| |
| |||||||
Log-Analyse und Auswertung: Windows 7 Home Premium - Werbeclips im Hintergrund und der Verlauf enthält unbekannte WebseitenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
04.02.2015, 12:36
| #1 |
 |  Windows 7 Home Premium - Werbeclips im Hintergrund und der Verlauf enthält unbekannte Webseiten Hallo Trojaner Board Team, nachdem Ihr mir bereits einmal bestens geholfen habe, bin ich dem nächsten Problem auf der Spur. Der Computer startet relativ langsam. Sobald eine Internetverbindung besteht, höre ich unregelmäßige Werbeclips, selbst wenn kein Browser offen ist. Der Verlauf im Internet Explorer ist mit mir unbekannten Seiten voll. Im Task Manager läuft permanent ein IE Task. Die Webseite des Tasks wechselt schnell, aber regelmäßig taucht "js.adssyncuser.com" auf. Als erste Massnahme bin ich auf Firefox und NoScript umgestiegen. Da ich mit dem PC auch u.a. Onlinebanking mache, bin ich gerade sehr verunsichert. Nachfolgend die gesammelten Informationen: Defogger Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 11:18 on 04/02/2015 (Sehrig)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015
Ran by Sehrig (administrator) on SEHRIG-PC1 on 04-02-2015 11:18:37
Running from C:\Users\Sehrig\Desktop
Loaded Profiles: Sehrig (Available profiles: Sehrig)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(NETGEAR) C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.1.0\ToolbarUpdater.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(NETGEAR Inc.) C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(AVG Secure Search) C:\Program Files (x86)\AVG Secure Search\vprot.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
() C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_16_0_0_296_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [519408 2013-07-18] (Acronis)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [462712 2012-03-09] ()
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5595336 2014-10-01] (ESET)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-10-02] (Intel Corporation)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [7843744 2014-02-04] (Acronis)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1104616 2013-10-10] (Acronis International GmbH)
HKLM-x32\...\Run: [VolPanel] => C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe [241789 2009-04-09] (Creative Technology Ltd)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2014-11-04] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Secure Search\vprot.exe [1223344 2015-02-03] (AVG Secure Search)
HKLM\...\RunOnce: [DSUpdateLauncher] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe [18160 2009-11-23] (Dell)
HKLM-x32\...\RunOnce: [Launcher] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe [165184 2010-02-11] (Softthinks)
HKLM-x32\...\RunOnce: [STToasterLauncher] => C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe [120128 2010-02-11] ()
HKLM-x32\...\runonceex: [ContentMerger] => c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe [19952 2009-06-26] (Sonic Solutions)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3181699812-3172478678-2042656238-1000\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [602880 2014-11-06] (NETGEAR Inc.)
HKU\S-1-5-21-3181699812-3172478678-2042656238-1000\...\Run: [EEDSpeedLauncher] => rundll32.exe C:\Windows\system32\eed_ec.dll,SpeedLauncher
HKU\S-1-5-21-3181699812-3172478678-2042656238-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2014-10-14] (Microsoft Corporation)
HKU\S-1-5-21-3181699812-3172478678-2042656238-1000\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000
HKU\S-1-5-21-3181699812-3172478678-2042656238-1000\...\MountPoints2: {faa106ae-d472-11e3-980a-a4badbe848cf} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL M:\start.exe
HKU\S-1-5-18\...\Run: [EEDSpeedLauncher] => rundll32.exe C:\Windows\system32\eed_ec.dll,SpeedLauncher
IFEO\AcroRd32.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\backup_central10.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\consolcu.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\creator10.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\ctsmode.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\dslauncher.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\eac.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\excel.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\groove.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\iastorui.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\infopath.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\misc.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\msaccess.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\msoxmled.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\mspub.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\mstore.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\musicdisccreator10.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\ois.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\onenote.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\outlook.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\photosuite10.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\pmbbrowser.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\pmblauncher.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\pmbmapview.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\powerpnt.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\retrieve10.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\roxwizardlauncher10.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\smartrec.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\soundedit10.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\spkconsl.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\stax.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\uninst.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\volpanlu.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\Winword.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll ()
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll ()
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll ()
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-3181699812-3172478678-2042656238-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
SearchScopes: HKLM -> {D30A94EE-42D7-4474-AA56-21DDB84AE1D0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {D30A94EE-42D7-4474-AA56-21DDB84AE1D0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3181699812-3172478678-2042656238-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={195B37EF-3046-4B06-B46D-39D9E08DBBF6}&mid=1ec8424c848947d2b39875f39d0ca13c-0a21023880f90e61e70e399d8239ea72bc9e786d&lang=de&ds=AVG&pr=fr&d=2015-02-03 17:04:41&v=15.1.0.2&pid=avg&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3181699812-3172478678-2042656238-1000 -> {D30A94EE-42D7-4474-AA56-21DDB84AE1D0} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: AVG Security Toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Secure Search\15.1.0.2\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.1.0.2\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKU\S-1-5-21-3181699812-3172478678-2042656238-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKU\S-1-5-21-3181699812-3172478678-2042656238-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.1.0\ViProtocol.dll (AVG Secure Search)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Sehrig\AppData\Roaming\Mozilla\Firefox\Profiles\j2a9ixeq.default
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.1.0\\npsitesafety.dll (AVG Technologies)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: NoScript - C:\Users\Sehrig\AppData\Roaming\Mozilla\Firefox\Profiles\j2a9ixeq.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-02-04]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2010-03-02] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2010-03-02] (Creative Labs) [File not signed]
S4 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2009-02-23] (Creative Technology Ltd) [File not signed]
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1349576 2014-10-01] (ESET)
S4 FirebirdServerMAGIXInstance; C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®) [File not signed]
R2 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [232192 2014-11-06] (NETGEAR)
S4 Polar Daemon; C:\Program Files (x86)\Polar\Daemon\polard.exe [419536 2012-12-12] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S4 SftService; C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE [658656 2010-03-04] (SoftThinks) [File not signed]
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2412344 2014-01-28] (TuneUp Software)
R2 vToolbarUpdater15.1.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.1.0\ToolbarUpdater.exe [1008816 2015-02-03] (AVG Secure Search)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2014-10-17] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [40736 2015-02-03] (AVG Technologies)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [243440 2014-09-22] (ESET)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [241368 2014-09-22] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [169280 2014-09-22] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [222280 2014-09-22] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [44632 2014-09-22] (ESET)
R1 epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [63160 2014-09-22] (ESET)
S3 ESETCleanersDriver; C:\Windows\system32\Drivers\ESETCleanersDriver.sys [170280 2015-02-03] (ESET)
S3 MosIrUsb; C:\Windows\System32\DRIVERS\MosIrUsb.sys [27648 2007-10-11] ()
R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2015-01-13] (CACE Technologies, Inc.)
S1 RxFilter; C:\Windows\SysWOW64\DRIVERS\RxFilter.sys [65520 2009-06-26] (Sonic Solutions)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2014-04-10] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [198432 2014-12-09] (Acronis International GmbH)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [11880 2012-07-19] (TuneUp Software)
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2014-04-10] (Acronis International GmbH)
R2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}; C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl [146928 2009-05-11] (CyberLink Corp.)
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-04 11:18 - 2015-02-04 11:18 - 00020157 _____ () C:\Users\Sehrig\Desktop\FRST.txt
2015-02-04 11:18 - 2015-02-04 11:18 - 00000474 _____ () C:\Users\Sehrig\Desktop\defogger_disable.log
2015-02-04 11:18 - 2015-02-04 11:18 - 00000000 ____D () C:\FRST
2015-02-04 11:18 - 2015-02-04 11:18 - 00000000 _____ () C:\Users\Sehrig\defogger_reenable
2015-02-04 11:17 - 2015-02-04 11:17 - 00380416 _____ () C:\Users\Sehrig\Desktop\hvnsps4g.exe
2015-02-04 11:17 - 2015-02-04 11:16 - 02131456 _____ (Farbar) C:\Users\Sehrig\Desktop\FRST64.exe
2015-02-04 11:17 - 2015-02-04 11:16 - 00050477 _____ () C:\Users\Sehrig\Desktop\Defogger.exe
2015-02-04 11:16 - 2015-02-04 11:17 - 00380416 _____ () C:\Users\Sehrig\Downloads\hvnsps4g.exe
2015-02-04 11:16 - 2015-02-04 11:16 - 02131456 _____ (Farbar) C:\Users\Sehrig\Downloads\FRST64.exe
2015-02-04 11:16 - 2015-02-04 11:16 - 00050477 _____ () C:\Users\Sehrig\Downloads\Defogger.exe
2015-02-04 11:10 - 2015-02-04 11:10 - 09150885 _____ () C:\Users\Sehrig\Desktop\SysInspector-SEHRIG-PC1-150204-1107.xml
2015-02-04 11:04 - 2015-02-04 11:04 - 00000000 ____D () C:\Users\Sehrig\Documents\ProcAlyzer Dumps
2015-02-04 10:42 - 2015-02-04 10:42 - 00001165 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-04 10:42 - 2015-02-04 10:42 - 00001153 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-02-04 10:42 - 2015-02-04 10:42 - 00000000 ____D () C:\Users\Sehrig\AppData\Roaming\Mozilla
2015-02-04 10:42 - 2015-02-04 10:42 - 00000000 ____D () C:\Users\Sehrig\AppData\Local\Mozilla
2015-02-04 10:42 - 2015-02-04 10:42 - 00000000 ____D () C:\ProgramData\Mozilla
2015-02-04 10:42 - 2015-02-04 10:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-04 10:42 - 2015-02-04 10:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-03 18:56 - 2015-02-03 19:27 - 00000000 ____D () C:\Users\Sehrig\Downloads\cports-215
2015-02-03 18:53 - 2015-02-03 18:53 - 00001253 _____ () C:\Users\Sehrig\Desktop\SpyDLLRemover.lnk
2015-02-03 18:52 - 2015-02-03 18:52 - 00000000 ____D () C:\Users\Sehrig\Downloads\SpyDLLRemover-65
2015-02-03 18:48 - 2015-02-03 18:53 - 00000000 ____D () C:\Program Files (x86)\SecurityXploded
2015-02-03 18:48 - 2015-02-03 18:48 - 00001253 _____ () C:\Users\Sehrig\Desktop\SpyBHORemover.lnk
2015-02-03 18:47 - 2015-02-03 18:47 - 00000000 ____D () C:\Users\Sehrig\Downloads\SpyBHORemover-55
2015-02-03 18:44 - 2015-02-03 18:44 - 00086813 _____ () C:\Users\Sehrig\Downloads\cports-215.zip
2015-02-03 18:43 - 2015-02-03 18:43 - 04727205 _____ () C:\Users\Sehrig\Downloads\SpyDLLRemover-65.zip
2015-02-03 18:42 - 2015-02-03 18:42 - 04604353 _____ () C:\Users\Sehrig\Downloads\SpyBHORemover-55.zip
2015-02-03 17:11 - 2015-02-03 17:11 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2015-02-03 17:05 - 2015-02-03 17:05 - 00000000 ____D () C:\Users\Sehrig\AppData\Roaming\AVG2013
2015-02-03 17:04 - 2015-02-03 17:04 - 00040736 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2015-02-03 17:04 - 2015-02-03 17:04 - 00000983 _____ () C:\Users\Public\Desktop\AVG 2013.lnk
2015-02-03 17:04 - 2015-02-03 17:04 - 00000000 ___HD () C:\$AVG
2015-02-03 17:04 - 2015-02-03 17:04 - 00000000 ____D () C:\Users\Sehrig\AppData\Local\AVG Secure Search
2015-02-03 17:04 - 2015-02-03 17:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Eigenständige Version von Link Scanner
2015-02-03 17:04 - 2015-02-03 17:04 - 00000000 ____D () C:\ProgramData\AVG2013
2015-02-03 17:04 - 2015-02-03 17:04 - 00000000 ____D () C:\Program Files (x86)\AVG Secure Search
2015-02-03 17:04 - 2015-02-03 17:04 - 00000000 ____D () C:\Program Files (x86)\AVG
2015-02-03 17:02 - 2015-02-03 17:04 - 00000000 ____D () C:\Users\Sehrig\AppData\Local\Avg2013
2015-02-03 17:01 - 2015-02-03 17:01 - 00000000 ____D () C:\Users\Sehrig\Documents\Roxio
2015-02-03 16:51 - 2015-02-03 16:51 - 00170280 _____ (ESET) C:\Windows\system32\Drivers\ESETCleanersDriver.sys
2015-02-03 16:36 - 2015-02-04 10:38 - 00000000 ____D () C:\ProgramData\MFAData
2015-02-03 16:36 - 2015-02-03 16:36 - 00000000 ____D () C:\Users\Sehrig\AppData\Local\MFAData
