| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Fund bei Malwarebytes: OpenCandy und SpigotWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
04.02.2015, 21:49
| #1 |
 |  Fund bei Malwarebytes: OpenCandy und Spigot Hallo an alle, habe Routinemäßig wieder mal Malwarebytes drüber laufen lassen. MWB hat auch was gefunden :-( Bräuchte bitte kurz Info von einem Profi, ob ich handeln muss oder einfach unbedenklich über MWB entfernen kann. Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Warnen PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 1 PUP.Optional.Spigot.A, HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Search Settings, , [4238de3ce0aa49ed5d948977040160a0], Registrierungswerte: 0 (Keine schädliche Elemente erkannt) Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 0 (Keine schädliche Elemente erkannt) Dateien: 2 PUP.Optional.OpenCandy.A, C:\Users\Sumsium\AppData\Local\Temp\is-JI7VF.tmp\OCSetupHlp.dll, , [dc9e6fab721800368e476cd609f76b95], PUP.Optional.OpenCandy, C:\Users\Sumsium\AppData\Local\Temp\is-AFDA9.tmp\OCSetupHlp.dll, , [fe7cd545afdb53e3d98f35a2ce37d927], Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) |
|
04.02.2015, 21:52
| #2 |
| Ruhe in Frieden † 2019     | Fund bei Malwarebytes: OpenCandy und Spigot Mein Name ist Sandra und ich werde Dir bei Deinem Problem behilflich sein.
Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der schnellere und bei einem Befall durch Malware immer der sicherste Weg. Adware lässt sich in den allermeisten Fällen problemlos entfernen. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Dir jemand vom Team sagt, dass Du clean bist. Posten in Code Tags Bitte füge die Logs immer in Code-Tags ein. Wenn Du das nicht machst, erschwert es mir sehr das Auswerten. Danke. Dazu:
Schritt 1 Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
04.02.2015, 22:08
| #3 |
| | Fund bei Malwarebytes: OpenCandy und Spigot Hallo Sandra,
__________________vielen Dank für Deine schnelle Antwort. FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-02-2015 01 Ran by Sumsium (administrator) on SUMSISUM-PC on 04-02-2015 22:03:52 Running from C:\Users\Sumsium\Downloads Loaded Profiles: Sumsium & (Available profiles: Sumsium & Sumsisum & Gast) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe () C:\ProgramData\DatacardService\HWDeviceService64.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\WiselinkPro.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\http_ss_win_pro.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe (BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe (Nokia) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Abelssoft) C:\Program Files (x86)\CheckDrive\CheckDriveBackgroundGuard.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (Samsung Electronics) C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (TomTom) C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe (Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe (Sigmatel) C:\Windows\system\w98eject.exe () C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe ( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe (Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe (Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (Samsung) C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (1und1 Mail und Media GmbH) C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe () C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe (Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe (CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (ESET) C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe () C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated) HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610872 2009-08-25] () HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-03-23] (IDT, Inc.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM-x32\...\Run: [Corel File Shell Monitor] => C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe [15544 2009-08-25] () HKLM-x32\...\Run: [HPCam_Menu] => c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.) HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [322104 2009-08-20] ( Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [Easybits Recovery] => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard) HKLM-x32\...\Run: [WirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard) HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.) HKLM-x32\...\Run: [AllShareAgent] => C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe [250768 2011-05-24] (Samsung) HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310064 2014-05-28] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [WinampAgent] => "C:\Program Files (x86)\Winamp\winampa.exe" HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2015-01-09] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [443408 2014-02-07] (BlackBerry Limited) HKLM-x32\...\Run: [Magic Desktop for HP notification] => C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe [1243656 2013-12-07] (Easybits) HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-09-11] (DivX, LLC) HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-29] () HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.) HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [571392 2011-10-30] (Nikon Corporation) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.) HKLM-x32\...\Run: [MailCheck IE Broker] => C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe [2135104 2014-11-17] (1und1 Mail und Media GmbH) HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\Direct3DVideoOutput.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\Direct3DVideoOutput.dll",DllRegisterServer HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DirectSoundAudioOutput.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DirectSoundAudioOutput.dll",DllRegisterServer HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DivXASPDecode.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DivXASPDecode.dll",DllRegisterServer HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DivXDeinterlaceFilter.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DivXDeinterlaceFilter.dll",DllRegisterServer HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\MP3SurroundDecode.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\MP3SurroundDecode.dll",DllRegisterServer HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DivXPlaybackModule.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DivXPlaybackModule.dll",DllRegisterServer HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll",DllRegisterServer HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll",DllRegisterServer HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll",DllRegisterServer HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll",DllRegisterServer HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDFXAudioPlugin.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDFXAudioPlugin.dll",DllRegisterServer HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DFXAudioPlugin.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DFXAudioPlugin.dll",DllRegisterServer HKU\S-1-5-21-132197110-3117043442-3119173927-1000\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-08-20] (Hewlett-Packard Company) HKU\S-1-5-21-132197110-3117043442-3119173927-1000\...\Run: [KiesPDLR] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [843568 2014-05-28] (Samsung) HKU\S-1-5-21-132197110-3117043442-3119173927-1000\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe [578560 2013-04-18] (Samsung Electronics) HKU\S-1-5-21-132197110-3117043442-3119173927-1000\...\Run: [] => [X] HKU\S-1-5-21-132197110-3117043442-3119173927-1000\...\Run: [MyTomTomSA.exe] => C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe [455608 2013-05-23] (TomTom) HKU\S-1-5-21-132197110-3117043442-3119173927-1000\...\Run: [NokiaSuite.exe] => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1092448 2014-11-19] (Nokia) HKU\S-1-5-21-132197110-3117043442-3119173927-1000\...\Policies\system: [DisableLockWorkstation] 0 HKU\S-1-5-21-132197110-3117043442-3119173927-1000\...\Policies\system: [DisableChangePassword] 0 HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-08-20] (Hewlett-Packard Company) HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [KiesPDLR] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [843568 2014-05-28] (Samsung) HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe [578560 2013-04-18] (Samsung Electronics) HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [] => [X] HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [MyTomTomSA.exe] => C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe [455608 2013-05-23] (TomTom) HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [NokiaSuite.exe] => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1092448 2014-11-19] (Nokia) HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DisableLockWorkstation] 0 HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DisableChangePassword] 0 HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-08-20] (Hewlett-Packard Company) HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [QuickTime Task] => "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AnyDVD] => C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [KiesPDLR] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [843568 2014-05-28] (Samsung) HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Ebbaenvyn] => C:\Users\Sumsisum\AppData\Roaming\Cenaat\ubco.exe HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [843568 2014-05-28] (Samsung) HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [openvpntray.EXE] => C:\Users\Sumsisum\AppData\Roaming\Hotspot Shield\bin\openvpntray.EXE -nonadmin HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Greenshot] => C:\Users\Sumsisum\AppData\Local\Greenshot\Greenshot.exe [495616 2013-12-12] (Greenshot) HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [KiesPDLR.exe] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [843568 2014-05-28] (Samsung) HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleChromeAutoLaunch_CC7034B0FA467AF7CA332882BC1B199F] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-01-27] (Google Inc.) HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [NokiaSuite.exe] => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1092448 2014-11-19] (Nokia) HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DisableLockWorkstation] 0 HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DisableChangePassword] 0 HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {c8af9512-5273-11e1-86e7-d2106dcbbcc7} - G:\AutoRun.exe HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {c8af9530-5273-11e1-86e7-d2106dcbbcc7} - G:\AutoRun.exe Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\w98Eject.lnk ShortcutTarget: w98Eject.lnk -> C:\Windows\system\w98eject.exe (Sigmatel) Startup: C:\Users\Sumsisum\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-132197110-3117043442-3119173927-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=BDT3&ocid=BDT3DHP&dt=072113 HKU\S-1-5-21-132197110-3117043442-3119173927-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4 HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=BDT3&ocid=BDT3DHP&dt=072113 HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4 HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.facebook.de/ HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4 HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://www.google.de/ hxxp://www.dict.cc/ SearchScopes: HKLM -> {230D7087-5842-4816-985C-8393ACBAC32D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox SearchScopes: HKLM-x32 -> {230D7087-5842-4816-985C-8393ACBAC32D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000 -> {230D7087-5842-4816-985C-8393ACBAC32D} URL = SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000 -> {56728EB4-149A-4AB9-845B-0CE539BFAF5F} URL = hxxp://go.web.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000 -> {9FA66BE2-9B22-4EE4-845F-A8C2AEB43E93} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=827316&p={searchTerms} SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000 -> {A3B580D5-7A1E-47A6-8959-EDB56220911B} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000 -> {A8230883-C5FB-4BA4-B422-5AC627B247E4} URL = hxxp://go.gmx.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000 -> {B18110A6-0C60-4152-B054-7492AF998A53} URL = hxxp://go.mail.com/tb/en-us/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {230D7087-5842-4816-985C-8393ACBAC32D} URL = SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {56728EB4-149A-4AB9-845B-0CE539BFAF5F} URL = hxxp://go.web.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {9FA66BE2-9B22-4EE4-845F-A8C2AEB43E93} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=827316&p={searchTerms} SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {A3B580D5-7A1E-47A6-8959-EDB56220911B} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {A8230883-C5FB-4BA4-B422-5AC627B247E4} URL = hxxp://go.gmx.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {B18110A6-0C60-4152-B054-7492AF998A53} URL = hxxp://go.mail.com/tb/en-us/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {230D7087-5842-4816-985C-8393ACBAC32D} URL = SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {23E77356-E10E-46C5-AA24-2D9B7C1FB216} URL = hxxp://go.web.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {675FE16E-301D-44E6-8F1F-1D552559A19E} URL = hxxp://go.gmx.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {D045F1E8-885E-482D-8207-5DD49111C39E} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {E9A1BA5E-CB6A-4F07-AD0F-DA446D7AD36B} URL = hxxp://go.mail.com/tb/en-us/ie_searchplugin/?q={searchTerms}&enc=UTF-8 BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.) BHO: WEB.DE MailCheck BHO -> {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} -> C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) BHO-x32: WEB.DE MailCheck BHO -> {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} -> C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File Toolbar: HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {C424171E-592A-415A-9EB1-DFD6D95D3530} - No File DPF: HKLM-x32 {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) Handler-x32: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) Tcpip\Parameters: [DhcpNameServer] 192.168.0.2 Tcpip\..\Interfaces\{2DD74BF9-228A-47CA-9F74-06C1515BF58C}: [NameServer] 139.7.30.125 139.7.30.126 FireFox: ======== FF ProfilePath: C:\Users\Sumsium\AppData\Roaming\Mozilla\Firefox\Profiles\h8p7mo5w.default FF SelectedSearchEngine: Google FF Keyword.URL: hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=827316&p= FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @innoplus.de/ino3DViewer -> C:\Program Files (x86)\innoplus\3D-Viewer-innoPlus\npIno3DViewer.dll (INNOVA-engineering GmbH Dresden) FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( ) FF Plugin-x32: @pack.google.com/Google Updater;version=14 -> C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll () FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: NitroPDF -> C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll ( ) FF Plugin-x32: PDF Architect 2 -> C:\Program Files (x86)\PDF Architect 2\np-previewer.dll (pdfforge GmbH) FF Plugin HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @Google.com/GoogleEarthPlugin -> C:\Users\Sumsisum\AppData\Local\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Extension: Download videos and MP3s from YouTube - C:\Users\Sumsium\AppData\Roaming\Mozilla\Firefox\Profiles\h8p7mo5w.default\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900} [2014-11-12] FF Extension: NoScript - C:\Users\Sumsium\AppData\Roaming\Mozilla\Firefox\Profiles\h8p7mo5w.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012-03-04] FF Extension: Adblock Plus - C:\Users\Sumsium\AppData\Roaming\Mozilla\Firefox\Profiles\h8p7mo5w.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-10-21] FF HKU\S-1-5-21-132197110-3117043442-3119173927-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-11-12] FF HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff Chrome: ======= CHR HomePage: Default -> hxxp://www.google.com/ CHR StartupUrls: Default -> "hxxp://www.google.com/" CHR Profile: C:\Users\Sumsium\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Sumsium\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-04] CHR Extension: (YouTube) - C:\Users\Sumsium\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-01] CHR Extension: (Adblock Plus) - C:\Users\Sumsium\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-03-01] CHR Extension: (Hide My Ass! Web Proxy) - C:\Users\Sumsium\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmgnmcnlncejehjlnhaglpnoolgbflbd [2014-06-13] CHR Extension: (Google-Suche) - C:\Users\Sumsium\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-01] CHR Extension: (Avira Browser Safety) - C:\Users\Sumsium\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-06-13] CHR Extension: (Google Wallet) - C:\Users\Sumsium\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-01] CHR Extension: (Google Mail) - C:\Users\Sumsium\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-01] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation) R2 AntiVirFirewallService; C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [1044784 2014-11-25] (Avira Operations GmbH & Co. KG) R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [807672 2015-01-09] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2015-01-09] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2015-01-09] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [993584 2015-01-09] (Avira Operations GmbH & Co. KG) R3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [585728 2014-01-21] (BlackBerry Limited) [File not signed] R2 ezSharedSvc; C:\Windows\SysWOW64\ezsvc7.dll [129584 2009-02-22] (EasyBits Sofware AS) [File not signed] R2 HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [120832 2009-10-15] (Hewlett-Packard) [File not signed] R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] () R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-08-20] (Hewlett-Packard Company) [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 NitroReaderDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [341296 2011-06-21] (Nitro PDF Software) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-13] (NVIDIA Corporation) S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1716264 2014-04-30] (pdfforge GmbH) S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-04-30] (pdfforge GmbH) R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-06] () R2 SamsungAllShare; C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\WiselinkPro.exe [7237024 2011-05-24] () R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe [247808 2010-03-23] (IDT, Inc.) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 avfwim; C:\Windows\System32\DRIVERS\avfwim.sys [114608 2013-02-12] (Avira GmbH) R1 avfwot; C:\Windows\System32\DRIVERS\avfwot.sys [141376 2013-02-12] (Avira GmbH) R1 avfwot; C:\Windows\SysWOW64\DRIVERS\avfwot.sys [131336 2011-06-30] (Avira GmbH) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-01] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-01] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [43064 2014-10-01] (Avira Operations GmbH & Co. KG) S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-04-18] () [File not signed] R3 GEARAspiWDM; C:\Windows\SysWOW64\DRIVERS\GEARAspiWDM.sys [15664 2011-11-19] (GEAR Software Inc.) S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [212992 2012-02-13] (Huawei Technologies Co., Ltd.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-04] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation) S3 OV550I; C:\Windows\System32\Drivers\ov550ivx.sys [196992 2008-02-21] (Omnivision Technologies, Inc.) S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [79872 2013-12-02] (BlackBerry Limited) R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd) S3 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp.sys [145360 2010-02-12] (Sun Microsystems, Inc.) S3 dgderdrv; System32\drivers\dgderdrv.sys [X] S3 DlinkUDSMBus; SysWOW64\Drivers\DlinkUDSMBus.sys [X] S3 lvpepf64; system32\DRIVERS\lv302a64.sys [X] S3 LVPr2M64; system32\DRIVERS\LVPr2M64.sys [X] S3 LVRS64; system32\DRIVERS\lvrs64.sys [X] S3 PID_PEPI; system32\DRIVERS\LV302V64.SYS [X] S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X] S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-04 22:03 - 2015-02-04 22:04 - 00040454 _____ () C:\Users\Sumsium\Downloads\FRST.txt 2015-02-04 22:03 - 2015-02-04 22:03 - 02131968 _____ (Farbar) C:\Users\Sumsium\Downloads\FRST64.exe 2015-02-04 22:03 - 2015-02-04 22:03 - 00000000 ____D () C:\FRST 2015-02-04 21:39 - 2015-02-04 21:39 - 00001596 _____ () C:\Users\Sumsium\Desktop\MWB_04.02.2015.txt 2015-02-04 20:56 - 2015-02-04 20:56 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-02-04 20:56 - 2015-02-04 20:56 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-02-04 20:56 - 2015-02-04 20:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-02-04 20:56 - 2015-02-04 20:56 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-02-04 20:56 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-02-04 20:56 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-02-04 20:35 - 2015-02-04 20:35 - 02194432 _____ () C:\Users\Sumsium\Downloads\AdwCleaner09.exe 2015-02-04 20:31 - 2015-02-04 20:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WEB.DE MailCheck 2015-02-04 20:31 - 2015-02-04 20:31 - 00000000 ____D () C:\Program Files\WEB.DE MailCheck 2015-02-04 20:31 - 2015-02-04 20:31 - 00000000 ____D () C:\Program Files (x86)\WEB.DE MailCheck 2015-02-02 18:10 - 2015-02-02 18:11 - 00000000 ____D () C:\Users\Sumsisum\AppData\Local\{BCB7DE81-8D52-4792-B5AF-BEB777D12830} 2015-02-01 17:50 - 2015-02-01 17:50 - 00000000 ____D () C:\Users\Sumsisum\AppData\Local\{2EBA8608-3E96-4F27-92D9-C942EDED9FF6} 2015-01-31 18:50 - 2015-01-31 18:51 - 00000000 ____D () C:\Users\Sumsisum\AppData\Local\{BA1C8A95-E08D-458F-BFBB-3D4399D73349} 2015-01-28 19:44 - 2015-01-28 19:44 - 49464479 _____ () C:\Users\Sumsisum\Downloads\Sky_go_v.1.1.apk 2015-01-28 19:24 - 2015-01-28 19:27 - 00000000 ____D () C:\Users\Sumsisum\Desktop\kindle 2015-01-27 18:56 - 2015-01-27 18:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-01-26 18:42 - 2015-01-26 18:42 - 00003882 _____ () C:\Windows\System32\Tasks\Registration 1und1 Task 2015-01-26 18:42 - 2015-01-26 18:42 - 00000000 ____D () C:\ProgramData\UUdb 2015-01-26 11:02 - 2015-01-26 11:02 - 00022720 _____ () C:\Users\Sumsisum\KontakteNokia.7z 2015-01-26 10:57 - 2015-01-26 10:58 - 00000000 ____D () C:\Users\Sumsisum\KontakteNokia 2015-01-26 10:40 - 2015-01-26 10:52 - 00000000 ____D () C:\Users\Sumsium\KontakteNokia 2015-01-26 09:33 - 2015-01-26 09:33 - 00000000 ____D () C:\Users\Sumsium\AppData\Roaming\Windows Live Writer 2015-01-26 09:33 - 2015-01-26 09:33 - 00000000 ____D () C:\Users\Sumsium\AppData\Local\Windows Live Writer 2015-01-26 09:33 - 2015-01-26 09:33 - 00000000 ____D () C:\Users\Sumsium\AppData\Local\{8FFF0D90-6E4F-4354-8769-B7908F254471} 2015-01-26 09:33 - 2015-01-26 09:33 - 00000000 ____D () C:\Users\Sumsium\AppData\Local\{74770D46-27FE-443A-B9EF-4A06FDF3873F} 2015-01-26 08:33 - 2015-01-26 08:33 - 00000000 ____D () C:\Users\Sumsium\AppData\Roaming\Nokia Suite 2015-01-26 08:33 - 2015-01-26 08:33 - 00000000 ____D () C:\Users\Sumsium\AppData\Roaming\Nokia 2015-01-26 08:30 - 2015-01-26 08:30 - 00000000 __SHD () C:\Users\Sumsium\AppData\Local\EmieBrowserModeList 2015-01-26 08:26 - 2015-01-26 08:26 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7 2015-01-26 08:24 - 2015-01-26 08:24 - 00000000 ____D () C:\Users\Sumsium\AppData\Local\Apple Computer 2015-01-25 15:15 - 2015-01-25 15:15 - 04070576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2015-01-25 10:59 - 2015-01-25 10:59 - 00000000 ____D () C:\Users\Sumsisum\Desktop\Sigi Geburtstag 2015-01-23 20:58 - 2015-01-23 20:58 - 02470949 _____ () C:\Users\Sumsisum\Downloads\HollywoodTowers.mp4 2015-01-23 20:55 - 2015-01-23 20:55 - 02842206 _____ () C:\Users\Sumsisum\Downloads\SevenDwarfs.mp4 2015-01-23 19:23 - 2015-01-23 19:23 - 00000000 ____D () C:\Users\Gast\AppData\Local\Apple Computer 2015-01-23 19:23 - 2015-01-23 19:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2015-01-23 19:23 - 2015-01-23 19:23 - 00000000 ____D () C:\ProgramData\Apple Computer 2015-01-23 19:23 - 2015-01-23 19:23 - 00000000 ____D () C:\Program Files\iTunes 2015-01-23 19:23 - 2015-01-23 19:23 - 00000000 ____D () C:\Program Files\iPod 2015-01-23 19:23 - 2015-01-23 19:23 - 00000000 ____D () C:\Program Files (x86)\iTunes 2015-01-23 19:23 - 2012-10-03 16:14 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys 2015-01-23 19:22 - 2015-01-23 19:23 - 00000000 ____D () C:\Program Files\Common Files\Apple 2015-01-23 19:21 - 2015-01-23 19:21 - 00000000 ____D () C:\Program Files\Bonjour 2015-01-23 19:21 - 2015-01-23 19:21 - 00000000 ____D () C:\Program Files (x86)\Bonjour 2015-01-23 19:20 - 2015-01-23 19:20 - 122418480 _____ (Apple Inc.) C:\Users\Gast\Downloads\iTunes64Setup.exe 2015-01-23 19:17 - 2015-01-23 19:17 - 00002247 _____ () C:\Users\Gast\Desktop\Google Chrome.lnk 2015-01-23 19:17 - 2015-01-23 19:17 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google 2015-01-23 19:14 - 2015-01-23 19:14 - 00001270 _____ () C:\Users\Gast\Desktop\Kontakte - Verknüpfung.lnk 2015-01-23 19:09 - 2015-01-26 07:56 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\Nokia 2015-01-23 19:09 - 2015-01-23 19:09 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\Nokia Suite 2015-01-23 19:08 - 2015-01-26 07:52 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\PC Suite 2015-01-23 19:08 - 2015-01-23 19:08 - 00000000 ____D () C:\Users\Gast\AppData\Local\Nokia 2015-01-23 11:57 - 2015-01-23 11:57 - 00002089 _____ () C:\Users\Public\Desktop\Nokia Suite.lnk 2015-01-23 11:57 - 2015-01-23 11:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nokia 2015-01-23 11:57 - 2015-01-23 11:57 - 00000000 ____D () C:\Program Files (x86)\PC Connectivity Solution 2015-01-23 11:57 - 2012-10-17 14:53 - 00026112 _____ (Nokia) C:\Windows\system32\Drivers\pccsmcfdx64.sys 2015-01-23 11:27 - 2015-01-23 11:27 - 01191200 _____ () C:\Users\Sumsisum\Downloads\Nokia Suite - CHIP-Installer.exe 2015-01-23 11:03 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2015-01-21 17:25 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2015-01-21 17:25 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2015-01-21 17:25 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-01-21 17:25 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-01-21 17:25 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-01-21 17:25 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-01-21 17:25 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-01-21 17:25 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-01-21 17:25 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-01-21 17:25 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll 2015-01-21 17:25 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll 2015-01-21 17:25 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll 2015-01-09 18:11 - 2014-11-22 11:46 - 00038032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys 2015-01-09 18:11 - 2014-11-22 11:46 - 