040 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI20402\wx._core_.pyd 2015-02-02 00:47 - 2015-02-02 00:47 - 00805888 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI20402\wx._gdi_.pyd 2015-02-02 00:47 - 2015-02-02 00:47 - 00811008 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI20402\wx._windows_.pyd 2015-02-02 00:47 - 2015-02-02 00:47 - 01062400 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI20402\wx._controls_.pyd 2015-02-02 00:47 - 2015-02-02 00:47 - 00735232 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI20402\wx._misc_.pyd 2015-02-02 00:47 - 2015-02-02 00:47 - 00557056 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI20402\pysqlite2._sqlite.pyd 2015-02-02 00:47 - 2015-02-02 00:47 - 00128512 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI20402\_elementtree.pyd 2015-02-02 00:47 - 2015-02-02 00:47 - 00127488 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI20402\pyexpat.pyd 2015-02-02 00:47 - 2015-02-02 00:47 - 00087552 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI20402\_ctypes.pyd 2015-02-02 00:47 - 2015-02-02 00:47 - 00119808 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI20402\win32file.pyd 2015-02-02 00:47 - 2015-02-02 00:47 - 00108544 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI20402\win32security.pyd 2015-02-02 00:47 - 2015-02-02 00:47 - 00007168 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI20402\hashobjs_ext.pyd 2015-02-02 00:47 - 2015-02-02 00:47 - 00167936 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI20402\win32gui.pyd 2015-02-02 00:47 - 2015-02-02 00:47 - 00018432 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI20402\win32event.pyd 2015-02-02 00:47 - 2015-02-02 00:47 - 00038912 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI20402\win32inet.pyd 2015-02-02 00:47 - 2015-02-02 00:47 - 00011264 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI20402\win32crypt.pyd 2015-02-02 00:47 - 2015-02-02 00:47 - 00070656 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI20402\wx._html2.pyd 2015-02-02 00:47 - 2015-02-02 00:47 - 00027136 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI20402\_multiprocessing.pyd 2015-02-02 00:47 - 2015-02-02 00:47 - 00035840 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI20402\win32process.pyd 2015-02-02 00:47 - 2015-02-02 00:47 - 00686080 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI20402\unicodedata.pyd 2015-02-02 00:47 - 2015-02-02 00:47 - 00122368 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI20402\wx._wizard.pyd 2015-02-02 00:47 - 2015-02-02 00:47 - 00024064 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI20402\win32pipe.pyd 2015-02-02 00:47 - 2015-02-02 00:47 - 00025600 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI20402\win32pdh.pyd 2015-02-02 00:47 - 2015-02-02 00:47 - 00525640 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI20402\windows._lib_cacheinvalidation.pyd 2015-02-02 00:47 - 2015-02-02 00:47 - 00010240 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI20402\select.pyd 2015-02-02 00:47 - 2015-02-02 00:47 - 00017408 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI20402\win32profile.pyd 2015-02-02 00:47 - 2015-02-02 00:47 - 00022528 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI20402\win32ts.pyd 2015-02-02 00:47 - 2015-02-02 00:47 - 00078336 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI20402\wx._animate.pyd 2013-05-06 16:46 - 2012-01-25 10:38 - 01097728 _____ () C:\Program Files (x86)\bob internetsoftware\NDISAPI.dll 2014-10-30 19:17 - 2014-10-30 19:17 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\ba8588c3319d63350220ec2ac3eb2c36\IsdiInterop.ni.dll 2011-11-24 17:14 - 2010-09-14 03:28 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll 2015-01-31 19:07 - 2015-01-27 04:44 - 01117512 _____ () C:\Users\Cornelia\AppData\Local\Google\Chrome\Application\40.0.2214.94\libglesv2.dll 2015-01-31 19:07 - 2015-01-27 04:44 - 00211272 _____ () C:\Users\Cornelia\AppData\Local\Google\Chrome\Application\40.0.2214.94\libegl.dll 2015-01-31 19:07 - 2015-01-27 04:44 - 09171272 _____ () C:\Users\Cornelia\AppData\Local\Google\Chrome\Application\40.0.2214.94\pdf.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\Temp:0B9176C0 AlternateDataStreams: C:\ProgramData\Temp:CDFF58FE AlternateDataStreams: C:\ProgramData\Temp:E36F5B57 ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-109719926-1927758322-2587551322-500 - Administrator - Disabled) Cornelia (S-1-5-21-109719926-1927758322-2587551322-1001 - Administrator - Enabled) => C:\Users\Cornelia Gast (S-1-5-21-109719926-1927758322-2587551322-501 - Limited - Enabled) => C:\Users\Gast HomeGroupUser$ (S-1-5-21-109719926-1927758322-2587551322-1003 - Limited - Enabled) UpdatusUser (S-1-5-21-109719926-1927758322-2587551322-1000 - Limited - Enabled) => C:\Users\UpdatusUser ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (02/01/2015 11:41:57 PM) (Source: Windows Backup) (EventID: 4103) (User: ) Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "F:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)" Error: (02/01/2015 11:13:12 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 9969 Error: (02/01/2015 11:13:12 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 9969 Error: (02/01/2015 11:13:10 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (01/29/2015 10:56:00 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 21964 Error: (01/29/2015 10:56:00 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 21964 Error: (01/29/2015 10:56:00 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (01/29/2015 10:55:50 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 9952 Error: (01/29/2015 10:55:50 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 9952 Error: (01/29/2015 10:55:48 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second System errors: ============= Error: (02/02/2015 00:46:52 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (02/02/2015 00:46:29 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (02/02/2015 00:44:37 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF} Error: (02/01/2015 11:36:36 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: Der Dienst "Windows Update" wurde nicht richtig gestartet. Error: (02/01/2015 11:35:43 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ShellHWDetection erreicht. Error: (02/01/2015 11:35:13 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ShellHWDetection erreicht. Error: (02/01/2015 11:32:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (02/01/2015 11:31:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (02/01/2015 11:29:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error: (02/01/2015 11:29:52 PM) (Source: Service Control Manager) (EventID: 7038) (User: ) Description: Der Dienst "WMPNetworkSvc" konnte sich nicht als "NT AUTHORITY\NetworkService" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%50 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Microsoft Office Sessions: ========================= Error: (02/01/2015 11:41:57 PM) (Source: Windows Backup) (EventID: 4103) (User: ) Description: F:\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006) Error: (02/01/2015 11:13:12 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 9969 Error: (02/01/2015 11:13:12 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 9969 Error: (02/01/2015 11:13:10 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (01/29/2015 10:56:00 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 21964 Error: (01/29/2015 10:56:00 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 21964 Error: (01/29/2015 10:56:00 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (01/29/2015 10:55:50 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 9952 Error: (01/29/2015 10:55:50 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 9952 Error: (01/29/2015 10:55:48 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second CodeIntegrity Errors: =================================== Date: 2013-07-17 20:55:48.783 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-07-17 20:55:48.630 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-07-17 20:55:46.310 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-07-17 20:55:46.157 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-07-17 20:55:42.867 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-07-17 20:55:42.718 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-07-17 20:55:40.460 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-07-17 20:55:40.310 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-07-17 20:55:38.055 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-07-17 20:55:37.906 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz Percentage of memory in use: 68% Total physical RAM: 3947.86 MB Available physical RAM: 1254.63 MB Total Pagefile: 7893.9 MB Available Pagefile: 4812.8 MB Total Virtual: 8192 MB Available Virtual: 8191.86 MB ==================== Drives ================================ Drive c: (Acer) (Fixed) (Total:224.87 GB) (Free:129.23 GB) NTFS Drive d: (DATA) (Fixed) (Total:225.17 GB) (Free:225.06 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: ACEEA5BB) Partition 1: (Not Active) - (Size=15.6 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=224.9 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=225.2 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