2015-02-03 16:36 - 2015-02-03 16:36 - 00000000 ____D () C:\Users\Sehrig\AppData\Local\Avg2015
2015-02-03 16:35 - 2015-02-03 16:24 - 172583240 _____ (AVG Technologies) C:\Users\Sehrig\Downloads\avg_free_x64_all_2015_5645a8758.exe
2015-02-03 16:34 - 2015-02-03 16:25 - 63500560 _____ (AVG Technologies) C:\Users\Sehrig\Downloads\avg_smf_x64_all_2013_3495a8522.exe
2015-02-03 13:04 - 2015-02-02 19:13 - 01388274 _____ (Thisisu) C:\Users\Sehrig\Desktop\JRT_NEW.exe
2015-02-03 10:56 - 2015-02-03 11:06 - 00000000 ____D () C:\Users\Sehrig\AppData\Roaming\Roxio
2015-02-03 10:46 - 2015-02-03 09:42 - 315854848 _____ () C:\Users\Sehrig\Downloads\kav_rescue_10.iso
2015-02-01 18:16 - 2015-02-01 18:25 - 00000000 ____D () C:\Users\Sehrig\Documents\Samsung_S5
2015-02-01 16:08 - 2015-02-01 16:12 - 00000000 ____D () C:\Users\Sehrig\Documents\Eset
2015-01-31 11:35 - 2015-01-31 11:35 - 00000000 ____D () C:\Users\Sehrig\AppData\Roaming\ESET
2015-01-31 11:35 - 2015-01-31 11:35 - 00000000 ____D () C:\Users\Sehrig\AppData\Local\ESET
2015-01-31 11:34 - 2015-01-31 11:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2015-01-31 11:34 - 2015-01-31 11:34 - 00000000 ____D () C:\ProgramData\ESET
2015-01-31 11:34 - 2015-01-31 11:34 - 00000000 ____D () C:\Program Files\ESET
2015-01-31 11:08 - 2015-02-03 16:47 - 00000000 ____D () C:\Users\Sehrig\AppData\Local\CrashDumps
2015-01-28 18:06 - 2015-02-03 12:57 - 00000000 ____D () C:\NPE
2015-01-28 17:57 - 2015-02-03 13:01 - 00000000 ____D () C:\Users\Sehrig\AppData\Local\NPE
2015-01-28 17:57 - 2015-01-28 17:57 - 00000000 ____D () C:\ProgramData\Norton
2015-01-28 17:56 - 2015-01-28 17:57 - 03077776 ____N (Symantec Corporation) C:\Users\Sehrig\Downloads\NPE.exe
2015-01-26 15:55 - 2015-01-26 15:55 - 00001354 _____ () C:\Users\Sehrig\Downloads\JRT.txt
2015-01-24 18:52 - 2015-01-24 18:52 - 00000022 _____ () C:\Windows\exs.ini
2015-01-24 18:36 - 2015-01-24 18:36 - 01707939 _____ (Thisisu) C:\Users\Sehrig\Downloads\JRT.exe
2015-01-24 17:44 - 2015-01-24 17:44 - 02194432 _____ () C:\Users\Sehrig\Downloads\adwcleaner_4.109.exe
2015-01-24 17:30 - 2015-01-24 17:29 - 00450771 ____R () C:\Windows\system32\Drivers\etc\hosts.20150124-173022.backup
2015-01-22 19:33 - 2015-01-22 19:33 - 00000000 ____D () C:\Windows\ERUNT
2015-01-22 19:17 - 2015-02-03 11:43 - 00000000 ____D () C:\AdwCleaner
2015-01-21 17:51 - 2015-02-03 12:33 - 00000099 _____ () C:\Users\Public\LMDebug.log
2015-01-20 15:36 - 2009-06-10 22:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20150120-153637.backup
2015-01-20 15:33 - 2015-01-20 16:45 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-01-20 15:33 - 2015-01-20 15:34 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-01-20 15:33 - 2015-01-20 15:33 - 00001397 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-01-20 15:33 - 2015-01-20 15:33 - 00001385 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-01-20 15:33 - 2015-01-20 15:33 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2015-01-20 15:33 - 2015-01-20 15:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-01-20 15:33 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2015-01-19 17:45 - 2015-01-19 17:45 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-19 17:18 - 2015-01-19 17:18 - 00002240 _____ () C:\Users\Sehrig\Desktop\Samsung Easy Printer Manager.lnk
2015-01-19 16:22 - 2015-01-19 16:22 - 00002429 _____ () C:\Users\Sehrig\Desktop\start_here.htm - Verknüpfung.lnk
2015-01-19 15:02 - 2015-01-19 15:02 - 00002271 _____ () C:\Users\Public\Desktop\Samsung Drucker-Diagnose.lnk
2015-01-19 15:01 - 2015-01-19 15:02 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Printers
2015-01-19 15:01 - 2015-01-19 15:01 - 00000000 ____D () C:\Users\Sehrig\AppData\Roaming\Samsung
2015-01-19 15:01 - 2015-01-19 15:01 - 00000000 ____D () C:\Program Files\Common Files\Common Desktop Agent
2015-01-19 15:01 - 2014-04-02 12:12 - 00152896 ____R () C:\Windows\Wiainst64.exe
2015-01-19 15:00 - 2015-01-19 15:04 - 00000000 ____D () C:\Program Files (x86)\SamsungPrinterLiveUpdate
2015-01-19 15:00 - 2015-01-19 15:02 - 00000000 ____D () C:\Program Files (x86)\Samsung
2015-01-19 15:00 - 2015-01-19 15:01 - 00000000 ____D () C:\ProgramData\Samsung
2015-01-19 15:00 - 2014-03-05 14:55 - 03112960 _____ () C:\Windows\system32\eed_ec.dll
2015-01-19 15:00 - 2014-03-05 14:55 - 00686384 _____ (Samsung Electronics) C:\Windows\system32\eed_sl.exe
2015-01-19 15:00 - 2013-04-18 11:30 - 00034304 _____ () C:\Windows\system32\sst9clm.dll
2015-01-19 14:58 - 2014-03-05 08:32 - 00094208 ____N () C:\Windows\SysWOW64\Ssdevm.dll
2015-01-19 14:58 - 2014-03-05 08:32 - 00091136 ____N () C:\Windows\system32\ssdevm64.dll
2015-01-19 14:58 - 2013-02-22 13:29 - 00365568 _____ () C:\Windows\system32\SaMinDrv.dll
2015-01-19 14:58 - 2013-02-22 13:29 - 00112128 _____ () C:\Windows\system32\SaImgFlt.dll
2015-01-19 14:58 - 2013-02-22 13:29 - 00055296 _____ () C:\Windows\system32\SaErHdlr.dll
2015-01-19 14:58 - 2013-01-10 00:58 - 00053248 _____ () C:\Windows\SysWOW64\Ssusbpn.dll
2015-01-19 14:58 - 2013-01-10 00:58 - 00049152 _____ () C:\Windows\system32\Ssusbp64.dll
2015-01-16 16:45 - 2015-01-16 16:46 - 00000000 ____D () C:\Users\Sehrig\Documents\Motorola_SBV_5121
2015-01-15 17:05 - 2015-01-15 17:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-01-15 17:05 - 2015-01-15 17:05 - 00000000 ____D () C:\Program Files\7-Zip
2015-01-15 16:52 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-15 16:52 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-15 16:52 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-15 16:52 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-15 16:52 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-15 16:52 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-15 16:52 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-15 16:52 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-15 16:52 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-15 16:52 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-15 16:52 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-15 16:52 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-15 16:52 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-14 19:16 - 2015-01-14 19:16 - 00001411 _____ () C:\Windows\IE11_main.log
2015-01-13 18:05 - 2015-01-27 13:35 - 00000000 ____D () C:\Users\Sehrig\AppData\Local\NETGEARGenie
2015-01-13 18:05 - 2015-01-13 18:05 - 00369168 _____ (CACE Technologies, Inc.) C:\Windows\system32\wpcap.dll
2015-01-13 18:05 - 2015-01-13 18:05 - 00281104 _____ (CACE Technologies, Inc.) C:\Windows\SysWOW64\wpcap.dll
2015-01-13 18:05 - 2015-01-13 18:05 - 00106000 _____ (CACE Technologies, Inc.) C:\Windows\system32\packet.dll
2015-01-13 18:05 - 2015-01-13 18:05 - 00096784 _____ (CACE Technologies, Inc.) C:\Windows\SysWOW64\packet.dll
2015-01-13 18:05 - 2015-01-13 18:05 - 00035344 _____ (CACE Technologies, Inc.) C:\Windows\system32\Drivers\npf.sys
2015-01-13 18:05 - 2015-01-13 18:05 - 00002068 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NETGEAR Genie.lnk
2015-01-13 18:05 - 2015-01-13 18:05 - 00002056 _____ () C:\Users\Public\Desktop\NETGEAR Genie.lnk
2015-01-13 18:04 - 2015-01-13 18:05 - 00000000 ____D () C:\Program Files (x86)\NETGEAR Genie
2015-01-10 18:18 - 2015-01-10 18:19 - 00000000 ____D () C:\Users\Sehrig\AppData\Roaming\vlc
2015-01-10 18:17 - 2015-01-10 18:17 - 00000873 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-01-10 18:17 - 2015-01-10 18:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-01-10 18:17 - 2015-01-10 18:17 - 00000000 ____D () C:\Program Files\VideoLAN
2015-01-06 15:52 - 2015-02-04 10:33 - 00004066 _____ () C:\Windows\setupact.log
2015-01-06 15:52 - 2015-01-06 15:52 - 00493952 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-06 15:52 - 2015-01-06 15:52 - 00140472 _____ () C:\Users\Sehrig\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-06 15:52 - 2015-01-06 15:52 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-06 15:51 - 2015-02-03 16:33 - 00024238 _____ () C:\Windows\PFRO.log
2015-01-05 18:28 - 2015-01-06 16:04 - 00000000 ____D () C:\Users\Sehrig\Documents\Netgear
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-04 11:18 - 2010-03-09 18:55 - 00000000 ____D () C:\Users\Sehrig
2015-02-04 10:56 - 2009-07-14 05:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-04 10:56 - 2009-07-14 05:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-04 10:38 - 2009-07-14 18:58 - 00702198 _____ () C:\Windows\system32\perfh007.dat
2015-02-04 10:38 - 2009-07-14 18:58 - 00149838 _____ () C:\Windows\system32\perfc007.dat
2015-02-04 10:38 - 2009-07-14 06:13 - 01626920 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-04 10:35 - 2009-07-14 06:10 - 01719597 _____ () C:\Windows\WindowsUpdate.log
2015-02-04 10:34 - 2010-03-02 12:27 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2015-02-04 10:33 - 2010-03-09 18:55 - 00000000 ____D () C:\Users\Sehrig\AppData\Local\SoftThinks
2015-02-04 10:33 - 2010-03-02 12:47 - 00000071 _____ () C:\Windows\SysWOW64\ToasterLauncherLog.log
2015-02-04 10:32 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-04 08:57 - 2014-12-09 16:42 - 00000000 ____D () C:\Users\Sehrig\Documents\Outlook-Dateien
2015-02-03 16:46 - 2014-05-20 18:12 - 00003696 _____ () C:\Windows\System32\Tasks\Adobe-Online-Aktualisierungsprogramm
2015-02-03 16:46 - 2010-04-07 16:59 - 00002962 _____ () C:\Windows\System32\Tasks\{C717B9A1-4717-4E31-BA9B-E1BCD4E5055B}
2015-02-03 16:46 - 2010-04-07 16:59 - 00002962 _____ () C:\Windows\System32\Tasks\{BCAAF731-21FD-498D-9B6B-EC4DF5E9D1FE}
2015-02-03 16:46 - 2010-04-07 16:59 - 00002962 _____ () C:\Windows\System32\Tasks\{B6458A30-6347-492F-8523-1666B677DDE3}
2015-02-03 11:11 - 2010-03-02 12:36 - 00000000 ____D () C:\ProgramData\Roxio
2015-02-03 10:51 - 2010-10-23 17:03 - 00000000 ____D () C:\Users\Sehrig\AppData\Local\PowerDVD DX
2015-02-03 10:51 - 2010-03-02 12:29 - 00000000 ____D () C:\ProgramData\CyberLink
2015-01-31 18:14 - 2010-03-09 18:59 - 00001427 _____ () C:\Users\Sehrig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-31 11:29 - 2014-12-08 15:35 - 00001912 _____ () C:\Windows\epplauncher.mif
2015-01-28 19:42 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-28 16:58 - 2014-12-16 18:21 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-28 16:58 - 2014-12-16 18:21 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-27 17:40 - 2009-07-14 03:34 - 00450771 ____R () C:\Windows\system32\Drivers\etc\hosts.20150201-170122.backup
2015-01-26 14:07 - 2010-05-17 17:36 - 00000000 ____D () C:\Users\Sehrig\AppData\Local\Buhl
2015-01-26 14:07 - 2010-05-17 17:34 - 00000000 ____D () C:\Program Files (x86)\WISO
2015-01-26 14:07 - 2010-03-02 12:19 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-24 18:42 - 2014-12-08 18:28 - 01645874 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-24 17:30 - 2009-07-14 03:34 - 00450771 ____R () C:\Windows\system32\Drivers\etc\hosts.20150127-174039.backup
2015-01-24 16:38 - 2010-03-15 17:52 - 00000000 ____D () C:\Users\Sehrig\AppData\Local\Microsoft Help
2015-01-21 18:18 - 2012-10-06 16:31 - 00000000 ____D () C:\Users\Sehrig\Documents\Diverses
2015-01-20 15:36 - 2009-07-14 03:34 - 00450771 ____R () C:\Windows\system32\Drivers\etc\hosts.20150124-172943.backup
2015-01-19 17:59 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\TAPI
2015-01-19 15:06 - 2014-05-20 17:30 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-01-18 17:47 - 2011-01-04 19:30 - 00000000 ____D () C:\Users\Sehrig\Documents\PC-Dokumnent-MS
2015-01-10 18:27 - 2014-12-31 17:51 - 00000000 ____D () C:\Users\Sehrig\AppData\Roaming\MyPhoneExplorer
==================== Files in the root of some directories =======
2013-02-21 18:40 - 2013-02-18 09:17 - 4931832 _____ (Canneverbe Limited ) C:\Program Files\cdbxp_setup_4.5.0.3717_minimal.exe
2014-04-13 17:25 - 2014-04-10 08:16 - 4422611 _____ () C:\Program Files\eac-1.0beta3.exe
2014-08-11 17:57 - 2014-08-08 08:04 - 6704778 _____ () C:\Program Files\Samsung_ChannelListPCEditor_1.10.zip
2013-02-02 14:30 - 2013-01-22 14:20 - 3203357 _____ () C:\Program Files\samtoolbox_win7_v0.11.zip
2010-04-30 08:42 - 2010-04-30 08:45 - 8656832 _____ (Dell, Inc. ) C:\Users\Sehrig\AppData\Roaming\DataSafeDotNet.exe
2011-02-15 18:34 - 2012-02-12 14:32 - 0001164 _____ () C:\Users\Sehrig\AppData\Local\crc32list11.txt
Some content of TEMP:
====================
C:\Users\Sehrig\AppData\Local\Temp\Quarantine.exe
C:\Users\Sehrig\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-26 18:11
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2015
Ran by Sehrig at 2015-02-04 11:18:58
Running from C:\Users\Sehrig\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: ESET Smart Security 8.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: ESET Smart Security 8.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personal Firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acronis True Image 2014 (HKLM-x32\...\{3ECDD663-5AF8-489B-9E3C-561F33A271BD}Visible) (Version: 17.0.6673 - Acronis)
Acronis True Image 2014 (x32 Version: 17.0.6673 - Acronis) Hidden
Acronis True Image 2014 Media Add-on (HKLM-x32\...\{D2D29970-F992-45EB-9BE2-EEC18E250053}) (Version: 17.0.5560 - Acronis)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
ATI Catalyst Control Center (HKLM-x32\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 2.009.0918.2131 - )
AVG 2013 (HKLM\...\AVG) (Version: 2013.0.3495 - AVG Technologies)
AVG 2013 (Version: 13.0.3495 - AVG Technologies) Hidden
AVG Security Toolbar (HKLM-x32\...\AVG Secure Search) (Version: 15.1.0.2 - AVG Technologies)
Bing Bar (HKLM-x32\...\{B4089055-D468-45A4-A6BA-5A138DD715FC}) (Version: 7.0.850.0 - Microsoft Corporation)
ccc-core-static (x32 Version: 2009.0918.2132.36825 - ATI) Hidden
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.0.3717 - CDBurnerXP)
Common Desktop Agent (Version: 1.62.0 - OEM) Hidden
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Creative Audio-Systemsteuerung (HKLM-x32\...\AudioCS) (Version: 2.00 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.40 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version: - )
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 2.34 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.3.94 - Dell)
Dell DataSafe Online (HKLM-x32\...\{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}) (Version: 1.2.0011 - Dell, Inc.)