00032400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll 2015-01-09 17:39 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-01-09 17:39 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-04 22:00 - 2010-05-23 14:32 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-02-04 21:56 - 2010-03-12 01:19 - 01242434 _____ () C:\Windows\WindowsUpdate.log 2015-02-04 21:15 - 2012-03-29 14:54 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-02-04 20:56 - 2013-06-20 19:24 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware 2015-02-04 20:56 - 2012-03-04 12:38 - 00000000 ____D () C:\Users\Sumsium\AppData\Roaming\Malwarebytes 2015-02-04 20:56 - 2012-03-04 12:38 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-02-04 20:54 - 2010-05-23 14:32 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-02-04 20:49 - 2009-07-14 05:45 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-02-04 20:49 - 2009-07-14 05:45 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-02-04 20:39 - 2011-05-04 16:32 - 00330262 _____ () C:\Windows\SysWOW64\http_ss.log 2015-02-04 20:39 - 2010-03-12 01:22 - 00663978 _____ () C:\Windows\PFRO.log 2015-02-04 20:39 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-02-04 20:39 - 2009-07-14 05:51 - 00210065 _____ () C:\Windows\setupact.log 2015-02-04 20:38 - 2013-11-30 08:58 - 00000000 ____D () C:\AdwCleaner 2015-02-04 20:21 - 2012-09-24 10:34 - 00003954 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{61CDC14D-922F-48FB-A877-B41883A6DD8B} 2015-02-01 17:47 - 2014-08-27 19:26 - 00000000 ____D () C:\Users\Sumsisum\Documents\Wohnung 2015-01-31 18:51 - 2012-01-06 23:04 - 00000000 ____D () C:\Users\Sumsisum\AppData\Local\Windows Live 2015-01-31 12:38 - 2012-06-10 08:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-01-30 23:07 - 2010-01-09 06:07 - 09650414 _____ () C:\Windows\system32\perfh007.dat 2015-01-30 23:07 - 2010-01-09 06:07 - 03042540 _____ () C:\Windows\system32\perfc007.dat 2015-01-30 23:07 - 2009-07-14 06:13 - 00006504 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-01-26 18:42 - 2014-03-22 16:32 - 00000000 ____D () C:\Program Files (x86)\1und1Softwareaktualisierung 2015-01-26 11:02 - 2010-05-18 14:50 - 00000000 ____D () C:\Users\Sumsisum 2015-01-26 10:58 - 2012-07-21 18:33 - 00000000 ____D () C:\Users\Sumsisum\Documents\Rezepte 2015-01-26 10:40 - 2010-05-18 09:40 - 00000000 ____D () C:\Users\Sumsium 2015-01-26 09:33 - 2012-01-06 21:17 - 00000000 ____D () C:\Users\Sumsium\AppData\Local\Windows Live 2015-01-26 08:38 - 2012-01-07 23:18 - 00000000 ____D () C:\Users\Sumsium\AppData\Roaming\Apple Computer 2015-01-26 08:33 - 2012-10-23 18:23 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2015-01-26 08:32 - 2010-11-01 09:38 - 00000000 ____D () C:\Users\Sumsium\AppData\Roaming\PC Suite 2015-01-26 08:06 - 2014-01-21 19:59 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\Apple Computer 2015-01-25 15:15 - 2012-03-29 14:54 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-01-25 15:15 - 2012-03-29 14:54 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-01-25 15:15 - 2011-06-21 17:20 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-01-23 19:21 - 2011-10-31 21:11 - 00000000 ____D () C:\ProgramData\Apple 2015-01-23 12:02 - 2010-09-25 10:22 - 00000000 ____D () C:\Users\Sumsisum\AppData\Local\Nokia 2015-01-23 11:58 - 2010-09-24 19:14 - 00000000 ____D () C:\ProgramData\Nokia 2015-01-23 11:58 - 2010-09-22 10:45 - 00000000 ____D () C:\Users\Sumsium\AppData\Local\Nokia 2015-01-23 11:57 - 2010-09-22 10:41 - 00000000 ____D () C:\Program Files (x86)\Nokia 2015-01-23 11:57 - 2010-03-12 01:17 - 00109498 _____ () C:\Windows\DPINST.LOG 2015-01-23 11:06 - 2013-07-21 11:26 - 00000000 ____D () C:\Windows\system32\MRT 2015-01-23 10:53 - 2010-11-19 20:38 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-01-14 17:52 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-01-13 18:07 - 2014-01-07 12:27 - 00000000 ____D () C:\Users\Sumsisum\AppData\Local\Greenshot 2015-01-09 18:09 - 2014-01-12 18:54 - 00000000 ____D () C:\Users\Sumsisum\AppData\Local\NVIDIA Corporation 2015-01-08 09:55 - 2010-05-18 10:20 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe ==================== Files in the root of some directories ======= 2014-03-01 14:44 - 2014-03-01 14:44 - 0000268 ___RH () C:\Users\Sumsium\AppData\Roaming\Breath Pad 2014-03-01 14:44 - 2014-03-01 14:44 - 0000268 ___RH () C:\Users\Sumsium\AppData\Roaming\Bubble Noise 2013-06-29 16:22 - 2013-06-29 16:42 - 0000077 _____ () C:\Users\Sumsium\AppData\Roaming\Rim.Desktop.Exception.log 2011-03-12 16:59 - 2013-06-29 16:20 - 0003174 _____ () C:\Users\Sumsium\AppData\Roaming\Rim.Desktop.HttpServerSetup.log 2013-06-29 16:22 - 2013-06-29 16:42 - 0000077 _____ () C:\Users\Sumsium\AppData\Roaming\Rim.DesktopHelper.Exception.log 2011-01-08 21:13 - 2011-01-08 21:13 - 0000000 _____ () C:\Users\Sumsium\AppData\Local\AtStart.txt 2011-01-08 21:13 - 2011-01-08 21:13 - 0000000 _____ () C:\Users\Sumsium\AppData\Local\DSwitch.txt 2011-01-08 21:13 - 2011-01-08 21:13 - 0000000 _____ () C:\Users\Sumsium\AppData\Local\QSwitch.txt 2012-01-19 18:19 - 2013-06-22 13:19 - 0007610 _____ () C:\Users\Sumsium\AppData\Local\Resmon.ResmonCfg 2010-12-05 13:30 - 2010-12-28 20:25 - 0000080 ___SH () C:\ProgramData\.zreglib 2014-03-01 14:44 - 2014-03-01 14:44 - 0000268 ___RH () C:\ProgramData\Caches 2014-03-01 14:44 - 2014-03-01 14:44 - 0000268 ___RH () C:\ProgramData\CIOSupport 2014-03-01 14:44 - 2014-03-01 14:44 - 0000012 ___RH () C:\ProgramData\ColorSync 2014-03-01 14:44 - 2014-03-01 14:44 - 0000012 ___RH () C:\ProgramData\Command Line Utility 2010-05-18 09:45 - 2010-11-19 20:38 - 0000188 _____ () C:\ProgramData\HPWALog.txt 2014-05-01 11:17 - 2014-05-01 11:18 - 0000848 ___SH () C:\ProgramData\KGyGaAvL.sys 2014-03-01 14:44 - 2014-03-01 14:44 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT 2014-03-01 14:44 - 2014-03-01 14:44 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT 2010-03-12 01:43 - 2010-03-12 01:43 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log 2010-01-08 23:23 - 2010-01-08 23:23 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log 2010-03-12 01:42 - 2010-03-12 01:42 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log 2010-01-08 23:19 - 2010-01-08 23:20 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log 2010-03-12 01:42 - 2010-03-12 01:42 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log 2010-03-12 01:43 - 2010-03-12 01:43 - 0000032 _____ () C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log 2010-01-08 23:19 - 2010-01-08 23:19 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log 2010-01-08 23:20 - 2010-01-08 23:23 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log 2010-03-12 01:43 - 2010-03-12 01:43 - 0000105 _____ () C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log Some content of TEMP: ==================== C:\Users\Gast\AppData\Local\Temp\avgnt.exe C:\Users\Gast\AppData\Local\Temp\NOSEventMessages.dll C:\Users\Sumsisum\AppData\Local\Temp\avgnt.exe C:\Users\Sumsisum\AppData\Local\Temp\NOSEventMessages.dll C:\Users\Sumsisum\AppData\Local\Temp\SkypeSetup.exe C:\Users\Sumsium\AppData\Local\Temp\abelssoft.setup.exe C:\Users\Sumsium\AppData\Local\Temp\AskSLib.dll C:\Users\Sumsium\AppData\Local\Temp\avgnt.exe C:\Users\Sumsium\AppData\Local\Temp\FreeYouTubeDownload.exe C:\Users\Sumsium\AppData\Local\Temp\NOSEventMessages.dll C:\Users\Sumsium\AppData\Local\Temp\Quarantine.exe C:\Users\Sumsium\AppData\Local\Temp\secuniasi4246931499978730179.dll C:\Users\Sumsium\AppData\Local\Temp\sqlite3.dll C:\Users\Sumsium\AppData\Local\Temp\WEB.DE_Toolbar_IE_Setup.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-24 12:49 ==================== End Of Log ============================ --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-02-2015 01
Ran by Sumsium at 2015-02-04 22:04:41
Running from C:\Users\Sumsium\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
3D-Viewer-innoplus (HKLM-x32\...\{B96DB037-DBEA-4186-9081-9CBD537F82E8}) (Version: 14.00.302 - INNOVA-engineering GmbH)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.1 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM-x32\...\{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}) (Version: 11.5.1.601 - Adobe Systems, Inc.)
Amazon Kindle (HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Amazon Kindle) (Version: - Amazon)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft PhotoImpression 6 (HKLM-x32\...\{063E409E-3D7C-4A4A-95AB-2F124B9224B3}) (Version: 6.1.8.135 - ArcSoft)
ArcSoft ShowBiz (HKLM-x32\...\{9D41D2EF-2D33-4CFD-8A3E-C7E6FCC3303B}) (Version: - ArcSoft)
Avira Internet Security (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
BlackBerry Desktop Software 7.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research in Motion Ltd.)
BlackBerry Desktop Software 7.1 (x32 Version: 7.1.0.41 - Research in Motion Ltd.) Hidden
BlackBerry Device Software Updater (HKLM-x32\...\{29F6BF0C-3D0E-4480-8B55-85EDECE418FF}) (Version: 7.1.0.89 - Research In Motion Ltd)
BlackBerry Device Software Updater (HKLM-x32\...\{E31C1E19-81D2-40C0-BE40-30A2A54E9C27}) (Version: 8.0.0.50 - Research In Motion Ltd)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.60.18.41 - Broadcom Corporation)
calibre (HKLM-x32\...\{39509A2F-C63C-404E-A4DC-7E6D4FCB6D66}) (Version: 1.39.0 - Kovid Goyal)
CheckDrive (HKLM-x32\...\{B83513EC-2E4D-4621-816D-4CCF397BE702}_is1) (Version: 4.4 - Abelssoft)
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Corel Paint Shop Pro Photo X2 (HKLM-x32\...\{64E72FB1-2343-4977-B4A8-262CD53D0BD3}) (Version: 12.50.0001 - Corel Corporation)
Corel VideoStudio 12 (HKLM-x32\...\InstallShield_{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}) (Version: 12.0.0.0000 - Corel Corporation)
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2216 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.87 - DivX, LLC)
dm-Fotowelt (HKLM-x32\...\dm-Fotowelt) (Version: 5.1.3 - CEWE Stiftung u Co. KGaA)
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 3.1.3224 - Hewlett-Packard)
DVD Menu Pack for HP MediaSmart Video (x32 Version: 3.1.3224 - Hewlett-Packard) Hidden
ENE CIR Receiver Driver (HKLM\...\FFE7D41DF3C645075BB149E21988B63996C34187) (Version: 2.7.4.0 - ENE)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
FanFictionDownloader version 0.8.9 (HKLM-x32\...\{1D868954-1083-4BBA-8379-C7A9B2705CBA}_is1) (Version: 0.8.9 - Raimond Eisele)
Free Audio Dub version 1.7.9.908 (HKLM-x32\...\Free Audio Dub_is1) (Version: 1.7.9.908 - DVDVideoSoft Ltd.)
Free DVD Video Converter version 2.0.20.623 (HKLM-x32\...\Free DVD Video Converter_is1) (Version: 2.0.20.623 - DVDVideoSoft Ltd.)
Free MP4 Video Converter version 5.0.28.827 (HKLM-x32\...\Free MP4 Video Converter_is1) (Version: 5.0.28.827 - DVDVideoSoft Ltd.)
Free Video Dub version 2.0.21.827 (HKLM-x32\...\Free Video Dub_is1) (Version: 2.0.21.827 - DVDVideoSoft Ltd.)
Free Video to MP3 Converter version 5.0.28.827 (HKLM-x32\...\Free Video to MP3 Converter_is1) (Version: 5.0.28.827 - DVDVideoSoft Ltd.)
Free YouTube Download version 3.2.49.1122 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.49.1122 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.50.1111 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.50.1111 - DVDVideoSoft Ltd.)
GIMP 2.6.8 (HKLM\...\WinGimp-2.0_is1) (Version: - )
GO Contact Sync Mod (HKLM-x32\...\{6CF50AEE-2F3E-4D01-999E-91BEB5CDB9B3}) (Version: 3.5.22 - WebGear, Create Software, Stru.be, saller.NET)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.94 - Google Inc.)
Google Chrome (HKU\S-1-5-21-132197110-3117043442-3119173927-1000\...\Google Chrome) (Version: 14.0.835.186 - Google Inc.)
Google Chrome (HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Google Chrome) (Version: 14.0.835.186 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Earth (HKLM-x32\...\{C768790F-04FB-11E0-9B2C-001AA037B01E}) (Version: 6.0.1.2032 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Updater (HKLM-x32\...\Google Updater) (Version: 2.4.2432.1652 - Google Inc.)
Greenshot 1.1.7.17 (HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Greenshot_is1) (Version: 1.1.7.17 - Greenshot)
Hotspot Shield 2.78 (HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\HotspotShield) (Version: 2.78 - AnchorFree Inc.)
HP 3D DriveGuard (HKLM\...\{7FD7F421-39B2-4CAC-BC41-7D83DDBAB329}) (Version: 4.0.3.1 - Hewlett-Packard)
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.9512.3162 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 3.1.3509 - Hewlett-Packard)
HP MediaSmart Internet TV (HKLM-x32\...\InstallShield_{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}) (Version: 3.1.2125 - Hewlett-Packard)
HP MediaSmart Live TV (HKLM-x32\...\InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}) (Version: 3.1.2206 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 3.1.3405 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{88E60521-1E4E-4785-B9F1-1798A4BD0C30}) (Version: 3.1.0.1 - Hewlett-Packard)
HP MediaSmart Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.2207 - Hewlett-Packard)
HP Quick Launch Buttons (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.7.1 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{17B4760F-334B-475D-829F-1A3E94A6A4E6}) (Version: 1.2.3560.3170 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{06F22256-8A8D-4F3F-B22C-6E07313D0FD1}) (Version: 4.2.6.13 - Hewlett-Packard)
HP Update (HKLM-x32\...\{D46D081B-F60E-467E-A7C4-117B70D76731}) (Version: 5.001.000.014 - Hewlett-Packard)
HP User Guides 0153 (HKLM-x32\...\{2EBA8202-FBD5-4004-81EA-BDC38C054CE2}) (Version: 1.01.0000 - Hewlett-Packard)
HP Wireless Assistant (HKLM-x32\...\{54CC7901-804D-4155-B353-21F0CC9112AB}) (Version: 3.50.9.1 - Hewlett-Packard)
HPAsset component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6249.0 - IDT)
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.00.00.1030 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 9 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217009FF}) (Version: 7.0.90 - Oracle)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.32.1 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Mega Codec Pack 6.7.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 6.7.0 - )
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2215 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2215 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{CC8E94A2-55C7-4460-953C-2A790180578C}) (Version: 1.18.8.1 - LightScribe)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Communicator 2007 (HKLM-x32\...\{0FCA0973-24C0-48EA-8CF6-71B53C135C09}) (Version: 2.0.6362.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUSR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Project 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{8446EB22-A746-46DC-B1BD-E0DFA1F3CDDA}) (Version: - Microsoft)
Microsoft Office Project Professional 2007 (HKLM-x32\...\PRJPRO) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)
Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 21.005.15.02.35 - Huawei Technologies Co.,Ltd)
Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 3.1.3310 - Hewlett-Packard)
Movie Theme Pack for HP MediaSmart Video (x32 Version: 3.1.3310 - Hewlett-Packard) Hidden
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-132197110-3117043442-3119173927-1000\...\MyFreeCodec) (Version: - )
MyFreeCodec (HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MyFreeCodec) (Version: - )
MyTomTom 3.2.0.1116 (HKLM-x32\...\MyTomTom) (Version: 3.2.0.1116 - TomTom)
NAVIGON Fresh 3.4.1 (HKLM-x32\...\NAVIGON Fresh) (Version: 3.4.1 - NAVIGON)
Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.1.0 - Nikon)
Nitro PDF Reader 2 (HKLM\...\{3DA00A00-C3E9-4064-B62C-CAD25EAF0B6A}) (Version: 2.0.0.29 - Nitro PDF Software)
Nokia Connectivity Cable Driver (HKLM-x32\...\{29373274-977E-413C-A4DE-DC0F8E80C429}) (Version: 7.1.172.0 - Nokia)
Nokia Suite (HKLM-x32\...\Nokia Suite) (Version: 3.8.54.0 - Nokia)
Nokia Suite (x32 Version: 3.8.54.0 - Nokia) Hidden
NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation)
NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
OVTScanner_Vista64 (HKLM-x32\...\{AE09704D-9051-4C25-B940-77F889F0C93F}) (Version: 1.00.0000 - OVT)
PC Connectivity Solution (HKLM-x32\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia)
PDF Architect 2 (HKLM-x32\...\PDF Architect 2) (Version: 2.0.24.16092 - pdfforge GmbH)
PDF Architect 2 View Module (HKLM-x32\...\{46889070-D447-4936-A5D3-246DB972FA2E}) (Version: 2.0.6.16537 - pdfforge GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
Perfect Effects 8 (HKLM-x32\...\{ABC791C9-E95B-40C8-8BDD-F5E84E2E268B}) (Version: 8.1.0 - onOne Software)
Picture Control Utility x64 (HKLM\...\{11953C65-BB4E-4CA4-B0F0-2600A4B20040}) (Version: 1.5.0 - Nikon)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3415 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3415 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3420 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3420 - CyberLink Corp.) Hidden
QLBCASL (x32 Version: 6.40.17.2 - Hewlett-Packard) Hidden
Realtek Ethernet Controller Driver For Windows Vista and Later (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0010 - Realtek)
Recovery Manager (x32 Version: 5.5.2214 - CyberLink Corp.) Hidden
Samsung AllShare (HKLM-x32\...\InstallShield_{DF47ACA3-7C78-4C08-8007-AC682563C9F1}) (Version: 2.0.0.11054_1 - Samsung Electronics Co., Ltd.)
Samsung AllShare (x32 Version: 2.0.0.11054_1 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.3.0.12035_16 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.3.0.12035_16 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14055.3 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.14055.3 - Samsung Electronics Co., Ltd.) Hidden
Samsung Story Album Viewer (HKLM-x32\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (x32 Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.40.0 - SAMSUNG Electronics Co., Ltd.)
SDFormatter (HKLM-x32\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association)
SeaTools for Windows (HKLM-x32\...\{98613C99-1399-416C-A07C-1EE1C585D872}) (Version: 1.2.0.6 - Seagate Technology)
Security Task Manager 1.8d (HKLM-x32\...\Security Task Manager) (Version: 1.8d - Neuber Software)
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
Uninstall 1.0.0.1 (HKLM-x32\...\Uninstall_is1) (Version: - )
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_PROPLUSR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_PROPLUSR_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_PROPLUSR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_PROPLUSR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
USB Video/Audio Device Driver (HKLM-x32\...\{3717C4F2-7412-4793-9BB8-D73D2817B3D6}) (Version: 1.00.0000 - Ihr Firmenname)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VideoStudio (x32 Version: 12.0.0.0000 - Corel Corporation) Hidden
ViewNX 2 (HKLM\...\{635BE602-BB9C-4C59-8CC5-93F9366E8A21}) (Version: 2.9.0 - Nikon)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player 2.0.5 (HKLM\...\VLC media player) (Version: 2.0.5 - VideoLAN)
WEB.DE Desktop Icons (HKLM-x32\...\1&1 Mail & Media GmbH 1und1DesktopIconsInstaller) (Version: 3.0.5.0 - 1&1 Mail & Media GmbH)
WEB.DE MailCheck für Internet Explorer (HKLM-x32\...\1&1 Mail & Media GmbH Toolbar IE8) (Version: 2.6.0.4 - 1&1 Mail & Media GmbH)
WEB.DE Softwareaktualisierung (HKLM-x32\...\1&1 Mail & Media GmbH 1und1Softwareaktualisierung) (Version: 3.0.1.0 - 1&1 Mail & Media GmbH)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version: - )
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
27-01-2015 17:59:04 Windows Update
03-02-2015 19:29:09 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {06912DA8-7E8E-47F1-9ECB-01ACCFE01BFA} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2009-10-16] (Hewlett-Packard)
Task: {0EA10969-B17C-4EA2-86B3-F46A40B85947} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {15E9D28F-D4BE-4DCE-902F-3053F4B11CF7} - System32\Tasks\Abelssoft\CheckDriveBackgroundGuard => C:\Program Files (x86)\CheckDrive\CheckDriveBackgroundGuard.exe [2014-01-28] (Abelssoft)
Task: {1B6CED74-D032-41B7-BA1A-0A5A84D3FB5F} - System32\Tasks\CapSchedInst => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapSchedInst.exe [2009-10-06] (CL)
Task: {4BE89BF7-2466-43AF-BF6F-BFAE1E8DD198} - System32\Tasks\Registration 1und1 Task => C:\Program Files (x86)\1und1Softwareaktualisierung\cdsupdclient.exe [2014-03-31] (1&1 Mail & Media GmbH)
Task: {69E47965-1619-42BC-99A5-651013BA8C81} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {714E8A40-F51B-4AE6-A357-4BD34F8AEDBD} - System32\Tasks\TVAgent => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe [2009-10-06] (CyberLink Corp.)
Task: {76256CF1-17EC-4986-B2BE-738E585BF17D} - System32\Tasks\{6BCF8F69-FDCB-444D-A637-957BB97FBF7D} => C:\Program Files (x86)\ALNO\KPL\KPL.exe
Task: {7EA6E2A3-A6FA-49B9-B3F0-7AB8C1BA64A6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-25] (Adobe Systems Incorporated)
Task: {A5EB7A1E-857D-4283-81D5-680C14AB6859} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
Task: {AB0B7C64-8857-451B-914B-6213F94AD592} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2009-10-16] (Hewlett-Packard)
Task: {B981457B-208B-419F-9629-9418AB3CC0B5} - System32\Tasks\CapSvcInst => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapSvcInst.exe [2009-10-06] (CL)
Task: {BA4D7814-C7D4-42B7-85A6-9ECFF6A6003C} - System32\Tasks\CapUninst => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapUninst.exe [2009-10-06] (CL)
Task: {CA5AC19B-7E9E-4C20-B26E-45CDE362DD82} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {CDC9362A-98E9-4FD8-A2C2-BEB5CEA9758A} - System32\Tasks\Google Software Updater => C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-09-13] (Google)
Task: {D850A102-73E0-441B-AAF6-7E2ED764E23B} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-10-05] (CyberLink)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Google Software Updater.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) ==============
2011-03-14 16:27 - 2011-03-14 16:27 - 00346976 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
2010-01-08 23:23 - 2009-07-06 20:20 - 00247152 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2011-05-24 12:44 - 2011-05-24 12:44 - 07237024 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\WiselinkPro.exe
2011-05-24 12:44 - 2011-05-24 12:44 - 00428088 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\http_ss_win_pro.exe
2013-07-21 11:56 - 2014-07-02 19:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-02-24 21:21 - 2014-01-28 17:33 - 00019744 _____ () C:\Program Files (x86)\CheckDrive\AbStartManager.dll
2014-02-24 21:21 - 2014-01-28 17:33 - 00014112 _____ () C:\Program Files (x86)\CheckDrive\AbMessages.dll
2009-08-25 09:48 - 2009-08-25 09:48 - 00610872 _____ () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
2009-08-25 18:34 - 2009-08-25 18:34 - 00015544 ____R () C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
2013-08-29 01:23 - 2013-08-29 01:23 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2009-07-01 15:44 - 2009-07-01 15:44 - 00632888 _____ () C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
2012-10-23 18:55 - 2014-06-26 07:44 - 00358144 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-12-18 10:02 - 2010-12-18 10:02 - 00672782 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\avformat-52.dll
2010-12-18 10:02 - 2010-12-18 10:02 - 04434958 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\avcodec-52.dll
2010-12-18 10:02 - 2010-12-18 10:02 - 00069134 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\avutil-50.dll
2010-12-18 10:02 - 2010-12-18 10:02 - 00335360 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\PCAutoChapterLib.dll
2010-12-15 20:22 - 2010-12-15 20:22 - 00147456 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\libexpat.dll
2010-12-18 10:02 - 2010-12-18 10:02 - 00131086 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\swscale-0.dll
2010-12-15 20:22 - 2011-07-16 13:23 - 00057856 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\lang.dll
2009-08-20 12:35 - 2009-08-20 12:35 - 02121728 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
2009-08-20 12:35 - 2009-08-20 12:35 - 07745536 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
2009-08-20 12:35 - 2009-08-20 12:35 - 00135168 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2013-05-23 12:53 - 2013-05-23 12:53 - 00026040 _____ () C:\Program Files (x86)\MyTomTom 3\DeviceDetection.dll
2013-05-23 12:53 - 2013-05-23 12:53 - 00074680 _____ () C:\Program Files (x86)\MyTomTom 3\TomTomSupporterBase.dll
2013-05-23 12:53 - 2013-05-23 12:53 - 00279480 _____ () C:\Program Files (x86)\MyTomTom 3\TomTomSupporterProxy.dll
2014-11-19 12:48 - 2014-11-19 12:48 - 08507232 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtGui4.dll
2014-11-19 12:48 - 2014-11-19 12:48 - 02354016 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtCore4.dll
2014-11-19 12:48 - 2014-11-19 12:48 - 01014624 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtNetwork4.dll
2014-11-19 12:48 - 2014-11-19 12:48 - 00364384 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtXml4.dll
2014-11-19 12:48 - 2014-11-19 12:48 - 02480992 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtDeclarative4.dll
2014-11-19 12:48 - 2014-11-19 12:48 - 01346912 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtScript4.dll
2014-11-19 12:48 - 2014-11-19 12:48 - 00206176 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtSql4.dll
2014-11-19 12:48 - 2014-11-19 12:48 - 02653024 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtXmlPatterns4.dll
2014-11-19 12:48 - 2014-11-19 12:48 - 00033120 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qgif4.dll
2014-11-19 12:48 - 2014-11-19 12:48 - 00035680 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qico4.dll
2014-11-19 12:48 - 2014-11-19 12:48 - 00207200 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qjpeg4.dll
2014-11-19 12:48 - 2014-11-19 12:48 - 11166560 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtWebKit4.dll
2014-11-19 12:48 - 2014-11-19 12:48 - 00276832 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\phonon4.dll
2014-11-11 10:21 - 2014-11-11 10:21 - 00392552 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\ssoengine.dll
2014-11-11 10:21 - 2014-11-11 10:21 - 00059752 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\securestorage.dll
2014-11-19 12:48 - 2014-11-19 12:48 - 00446304 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll
2014-11-19 12:48 - 2014-11-19 12:48 - 00520544 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtMultimediaKit1.dll
2014-11-19 12:48 - 2014-11-19 12:48 - 00720736 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtOpenGL4.dll
2014-11-19 12:46 - 2014-11-19 12:46 - 00606560 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\CommonUpdateChecker.dll
2014-11-19 12:47 - 2014-11-19 12:47 - 00438624 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\NService.dll
2014-11-19 12:48 - 2014-11-19 12:48 - 00093024 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\qjson.dll
2013-08-29 01:25 - 2013-08-29 01:25 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2009-10-05 23:08 - 2009-10-05 23:08 - 00931112 ____N () c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
2015-01-27 18:56 - 2015-01-27 18:56 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Registry Areas =====================
(Currently there is no automatic fix for this section.)