02.02.2015, 14:37 | #8 |
/// TB-Ausbilder /// Anleitungs-Guru | Positive Finds Ads
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
02.02.2015, 22:03 | #9 |
| Positive Finds AdsCode:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Scan, 02.02.2015 00:43:10, SYSTEM, CORNELIALAPTOP, Manual, Start: % 1 "% 2", Dauer: % 1 min 51 Sekunden, Bedrohungs-Suchlauf, Abgeschlossen, 2 Malwareerkennung, 66-Malwareerkennung, Protection, 02.02.2015 00:46:47, SYSTEM, CORNELIALAPTOP, Protection, Malware Protection, Starting, Protection, 02.02.2015 00:46:47, SYSTEM, CORNELIALAPTOP, Protection, Malware Protection, Started, Protection, 02.02.2015 00:46:47, SYSTEM, CORNELIALAPTOP, Protection, Malicious Website Protection, Starting, Protection, 02.02.2015 00:47:11, SYSTEM, CORNELIALAPTOP, Protection, Malicious Website Protection, Started, Update, 02.02.2015 07:46:54, SYSTEM, CORNELIALAPTOP, Scheduler, Failed, Unable to access update server, Update, 02.02.2015 21:52:43, SYSTEM, CORNELIALAPTOP, Scheduler, Failed, Unable to access update server, Update, 02.02.2015 21:55:31, SYSTEM, CORNELIALAPTOP, Scheduler, Malware Database, 2015.2.1.7, 2015.2.2.5, Protection, 02.02.2015 21:55:31, SYSTEM, CORNELIALAPTOP, Protection, Refresh, Starting, Protection, 02.02.2015 21:55:31, SYSTEM, CORNELIALAPTOP, Protection, Malicious Website Protection, Stopping, Protection, 02.02.2015 21:55:32, SYSTEM, CORNELIALAPTOP, Protection, Malicious Website Protection, Stopped, Protection, 02.02.2015 21:55:45, SYSTEM, CORNELIALAPTOP, Protection, Refresh, Success, Protection, 02.02.2015 21:55:45, SYSTEM, CORNELIALAPTOP, Protection, Malicious Website Protection, Starting, Protection, 02.02.2015 21:55:47, SYSTEM, CORNELIALAPTOP, Protection, Malicious Website Protection, Started, (end) Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Scan, 02.02.2015 00:43:10, SYSTEM, CORNELIALAPTOP, Manual, Start: % 1 "% 2", Dauer: % 1 min 51 Sekunden, Bedrohungs-Suchlauf, Abgeschlossen, 2 Malwareerkennung, 66-Malwareerkennung, Protection, 02.02.2015 00:46:47, SYSTEM, CORNELIALAPTOP, Protection, Malware Protection, Starting, Protection, 02.02.2015 00:46:47, SYSTEM, CORNELIALAPTOP, Protection, Malware Protection, Started, Protection, 02.02.2015 00:46:47, SYSTEM, CORNELIALAPTOP, Protection, Malicious Website Protection, Starting, Protection, 02.02.2015 00:47:11, SYSTEM, CORNELIALAPTOP, Protection, Malicious Website Protection, Started, Update, 02.02.2015 07:46:54, SYSTEM, CORNELIALAPTOP, Scheduler, Failed, Unable to access update server, Update, 02.02.2015 21:52:43, SYSTEM, CORNELIALAPTOP, Scheduler, Failed, Unable to access update server, Update, 02.02.2015 21:55:31, SYSTEM, CORNELIALAPTOP, Scheduler, Malware Database, 2015.2.1.7, 2015.2.2.5, Protection, 02.02.2015 21:55:31, SYSTEM, CORNELIALAPTOP, Protection, Refresh, Starting, Protection, 02.02.2015 21:55:31, SYSTEM, CORNELIALAPTOP, Protection, Malicious Website Protection, Stopping, Protection, 02.02.2015 21:55:32, SYSTEM, CORNELIALAPTOP, Protection, Malicious Website Protection, Stopped, Protection, 02.02.2015 21:55:45, SYSTEM, CORNELIALAPTOP, Protection, Refresh, Success, Protection, 02.02.2015 21:55:45, SYSTEM, CORNELIALAPTOP, Protection, Malicious Website Protection, Starting, Protection, 02.02.2015 21:55:47, SYSTEM, CORNELIALAPTOP, Protection, Malicious Website Protection, Started, (end) hier das Suchlaufprotokoll Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Scan, 02.02.2015 00:43:10, SYSTEM, CORNELIALAPTOP, Manual, Start: % 1 "% 2", Dauer: % 1 min 51 Sekunden, Bedrohungs-Suchlauf, Abgeschlossen, 2 Malwareerkennung, 66-Malwareerkennung, Protection, 02.02.2015 00:46:47, SYSTEM, CORNELIALAPTOP, Protection, Malware Protection, Starting, Protection, 02.02.2015 00:46:47, SYSTEM, CORNELIALAPTOP, Protection, Malware Protection, Started, Protection, 02.02.2015 00:46:47, SYSTEM, CORNELIALAPTOP, Protection, Malicious Website Protection, Starting, Protection, 02.02.2015 00:47:11, SYSTEM, CORNELIALAPTOP, Protection, Malicious Website Protection, Started, Update, 02.02.2015 07:46:54, SYSTEM, CORNELIALAPTOP, Scheduler, Failed, Unable to access update server, Update, 02.02.2015 21:52:43, SYSTEM, CORNELIALAPTOP, Scheduler, Failed, Unable to access update server, Update, 02.02.2015 21:55:31, SYSTEM, CORNELIALAPTOP, Scheduler, Malware Database, 2015.2.1.7, 2015.2.2.5, Protection, 02.02.2015 21:55:31, SYSTEM, CORNELIALAPTOP, Protection, Refresh, Starting, Protection, 02.02.2015 21:55:31, SYSTEM, CORNELIALAPTOP, Protection, Malicious Website Protection, Stopping, Protection, 02.02.2015 21:55:32, SYSTEM, CORNELIALAPTOP, Protection, Malicious Website Protection, Stopped, Protection, 02.02.2015 21:55:45, SYSTEM, CORNELIALAPTOP, Protection, Refresh, Success, Protection, 02.02.2015 21:55:45, SYSTEM, CORNELIALAPTOP, Protection, Malicious Website Protection, Starting, Protection, 02.02.2015 21:55:47, SYSTEM, CORNELIALAPTOP, Protection, Malicious Website Protection, Started, (end) |
02.02.2015, 22:14 | #10 |
/// TB-Ausbilder /// Anleitungs-Guru | Positive Finds Ads Lass MBAM einfach nochmal laufen... Schritt 1
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
02.02.2015, 23:20 | #11 |
| Positive Finds Ads Habs erneut laufen lassen ....hier das Suchlauf Verlaufsprotokoll: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 02.02.2015 Suchlauf-Zeit: 22:34:41 Logdatei: Administrator: Ja Version: 2.00.4.1028 Malware Datenbank: v2015.02.02.05 Rootkit Datenbank: v2015.01.14.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Cornelia Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 429755 Verstrichene Zeit: 42 Min, 34 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 0 (Keine schädliche Elemente erkannt) Registrierungswerte: 0 (Keine schädliche Elemente erkannt) Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 0 (Keine schädliche Elemente erkannt) Dateien: 0 (Keine schädliche Elemente erkannt) Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) und das Schutzprotokoll: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Scan, 02.02.2015 00:43:10, SYSTEM, CORNELIALAPTOP, Manual, Start: % 1 "% 2", Dauer: % 1 min 51 Sekunden, Bedrohungs-Suchlauf, Abgeschlossen, 2 Malwareerkennung, 66-Malwareerkennung, Protection, 02.02.2015 00:46:47, SYSTEM, CORNELIALAPTOP, Protection, Malware Protection, Starting, Protection, 02.02.2015 00:46:47, SYSTEM, CORNELIALAPTOP, Protection, Malware Protection, Started, Protection, 02.02.2015 00:46:47, SYSTEM, CORNELIALAPTOP, Protection, Malicious Website Protection, Starting, Protection, 02.02.2015 00:47:11, SYSTEM, CORNELIALAPTOP, Protection, Malicious Website Protection, Started, Update, 02.02.2015 07:46:54, SYSTEM, CORNELIALAPTOP, Scheduler, Failed, Unable to access update server, Update, 02.02.2015 21:52:43, SYSTEM, CORNELIALAPTOP, Scheduler, Failed, Unable to access update server, Update, 02.02.2015 21:55:31, SYSTEM, CORNELIALAPTOP, Scheduler, Malware Database, 2015.2.1.7, 2015.2.2.5, Protection, 02.02.2015 21:55:31, SYSTEM, CORNELIALAPTOP, Protection, Refresh, Starting, Protection, 02.02.2015 21:55:31, SYSTEM, CORNELIALAPTOP, Protection, Malicious Website Protection, Stopping, Protection, 02.02.2015 21:55:32, SYSTEM, CORNELIALAPTOP, Protection, Malicious Website Protection, Stopped, Protection, 02.02.2015 21:55:45, SYSTEM, CORNELIALAPTOP, Protection, Refresh, Success, Protection, 02.02.2015 21:55:45, SYSTEM, CORNELIALAPTOP, Protection, Malicious Website Protection, Starting, Protection, 02.02.2015 21:55:47, SYSTEM, CORNELIALAPTOP, Protection, Malicious Website Protection, Started, Scan, 02.02.2015 22:24:15, SYSTEM, CORNELIALAPTOP, Manual, Start: % 1 "% 2", Dauer: % 1 Std. 14 37 Minuten, Bedrohungs-Suchlauf, Abgeschlossen, 0 Malwareerkennung, 0-Malwareerkennung, Scan, 02.02.2015 23:17:16, SYSTEM, CORNELIALAPTOP, Manual, Start: % 1 "% 2", Dauer: % 1 min 42 Sekunden, Bedrohungs-Suchlauf, Abgeschlossen, 0 Malwareerkennung, 0-Malwareerkennung, (end) |
03.02.2015, 20:33 | #12 |
/// TB-Ausbilder /// Anleitungs-Guru | Positive Finds Ads Gerne! Letzte Scans: Schritt 1 ESET Online Scanner
Schritt 2 Bitte starte FRST erneut, markiere auch die checkbox und drücke auf Scan. Bitte poste mir den Inhalt der beiden Logs die erstellt werden.