Dell Dock (HKLM\...\{E60B7350-EA5F-41E0-9D6F-E508781E36D2}) (Version: 2.0.0 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Support Center (Support Software) (HKLM-x32\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.5.09100 - Dell)
DirectXInstallService (x32 Version: 9.0.2 - Roxio) Hidden
Dolby Digital Live Pack (HKLM-x32\...\Dolby Digital Live Pack) (Version: 3.00 - Creative Technology Limited)
EMC 10 Content (x32 Version: 1.0.035 - Ihr Firmenname) Hidden
EMCGadgets64 (Version: 1.0.302 - Ihr Firmenname) Hidden
ESET Smart Security (HKLM\...\{75F06437-40F4-4A65-BC65-FC194D6B7EBA}) (Version: 8.0.304.4 - ESET, spol s r. o.)
Exact Audio Copy 1.0beta3 (HKLM-x32\...\Exact Audio Copy) (Version: 1.0beta3 - Andre Wiethoff)
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\Firebird SQL Server D) (Version: 2.0.1.13 - MAGIX AG)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.0.1006 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.0.1037 - Intel Corporation)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
MAGIX Filme auf DVD TerraTec Edition 7.0.3.6 (D) (HKLM-x32\...\MAGIX Filme auf DVD TerraTec Edition D) (Version: 7.0.3.6 - MAGIX AG)
MAGIX Online Druck Service 3.4.3.0 (D) (HKLM-x32\...\MAGIX Online Druck Service D) (Version: 3.4.3.0 - MAGIX AG)
MAGIX Screenshare 4.3.6.1987 (D) (HKLM-x32\...\MAGIX Screenshare D) (Version: 4.3.6.1987 - MAGIX AG)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM-x32\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Multimedia Card Reader (HKLM-x32\...\InstallShield_{9F0A32A5-4EBF-4B9D-A3CD-31579F2E1400}) (Version: 1.4.915.1 - Fitipower)
Multimedia Card Reader (x32 Version: 1.4.915.1 - Fitipower) Hidden
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.6 - F.J. Wechselberger)
NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.3.1.46 - NETGEAR Inc.)
PC Inspector smart recovery (HKLM-x32\...\{C9A87D86-FDFD-418B-BF96-EF09320973B3}) (Version: 4.50 - )
PMB (HKLM-x32\...\{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}) (Version: 5.5.02.12220 - Sony Corporation)
Polar Daemon (HKLM-x32\...\{2BA9320D-E061-4C71-ACCB-AC0E9D4FC82B}) (Version: 2.2.20000 - Polar Electro Oy)
Polar IrDA USB Adapter (HKLM-x32\...\{7A6EC173-9388-4172-8F44-17FFEA8A53BC}) (Version: 1.03.0000 - )
Polar ProTrainer (HKLM-x32\...\{DF7DBA84-0A55-11D6-A0A6-6A7573736972}) (Version: 5.40.170 - )
Polar WebSync (HKLM-x32\...\{320453EE-6AEA-4E1A-8E64-72F33C0C928F}) (Version: 2.8.10006 - Polar Electro Oy)
PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.5424 - CyberLink Corp.)
Roxio Easy CD and DVD Burning (HKLM-x32\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.3 - Roxio)
Roxio File Backup (Version: 1.3.0 - Roxio) Hidden
Samsung C460 Series (HKLM-x32\...\Samsung C460 Series) (Version: 1.07 (14.04.2014) - Samsung Electronics Co., Ltd.)
Samsung Drucker-Diagnose (HKLM-x32\...\Samsung Printer Diagnostics) (Version: 1.0.0.16 - Samsung Electronics Co., Ltd.)
Samsung Easy Document Creator (HKLM-x32\...\Samsung Easy Document Creator) (Version: 1.05.91 (12.03.2014) - Samsung Electronics Co., Ltd.)
Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 1.05.32.00(01.04.2014) - Samsung Electronics Co., Ltd.)
Samsung Easy Wireless Setup (HKLM-x32\...\Easy Wireless Setup) (Version: 3.60.49.0 - Samsung Electronics Co., Ltd.)
Samsung OCR Software (HKLM-x32\...\Samsung OCR Software) (Version: 1.00.14 (02.08.2013) - Samsung Electronics Co., Ltd.)
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
Samsung Scan Process Machine (x32 Version: 1.02.07.00 - Samsung Electronics Co., Ltd.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skins (x32 Version: 2009.0918.2132.36825 - ATI) Hidden
SNS Upload for Easy Document Creator (HKLM-x32\...\{B6B5F07C-88D5-49D3-A1A7-A6D4BC37DCCC}) (Version: 1.0.0 - Samsung Electronics Co.,Ltd)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
Sound Blaster X-Fi (HKLM-x32\...\{20288888-A7AF-4B24-8AEB-398D20CD563C}) (Version: 1.0 - )
SpyBHORemover v5.5 (HKLM-x32\...\SpyBHORemover) (Version: 5.5 - SecurityXploded)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SpyDLLRemover v6.5 (HKLM-x32\...\SpyDLLRemover) (Version: 6.5 - SecurityXploded)
THX TruStudio PC (HKLM-x32\...\{010A785B-F920-4350-821B-6309909C20BB}) (Version: 1.0 - Creative Technology Limited)
TuneUp Utilities 2013 (HKLM-x32\...\TuneUp Utilities 2013) (Version: 13.0.4000.260 - TuneUp Software)
TuneUp Utilities 2013 (x32 Version: 13.0.4000.260 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (x32 Version: 13.0.4000.260 - TuneUp Software) Hidden
VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Live Anmelde-Assistent (HKLM-x32\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WISO Steuer-Sparbuch 2012 (HKLM-x32\...\{0CC1DAFB-40C8-4903-953D-471E541477C7}) (Version: 19.00.7303 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2013 (HKU\S-1-5-21-3181699812-3172478678-2042656238-1000\...\{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}) (Version: 20.00.8137 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2014 (HKLM-x32\...\{1F9C6B12-563A-4F13-97D8-F80E048ABBF2}) (Version: 21.00.8480 - Buhl Data Service GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-3181699812-3172478678-2042656238-1000_Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InprocServer32 -> C:\Users\Sehrig\AppData\Roaming\ernden\berdis.dll () <==== ATTENTION
==================== Restore Points =========================
19-01-2015 18:11:19 Windows Update
23-01-2015 18:01:22 Windows Update
26-01-2015 14:06:23 Entfernt WISO Steuer-Sparbuch 2011
26-01-2015 14:07:28 Entfernt WISO Sparbuch 2010
27-01-2015 13:37:00 Windows Update
31-01-2015 11:19:00 Windows Update
31-01-2015 11:34:15 ESET Smart Security wurde installiert
03-02-2015 12:53:10 Windows Update
03-02-2015 13:02:10 Removed Java(TM) 6 Update 17
03-02-2015 13:03:07 Removed Java(TM) 6 Update 17 (64-bit)
03-02-2015 17:03:49 Installed AVG 2013
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2015-02-01 17:01 - 00450771 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
There are 1000 more lines.
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {05A6E0D8-4293-4BB6-8991-F5794181CF09} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {0B42E792-3DF4-4E29-99AA-9046F3C77A81} - System32\Tasks\{0BAA7372-9ABC-4FF9-B1BE-460B1E9AEFB3} => F:\autorun.exe
Task: {14E6C30A-D15E-40B5-BAED-94DA7E4DE9C4} - System32\Tasks\{C01442E0-6115-4C7B-A7C9-DE56805A50F1} => C:\Program Files (x86)\Suunto Training Manager\T_Manager.exe
Task: {18EE4144-ECAF-4311-851A-F2B9F7B4BC37} - System32\Tasks\{1AB0A8B9-3B51-436E-A688-E7EBF07D38D7} => C:\Program Files (x86)\Suunto Training Manager\T_Manager.exe
Task: {1A0BB438-D32F-4D1D-89B2-7932622531F5} - System32\Tasks\{5C917791-826C-4CCD-977B-1CA5BB0D7B92} => C:\Program Files (x86)\Suunto Training Manager\T_Manager.exe
Task: {1A2CC61F-9E1C-4E87-9172-75E3D96AF5FF} - System32\Tasks\{4C3CC7F9-9B3A-4801-8882-F044B17FC893} => C:\Program Files (x86)\Suunto Training Manager\T_Manager.exe
Task: {248134D2-067D-488C-AF19-1E55CA259F89} - System32\Tasks\{016DB5A9-D794-49B7-85EB-84465B38D90A} => C:\Program Files (x86)\Suunto Training Manager\T_Manager.exe
Task: {29D922CC-773A-4CFC-8DD1-6A3BF970598A} - System32\Tasks\{8F17F50A-8507-4ADD-ABA2-38FCB2E537E6} => C:\Program Files (x86)\Suunto Training Manager\T_Manager.exe
Task: {2A06D069-7C9A-437F-A231-451D3575FC6D} - System32\Tasks\{B6458A30-6347-492F-8523-1666B677DDE3} => C:\Program Files (x86)\SuuntoUSB_Setup_7.exe
Task: {375BB4B6-5845-4097-9793-0591873747EC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {3A0AF91F-C9D6-4F5C-8FA8-89C112346047} - System32\Tasks\{99AEFB4A-BFA0-4A96-B04A-225751AFF9EC} => pcalua.exe -a F:\usb\SuuntoUSB_Setup_1.exe -d F:\usb
Task: {3E2E94BD-573C-4FF2-87B4-17C062F7B5EF} - System32\Tasks\{BCAAF731-21FD-498D-9B6B-EC4DF5E9D1FE} => C:\Program Files (x86)\SuuntoUSB_Setup_7.exe
Task: {45A1EC80-DBD2-4C32-BBB4-60C5045829AA} - System32\Tasks\{23551A12-9E05-4F25-8F7F-2EE2C7FA5987} => pcalua.exe -a F:\setup.exe -d F:\
Task: {4A1CD3C4-D303-4848-AB7A-E7740B580DF2} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2013\OneClick.exe [2014-01-28] (TuneUp Software)
Task: {58271B6A-2ADD-4825-A0AA-91D55A2B350B} - System32\Tasks\{A73996A6-8943-40B5-A346-0B6C3F0EE4F4} => C:\Program Files (x86)\Suunto Training Manager\T_Manager.exe
Task: {5C2522E1-76A7-43A6-9CC8-207852009614} - System32\Tasks\{694391DB-EDAD-49D7-96D1-B535B78BE037} => C:\Program Files (x86)\Suunto Training Manager\T_Manager.exe
Task: {7B6D7AAC-4352-401F-88A0-1DBCB211F456} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {9EFA0ADA-E2DD-4D68-92E8-32166912DFD4} - System32\Tasks\{C717B9A1-4717-4E31-BA9B-E1BCD4E5055B} => C:\Program Files (x86)\SuuntoUSB_Setup_7.exe
Task: {A3468BC2-BC79-4D83-BEB0-F736DA8AC216} - System32\Tasks\{3FDF2B65-0059-4CF9-AACE-7699E2FBFBA5} => pcalua.exe -a "C:\Program Files (x86)\SuuntoUSB.exe" -d "C:\Program Files (x86)"
Task: {B6E20EA9-1D77-4C40-8E62-7BD0662BFDA3} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {CE3F52B2-42FF-4A53-BC99-F009B823C6C0} - System32\Tasks\{C6F144D4-AAF2-41AA-82EB-D3616E4FFD54} => F:\autorun.exe
Task: {D41D2915-4D7B-4EAA-9BAF-D2802F4E5616} - System32\Tasks\{79203D8E-F8D3-421C-8EFB-223A9D7594CE} => pcalua.exe -a F:\Software\MAGIX\setup_de.exe -d F:\Software\MAGIX
Task: {DD5F3777-D9D7-4E32-9B75-C7731E86EBE3} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {ECB21A4E-D6E3-4044-8F4C-5CCA6ED3E3A8} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
==================== Loaded Modules (whitelisted) =============
2015-01-19 15:00 - 2013-04-18 11:30 - 00034304 _____ () C:\Windows\System32\sst9clm.dll
2013-08-07 16:04 - 2013-10-01 10:32 - 02818216 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2014-11-17 21:32 - 2014-11-17 21:32 - 00145920 _____ () C:\Users\Sehrig\AppData\Roaming\ernden\berdis.dll
2014-01-28 12:34 - 2014-01-28 12:34 - 00741176 _____ () C:\Program Files (x86)\TuneUp Utilities 2013\avgrepliba.dll
2010-03-02 12:28 - 2009-11-23 19:11 - 00161008 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
2010-03-02 12:27 - 2010-03-31 17:42 - 00786432 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
2012-03-09 09:58 - 2012-03-09 09:58 - 00462712 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
2012-03-09 09:58 - 2012-03-09 09:58 - 00057208 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll
2014-12-04 06:19 - 2014-12-04 06:19 - 01199104 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\sst9cdu.dll
2014-11-06 16:28 - 2014-11-06 16:28 - 00105216 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
2015-01-20 15:33 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-01-20 15:33 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-01-20 15:33 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-01-20 15:33 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-01-20 15:33 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2010-03-02 12:27 - 2010-02-11 18:53 - 00128320 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
2010-03-02 12:27 - 2010-02-11 18:52 - 01123648 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\LibXml2.dll
2010-03-02 12:27 - 2010-02-11 18:53 - 00079168 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll
2010-03-02 12:27 - 2010-02-11 18:53 - 00234816 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll
2010-03-02 12:27 - 2010-02-11 18:53 - 00075072 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll
2010-03-02 12:27 - 2010-02-11 18:53 - 00111936 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll
2010-03-02 12:27 - 2010-02-11 18:53 - 00121152 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll
2010-03-02 12:27 - 2010-02-11 18:53 - 00025920 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\SftBRCC.dll
2010-03-02 12:27 - 2010-02-11 18:53 - 00025920 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\SftBRCCPiped.dll
2010-03-02 12:27 - 2010-02-11 18:53 - 00025920 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STBRCCServCLR.dll
2013-09-29 02:14 - 2013-09-29 02:14 - 03369922 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\icuin51.dll
2013-09-29 02:13 - 2013-09-29 02:13 - 00544817 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\libgcc_s_dw2-1.dll
2013-09-29 02:13 - 2013-09-29 02:13 - 00989805 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\libstdc++-6.dll
2013-09-29 02:14 - 2013-09-29 02:14 - 01978690 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\icuuc51.dll
2013-09-29 02:14 - 2013-09-29 02:14 - 22378434 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\icudt51.dll
2013-09-29 02:14 - 2013-09-29 02:14 - 01233408 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\platforms\qwindows.dll
2014-11-17 10:46 - 2014-11-17 10:46 - 00639488 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\Genie.dll
2014-11-10 10:55 - 2014-11-10 10:55 - 01686016 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\SvtNetworkTool.dll
2014-11-05 08:36 - 2014-11-05 08:36 - 00192512 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Airprint.dll
2014-11-05 08:37 - 2014-11-05 08:37 - 00632832 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Internet.dll
2014-11-14 11:53 - 2014-11-14 11:53 - 06499840 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Map.dll
2014-06-30 02:55 - 2014-06-30 02:55 - 00068608 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QRCode.dll
2014-06-30 03:05 - 2014-06-30 03:05 - 01183232 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\qwt.dll
2014-11-07 10:13 - 2014-11-07 10:13 - 02475520 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_MyMedia.dll
2012-10-15 21:27 - 2012-10-15 21:27 - 00111616 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\libvlc.dll