ATTENTION: Missing Desktop Wallpaper Registry entry.
ATTENTION: Missing Desktop Wallpaper Registry entry.
HKU\S-1-5-21-132197110-3117043442-3119173927-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Sumsium\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Sumsium\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Sumsisum\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== Accounts: =============================
Administrator (S-1-5-21-132197110-3117043442-3119173927-500 - Administrator - Disabled)
Gast (S-1-5-21-132197110-3117043442-3119173927-501 - Limited - Enabled) => C:\Users\Gast
HomeGroupUser$ (S-1-5-21-132197110-3117043442-3119173927-1004 - Limited - Enabled)
Sumsisum (S-1-5-21-132197110-3117043442-3119173927-1003 - Limited - Enabled) => C:\Users\Sumsisum
Sumsium (S-1-5-21-132197110-3117043442-3119173927-1000 - Administrator - Enabled) => C:\Users\Sumsium
==================== Faulty Device Manager Devices =============
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (02/04/2015 09:50:14 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (02/04/2015 09:50:11 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (02/04/2015 09:50:11 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (02/04/2015 08:39:47 PM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.IndexOutOfRangeException: Der Index war außerhalb des Arraybereichs.
bei AllShareSlideShowService.SlideShowService.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (02/03/2015 09:56:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2028
Error: (02/03/2015 09:56:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2028
Error: (02/03/2015 09:56:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (02/03/2015 09:56:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1014
Error: (02/03/2015 09:56:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1014
Error: (02/03/2015 09:56:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
System errors:
=============
Error: (02/04/2015 08:38:43 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.
Modulpfad: C:\Windows\System32\bcmihvsrv64.dll
Error: (02/04/2015 08:38:43 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.
Modulpfad: C:\Windows\System32\bcmihvsrv64.dll
Error: (02/04/2015 08:38:39 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.
Modulpfad: C:\Windows\System32\bcmihvsrv64.dll
Error: (02/04/2015 08:38:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (02/04/2015 08:38:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (02/04/2015 08:38:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "HP Health Check Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (02/04/2015 08:38:30 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "BlackBerry Device Manager" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (02/04/2015 08:38:30 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "hpqwmiex" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (02/04/2015 08:38:30 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "iPod-Dienst" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (02/04/2015 08:38:30 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "ServiceLayer" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Microsoft Office Sessions:
=========================
Error: (09/03/2014 07:33:36 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 98602 seconds with 1080 seconds of active time. This session ended with a crash.
Error: (01/21/2014 06:46:35 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 428288 seconds with 1080 seconds of active time. This session ended with a crash.
Error: (09/18/2013 09:17:52 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6679.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 132322 seconds with 1440 seconds of active time. This session ended with a crash.
Error: (02/23/2013 06:38:32 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 69585 seconds with 240 seconds of active time. This session ended with a crash.
Error: (11/10/2012 05:04:49 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash.
Error: (10/13/2012 02:15:00 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 0 seconds with 0 seconds of active time. This session ended with a crash.
Error: (10/09/2012 00:48:01 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 0 seconds with 0 seconds of active time. This session ended with a crash.
Error: (04/24/2012 08:01:51 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 50 seconds with 0 seconds of active time. This session ended with a crash.
Error: (07/21/2011 01:20:30 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 501708 seconds with 360 seconds of active time. This session ended with a crash.
Error: (01/07/2011 11:37:03 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 41763 seconds with 4320 seconds of active time. This session ended with a crash.
CodeIntegrity Errors:
===================================
Date: 2013-05-06 21:31:51.133
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-05-06 21:31:50.972
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-05-06 21:31:48.255
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-05-06 21:31:48.017
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-05-06 21:31:45.551
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-05-06 21:31:45.325
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-05-06 21:31:43.066
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-05-06 21:31:42.899
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-05-06 21:31:40.699
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-05-06 21:31:40.502
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5 CPU M 430 @ 2.27GHz
Percentage of memory in use: 31%
Total physical RAM: 8182.87 MB
Available physical RAM: 5613.76 MB
Total Pagefile: 16363.92 MB
Available Pagefile: 13002.2 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:281.1 GB) (Free:46 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:16.69 GB) (Free:2.72 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
Drive g: (Elements) (Fixed) (Total:1397.26 GB) (Free:156.52 GB) NTFS
Drive h: (CAM_SD) (Removable) (Total:7.39 GB) (Free:4.27 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: F6A96D4D)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=281.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=16.7 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)
========================================================
Disk: 1 (Size: 7.4 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 1397.3 GB) (Disk ID: 0010410D)
Partition 1: (Not Active) - (Size=1397.3 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
05.02.2015, 00:14
| #4 |
| Ruhe in Frieden † 2019 | Fund bei Malwarebytes: OpenCandy und Spigot Hallo sabine78, bitte mit diesem Rechner kein Onlinebanking, keine sensiblen Transaktionen bis dieser sauber ist. Passwörter von einem sauberen Rechner aus ändern. Schritt 1 Scan mit Combofix
Schritt 2 Starte noch einmal FRST.
|
|
05.02.2015, 21:09
| #5 |
| | Fund bei Malwarebytes: OpenCandy und Spigot Hallo Sandra, anbei der nächste Report Code:
ATTFilter ComboFix 15-02-02.01 - Sumsium 05.02.2015 20:40:34.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8183.5568 [GMT 1:00]
ausgeführt von:: c:\users\Sumsium\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Sumsisum\AppData\Roaming\Enokyl
c:\users\Sumsisum\AppData\Roaming\Enokyl\qiem.ciy
c:\users\Sumsisum\AppData\Roaming\Microsoft\engine_ag.dll
c:\windows\SysWow64\System32\MASetupCleaner.exe
c:\windows\SysWow64\System32\muzapp.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2015-01-05 bis 2015-02-05 ))))))))))))))))))))))))))))))
.
.
2015-02-05 19:50 . 2015-02-05 19:50 -------- d-----w- c:\users\Sumsisum\AppData\Local\temp
2015-02-05 19:50 . 2015-02-05 19:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-02-04 21:03 . 2015-02-04 21:05 -------- d-----w- C:\FRST
2015-02-04 19:56 . 2015-02-05 19:28 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-02-04 19:56 . 2015-02-04 19:56 -------- d-----w- c:\program files (x86)\ Malwarebytes Anti-Malware
2015-02-04 19:56 . 2014-11-21 05:14 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-02-04 19:56 . 2014-11-21 05:14 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-02-04 19:31 . 2015-02-04 19:31 -------- d-----w- c:\program files\WEB.DE MailCheck
2015-02-04 19:31 . 2015-02-04 19:31 -------- d-----w- c:\program files (x86)\WEB.DE MailCheck
2015-02-03 18:29 . 2014-12-02 10:26 11870360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0780D292-06E2-4726-9878-52E8C4DC03F7}\mpengine.dll
2015-01-26 17:42 . 2015-01-26 17:42 -------- d-----w- c:\programdata\UUdb
2015-01-26 09:57 . 2015-01-26 09:58 -------- d-----w- c:\users\Sumsisum\KontakteNokia
2015-01-26 09:40 . 2015-01-26 09:52 -------- d-----w- c:\users\Sumsium\KontakteNokia
2015-01-26 08:33 . 2015-01-26 08:33 -------- d-----w- c:\users\Sumsium\AppData\Roaming\Windows Live Writer
2015-01-26 08:33 . 2015-01-26 08:33 -------- d-----w- c:\users\Sumsium\AppData\Local\Windows Live Writer
2015-01-26 07:33 . 2015-01-26 07:33 -------- d-----w- c:\users\Sumsium\AppData\Roaming\Nokia Suite
2015-01-26 07:33 . 2015-01-26 07:33 -------- d-----w- c:\users\Sumsium\AppData\Roaming\Nokia
2015-01-26 07:30 . 2015-01-26 07:30 -------- d-sh--w- c:\users\Sumsium\AppData\Local\EmieBrowserModeList
2015-01-26 07:26 . 2015-01-26 07:26 -------- d-----w- c:\programdata\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-01-26 07:24 . 2015-01-26 07:24 -------- d-----w- c:\users\Sumsium\AppData\Local\Apple Computer
2015-01-25 14:15 . 2015-01-25 14:15 4070576 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2015-01-23 18:23 . 2015-01-23 18:23 -------- d-----w- c:\users\Gast\AppData\Local\Apple Computer
2015-01-23 18:23 . 2012-10-03 15:14 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2015-01-23 18:23 . 2015-01-23 18:23 -------- d-----w- c:\program files\iPod
2015-01-23 18:23 . 2015-01-23 18:23 -------- d-----w- c:\program files\iTunes
2015-01-23 18:23 . 2015-01-23 18:23 -------- d-----w- c:\program files (x86)\iTunes
2015-01-23 18:23 . 2015-01-23 18:23 -------- d-----w- c:\programdata\Apple Computer
2015-01-23 18:22 . 2015-01-23 18:23 -------- d-----w- c:\program files\Common Files\Apple
2015-01-23 18:21 . 2015-01-23 18:21 -------- d-----w- c:\program files (x86)\Bonjour
2015-01-23 18:21 . 2015-01-23 18:21 -------- d-----w- c:\program files\Bonjour
2015-01-23 18:17 . 2015-01-23 18:17 -------- d-----w- c:\users\Gast\AppData\Local\Google
2015-01-23 18:09 . 2015-01-23 18:09 -------- d-----w- c:\users\Gast\AppData\Roaming\Nokia Suite
2015-01-23 18:09 . 2015-01-26 06:56 -------- d-----w- c:\users\Gast\AppData\Roaming\Nokia
2015-01-23 18:08 . 2015-01-23 18:08 -------- d-----w- c:\users\Gast\AppData\Local\Nokia
2015-01-23 18:08 . 2015-01-26 06:52 -------- d-----w- c:\users\Gast\AppData\Roaming\PC Suite
2015-01-23 10:57 . 2012-10-17 13:53 26112 ----a-w- c:\windows\system32\drivers\pccsmcfdx64.sys
2015-01-23 10:57 . 2015-01-23 10:57 -------- d-----w- c:\program files (x86)\PC Connectivity Solution
2015-01-23 10:03 . 2014-12-11 17:47 87040 ----a-w- c:\windows\system32\TSWbPrxy.exe
2015-01-21 16:25 . 2014-12-19 03:06 210432 ----a-w- c:\windows\system32\profsvc.dll
2015-01-21 16:25 . 2014-12-06 04:17 303616 ----a-w- c:\windows\system32\nlasvc.dll
2015-01-21 16:25 . 2014-12-06 03:50 52224 ----a-w- c:\windows\SysWow64\nlaapi.dll
2015-01-21 16:25 . 2014-12-06 03:50 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
2015-01-21 16:25 . 2014-12-19 01:46 141312 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2015-01-21 16:25 . 2014-12-12 05:35 5553592 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-01-21 16:25 . 2014-12-12 05:11 3971512 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2015-01-21 16:25 . 2014-12-12 05:31 503808 ----a-w- c:\windows\system32\srcore.dll
2015-01-21 16:25 . 2014-12-12 05:31 50176 ----a-w- c:\windows\system32\srclient.dll
2015-01-21 16:25 . 2014-12-12 05:31 296960 ----a-w- c:\windows\system32\rstrui.exe
2015-01-21 16:25 . 2014-12-12 05:11 3916728 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2015-01-21 16:25 . 2014-12-12 05:07 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2015-01-09 17:11 . 2014-11-22 10:46 38032 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
2015-01-09 17:11 . 2014-11-22 10:46 32400 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
2015-01-09 16:39 . 2014-12-13 05:09 144384 ----a-w- c:\windows\system32\ieUnatt.exe
2015-01-09 16:39 . 2014-12-13 03:33 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-25 14:15 . 2012-03-29 13:54 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-01-25 14:15 . 2011-06-21 16:20 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-01-23 09:53 . 2010-11-19 19:38 113365784 ----a-w- c:\windows\system32\MRT.exe
2015-01-08 08:55 . 2010-05-18 09:20 298120 ------w- c:\windows\system32\MpSigStub.exe
2014-12-04 02:50 . 2014-12-11 19:05 413184 ----a-w- c:\windows\system32\generaltel.dll
2014-12-04 02:50 . 2014-12-11 19:05 741376 ----a-w- c:\windows\system32\invagent.dll
2014-12-04 02:50 . 2014-12-11 19:05 396800 ----a-w- c:\windows\system32\devinv.dll
2014-12-04 02:50 . 2014-12-11 19:05 830976 ----a-w- c:\windows\system32\appraiser.dll
2014-12-04 02:50 . 2014-12-11 19:05 192000 ----a-w- c:\windows\system32\aepic.dll
2014-12-04 02:50 . 2014-12-11 19:05 227328 ----a-w- c:\windows\system32\aepdu.dll
2014-12-04 02:44 . 2014-12-11 19:05 1083392 ----a-w- c:\windows\system32\aeinv.dll
2014-12-01 23:28 . 2014-12-11 19:05 1232040 ----a-w- c:\windows\system32\aitstatic.exe
2014-11-27 01:43 . 2014-12-11 19:04 389296 ----a-w- c:\windows\system32\iedkcs32.dll
2014-11-22 10:46 . 2014-01-12 17:40 35472 ----a-w- c:\windows\system32\nvaudcap64v.dll
2014-11-22 03:13 . 2014-12-11 19:04 25059840 ----a-w- c:\windows\system32\mshtml.dll
2014-11-22 03:06 . 2014-12-11 19:04 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-11-22 03:06 . 2014-12-11 19:04 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-11-22 02:50 . 2014-12-11 19:04 66560 ----a-w- c:\windows\system32\iesetup.dll
2014-11-22 02:50 . 2014-12-11 19:04 580096 ----a-w- c:\windows\system32\vbscript.dll
2014-11-22 02:49 . 2014-12-11 19:04 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-11-22 02:49 . 2014-12-11 19:04 2885120 ----a-w- c:\windows\system32\iertutil.dll
2014-11-22 02:48 . 2014-12-11 19:04 88064 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-11-22 02:41 . 2014-12-11 19:04 54784 ----a-w- c:\windows\system32\jsproxy.dll
2014-11-22 02:40 . 2014-12-11 19:04 34304 ----a-w- c:\windows\system32\iernonce.dll
2014-11-22 02:37 . 2014-12-11 19:04 633856 ----a-w- c:\windows\system32\ieui.dll
2014-11-22 02:35 . 2014-12-11 19:04 114688 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-11-22 02:34 . 2014-12-11 19:04 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2014-11-22 02:34 . 2014-12-11 19:04 6039552 ----a-w- c:\windows\system32\jscript9.dll
2014-11-22 02:26 . 2014-12-11 19:04 968704 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-11-22 02:22 . 2014-12-11 19:04 490496 ----a-w- c:\windows\system32\dxtmsft.dll
2014-11-22 02:20 . 2014-12-11 19:04 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-11-22 02:14 . 2014-12-11 19:04 77824 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-22 02:09 . 2014-12-11 19:04 199680 ----a-w- c:\windows\system32\msrating.dll
2014-11-22 02:08 . 2014-12-11 19:04 92160 ----a-w- c:\windows\system32\mshtmled.dll
2014-11-22 02:07 . 2014-12-11 19:04 501248 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-11-22 02:07 . 2014-12-11 19:04 62464 ----a-w- c:\windows\SysWow64\iesetup.dll
2014-11-22 02:06 . 2014-12-11 19:04 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05 . 2014-12-11 19:04 64000 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2014-11-22 02:05 . 2014-12-11 19:04 316928 ----a-w- c:\windows\system32\dxtrans.dll
2014-11-22 01:54 . 2014-12-11 19:04 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2014-11-22 01:49 . 2014-12-11 19:04 718848 ----a-w- c:\windows\system32\ie4uinit.exe
2014-11-22 01:49 . 2014-12-11 19:04 800768 ----a-w- c:\windows\system32\msfeeds.dll
2014-11-22 01:47 . 2014-12-11 19:04 1359360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-11-22 01:46 . 2014-12-11 19:04 2125312 ----a-w- c:\windows\system32\inetcpl.cpl
2014-11-22 01:43 . 2014-12-11 19:04 14412800 ----a-w- c:\windows\system32\ieframe.dll
2014-11-22 01:40 . 2014-12-11 19:04 60416 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29 . 2014-12-11 19:04 4299264 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-11-22 01:28 . 2014-12-11 19:04 2358272 ----a-w- c:\windows\system32\wininet.dll
2014-11-22 01:22 . 2014-12-11 19:04 2052096 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2014-11-22 01:21 . 2014-12-11 19:04 1155072 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:15 . 2014-12-11 19:04 1548288 ----a-w- c:\windows\system32\urlmon.dll
2014-11-22 01:03 . 2014-12-11 19:04 800768 ----a-w- c:\windows\system32\ieapfltr.dll
2014-11-22 01:00 . 2014-12-11 19:04 1888256 ----a-w- c:\windows\SysWow64\wininet.dll
2014-11-21 05:14 . 2013-06-20 18:24 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-11-18 13:56 . 2014-11-18 13:56 1202848 ----a-w- c:\windows\SysWow64\FM20.DLL
2014-11-11 03:09 . 2014-12-11 19:04 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-11-11 03:08 . 2014-11-18 18:57 241152 ----a-w- c:\windows\system32\pku2u.dll
2014-11-11 03:08 . 2014-11-18 18:57 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-11-11 02:44 . 2014-12-11 19:04 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44 . 2014-11-18 18:57 186880 ----a-w- c:\windows\SysWow64\pku2u.dll
2014-11-11 02:44 . 2014-11-18 18:57 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-11-11 01:46 . 2014-12-11 19:04 119296 ----a-w- c:\windows\system32\drivers\tdx.sys
2014-11-08 03:16 . 2014-12-11 19:02 2048 ----a-w- c:\windows\system32\tzres.dll
2014-11-08 02:45 . 2014-12-11 19:02 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-08-20 2363392]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2014-05-28 843568]
"KiesAirMessage"="c:\program files (x86)\Samsung\Kies\KiesAirMessage.exe" [2013-04-18 578560]
"MyTomTomSA.exe"="c:\program files (x86)\MyTomTom 3\MyTomTomSA.exe" [2013-05-23 455608]
"NokiaSuite.exe"="c:\program files (x86)\Nokia\Nokia Suite\NokiaSuite.exe" [2014-11-19 1092448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Corel File Shell Monitor"="c:\program files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2009-08-25 15544]
"HPCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-08-20 322104]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"AllShareAgent"="c:\program files (x86)\Samsung\AllShare\AllShareAgent.exe" [2011-05-24 250768]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2014-05-28 310064]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2015-01-09 702768]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-19 1022152]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2014-02-07 443408]
"Magic Desktop for HP notification"="c:\programdata\Easybits Magic Desktop for HP\mdhpSUN.exe" [2013-12-07 1243656]
"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2013-09-11 450560]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2013-08-29 1861968]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-10-11 60712]
"Nikon Message Center 2"="c:\program files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe" [2011-10-30 571392]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-10-15 157480]
"MailCheck IE Broker"="c:\program files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe" [2014-11-17 2135104]
.
c:\users\Sumsisum\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
w98Eject.lnk - c:\windows\system\w98eject.exe [2011-11-13 61440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R2 SimpleSlideShowServer;SimpleSlideShowServer;c:\program files (x86)\Samsung\AllShare\AllShareSlideShowService.exe;c:\program files (x86)\Samsung\AllShare\AllShareSlideShowService.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys;c:\windows\SYSNATIVE\drivers\dgderdrv.sys [x]
R3 DlinkUDSMBus;DlinkUDSMBus;SysWOW64\Drivers\DlinkUDSMBus.sys;SysWOW64\Drivers\DlinkUDSMBus.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\SysWOW64\FsUsbExDisk.SYS;c:\windows\SysWOW64\FsUsbExDisk.SYS [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juextctrl.sys [x]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juwwanecm.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys;c:\windows\SYSNATIVE\DRIVERS\lv302a64.sys [x]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys;c:\windows\SYSNATIVE\DRIVERS\LVPr2M64.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys;c:\windows\SYSNATIVE\drivers\LVUSBS64.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 OV550I;OVT Scanner;c:\windows\system32\Drivers\ov550ivx.sys;c:\windows\SYSNATIVE\Drivers\ov550ivx.sys [x]
R3 PDF Architect 2;PDF Architect 2;c:\program files (x86)\PDF Architect 2\ws.exe;c:\program files (x86)\PDF Architect 2\ws.exe [x]
R3 pdfforge CrashHandler;pdfforge CrashHandler;c:\program files (x86)\PDF Architect 2\crash-handler-ws.exe;c:\program files (x86)\PDF Architect 2\crash-handler-ws.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
S1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys;c:\windows\SYSNATIVE\DRIVERS\avfwot.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [x]
S2 AntiVirFirewallService;Avira FireWall;c:\program files (x86)\Avira\AntiVir Desktop\avfwsvc.exe;c:\program files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [x]
S2 AntiVirMailService;Avira Email-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [x]
S2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe;c:\program files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 SamsungAllShare;Samsung AllShare PC Service;c:\program files (x86)\Samsung\AllShare\AllShareDMS\WiselinkPro.exe;c:\program files (x86)\Samsung\AllShare\AllShareDMS\WiselinkPro.exe [x]
S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys;c:\windows\SYSNATIVE\DRIVERS\avfwim.sys [x]
S3 BlackBerry Device Manager;BlackBerry Device Manager;c:\program files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe;c:\program files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [x]
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys;c:\windows\SYSNATIVE\DRIVERS\enecir.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - MBAMPROTECTOR
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - MBAMWEBACCESSCONTROL
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 12:24 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-02-01 20:14 1086280 ----a-w- c:\program files (x86)\Google\Chrome\Application\40.0.2214.94\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-02-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 14:15]
.
2015-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-23 13:27]
.
2015-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-23 13:27]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-08-25 610872]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-03-23 487424]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-12-13 2531472]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-07-25 1283136]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube Download - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.2
TCP: Interfaces\{2DD74BF9-228A-47CA-9F74-06C1515BF58C}: NameServer = 139.7.30.125 139.7.30.126
Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - c:\program files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll
FF - ProfilePath - c:\users\Sumsium\AppData\Roaming\Mozilla\Firefox\Profiles\h8p7mo5w.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=827316&p=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-Easybits Recovery - c:\program files (x86)\EasyBits For Kids\ezRecover.exe
Wow6432Node-HKLM-Run-WinampAgent - c:\program files (x86)\Winamp\winampa.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Uninstall_is1 - c:\program files (x86)\Common Files\DVDVideoSoft\unins000.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_296_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_296_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_296_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_296_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_296.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_296.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_296.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_296.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-02-05 20:52:38
ComboFix-quarantined-files.txt 2015-02-05 19:52
.