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
04.02.2015, 08:10 | #13 |
| Positive Finds Ads Log vom Eset: Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=ad475225895c5c47a7c5396a64919d63 # engine=22290 # end=stopped # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2015-02-03 09:25:57 # local_time=2015-02-03 10:25:57 (+0100, Mitteleuropäische Zeit) # country="Austria" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='Norton AntiVirus' # compatibility_mode=3599 16777213 100 100 8043323 241988143 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776574 66 85 49343081 174628607 0 0 # scanned=64526 # found=15 # cleaned=0 # scan_time=5967 sh=91FD0C68DC46843917C8FEA976D8DDF7B941D897 ft=1 fh=fe05ab993baef410 vn="Win32/Toolbar.Babylon.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Cornelia\AppData\Roaming\BabMaint.exe.vir" sh=E0814D0F17EE1122F6D3507DC676030F8E1CC133 ft=1 fh=0e0f46db8e6ee8c4 vn="Win32/Toolbar.Babylon.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Cornelia\AppData\Roaming\BabSolution\Shared\BabMaint.exe.vir" sh=829D808C091045F45C513A6E4AB17055A52A9320 ft=1 fh=282fb76e1825b814 vn="Variante von Win32/Toolbar.Babylon.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Cornelia\AppData\Roaming\OpenCandy\01C976C96F514D358FA07CC86DEA4C35\DeltaTB.exe.vir" sh=E0814D0F17EE1122F6D3507DC676030F8E1CC133 ft=1 fh=0e0f46db8e6ee8c4 vn="Win32/Toolbar.Babylon.I evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Cornelia\AppData\Local\Temp\344D390F-BAB0-7891-B767-618BD5BA7797\Latest\BabMaint.exe" sh=E2BA5F8A7BD2BAF32FF31730BAD873C8E7957030 ft=1 fh=6e8622963c31f56a vn="Variante von Win32/Toolbar.Babylon.P evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Cornelia\AppData\Local\Temp\344D390F-BAB0-7891-B767-618BD5BA7797\Latest\BUSolution.dll" sh=7759A3318DE2ABC3755EBB7F50322C6D586B5286 ft=1 fh=e3d39714b3bfb2a0 vn="Win32/Toolbar.Babylon.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Cornelia\AppData\Local\Temp\344D390F-BAB0-7891-B767-618BD5BA7797\Latest\IEHelper.dll" sh=91FD0C68DC46843917C8FEA976D8DDF7B941D897 ft=1 fh=fe05ab993baef410 vn="Win32/Toolbar.Babylon.P evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Cornelia\AppData\Local\Temp\busC467\BabMaint.x" sh=43EAA89AE51391FE6219B415ED726FB621B354FE ft=1 fh=c71c00115a62a541 vn="Variante von Win32/Toolbar.Babylon.P evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Cornelia\AppData\Local\Temp\busC467\BUSolution.x" sh=3CB374AC1A0ED39C2A98701908F2722472A3F853 ft=1 fh=06738372f8f49ab8 vn="Variante von Win32/Toolbar.Babylon.I evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Cornelia\AppData\Local\Temp\F5E50571-BAB0-7891-8134-27FDB15F375C\Latest\BabMaint.exe" sh=AB1FD143BCC3ADE0758E8A7D82871C213D2FC4C9 ft=1 fh=8de5c5e0dcc9bb6f vn="Variante von Win32/Toolbar.Babylon.P evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Cornelia\AppData\Local\Temp\F5E50571-BAB0-7891-8134-27FDB15F375C\Latest\BUSolution.dll" sh=B56E298AA3EB2BBAEDEDEF1F751474750811B52F ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Babylon.I evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Cornelia\AppData\Local\Temp\F5E50571-BAB0-7891-8134-27FDB15F375C\Latest\delta.crx" sh=7759A3318DE2ABC3755EBB7F50322C6D586B5286 ft=1 fh=e3d39714b3bfb2a0 vn="Win32/Toolbar.Babylon.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Cornelia\AppData\Local\Temp\F5E50571-BAB0-7891-8134-27FDB15F375C\Latest\IEHelper.dll" sh=E52ACFD28024312209C5F833C4E711E01D0C31AF ft=1 fh=ee941069ae4ebe68 vn="Variante von Win32/Toolbar.Babylon.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Cornelia\AppData\Local\Temp\F5E50571-BAB0-7891-8134-27FDB15F375C\Latest\Setup.exe" sh=2DCA8A4DED867F3CB1B5F672D3D221448A385BA4 ft=1 fh=8a8ff7b61e72d628 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Cornelia\Documents\Downloads\FreeYouTubeToMp3Converter (2).exe" sh=23229499A040BB3745E959F4B2EBD76B1ED3B046 ft=1 fh=8a8ff7b60e314f51 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Cornelia\Documents\Downloads\FreeYouTubeToMp3Converter (3).exe" ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=ad475225895c5c47a7c5396a64919d63 # engine=22293 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2015-02-04 12:46:10 # local_time=2015-02-04 01:46:10 (+0100, Mitteleuropäische Zeit) # country="Austria" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='Norton AntiVirus' # compatibility_mode=3599 16777213 100 100 8055336 242000156 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776574 66 85 49355094 174640620 0 0 # scanned=207104 # found=16 # cleaned=0 # scan_time=11828 sh=91FD0C68DC46843917C8FEA976D8DDF7B941D897 ft=1 fh=fe05ab993baef410 vn="Win32/Toolbar.Babylon.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Cornelia\AppData\Roaming\BabMaint.exe.vir" sh=E0814D0F17EE1122F6D3507DC676030F8E1CC133 ft=1 fh=0e0f46db8e6ee8c4 vn="Win32/Toolbar.Babylon.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Cornelia\AppData\Roaming\BabSolution\Shared\BabMaint.exe.vir" sh=829D808C091045F45C513A6E4AB17055A52A9320 ft=1 fh=282fb76e1825b814 vn="Variante von Win32/Toolbar.Babylon.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Cornelia\AppData\Roaming\OpenCandy\01C976C96F514D358FA07CC86DEA4C35\DeltaTB.exe.vir" sh=E0814D0F17EE1122F6D3507DC676030F8E1CC133 ft=1 fh=0e0f46db8e6ee8c4 vn="Win32/Toolbar.Babylon.I evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Cornelia\AppData\Local\Temp\344D390F-BAB0-7891-B767-618BD5BA7797\Latest\BabMaint.exe" sh=E2BA5F8A7BD2BAF32FF31730BAD873C8E7957030 ft=1 fh=6e8622963c31f56a vn="Variante von Win32/Toolbar.Babylon.P evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Cornelia\AppData\Local\Temp\344D390F-BAB0-7891-B767-618BD5BA7797\Latest\BUSolution.dll" sh=7759A3318DE2ABC3755EBB7F50322C6D586B5286 ft=1 fh=e3d39714b3bfb2a0 vn="Win32/Toolbar.Babylon.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Cornelia\AppData\Local\Temp\344D390F-BAB0-7891-B767-618BD5BA7797\Latest\IEHelper.dll" sh=91FD0C68DC46843917C8FEA976D8DDF7B941D897 ft=1 fh=fe05ab993baef410 vn="Win32/Toolbar.Babylon.P evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Cornelia\AppData\Local\Temp\busC467\BabMaint.x" sh=43EAA89AE51391FE6219B415ED726FB621B354FE ft=1 fh=c71c00115a62a541 vn="Variante von Win32/Toolbar.Babylon.P evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Cornelia\AppData\Local\Temp\busC467\BUSolution.x" sh=3CB374AC1A0ED39C2A98701908F2722472A3F853 ft=1 fh=06738372f8f49ab8 vn="Variante von Win32/Toolbar.Babylon.I evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Cornelia\AppData\Local\Temp\F5E50571-BAB0-7891-8134-27FDB15F375C\Latest\BabMaint.exe" sh=AB1FD143BCC3ADE0758E8A7D82871C213D2FC4C9 ft=1 fh=8de5c5e0dcc9bb6f vn="Variante von Win32/Toolbar.Babylon.P evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Cornelia\AppData\Local\Temp\F5E50571-BAB0-7891-8134-27FDB15F375C\Latest\BUSolution.dll" sh=B56E298AA3EB2BBAEDEDEF1F751474750811B52F ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Babylon.I evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Cornelia\AppData\Local\Temp\F5E50571-BAB0-7891-8134-27FDB15F375C\Latest\delta.crx" sh=7759A3318DE2ABC3755EBB7F50322C6D586B5286 ft=1 fh=e3d39714b3bfb2a0 vn="Win32/Toolbar.Babylon.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Cornelia\AppData\Local\Temp\F5E50571-BAB0-7891-8134-27FDB15F375C\Latest\IEHelper.dll" sh=E52ACFD28024312209C5F833C4E711E01D0C31AF ft=1 fh=ee941069ae4ebe68 vn="Variante von Win32/Toolbar.Babylon.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Cornelia\AppData\Local\Temp\F5E50571-BAB0-7891-8134-27FDB15F375C\Latest\Setup.exe" sh=2DCA8A4DED867F3CB1B5F672D3D221448A385BA4 ft=1 fh=8a8ff7b61e72d628 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Cornelia\Documents\Downloads\FreeYouTubeToMp3Converter (2).exe" sh=23229499A040BB3745E959F4B2EBD76B1ED3B046 ft=1 fh=8a8ff7b60e314f51 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Cornelia\Documents\Downloads\FreeYouTubeToMp3Converter (3).exe" sh=62E18632B0D5BC7324512C466150D502921DA302 ft=1 fh=bb20ca87fbc05465 vn="Win32/WinloadSDA.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Cornelia\Downloads\Die-Sims-3---Einfach-tierisch-Setup.exe" Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2015 Ran by Cornelia at 2015-02-04 08:05:47 Running from C:\Users\Cornelia\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Norton AntiVirus (Disabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB} AS: Norton AntiVirus (Disabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.69 - NTI Corporation) Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1216 - CyberLink Corp.) Acer Crystal Eye Webcam (x32 Version: 1.0.1216 - CyberLink Corp.) Hidden Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3000 - Acer Incorporated) Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3002 - Acer Incorporated) Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated) Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.1130.2010 - Acer Incorporated) Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.0.0.4080 - Adobe Systems Incorporated) Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated) Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated) Adobe Photoshop Elements (HKLM-x32\...\Adobe Photoshop Elements 1.0) (Version: 1.0 - Adobe Systems, Inc.) Adobe Reader 9.2 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.2.0 - Adobe Systems Incorporated) Airport Mania First Flight (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}) (Version: - Oberon Media) Amazon Kindle (HKU\S-1-5-21-109719926-1927758322-2587551322-1001\...\Amazon Kindle) (Version: - Amazon) Amazon MP3-Downloader 1.0.17 (HKLM-x32\...\Amazon MP3-Downloader) (Version: 1.0.17 - Amazon Services LLC) Amazonia (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}) (Version: - Oberon Media) Apple Application Support (32-Bit) (HKLM-x32\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.) Apple Application Support (64-Bit) (HKLM\...\{28791292-D18D-42FA-AE66-3D3D20AA8618}) (Version: 3.1.