2012-10-15 21:28 - 2012-10-15 21:28 - 02286592 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\libvlccore.dll
2014-11-17 08:00 - 2014-11-17 08:00 - 01056768 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_NetworkProblem.dll
2014-09-11 09:39 - 2014-09-11 09:39 - 00144896 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DragonNetTool.dll
2014-11-05 08:51 - 2014-11-05 08:51 - 01191424 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_ParentalControl.dll
2014-11-17 07:21 - 2014-11-17 07:21 - 10374656 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Resource.dll
2014-11-17 07:18 - 2014-11-17 07:18 - 02496512 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_RouterConfiguration.dll
2014-11-06 10:39 - 2014-11-06 10:39 - 00200192 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Statistics.dll
2014-11-05 08:58 - 2014-11-05 08:58 - 00889344 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Ui.dll
2014-11-05 09:00 - 2014-11-05 09:00 - 00435712 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Wireless.dll
2013-09-29 02:13 - 2013-09-29 02:13 - 00051200 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qgif.dll
2013-09-29 02:13 - 2013-09-29 02:13 - 00052224 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qico.dll
2013-09-29 02:13 - 2013-09-29 02:13 - 00261120 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qjpeg.dll
2013-09-29 02:13 - 2013-09-29 02:13 - 00046080 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qsvg.dll
2014-06-30 02:55 - 2014-06-30 02:55 - 00081408 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DiagnosePlugin.dll
2014-11-03 09:23 - 2014-11-03 09:23 - 00143360 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DiagnoseDll.dll
2014-06-19 03:22 - 2014-06-19 03:22 - 02177405 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\drivers\libntgr_api.dll
2014-09-04 07:00 - 2014-09-04 07:00 - 00072192 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\SVTUtils.dll
2014-09-04 07:00 - 2014-09-04 07:00 - 00074240 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\NetcardApi.dll
2014-09-04 07:00 - 2014-09-04 07:00 - 00136704 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\airprintdll.dll
2012-10-15 21:28 - 2012-10-15 21:28 - 00219648 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\plugins\access\libdshow_plugin.dll
2012-10-15 21:28 - 2012-10-15 21:28 - 00049664 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\plugins\audio_output\libaout_directx_plugin.dll
2012-10-15 21:28 - 2012-10-15 21:28 - 00051200 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\plugins\audio_output\libwaveout_plugin.dll
2012-10-15 21:28 - 2012-10-15 21:28 - 00070144 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\plugins\video_output\libdirectx_plugin.dll
2013-09-29 02:13 - 2013-09-29 02:13 - 00040960 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\printsupport\windowsprintersupport.dll
2014-11-05 08:59 - 2014-11-05 08:59 - 00642048 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_Update.dll
2014-11-05 09:01 - 2014-11-05 09:01 - 00458752 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_WirelessExport.dll
2014-06-30 03:33 - 2014-06-30 03:33 - 00046080 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\WSetupApiPlugin.dll
2014-09-04 07:00 - 2014-09-04 07:00 - 00066560 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\WSetupDll.dll
2014-02-04 18:25 - 2014-02-04 18:25 - 00036672 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\qt_icontray_ex.dll
2014-02-04 18:25 - 2014-02-04 18:25 - 00028992 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\thread_pool.dll
2013-10-10 12:02 - 2013-10-10 12:02 - 00013120 _____ () C:\Program Files (x86)\Common Files\Acronis\TibMounter\icudt38.dll
2015-02-03 17:04 - 2015-02-03 17:04 - 00158384 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.1.0\SiteSafety.dll
2014-02-04 18:28 - 2014-02-04 18:28 - 00420160 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll
2015-02-04 10:42 - 2015-01-23 11:37 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-11-17 21:32 - 2014-11-17 21:32 - 00122880 _____ () C:\Users\Sehrig\AppData\Roaming\ernden\rewardca.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Polar WebSync.lnk => C:\Windows\pss\Polar WebSync.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WISO Mein Steuer-Sparbuch heute.lnk => C:\Windows\pss\WISO Mein Steuer-Sparbuch heute.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Sehrig^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk => C:\Windows\pss\Dell Dock.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Sehrig^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^WISO Mein Steuer-Sparbuch heute.lnk => C:\Windows\pss\WISO Mein Steuer-Sparbuch heute.lnk.Startup
MSCONFIG\startupreg: Dell DataSafe Online => "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
MSCONFIG\startupreg: DellSupportCenter => "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
MSCONFIG\startupreg: PDVDDXSrv => "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: ShwiconXP9106 => C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
MSCONFIG\startupreg: StartCCC => "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: TrayServer => C:\Program Files (x86)\MAGIX\Filme_auf_DVD_7_TerraTec_Edition\TrayServer.exe
========================= Accounts: ==========================
Administrator (S-1-5-21-3181699812-3172478678-2042656238-500 - Administrator - Disabled)
Gast (S-1-5-21-3181699812-3172478678-2042656238-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3181699812-3172478678-2042656238-1002 - Limited - Enabled)
Sehrig (S-1-5-21-3181699812-3172478678-2042656238-1000 - Administrator - Enabled) => C:\Users\Sehrig
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (02/03/2015 04:47:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: TuneUpUtilitiesService64.exe, Version: 13.0.4000.260, Zeitstempel: 0x52e79517
Name des fehlerhaften Moduls: TuneUpUtilitiesService64.exe, Version: 13.0.4000.260, Zeitstempel: 0x52e79517
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000075ca1
ID des fehlerhaften Prozesses: 0xa80
Startzeit der fehlerhaften Anwendung: 0xTuneUpUtilitiesService64.exe0
Pfad der fehlerhaften Anwendung: TuneUpUtilitiesService64.exe1
Pfad des fehlerhaften Moduls: TuneUpUtilitiesService64.exe2
Berichtskennung: TuneUpUtilitiesService64.exe3
Error: (02/03/2015 04:46:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: TrueImageMonitor.exe, Version: 17.0.0.6673, Zeitstempel: 0x52f10606
Name des fehlerhaften Moduls: MSVCR80.dll, Version: 8.0.50727.6195, Zeitstempel: 0x4dcddbf3
Ausnahmecode: 0x40000015
Fehleroffset: 0x000046b4
ID des fehlerhaften Prozesses: 0x1178
Startzeit der fehlerhaften Anwendung: 0xTrueImageMonitor.exe0
Pfad der fehlerhaften Anwendung: TrueImageMonitor.exe1
Pfad des fehlerhaften Moduls: TrueImageMonitor.exe2
Berichtskennung: TrueImageMonitor.exe3
System errors:
=============
Error: (02/04/2015 11:15:56 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (02/04/2015 11:15:55 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (02/04/2015 11:15:55 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (02/04/2015 11:15:18 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.
Error: (02/04/2015 11:15:18 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.
Error: (02/04/2015 11:15:18 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.
Error: (02/04/2015 11:14:33 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (02/04/2015 11:14:33 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (02/04/2015 11:08:27 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (02/04/2015 11:08:27 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Microsoft Office Sessions:
=========================
Error: (02/03/2015 04:47:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: TuneUpUtilitiesService64.exe13.0.4000.26052e79517TuneUpUtilitiesService64.exe13.0.4000.26052e79517c00000050000000000075ca1a8001d03fc6c3c21972C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exeC:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exee3867602-abbb-11e4-a5c9-a4badbe848cf
Error: (02/03/2015 04:46:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: TrueImageMonitor.exe17.0.0.667352f10606MSVCR80.dll8.0.50727.61954dcddbf340000015000046b4117801d03fc6ccacd143C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exeC:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dlle06d91a6-abbb-11e4-a5c9-a4badbe848cf
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7 CPU 860 @ 2.80GHz
Percentage of memory in use: 33%
Total physical RAM: 8151.08 MB
Available physical RAM: 5445.79 MB
Total Pagefile: 16300.34 MB
Available Pagefile: 13286.11 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:1790.27 GB) (Free:1637.36 GB) NTFS
Drive d: (DATAPART1) (Fixed) (Total:63.02 GB) (Free:23.06 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1800 GB) (Disk ID: 38000000)
Partition 1: (Not Active) - (Size=118 MB) - (Type=DE)
Partition 2: (Active) - (Size=9.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=1790.3 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 63 GB) (Disk ID: CC86E3AE)
Partition 1: (Not Active) - (Size=63 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-02-04 12:10:26
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2 Intel___ rev.1.0. 1800,00GB
Running: hvnsps4g.exe; Driver: C:\Users\Sehrig\AppData\Local\Temp\pwdiqpob.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2016] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000075211465 2 bytes [21, 75]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2016] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000752114bb 2 bytes [21, 75]
.text ... * 2
---- EOF - GMER 2.1 ----
Was habe ich mir da eingefangen? Danke + Viele Grüße Grolltar |
|
04.02.2015, 13:10
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Windows 7 Home Premium - Werbeclips im Hintergrund und der Verlauf enthält unbekannte Webseiten Hallo und
__________________ Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten! Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit. Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
04.02.2015, 13:56
| #3 |
| | Windows 7 Home Premium - Werbeclips im Hintergrund und der Verlauf enthält unbekannte Webseiten Hallo Cosinus,
__________________das Problem mit den Werbeclips und dem Verlauf habe ich seit Jahresanfang. Security Essentials, Spybot und AVG haben nichts gefunden. MBAM Log sieht wie folgt aus: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 19.01.2015 Suchlauf-Zeit: 19:18:54 Logdatei: mbam.txt Administrator: Ja Version: 2.00.4.1028 Malware Datenbank: v2015.01.19.11 Rootkit Datenbank: v2015.01.14.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Sehrig Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 336143 Verstrichene Zeit: 6 Min, 59 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 0 (Keine schädliche Elemente erkannt) Registrierungswerte: 0 (Keine schädliche Elemente erkannt) Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 0 (Keine schädliche Elemente erkannt) Dateien: 0 (Keine schädliche Elemente erkannt) Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Home Premium x64
Ran by Sehrig on 04.02.2015 at 13:35:45,92
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04.02.2015 at 13:38:13,57
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter # AdwCleaner v4.108 - Bericht erstellt am 22/01/2015 um 19:17:46
# Aktualisiert 17/01/2015 von Xplode
# Database : 2015-01-22.3 [Live]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Sehrig - SEHRIG-PC1
# Gestartet von : C:\Users\Sehrig\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LE10RKU8\adwcleaner_4.108.exe
# Option : Suchen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Datei Gefunden : C:\Windows\SysWOW64\RegistryHelperLM.ocx
Ordner Gefunden : C:\Users\Sehrig\AppData\Local\Temp\OCS
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\adbabylon.com
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\bobrowser.com
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Schlüssel Gefunden : HKCU\Software\OCS
Schlüssel Gefunden : [x64] HKCU\Software\OCS
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{0B79C149-3B19-40DE-92BF-1A3AD9C1DA9D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{229C56BB-A36A-4323-8C82-B136DF45697D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{33E2B3CB-322E-4CBE-89F2-C06F5A35DB46}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{51080E66-F357-4F2A-9BFC-2456695883B5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{537AD3CF-DE2B-4A1C-8279-C946B7E490D4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{5BF7365D-25FF-40F3-8DEE-06ABEDF177CC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{A10A1344-B533-4C9E-BE4E-4C5BC4953047}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{BA94BCE1-7E60-422D-9E7D-B853BC03FE78}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{BDCE611F-FDAA-4B10-A8E8-220A7897A69F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{D0F1E414-1FAE-466C-B122-DE735B7BFF9D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{E458510C-1DD5-4A05-8C4C-53BEF69C05E7}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{8DCB7100-DF86-4384-8842-8FA844297B3F}]
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17496
*************************
AdwCleaner[R0].txt - [3135 octets] - [22/01/2015 19:17:46]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [3195 octets] ##########
Viele Grüße Grolltar |
|
04.02.2015, 13:57
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7 Home Premium - Werbeclips im Hintergrund und der Verlauf enthält unbekannte Webseiten Mit dem adwCleaner bitte auch alle Funde löschen lassen...