Vor Suchlauf: 13 Verzeichnis(se), 49.106.276.352 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 54.758.461.440 Bytes frei
.
- - End Of File - - 6F344EA2F5133D1B73F2973427EDC906
C424AE9D08F76D91362FA3C6EDBC5140
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-02-2015 01 Ran by Sumsium (administrator) on SUMSISUM-PC on 05-02-2015 21:06:12 Running from C:\Users\Sumsium\Downloads Loaded Profiles: Sumsium & Gast (Available profiles: Sumsium & Sumsisum & Gast) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe () C:\ProgramData\DatacardService\HWDeviceService64.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\WiselinkPro.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\http_ss_win_pro.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe (BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe (Nokia) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Abelssoft) C:\Program Files (x86)\CheckDrive\CheckDriveBackgroundGuard.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (Samsung Electronics) C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (TomTom) C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe (Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe () C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe ( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe (Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (Samsung) C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (1und1 Mail und Media GmbH) C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe () C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe (CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated) HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610872 2009-08-25] () HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-03-23] (IDT, Inc.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM-x32\...\Run: [Corel File Shell Monitor] => C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe [15544 2009-08-25] () HKLM-x32\...\Run: [HPCam_Menu] => c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.) HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [322104 2009-08-20] ( Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard) HKLM-x32\...\Run: [WirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard) HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.) HKLM-x32\...\Run: [AllShareAgent] => C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe [250768 2011-05-24] (Samsung) HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310064 2014-05-28] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2015-01-09] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [443408 2014-02-07] (BlackBerry Limited) HKLM-x32\...\Run: [Magic Desktop for HP notification] => C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe [1243656 2013-12-07] (Easybits) HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-09-11] (DivX, LLC) HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-29] () HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.) HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [571392 2011-10-30] (Nikon Corporation) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.) HKLM-x32\...\Run: [MailCheck IE Broker] => C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe [2135104 2014-11-17] (1und1 Mail und Media GmbH) HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\Direct3DVideoOutput.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\Direct3DVideoOutput.dll",DllRegisterServer HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DirectSoundAudioOutput.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DirectSoundAudioOutput.dll",DllRegisterServer HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DivXASPDecode.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DivXASPDecode.dll",DllRegisterServer HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DivXDeinterlaceFilter.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DivXDeinterlaceFilter.dll",DllRegisterServer HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\MP3SurroundDecode.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\MP3SurroundDecode.dll",DllRegisterServer HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DivXPlaybackModule.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DivXPlaybackModule.dll",DllRegisterServer HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll",DllRegisterServer HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll",DllRegisterServer HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll",DllRegisterServer HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll",DllRegisterServer HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDFXAudioPlugin.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDFXAudioPlugin.dll",DllRegisterServer HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DFXAudioPlugin.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DFXAudioPlugin.dll",DllRegisterServer HKU\S-1-5-21-132197110-3117043442-3119173927-1000\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-08-20] (Hewlett-Packard Company) HKU\S-1-5-21-132197110-3117043442-3119173927-1000\...\Run: [KiesPDLR] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [843568 2014-05-28] (Samsung) HKU\S-1-5-21-132197110-3117043442-3119173927-1000\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe [578560 2013-04-18] (Samsung Electronics) HKU\S-1-5-21-132197110-3117043442-3119173927-1000\...\Run: [MyTomTomSA.exe] => C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe [455608 2013-05-23] (TomTom) HKU\S-1-5-21-132197110-3117043442-3119173927-1000\...\Run: [NokiaSuite.exe] => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1092448 2014-11-19] (Nokia) HKU\S-1-5-21-132197110-3117043442-3119173927-1000\...\Policies\system: [DisableLockWorkstation] 0 HKU\S-1-5-21-132197110-3117043442-3119173927-1000\...\Policies\system: [DisableChangePassword] 0 HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-08-20] (Hewlett-Packard Company) HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [KiesPDLR] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [843568 2014-05-28] (Samsung) HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe [578560 2013-04-18] (Samsung Electronics) HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [] => [X] HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [MyTomTomSA.exe] => C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe [455608 2013-05-23] (TomTom) HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [NokiaSuite.exe] => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1092448 2014-11-19] (Nokia) HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DisableLockWorkstation] 0 HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DisableChangePassword] 0 HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-08-20] (Hewlett-Packard Company) HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [QuickTime Task] => "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AnyDVD] => C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [KiesPDLR] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [843568 2014-05-28] (Samsung) HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Ebbaenvyn] => C:\Users\Sumsisum\AppData\Roaming\Cenaat\ubco.exe HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [843568 2014-05-28] (Samsung) HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [openvpntray.EXE] => C:\Users\Sumsisum\AppData\Roaming\Hotspot Shield\bin\openvpntray.EXE -nonadmin HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Greenshot] => C:\Users\Sumsisum\AppData\Local\Greenshot\Greenshot.exe [495616 2013-12-12] (Greenshot) HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [KiesPDLR.exe] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [843568 2014-05-28] (Samsung) HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleChromeAutoLaunch_CC7034B0FA467AF7CA332882BC1B199F] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-01-27] (Google Inc.) HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [NokiaSuite.exe] => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1092448 2014-11-19] (Nokia) HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DisableLockWorkstation] 0 HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DisableChangePassword] 0 HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {c8af9512-5273-11e1-86e7-d2106dcbbcc7} - G:\AutoRun.exe HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {c8af9530-5273-11e1-86e7-d2106dcbbcc7} - G:\AutoRun.exe HKU\S-1-5-21-132197110-3117043442-3119173927-501\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-08-20] (Hewlett-Packard Company) HKU\S-1-5-21-132197110-3117043442-3119173927-501\...\Run: [NokiaSuite.exe] => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1092448 2014-11-19] (Nokia) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\w98Eject.lnk ShortcutTarget: w98Eject.lnk -> C:\Windows\system\w98eject.exe (Sigmatel) Startup: C:\Users\Sumsisum\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-132197110-3117043442-3119173927-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\@3\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4 HKU\@3\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.uk.msn.com/HPNOT/4 HKU\@3\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4 HKU\S-1-5-21-132197110-3117043442-3119173927-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=BDT3&ocid=BDT3DHP&dt=072113 HKU\S-1-5-21-132197110-3117043442-3119173927-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=BDT3&ocid=BDT3DHP&dt=072113 HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4 HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.facebook.de/ HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4 HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://www.google.de/ hxxp://www.dict.cc/ HKU\S-1-5-21-132197110-3117043442-3119173927-501\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4 HKU\S-1-5-21-132197110-3117043442-3119173927-501\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.uk.msn.com/HPNOT/4 HKU\S-1-5-21-132197110-3117043442-3119173927-501\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4 SearchScopes: HKLM -> {230D7087-5842-4816-985C-8393ACBAC32D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox SearchScopes: HKLM-x32 -> {230D7087-5842-4816-985C-8393ACBAC32D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000 -> {230D7087-5842-4816-985C-8393ACBAC32D} URL = SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000 -> {56728EB4-149A-4AB9-845B-0CE539BFAF5F} URL = hxxp://go.web.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000 -> {9FA66BE2-9B22-4EE4-845F-A8C2AEB43E93} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=827316&p={searchTerms} SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000 -> {A3B580D5-7A1E-47A6-8959-EDB56220911B} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000 -> {A8230883-C5FB-4BA4-B422-5AC627B247E4} URL = hxxp://go.gmx.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000 -> {B18110A6-0C60-4152-B054-7492AF998A53} URL = hxxp://go.mail.com/tb/en-us/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {230D7087-5842-4816-985C-8393ACBAC32D} URL = SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {56728EB4-149A-4AB9-845B-0CE539BFAF5F} URL = hxxp://go.web.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {9FA66BE2-9B22-4EE4-845F-A8C2AEB43E93} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=827316&p={searchTerms} SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {A3B580D5-7A1E-47A6-8959-EDB56220911B} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {A8230883-C5FB-4BA4-B422-5AC627B247E4} URL = hxxp://go.gmx.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {B18110A6-0C60-4152-B054-7492AF998A53} URL = hxxp://go.mail.com/tb/en-us/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {230D7087-5842-4816-985C-8393ACBAC32D} URL = SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {23E77356-E10E-46C5-AA24-2D9B7C1FB216} URL = hxxp://go.web.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {675FE16E-301D-44E6-8F1F-1D552559A19E} URL = hxxp://go.gmx.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {D045F1E8-885E-482D-8207-5DD49111C39E} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {E9A1BA5E-CB6A-4F07-AD0F-DA446D7AD36B} URL = hxxp://go.mail.com/tb/en-us/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-501 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.) BHO: WEB.DE MailCheck BHO -> {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} -> C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) BHO-x32: WEB.DE MailCheck BHO -> {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} -> C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File Toolbar: HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {C424171E-592A-415A-9EB1-DFD6D95D3530} - No File DPF: HKLM-x32 {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) Handler-x32: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) Tcpip\Parameters: [DhcpNameServer] 192.168.0.2 Tcpip\..\Interfaces\{2DD74BF9-228A-47CA-9F74-06C1515BF58C}: [NameServer] 139.7.30.125 139.7.30.126 FireFox: ======== FF ProfilePath: C:\Users\Sumsium\AppData\Roaming\Mozilla\Firefox\Profiles\h8p7mo5w.default FF SelectedSearchEngine: Google FF Keyword.URL: hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=827316&p= FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @innoplus.de/ino3DViewer -> C:\Program Files (x86)\innoplus\3D-Viewer-innoPlus\npIno3DViewer.dll (INNOVA-engineering GmbH Dresden) FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( ) FF Plugin-x32: @pack.google.com/Google Updater;version=14 -> C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll () FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: NitroPDF -> C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll ( ) FF Plugin-x32: PDF Architect 2 -> C:\Program Files (x86)\PDF Architect 2\np-previewer.dll (pdfforge GmbH) FF Plugin HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @Google.com/GoogleEarthPlugin -> C:\Users\Sumsisum\AppData\Local\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Extension: Download videos and MP3s from YouTube - C:\Users\Sumsium\AppData\Roaming\Mozilla\Firefox\Profiles\h8p7mo5w.default\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900} [2014-11-12] FF Extension: NoScript - C:\Users\Sumsium\AppData\Roaming\Mozilla\Firefox\Profiles\h8p7mo5w.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012-03-04] FF Extension: Adblock Plus - C:\Users\Sumsium\AppData\Roaming\Mozilla\Firefox\Profiles\h8p7mo5w.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-10-21] FF HKU\S-1-5-21-132197110-3117043442-3119173927-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-11-12] FF HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff Chrome: ======= CHR HomePage: Default -> hxxp://www.google.com/ CHR StartupUrls: Default -> "hxxp://www.google.com/" CHR Profile: C:\Users\Sumsium\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Sumsium\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-04] CHR Extension: (YouTube) - C:\Users\Sumsium\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-01] CHR Extension: (Adblock Plus) - C:\Users\Sumsium\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-03-01] CHR Extension: (Hide My Ass! Web Proxy) - C:\Users\Sumsium\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmgnmcnlncejehjlnhaglpnoolgbflbd [2014-06-13] CHR Extension: (Google-Suche) - C:\Users\Sumsium\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-01] CHR Extension: (Avira Browser Safety) - C:\Users\Sumsium\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-06-13] CHR Extension: (Google Wallet) - C:\Users\Sumsium\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-01] CHR Extension: (Google Mail) - C:\Users\Sumsium\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-01] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation) R2 AntiVirFirewallService; C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [1044784 2014-11-25] (Avira Operations GmbH & Co. KG) R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [807672 2015-01-09] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2015-01-09] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2015-01-09] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [993584 2015-01-09] (Avira Operations GmbH & Co. KG) R3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [585728 2014-01-21] (BlackBerry Limited) [File not signed] S2 ezSharedSvc; C:\Windows\SysWOW64\ezsvc7.dll [129584 2009-02-22] (EasyBits Sofware AS) [File not signed] R2 HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [120832 2009-10-15] (Hewlett-Packard) [File not signed] R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] () R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-08-20] (Hewlett-Packard Company) [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 NitroReaderDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [341296 2011-06-21] (Nitro PDF Software) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-13] (NVIDIA Corporation) S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1716264 2014-04-30] (pdfforge GmbH) S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-04-30] (pdfforge GmbH) R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-06] () R2 SamsungAllShare; C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\WiselinkPro.exe [7237024 2011-05-24] () R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe [247808 2010-03-23] (IDT, Inc.) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R3 avfwim; C:\Windows\System32\DRIVERS\avfwim.sys [114608 2013-02-12] (Avira GmbH) R1 avfwot; C:\Windows\System32\DRIVERS\avfwot.sys [141376 2013-02-12] (Avira GmbH) R1 avfwot; C:\Windows\SysWOW64\DRIVERS\avfwot.sys [131336 2011-06-30] (Avira GmbH) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-01] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-01] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [43064 2014-10-01] (Avira Operations GmbH & Co. KG) S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-04-18] () [File not signed] R3 GEARAspiWDM; C:\Windows\SysWOW64\DRIVERS\GEARAspiWDM.sys [15664 2011-11-19] (GEAR Software Inc.) S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [212992 2012-02-13] (Huawei Technologies Co., Ltd.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-05] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation) S3 OV550I; C:\Windows\System32\Drivers\ov550ivx.sys [196992 2008-02-21] (Omnivision Technologies, Inc.) S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [79872 2013-12-02] (BlackBerry Limited) R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd) S3 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp.sys [145360 2010-02-12] (Sun Microsystems, Inc.) U3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 dgderdrv; System32\drivers\dgderdrv.sys [X] S3 DlinkUDSMBus; SysWOW64\Drivers\DlinkUDSMBus.sys [X] S3 lvpepf64; system32\DRIVERS\lv302a64.sys [X] S3 LVPr2M64; system32\DRIVERS\LVPr2M64.sys [X] S3 LVRS64; system32\DRIVERS\lvrs64.sys [X] S3 PID_PEPI; system32\DRIVERS\LV302V64.SYS [X] S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X] S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-05 21:06 - 2015-02-05 21:06 - 00041620 _____ () C:\Users\Sumsium\Downloads\FRST.txt 2015-02-05 21:01 - 2015-02-05 21:01 - 00034595 _____ () C:\Users\Sumsium\Desktop\Combo_05022015.txt 2015-02-05 20:52 - 2015-02-05 20:52 - 00034595 _____ () C:\ComboFix.txt 2015-02-05 20:36 - 2015-02-05 20:52 - 00000000 ____D () C:\Qoobox 2015-02-05 20:36 - 2015-02-05 20:52 - 00000000 ____D () C:\ComboFix 2015-02-05 20:36 - 2015-02-05 20:51 - 00000000 ____D () C:\Windows\erdnt 2015-02-05 20:36 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe 2015-02-05 20:36 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe 2015-02-05 20:36 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-02-05 20:36 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-02-05 20:36 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-02-05 20:36 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe 2015-02-05 20:36 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe 2015-02-05 20:36 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe 2015-02-05 20:34 - 2015-02-05 20:34 - 05611380 ____R (Swearware) C:\Users\Sumsium\Desktop\ComboFix.exe 2015-02-04 22:04 - 2015-02-04 22:05 - 00051768 _____ () C:\Users\Sumsium\Desktop\Addition.txt 2015-02-04 22:03 - 2015-02-05 21:06 - 00000000 ____D () C:\FRST 2015-02-04 22:03 - 2015-02-04 22:05 - 00058138 _____ () C:\Users\Sumsium\Desktop\FRST.txt 2015-02-04 22:03 - 2015-02-04 22:03 - 02131968 _____ (Farbar) C:\Users\Sumsium\Downloads\FRST64.exe 2015-02-04 21:39 - 2015-02-04 21:39 - 00001596 _____ () C:\Users\Sumsium\Desktop\MWB_04.02.2015.txt 2015-02-04 20:56 - 2015-02-05 20:28 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-02-04 20:56 - 2015-02-04 20:56 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-02-04 20:56 - 2015-02-04 20:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-02-04 20:56 - 2015-02-04 20:56 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-02-04 20:56 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-02-04 20:56 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-02-04 20:35 - 2015-02-04 20:35 - 02194432 _____ () C:\Users\Sumsium\Downloads\AdwCleaner09.exe 2015-02-04 20:31 - 2015-02-04 20:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WEB.DE MailCheck 2015-02-04 20:31 - 2015-02-04 20:31 - 00000000 ____D () C:\Program Files\WEB.DE MailCheck 2015-02-04 20:31 - 2015-02-04 20:31 - 00000000 ____D () C:\Program Files (x86)\WEB.DE MailCheck 2015-02-02 18:10 - 2015-02-02 18:11 - 00000000 ____D () C:\Users\Sumsisum\AppData\Local\{BCB7DE81-8D52-4792-B5AF-BEB777D12830} 2015-02-01 17:50 - 2015-02-01 17:50 - 00000000 ____D () C:\Users\Sumsisum\AppData\Local\{2EBA8608-3E96-4F27-92D9-C942EDED9FF6} 2015-01-31 18:50 - 2015-01-31 18:51 - 00000000 ____D () C:\Users\Sumsisum\AppData\Local\{BA1C8A95-E08D-458F-BFBB-3D4399D73349} 2015-01-28 19:44 - 2015-01-28 19:44 - 49464479 _____ () C:\Users\Sumsisum\Downloads\Sky_go_v.1.1.apk 2015-01-28 19:24 - 2015-01-28 19:27 - 00000000 ____D () C:\Users\Sumsisum\Desktop\kindle 2015-01-27 18:56 - 2015-01-27 18:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-01-26 18:42 - 2015-01-26 18:42 - 00003882 _____ () C:\Windows\System32\Tasks\Registration 1und1 Task 2015-01-26 18:42 - 2015-01-26 18:42 - 00000000 ____D () C:\ProgramData\UUdb 2015-01-26 11:02 - 2015-01-26 11:02 - 00022720 _____ () C:\Users\Sumsisum\KontakteNokia.7z 2015-01-26 10:57 - 2015-01-26 10:58 - 00000000 ____D () C:\Users\Sumsisum\KontakteNokia 2015-01-26 10:40 - 2015-01-26 10:52 - 00000000 ____D () C:\Users\Sumsium\KontakteNokia 2015-01-26 09:33 - 2015-01-26 09:33 - 00000000 ____D () C:\Users\Sumsium\AppData\Roaming\Windows Live Writer 2015-01-26 09:33 - 2015-01-26 09:33 - 00000000 ____D () C:\Users\Sumsium\AppData\Local\Windows Live Writer 2015-01-26 09:33 - 2015-01-26 09:33 - 00000000 ____D () C:\Users\Sumsium\AppData\Local\{8FFF0D90-6E4F-4354-8769-B7908F254471} 2015-01-26 09:33 - 2015-01-26 09:33 - 00000000 ____D () C:\Users\Sumsium\AppData\Local\{74770D46-27FE-443A-B9EF-4A06FDF3873F} 2015-01-26 08:33 - 2015-01-26 08:33 - 00000000 ____D () C:\Users\Sumsium\AppData\Roaming\Nokia Suite 2015-01-26 08:33 - 2015-01-26 08:33 - 00000000 ____D () C:\Users\Sumsium\AppData\Roaming\Nokia 2015-01-26 08:30 - 2015-01-26 08:30 - 00000000 __SHD () C:\Users\Sumsium\AppData\Local\EmieBrowserModeList 2015-01-26 08:26 - 2015-01-26 08:26 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7 2015-01-26 08:24 - 2015-01-26 08:24 - 00000000 ____D () C:\Users\Sumsium\AppData\Local\Apple Computer 2015-01-25 15:15 - 2015-01-25 15:15 - 04070576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2015-01-25 10:59 - 2015-01-25 10:59 - 00000000 ____D () C:\Users\Sumsisum\Desktop\Sigi Geburtstag 2015-01-23 20:58 - 2015-01-23 20:58 - 02470949 _____ () C:\Users\Sumsisum\Downloads\HollywoodTowers.mp4 2015-01-23 20:55 - 2015-01-23 20:55 - 02842206 _____ () C:\Users\Sumsisum\Downloads\SevenDwarfs.mp4 2015-01-23 19:23 - 2015-01-23 19:23 - 00000000 ____D () C:\Users\Gast\AppData\Local\Apple Computer 2015-01-23 19:23 - 2015-01-23 19:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2015-01-23 19:23 - 2015-01-23 19:23 - 00000000 ____D () C:\ProgramData\Apple Computer 2015-01-23 19:23 - 2015-01-23 19:23 - 00000000 ____D () C:\Program Files\iTunes 2015-01-23 19:23 - 2015-01-23 19:23 - 00000000 ____D () C:\Program Files\iPod 2015-01-23 19:23 - 2015-01-23 19:23 - 00000000 ____D () C:\Program Files (x86)\iTunes 2015-01-23 19:23 - 2012-10-03 16:14 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys 2015-01-23 19:22 - 2015-01-23 19:23 - 00000000 ____D () C:\Program Files\Common Files\Apple 2015-01-23 19:21 - 2015-01-23 19:21 - 00000000 ____D () C:\Program Files\Bonjour 2015-01-23 19:21 - 2015-01-23 19:21 - 00000000 ____D () C:\Program Files (x86)\Bonjour 2015-01-23 19:20 - 2015-01-23 19:20 - 122418480 _____ (Apple Inc.) C:\Users\Gast\Downloads\iTunes64Setup.exe 2015-01-23 19:17 - 2015-01-23 19:17 - 00002247 _____ () C:\Users\Gast\Desktop\Google Chrome.lnk 2015-01-23 19:17 - 2015-01-23 19:17 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google 2015-01-23 19:14 - 2015-01-23 19:14 - 00001270 _____ () C:\Users\Gast\Desktop\Kontakte - Verknüpfung.lnk 2015-01-23 19:09 - 2015-01-26 07:56 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\Nokia 2015-01-23 19:09 - 2015-01-23 19:09 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\Nokia Suite 2015-01-23 19:08 - 2015-01-26 07:52 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\PC Suite 2015-01-23 19:08 - 2015-01-23 19:08 - 00000000 ____D () C:\Users\Gast\AppData\Local\Nokia 2015-01-23 11:57 - 2015-01-23 11:57 - 00002089 _____ () C:\Users\Public\Desktop\Nokia Suite.lnk 2015-01-23 11:57 - 2015-01-23 11:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nokia 2015-01-23 11:57 - 2015-01-23 11:57 - 00000000 ____D () C:\Program Files (x86)\PC Connectivity Solution 2015-01-23 11:57 - 2012-10-17 14:53 - 00026112 _____ (Nokia) C:\Windows\system32\Drivers\pccsmcfdx64.sys 2015-01-23 11:27 - 2015-01-23 11:27 - 01191200 _____ () C:\Users\Sumsisum\Downloads\Nokia Suite - CHIP-Installer.exe 2015-01-23 11:03 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2015-01-21 17:25 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2015-01-21 17:25 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2015-01-21 17:25 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-01-21 17:25 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-01-21 17:25 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-01-21 17:25 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-01-21 17:25 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-01-21 17:25 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-01-21 17:25 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-01-21 17:25 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll 2015-01-21 17:25 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll 2015-01-21 17:25 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll 2015-01-09 18:11 - 2014-11-22 11:46 - 00038032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys 2015-01-09 18:11 - 2014-11-22 11:46 - 00032400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll 2015-01-09 17:39 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-01-09 17:39 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-05 21:03 - 2010-03-12 01:19 - 01263966 _____ () C:\Windows\WindowsUpdate.log 2015-02-05 21:00 - 2010-05-23 14:32 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-02-05 20:52 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default 2015-02-05 20:50 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini 2015-02-05 20:35 - 2010-05-23 14:32 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-02-05 20:27 - 2012-03-29 14:54 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-02-04 20:56 - 2013-06-20 19:24 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware 2015-02-04 20:56 - 2012-03-04 12:38 - 00000000 ____D () C:\Users\Sumsium\AppData\Roaming\Malwarebytes 2015-02-04 20:56 - 2012-03-04 12:38 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-02-04 20:49 - 2009-07-14 05:45 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-02-04 20:49 - 2009-07-14 05:45 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-02-04 20:39 - 2011-05-04 16:32 - 00330262 _____ () C:\Windows\SysWOW64\http_ss.log 2015-02-04 20:39 - 2010-03-12 01:22 - 00663978 _____ () C:\Windows\PFRO.log 2015-02-04 20:39 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-02-04 20:39 - 2009-07-14 05:51 - 00210065 _____ () C:\Windows\setupact.log 2015-02-04 20:38 - 2013-11-30 08:58 - 00000000 ____D () C:\AdwCleaner 2015-02-04 20:21 - 2012-09-24 10:34 - 00003954 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{61CDC14D-922F-48FB-A877-B41883A6DD8B} 2015-02-01 17:47 - 2014-08-27 19:26 - 00000000 ____D () C:\Users\Sumsisum\Documents\Wohnung 2015-01-31 18:51 - 2012-01-06 23:04 - 00000000 ____D () C:\Users\Sumsisum\AppData\Local\Windows Live 2015-01-31 12:38 - 2012-06-10 08:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-01-30 23:07 - 2010-01-09 06:07 - 09650414 _____ () C:\Windows\system32\perfh007.dat 2015-01-30 23:07 - 2010-01-09 06:07 - 03042540 _____ () C:\Windows\system32\perfc007.dat 2015-01-30 23:07 - 2009-07-14 06:13 - 00006504 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-01-26 18:42 - 2014-03-22 16:32 - 00000000 ____D () C:\Program Files (x86)\1und1Softwareaktualisierung 2015-01-26 11:02 - 2010-05-18 14:50 - 00000000 ____D () C:\Users\Sumsisum 2015-01-26 10:58 - 2012-07-21 18:33 - 00000000 ____D () C:\Users\Sumsisum\Documents\Rezepte 2015-01-26 10:40 - 2010-05-18 09:40 - 00000000 ____D () C:\Users\Sumsium 2015-01-26 09:33 - 2012-01-06 21:17 - 00000000 ____D () C:\Users\Sumsium\AppData\Local\Windows Live 2015-01-26 08:38 - 2012-01-07 23:18 - 00000000 ____D () C:\Users\Sumsium\AppData\Roaming\Apple Computer 2015-01-26 08:33 - 2012-10-23 18:23 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2015-01-26 08:32 - 2010-11-01 09:38 - 00000000 ____D () C:\Users\Sumsium\AppData\Roaming\PC Suite 2015-01-26 08:06 - 2014-01-21 19:59 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\Apple Computer 2015-01-25 15:15 - 2012-03-29 14:54 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-01-25 15:15 - 2012-03-29 14:54 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-01-25 15:15 - 2011-06-21 17:20 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-01-23 19:21 - 2011-10-31 21:11 - 00000000 ____D () C:\ProgramData\Apple 2015-01-23 12:02 - 2010-09-25 10:22 - 00000000 ____D () C:\Users\Sumsisum\AppData\Local\Nokia 2015-01-23 11:58 - 2010-09-24 19:14 - 00000000 ____D () C:\ProgramData\Nokia 2015-01-23 11:58 - 2010-09-22 10:45 - 00000000 ____D () C:\Users\Sumsium\AppData\Local\Nokia 2015-01-23 11:57 - 2010-09-22 10:41 - 00000000 ____D () C:\Program Files (x86)\Nokia 2015-01-23 11:57 - 2010-03-12 01:17 - 00109498 _____ () C:\Windows\DPINST.LOG 2015-01-23 11:06 - 2013-07-21 11:26 - 00000000 ____D () C:\Windows\system32\MRT 2015-01-23 10:53 - 2010-11-19 20:38 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-01-14 17:52 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-01-13 18:07 - 2014-01-07 12:27 - 00000000 ____D () C:\Users\Sumsisum\AppData\Local\Greenshot 2015-01-09 18:09 - 2014-01-12 18:54 - 00000000 ____D () C:\Users\Sumsisum\AppData\Local\NVIDIA Corporation 2015-01-08 09:55 - 2010-05-18 10:20 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe ==================== Files in the root of some directories ======= 2014-03-01 14:44 - 2014-03-01 14:44 - 0000268 ___RH () C:\Users\Sumsium\AppData\Roaming\Breath Pad 2014-03-01 14:44 - 2014-03-01 14:44 - 0000268 ___RH () C:\Users\Sumsium\AppData\Roaming\Bubble Noise 2013-06-29 16:22 - 2013-06-29 16:42 - 0000077 _____ () C:\Users\Sumsium\AppData\Roaming\Rim.Desktop.Exception.log 2011-03-12 16:59 - 2013-06-29 16:20 - 0003174 _____ () C:\Users\Sumsium\AppData\Roaming\Rim.Desktop.HttpServerSetup.log 2013-06-29 16:22 - 2013-06-29 16:42 - 0000077 _____ () C:\Users\Sumsium\AppData\Roaming\Rim.DesktopHelper.Exception.log 2011-01-08 21:13 - 2011-01-08 21:13 - 0000000 _____ () C:\Users\Sumsium\AppData\Local\AtStart.txt 2011-01-08 21:13 - 2011-01-08 21:13 - 0000000 _____ () C:\Users\Sumsium\AppData\Local\DSwitch.txt 2011-01-08 21:13 - 2011-01-08 21:13 - 0000000 _____ () C:\Users\Sumsium\AppData\Local\QSwitch.txt 2012-01-19 18:19 - 2013-06-22 13:19 - 0007610 _____ () C:\Users\Sumsium\AppData\Local\Resmon.ResmonCfg 2010-12-05 13:30 - 2010-12-28 20:25 - 0000080 ___SH () C:\ProgramData\.zreglib 2014-03-01 14:44 - 2014-03-01 14:44 - 0000268 ___RH () C:\ProgramData\Caches 2014-03-01 14:44 - 2014-03-01 14:44 - 0000268 ___RH () C:\ProgramData\CIOSupport 2014-03-01 14:44 - 2014-03-01 14:44 - 0000012 ___RH () C:\ProgramData\ColorSync 2014-03-01 14:44 - 2014-03-01 14:44 - 0000012 ___RH () C:\ProgramData\Command Line Utility 2010-05-18 09:45 - 2010-11-19 20:38 - 0000188 _____ () C:\ProgramData\HPWALog.txt 2014-05-01 11:17 - 2014-05-01 11:18 - 0000848 ___SH () C:\ProgramData\KGyGaAvL.sys 2014-03-01 14:44 - 2014-03-01 14:44 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT 2014-03-01 14:44 - 2014-03-01 14:44 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT 2010-03-12 01:43 - 2010-03-12 01:43 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log 2010-01-08 23:23 - 2010-01-08 23:23 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log 2010-03-12 01:42 - 2010-03-12 01:42 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log 2010-01-08 23:19 - 2010-01-08 23:20 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log 2010-03-12 01:42 - 2010-03-12 01:42 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log 2010-03-12 01:43 - 2010-03-12 01:43 - 0000032 _____ () C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log 2010-01-08 23:19 - 2010-01-08 23:19 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log 2010-01-08 23:20 - 2010-01-08 23:23 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log 2010-03-12 01:43 - 2010-03-12 01:43 - 0000105 _____ () C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log Some content of TEMP: ==================== C:\Users\Sumsium\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-24 12:49 ==================== End Of Log ============================ --- --- --- |
|
05.02.2015, 21:10
| #6 |
| | Fund bei Malwarebytes: OpenCandy und SpigotCode:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-02-2015 01
Ran by Sumsium at 2015-02-05 21:06:58
Running from C:\Users\Sumsium\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
3D-Viewer-innoplus (HKLM-x32\...\{B96DB037-DBEA-4186-9081-9CBD537F82E8}) (Version: 14.00.302 - INNOVA-engineering GmbH)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.1 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM-x32\...\{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}) (Version: 11.5.1.601 - Adobe Systems, Inc.)