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{5ED7462B-EF58-4757-B609-53755021EC34}) (Version: 8.1.0.18 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Backup Manager V3 (x32 Version: 3.0.0.69 - NTI Corporation) Hidden bob internetsoftware (HKLM-x32\...\TAG) (Version: 2.0 - A1 Telekom Austria AG) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.100.235.19 - Broadcom Corporation) Broadcom Card Reader Driver Installer (HKLM\...\{4710662C-8204-4334-A977-B1AC9E547819}) (Version: 14.4.9.3 - Broadcom Corporation) Broadcom Gigabit NetLink Controller (HKLM\...\{029A4933-3F36-4E4F-AEC3-2207AB26463D}) (Version: 14.4.8.3 - Broadcom Corporation) Cake Mania (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}) (Version: - Oberon Media) Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden clear.fi (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 1.0.1223.00 - CyberLink Corp.) clear.fi (x32 Version: 1.0.1223.00 - CyberLink Corp.) Hidden clear.fi (x32 Version: 9.0.7209 - CyberLink Corp.) Hidden clear.fi Client (HKLM-x32\...\{43AAE145-83CF-4C96-9A5E-756CEFCE879F}) (Version: 1.00.3008 - Acer Incorporated) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Dream Day First Home (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version: - Oberon Media) DriverTuner 3.0.1.0 (HKLM-x32\...\{520C1D80-935C-42B9-9340-E883849D804F}_is1) (Version: 3.0.0.1 - LionSea SoftWare) Dropbox (HKU\S-1-5-21-109719926-1927758322-2587551322-1001\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.) ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) Farm Frenzy 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}) (Version: - Oberon Media) Free Studio version 5.3.1 (HKLM-x32\...\Free Studio_is1) (Version: - DVDVideoSoft Ltd.) Free YouTube to MP3 Converter version 3.12.54.128 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.54.128 - DVDVideoSoft Ltd.) Galapago (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}) (Version: - Oberon Media) Google Chrome (HKU\S-1-5-21-109719926-1927758322-2587551322-1001\...\Google Chrome) (Version: 40.0.2214.94 - Google Inc.) Google Drive (HKLM-x32\...\{65EACBB4-B0B8-4A5B-AE46-22DBE15C70B5}) (Version: 1.19.8406.6504 - Google, Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Heroes of Hellas (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}) (Version: - Oberon Media) Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated) Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2266 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.0.0.1046 - Intel Corporation) Intel(R) Turbo Boost Technology Monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.0.82.0 - Intel) iTunes (HKLM\...\{7B8D4E8A-EA2B-4A71-BFEB-A4AAAB87C5D0}) (Version: 12.1.0.71 - Apple Inc.) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Launch Manager (HKLM-x32\...\LManager) (Version: 5.0.3 - Acer Inc.) Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) MediaEspresso (x32 Version: 1.0.1210_33255 - CyberLink Corp.) Hidden Merriam Websters Spell Jam (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}) (Version: - Oberon Media) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation) MyFreeCodec (HKU\S-1-5-21-109719926-1927758322-2587551322-1001\...\MyFreeCodec) (Version: - ) MyWinLocker (Version: 4.0.14.11 - Egis Technology Inc.) Hidden MyWinLocker 4 (x32 Version: 4.0.14.11 - Egis Technology Inc.) Hidden MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.11 - Egis Technology Inc.) MyWinLocker Suite (x32 Version: 4.0.14.11 - Egis Technology Inc.) Hidden Norton AntiVirus (HKLM-x32\...\NAV) (Version: 21.6.0.32 - Symantec Corporation) Norton Identity Safe (HKLM-x32\...\NST) (Version: 2014.7.6.15 - Symantec Corporation) Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation) NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8939 - NTI Corporation) NTI Media Maker 9 (x32 Version: 9.0.2.8939 - NTI Corporation) Hidden NVIDIA Graphics Driver 266.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 266.19 - NVIDIA Corporation) OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation) Poker Pop (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111355427}) (Version: - Oberon Media) Reader for PC (HKLM-x32\...\{38FB32F7-5A2A-40E4-B106-4C35F75725CD}) (Version: 2.4.00.05230 - Sony Corporation) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6254 - Realtek Semiconductor Corp.) Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.26.0 - Renesas Electronics Corporation) Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.26.0 - Renesas Electronics Corporation) Hidden Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.14044_15 - Samsung Electronics Co., Ltd.) Samsung Kies (x32 Version: 2.6.3.14044_15 - Samsung Electronics Co., Ltd.) Hidden Samsung Story Album Viewer (HKLM-x32\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13052_1 - Samsung Electronics Co., Ltd.) Samsung Story Album Viewer (x32 Version: 1.0.0.13052_1 - Samsung Electronics Co., Ltd.) Hidden SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.40.0 - SAMSUNG Electronics Co., Ltd.) Shredder (Version: 2.0.8.7 - Egis Technology Inc.) Hidden Shredder (x32 Version: 2.0.8.7 - Egis Technology Inc.) Hidden Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.) Spin & Win (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}) (Version: - Oberon Media) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.6.0 - Synaptics Incorporated) Wartung Samsung ML-1660 Series (HKLM-x32\...\Samsung ML-1660 Series) (Version: - Samsung Electronics Co., Ltd.) Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3007 - Acer Incorporated) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation) Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-109719926-1927758322-2587551322-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Cornelia\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-109719926-1927758322-2587551322-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Cornelia\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-109719926-1927758322-2587551322-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Cornelia\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-109719926-1927758322-2587551322-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Cornelia\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-109719926-1927758322-2587551322-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Cornelia\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-109719926-1927758322-2587551322-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Cornelia\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-109719926-1927758322-2587551322-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Cornelia\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-109719926-1927758322-2587551322-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cornelia\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-109719926-1927758322-2587551322-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cornelia\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-109719926-1927758322-2587551322-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cornelia\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-109719926-1927758322-2587551322-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cornelia\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-109719926-1927758322-2587551322-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cornelia\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-109719926-1927758322-2587551322-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cornelia\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-109719926-1927758322-2587551322-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cornelia\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-109719926-1927758322-2587551322-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cornelia\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-109719926-1927758322-2587551322-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Cornelia\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File ==================== Restore Points ========================= 21-01-2015 21:33:00 Windows Modules Installer 31-01-2015 23:04:23 OpenOffice 4.1.1 wird installiert 01-02-2015 23:09:59 Revo Uninstaller's restore point - Bundled software uninstaller 03-02-2015 20:00:52 Configured eSobi v2 ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {06BA6298-290B-4817-86D4-8CD0D28C9EBE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {199D932C-0C4A-4439-B48E-220627C8FA35} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe Task: {220C245B-25BA-4C9D-BEE8-003CA43A5BD9} - System32\Tasks\{0B05C414-15BC-4BEC-9826-3E03612A7BA4} => pcalua.exe -a "C:\Users\Cornelia\Local Settings\Application Data\Bundled software uninstaller\biclient.exe" -c /initurl hxxp://bi.bisrv.com/:affid:/:sid:/:uid:? /affid uninstall /id uninstall /name "Bundled software uninstaller" Task: {2445FE38-BD4B-4FEF-89C4-45B6EB718D72} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-06] (Google Inc.) Task: {37410EB5-7B03-4E47-A2D3-97639690DEC5} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2010-12-23] (Acer Incorporated) Task: {555F6ED2-2EB7-4C61-8086-9700931166FD} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation) Task: {75210ACE-464B-4BB1-A5FE-798842B5A5E6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-109719926-1927758322-2587551322-1001UA => C:\Users\Cornelia\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-30] (Google Inc.) Task: {9036EF6C-3105-4280-BEBB-A3A2967CF5C5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-31] (Adobe Systems Incorporated) Task: {95DEAF90-B330-4F36-890C-3FF5459F612F} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2010-12-23] (CyberLink Corp.) Task: {97584F22-C785-4C9F-9A19-108750BE6775} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2010-12-23] (CyberLink) Task: {98829D97-1101-46B9-8431-F612446E240F} - System32\Tasks\{C34F34C0-9C41-4EC5-9BCC-E825F7BE1B90} => Chrome.exe hxxp://ui.skype.com/ui/0/6.14.59.104/de/abandoninstall?page=tsProgressBar Task: {B4C0D583-8889-452A-BD6D-5DBD8597CE26} - System32\Tasks\Recovery Management\Burn Notification => C:\Program Files\Acer\Acer eRecovery Management\NotificationCenter\Notification.exe [2010-12-01] (Acer) Task: {B55BD94B-FA1A-4B53-87CD-54E144EEC4A9} - System32\Tasks\Norton AntiVirus\Norton Error Analyzer => C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation) Task: {B5D864F1-76D5-4E4A-BF37-2D01A5F03AF6} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\SymErr.exe [2014-01-30] (Symantec Corporation) Task: {B763D147-978F-4725-AD4B-A67135B8AC4B} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\SymErr.exe [2014-01-30] (Symantec Corporation) Task: {D787E221-3558-4706-8D6A-63D816B97178} - System32\Tasks\{8D77CDAC-FE8C-4581-AE68-F85B6B60BE02} => Iexplore.