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
04.02.2015, 14:21
| #5 |
| | Windows 7 Home Premium - Werbeclips im Hintergrund und der Verlauf enthält unbekannte Webseiten Hallo Cosinus, danke für den Hinweis. Das habe ich gleich gemacht. Das Log ... Code:
ATTFilter # AdwCleaner v4.109 - Bericht erstellt am 04/02/2015 um 14:17:08
# Aktualisiert 24/01/2015 von Xplode
# Database : 2015-02-03.1 [Live]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Sehrig - SEHRIG-PC1
# Gestartet von : C:\Users\Sehrig\Downloads\adwcleaner_4.109.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\AVG Secure Search
Ordner Gelöscht : C:\Program Files (x86)\AVG Secure Search
Ordner Gelöscht : C:\Program Files (x86)\Common Files\AVG Secure Search
Datei Gelöscht : C:\Users\Sehrig\AppData\Local\Temp\Uninstall.exe
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\bobrowser.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\isearch.avg.com
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17496
-\\ Mozilla Firefox v35.0.1 (x86 de)
*************************
AdwCleaner[R0].txt - [3279 octets] - [22/01/2015 19:17:46]
AdwCleaner[R10].txt - [1945 octets] - [03/02/2015 11:41:50]
AdwCleaner[R11].txt - [3456 octets] - [04/02/2015 14:14:59]
AdwCleaner[R1].txt - [964 octets] - [24/01/2015 17:45:19]
AdwCleaner[R2].txt - [1084 octets] - [25/01/2015 19:03:19]
AdwCleaner[R3].txt - [1104 octets] - [26/01/2015 09:08:15]
AdwCleaner[R4].txt - [1223 octets] - [26/01/2015 15:45:58]
AdwCleaner[R5].txt - [1551 octets] - [27/01/2015 18:24:18]
AdwCleaner[R6].txt - [1463 octets] - [28/01/2015 18:11:06]
AdwCleaner[R7].txt - [1584 octets] - [28/01/2015 18:17:02]
AdwCleaner[R8].txt - [1705 octets] - [31/01/2015 18:18:02]
AdwCleaner[R9].txt - [1824 octets] - [01/02/2015 16:53:01]
AdwCleaner[S0].txt - [3294 octets] - [22/01/2015 19:18:55]
AdwCleaner[S10].txt - [2008 octets] - [03/02/2015 11:43:34]
AdwCleaner[S11].txt - [2828 octets] - [04/02/2015 14:17:08]
AdwCleaner[S1].txt - [1024 octets] - [24/01/2015 17:49:14]
AdwCleaner[S2].txt - [1146 octets] - [25/01/2015 19:04:50]
AdwCleaner[S3].txt - [1166 octets] - [26/01/2015 09:10:08]
AdwCleaner[S4].txt - [1285 octets] - [26/01/2015 15:47:59]
AdwCleaner[S5].txt - [1612 octets] - [27/01/2015 18:25:34]
AdwCleaner[S6].txt - [1525 octets] - [28/01/2015 18:12:43]
AdwCleaner[S7].txt - [1645 octets] - [28/01/2015 18:18:28]
AdwCleaner[S8].txt - [1766 octets] - [31/01/2015 18:19:20]
AdwCleaner[S9].txt - [1885 octets] - [01/02/2015 16:53:57]
########## EOF - C:\AdwCleaner\AdwCleaner[S11].txt - [3429 octets] ##########
Grolltar |
|
04.02.2015, 14:21
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7 Home Premium - Werbeclips im Hintergrund und der Verlauf enthält unbekannte Webseiten Dann zeig mal frische FRST Logs. Haken setzen bei addition.txt dann auf Scan klicken 
__________________ --> Windows 7 Home Premium - Werbeclips im Hintergrund und der Verlauf enthält unbekannte Webseiten |
|
04.02.2015, 14:25
| #7 |
| | Windows 7 Home Premium - Werbeclips im Hintergrund und der Verlauf enthält unbekannte Webseiten Hallo Cosinus, wie gewünscht: FRST FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015
Ran by Sehrig (administrator) on SEHRIG-PC1 on 04-02-2015 14:22:35
Running from C:\Users\Sehrig\Desktop
Loaded Profiles: Sehrig (Available profiles: Sehrig)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(NETGEAR) C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NETGEAR Inc.) C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [519408 2013-07-18] (Acronis)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [462712 2012-03-09] ()
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-10-02] (Intel Corporation)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [7843744 2014-02-04] (Acronis)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1104616 2013-10-10] (Acronis International GmbH)
HKLM-x32\...\Run: [VolPanel] => C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe [241789 2009-04-09] (Creative Technology Ltd)
HKLM\...\RunOnce: [DSUpdateLauncher] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe [18160 2009-11-23] (Dell)
HKLM-x32\...\RunOnce: [Launcher] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe [165184 2010-02-11] (Softthinks)
HKLM-x32\...\RunOnce: [STToasterLauncher] => C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe [120128 2010-02-11] ()
HKLM-x32\...\runonceex: [ContentMerger] => c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe [19952 2009-06-26] (Sonic Solutions)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3181699812-3172478678-2042656238-1000\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [602880 2014-11-06] (NETGEAR Inc.)
HKU\S-1-5-21-3181699812-3172478678-2042656238-1000\...\Run: [EEDSpeedLauncher] => rundll32.exe C:\Windows\system32\eed_ec.dll,SpeedLauncher
HKU\S-1-5-21-3181699812-3172478678-2042656238-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2014-10-14] (Microsoft Corporation)
HKU\S-1-5-21-3181699812-3172478678-2042656238-1000\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000
HKU\S-1-5-21-3181699812-3172478678-2042656238-1000\...\MountPoints2: {faa106ae-d472-11e3-980a-a4badbe848cf} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL M:\start.exe
HKU\S-1-5-18\...\Run: [EEDSpeedLauncher] => rundll32.exe C:\Windows\system32\eed_ec.dll,SpeedLauncher
IFEO\AcroRd32.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\backup_central10.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\consolcu.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\creator10.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\ctsmode.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\dslauncher.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\eac.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\excel.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\groove.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\iastorui.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\infopath.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\misc.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\msaccess.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\msoxmled.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\mspub.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\mstore.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\musicdisccreator10.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\ois.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\onenote.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\outlook.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\photosuite10.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\pmbbrowser.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\pmblauncher.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\pmbmapview.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\powerpnt.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\retrieve10.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\roxwizardlauncher10.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\smartrec.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\soundedit10.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\spkconsl.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\stax.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\uninst.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\volpanlu.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\Winword.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll ()
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll ()
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll ()
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-3181699812-3172478678-2042656238-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
SearchScopes: HKLM -> {D30A94EE-42D7-4474-AA56-21DDB84AE1D0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {D30A94EE-42D7-4474-AA56-21DDB84AE1D0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3181699812-3172478678-2042656238-1000 -> {D30A94EE-42D7-4474-AA56-21DDB84AE1D0} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-3181699812-3172478678-2042656238-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Sehrig\AppData\Roaming\Mozilla\Firefox\Profiles\j2a9ixeq.default
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: NoScript - C:\Users\Sehrig\AppData\Roaming\Mozilla\Firefox\Profiles\j2a9ixeq.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-02-04]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2010-03-02] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2010-03-02] (Creative Labs) [File not signed]
S4 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2009-02-23] (Creative Technology Ltd) [File not signed]
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
S4 FirebirdServerMAGIXInstance; C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R2 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [232192 2014-11-06] (NETGEAR)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
S4 Polar Daemon; C:\Program Files (x86)\Polar\Daemon\polard.exe [419536 2012-12-12] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S4 SftService; C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE [658656 2010-03-04] (SoftThinks) [File not signed]
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2412344 2014-01-28] (TuneUp Software)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 ESETCleanersDriver; C:\Windows\system32\Drivers\ESETCleanersDriver.sys [170280 2015-02-03] (ESET)
S3 MosIrUsb; C:\Windows\System32\DRIVERS\MosIrUsb.sys [27648 2007-10-11] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2015-01-13] (CACE Technologies, Inc.)
S1 RxFilter; C:\Windows\SysWOW64\DRIVERS\RxFilter.sys [65520 2009-06-26] (Sonic Solutions)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2014-04-10] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [198432 2014-12-09] (Acronis International GmbH)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [11880 2012-07-19] (TuneUp Software)
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2014-04-10] (Acronis International GmbH)
R2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}; C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl [146928 2009-05-11] (CyberLink Corp.)
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-04 13:38 - 2015-02-04 13:38 - 00001218 _____ () C:\Users\Sehrig\Desktop\JRT.txt
2015-02-04 13:07 - 2013-10-02 03:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2015-02-04 13:07 - 2013-10-02 03:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2015-02-04 13:07 - 2013-10-02 03:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2015-02-04 13:07 - 2013-10-02 02:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2015-02-04 13:07 - 2013-10-02 02:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2015-02-04 13:07 - 2013-10-02 02:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-02-04 13:07 - 2013-10-02 02:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2015-02-04 13:07 - 2013-10-02 01:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-02-04 13:07 - 2013-10-02 01:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2015-02-04 13:07 - 2013-10-02 01:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2015-02-04 13:07 - 2013-10-02 01:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-02-04 13:07 - 2013-10-02 01:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-02-04 13:07 - 2013-10-02 00:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-02-04 13:07 - 2013-10-02 00:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2015-02-04 13:07 - 2013-10-02 00:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-02-04 13:07 - 2013-10-01 23:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2015-02-04 13:07 - 2013-10-01 21:57 - 06578176 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-02-04 13:07 - 2013-10-01 21:55 - 05698048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-02-04 12:53 - 2012-08-23 15:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-02-04 12:53 - 2012-08-23 15:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2015-02-04 12:53 - 2012-08-23 14:24 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-02-04 12:53 - 2012-08-23 12:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2015-02-04 12:53 - 2012-08-23 11:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2015-02-04 12:53 - 2012-08-23 10:51 - 03174912 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-02-04 12:13 - 2015-02-04 12:13 - 00002119 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-02-04 12:13 - 2015-02-04 12:13 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-02-04 12:13 - 2015-02-04 12:13 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-02-04 12:10 - 2015-02-04 12:10 - 00000825 _____ () C:\Users\Sehrig\Desktop\gmer.log
2015-02-04 11:18 - 2015-02-04 14:23 - 00017701 _____ () C:\Users\Sehrig\Desktop\FRST.txt
2015-02-04 11:18 - 2015-02-04 14:22 - 00000000 ____D () C:\FRST
2015-02-04 11:18 - 2015-02-04 11:19 - 00036544 _____ () C:\Users\Sehrig\Desktop\Addition.txt
2015-02-04 11:18 - 2015-02-04 11:18 - 00000474 _____ () C:\Users\Sehrig\Desktop\defogger_disable.log
2015-02-04 11:18 - 2015-02-04 11:18 - 00000000 _____ () C:\Users\Sehrig\defogger_reenable
2015-02-04 11:17 - 2015-02-04 11:17 - 00380416 _____ () C:\Users\Sehrig\Desktop\hvnsps4g.exe
2015-02-04 11:17 - 2015-02-04 11:16 - 02131456 _____ (Farbar) C:\Users\Sehrig\Desktop\FRST64.exe
2015-02-04 11:17 - 2015-02-04 11:16 - 00050477 _____ () C:\Users\Sehrig\Desktop\Defogger.exe
2015-02-04 11:16 - 2015-02-04 11:17 - 00380416 _____ () C:\Users\Sehrig\Downloads\hvnsps4g.exe
2015-02-04 11:16 - 2015-02-04 11:16 - 02131456 _____ (Farbar) C:\Users\Sehrig\Downloads\FRST64.exe
2015-02-04 11:16 - 2015-02-04 11:16 - 00050477 _____ () C:\Users\Sehrig\Downloads\Defogger.exe
2015-02-04 11:10 - 2015-02-04 11:10 - 09150885 _____ () C:\Users\Sehrig\Desktop\SysInspector-SEHRIG-PC1-150204-1107.xml
2015-02-04 11:04 - 2015-02-04 11:04 - 00000000 ____D () C:\Users\Sehrig\Documents\ProcAlyzer Dumps
2015-02-04 10:42 - 2015-02-04 10:42 - 00001165 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-04 10:42 - 2015-02-04 10:42 - 00001153 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-02-04 10:42 - 2015-02-04 10:42 - 00000000 ____D () C:\Users\Sehrig\AppData\Roaming\Mozilla
2015-02-04 10:42 - 2015-02-04 10:42 - 00000000 ____D () C:\Users\Sehrig\AppData\Local\Mozilla
2015-02-04 10:42 - 2015-02-04 10:42 - 00000000 ____D () C:\ProgramData\Mozilla
2015-02-04 10:42 - 2015-02-04 10:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-04 10:42 - 2015-02-04 10:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-03 18:56 - 2015-02-03 19:27 - 00000000 ____D () C:\Users\Sehrig\Downloads\cports-215
2015-02-03 18:52 - 2015-02-03 18:52 - 00000000 ____D () C:\Users\Sehrig\Downloads\SpyDLLRemover-65
2015-02-03 18:48 - 2015-02-04 11:27 - 00000000 ____D () C:\Program Files (x86)\SecurityXploded