Amazon Kindle (HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Amazon Kindle) (Version: - Amazon)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft PhotoImpression 6 (HKLM-x32\...\{063E409E-3D7C-4A4A-95AB-2F124B9224B3}) (Version: 6.1.8.135 - ArcSoft)
ArcSoft ShowBiz (HKLM-x32\...\{9D41D2EF-2D33-4CFD-8A3E-C7E6FCC3303B}) (Version: - ArcSoft)
Avira Internet Security (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
BlackBerry Desktop Software 7.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research in Motion Ltd.)
BlackBerry Desktop Software 7.1 (x32 Version: 7.1.0.41 - Research in Motion Ltd.) Hidden
BlackBerry Device Software Updater (HKLM-x32\...\{29F6BF0C-3D0E-4480-8B55-85EDECE418FF}) (Version: 7.1.0.89 - Research In Motion Ltd)
BlackBerry Device Software Updater (HKLM-x32\...\{E31C1E19-81D2-40C0-BE40-30A2A54E9C27}) (Version: 8.0.0.50 - Research In Motion Ltd)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.60.18.41 - Broadcom Corporation)
calibre (HKLM-x32\...\{39509A2F-C63C-404E-A4DC-7E6D4FCB6D66}) (Version: 1.39.0 - Kovid Goyal)
CheckDrive (HKLM-x32\...\{B83513EC-2E4D-4621-816D-4CCF397BE702}_is1) (Version: 4.4 - Abelssoft)
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Corel Paint Shop Pro Photo X2 (HKLM-x32\...\{64E72FB1-2343-4977-B4A8-262CD53D0BD3}) (Version: 12.50.0001 - Corel Corporation)
Corel VideoStudio 12 (HKLM-x32\...\InstallShield_{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}) (Version: 12.0.0.0000 - Corel Corporation)
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2216 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.87 - DivX, LLC)
dm-Fotowelt (HKLM-x32\...\dm-Fotowelt) (Version: 5.1.3 - CEWE Stiftung u Co. KGaA)
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 3.1.3224 - Hewlett-Packard)
DVD Menu Pack for HP MediaSmart Video (x32 Version: 3.1.3224 - Hewlett-Packard) Hidden
ENE CIR Receiver Driver (HKLM\...\FFE7D41DF3C645075BB149E21988B63996C34187) (Version: 2.7.4.0 - ENE)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
FanFictionDownloader version 0.8.9 (HKLM-x32\...\{1D868954-1083-4BBA-8379-C7A9B2705CBA}_is1) (Version: 0.8.9 - Raimond Eisele)
Free Audio Dub version 1.7.9.908 (HKLM-x32\...\Free Audio Dub_is1) (Version: 1.7.9.908 - DVDVideoSoft Ltd.)
Free DVD Video Converter version 2.0.20.623 (HKLM-x32\...\Free DVD Video Converter_is1) (Version: 2.0.20.623 - DVDVideoSoft Ltd.)
Free MP4 Video Converter version 5.0.28.827 (HKLM-x32\...\Free MP4 Video Converter_is1) (Version: 5.0.28.827 - DVDVideoSoft Ltd.)
Free Video Dub version 2.0.21.827 (HKLM-x32\...\Free Video Dub_is1) (Version: 2.0.21.827 - DVDVideoSoft Ltd.)
Free Video to MP3 Converter version 5.0.28.827 (HKLM-x32\...\Free Video to MP3 Converter_is1) (Version: 5.0.28.827 - DVDVideoSoft Ltd.)
Free YouTube Download version 3.2.49.1122 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.49.1122 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.50.1111 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.50.1111 - DVDVideoSoft Ltd.)
GIMP 2.6.8 (HKLM\...\WinGimp-2.0_is1) (Version: - )
GO Contact Sync Mod (HKLM-x32\...\{6CF50AEE-2F3E-4D01-999E-91BEB5CDB9B3}) (Version: 3.5.22 - WebGear, Create Software, Stru.be, saller.NET)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.94 - Google Inc.)
Google Chrome (HKU\S-1-5-21-132197110-3117043442-3119173927-1000\...\Google Chrome) (Version: 14.0.835.186 - Google Inc.)
Google Chrome (HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Google Chrome) (Version: 14.0.835.186 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Earth (HKLM-x32\...\{C768790F-04FB-11E0-9B2C-001AA037B01E}) (Version: 6.0.1.2032 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Updater (HKLM-x32\...\Google Updater) (Version: 2.4.2432.1652 - Google Inc.)
Greenshot 1.1.7.17 (HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Greenshot_is1) (Version: 1.1.7.17 - Greenshot)
Hotspot Shield 2.78 (HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\HotspotShield) (Version: 2.78 - AnchorFree Inc.)
HP 3D DriveGuard (HKLM\...\{7FD7F421-39B2-4CAC-BC41-7D83DDBAB329}) (Version: 4.0.3.1 - Hewlett-Packard)
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.9512.3162 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 3.1.3509 - Hewlett-Packard)
HP MediaSmart Internet TV (HKLM-x32\...\InstallShield_{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}) (Version: 3.1.2125 - Hewlett-Packard)
HP MediaSmart Live TV (HKLM-x32\...\InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}) (Version: 3.1.2206 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 3.1.3405 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{88E60521-1E4E-4785-B9F1-1798A4BD0C30}) (Version: 3.1.0.1 - Hewlett-Packard)
HP MediaSmart Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.2207 - Hewlett-Packard)
HP Quick Launch Buttons (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.7.1 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{17B4760F-334B-475D-829F-1A3E94A6A4E6}) (Version: 1.2.3560.3170 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{06F22256-8A8D-4F3F-B22C-6E07313D0FD1}) (Version: 4.2.6.13 - Hewlett-Packard)
HP Update (HKLM-x32\...\{D46D081B-F60E-467E-A7C4-117B70D76731}) (Version: 5.001.000.014 - Hewlett-Packard)
HP User Guides 0153 (HKLM-x32\...\{2EBA8202-FBD5-4004-81EA-BDC38C054CE2}) (Version: 1.01.0000 - Hewlett-Packard)
HP Wireless Assistant (HKLM-x32\...\{54CC7901-804D-4155-B353-21F0CC9112AB}) (Version: 3.50.9.1 - Hewlett-Packard)
HPAsset component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6249.0 - IDT)
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.00.00.1030 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 9 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217009FF}) (Version: 7.0.90 - Oracle)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.32.1 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Mega Codec Pack 6.7.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 6.7.0 - )
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2215 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2215 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{CC8E94A2-55C7-4460-953C-2A790180578C}) (Version: 1.18.8.1 - LightScribe)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Communicator 2007 (HKLM-x32\...\{0FCA0973-24C0-48EA-8CF6-71B53C135C09}) (Version: 2.0.6362.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUSR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Project 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{8446EB22-A746-46DC-B1BD-E0DFA1F3CDDA}) (Version: - Microsoft)
Microsoft Office Project Professional 2007 (HKLM-x32\...\PRJPRO) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)
Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 21.005.15.02.35 - Huawei Technologies Co.,Ltd)
Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 3.1.3310 - Hewlett-Packard)
Movie Theme Pack for HP MediaSmart Video (x32 Version: 3.1.3310 - Hewlett-Packard) Hidden
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-132197110-3117043442-3119173927-1000\...\MyFreeCodec) (Version: - )
MyFreeCodec (HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MyFreeCodec) (Version: - )
MyTomTom 3.2.0.1116 (HKLM-x32\...\MyTomTom) (Version: 3.2.0.1116 - TomTom)
NAVIGON Fresh 3.4.1 (HKLM-x32\...\NAVIGON Fresh) (Version: 3.4.1 - NAVIGON)
Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.1.0 - Nikon)
Nitro PDF Reader 2 (HKLM\...\{3DA00A00-C3E9-4064-B62C-CAD25EAF0B6A}) (Version: 2.0.0.29 - Nitro PDF Software)
Nokia Connectivity Cable Driver (HKLM-x32\...\{29373274-977E-413C-A4DE-DC0F8E80C429}) (Version: 7.1.172.0 - Nokia)
Nokia Suite (HKLM-x32\...\Nokia Suite) (Version: 3.8.54.0 - Nokia)
Nokia Suite (x32 Version: 3.8.54.0 - Nokia) Hidden
NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation)
NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
OVTScanner_Vista64 (HKLM-x32\...\{AE09704D-9051-4C25-B940-77F889F0C93F}) (Version: 1.00.0000 - OVT)
PC Connectivity Solution (HKLM-x32\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia)
PDF Architect 2 (HKLM-x32\...\PDF Architect 2) (Version: 2.0.24.16092 - pdfforge GmbH)
PDF Architect 2 View Module (HKLM-x32\...\{46889070-D447-4936-A5D3-246DB972FA2E}) (Version: 2.0.6.16537 - pdfforge GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
Perfect Effects 8 (HKLM-x32\...\{ABC791C9-E95B-40C8-8BDD-F5E84E2E268B}) (Version: 8.1.0 - onOne Software)
Picture Control Utility x64 (HKLM\...\{11953C65-BB4E-4CA4-B0F0-2600A4B20040}) (Version: 1.5.0 - Nikon)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3415 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3415 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3420 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3420 - CyberLink Corp.) Hidden
QLBCASL (x32 Version: 6.40.17.2 - Hewlett-Packard) Hidden
Realtek Ethernet Controller Driver For Windows Vista and Later (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0010 - Realtek)
Recovery Manager (x32 Version: 5.5.2214 - CyberLink Corp.) Hidden
Samsung AllShare (HKLM-x32\...\InstallShield_{DF47ACA3-7C78-4C08-8007-AC682563C9F1}) (Version: 2.0.0.11054_1 - Samsung Electronics Co., Ltd.)
Samsung AllShare (x32 Version: 2.0.0.11054_1 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.3.0.12035_16 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.3.0.12035_16 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14055.3 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.14055.3 - Samsung Electronics Co., Ltd.) Hidden
Samsung Story Album Viewer (HKLM-x32\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (x32 Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.40.0 - SAMSUNG Electronics Co., Ltd.)
SDFormatter (HKLM-x32\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association)
SeaTools for Windows (HKLM-x32\...\{98613C99-1399-416C-A07C-1EE1C585D872}) (Version: 1.2.0.6 - Seagate Technology)
Security Task Manager 1.8d (HKLM-x32\...\Security Task Manager) (Version: 1.8d - Neuber Software)
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
Uninstall 1.0.0.1 (HKLM-x32\...\Uninstall_is1) (Version: - )
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_PROPLUSR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_PROPLUSR_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_PROPLUSR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_PROPLUSR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
USB Video/Audio Device Driver (HKLM-x32\...\{3717C4F2-7412-4793-9BB8-D73D2817B3D6}) (Version: 1.00.0000 - Ihr Firmenname)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VideoStudio (x32 Version: 12.0.0.0000 - Corel Corporation) Hidden
ViewNX 2 (HKLM\...\{635BE602-BB9C-4C59-8CC5-93F9366E8A21}) (Version: 2.9.0 - Nikon)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player 2.0.5 (HKLM\...\VLC media player) (Version: 2.0.5 - VideoLAN)
WEB.DE Desktop Icons (HKLM-x32\...\1&1 Mail & Media GmbH 1und1DesktopIconsInstaller) (Version: 3.0.5.0 - 1&1 Mail & Media GmbH)
WEB.DE MailCheck für Internet Explorer (HKLM-x32\...\1&1 Mail & Media GmbH Toolbar IE8) (Version: 2.6.0.4 - 1&1 Mail & Media GmbH)
WEB.DE Softwareaktualisierung (HKLM-x32\...\1&1 Mail & Media GmbH 1und1Softwareaktualisierung) (Version: 3.0.1.0 - 1&1 Mail & Media GmbH)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version: - )
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
27-01-2015 17:59:04 Windows Update
03-02-2015 19:29:09 Windows Update
05-02-2015 20:36:47 ComboFix created restore point
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2015-02-05 20:50 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {06912DA8-7E8E-47F1-9ECB-01ACCFE01BFA} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2009-10-16] (Hewlett-Packard)
Task: {0EA10969-B17C-4EA2-86B3-F46A40B85947} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {15E9D28F-D4BE-4DCE-902F-3053F4B11CF7} - System32\Tasks\Abelssoft\CheckDriveBackgroundGuard => C:\Program Files (x86)\CheckDrive\CheckDriveBackgroundGuard.exe [2014-01-28] (Abelssoft)
Task: {1B6CED74-D032-41B7-BA1A-0A5A84D3FB5F} - System32\Tasks\CapSchedInst => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapSchedInst.exe [2009-10-06] (CL)
Task: {4BE89BF7-2466-43AF-BF6F-BFAE1E8DD198} - System32\Tasks\Registration 1und1 Task => C:\Program Files (x86)\1und1Softwareaktualisierung\cdsupdclient.exe [2014-03-31] (1&1 Mail & Media GmbH)
Task: {69E47965-1619-42BC-99A5-651013BA8C81} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {714E8A40-F51B-4AE6-A357-4BD34F8AEDBD} - System32\Tasks\TVAgent => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe [2009-10-06] (CyberLink Corp.)
Task: {76256CF1-17EC-4986-B2BE-738E585BF17D} - System32\Tasks\{6BCF8F69-FDCB-444D-A637-957BB97FBF7D} => C:\Program Files (x86)\ALNO\KPL\KPL.exe
Task: {7EA6E2A3-A6FA-49B9-B3F0-7AB8C1BA64A6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-25] (Adobe Systems Incorporated)
Task: {A5EB7A1E-857D-4283-81D5-680C14AB6859} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
Task: {AB0B7C64-8857-451B-914B-6213F94AD592} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2009-10-16] (Hewlett-Packard)
Task: {B981457B-208B-419F-9629-9418AB3CC0B5} - System32\Tasks\CapSvcInst => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapSvcInst.exe [2009-10-06] (CL)
Task: {BA4D7814-C7D4-42B7-85A6-9ECFF6A6003C} - System32\Tasks\CapUninst => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapUninst.exe [2009-10-06] (CL)
Task: {CA5AC19B-7E9E-4C20-B26E-45CDE362DD82} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {D850A102-73E0-441B-AAF6-7E2ED764E23B} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-10-05] (CyberLink)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) ==============
2011-03-14 16:27 - 2011-03-14 16:27 - 00346976 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
2010-01-08 23:23 - 2009-07-06 20:20 - 00247152 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2011-05-24 12:44 - 2011-05-24 12:44 - 07237024 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\WiselinkPro.exe
2011-05-24 12:44 - 2011-05-24 12:44 - 00428088 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\http_ss_win_pro.exe
2013-07-21 11:56 - 2014-07-02 19:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-02-24 21:21 - 2014-01-28 17:33 - 00019744 _____ () C:\Program Files (x86)\CheckDrive\AbStartManager.dll
2014-02-24 21:21 - 2014-01-28 17:33 - 00014112 _____ () C:\Program Files (x86)\CheckDrive\AbMessages.dll
2009-08-25 09:48 - 2009-08-25 09:48 - 00610872 _____ () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
2009-08-25 18:34 - 2009-08-25 18:34 - 00015544 ____R () C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
2013-08-29 01:23 - 2013-08-29 01:23 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2009-07-01 15:44 - 2009-07-01 15:44 - 00632888 _____ () C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-12-18 10:02 - 2010-12-18 10:02 - 00672782 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\avformat-52.dll
2010-12-18 10:02 - 2010-12-18 10:02 - 04434958 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\avcodec-52.dll
2010-12-18 10:02 - 2010-12-18 10:02 - 00069134 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\avutil-50.dll
2010-12-18 10:02 - 2010-12-18 10:02 - 00335360 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\PCAutoChapterLib.dll
2010-12-15 20:22 - 2010-12-15 20:22 - 00147456 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\libexpat.dll
2010-12-18 10:02 - 2010-12-18 10:02 - 00131086 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\swscale-0.dll
2010-12-15 20:22 - 2011-07-16 13:23 - 00057856 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\lang.dll
2009-08-20 12:35 - 2009-08-20 12:35 - 02121728 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
2009-08-20 12:35 - 2009-08-20 12:35 - 07745536 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
2009-08-20 12:35 - 2009-08-20 12:35 - 00135168 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2013-05-23 12:53 - 2013-05-23 12:53 - 00026040 _____ () C:\Program Files (x86)\MyTomTom 3\DeviceDetection.dll
2013-05-23 12:53 - 2013-05-23 12:53 - 00074680 _____ () C:\Program Files (x86)\MyTomTom 3\TomTomSupporterBase.dll
2013-05-23 12:53 - 2013-05-23 12:53 - 00279480 _____ () C:\Program Files (x86)\MyTomTom 3\TomTomSupporterProxy.dll
2014-11-19 12:48 - 2014-11-19 12:48 - 08507232 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtGui4.dll
2014-11-19 12:48 - 2014-11-19 12:48 - 02354016 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtCore4.dll
2014-11-19 12:48 - 2014-11-19 12:48 - 01014624 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtNetwork4.dll
2014-11-19 12:48 - 2014-11-19 12:48 - 00364384 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtXml4.dll
2014-11-19 12:48 - 2014-11-19 12:48 - 02480992 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtDeclarative4.dll
2014-11-19 12:48 - 2014-11-19 12:48 - 01346912 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtScript4.dll
2014-11-19 12:48 - 2014-11-19 12:48 - 00206176 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtSql4.dll
2014-11-19 12:48 - 2014-11-19 12:48 - 02653024 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtXmlPatterns4.dll
2014-11-19 12:48 - 2014-11-19 12:48 - 00033120 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qgif4.dll
2014-11-19 12:48 - 2014-11-19 12:48 - 00035680 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qico4.dll
2014-11-19 12:48 - 2014-11-19 12:48 - 00207200 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qjpeg4.dll
2014-11-19 12:48 - 2014-11-19 12:48 - 11166560 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtWebKit4.dll
2014-11-19 12:48 - 2014-11-19 12:48 - 00276832 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\phonon4.dll
2014-11-11 10:21 - 2014-11-11 10:21 - 00392552 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\ssoengine.dll
2014-11-11 10:21 - 2014-11-11 10:21 - 00059752 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\securestorage.dll
2014-11-19 12:48 - 2014-11-19 12:48 - 00446304 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll
2014-11-19 12:48 - 2014-11-19 12:48 - 00520544 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtMultimediaKit1.dll
2014-11-19 12:48 - 2014-11-19 12:48 - 00720736 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtOpenGL4.dll
2014-11-19 12:46 - 2014-11-19 12:46 - 00606560 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\CommonUpdateChecker.dll
2014-11-19 12:47 - 2014-11-19 12:47 - 00438624 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\NService.dll
2014-11-19 12:48 - 2014-11-19 12:48 - 00093024 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\qjson.dll
2013-08-29 01:25 - 2013-08-29 01:25 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2009-10-05 23:08 - 2009-10-05 23:08 - 00931112 ____N () c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
2015-01-27 18:56 - 2015-01-27 18:56 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Registry Areas =====================
(Currently there is no automatic fix for this section.)