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=4.1.0.179.367&LastError=404 Task: {F14F0E35-8A84-4080-A884-0CFA3EBC11B7} - System32\Tasks\Norton AntiVirus\Norton Error Processor => C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation) Task: {F1CE618E-1B8A-4816-8F34-2A7B3AAD40B8} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-109719926-1927758322-2587551322-1001Core => C:\Users\Cornelia\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-30] (Google Inc.) Task: {FCC870A9-3B61-4E41-A96D-0C0FDE8A9462} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-06] (Google Inc.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-109719926-1927758322-2587551322-1001Core.job => C:\Users\Cornelia\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-109719926-1927758322-2587551322-1001UA.job => C:\Users\Cornelia\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2011-06-22 06:48 - 2011-06-22 06:48 - 00034304 _____ () C:\Windows\System32\ssp7ml6.dll 2011-06-22 06:48 - 2011-06-22 06:48 - 00826880 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\ssp7mdu.dll 2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2015-01-20 22:35 - 2015-01-20 22:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2013-05-06 16:46 - 2012-10-23 12:27 - 00497648 _____ () C:\Program Files (x86)\bob internetsoftware\bobinternetsoftware_Service.exe 2010-12-29 05:13 - 2010-12-17 01:37 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2011-12-05 22:12 - 2010-06-07 11:35 - 00618496 _____ () C:\Windows\Samsung\PanelMgr\SSMMgr.exe 2013-05-06 16:46 - 2012-10-23 12:27 - 00478192 _____ () C:\Program Files (x86)\bob internetsoftware\bobInternetsoftware_Launcher.exe 2011-12-05 22:12 - 2009-07-29 11:13 - 00306688 _____ () C:\Windows\Samsung\PanelMgr\caller64.exe 2010-11-12 02:22 - 2010-11-12 02:22 - 00465640 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll 2010-11-12 02:22 - 2010-11-12 02:22 - 01081664 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll 2010-11-12 02:22 - 2010-11-12 02:22 - 00125760 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll 2010-12-23 23:46 - 2010-12-23 23:46 - 00210312 _____ () C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll 2014-10-22 01:22 - 2014-10-22 01:22 - 00750080 _____ () C:\Users\Cornelia\AppData\Roaming\Dropbox\bin\libGLESv2.dll 2015-02-03 19:50 - 2015-02-03 19:50 - 00043008 _____ () c:\users\cornelia\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpaebcel.dll 2014-10-22 01:22 - 2014-10-22 01:22 - 00047616 _____ () C:\Users\Cornelia\AppData\Roaming\Dropbox\bin\libEGL.dll 2014-10-22 01:22 - 2014-10-22 01:22 - 00863744 _____ () C:\Users\Cornelia\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll 2014-10-22 01:22 - 2014-10-22 01:22 - 00200704 _____ () C:\Users\Cornelia\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll 2015-02-03 19:48 - 2015-02-03 19:48 - 00098816 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI54562\win32api.pyd 2015-02-03 19:48 - 2015-02-03 19:48 - 00110080 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI54562\pywintypes27.dll 2015-02-03 19:48 - 2015-02-03 19:48 - 00364544 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI54562\pythoncom27.dll 2015-02-03 19:48 - 2015-02-03 19:48 - 00045568 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI54562\_socket.pyd 2015-02-03 19:48 - 2015-02-03 19:48 - 01160704 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI54562\_ssl.pyd 2015-02-03 19:48 - 2015-02-03 19:48 - 00320512 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI54562\win32com.shell.shell.pyd 2015-02-03 19:48 - 2015-02-03 19:48 - 00713216 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI54562\_hashlib.pyd 2015-02-03 19:48 - 2015-02-03 19:48 - 01175040 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI54562\wx._core_.pyd 2015-02-03 19:48 - 2015-02-03 19:48 - 00805888 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI54562\wx._gdi_.pyd 2015-02-03 19:48 - 2015-02-03 19:48 - 00811008 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI54562\wx._windows_.pyd 2015-02-03 19:48 - 2015-02-03 19:48 - 01062400 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI54562\wx._controls_.pyd 2015-02-03 19:48 - 2015-02-03 19:48 - 00735232 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI54562\wx._misc_.pyd 2015-02-03 19:48 - 2015-02-03 19:48 - 00557056 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI54562\pysqlite2._sqlite.pyd 2015-02-03 19:48 - 2015-02-03 19:48 - 00128512 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI54562\_elementtree.pyd 2015-02-03 19:48 - 2015-02-03 19:48 - 00127488 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI54562\pyexpat.pyd 2015-02-03 19:48 - 2015-02-03 19:48 - 00087552 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI54562\_ctypes.pyd 2015-02-03 19:48 - 2015-02-03 19:48 - 00119808 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI54562\win32file.pyd 2015-02-03 19:48 - 2015-02-03 19:48 - 00108544 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI54562\win32security.pyd 2015-02-03 19:48 - 2015-02-03 19:48 - 00007168 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI54562\hashobjs_ext.pyd 2015-02-03 19:48 - 2015-02-03 19:48 - 00167936 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI54562\win32gui.pyd 2015-02-03 19:48 - 2015-02-03 19:48 - 00018432 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI54562\win32event.pyd 2015-02-03 19:48 - 2015-02-03 19:48 - 00038912 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI54562\win32inet.pyd 2015-02-03 19:48 - 2015-02-03 19:48 - 00011264 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI54562\win32crypt.pyd 2015-02-03 19:48 - 2015-02-03 19:48 - 00070656 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI54562\wx._html2.pyd 2015-02-03 19:48 - 2015-02-03 19:48 - 00027136 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI54562\_multiprocessing.pyd 2015-02-03 19:48 - 2015-02-03 19:48 - 00035840 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI54562\win32process.pyd 2015-02-03 19:48 - 2015-02-03 19:48 - 00686080 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI54562\unicodedata.pyd 2015-02-03 19:48 - 2015-02-03 19:48 - 00122368 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI54562\wx._wizard.pyd 2015-02-03 19:48 - 2015-02-03 19:48 - 00024064 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI54562\win32pipe.pyd 2015-02-03 19:48 - 2015-02-03 19:48 - 00025600 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI54562\win32pdh.pyd 2015-02-03 19:48 - 2015-02-03 19:48 - 00525640 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI54562\windows._lib_cacheinvalidation.pyd 2015-02-03 19:48 - 2015-02-03 19:48 - 00010240 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI54562\select.pyd 2015-02-03 19:48 - 2015-02-03 19:48 - 00017408 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI54562\win32profile.pyd 2015-02-03 19:48 - 2015-02-03 19:48 - 00022528 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI54562\win32ts.pyd 2015-02-03 19:48 - 2015-02-03 19:48 - 00078336 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI54562\wx._animate.pyd 2014-05-23 18:13 - 2014-05-23 18:13 - 00880640 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\fsk.dll 2014-05-23 18:15 - 2014-05-23 18:15 - 00040264 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMediaPlayers.dll 2014-05-23 18:15 - 2014-05-23 18:15 - 00239944 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\Fskin.dll 2014-05-23 18:15 - 2014-05-23 18:15 - 00026952 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskinLocalize.dll 2014-04-25 21:27 - 2014-04-25 21:27 - 00798720 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskSecurity.dll 2014-05-23 18:15 - 2014-05-23 18:15 - 00125256 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskDocumentViewer.dll 2014-05-23 18:15 - 2014-05-23 18:15 - 00016200 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskPower.dll 2014-05-23 18:15 - 2014-05-23 18:15 - 00024904 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskNetInterface.dll 2014-05-23 18:15 - 2014-05-23 18:15 - 00017224 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMobileMediaDevice.dll 2014-05-23 18:15 - 2014-05-23 18:15 - 00015176 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskTimeHardware.dll 2014-05-23 18:15 - 2014-05-23 18:15 - 00034632 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ticket.dll 2014-05-23 18:15 - 2014-05-23 18:15 - 00018760 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookDeviceNotifier.dll 2014-05-23 18:15 - 2014-05-23 18:15 - 00092488 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookUsb.dll 2014-05-23 18:15 - 2014-05-23 18:15 - 00149832 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\readerAppHelper.dll 2014-05-23 18:15 - 2014-05-23 18:15 - 00178504 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\USBDetector.dll 2013-05-06 16:46 - 2012-10-23 12:26 - 00256512 _____ () C:\Program Files (x86)\bob internetsoftware\WtgMobileBroadband7.dll 2013-05-06 16:46 - 2012-01-25 10:38 - 01097728 _____ () C:\Program Files (x86)\bob internetsoftware\NDISAPI.dll 2014-10-30 19:17 - 2014-10-30 19:17 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\ba8588c3319d63350220ec2ac3eb2c36\IsdiInterop.ni.dll 2011-11-24 17:14 - 2010-09-14 03:28 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll 2015-01-31 19:07 - 2015-01-27 04:44 - 01117512 _____ () C:\Users\Cornelia\AppData\Local\Google\Chrome\Application\40.0.2214.94\libglesv2.dll 2015-01-31 19:07 - 