2015-02-03 18:47 - 2015-02-03 18:47 - 00000000 ____D () C:\Users\Sehrig\Downloads\SpyBHORemover-55
2015-02-03 18:44 - 2015-02-03 18:44 - 00086813 _____ () C:\Users\Sehrig\Downloads\cports-215.zip
2015-02-03 18:43 - 2015-02-03 18:43 - 04727205 _____ () C:\Users\Sehrig\Downloads\SpyDLLRemover-65.zip
2015-02-03 18:42 - 2015-02-03 18:42 - 04604353 _____ () C:\Users\Sehrig\Downloads\SpyBHORemover-55.zip
2015-02-03 17:04 - 2015-02-04 11:24 - 00000000 ____D () C:\ProgramData\AVG2013
2015-02-03 17:01 - 2015-02-03 17:01 - 00000000 ____D () C:\Users\Sehrig\Documents\Roxio
2015-02-03 16:51 - 2015-02-03 16:51 - 00170280 _____ (ESET) C:\Windows\system32\Drivers\ESETCleanersDriver.sys
2015-02-03 16:36 - 2015-02-04 11:24 - 00000000 ____D () C:\ProgramData\MFAData
2015-02-03 16:36 - 2015-02-03 16:36 - 00000000 ____D () C:\Users\Sehrig\AppData\Local\MFAData
2015-02-03 16:36 - 2015-02-03 16:36 - 00000000 ____D () C:\Users\Sehrig\AppData\Local\Avg2015
2015-02-03 16:35 - 2015-02-03 16:24 - 172583240 _____ (AVG Technologies) C:\Users\Sehrig\Downloads\avg_free_x64_all_2015_5645a8758.exe
2015-02-03 16:34 - 2015-02-03 16:25 - 63500560 _____ (AVG Technologies) C:\Users\Sehrig\Downloads\avg_smf_x64_all_2013_3495a8522.exe
2015-02-03 13:04 - 2015-02-02 19:13 - 01388274 _____ (Thisisu) C:\Users\Sehrig\Desktop\JRT_NEW.exe
2015-02-03 10:56 - 2015-02-03 11:06 - 00000000 ____D () C:\Users\Sehrig\AppData\Roaming\Roxio
2015-02-03 10:46 - 2015-02-03 09:42 - 315854848 _____ () C:\Users\Sehrig\Downloads\kav_rescue_10.iso
2015-02-01 18:16 - 2015-02-01 18:25 - 00000000 ____D () C:\Users\Sehrig\Documents\Samsung_S5
2015-02-01 16:08 - 2015-02-01 16:12 - 00000000 ____D () C:\Users\Sehrig\Documents\Eset
2015-01-31 11:35 - 2015-01-31 11:35 - 00000000 ____D () C:\Users\Sehrig\AppData\Roaming\ESET
2015-01-31 11:35 - 2015-01-31 11:35 - 00000000 ____D () C:\Users\Sehrig\AppData\Local\ESET
2015-01-31 11:08 - 2015-02-04 13:30 - 00000000 ____D () C:\Users\Sehrig\AppData\Local\CrashDumps
2015-01-28 18:06 - 2015-02-03 12:57 - 00000000 ____D () C:\NPE
2015-01-28 17:57 - 2015-02-03 13:01 - 00000000 ____D () C:\Users\Sehrig\AppData\Local\NPE
2015-01-28 17:57 - 2015-01-28 17:57 - 00000000 ____D () C:\ProgramData\Norton
2015-01-28 17:56 - 2015-01-28 17:57 - 03077776 ____N (Symantec Corporation) C:\Users\Sehrig\Downloads\NPE.exe
2015-01-26 15:55 - 2015-01-26 15:55 - 00001354 _____ () C:\Users\Sehrig\Downloads\JRT.txt
2015-01-24 18:52 - 2015-01-24 18:52 - 00000022 _____ () C:\Windows\exs.ini
2015-01-24 18:36 - 2015-01-24 18:36 - 01707939 _____ (Thisisu) C:\Users\Sehrig\Downloads\JRT.exe
2015-01-24 17:44 - 2015-01-24 17:44 - 02194432 _____ () C:\Users\Sehrig\Downloads\adwcleaner_4.109.exe
2015-01-24 17:30 - 2015-01-24 17:29 - 00450771 ____R () C:\Windows\system32\Drivers\etc\hosts.20150124-173022.backup
2015-01-22 19:33 - 2015-01-22 19:33 - 00000000 ____D () C:\Windows\ERUNT
2015-01-22 19:17 - 2015-02-04 14:17 - 00000000 ____D () C:\AdwCleaner
2015-01-21 17:51 - 2015-02-03 12:33 - 00000099 _____ () C:\Users\Public\LMDebug.log
2015-01-20 15:36 - 2009-06-10 22:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20150120-153637.backup
2015-01-20 15:33 - 2015-01-20 16:45 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-01-20 15:33 - 2015-01-20 15:34 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-01-20 15:33 - 2015-01-20 15:33 - 00001397 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-01-20 15:33 - 2015-01-20 15:33 - 00001385 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-01-20 15:33 - 2015-01-20 15:33 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2015-01-20 15:33 - 2015-01-20 15:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-01-20 15:33 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2015-01-20 15:15 - 2015-01-20 15:15 - 00001201 _____ () C:\Users\Sehrig\Desktop\mbam.txt
2015-01-19 17:45 - 2015-01-19 17:45 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-19 17:18 - 2015-01-19 17:18 - 00002240 _____ () C:\Users\Sehrig\Desktop\Samsung Easy Printer Manager.lnk
2015-01-19 16:22 - 2015-01-19 16:22 - 00002429 _____ () C:\Users\Sehrig\Desktop\start_here.htm - Verknüpfung.lnk
2015-01-19 15:02 - 2015-01-19 15:02 - 00002271 _____ () C:\Users\Public\Desktop\Samsung Drucker-Diagnose.lnk
2015-01-19 15:01 - 2015-01-19 15:02 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Printers
2015-01-19 15:01 - 2015-01-19 15:01 - 00000000 ____D () C:\Users\Sehrig\AppData\Roaming\Samsung
2015-01-19 15:01 - 2015-01-19 15:01 - 00000000 ____D () C:\Program Files\Common Files\Common Desktop Agent
2015-01-19 15:01 - 2014-04-02 12:12 - 00152896 ____R () C:\Windows\Wiainst64.exe
2015-01-19 15:00 - 2015-01-19 15:04 - 00000000 ____D () C:\Program Files (x86)\SamsungPrinterLiveUpdate
2015-01-19 15:00 - 2015-01-19 15:02 - 00000000 ____D () C:\Program Files (x86)\Samsung
2015-01-19 15:00 - 2015-01-19 15:01 - 00000000 ____D () C:\ProgramData\Samsung
2015-01-19 15:00 - 2014-03-05 14:55 - 03112960 _____ () C:\Windows\system32\eed_ec.dll
2015-01-19 15:00 - 2014-03-05 14:55 - 00686384 _____ (Samsung Electronics) C:\Windows\system32\eed_sl.exe
2015-01-19 15:00 - 2013-04-18 11:30 - 00034304 _____ () C:\Windows\system32\sst9clm.dll
2015-01-19 14:58 - 2014-03-05 08:32 - 00094208 ____N () C:\Windows\SysWOW64\Ssdevm.dll
2015-01-19 14:58 - 2014-03-05 08:32 - 00091136 ____N () C:\Windows\system32\ssdevm64.dll
2015-01-19 14:58 - 2013-02-22 13:29 - 00365568 _____ () C:\Windows\system32\SaMinDrv.dll
2015-01-19 14:58 - 2013-02-22 13:29 - 00112128 _____ () C:\Windows\system32\SaImgFlt.dll
2015-01-19 14:58 - 2013-02-22 13:29 - 00055296 _____ () C:\Windows\system32\SaErHdlr.dll
2015-01-19 14:58 - 2013-01-10 00:58 - 00053248 _____ () C:\Windows\SysWOW64\Ssusbpn.dll
2015-01-19 14:58 - 2013-01-10 00:58 - 00049152 _____ () C:\Windows\system32\Ssusbp64.dll
2015-01-16 16:45 - 2015-01-16 16:46 - 00000000 ____D () C:\Users\Sehrig\Documents\Motorola_SBV_5121
2015-01-15 17:05 - 2015-01-15 17:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-01-15 17:05 - 2015-01-15 17:05 - 00000000 ____D () C:\Program Files\7-Zip
2015-01-15 16:52 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-15 16:52 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-15 16:52 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-15 16:52 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-15 16:52 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-15 16:52 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-15 16:52 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-15 16:52 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-15 16:52 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-15 16:52 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-15 16:52 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-15 16:52 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-14 19:16 - 2015-01-14 19:16 - 00001411 _____ () C:\Windows\IE11_main.log
2015-01-13 18:05 - 2015-01-27 13:35 - 00000000 ____D () C:\Users\Sehrig\AppData\Local\NETGEARGenie
2015-01-13 18:05 - 2015-01-13 18:05 - 00369168 _____ (CACE Technologies, Inc.) C:\Windows\system32\wpcap.dll
2015-01-13 18:05 - 2015-01-13 18:05 - 00281104 _____ (CACE Technologies, Inc.) C:\Windows\SysWOW64\wpcap.dll
2015-01-13 18:05 - 2015-01-13 18:05 - 00106000 _____ (CACE Technologies, Inc.) C:\Windows\system32\packet.dll
2015-01-13 18:05 - 2015-01-13 18:05 - 00096784 _____ (CACE Technologies, Inc.) C:\Windows\SysWOW64\packet.dll
2015-01-13 18:05 - 2015-01-13 18:05 - 00035344 _____ (CACE Technologies, Inc.) C:\Windows\system32\Drivers\npf.sys
2015-01-13 18:05 - 2015-01-13 18:05 - 00002068 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NETGEAR Genie.lnk
2015-01-13 18:05 - 2015-01-13 18:05 - 00002056 _____ () C:\Users\Public\Desktop\NETGEAR Genie.lnk
2015-01-13 18:04 - 2015-01-13 18:05 - 00000000 ____D () C:\Program Files (x86)\NETGEAR Genie
2015-01-10 18:18 - 2015-01-10 18:19 - 00000000 ____D () C:\Users\Sehrig\AppData\Roaming\vlc
2015-01-10 18:17 - 2015-01-10 18:17 - 00000873 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-01-10 18:17 - 2015-01-10 18:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-01-10 18:17 - 2015-01-10 18:17 - 00000000 ____D () C:\Program Files\VideoLAN
2015-01-06 15:52 - 2015-02-04 14:18 - 00004290 _____ () C:\Windows\setupact.log
2015-01-06 15:52 - 2015-01-06 15:52 - 00493952 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-06 15:52 - 2015-01-06 15:52 - 00140472 _____ () C:\Users\Sehrig\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-06 15:52 - 2015-01-06 15:52 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-06 15:51 - 2015-02-04 14:18 - 00028466 _____ () C:\Windows\PFRO.log
2015-01-05 18:28 - 2015-01-06 16:04 - 00000000 ____D () C:\Users\Sehrig\Documents\Netgear
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-04 14:22 - 2009-07-14 06:10 - 01560300 _____ () C:\Windows\WindowsUpdate.log
2015-02-04 14:19 - 2010-03-02 12:47 - 00000071 _____ () C:\Windows\SysWOW64\ToasterLauncherLog.log
2015-02-04 14:19 - 2010-03-02 12:27 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2015-02-04 14:18 - 2010-03-09 18:55 - 00000000 ____D () C:\Users\Sehrig\AppData\Local\SoftThinks
2015-02-04 14:18 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-04 13:34 - 2009-07-14 05:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-04 13:34 - 2009-07-14 05:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-04 13:33 - 2009-07-14 18:58 - 00702350 _____ () C:\Windows\system32\perfh007.dat
2015-02-04 13:33 - 2009-07-14 18:58 - 00149990 _____ () C:\Windows\system32\perfc007.dat
2015-02-04 13:33 - 2009-07-14 06:13 - 01626920 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-04 13:30 - 2014-12-09 16:42 - 00000000 ____D () C:\Users\Sehrig\Documents\Outlook-Dateien
2015-02-04 13:27 - 2009-07-14 04:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-02-04 13:26 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-02-04 13:08 - 2010-03-02 12:21 - 00000000 ____D () C:\Windows\SysWOW64\Data
2015-02-04 13:08 - 2010-03-02 12:21 - 00000000 ____D () C:\Windows\system32\Data
2015-02-04 13:05 - 2014-12-08 18:28 - 01600496 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-02-04 12:13 - 2014-12-08 15:35 - 00001912 _____ () C:\Windows\epplauncher.mif
2015-02-04 11:18 - 2010-03-09 18:55 - 00000000 ____D () C:\Users\Sehrig
2015-02-03 16:46 - 2014-05-20 18:12 - 00003696 _____ () C:\Windows\System32\Tasks\Adobe-Online-Aktualisierungsprogramm
2015-02-03 16:46 - 2010-04-07 16:59 - 00002962 _____ () C:\Windows\System32\Tasks\{C717B9A1-4717-4E31-BA9B-E1BCD4E5055B}
2015-02-03 16:46 - 2010-04-07 16:59 - 00002962 _____ () C:\Windows\System32\Tasks\{BCAAF731-21FD-498D-9B6B-EC4DF5E9D1FE}
2015-02-03 16:46 - 2010-04-07 16:59 - 00002962 _____ () C:\Windows\System32\Tasks\{B6458A30-6347-492F-8523-1666B677DDE3}
2015-02-03 11:11 - 2010-03-02 12:36 - 00000000 ____D () C:\ProgramData\Roxio
2015-02-03 10:51 - 2010-10-23 17:03 - 00000000 ____D () C:\Users\Sehrig\AppData\Local\PowerDVD DX
2015-02-03 10:51 - 2010-03-02 12:29 - 00000000 ____D () C:\ProgramData\CyberLink
2015-01-31 18:14 - 2010-03-09 18:59 - 00001427 _____ () C:\Users\Sehrig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-28 19:42 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-28 16:58 - 2014-12-16 18:21 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-28 16:58 - 2014-12-16 18:21 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-27 17:40 - 2009-07-14 03:34 - 00450771 ____R () C:\Windows\system32\Drivers\etc\hosts.20150201-170122.backup
2015-01-26 14:07 - 2010-05-17 17:36 - 00000000 ____D () C:\Users\Sehrig\AppData\Local\Buhl
2015-01-26 14:07 - 2010-05-17 17:34 - 00000000 ____D () C:\Program Files (x86)\WISO
2015-01-26 14:07 - 2010-03-02 12:19 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-24 17:30 - 2009-07-14 03:34 - 00450771 ____R () C:\Windows\system32\Drivers\etc\hosts.20150127-174039.backup
2015-01-24 16:38 - 2010-03-15 17:52 - 00000000 ____D () C:\Users\Sehrig\AppData\Local\Microsoft Help
2015-01-21 18:18 - 2012-10-06 16:31 - 00000000 ____D () C:\Users\Sehrig\Documents\Diverses
2015-01-20 15:36 - 2009-07-14 03:34 - 00450771 ____R () C:\Windows\system32\Drivers\etc\hosts.20150124-172943.backup
2015-01-19 17:59 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\TAPI
2015-01-19 15:06 - 2014-05-20 17:30 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-01-18 17:47 - 2011-01-04 19:30 - 00000000 ____D () C:\Users\Sehrig\Documents\PC-Dokumnent-MS
2015-01-10 18:27 - 2014-12-31 17:51 - 00000000 ____D () C:\Users\Sehrig\AppData\Roaming\MyPhoneExplorer
==================== Files in the root of some directories =======
2013-02-21 18:40 - 2013-02-18 09:17 - 4931832 _____ (Canneverbe Limited ) C:\Program Files\cdbxp_setup_4.5.0.3717_minimal.exe
2014-04-13 17:25 - 2014-04-10 08:16 - 4422611 _____ () C:\Program Files\eac-1.0beta3.exe
2014-08-11 17:57 - 2014-08-08 08:04 - 6704778 _____ () C:\Program Files\Samsung_ChannelListPCEditor_1.10.zip
2013-02-02 14:30 - 2013-01-22 14:20 - 3203357 _____ () C:\Program Files\samtoolbox_win7_v0.11.zip
2010-04-30 08:42 - 2010-04-30 08:45 - 8656832 _____ (Dell, Inc. ) C:\Users\Sehrig\AppData\Roaming\DataSafeDotNet.exe
2011-02-15 18:34 - 2012-02-12 14:32 - 0001164 _____ () C:\Users\Sehrig\AppData\Local\crc32list11.txt
Some content of TEMP:
====================
C:\Users\Sehrig\AppData\Local\Temp\Quarantine.exe
C:\Users\Sehrig\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-26 18:11
==================== End Of Log ============================
--- --- --- --- --- --- und Addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2015
Ran by Sehrig at 2015-02-04 14:23:34
Running from C:\Users\Sehrig\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acronis True Image 2014 (HKLM-x32\...\{3ECDD663-5AF8-489B-9E3C-561F33A271BD}Visible) (Version: 17.0.6673 - Acronis)
Acronis True Image 2014 (x32 Version: 17.0.6673 - Acronis) Hidden
Acronis True Image 2014 Media Add-on (HKLM-x32\...\{D2D29970-F992-45EB-9BE2-EEC18E250053}) (Version: 17.0.5560 - Acronis)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
ATI Catalyst Control Center (HKLM-x32\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 2.009.0918.2131 - )
Bing Bar (HKLM-x32\...\{B4089055-D468-45A4-A6BA-5A138DD715FC}) (Version: 7.0.850.0 - Microsoft Corporation)
ccc-core-static (x32 Version: 2009.0918.2132.36825 - ATI) Hidden
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.0.3717 - CDBurnerXP)
Common Desktop Agent (Version: 1.62.0 - OEM) Hidden
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Creative Audio-Systemsteuerung (HKLM-x32\...\AudioCS) (Version: 2.00 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.40 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version: - )
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 2.34 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.3.94 - Dell)
Dell DataSafe Online (HKLM-x32\...\{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}) (Version: 1.2.0011 - Dell, Inc.)