ATTENTION: Missing Desktop Wallpaper Registry entry.
ATTENTION: Missing Desktop Wallpaper Registry entry.
ATTENTION: Missing Desktop Wallpaper Registry entry.
HKU\S-1-5-21-132197110-3117043442-3119173927-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Sumsium\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Sumsium\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Sumsisum\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-132197110-3117043442-3119173927-501\Control Panel\Desktop\\Wallpaper -> C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== Accounts: =============================
Administrator (S-1-5-21-132197110-3117043442-3119173927-500 - Administrator - Disabled)
Gast (S-1-5-21-132197110-3117043442-3119173927-501 - Limited - Enabled) => C:\Users\Gast
HomeGroupUser$ (S-1-5-21-132197110-3117043442-3119173927-1004 - Limited - Enabled)
Sumsisum (S-1-5-21-132197110-3117043442-3119173927-1003 - Limited - Enabled) => C:\Users\Sumsisum
Sumsium (S-1-5-21-132197110-3117043442-3119173927-1000 - Administrator - Enabled) => C:\Users\Sumsium
==================== Faulty Device Manager Devices =============
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (02/04/2015 10:11:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11092
Error: (02/04/2015 10:11:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11092
Error: (02/04/2015 10:11:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (02/04/2015 10:11:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10093
Error: (02/04/2015 10:11:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10093
Error: (02/04/2015 10:11:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (02/04/2015 10:11:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9095
Error: (02/04/2015 10:11:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9095
Error: (02/04/2015 10:11:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (02/04/2015 10:11:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8081
System errors:
=============
Error: (02/05/2015 08:50:21 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (02/05/2015 08:49:23 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (02/05/2015 08:46:31 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (02/05/2015 08:36:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Easybits Shared Services for Windows" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (02/04/2015 08:38:43 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.
Modulpfad: C:\Windows\System32\bcmihvsrv64.dll
Error: (02/04/2015 08:38:43 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.
Modulpfad: C:\Windows\System32\bcmihvsrv64.dll
Error: (02/04/2015 08:38:39 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.
Modulpfad: C:\Windows\System32\bcmihvsrv64.dll
Error: (02/04/2015 08:38:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (02/04/2015 08:38:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (02/04/2015 08:38:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "HP Health Check Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
Microsoft Office Sessions:
=========================
Error: (09/03/2014 07:33:36 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 98602 seconds with 1080 seconds of active time. This session ended with a crash.
Error: (01/21/2014 06:46:35 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 428288 seconds with 1080 seconds of active time. This session ended with a crash.
Error: (09/18/2013 09:17:52 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6679.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 132322 seconds with 1440 seconds of active time. This session ended with a crash.
Error: (02/23/2013 06:38:32 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 69585 seconds with 240 seconds of active time. This session ended with a crash.
Error: (11/10/2012 05:04:49 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash.
Error: (10/13/2012 02:15:00 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 0 seconds with 0 seconds of active time. This session ended with a crash.
Error: (10/09/2012 00:48:01 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 0 seconds with 0 seconds of active time. This session ended with a crash.
Error: (04/24/2012 08:01:51 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 50 seconds with 0 seconds of active time. This session ended with a crash.
Error: (07/21/2011 01:20:30 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 501708 seconds with 360 seconds of active time. This session ended with a crash.
Error: (01/07/2011 11:37:03 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 41763 seconds with 4320 seconds of active time. This session ended with a crash.
CodeIntegrity Errors:
===================================
Date: 2015-02-05 20:49:23.317
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2015-02-05 20:49:23.193
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-05-06 21:31:51.133
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-05-06 21:31:50.972
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-05-06 21:31:48.255
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-05-06 21:31:48.017
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-05-06 21:31:45.551
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-05-06 21:31:45.325
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-05-06 21:31:43.066
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-05-06 21:31:42.899
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5 CPU M 430 @ 2.27GHz
Percentage of memory in use: 33%
Total physical RAM: 8182.87 MB
Available physical RAM: 5468.9 MB
Total Pagefile: 16363.92 MB
Available Pagefile: 13082.13 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:281.1 GB) (Free:51.11 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:16.69 GB) (Free:2.72 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
Drive g: (Elements) (Fixed) (Total:1397.26 GB) (Free:214.65 GB) NTFS
Drive h: (CAM_SD) (Removable) (Total:7.39 GB) (Free:4.27 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: F6A96D4D)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=281.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=16.7 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)
========================================================
Disk: 1 (Size: 7.4 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 1397.3 GB) (Disk ID: 0010410D)
Partition 1: (Not Active) - (Size=1397.3 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
06.02.2015, 00:19
| #7 |
| Ruhe in Frieden † 2019 | Fund bei Malwarebytes: OpenCandy und Spigot Hallo, das sieht besser aus. Schritt 1 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 2 Mache nochmal einen Scan mit Malwarebytes und lösche das was noch gefunden wurde, poste mir die Logdatei. Schritt 3 Starte noch einmal FRST.
|
|
06.02.2015, 20:03
| #8 |
| | Fund bei Malwarebytes: OpenCandy und Spigot Hallo Sandra, dummerweise habe ich Adw Cleaner vor dem MWB bereits gestartet, das war der Bericht. Ich werde aber, ADW Cleaner nochmals drüber laufen lassen, dieser Report hier nur zur Info. Code:
ATTFilter # AdwCleaner v4.109 - Bericht erstellt am 04/02/2015 um 20:38:25
# Aktualisiert 24/01/2015 von Xplode
# Database : 2015-02-04.1 [Live]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Sumsium - SUMSISUM-PC
# Gestartet von : C:\Users\Sumsium\Downloads\AdwCleaner09.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\SecTaskMan
Ordner Gelöscht : C:\Users\Sumsium\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\Sumsisum\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcdjknjpbnhdoabbngpmfekaecnpajba
Ordner Gelöscht : C:\Users\Sumsium\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcdjknjpbnhdoabbngpmfekaecnpajba
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\Sumsisum\AppData\Roaming\Mozilla\Firefox\Profiles\69ur57oa.default\foxydeal.sqlite
Datei Gelöscht : C:\Users\Sumsisum\AppData\Roaming\Mozilla\Firefox\Profiles\svrphqsy.default-1386437640411\foxydeal.sqlite
Datei Gelöscht : C:\Users\Sumsisum\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hcdjknjpbnhdoabbngpmfekaecnpajba_0.localstorage
Datei Gelöscht : C:\Users\Sumsium\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hcdjknjpbnhdoabbngpmfekaecnpajba_0.localstorage
Datei Gelöscht : C:\Users\Sumsisum\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hcdjknjpbnhdoabbngpmfekaecnpajba_0.localstorage-journal
Datei Gelöscht : C:\Users\Sumsium\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hcdjknjpbnhdoabbngpmfekaecnpajba_0.localstorage-journal
Datei Gelöscht : C:\Users\Sumsisum\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.ak.facebook.com_0.localstorage
Datei Gelöscht : C:\Users\Sumsium\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.ak.facebook.com_0.localstorage
Datei Gelöscht : C:\Users\Sumsisum\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.ak.facebook.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Sumsium\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.ak.facebook.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Sumsisum\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C424171E-592A-415A-9EB1-DFD6D95D3530}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C424171E-592A-415A-9EB1-DFD6D95D3530}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C424171E-592A-415A-9EB1-DFD6D95D3530}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C424171E-592A-415A-9EB1-DFD6D95D3530}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C424171E-592A-415A-9EB1-DFD6D95D3530}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{C424171E-592A-415A-9EB1-DFD6D95D3530}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C424171E-592A-415A-9EB1-DFD6D95D3530}]
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Myfree Codec
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Myfree Codec
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17496
-\\ Mozilla Firefox v35.0.1 (x86 de)
-\\ Google Chrome v40.0.2214.94
*************************
AdwCleaner[R0].txt - [4775 octets] - [30/11/2013 08:58:44]
AdwCleaner[R1].txt - [1246 octets] - [30/11/2013 11:38:53]
AdwCleaner[R2].txt - [6600 octets] - [04/02/2015 20:35:47]
AdwCleaner[S0].txt - [4797 octets] - [30/11/2013 08:59:48]
AdwCleaner[S1].txt - [1307 octets] - [30/11/2013 11:40:53]
AdwCleaner[S2].txt - [6334 octets] - [04/02/2015 20:38:25]
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [6394 octets] ##########
Code:
ATTFilter # AdwCleaner v4.110 - Bericht erstellt 06/02/2015 um 19:00:28
# Aktualisiert 05/02/2015 von Xplode
# Datenbank : 2015-02-05.2 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : Sumsium - SUMSISUM-PC
# Gestarted von : C:\Users\Sumsium\Downloads\AdwCleaner_4.110.exe
# Option : Suchlauf
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Datei Gefunden : C:\Users\Sumsisum\AppData\Roaming\Mozilla\Firefox\Profiles\svrphqsy.default-1386437640411\foxydeal.sqlite
Ordner Gefunden : C:\Users\Sumsisum\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcdjknjpbnhdoabbngpmfekaecnpajba
***** [ Geplante Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
***** [ Internetbrowser ] *****
-\\ Internet Explorer v11.0.9600.17496
-\\ Mozilla Firefox v35.0.1 (x86 de)
-\\ Google Chrome v40.0.2214.94
*************************
AdwCleaner[R0].txt - [4775 Bytes] - [30/11/2013 08:58:44]
AdwCleaner[R1].txt - [1246 Bytes] - [30/11/2013 11:38:53]
AdwCleaner[R2].txt - [6600 Bytes] - [04/02/2015 20:35:47]
AdwCleaner[R3].txt - [1360 Bytes] - [06/02/2015 19:00:28]
AdwCleaner[S0].txt - [4797 Bytes] - [30/11/2013 08:59:48]
AdwCleaner[S1].txt - [1307 Bytes] - [30/11/2013 11:40:53]
AdwCleaner[S2].txt - [6510 Bytes] - [04/02/2015 20:38:25]
########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [1596 Bytes] ##########
Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 06.02.2015 Suchlauf-Zeit: 19:12:59 Logdatei: MWB_06.02.2015.txt Administrator: Ja Version: 2.00.4.1028 Malware Datenbank: v2015.02.06.07 Rootkit Datenbank: v2015.02.03.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Sumsium Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 537359 Verstrichene Zeit: 29 Min, 3 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Warnen PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 0 (Keine schädliche Elemente erkannt) Registrierungswerte: 0 (Keine schädliche Elemente erkannt) Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 0 (Keine schädliche Elemente erkannt) Dateien: 0 (Keine schädliche Elemente erkannt) Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-02-2015 01 Ran by Sumsium (administrator) on SUMSISUM-PC on 06-02-2015 20:00:29 Running from C:\Users\Sumsium\Downloads Loaded Profiles: Sumsium & (Available profiles: Sumsium & Sumsisum & Gast) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe () C:\ProgramData\DatacardService\HWDeviceService64.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\WiselinkPro.exe () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\http_ss_win_pro.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Abelssoft) C:\Program Files (x86)\CheckDrive\CheckDriveBackgroundGuard.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe (CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (Samsung Electronics) C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (TomTom) C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe (Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe (Sigmatel) C:\Windows\system\w98eject.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe () C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe ( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe (Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (Samsung) C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (1und1 Mail und Media GmbH) C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe (BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe (Nokia) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe () C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated) HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610872 2009-08-25] () HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-03-23] (IDT, Inc.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM-x32\...\Run: [Corel File Shell Monitor] => C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe [15544 2009-08-25] () HKLM-x32\...\Run: [HPCam_Menu] => c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.) HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [322104 2009-08-20] ( Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard) HKLM-x32\...\Run: [WirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard) HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.) HKLM-x32\...\Run: [AllShareAgent] => C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe [250768 2011-05-24] (Samsung) HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310064 2014-05-28] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2015-01-09] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [443408 2014-02-07] (BlackBerry Limited) HKLM-x32\...\Run: [Magic Desktop for HP notification] => C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe [1243656 2013-12-07] (Easybits) HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-09-11] (DivX, LLC) HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-29] () HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.) HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [571392 2011-10-30] (Nikon Corporation) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.) HKLM-x32\...\Run: [MailCheck IE Broker] => C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe [2135104 2014-11-17] (1und1 Mail und Media GmbH) HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\Direct3DVideoOutput.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\Direct3DVideoOutput.dll",DllRegisterServer HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DirectSoundAudioOutput.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DirectSoundAudioOutput.dll",DllRegisterServer HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DivXASPDecode.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DivXASPDecode.dll",DllRegisterServer HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DivXDeinterlaceFilter.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DivXDeinterlaceFilter.dll",DllRegisterServer HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\MP3SurroundDecode.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\MP3SurroundDecode.dll",DllRegisterServer HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DivXPlaybackModule.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DivXPlaybackModule.dll",DllRegisterServer HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll",DllRegisterServer HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll",DllRegisterServer HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll",DllRegisterServer HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll",DllRegisterServer HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDFXAudioPlugin.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDFXAudioPlugin.dll",DllRegisterServer HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DFXAudioPlugin.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DFXAudioPlugin.dll",DllRegisterServer HKU\S-1-5-21-132197110-3117043442-3119173927-1000\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-08-20] (Hewlett-Packard Company) HKU\S-1-5-21-132197110-3117043442-3119173927-1000\...\Run: [KiesPDLR] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [843568 2014-05-28] (Samsung) HKU\S-1-5-21-132197110-3117043442-3119173927-1000\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe [578560 2013-04-18] (Samsung Electronics) HKU\S-1-5-21-132197110-3117043442-3119173927-1000\...\Run: [MyTomTomSA.exe] => C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe [455608 2013-05-23] (TomTom) HKU\S-1-5-21-132197110-3117043442-3119173927-1000\...\Run: [NokiaSuite.exe] => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1092448 2014-11-19] (Nokia) HKU\S-1-5-21-132197110-3117043442-3119173927-1000\...\Policies\system: [DisableLockWorkstation] 0 HKU\S-1-5-21-132197110-3117043442-3119173927-1000\...\Policies\system: [DisableChangePassword] 0 HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-08-20] (Hewlett-Packard Company) HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [KiesPDLR] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [843568 2014-05-28] (Samsung) HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe [578560 2013-04-18] (Samsung Electronics) HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [MyTomTomSA.exe] => C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe [455608 2013-05-23] (TomTom) HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [NokiaSuite.exe] => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1092448 2014-11-19] (Nokia) HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DisableLockWorkstation] 0 HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DisableChangePassword] 0 HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-08-20] (Hewlett-Packard Company) HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [QuickTime Task] => "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [AnyDVD] => C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [KiesPDLR] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [843568 2014-05-28] (Samsung) HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [Ebbaenvyn] => C:\Users\Sumsisum\AppData\Roaming\Cenaat\ubco.exe HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [843568 2014-05-28] (Samsung) HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [openvpntray.EXE] => C:\Users\Sumsisum\AppData\Roaming\Hotspot Shield\bin\openvpntray.EXE -nonadmin HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [Greenshot] => C:\Users\Sumsisum\AppData\Local\Greenshot\Greenshot.exe [495616 2013-12-12] (Greenshot) HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [KiesPDLR.exe] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [843568 2014-05-28] (Samsung) HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [GoogleChromeAutoLaunch_CC7034B0FA467AF7CA332882BC1B199F] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-01-27] (Google Inc.) HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [NokiaSuite.exe] => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1092448 2014-11-19] (Nokia) HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Policies\system: [DisableLockWorkstation] 0 HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Policies\system: [DisableChangePassword] 0 HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\MountPoints2: {c8af9512-5273-11e1-86e7-d2106dcbbcc7} - G:\AutoRun.exe HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\MountPoints2: {c8af9530-5273-11e1-86e7-d2106dcbbcc7} - G:\AutoRun.exe Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\w98Eject.lnk ShortcutTarget: w98Eject.lnk -> C:\Windows\system\w98eject.exe (Sigmatel) Startup: C:\Users\Sumsisum\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-132197110-3117043442-3119173927-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-132197110-3117043442-3119173927-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=BDT3&ocid=BDT3DHP&dt=072113 HKU\S-1-5-21-132197110-3117043442-3119173927-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=BDT3&ocid=BDT3DHP&dt=072113 HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.facebook.de/ HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4 HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://www.google.de/ hxxp://www.dict.cc/ SearchScopes: HKLM -> {230D7087-5842-4816-985C-8393ACBAC32D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox SearchScopes: HKLM-x32 -> {230D7087-5842-4816-985C-8393ACBAC32D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000 -> {230D7087-5842-4816-985C-8393ACBAC32D} URL = SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000 -> {56728EB4-149A-4AB9-845B-0CE539BFAF5F} URL = hxxp://go.web.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000 -> {9FA66BE2-9B22-4EE4-845F-A8C2AEB43E93} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=827316&p={searchTerms} SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000 -> {A3B580D5-7A1E-47A6-8959-EDB56220911B} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000 -> {A8230883-C5FB-4BA4-B422-5AC627B247E4} URL = hxxp://go.gmx.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000 -> {B18110A6-0C60-4152-B054-7492AF998A53} URL = hxxp://go.mail.com/tb/en-us/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {230D7087-5842-4816-985C-8393ACBAC32D} URL = SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {56728EB4-149A-4AB9-845B-0CE539BFAF5F} URL = hxxp://go.web.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {9FA66BE2-9B22-4EE4-845F-A8C2AEB43E93} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=827316&p={searchTerms} SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {A3B580D5-7A1E-47A6-8959-EDB56220911B} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {A8230883-C5FB-4BA4-B422-5AC627B247E4} URL = hxxp://go.gmx.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {B18110A6-0C60-4152-B054-7492AF998A53} URL = hxxp://go.mail.com/tb/en-us/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> DefaultScope {230D7087-5842-4816-985C-8393ACBAC32D} URL = SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> {23E77356-E10E-46C5-AA24-2D9B7C1FB216} URL = hxxp://go.web.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> {675FE16E-301D-44E6-8F1F-1D552559A19E} URL = hxxp://go.gmx.