2015-01-27 04:44 - 00211272 _____ () C:\Users\Cornelia\AppData\Local\Google\Chrome\Application\40.0.2214.94\libegl.dll 2015-01-31 19:07 - 2015-01-27 04:44 - 09171272 _____ () C:\Users\Cornelia\AppData\Local\Google\Chrome\Application\40.0.2214.94\pdf.dll 2015-01-20 22:35 - 2015-01-20 22:35 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\Temp:0B9176C0 AlternateDataStreams: C:\ProgramData\Temp:CDFF58FE AlternateDataStreams: C:\ProgramData\Temp:E36F5B57 ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-109719926-1927758322-2587551322-500 - Administrator - Disabled) Cornelia (S-1-5-21-109719926-1927758322-2587551322-1001 - Administrator - Enabled) => C:\Users\Cornelia Gast (S-1-5-21-109719926-1927758322-2587551322-501 - Limited - Enabled) => C:\Users\Gast HomeGroupUser$ (S-1-5-21-109719926-1927758322-2587551322-1003 - Limited - Enabled) UpdatusUser (S-1-5-21-109719926-1927758322-2587551322-1000 - Limited - Enabled) => C:\Users\UpdatusUser ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (02/04/2015 08:02:09 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (02/04/2015 02:22:41 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (02/03/2015 10:27:36 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (02/03/2015 10:27:32 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (02/03/2015 10:27:32 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (02/03/2015 10:27:30 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (02/03/2015 10:26:50 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (02/03/2015 10:26:50 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (02/03/2015 09:29:07 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm NST.exe, Version 12.11.0.16 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: dd0 Startzeit: 01d03fe1fdff569a Endzeit: 164 Anwendungspfad: C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\NST.exe Berichts-ID: 468b855d-abe3-11e4-8bb3-b870f4b04956 Error: (02/03/2015 08:39:15 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. System errors: ============= Error: (02/03/2015 07:48:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (02/03/2015 07:47:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (02/02/2015 11:47:10 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF} Error: (02/02/2015 11:35:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (02/02/2015 11:34:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (02/02/2015 10:03:15 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED} Error: (02/02/2015 00:46:52 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (02/02/2015 00:46:29 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (02/02/2015 00:44:37 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF} Error: (02/01/2015 11:36:36 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: Der Dienst "Windows Update" wurde nicht richtig gestartet. Microsoft Office Sessions: ========================= Error: (02/04/2015 08:02:09 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe Error: (02/04/2015 02:22:41 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe Error: (02/03/2015 10:27:36 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Cornelia\Desktop\esetsmartinstaller_deu.exe Error: (02/03/2015 10:27:32 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Cornelia\Desktop\esetsmartinstaller_deu.exe Error: (02/03/2015 10:27:32 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Cornelia\Desktop\esetsmartinstaller_deu.exe Error: (02/03/2015 10:27:30 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Cornelia\Desktop\esetsmartinstaller_deu.exe Error: (02/03/2015 10:26:50 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Cornelia\Downloads\esetsmartinstaller_deu.exe Error: (02/03/2015 10:26:50 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Cornelia\Downloads\esetsmartinstaller_deu.exe Error: (02/03/2015 09:29:07 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: NST.exe12.11.0.16dd001d03fe1fdff569a164C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\NST.exe468b855d-abe3-11e4-8bb3-b870f4b04956 Error: (02/03/2015 08:39:15 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Cornelia\Downloads\esetsmartinstaller_deu.exe CodeIntegrity Errors: =================================== Date: 2013-07-17 20:55:48.783 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-07-17 20:55:48.630 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-07-17 20:55:46.310 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-07-17 20:55:46.157 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-07-17 20:55:42.867 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-07-17 20:55:42.718 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-07-17 20:55:40.460 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-07-17 20:55:40.310 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-07-17 20:55:38.055 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-07-17 20:55:37.906 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz Percentage of memory in use: 64% Total physical RAM: 3947.86 MB Available physical RAM: 1402.47 MB Total Pagefile: 7893.9 MB Available Pagefile: 4668.56 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: (Acer) (Fixed) (Total:224.87 GB) (Free:129.51 GB) NTFS Drive d: (DATA) (Fixed) (Total:225.17 GB) (Free:225.06 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: ACEEA5BB) Partition 1: (Not Active) - (Size=15.6 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=224.9 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=225.2 GB) - (Type=07 NTFS) ==================== End Of Log ============================ FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015 Ran by Cornelia (administrator) on CORNELIALAPTOP on 04-02-2015 08:04:04 Running from C:\Users\Cornelia\Desktop Loaded Profiles: UpdatusUser & Cornelia (Available profiles: UpdatusUser & Cornelia & Gast) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\nav.exe (Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\nst.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe (CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe () C:\Program Files (x86)\bob internetsoftware\bobInternetsoftware_Service.exe (Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\nav.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Dropbox, Inc.) C:\Users\Cornelia\AppData\Roaming\Dropbox\bin\Dropbox.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe (Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe (CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe () C:\Windows\Samsung\PanelMgr\SSMMgr.exe (Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe (Sony Corporation) C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe () C:\Program Files (x86)\bob internetsoftware\bobInternetsoftware_Launcher.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe () C:\Windows\Samsung\PanelMgr\caller64.exe (WebToGo Gmbh) C:\Program Files (x86)\bob internetsoftware\bobInternetsoftware.exe (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\nst.exe (Google Inc.) C:\Users\Cornelia\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Cornelia\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Cornelia\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Cornelia\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [860040 2010-10-29] (Acer Incorporated) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11619432 2010-11-26] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2185832 2010-11-26] (Realtek Semiconductor) HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2280232 2010-07-29] (Synaptics Incorporated) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-01-27] (Apple Inc.) HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [340336 2010-09-28] (Egis Technology Inc.) HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-09-18] (Egis Technology Inc.) HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-09-18] (Egis Technology Inc.) HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-02] (Symantec Corporation) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-10-03] (Adobe Systems Incorporated) HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [296768 2010-11-12] (NTI Corporation) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-14] (Intel Corporation) HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation) HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1025616 2010-12-09] (Dritek System Inc.) HKLM-x32\...\Run: [MDS_Menu] => C:\Program Files (x86)\Acer\clear.fi\MediaEspresso\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.) HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2010-12-10] (CyberLink Corp.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-01-20] (Apple Inc.) HKLM-x32\...\Run: [Samsung PanelMgr] => C:\Windows\Samsung\PanelMgr\ssmmgr.exe [618496 2010-06-07] () HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [935288 2009-09-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Reader Application Helper] => C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe [899400 2014-05-23] (Sony Corporation) HKLM-x32\...\Run: [TAG_bobinternetsoftware_Launcher.exe] => C:\Program Files (x86)\bob internetsoftware\bobinternetsoftware_Launcher.exe [478192 2012-10-23] () HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-05-23] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [] => [X] Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} HKU\S-1-5-21-109719926-1927758322-2587551322-1000\...\RunOnce: [ScrSav] => C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-07-29] () HKU\S-1-5-21-109719926-1927758322-2587551322-1001\...\Run: [Google Update] => C:\Users\Cornelia\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-30] (Google Inc.) HKU\S-1-5-21-109719926-1927758322-2587551322-1001\...