Dell Dock (HKLM\...\{E60B7350-EA5F-41E0-9D6F-E508781E36D2}) (Version: 2.0.0 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Support Center (Support Software) (HKLM-x32\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.5.09100 - Dell)
DirectXInstallService (x32 Version: 9.0.2 - Roxio) Hidden
Dolby Digital Live Pack (HKLM-x32\...\Dolby Digital Live Pack) (Version: 3.00 - Creative Technology Limited)
EMC 10 Content (x32 Version: 1.0.035 - Ihr Firmenname) Hidden
EMCGadgets64 (Version: 1.0.302 - Ihr Firmenname) Hidden
Exact Audio Copy 1.0beta3 (HKLM-x32\...\Exact Audio Copy) (Version: 1.0beta3 - Andre Wiethoff)
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\Firebird SQL Server D) (Version: 2.0.1.13 - MAGIX AG)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.0.1006 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.0.1037 - Intel Corporation)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
MAGIX Filme auf DVD TerraTec Edition 7.0.3.6 (D) (HKLM-x32\...\MAGIX Filme auf DVD TerraTec Edition D) (Version: 7.0.3.6 - MAGIX AG)
MAGIX Online Druck Service 3.4.3.0 (D) (HKLM-x32\...\MAGIX Online Druck Service D) (Version: 3.4.3.0 - MAGIX AG)
MAGIX Screenshare 4.3.6.1987 (D) (HKLM-x32\...\MAGIX Screenshare D) (Version: 4.3.6.1987 - MAGIX AG)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM-x32\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Multimedia Card Reader (HKLM-x32\...\InstallShield_{9F0A32A5-4EBF-4B9D-A3CD-31579F2E1400}) (Version: 1.4.915.1 - Fitipower)
Multimedia Card Reader (x32 Version: 1.4.915.1 - Fitipower) Hidden
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.6 - F.J. Wechselberger)
NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.3.1.46 - NETGEAR Inc.)
PC Inspector smart recovery (HKLM-x32\...\{C9A87D86-FDFD-418B-BF96-EF09320973B3}) (Version: 4.50 - )
PMB (HKLM-x32\...\{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}) (Version: 5.5.02.12220 - Sony Corporation)
Polar Daemon (HKLM-x32\...\{2BA9320D-E061-4C71-ACCB-AC0E9D4FC82B}) (Version: 2.2.20000 - Polar Electro Oy)
Polar IrDA USB Adapter (HKLM-x32\...\{7A6EC173-9388-4172-8F44-17FFEA8A53BC}) (Version: 1.03.0000 - )
Polar ProTrainer (HKLM-x32\...\{DF7DBA84-0A55-11D6-A0A6-6A7573736972}) (Version: 5.40.170 - )
Polar WebSync (HKLM-x32\...\{320453EE-6AEA-4E1A-8E64-72F33C0C928F}) (Version: 2.8.10006 - Polar Electro Oy)
PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.5424 - CyberLink Corp.)
Roxio Easy CD and DVD Burning (HKLM-x32\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.3 - Roxio)
Roxio File Backup (Version: 1.3.0 - Roxio) Hidden
Samsung C460 Series (HKLM-x32\...\Samsung C460 Series) (Version: 1.07 (14.04.2014) - Samsung Electronics Co., Ltd.)
Samsung Drucker-Diagnose (HKLM-x32\...\Samsung Printer Diagnostics) (Version: 1.0.0.16 - Samsung Electronics Co., Ltd.)
Samsung Easy Document Creator (HKLM-x32\...\Samsung Easy Document Creator) (Version: 1.05.91 (12.03.2014) - Samsung Electronics Co., Ltd.)
Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 1.05.32.00(01.04.2014) - Samsung Electronics Co., Ltd.)
Samsung Easy Wireless Setup (HKLM-x32\...\Easy Wireless Setup) (Version: 3.60.49.0 - Samsung Electronics Co., Ltd.)
Samsung OCR Software (HKLM-x32\...\Samsung OCR Software) (Version: 1.00.14 (02.08.2013) - Samsung Electronics Co., Ltd.)
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
Samsung Scan Process Machine (x32 Version: 1.02.07.00 - Samsung Electronics Co., Ltd.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skins (x32 Version: 2009.0918.2132.36825 - ATI) Hidden
SNS Upload for Easy Document Creator (HKLM-x32\...\{B6B5F07C-88D5-49D3-A1A7-A6D4BC37DCCC}) (Version: 1.0.0 - Samsung Electronics Co.,Ltd)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
Sound Blaster X-Fi (HKLM-x32\...\{20288888-A7AF-4B24-8AEB-398D20CD563C}) (Version: 1.0 - )
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
THX TruStudio PC (HKLM-x32\...\{010A785B-F920-4350-821B-6309909C20BB}) (Version: 1.0 - Creative Technology Limited)
TuneUp Utilities 2013 (HKLM-x32\...\TuneUp Utilities 2013) (Version: 13.0.4000.260 - TuneUp Software)
TuneUp Utilities 2013 (x32 Version: 13.0.4000.260 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (x32 Version: 13.0.4000.260 - TuneUp Software) Hidden
VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Live Anmelde-Assistent (HKLM-x32\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WISO Steuer-Sparbuch 2012 (HKLM-x32\...\{0CC1DAFB-40C8-4903-953D-471E541477C7}) (Version: 19.00.7303 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2013 (HKU\S-1-5-21-3181699812-3172478678-2042656238-1000\...\{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}) (Version: 20.00.8137 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2014 (HKLM-x32\...\{1F9C6B12-563A-4F13-97D8-F80E048ABBF2}) (Version: 21.00.8480 - Buhl Data Service GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-3181699812-3172478678-2042656238-1000_Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InprocServer32 -> C:\Users\Sehrig\AppData\Roaming\ernden\berdis.dll () <==== ATTENTION
==================== Restore Points =========================
23-01-2015 18:01:22 Windows Update
26-01-2015 14:06:23 Entfernt WISO Steuer-Sparbuch 2011
26-01-2015 14:07:28 Entfernt WISO Sparbuch 2010
27-01-2015 13:37:00 Windows Update
31-01-2015 11:19:00 Windows Update
31-01-2015 11:34:15 ESET Smart Security wurde installiert
03-02-2015 12:53:10 Windows Update
03-02-2015 13:02:10 Removed Java(TM) 6 Update 17
03-02-2015 13:03:07 Removed Java(TM) 6 Update 17 (64-bit)
03-02-2015 17:03:49 Installed AVG 2013
04-02-2015 11:23:51 Removed AVG 2013
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2015-02-01 17:01 - 00450771 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
There are 1000 more lines.
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {05A6E0D8-4293-4BB6-8991-F5794181CF09} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {0B42E792-3DF4-4E29-99AA-9046F3C77A81} - System32\Tasks\{0BAA7372-9ABC-4FF9-B1BE-460B1E9AEFB3} => F:\autorun.exe
Task: {14E6C30A-D15E-40B5-BAED-94DA7E4DE9C4} - System32\Tasks\{C01442E0-6115-4C7B-A7C9-DE56805A50F1} => C:\Program Files (x86)\Suunto Training Manager\T_Manager.exe
Task: {18EE4144-ECAF-4311-851A-F2B9F7B4BC37} - System32\Tasks\{1AB0A8B9-3B51-436E-A688-E7EBF07D38D7} => C:\Program Files (x86)\Suunto Training Manager\T_Manager.exe
Task: {1A0BB438-D32F-4D1D-89B2-7932622531F5} - System32\Tasks\{5C917791-826C-4CCD-977B-1CA5BB0D7B92} => C:\Program Files (x86)\Suunto Training Manager\T_Manager.exe
Task: {1A2CC61F-9E1C-4E87-9172-75E3D96AF5FF} - System32\Tasks\{4C3CC7F9-9B3A-4801-8882-F044B17FC893} => C:\Program Files (x86)\Suunto Training Manager\T_Manager.exe
Task: {248134D2-067D-488C-AF19-1E55CA259F89} - System32\Tasks\{016DB5A9-D794-49B7-85EB-84465B38D90A} => C:\Program Files (x86)\Suunto Training Manager\T_Manager.exe
Task: {29D922CC-773A-4CFC-8DD1-6A3BF970598A} - System32\Tasks\{8F17F50A-8507-4ADD-ABA2-38FCB2E537E6} => C:\Program Files (x86)\Suunto Training Manager\T_Manager.exe
Task: {2A06D069-7C9A-437F-A231-451D3575FC6D} - System32\Tasks\{B6458A30-6347-492F-8523-1666B677DDE3} => C:\Program Files (x86)\SuuntoUSB_Setup_7.exe
Task: {375BB4B6-5845-4097-9793-0591873747EC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {3A0AF91F-C9D6-4F5C-8FA8-89C112346047} - System32\Tasks\{99AEFB4A-BFA0-4A96-B04A-225751AFF9EC} => pcalua.exe -a F:\usb\SuuntoUSB_Setup_1.exe -d F:\usb
Task: {3E2E94BD-573C-4FF2-87B4-17C062F7B5EF} - System32\Tasks\{BCAAF731-21FD-498D-9B6B-EC4DF5E9D1FE} => C:\Program Files (x86)\SuuntoUSB_Setup_7.exe
Task: {45A1EC80-DBD2-4C32-BBB4-60C5045829AA} - System32\Tasks\{23551A12-9E05-4F25-8F7F-2EE2C7FA5987} => pcalua.exe -a F:\setup.exe -d F:\
Task: {4A1CD3C4-D303-4848-AB7A-E7740B580DF2} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2013\OneClick.exe [2014-01-28] (TuneUp Software)
Task: {58271B6A-2ADD-4825-A0AA-91D55A2B350B} - System32\Tasks\{A73996A6-8943-40B5-A346-0B6C3F0EE4F4} => C:\Program Files (x86)\Suunto Training Manager\T_Manager.exe
Task: {5C2522E1-76A7-43A6-9CC8-207852009614} - System32\Tasks\{694391DB-EDAD-49D7-96D1-B535B78BE037} => C:\Program Files (x86)\Suunto Training Manager\T_Manager.exe
Task: {7B6D7AAC-4352-401F-88A0-1DBCB211F456} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {9EFA0ADA-E2DD-4D68-92E8-32166912DFD4} - System32\Tasks\{C717B9A1-4717-4E31-BA9B-E1BCD4E5055B} => C:\Program Files (x86)\SuuntoUSB_Setup_7.exe
Task: {A3468BC2-BC79-4D83-BEB0-F736DA8AC216} - System32\Tasks\{3FDF2B65-0059-4CF9-AACE-7699E2FBFBA5} => pcalua.exe -a "C:\Program Files (x86)\SuuntoUSB.exe" -d "C:\Program Files (x86)"
Task: {CE3F52B2-42FF-4A53-BC99-F009B823C6C0} - System32\Tasks\{C6F144D4-AAF2-41AA-82EB-D3616E4FFD54} => F:\autorun.exe
Task: {D41D2915-4D7B-4EAA-9BAF-D2802F4E5616} - System32\Tasks\{79203D8E-F8D3-421C-8EFB-223A9D7594CE} => pcalua.exe -a F:\Software\MAGIX\setup_de.exe -d F:\Software\MAGIX
Task: {DD5F3777-D9D7-4E32-9B75-C7731E86EBE3} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {ECB21A4E-D6E3-4044-8F4C-5CCA6ED3E3A8} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
==================== Loaded Modules (whitelisted) =============
2015-01-19 15:00 - 2013-04-18 11:30 - 00034304 _____ () C:\Windows\System32\sst9clm.dll
2013-08-07 16:04 - 2013-10-01 10:32 - 02818216 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2014-01-28 12:34 - 2014-01-28 12:34 - 00741176 _____ () C:\Program Files (x86)\TuneUp Utilities 2013\avgrepliba.dll
2010-03-02 12:28 - 2009-11-23 19:11 - 00161008 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
2010-03-02 12:27 - 2010-03-31 17:42 - 00786432 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
2012-03-09 09:58 - 2012-03-09 09:58 - 00462712 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
2012-03-09 09:58 - 2012-03-09 09:58 - 00057208 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll
2014-11-06 16:28 - 2014-11-06 16:28 - 00105216 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
2014-12-04 06:19 - 2014-12-04 06:19 - 01199104 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\sst9cdu.dll
2014-11-17 21:32 - 2014-11-17 21:32 - 00145920 _____ () C:\Users\Sehrig\AppData\Roaming\ernden\berdis.dll
2015-01-20 15:33 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-01-20 15:33 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-01-20 15:33 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-01-20 15:33 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-01-20 15:33 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2010-03-02 12:27 - 2010-02-11 18:53 - 00128320 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
2010-03-02 12:27 - 2010-02-11 18:52 - 01123648 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\LibXml2.dll
2010-03-02 12:27 - 2010-02-11 18:53 - 00079168 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll
2010-03-02 12:27 - 2010-02-11 18:53 - 00234816 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll
2010-03-02 12:27 - 2010-02-11 18:53 - 00075072 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll
2010-03-02 12:27 - 2010-02-11 18:53 - 00111936 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll
2010-03-02 12:27 - 2010-02-11 18:53 - 00121152 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll
2010-03-02 12:27 - 2010-02-11 18:53 - 00025920 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\SftBRCC.dll
2010-03-02 12:27 - 2010-02-11 18:53 - 00025920 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\SftBRCCPiped.dll
2010-03-02 12:27 - 2010-02-11 18:53 - 00025920 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STBRCCServCLR.dll
2013-09-29 02:14 - 2013-09-29 02:14 - 03369922 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\icuin51.dll
2013-09-29 02:13 - 2013-09-29 02:13 - 00544817 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\libgcc_s_dw2-1.dll
2013-09-29 02:13 - 2013-09-29 02:13 - 00989805 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\libstdc++-6.dll
2013-09-29 02:14 - 2013-09-29 02:14 - 01978690 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\icuuc51.dll
2013-09-29 02:14 - 2013-09-29 02:14 - 22378434 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\icudt51.dll
2013-09-29 02:14 - 2013-09-29 02:14 - 01233408 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\platforms\qwindows.dll