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> {D045F1E8-885E-482D-8207-5DD49111C39E} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> {E9A1BA5E-CB6A-4F07-AD0F-DA446D7AD36B} URL = hxxp://go.mail.com/tb/en-us/ie_searchplugin/?q={searchTerms}&enc=UTF-8 BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.) BHO: WEB.DE MailCheck BHO -> {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} -> C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) BHO-x32: WEB.DE MailCheck BHO -> {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} -> C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File Toolbar: HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> No Name - {C424171E-592A-415A-9EB1-DFD6D95D3530} - No File DPF: HKLM-x32 {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) Handler-x32: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) Tcpip\Parameters: [DhcpNameServer] 192.168.0.2 Tcpip\..\Interfaces\{2DD74BF9-228A-47CA-9F74-06C1515BF58C}: [NameServer] 139.7.30.125 139.7.30.126 FireFox: ======== FF ProfilePath: C:\Users\Sumsium\AppData\Roaming\Mozilla\Firefox\Profiles\h8p7mo5w.default FF SelectedSearchEngine: Google FF Keyword.URL: hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=827316&p= FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @innoplus.de/ino3DViewer -> C:\Program Files (x86)\innoplus\3D-Viewer-innoPlus\npIno3DViewer.dll (INNOVA-engineering GmbH Dresden) FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( ) FF Plugin-x32: @pack.google.com/Google Updater;version=14 -> C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll () FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: NitroPDF -> C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll ( ) FF Plugin-x32: PDF Architect 2 -> C:\Program Files (x86)\PDF Architect 2\np-previewer.dll (pdfforge GmbH) FF Plugin HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0: @Google.com/GoogleEarthPlugin -> C:\Users\Sumsisum\AppData\Local\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Extension: Download videos and MP3s from YouTube - C:\Users\Sumsium\AppData\Roaming\Mozilla\Firefox\Profiles\h8p7mo5w.default\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900} [2014-11-12] FF Extension: NoScript - C:\Users\Sumsium\AppData\Roaming\Mozilla\Firefox\Profiles\h8p7mo5w.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012-03-04] FF Extension: Adblock Plus - C:\Users\Sumsium\AppData\Roaming\Mozilla\Firefox\Profiles\h8p7mo5w.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-10-21] FF HKU\S-1-5-21-132197110-3117043442-3119173927-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-11-12] FF HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff Chrome: ======= CHR HomePage: Default -> hxxp://www.google.com/ CHR StartupUrls: Default -> "hxxp://www.google.com/" CHR Profile: C:\Users\Sumsium\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Sumsium\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-04] CHR Extension: (YouTube) - C:\Users\Sumsium\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-01] CHR Extension: (Adblock Plus) - C:\Users\Sumsium\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-03-01] CHR Extension: (Hide My Ass! Web Proxy) - C:\Users\Sumsium\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmgnmcnlncejehjlnhaglpnoolgbflbd [2014-06-13] CHR Extension: (Google-Suche) - C:\Users\Sumsium\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-01] CHR Extension: (Avira Browser Safety) - C:\Users\Sumsium\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-06-13] CHR Extension: (Google Wallet) - C:\Users\Sumsium\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-01] CHR Extension: (Google Mail) - C:\Users\Sumsium\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-01] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation) R2 AntiVirFirewallService; C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [1044784 2014-11-25] (Avira Operations GmbH & Co. KG) R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [807672 2015-01-09] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2015-01-09] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2015-01-09] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [993584 2015-01-09] (Avira Operations GmbH & Co. KG) R3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [585728 2014-01-21] (BlackBerry Limited) [File not signed] R2 ezSharedSvc; C:\Windows\SysWOW64\ezsvc7.dll [129584 2009-02-22] (EasyBits Sofware AS) [File not signed] R2 HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [120832 2009-10-15] (Hewlett-Packard) [File not signed] R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] () R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-08-20] (Hewlett-Packard Company) [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 NitroReaderDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [341296 2011-06-21] (Nitro PDF Software) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-13] (NVIDIA Corporation) S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1716264 2014-04-30] (pdfforge GmbH) S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-04-30] (pdfforge GmbH) R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-06] () R2 SamsungAllShare; C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\WiselinkPro.exe [7237024 2011-05-24] () R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe [247808 2010-03-23] (IDT, Inc.) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R3 avfwim; C:\Windows\System32\DRIVERS\avfwim.sys [114608 2013-02-12] (Avira GmbH) R1 avfwot; C:\Windows\System32\DRIVERS\avfwot.sys [141376 2013-02-12] (Avira GmbH) R1 avfwot; C:\Windows\SysWOW64\DRIVERS\avfwot.sys [131336 2011-06-30] (Avira GmbH) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-01] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-01] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [43064 2014-10-01] (Avira Operations GmbH & Co. KG) S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-04-18] () [File not signed] R3 GEARAspiWDM; C:\Windows\SysWOW64\DRIVERS\GEARAspiWDM.sys [15664 2011-11-19] (GEAR Software Inc.) S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [212992 2012-02-13] (Huawei Technologies Co., Ltd.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-06] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation) S3 OV550I; C:\Windows\System32\Drivers\ov550ivx.sys [196992 2008-02-21] (Omnivision Technologies, Inc.) S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [79872 2013-12-02] (BlackBerry Limited) R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd) S3 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp.sys [145360 2010-02-12] (Sun Microsystems, Inc.) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 dgderdrv; System32\drivers\dgderdrv.sys [X] S3 DlinkUDSMBus; SysWOW64\Drivers\DlinkUDSMBus.sys [X] S3 lvpepf64; system32\DRIVERS\lv302a64.sys [X] S3 LVPr2M64; system32\DRIVERS\LVPr2M64.sys [X] S3 LVRS64; system32\DRIVERS\lvrs64.sys [X] S3 PID_PEPI; system32\DRIVERS\LV302V64.SYS [X] S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X] S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-06 19:58 - 2015-02-06 19:58 - 00001209 _____ () C:\Users\Sumsium\Desktop\MWB_06.02.2015.txt 2015-02-06 19:11 - 2015-02-06 19:11 - 00003536 _____ () C:\Windows\System32\Tasks\Google Software Updater 2015-02-06 19:11 - 2015-02-06 19:11 - 00000986 _____ () C:\Windows\Tasks\Google Software Updater.job 2015-02-06 18:59 - 2015-02-06 18:59 - 02112512 _____ () C:\Users\Sumsium\Downloads\AdwCleaner_4.110.exe 2015-02-05 21:08 - 2015-02-05 21:08 - 00060051 _____ () C:\Users\Sumsium\Desktop\FRST_05.02.2015.txt 2015-02-05 21:08 - 2015-02-05 21:08 - 00049146 _____ () C:\Users\Sumsium\Desktop\Addition_05.02.2015.txt 2015-02-05 21:06 - 2015-02-06 20:00 - 00040833 _____ () C:\Users\Sumsium\Downloads\FRST.txt 2015-02-05 21:06 - 2015-02-05 21:07 - 00049146 _____ () C:\Users\Sumsium\Downloads\Addition.txt 2015-02-05 21:01 - 2015-02-05 21:01 - 00034595 _____ () C:\Users\Sumsium\Desktop\Combo_05022015.txt 2015-02-05 20:52 - 2015-02-05 20:52 - 00034595 _____ () C:\ComboFix.txt 2015-02-05 20:36 - 2015-02-05 20:52 - 00000000 ____D () C:\Qoobox 2015-02-05 20:36 - 2015-02-05 20:52 - 00000000 ____D () C:\ComboFix 2015-02-05 20:36 - 2015-02-05 20:51 - 00000000 ____D () C:\Windows\erdnt 2015-02-05 20:36 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe 2015-02-05 20:36 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe 2015-02-05 20:36 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-02-05 20:36 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-02-05 20:36 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-02-05 20:36 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe 2015-02-05 20:36 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe 2015-02-05 20:36 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe 2015-02-05 20:34 - 2015-02-05 20:34 - 05611380 ____R (Swearware) C:\Users\Sumsium\Desktop\ComboFix.exe 2015-02-04 22:04 - 2015-02-04 22:05 - 00051768 _____ () C:\Users\Sumsium\Desktop\Addition.txt 2015-02-04 22:03 - 2015-02-06 20:00 - 00000000 ____D () C:\FRST 2015-02-04 22:03 - 2015-02-04 22:05 - 00058138 _____ () C:\Users\Sumsium\Desktop\FRST.txt 2015-02-04 22:03 - 2015-02-04 22:03 - 02131968 _____ (Farbar) C:\Users\Sumsium\Downloads\FRST64.exe 2015-02-04 21:39 - 2015-02-04 21:39 - 00001596 _____ () C:\Users\Sumsium\Desktop\MWB_04.02.2015.txt 2015-02-04 20:56 - 2015-02-06 19:09 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-02-04 20:56 - 2015-02-04 20:56 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-02-04 20:56 - 2015-02-04 20:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-02-04 20:56 - 2015-02-04 20:56 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-02-04 20:56 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-02-04 20:56 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-02-04 20:35 - 2015-02-04 20:35 - 02194432 _____ () C:\Users\Sumsium\Downloads\AdwCleaner09.exe 2015-02-04 20:31 - 2015-02-04 20:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WEB.DE MailCheck 2015-02-04 20:31 - 2015-02-04 20:31 - 00000000 ____D () C:\Program Files\WEB.DE MailCheck 2015-02-04 20:31 - 2015-02-04 20:31 - 00000000 ____D () C:\Program Files (x86)\WEB.DE MailCheck 2015-02-02 18:10 - 2015-02-02 18:11 - 00000000 ____D () C:\Users\Sumsisum\AppData\Local\{BCB7DE81-8D52-4792-B5AF-BEB777D12830} 2015-02-01 17:50 - 2015-02-01 17:50 - 00000000 ____D () C:\Users\Sumsisum\AppData\Local\{2EBA8608-3E96-4F27-92D9-C942EDED9FF6} 2015-01-31 18:50 - 2015-01-31 18:51 - 00000000 ____D () C:\Users\Sumsisum\AppData\Local\{BA1C8A95-E08D-458F-BFBB-3D4399D73349} 2015-01-28 19:44 - 2015-01-28 19:44 - 49464479 _____ () C:\Users\Sumsisum\Downloads\Sky_go_v.1.1.apk 2015-01-28 19:24 - 2015-01-28 19:27 - 00000000 ____D () C:\Users\Sumsisum\Desktop\kindle 2015-01-27 18:56 - 2015-01-27 18:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-01-26 18:42 - 2015-01-26 18:42 - 00003882 _____ () C:\Windows\System32\Tasks\Registration 1und1 Task 2015-01-26 18:42 - 2015-01-26 18:42 - 00000000 ____D () C:\ProgramData\UUdb 2015-01-26 11:02 - 2015-01-26 11:02 - 00022720 _____ () C:\Users\Sumsisum\KontakteNokia.7z 2015-01-26 10:57 - 2015-01-26 10:58 - 00000000 ____D () C:\Users\Sumsisum\KontakteNokia 2015-01-26 10:40 - 2015-01-26 10:52 - 00000000 ____D () C:\Users\Sumsium\KontakteNokia 2015-01-26 09:33 - 2015-01-26 09:33 - 00000000 ____D () C:\Users\Sumsium\AppData\Roaming\Windows Live Writer 2015-01-26 09:33 - 2015-01-26 09:33 - 00000000 ____D () C:\Users\Sumsium\AppData\Local\Windows Live Writer 2015-01-26 09:33 - 2015-01-26 09:33 - 00000000 ____D () C:\Users\Sumsium\AppData\Local\{8FFF0D90-6E4F-4354-8769-B7908F254471} 2015-01-26 09:33 - 2015-01-26 09:33 - 00000000 ____D () C:\Users\Sumsium\AppData\Local\{74770D46-27FE-443A-B9EF-4A06FDF3873F} 2015-01-26 08:33 - 2015-01-26 08:33 - 00000000 ____D () C:\Users\Sumsium\AppData\Roaming\Nokia Suite 2015-01-26 08:33 - 2015-01-26 08:33 - 00000000 ____D () C:\Users\Sumsium\AppData\Roaming\Nokia 2015-01-26 08:30 - 2015-01-26 08:30 - 00000000 __SHD () C:\Users\Sumsium\AppData\Local\EmieBrowserModeList 2015-01-26 08:26 - 2015-01-26 08:26 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7 2015-01-26 08:24 - 2015-01-26 08:24 - 00000000 ____D () C:\Users\Sumsium\AppData\Local\Apple Computer 2015-01-25 15:15 - 2015-01-25 15:15 - 04070576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2015-01-25 10:59 - 2015-01-25 10:59 - 00000000 ____D () C:\Users\Sumsisum\Desktop\Sigi Geburtstag 2015-01-23 20:58 - 2015-01-23 20:58 - 02470949 _____ () C:\Users\Sumsisum\Downloads\HollywoodTowers.mp4 2015-01-23 20:55 - 2015-01-23 20:55 - 02842206 _____ () C:\Users\Sumsisum\Downloads\SevenDwarfs.mp4 2015-01-23 19:23 - 2015-01-23 19:23 - 00000000 ____D () C:\Users\Gast\AppData\Local\Apple Computer 2015-01-23 19:23 - 2015-01-23 19:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2015-01-23 19:23 - 2015-01-23 19:23 - 00000000 ____D () C:\ProgramData\Apple Computer 2015-01-23 19:23 - 2015-01-23 19:23 - 00000000 ____D () C:\Program Files\iTunes 2015-01-23 19:23 - 2015-01-23 19:23 - 00000000 ____D () C:\Program Files\iPod 2015-01-23 19:23 - 2015-01-23 19:23 - 00000000 ____D () C:\Program Files (x86)\iTunes 2015-01-23 19:23 - 2012-10-03 16:14 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys 2015-01-23 19:22 - 2015-01-23 19:23 - 00000000 ____D () C:\Program Files\Common Files\Apple 2015-01-23 19:21 - 2015-01-23 19:21 - 00000000 ____D () C:\Program Files\Bonjour 2015-01-23 19:21 - 2015-01-23 19:21 - 00000000 ____D () C:\Program Files (x86)\Bonjour 2015-01-23 19:20 - 2015-01-23 19:20 - 122418480 _____ (Apple Inc.) C:\Users\Gast\Downloads\iTunes64Setup.exe 2015-01-23 19:17 - 2015-01-23 19:17 - 00002247 _____ () C:\Users\Gast\Desktop\Google Chrome.lnk 2015-01-23 19:17 - 2015-01-23 19:17 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google 2015-01-23 19:14 - 2015-01-23 19:14 - 00001270 _____ () C:\Users\Gast\Desktop\Kontakte - Verknüpfung.lnk 2015-01-23 19:09 - 2015-01-26 07:56 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\Nokia 2015-01-23 19:09 - 2015-01-23 19:09 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\Nokia Suite 2015-01-23 19:08 - 2015-01-26 07:52 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\PC Suite 2015-01-23 19:08 - 2015-01-23 19:08 - 00000000 ____D () C:\Users\Gast\AppData\Local\Nokia 2015-01-23 11:57 - 2015-01-23 11:57 - 00002089 _____ () C:\Users\Public\Desktop\Nokia Suite.lnk 2015-01-23 11:57 - 2015-01-23 11:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nokia 2015-01-23 11:57 - 2015-01-23 11:57 - 00000000 ____D () C:\Program Files (x86)\PC Connectivity Solution 2015-01-23 11:57 - 2012-10-17 14:53 - 00026112 _____ (Nokia) C:\Windows\system32\Drivers\pccsmcfdx64.sys 2015-01-23 11:27 - 2015-01-23 11:27 - 01191200 _____ () C:\Users\Sumsisum\Downloads\Nokia Suite - CHIP-Installer.exe 2015-01-23 11:03 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2015-01-21 17:25 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2015-01-21 17:25 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2015-01-21 17:25 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-01-21 17:25 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-01-21 17:25 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-01-21 17:25 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-01-21 17:25 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-01-21 17:25 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-01-21 17:25 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-01-21 17:25 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll 2015-01-21 17:25 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll 2015-01-21 17:25 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll 2015-01-09 18:11 - 2014-11-22 11:46 - 00038032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys 2015-01-09 18:11 - 2014-11-22 11:46 - 00032400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll 2015-01-09 17:39 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-01-09 17:39 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-06 20:00 - 2010-05-23 14:32 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-02-06 19:16 - 2009-07-14 05:45 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-02-06 19:16 - 2009-07-14 05:45 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-02-06 19:15 - 2012-03-29 14:54 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-02-06 19:13 - 2010-03-12 01:19 - 01311992 _____ () C:\Windows\WindowsUpdate.log 2015-02-06 19:07 - 2011-05-04 16:32 - 00330520 _____ () C:\Windows\SysWOW64\http_ss.log 2015-02-06 19:07 - 2010-05-23 14:32 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-02-06 19:07 - 2010-03-12 01:22 - 00665532 _____ () C:\Windows\PFRO.log 2015-02-06 19:07 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-02-06 19:07 - 2009-07-14 05:51 - 00210233 _____ () C:\Windows\setupact.log 2015-02-06 19:02 - 2013-11-30 08:58 - 00000000 ____D () C:\AdwCleaner 2015-02-05 20:52 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default 2015-02-05 20:50 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini 2015-02-04 20:56 - 2013-06-20 19:24 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware 2015-02-04 20:56 - 2012-03-04 12:38 - 00000000 ____D () C:\Users\Sumsium\AppData\Roaming\Malwarebytes 2015-02-04 20:56 - 2012-03-04 12:38 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-02-04 20:21 - 2012-09-24 10:34 - 00003954 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{61CDC14D-922F-48FB-A877-B41883A6DD8B} 2015-02-01 17:47 - 2014-08-27 19:26 - 00000000 ____D () C:\Users\Sumsisum\Documents\Wohnung 2015-01-31 18:51 - 2012-01-06 23:04 - 00000000 ____D () C:\Users\Sumsisum\AppData\Local\Windows Live 2015-01-31 12:38 - 2012-06-10 08:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-01-30 23:07 - 2010-01-09 06:07 - 09650414 _____ () C:\Windows\system32\perfh007.dat 2015-01-30 23:07 - 2010-01-09 06:07 - 03042540 _____ () C:\Windows\system32\perfc007.dat 2015-01-30 23:07 - 2009-07-14 06:13 - 00006504 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-01-26 18:42 - 2014-03-22 16:32 - 00000000 ____D () C:\Program Files (x86)\1und1Softwareaktualisierung 2015-01-26 11:02 - 2010-05-18 14:50 - 00000000 ____D () C:\Users\Sumsisum 2015-01-26 10:58 - 2012-07-21 18:33 - 00000000 ____D () C:\Users\Sumsisum\Documents\Rezepte 2015-01-26 10:40 - 2010-05-18 09:40 - 00000000 ____D () C:\Users\Sumsium 2015-01-26 09:33 - 2012-01-06 21:17 - 00000000 ____D () C:\Users\Sumsium\AppData\Local\Windows Live 2015-01-26 08:38 - 2012-01-07 23:18 - 00000000 ____D () C:\Users\Sumsium\AppData\Roaming\Apple Computer 2015-01-26 08:33 - 2012-10-23 18:23 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2015-01-26 08:32 - 2010-11-01 09:38 - 00000000 ____D () C:\Users\Sumsium\AppData\Roaming\PC Suite 2015-01-26 08:06 - 2014-01-21 19:59 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\Apple Computer 2015-01-25 15:15 - 2012-03-29 14:54 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-01-25 15:15 - 2012-03-29 14:54 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-01-25 15:15 - 2011-06-21 17:20 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-01-23 19:21 - 2011-10-31 21:11 - 00000000 ____D () C:\ProgramData\Apple 2015-01-23 12:02 - 2010-09-25 10:22 - 00000000 ____D () C:\Users\Sumsisum\AppData\Local\Nokia 2015-01-23 11:58 - 2010-09-24 19:14 - 00000000 ____D () C:\ProgramData\Nokia 2015-01-23 11:58 - 2010-09-22 10:45 - 00000000 ____D () C:\Users\Sumsium\AppData\Local\Nokia 2015-01-23 11:57 - 2010-09-22 10:41 - 00000000 ____D () C:\Program Files (x86)\Nokia 2015-01-23 11:57 - 2010-03-12 01:17 - 00109498 _____ () C:\Windows\DPINST.LOG 2015-01-23 11:06 - 2013-07-21 11:26 - 00000000 ____D () C:\Windows\system32\MRT 2015-01-23 10:53 - 2010-11-19 20:38 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-01-14 17:52 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-01-13 18:07 - 2014-01-07 12:27 - 00000000 ____D () C:\Users\Sumsisum\AppData\Local\Greenshot 2015-01-09 18:09 - 2014-01-12 18:54 - 00000000 ____D () C:\Users\Sumsisum\AppData\Local\NVIDIA Corporation 2015-01-08 09:55 - 2010-05-18 10:20 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe ==================== Files in the root of some directories ======= 2014-03-01 14:44 - 2014-03-01 14:44 - 0000268 ___RH () C:\Users\Sumsium\AppData\Roaming\Breath Pad 2014-03-01 14:44 - 2014-03-01 14:44 - 0000268 ___RH () C:\Users\Sumsium\AppData\Roaming\Bubble Noise 2013-06-29 16:22 - 2013-06-29 16:42 - 0000077 _____ () C:\Users\Sumsium\AppData\Roaming\Rim.Desktop.Exception.log 2011-03-12 16:59 - 2013-06-29 16:20 - 0003174 _____ () C:\Users\Sumsium\AppData\Roaming\Rim.Desktop.HttpServerSetup.log 2013-06-29 16:22 - 2013-06-29 16:42 - 0000077 _____ () C:\Users\Sumsium\AppData\Roaming\Rim.DesktopHelper.Exception.log 2011-01-08 21:13 - 2011-01-08 21:13 - 0000000 _____ () C:\Users\Sumsium\AppData\Local\AtStart.txt 2011-01-08 21:13 - 2011-01-08 21:13 - 0000000 _____ () C:\Users\Sumsium\AppData\Local\DSwitch.txt 2011-01-08 21:13 - 2011-01-08 21:13 - 0000000 _____ () C:\Users\Sumsium\AppData\Local\QSwitch.txt 2012-01-19 18:19 - 2013-06-22 13:19 - 0007610 _____ () C:\Users\Sumsium\AppData\Local\Resmon.ResmonCfg 2010-12-05 13:30 - 2010-12-28 20:25 - 0000080 ___SH () C:\ProgramData\.zreglib 2014-03-01 14:44 - 2014-03-01 14:44 - 0000268 ___RH () C:\ProgramData\Caches 2014-03-01 14:44 - 2014-03-01 14:44 - 0000268 ___RH () C:\ProgramData\CIOSupport 2014-03-01 14:44 - 2014-03-01 14:44 - 0000012 ___RH () C:\ProgramData\ColorSync 2014-03-01 14:44 - 2014-03-01 14:44 - 0000012 ___RH () C:\ProgramData\Command Line Utility 2010-05-18 09:45 - 2010-11-19 20:38 - 0000188 _____ () C:\ProgramData\HPWALog.txt 2014-05-01 11:17 - 2014-05-01 11:18 - 0000848 ___SH () C:\ProgramData\KGyGaAvL.sys 2014-03-01 14:44 - 2014-03-01 14:44 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT 2014-03-01 14:44 - 2014-03-01 14:44 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT 2010-03-12 01:43 - 2010-03-12 01:43 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log 2010-01-08 23:23 - 2010-01-08 23:23 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log 2010-03-12 01:42 - 2010-03-12 01:42 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log 2010-01-08 23:19 - 2010-01-08 23:20 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log 2010-03-12 01:42 - 2010-03-12 01:42 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log 2010-03-12 01:43 - 2010-03-12 01:43 - 0000032 _____ () C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log 2010-01-08 23:19 - 2010-01-08 23:19 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log 2010-01-08 23:20 - 2010-01-08 23:23 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log 2010-03-12 01:43 - 2010-03-12 01:43 - 0000105 _____ () C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log Some content of TEMP: ==================== C:\Users\Sumsium\AppData\Local\Temp\avgnt.exe C:\Users\Sumsium\AppData\Local\Temp\NOSEventMessages.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-02-05 21:32 ==================== End Of Log ============================ --- --- --- |
|
07.02.2015, 01:08
| #9 |
| Ruhe in Frieden † 2019 | Fund bei Malwarebytes: OpenCandy und Spigot Hallo Sabine, Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [Ebbaenvyn] => C:\Users\Sumsisum\AppData\Roaming\Cenaat\ubco.exe
C:\Users\Sumsisum\AppData\Roaming\Cenaat
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-132197110-3117043442-3119173927-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 Starte noch einmal FRST.
|
|
07.02.2015, 15:20
| #10 |
| | Fund bei Malwarebytes: OpenCandy und Spigot Hallo Sandra, Schritt1 Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-02-2015 01
Ran by Sumsium at 2015-02-07 15:17:43 Run:1
Running from C:\Users\Sumsium\Desktop
Loaded Profiles: Sumsium & (Available profiles: Sumsium & Sumsisum & Gast)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [Ebbaenvyn] => C:\Users\Sumsisum\AppData\Roaming\Cenaat\ubco.exe
C:\Users\Sumsisum\AppData\Roaming\Cenaat
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-132197110-3117043442-3119173927-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
*****************
HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Windows\CurrentVersion\Run\\Ebbaenvyn => value deleted successfully.