\Run: [GoogleChromeAutoLaunch_B25262183A7D0BB9D958785DE345946E] => C:\Users\Cornelia\AppData\Local\Google\Chrome\Application\chrome.exe [843592 2015-01-27] (Google Inc.) HKU\S-1-5-21-109719926-1927758322-2587551322-1001\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564992 2014-05-23] (Samsung) HKU\S-1-5-21-109719926-1927758322-2587551322-1001\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845120 2014-05-23] (Samsung) HKU\S-1-5-21-109719926-1927758322-2587551322-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23308256 2015-01-15] (Google) HKU\S-1-5-21-109719926-1927758322-2587551322-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.) HKU\S-1-5-21-109719926-1927758322-2587551322-1001\...\MountPoints2: {f0a87f3c-b662-11e2-97fd-b870f4b04956} - F:\.\Autorun.exe AUTORUN=1 HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [226920 2010-12-12] (NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [192616 2010-12-12] (NVIDIA Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk ShortcutTarget: Adobe Gamma Loader.exe.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) Startup: C:\Users\Cornelia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Cornelia\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (No File) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NAV&pvid=21.6.0.32 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NAV&pvid=21.6.0.32 HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NAV&pvid=21.6.0.32 HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NAV&pvid=21.6.0.32 HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm HKU\S-1-5-21-109719926-1927758322-2587551322-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome HKU\S-1-5-21-109719926-1927758322-2587551322-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-109719926-1927758322-2587551322-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NAV&pvid=21.6.0.32 HKU\S-1-5-21-109719926-1927758322-2587551322-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-109719926-1927758322-2587551322-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm HKU\S-1-5-21-109719926-1927758322-2587551322-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NAV&pvid=21.6.0.32 HKU\S-1-5-21-109719926-1927758322-2587551322-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome HKU\S-1-5-21-109719926-1927758322-2587551322-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-109719926-1927758322-2587551322-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-109719926-1927758322-2587551322-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-109719926-1927758322-2587551322-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.6.15\coIEPlg.dll (Symantec Corporation) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\coIEPlg.dll (Symantec Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll No File Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.6.15\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\coIEPlg.dll (Symantec Corporation) Tcpip\..\Interfaces\{5EA47198-71AC-4837-9E18-C7FC3143A626}: [NameServer] 194.48.128.199 194.48.139.254 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @sony.com/ReaderDesktop -> C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKU\S-1-5-21-109719926-1927758322-2587551322-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Cornelia\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKU\S-1-5-21-109719926-1927758322-2587551322-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Cornelia\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKU\S-1-5-21-109719926-1927758322-2587551322-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.) FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_21.3.0.12\IPSFF FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_21.3.0.12\IPSFF [2014-06-26] FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.0.43\coFFPlgn FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.0.43\coFFPlgn [2015-02-03] Chrome: ======= CHR HomePage: Default -> hxxp://www.delta-search.com/?affID=119816&babsrc=HP_ss&mntrId=C2B5CCAF7872A4D7 CHR StartupUrls: Default -> "hxxp://google.at/", "https://learn.wu.ac.at/" CHR Profile: C:\Users\Cornelia\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Drive) - C:\Users\Cornelia\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-07] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Cornelia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-06] CHR Extension: (YouTube) - C:\Users\Cornelia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-19] CHR Extension: (Google-Suche) - C:\Users\Cornelia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-19] CHR Extension: (Norton Identity Safe) - C:\Users\Cornelia\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-08-31] CHR Extension: (Google Wallet) - C:\Users\Cornelia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-12] CHR Extension: (Google Mail) - C:\Users\Cornelia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-19] CHR HKU\S-1-5-21-109719926-1927758322-2587551322-1001\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Cornelia\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-05-06] CHR HKU\S-1-5-21-109719926-1927758322-2587551322-1001\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path StartMenuInternet: Google Chrome - C:\Users\Cornelia\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 NAV; C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\NAV.exe [262968 2014-09-21] (Symantec Corporation) R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\NST.exe [130104 2014-07-31] (Symantec Corporation) R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation) R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [257344 2010-11-12] (NTI Corporation) S3 Sony SCSI Helper Service; C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe [73728 2014-04-25] (Sony Corporation) [File not signed] R2 TAG_Service; C:\Program Files (x86)\bob internetsoftware\bobinternetsoftware_Service.exe [497648 2012-10-23] () S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 BHDrvx64; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.3.0.12\Definitions\BASHDefs\20150106.001\BHDrvx64.sys [1622744 2015-01-06] (Symantec Corporation) R1 ccSet_NAV; C:\Windows\system32\drivers\NAVx64\1506000.020\ccSetx64.sys [162392 2014-02-21] (Symantec Corporation) R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE07060.00F\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-11] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-11] (Symantec Corporation) S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-05-22] () [File not signed] S3 HTCAND64; C:\Windows\System32\Drivers\ANDROIDUSB.sys [33736 2009-11-02] (HTC, Corporation) [File not signed] R1 IDSVia64; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.3.0.12\Definitions\IPSDefs\20150130.001\IDSvia64.sys [668888 2015-01-14] (Symantec Corporation) R3 jrdusbser; C:\Windows\System32\DRIVERS\jrdusbser.sys [120832 2011-03-04] (TCT International Mobile Ltd) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-03] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation) R3 NAVENG; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.3.0.12\Definitions\VirusDefs\20150203.018\ENG64.SYS [129752 2015-01-19] (Symantec Corporation) R3 NAVEX15; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.3.0.12\Definitions\VirusDefs\20150203.018\EX64.SYS [2137304 2015-01-19] (Symantec Corporation) R3 SRTSP; C:\Windows\System32\Drivers\NAVx64\1506000.020\SRTSP64.SYS [876248 2014-08-26] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\NAVx64\1506000.020\SRTSPX64.SYS [37592 2014-08-26] (Symantec Corporation) S2 SSPORT; C:\Windows\SysWOW64\Drivers\SSPORT.sys [11576 2009-07-29] (Samsung Electronics) S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [206080 2014-03-19] (DEVGURU Co., LTD.(www.devguru.co.kr)) R0 SymDS; C:\Windows\System32\drivers\NAVx64\1506000.020\SYMDS64.SYS [493656 2013-10-30] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\NAVx64\1506000.020\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-06-24] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\NAVx64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\NAVx64\1506000.020\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation) S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-04 08:02 - 2015-02-04 08:02 - 00002338 _____ () C:\Users\Cornelia\Desktop\bedr.eset.txt 2015-02-03 20:39 - 2015-02-03 20:39 - 00000000 ____D () C:\Program Files (x86)\ESET 2015-02-03 20:38 - 2015-02-03 20:38 - 02347384 _____ (ESET) C:\Users\Cornelia\Desktop\esetsmartinstaller_deu.exe 2015-02-03 19:48 - 2015-02-03 19:48 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\2936541D.sys 2015-02-02 21:57 - 2015-02-02 21:57 - 00001607 _____ () C:\Users\Cornelia\Desktop\Malwarebytes.txt 2015-02-01 23:42 - 2015-02-04 06:48 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-02-01 23:42 - 2015-02-03 19:48 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-02-01 23:42 - 2015-02-01 23:42 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-02-01 23:42 - 2015-02-01 23:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-02-01 23:42 - 2015-02-01 23:42 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-02-01 23:42 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-02-01 23:42 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-02-01 23:42 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-02-01 23:39 - 2015-02-01 23:40 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Cornelia\Desktop\mbam-setup-2.0.4.1028.exe 2015-02-01 23:33 - 2015-02-01 23:33 - 00006881 _____ () C:\Users\Cornelia\Desktop\AdwCleaner[S0].txt 2015-02-01 23:15 - 2015-02-01 23:29 - 00000000 ____D () C:\AdwCleaner 2015-02-01 23:13 - 2015-02-01 23:13 - 02194432 _____ () C:\Users\Cornelia\Desktop\AdwCleaner_4.109.exe 2015-02-01 23:08 - 2015-02-01 23:08 - 00000000 ____D () C:\Users\Cornelia\Desktop\RevoUninstallerPortable 2015-02-01 23:07 - 2015-02-01 23:07 - 02785665 _____ (PortableApps.com) C:\Users\Cornelia\Desktop\RevoUninstallerPortable_1.95_Rev_2.paf.exe 2015-02-01 23:03 - 2015-02-01 23:03 - 00003440 _____ () C:\Windows\System32\Tasks\{0B05C414-15BC-4BEC-9826-3E03612A7BA4} 2015-02-01 22:47 - 2015-02-02 00:57 - 00044591 _____ () C:\Users\Cornelia\Desktop\Addition.txt 2015-02-01 22:46 - 2015-02-04 08:04 - 00027979 _____ () C:\Users\Cornelia\Desktop\FRST.txt 2015-02-01 22:46 - 2015-02-04 08:04 - 00000000 ____D () C:\FRST 2015-02-01 22:45 - 