2014-11-17 10:46 - 2014-11-17 10:46 - 00639488 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\Genie.dll
2014-11-10 10:55 - 2014-11-10 10:55 - 01686016 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\SvtNetworkTool.dll
2014-11-05 08:36 - 2014-11-05 08:36 - 00192512 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Airprint.dll
2014-11-05 08:37 - 2014-11-05 08:37 - 00632832 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Internet.dll
2014-11-14 11:53 - 2014-11-14 11:53 - 06499840 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Map.dll
2014-06-30 02:55 - 2014-06-30 02:55 - 00068608 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QRCode.dll
2014-06-30 03:05 - 2014-06-30 03:05 - 01183232 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\qwt.dll
2014-11-07 10:13 - 2014-11-07 10:13 - 02475520 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_MyMedia.dll
2012-10-15 21:27 - 2012-10-15 21:27 - 00111616 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\libvlc.dll
2012-10-15 21:28 - 2012-10-15 21:28 - 02286592 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\libvlccore.dll
2014-11-17 08:00 - 2014-11-17 08:00 - 01056768 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_NetworkProblem.dll
2014-09-11 09:39 - 2014-09-11 09:39 - 00144896 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DragonNetTool.dll
2014-11-05 08:51 - 2014-11-05 08:51 - 01191424 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_ParentalControl.dll
2014-11-17 07:21 - 2014-11-17 07:21 - 10374656 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Resource.dll
2014-11-17 07:18 - 2014-11-17 07:18 - 02496512 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_RouterConfiguration.dll
2014-11-06 10:39 - 2014-11-06 10:39 - 00200192 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Statistics.dll
2014-11-05 08:58 - 2014-11-05 08:58 - 00889344 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Ui.dll
2014-11-05 09:00 - 2014-11-05 09:00 - 00435712 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Wireless.dll
2013-09-29 02:13 - 2013-09-29 02:13 - 00051200 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qgif.dll
2013-09-29 02:13 - 2013-09-29 02:13 - 00052224 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qico.dll
2013-09-29 02:13 - 2013-09-29 02:13 - 00261120 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qjpeg.dll
2013-09-29 02:13 - 2013-09-29 02:13 - 00046080 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qsvg.dll
2014-06-30 02:55 - 2014-06-30 02:55 - 00081408 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DiagnosePlugin.dll
2014-11-03 09:23 - 2014-11-03 09:23 - 00143360 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DiagnoseDll.dll
2014-06-19 03:22 - 2014-06-19 03:22 - 02177405 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\drivers\libntgr_api.dll
2014-09-04 07:00 - 2014-09-04 07:00 - 00072192 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\SVTUtils.dll
2014-09-04 07:00 - 2014-09-04 07:00 - 00074240 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\NetcardApi.dll
2014-09-04 07:00 - 2014-09-04 07:00 - 00136704 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\airprintdll.dll
2012-10-15 21:28 - 2012-10-15 21:28 - 00219648 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\plugins\access\libdshow_plugin.dll
2012-10-15 21:28 - 2012-10-15 21:28 - 00049664 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\plugins\audio_output\libaout_directx_plugin.dll
2012-10-15 21:28 - 2012-10-15 21:28 - 00051200 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\plugins\audio_output\libwaveout_plugin.dll
2012-10-15 21:28 - 2012-10-15 21:28 - 00070144 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\plugins\video_output\libdirectx_plugin.dll
2013-09-29 02:13 - 2013-09-29 02:13 - 00040960 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\printsupport\windowsprintersupport.dll
2014-11-05 08:59 - 2014-11-05 08:59 - 00642048 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_Update.dll
2014-11-05 09:01 - 2014-11-05 09:01 - 00458752 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_WirelessExport.dll
2014-06-30 03:33 - 2014-06-30 03:33 - 00046080 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\WSetupApiPlugin.dll
2014-09-04 07:00 - 2014-09-04 07:00 - 00066560 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\WSetupDll.dll
2014-02-04 18:25 - 2014-02-04 18:25 - 00036672 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\qt_icontray_ex.dll
2014-02-04 18:25 - 2014-02-04 18:25 - 00028992 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\thread_pool.dll
2013-10-10 12:02 - 2013-10-10 12:02 - 00013120 _____ () C:\Program Files (x86)\Common Files\Acronis\TibMounter\icudt38.dll
2015-02-04 10:42 - 2015-01-23 11:37 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-11-17 21:32 - 2014-11-17 21:32 - 00122880 _____ () C:\Users\Sehrig\AppData\Roaming\ernden\rewardca.dll
2014-02-04 18:28 - 2014-02-04 18:28 - 00420160 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll
2013-10-01 11:00 - 2013-10-01 11:00 - 00022336 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers_proxy_stub.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Polar WebSync.lnk => C:\Windows\pss\Polar WebSync.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WISO Mein Steuer-Sparbuch heute.lnk => C:\Windows\pss\WISO Mein Steuer-Sparbuch heute.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Sehrig^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk => C:\Windows\pss\Dell Dock.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Sehrig^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^WISO Mein Steuer-Sparbuch heute.lnk => C:\Windows\pss\WISO Mein Steuer-Sparbuch heute.lnk.Startup
MSCONFIG\startupreg: Dell DataSafe Online => "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
MSCONFIG\startupreg: DellSupportCenter => "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
MSCONFIG\startupreg: PDVDDXSrv => "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: ShwiconXP9106 => C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
MSCONFIG\startupreg: StartCCC => "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: TrayServer => C:\Program Files (x86)\MAGIX\Filme_auf_DVD_7_TerraTec_Edition\TrayServer.exe
========================= Accounts: ==========================
Administrator (S-1-5-21-3181699812-3172478678-2042656238-500 - Administrator - Disabled)
Gast (S-1-5-21-3181699812-3172478678-2042656238-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3181699812-3172478678-2042656238-1002 - Limited - Enabled)
Sehrig (S-1-5-21-3181699812-3172478678-2042656238-1000 - Administrator - Enabled) => C:\Users\Sehrig
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Error: (02/04/2015 02:18:54 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
RxFilter
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7 CPU 860 @ 2.80GHz
Percentage of memory in use: 34%
Total physical RAM: 8151.08 MB
Available physical RAM: 5298.39 MB
Total Pagefile: 16300.34 MB
Available Pagefile: 13328.84 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:1790.27 GB) (Free:1637.12 GB) NTFS
Drive d: (DATAPART1) (Fixed) (Total:63.02 GB) (Free:23.06 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1800 GB) (Disk ID: 38000000)
Partition 1: (Not Active) - (Size=118 MB) - (Type=DE)
Partition 2: (Active) - (Size=9.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=1790.3 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 63 GB) (Disk ID: CC86E3AE)
Partition 1: (Not Active) - (Size=63 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Grolltar Geändert von Grolltar (04.02.2015 um 14:39 Uhr) Grund: Grüße vergessen... |
|
04.02.2015, 15:00
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7 Home Premium - Werbeclips im Hintergrund und der Verlauf enthält unbekannte Webseiten Okay, dann Kontrollscans mit MBAM und ESET bitte: Downloade Dir bitte  Malwarebytes Anti-Malware
ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
04.02.2015, 17:53
| #9 |
| | Windows 7 Home Premium - Werbeclips im Hintergrund und der Verlauf enthält unbekannte Webseiten Nabend, beide haben nichts gefunden. Hier die Logs: MBAM Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 04.02.2015 Suchlauf-Zeit: 15:14:43 Logdatei: mbam.txt Administrator: Ja Version: 2.00.4.1028 Malware Datenbank: v2015.02.04.06 Rootkit Datenbank: v2015.02.03.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Sehrig Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 340919 Verstrichene Zeit: 11 Min, 18 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 0 (Keine schädliche Elemente erkannt) Registrierungswerte: 0 (Keine schädliche Elemente erkannt) Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 0 (Keine schädliche Elemente erkannt) Dateien: 0 (Keine schädliche Elemente erkannt) Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=4636e9c8e46d4e48b2f026fd8b919ff9
# engine=22305
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-02-04 03:56:27
# local_time=2015-02-04 04:56:27 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 16982 46045781 0 0
# scanned=212512
# found=0
# cleaned=0
# scan_time=4593
Grüße Grolltar Edit: Der IE Task im Task Manager ist wieder da und besucht fleißig Webseiten. Geändert von Grolltar (04.02.2015 um 18:12 Uhr) Grund: siehe Ergänzung |
|
04.02.2015, 23:09
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7 Home Premium - Werbeclips im Hintergrund und der Verlauf enthält unbekannte Webseiten Es kommt ein FRST Fix...bitte jetzt deinen Virenscanner deaktivieren Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter EmptyTemp:
Hosts:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.02.2015, 10:38
| #11 |
| | Windows 7 Home Premium - Werbeclips im Hintergrund und der Verlauf enthält unbekannte Webseiten Hallo Cosinus, hier die Fixlog.txt Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-02-2015 01
Ran by Sehrig at 2015-02-05 10:33:53 Run:1
Running from C:\Users\Sehrig\Desktop
Loaded Profiles: Sehrig (Available profiles: Sehrig)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
EmptyTemp:
Hosts:
*****************
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 316.9 MB temporary data.
The system needed a reboot.
==== End of Fixlog 10:34:10 ====
Grolltar |
|
05.02.2015, 12:19
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7 Home Premium - Werbeclips im Hintergrund und der Verlauf enthält unbekannte Webseiten Sieht soweit ok aus  Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) empfehle ich die Erweiterung Ghostery, diese verhindert weitgehend Usertracking bzw. das Anzeigen von Werbebannern. Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.02.2015, 16:12
| #13 |
| | Windows 7 Home Premium - Werbeclips im Hintergrund und der Verlauf enthält unbekannte Webseiten Hallo Cosinus, danke für die Hilfe. Leider sehe ich im Task Manager erneut einen Internet Explorer Task der ständig wechselnde Webseiten besucht. Ich kann diesen Task weder schließen, noch kann ich dahin wechseln. Habe ich mich verständlich ausgedrückt? Viele Grüße Grolltar |
|
05.02.2015, 16:20
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7 Home Premium - Werbeclips im Hintergrund und der Verlauf enthält unbekannte Webseiten IE resetten => http://support.microsoft.com/kb/923737
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.02.2015, 18:57
| #15 |
| | Windows 7 Home Premium - Werbeclips im Hintergrund und der Verlauf enthält unbekannte Webseiten Hallo Cosinus, habe ich gemacht, 2x. Nach dem Neustart ist der Task im Task Manager wieder da. Hast du noch irgendwelche Ideen, wo wir ansetzen können? Soll ich ein Foto des Task Managers hoch laden? Viele Grüße Grolltar |
|
| Themen zu Windows 7 Home Premium - Werbeclips im Hintergrund und der Verlauf enthält unbekannte Webseiten |
| adware, avg security toolbar, browser, computer, cpu, ebanking, firefox, flash player, helper, home, installation, internet explorer, mozilla, netgear, problem, refresh, registry, rundll, safer networking, scan, secure search, security, software, svchost.exe, symantec, system, trojaner, trojaner board, vtoolbarupdater, warnung, windows |
Linear-Darstellung