2015-02-01 22:45 - 02131456 _____ (Farbar) C:\Users\Cornelia\Desktop\frst64.exe 2015-01-31 23:10 - 2015-01-31 23:10 - 00000000 ____D () C:\Users\Cornelia\AppData\Roaming\OpenOffice 2015-01-31 23:09 - 2015-01-31 23:09 - 00001116 _____ () C:\Users\Public\Desktop\OpenOffice 4.1.1.lnk 2015-01-31 23:09 - 2015-01-31 23:09 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1 2015-01-31 23:08 - 2015-01-31 23:09 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4 2015-01-31 23:03 - 2015-01-31 23:03 - 00000000 ____D () C:\Users\Cornelia\Desktop\OpenOffice 4.1.1 (de) Installation Files 2015-01-31 22:59 - 2015-01-31 23:02 - 164858324 _____ () C:\Users\Cornelia\Downloads\Apache_OpenOffice_4.1.1_Win_x86_install_de.exe 2015-01-31 19:35 - 2015-01-31 19:35 - 00001757 _____ () C:\Users\Public\Desktop\iTunes.lnk 2015-01-31 19:35 - 2015-01-31 19:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2015-01-31 19:34 - 2015-01-31 19:35 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7 2015-01-31 19:34 - 2015-01-31 19:35 - 00000000 ____D () C:\Program Files\iTunes 2015-01-31 19:34 - 2015-01-31 19:34 - 00000000 ____D () C:\Program Files\iPod 2015-01-31 19:34 - 2015-01-31 19:34 - 00000000 ____D () C:\Program Files (x86)\iTunes 2015-01-31 19:30 - 2015-01-31 19:30 - 00000000 ____D () C:\Program Files (x86)\Free Codec Pack 2015-01-31 19:26 - 2015-01-31 19:26 - 03533528 _____ (DVDVideoSoft Ltd. ) C:\Users\Cornelia\Downloads\FreeStudio.exe 2015-01-31 19:23 - 2015-01-31 19:24 - 03533008 _____ (DVDVideoSoft Ltd. ) C:\Users\Cornelia\Downloads\FreeYouTubeToMP3Converter (1).exe 2015-01-19 11:11 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-01-19 11:11 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-01-19 11:11 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-01-19 11:11 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-01-19 11:11 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-01-19 11:11 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-01-19 11:11 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-01-16 18:29 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2015-01-16 18:29 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2015-01-16 18:29 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2015-01-16 18:29 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll 2015-01-16 18:29 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll 2015-01-16 18:29 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-04 07:59 - 2011-12-04 00:08 - 00000000 ____D () C:\Users\Cornelia\AppData\Roaming\Skype 2015-02-04 07:41 - 2014-05-06 21:59 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-02-04 07:09 - 2011-11-24 17:04 - 01716075 _____ () C:\Windows\WindowsUpdate.log 2015-02-04 07:07 - 2013-02-28 17:29 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-02-04 02:28 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache 2015-02-04 00:55 - 2011-12-03 23:21 - 00004108 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-109719926-1927758322-2587551322-1001UA 2015-02-04 00:55 - 2011-12-03 23:21 - 00003712 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-109719926-1927758322-2587551322-1001Core 2015-02-04 00:55 - 2011-12-03 23:21 - 00001132 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-109719926-1927758322-2587551322-1001UA.job 2015-02-04 00:55 - 2011-12-03 23:21 - 00001080 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-109719926-1927758322-2587551322-1001Core.job 2015-02-03 22:43 - 2011-12-05 22:16 - 00000099 _____ () C:\Users\Public\LMDebug.log 2015-02-03 20:41 - 2014-05-06 21:59 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-02-03 20:07 - 2011-01-11 16:23 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2015-02-03 20:06 - 2009-07-14 05:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-02-03 20:06 - 2009-07-14 05:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-02-03 19:52 - 2014-05-06 22:01 - 00000000 ___RD () C:\Users\Cornelia\Google Drive 2015-02-03 19:52 - 2012-11-25 17:12 - 00000000 ___RD () C:\Users\Cornelia\Dropbox 2015-02-03 19:51 - 2012-11-25 17:10 - 00000000 ____D () C:\Users\Cornelia\AppData\Roaming\Dropbox 2015-02-03 19:49 - 2011-11-24 17:44 - 00000000 ____D () C:\ProgramData\boost_interprocess 2015-02-03 19:48 - 2011-12-01 21:16 - 00000000 ____D () C:\ProgramData\clear.fi 2015-02-03 19:47 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-02-03 19:47 - 2009-07-14 05:51 - 00090009 _____ () C:\Windows\setupact.log 2015-02-02 23:34 - 2011-11-24 17:01 - 00132320 _____ () C:\Windows\PFRO.log 2015-02-02 22:49 - 2011-01-11 16:39 - 00000000 ____D () C:\Program Files (x86)\EgisTec IPS 2015-02-02 21:56 - 2011-11-24 16:58 - 00699682 _____ () C:\Windows\system32\perfh007.dat 2015-02-02 21:56 - 2011-11-24 16:58 - 00149790 _____ () C:\Windows\system32\perfc007.dat 2015-02-02 21:56 - 2009-07-14 06:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-02-02 00:43 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\Performance 2015-02-01 23:31 - 2009-07-14 05:45 - 00295672 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-01-31 23:10 - 2011-12-01 19:24 - 00068616 _____ () C:\Users\Cornelia\AppData\Local\GDIPFONTCACHEV1.DAT 2015-01-31 23:08 - 2011-12-08 13:34 - 00000000 ____D () C:\Program Files (x86)\OpenOffice.org 3 2015-01-31 23:03 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared 2015-01-31 19:34 - 2011-12-03 23:57 - 00000000 ____D () C:\Program Files\Common Files\Apple 2015-01-31 19:32 - 2011-12-03 23:52 - 00000000 ____D () C:\Users\Cornelia\AppData\Roaming\DVDVideoSoft 2015-01-31 19:31 - 2014-05-12 10:57 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} 2015-01-31 19:31 - 2013-04-22 14:26 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft 2015-01-31 19:31 - 2013-03-15 12:28 - 00001536 _____ () C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk 2015-01-31 19:31 - 2013-03-15 12:28 - 00001245 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk 2015-01-31 19:31 - 2011-12-03 23:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft 2015-01-31 19:07 - 2013-02-28 17:29 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-01-31 19:07 - 2013-02-28 17:29 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-01-31 19:07 - 2013-02-28 17:29 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-01-31 19:07 - 2011-12-03 23:23 - 00002381 _____ () C:\Users\Cornelia\Desktop\Google Chrome.lnk 2015-01-29 22:46 - 2014-05-06 22:00 - 00002046 _____ () C:\Users\Public\Desktop\Google Slides.lnk 2015-01-29 22:46 - 2014-05-06 22:00 - 00002044 _____ () C:\Users\Public\Desktop\Google Sheets.lnk 2015-01-29 22:46 - 2014-05-06 22:00 - 00002034 _____ () C:\Users\Public\Desktop\Google Docs.lnk 2015-01-29 22:46 - 2014-05-06 22:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive 2015-01-19 10:57 - 2012-11-11 19:11 - 00000000 ____D () C:\Users\Cornelia\AppData\Local\CrashDumps 2015-01-16 20:03 - 2013-07-22 20:03 - 00000000 ____D () C:\Windows\system32\MRT 2015-01-16 20:03 - 2011-12-04 20:44 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-01-12 20:05 - 2012-05-27 20:28 - 01344512 ___SH () C:\Users\Cornelia\Downloads\Thumbs.db ==================== Files in the root of some directories ======= 2011-11-24 17:36 - 2011-11-24 17:39 - 0016108 _____ () C:\ProgramData\ArcadeDeluxe5.log 2011-01-11 16:25 - 2010-03-03 00:59 - 0131984 _____ () C:\ProgramData\FullRemove.exe Some content of TEMP: ==================== C:\Users\Cornelia\AppData\Local\Temp\amazonicon.exe C:\Users\Cornelia\AppData\Local\Temp\amazoninstallernircmdc.exe C:\Users\Cornelia\AppData\Local\Temp\COMAP.EXE C:\Users\Cornelia\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpaebcel.dll C:\Users\Cornelia\AppData\Local\Temp\DseShExt-x64.dll C:\Users\Cornelia\AppData\Local\Temp\DseShExt-x86.dll C:\Users\Cornelia\AppData\Local\Temp\FreeYouTubeToMP3Converter.exe C:\Users\Cornelia\AppData\Local\Temp\MSN7AFB.exe C:\Users\Cornelia\AppData\Local\Temp\Quarantine.exe C:\Users\Cornelia\AppData\Local\Temp\sdanircmdc.exe C:\Users\Cornelia\AppData\Local\Temp\SDShelEx-win32.dll C:\Users\Cornelia\AppData\Local\Temp\SDShelEx-x64.dll C:\Users\Cornelia\AppData\Local\Temp\sqlite3.dll C:\Users\Cornelia\AppData\Local\Temp\tmpB3CF.exe C:\Users\Cornelia\AppData\Local\Temp\tmpB8D8.exe C:\Users\Cornelia\AppData\Local\Temp\uninst1.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-02-04 02:12 ==================== End Of Log ============================ --- --- --- |
04.02.2015, 19:08 | #14 |
/// TB-Ausbilder /// Anleitungs-Guru | Positive Finds Ads Hi, Schritt 1 Bitte folgendes in die URL-Zeile von Chrome eingeben und mit ENTER bestätigen: Code:
ATTFilter chrome://settings/homePageOverlay Code:
ATTFilter www.delta-search.com Schritt 2 Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster. Klicke auf OK und kopiere nun den Text aus der Codebox in das leere Textdokument: Code:
ATTFilter CloseProcesses: C:\Users\Cornelia\Documents\Downloads\FreeYouTubeToMp3Converter (2).exe C:\Users\Cornelia\Documents\Downloads\FreeYouTubeToMp3Converter (3).exe C:\Users\Cornelia\Downloads\Die-Sims-3---Einfach-tierisch-Setup.exe HKLM-x32\...\Run: [] => [X] SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-109719926-1927758322-2587551322-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File Task: {220C245B-25BA-4C9D-BEE8-003CA43A5BD9} - System32\Tasks\{0B05C414-15BC-4BEC-9826-3E03612A7BA4} => pcalua.exe -a "C:\Users\Cornelia\Local Settings\Application Data\Bundled software uninstaller\biclient.exe" -c /initurl hxxp://bi.bisrv.com/:affid:/:sid:/:uid:? /affid uninstall /id uninstall /name "Bundled software uninstaller" AlternateDataStreams: C:\ProgramData\Temp:0B9176C0 AlternateDataStreams: C:\ProgramData\Temp:CDFF58FE AlternateDataStreams: C:\ProgramData\Temp:E36F5B57 CreateRestorePoint: EmptyTemp:
Gibt es jetzt noch Probleme mit dem PC? Wenn ja, welche?
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
Themen zu Positive Finds Ads |
abend, ads, andere, antivirus, ausgeführt, compu, computer, computern, facebook, finds, google, guten, heute, hoffe, norten, positive, positive finds, positive finds ads, problem, scan, seite, seiten, umgang, öffnen |