"C:\Users\Sumsisum\AppData\Roaming\Cenaat" => File/Directory not found.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-132197110-3117043442-3119173927-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
==== End of Fixlog 15:17:43 ====
FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-02-2015 01 Ran by Sumsium (administrator) on SUMSISUM-PC on 07-02-2015 15:19:07 Running from C:\Users\Sumsium\Downloads Loaded Profiles: Sumsium & (Available profiles: Sumsium & Sumsisum & Gast) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe () C:\ProgramData\DatacardService\HWDeviceService64.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\WiselinkPro.exe () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\http_ss_win_pro.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Abelssoft) C:\Program Files (x86)\CheckDrive\CheckDriveBackgroundGuard.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe (CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (Samsung Electronics) C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (TomTom) C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe (Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe (Sigmatel) C:\Windows\system\w98eject.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe () C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe ( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe (Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (Samsung) C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (1und1 Mail und Media GmbH) C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe (BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe (Nokia) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe () C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe (Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated) HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610872 2009-08-25] () HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-03-23] (IDT, Inc.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM-x32\...\Run: [Corel File Shell Monitor] => C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe [15544 2009-08-25] () HKLM-x32\...\Run: [HPCam_Menu] => c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.) HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [322104 2009-08-20] ( Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard) HKLM-x32\...\Run: [WirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard) HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.) HKLM-x32\...\Run: [AllShareAgent] => C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe [250768 2011-05-24] (Samsung) HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310064 2014-05-28] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2015-01-09] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [443408 2014-02-07] (BlackBerry Limited) HKLM-x32\...\Run: [Magic Desktop for HP notification] => C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe [1243656 2013-12-07] (Easybits) HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-09-11] (DivX, LLC) HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-29] () HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.) HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [571392 2011-10-30] (Nikon Corporation) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.) HKLM-x32\...\Run: [MailCheck IE Broker] => C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe [2135104 2014-11-17] (1und1 Mail und Media GmbH) HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\Direct3DVideoOutput.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\Direct3DVideoOutput.dll",DllRegisterServer HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DirectSoundAudioOutput.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DirectSoundAudioOutput.dll",DllRegisterServer HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DivXASPDecode.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DivXASPDecode.dll",DllRegisterServer HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DivXDeinterlaceFilter.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DivXDeinterlaceFilter.dll",DllRegisterServer HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\MP3SurroundDecode.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\MP3SurroundDecode.dll",DllRegisterServer HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DivXPlaybackModule.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DivXPlaybackModule.dll",DllRegisterServer HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll",DllRegisterServer HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll",DllRegisterServer HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll",DllRegisterServer HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll",DllRegisterServer HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDFXAudioPlugin.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDFXAudioPlugin.dll",DllRegisterServer HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DFXAudioPlugin.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DFXAudioPlugin.dll",DllRegisterServer HKU\S-1-5-21-132197110-3117043442-3119173927-1000\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-08-20] (Hewlett-Packard Company) HKU\S-1-5-21-132197110-3117043442-3119173927-1000\...\Run: [KiesPDLR] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [843568 2014-05-28] (Samsung) HKU\S-1-5-21-132197110-3117043442-3119173927-1000\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe [578560 2013-04-18] (Samsung Electronics) HKU\S-1-5-21-132197110-3117043442-3119173927-1000\...\Run: [MyTomTomSA.exe] => C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe [455608 2013-05-23] (TomTom) HKU\S-1-5-21-132197110-3117043442-3119173927-1000\...\Run: [NokiaSuite.exe] => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1092448 2014-11-19] (Nokia) HKU\S-1-5-21-132197110-3117043442-3119173927-1000\...\Policies\system: [DisableLockWorkstation] 0 HKU\S-1-5-21-132197110-3117043442-3119173927-1000\...\Policies\system: [DisableChangePassword] 0 HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-08-20] (Hewlett-Packard Company) HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [KiesPDLR] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [843568 2014-05-28] (Samsung) HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe [578560 2013-04-18] (Samsung Electronics) HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [MyTomTomSA.exe] => C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe [455608 2013-05-23] (TomTom) HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [NokiaSuite.exe] => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1092448 2014-11-19] (Nokia) HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DisableLockWorkstation] 0 HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DisableChangePassword] 0 HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-08-20] (Hewlett-Packard Company) HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [KiesPDLR] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [843568 2014-05-28] (Samsung) HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe [578560 2013-04-18] (Samsung Electronics) HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [MyTomTomSA.exe] => C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe [455608 2013-05-23] (TomTom) HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [NokiaSuite.exe] => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1092448 2014-11-19] (Nokia) HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Policies\system: [DisableLockWorkstation] 0 HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Policies\system: [DisableChangePassword] 0 HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-08-20] (Hewlett-Packard Company) HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [QuickTime Task] => "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [AnyDVD] => C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [KiesPDLR] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [843568 2014-05-28] (Samsung) HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [843568 2014-05-28] (Samsung) HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [openvpntray.EXE] => C:\Users\Sumsisum\AppData\Roaming\Hotspot Shield\bin\openvpntray.EXE -nonadmin HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [Greenshot] => C:\Users\Sumsisum\AppData\Local\Greenshot\Greenshot.exe [495616 2013-12-12] (Greenshot) HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [KiesPDLR.exe] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [843568 2014-05-28] (Samsung) HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [GoogleChromeAutoLaunch_CC7034B0FA467AF7CA332882BC1B199F] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-02-04] (Google Inc.) HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [NokiaSuite.exe] => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1092448 2014-11-19] (Nokia) HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Policies\system: [DisableLockWorkstation] 0 HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Policies\system: [DisableChangePassword] 0 HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\MountPoints2: {c8af9512-5273-11e1-86e7-d2106dcbbcc7} - G:\AutoRun.exe HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\MountPoints2: {c8af9530-5273-11e1-86e7-d2106dcbbcc7} - G:\AutoRun.exe HKU\S-1-5-21-132197110-3117043442-3119173927-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-08-20] (Hewlett-Packard Company) HKU\S-1-5-21-132197110-3117043442-3119173927-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [NokiaSuite.exe] => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1092448 2014-11-19] (Nokia) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\w98Eject.lnk ShortcutTarget: w98Eject.lnk -> C:\Windows\system\w98eject.exe (Sigmatel) Startup: C:\Users\Sumsisum\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-132197110-3117043442-3119173927-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=BDT3&ocid=BDT3DHP&dt=072113 HKU\S-1-5-21-132197110-3117043442-3119173927-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=BDT3&ocid=BDT3DHP&dt=072113 HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=BDT3&ocid=BDT3DHP&dt=072113 HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.facebook.de/ HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4 HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://www.google.de/ hxxp://www.dict.cc/ HKU\S-1-5-21-132197110-3117043442-3119173927-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4 HKU\S-1-5-21-132197110-3117043442-3119173927-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.uk.msn.com/HPNOT/4 HKU\S-1-5-21-132197110-3117043442-3119173927-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4 SearchScopes: HKLM -> {230D7087-5842-4816-985C-8393ACBAC32D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox SearchScopes: HKLM-x32 -> {230D7087-5842-4816-985C-8393ACBAC32D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000 -> {230D7087-5842-4816-985C-8393ACBAC32D} URL = SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000 -> {56728EB4-149A-4AB9-845B-0CE539BFAF5F} URL = hxxp://go.web.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000 -> {9FA66BE2-9B22-4EE4-845F-A8C2AEB43E93} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=827316&p={searchTerms} SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000 -> {A3B580D5-7A1E-47A6-8959-EDB56220911B} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000 -> {A8230883-C5FB-4BA4-B422-5AC627B247E4} URL = hxxp://go.gmx.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000 -> {B18110A6-0C60-4152-B054-7492AF998A53} URL = hxxp://go.mail.com/tb/en-us/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {230D7087-5842-4816-985C-8393ACBAC32D} URL = SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {56728EB4-149A-4AB9-845B-0CE539BFAF5F} URL = hxxp://go.web.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {9FA66BE2-9B22-4EE4-845F-A8C2AEB43E93} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=827316&p={searchTerms} SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {A3B580D5-7A1E-47A6-8959-EDB56220911B} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {A8230883-C5FB-4BA4-B422-5AC627B247E4} URL = hxxp://go.gmx.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {B18110A6-0C60-4152-B054-7492AF998A53} URL = hxxp://go.mail.com/tb/en-us/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> {230D7087-5842-4816-985C-8393ACBAC32D} URL = SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> {56728EB4-149A-4AB9-845B-0CE539BFAF5F} URL = hxxp://go.web.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> {9FA66BE2-9B22-4EE4-845F-A8C2AEB43E93} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=827316&p={searchTerms} SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> {A3B580D5-7A1E-47A6-8959-EDB56220911B} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> {A8230883-C5FB-4BA4-B422-5AC627B247E4} URL = hxxp://go.gmx.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> {B18110A6-0C60-4152-B054-7492AF998A53} URL = hxxp://go.mail.com/tb/en-us/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> DefaultScope {230D7087-5842-4816-985C-8393ACBAC32D} URL = SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> {23E77356-E10E-46C5-AA24-2D9B7C1FB216} URL = hxxp://go.web.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> {675FE16E-301D-44E6-8F1F-1D552559A19E} URL = hxxp://go.gmx.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> {D045F1E8-885E-482D-8207-5DD49111C39E} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> {E9A1BA5E-CB6A-4F07-AD0F-DA446D7AD36B} URL = hxxp://go.mail.com/tb/en-us/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.) BHO: WEB.DE MailCheck BHO -> {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} -> C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) BHO-x32: WEB.DE MailCheck BHO -> {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} -> C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File Toolbar: HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> No Name - {C424171E-592A-415A-9EB1-DFD6D95D3530} - No File DPF: HKLM-x32 {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) Handler-x32: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) Tcpip\Parameters: [DhcpNameServer] 192.168.0.2 Tcpip\..\Interfaces\{2DD74BF9-228A-47CA-9F74-06C1515BF58C}: [NameServer] 139.7.30.125 139.7.30.126 FireFox: ======== FF ProfilePath: C:\Users\Sumsium\AppData\Roaming\Mozilla\Firefox\Profiles\h8p7mo5w.default FF SelectedSearchEngine: Google FF Keyword.URL: hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=827316&p= FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @innoplus.de/ino3DViewer -> C:\Program Files (x86)\innoplus\3D-Viewer-innoPlus\npIno3DViewer.dll (INNOVA-engineering GmbH Dresden) FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( ) FF Plugin-x32: @pack.google.com/Google Updater;version=14 -> C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll () FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: NitroPDF -> C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll ( ) FF Plugin-x32: PDF Architect 2 -> C:\Program Files (x86)\PDF Architect 2\np-previewer.dll (pdfforge GmbH) FF Plugin HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0: @Google.com/GoogleEarthPlugin -> C:\Users\Sumsisum\AppData\Local\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Extension: Download videos and MP3s from YouTube - C:\Users\Sumsium\AppData\Roaming\Mozilla\Firefox\Profiles\h8p7mo5w.default\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900} [2014-11-12] FF Extension: NoScript - C:\Users\Sumsium\AppData\Roaming\Mozilla\Firefox\Profiles\h8p7mo5w.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012-03-04] FF Extension: Adblock Plus - C:\Users\Sumsium\AppData\Roaming\Mozilla\Firefox\Profiles\h8p7mo5w.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-10-21] FF HKU\S-1-5-21-132197110-3117043442-3119173927-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-11-12] FF HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff FF HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff Chrome: ======= CHR HomePage: Default -> hxxp://www.google.com/ CHR StartupUrls: Default -> "hxxp://www.google.com/" CHR Profile: C:\Users\Sumsium\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Sumsium\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-04] CHR Extension: (YouTube) - C:\Users\Sumsium\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-01] CHR Extension: (Adblock Plus) - C:\Users\Sumsium\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-03-01] CHR Extension: (Hide My Ass! Web Proxy) - C:\Users\Sumsium\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmgnmcnlncejehjlnhaglpnoolgbflbd [2014-06-13] CHR Extension: (Google-Suche) - C:\Users\Sumsium\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-01] CHR Extension: (Avira Browserschutz) - C:\Users\Sumsium\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-06-13] CHR Extension: (ScriptBlock) - C:\Users\Sumsium\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcdjknjpbnhdoabbngpmfekaecnpajba [2015-02-06] CHR Extension: (Google Wallet) - C:\Users\Sumsium\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-01] CHR Extension: (Google Mail) - C:\Users\Sumsium\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-01] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation) R2 AntiVirFirewallService; C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [1044784 2014-11-25] (Avira Operations GmbH & Co. KG) R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [807672 2015-01-09] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2015-01-09] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2015-01-09] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [993584 2015-01-09] (Avira Operations GmbH & Co. KG) R3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [585728 2014-01-21] (BlackBerry Limited) [File not signed] R2 ezSharedSvc; C:\Windows\SysWOW64\ezsvc7.dll [129584 2009-02-22] (EasyBits Sofware AS) [File not signed] R2 HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [120832 2009-10-15] (Hewlett-Packard) [File not signed] R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] () R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-08-20] (Hewlett-Packard Company) [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 NitroReaderDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [341296 2011-06-21] (Nitro PDF Software) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-13] (NVIDIA Corporation) S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1716264 2014-04-30] (pdfforge GmbH) S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-04-30] (pdfforge GmbH) R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-06] () R2 SamsungAllShare; C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\WiselinkPro.exe [7237024 2011-05-24] () R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe [247808 2010-03-23] (IDT, Inc.) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R3 avfwim; C:\Windows\System32\DRIVERS\avfwim.sys [114608 2013-02-12] (Avira GmbH) R1 avfwot; C:\Windows\System32\DRIVERS\avfwot.sys [141376 2013-02-12] (Avira GmbH) R1 avfwot; C:\Windows\SysWOW64\DRIVERS\avfwot.sys [131336 2011-06-30] (Avira GmbH) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-01] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-01] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [43064 2014-10-01] (Avira Operations GmbH & Co. KG) S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-04-18] () [File not signed] R3 GEARAspiWDM; C:\Windows\SysWOW64\DRIVERS\GEARAspiWDM.sys [15664 2011-11-19] (GEAR Software Inc.) S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [212992 2012-02-13] (Huawei Technologies Co., Ltd.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-06] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation) S3 OV550I; C:\Windows\System32\Drivers\ov550ivx.sys [196992 2008-02-21] (Omnivision Technologies, Inc.) S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [79872 2013-12-02] (BlackBerry Limited) R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd) S3 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp.sys [145360 2010-02-12] (Sun Microsystems, Inc.) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 dgderdrv; System32\drivers\dgderdrv.sys [X] S3 DlinkUDSMBus; SysWOW64\Drivers\DlinkUDSMBus.sys [X] S3 lvpepf64; system32\DRIVERS\lv302a64.sys [X] S3 LVPr2M64; system32\DRIVERS\LVPr2M64.sys [X] S3 LVRS64; system32\DRIVERS\lvrs64.sys [X] S3 PID_PEPI; system32\DRIVERS\LV302V64.SYS [X] S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X] S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-07 15:17 - 2015-02-04 22:03 - 02131968 _____ (Farbar) C:\Users\Sumsium\Desktop\FRST64.exe 2015-02-06 20:15 - 2015-02-06 20:15 - 00060042 _____ () C:\Users\Sumsium\Desktop\FRST_06022015.txt 2015-02-06 20:15 - 2015-02-06 20:15 - 00050179 _____ () C:\Users\Sumsium\Desktop\Addition_06022015.txt 2015-02-06 19:58 - 2015-02-06 19:58 - 00001209 _____ () C:\Users\Sumsium\Desktop\MWB_06.02.2015.txt 2015-02-06 19:11 - 2015-02-07 15:03 - 00000986 _____ () C:\Windows\Tasks\Google Software Updater.job 2015-02-06 19:11 - 2015-02-06 19:11 - 00003536 _____ () C:\Windows\System32\Tasks\Google Software Updater 2015-02-06 18:59 - 2015-02-06 18:59 - 02112512 _____ () C:\Users\Sumsium\Downloads\AdwCleaner_4.110.exe 2015-02-05 21:08 - 2015-02-05 21:08 - 00060051 _____ () C:\Users\Sumsium\Desktop\FRST_05.02.2015.txt 2015-02-05 21:08 - 2015-02-05 21:08 - 00049146 _____ () C:\Users\Sumsium\Desktop\Addition_05.02.2015.txt 2015-02-05 21:06 - 2015-02-07 15:19 - 00045305 _____ () C:\Users\Sumsium\Downloads\FRST.txt 2015-02-05 21:06 - 2015-02-06 20:02 - 00050179 _____ () C:\Users\Sumsium\Downloads\Addition.txt 2015-02-05 21:01 - 2015-02-05 21:01 - 00034595 _____ () C:\Users\Sumsium\Desktop\Combo_05022015.txt 2015-02-05 20:52 - 2015-02-05 20:52 - 00034595 _____ () C:\ComboFix.txt 2015-02-05 20:36 - 2015-02-05 20:52 - 00000000 ____D () C:\Qoobox 2015-02-05 20:36 - 2015-02-05 20:52 - 00000000 ____D () C:\ComboFix 2015-02-05 20:36 - 2015-02-05 20:51 - 00000000 ____D () C:\Windows\erdnt 2015-02-05 20:36 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe 2015-02-05 20:36 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe 2015-02-05 20:36 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-02-05 20:36 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-02-05 20:36 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-02-05 20:36 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe 2015-02-05 20:36 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe 2015-02-05 20:36 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe 2015-02-05 20:34 - 2015-02-05 20:34 - 05611380 ____R (Swearware) C:\Users\Sumsium\Desktop\ComboFix.exe 2015-02-04 22:04 - 2015-02-04 22:05 - 00051768 _____ () C:\Users\Sumsium\Desktop\Addition.txt 2015-02-04 22:03 - 2015-02-07 15:19 - 00000000 ____D () C:\FRST 2015-02-04 22:03 - 2015-02-04 22:05 - 00058138 _____ () C:\Users\Sumsium\Desktop\FRST.txt 2015-02-04 22:03 - 2015-02-04 22:03 - 02131968 _____ (Farbar) C:\Users\Sumsium\Downloads\FRST64.exe 2015-02-04 21:39 - 2015-02-04 21:39 - 00001596 _____ () C:\Users\Sumsium\Desktop\MWB_04.02.2015.txt 2015-02-04 20:56 - 2015-02-06 19:09 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-02-04 20:56 - 2015-02-04 20:56 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-02-04 20:56 - 2015-02-04 20:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-02-04 20:56 - 2015-02-04 20:56 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-02-04 20:56 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-02-04 20:56 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-02-04 20:35 - 2015-02-04 20:35 - 02194432 _____ () C:\Users\Sumsium\Downloads\AdwCleaner09.exe 2015-02-04 20:31 - 2015-02-04 20:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WEB.DE MailCheck 2015-02-04 20:31 - 2015-02-04 20:31 - 00000000 ____D () C:\Program Files\WEB.DE MailCheck 2015-02-04 20:31 - 2015-02-04 20:31 - 00000000 ____D () C:\Program Files (x86)\WEB.DE MailCheck 2015-02-02 18:10 - 2015-02-02 18:11 - 00000000 ____D () C:\Users\Sumsisum\AppData\Local\{BCB7DE81-8D52-4792-B5AF-BEB777D12830} 2015-02-01 17:50 - 2015-02-01 17:50 - 00000000 ____D () C:\Users\Sumsisum\AppData\Local\{2EBA8608-3E96-4F27-92D9-C942EDED9FF6} 2015-01-31 18:50 - 2015-01-31 18:51 - 00000000 ____D () C:\Users\Sumsisum\AppData\Local\{BA1C8A95-E08D-458F-BFBB-3D4399D73349} 2015-01-28 19:44 - 2015-01-28 19:44 - 49464479 _____ () C:\Users\Sumsisum\Downloads\Sky_go_v.1.1.apk 2015-01-28 19:24 - 2015-01-28 19:27 - 00000000 ____D () C:\Users\Sumsisum\Desktop\kindle 2015-01-27 18:56 - 2015-01-27 18:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-01-26 18:42 - 2015-01-26 18:42 - 00003882 _____ () C:\Windows\System32\Tasks\Registration 1und1 Task 2015-01-26 18:42 - 2015-01-26 18:42 - 00000000 ____D () C:\ProgramData\UUdb 2015-01-26 11:02 - 2015-01-26 11:02 - 00022720 _____ () C:\Users\Sumsisum\KontakteNokia.7z 2015-01-26 10:57 - 2015-01-26 10:58 - 00000000 ____D () C:\Users\Sumsisum\KontakteNokia 2015-01-26 10:40 - 2015-01-26 10:52 - 00000000 ____D () C:\Users\Sumsium\KontakteNokia 2015-01-26 09:33 - 2015-01-26 09:33 - 00000000 ____D () C:\Users\Sumsium\AppData\Roaming\Windows Live Writer 2015-01-26 09:33 - 2015-01-26 09:33 - 00000000 ____D () C:\Users\Sumsium\AppData\Local\Windows Live Writer 2015-01-26 09:33 - 2015-01-26 09:33 - 00000000 ____D () C:\Users\Sumsium\AppData\Local\{8FFF0D90-6E4F-4354-8769-B7908F254471} 2015-01-26 09:33 - 2015-01-26 09:33 - 00000000 ____D () C:\Users\Sumsium\AppData\Local\{74770D46-27FE-443A-B9EF-4A06FDF3873F} 2015-01-26 08:33 - 2015-01-26 08:33 - 00000000 ____D () C:\Users\Sumsium\AppData\Roaming\Nokia Suite 2015-01-26 08:33 - 2015-01-26 08:33 - 00000000 ____D () C:\Users\Sumsium\AppData\Roaming\Nokia 2015-01-26 08:30 - 2015-01-26 08:30 - 00000000 __SHD () C:\Users\Sumsium\AppData\Local\EmieBrowserModeList 2015-01-26 08:26 - 2015-01-26 08:26 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7 2015-01-26 08:24 - 2015-01-26 08:24 - 00000000 ____D () C:\Users\Sumsium\AppData\Local\Apple Computer 2015-01-25 10:59 - 2015-01-25 10:59 - 00000000 ____D () C:\Users\Sumsisum\Desktop\Sigi Geburtstag 2015-01-23 20:58 - 2015-01-23 20:58 - 02470949 _____ () C:\Users\Sumsisum\Downloads\HollywoodTowers.mp4 2015-01-23 20:55 - 2015-01-23 20:55 - 02842206 _____ () C:\Users\Sumsisum\Downloads\SevenDwarfs.mp4 2015-01-23 19:23 - 2015-01-23 19:23 - 00000000 ____D () C:\Users\Gast\AppData\Local\Apple Computer 2015-01-23 19:23 - 2015-01-23 19:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2015-01-23 19:23 - 2015-01-23 19:23 - 00000000 ____D () C:\ProgramData\Apple Computer 2015-01-23 19:23 - 2015-01-23 19:23 - 00000000 ____D () C:\Program Files\iTunes 2015-01-23 19:23 - 2015-01-23 19:23 - 00000000 ____D () C:\Program Files\iPod 2015-01-23 19:23 - 2015-01-23 19:23 - 00000000 ____D () C:\Program Files (x86)\iTunes 2015-01-23 19:23 - 2012-10-03 16:14 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys 2015-01-23 19:22 - 2015-01-23 19:23 - 00000000 ____D () C:\Program Files\Common Files\Apple 2015-01-23 19:21 - 2015-01-23 19:21 - 00000000 ____D () C:\Program Files\Bonjour 2015-01-23 19:21 - 2015-01-23 19:21 - 00000000 ____D () C:\Program Files (x86)\Bonjour 2015-01-23 19:20 - 2015-01-23 19:20 - 122418480 _____ (Apple Inc.) C:\Users\Gast\Downloads\iTunes64Setup.exe 2015-01-23 19:17 - 2015-01-23 19:17 - 00002247 _____ () C:\Users\Gast\Desktop\Google Chrome.lnk 2015-01-23 19:17 - 2015-01-23 19:17 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google 2015-01-23 19:14 - 2015-01-23 19:14 - 00001270 _____ () C:\Users\Gast\Desktop\Kontakte - Verknüpfung.lnk 2015-01-23 19:09 - 2015-01-26 07:56 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\Nokia 2015-01-23 19:09 - 2015-01-23 19:09 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\Nokia Suite 2015-01-23 19:08 - 2015-01-26 07:52 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\PC Suite 2015-01-23 19:08 - 2015-01-23 19:08 - 00000000 ____D () C:\Users\Gast\AppData\Local\Nokia 2015-01-23 11:57 - 2015-01-23 11:57 - 00002089 _____ () C:\Users\Public\Desktop\Nokia Suite.lnk 2015-01-23 11:57 - 2015-01-23 11:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nokia 2015-01-23 11:57 - 2015-01-23 11:57 - 00000000 ____D () C:\Program Files (x86)\PC Connectivity Solution 2015-01-23 11:57 - 2012-10-17 14:53 - 00026112 _____ (Nokia) C:\Windows\system32\Drivers\pccsmcfdx64.sys 2015-01-23 11:27 - 2015-01-23 11:27 - 01191200 _____ () C:\Users\Sumsisum\Downloads\Nokia Suite - CHIP-Installer.exe 2015-01-23 11:03 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2015-01-21 17:25 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2015-01-21 17:25 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2015-01-21 17:25 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-01-21 17:25 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-01-21 17:25 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-01-21 17:25 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-01-21 17:25 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-01-21 17:25 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-01-21 17:25 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-01-21 17:25 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll 2015-01-21 17:25 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll 2015-01-21 17:25 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll 2015-01-09 18:11 - 2014-11-22 11:46 - 00038032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys 2015-01-09 18:11 - 2014-11-22 11:46 - 00032400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll 2015-01-09 17:39 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-01-09 17:39 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-07 15:16 - 2012-03-29 14:54 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-02-07 15:16 - 2012-03-29 14:54 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-02-07 15:15 - 2012-03-29 14:54 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-02-07 15:15 - 2011-06-21 17:20 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-02-07 15:14 - 2010-03-12 01:19 - 01334700 _____ () C:\Windows\WindowsUpdate.log 2015-02-07 15:09 - 2010-05-23 14:32 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-02-07 15:03 - 2010-05-23 14:32 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-02-06 19:16 - 2009-07-14 05:45 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-02-06 19:16 - 2009-07-14 05:45 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-02-06 19:07 - 2011-05-04 16:32 - 00330520 _____ () C:\Windows\SysWOW64\http_ss.log 2015-02-06 19:07 - 2010-03-12 01:22 - 00665532 _____ () C:\Windows\PFRO.log 2015-02-06 19:07 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-02-06 19:07 - 2009-07-14 05:51 - 00210233 _____ () C:\Windows\setupact.log 2015-02-06 19:02 - 2013-11-30 08:58 - 00000000 ____D () C:\AdwCleaner 2015-02-05 20:52 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default 2015-02-05 20:50 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini 2015-02-04 20:56 - 2013-06-20 19:24 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware 2015-02-04 20:56 - 2012-03-04 12:38 - 00000000 ____D () C:\Users\Sumsium\AppData\Roaming\Malwarebytes 2015-02-04 20:56 - 2012-03-04 12:38 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-02-04 20:21 - 2012-09-24 10:34 - 00003954 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{61CDC14D-922F-48FB-A877-B41883A6DD8B} 2015-02-01 17:47 - 2014-08-27 19:26 - 00000000 ____D () C:\Users\Sumsisum\Documents\Wohnung 2015-01-31 18:51 - 2012-01-06 23:04 - 00000000 ____D () C:\Users\Sumsisum\AppData\Local\Windows Live 2015-01-31 12:38 - 2012-06-10 08:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-01-30 23:07 - 2010-01-09 06:07 - 09650414 _____ () C:\Windows\system32\perfh007.dat 2015-01-30 23:07 - 2010-01-09 06:07 - 03042540 _____ () C:\Windows\system32\perfc007.dat 2015-01-30 23:07 - 2009-07-14 06:13 - 00006504 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-01-26 18:42 - 2014-03-22 16:32 - 00000000 ____D () C:\Program Files (x86)\1und1Softwareaktualisierung 2015-01-26 11:02 - 2010-05-18 14:50 - 00000000 ____D () C:\Users\Sumsisum 2015-01-26 10:58 - 2012-07-21 18:33 - 00000000 ____D () C:\Users\Sumsisum\Documents\Rezepte 2015-01-26 10:40 - 2010-05-18 09:40 - 00000000 ____D () C:\Users\Sumsium 2015-01-26 09:33 - 2012-01-06 21:17 - 00000000 ____D () C:\Users\Sumsium\AppData\Local\Windows Live 2015-01-26 08:38 - 2012-01-07 23:18 - 00000000 ____D () C:\Users\Sumsium\AppData\Roaming\Apple Computer 2015-01-26 08:33 - 2012-10-23 18:23 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2015-01-26 08:32 - 2010-11-01 09:38 - 00000000 ____D () C:\Users\Sumsium\AppData\Roaming\PC Suite 2015-01-26 08:06 - 2014-01-21 19:59 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\Apple Computer 2015-01-23 19:21 - 2011-10-31 21:11 - 00000000 ____D () C:\ProgramData\Apple 2015-01-23 12:02 - 2010-09-25 10:22 - 00000000 ____D () C:\Users\Sumsisum\AppData\Local\Nokia 2015-01-23 11:58 - 2010-09-24 19:14 - 00000000 ____D () C:\ProgramData\Nokia 2015-01-23 11:58 - 2010-09-22 10:45 - 00000000 ____D () C:\Users\Sumsium\AppData\Local\Nokia 2015-01-23 11:57 - 2010-09-22 10:41 - 00000000 ____D () C:\Program Files (x86)\Nokia 2015-01-23 11:57 - 2010-03-12 01:17 - 00109498 _____ () C:\Windows\DPINST.LOG 2015-01-23 11:06 - 2013-07-21 11:26 - 00000000 ____D () C:\Windows\system32\MRT 2015-01-23 10:53 - 2010-11-19 20:38 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-01-14 17:52 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-01-13 18:07 - 2014-01-07 12:27 - 00000000 ____D () C:\Users\Sumsisum\AppData\Local\Greenshot 2015-01-09 18:09 - 2014-01-12 18:54 - 00000000 ____D () C:\Users\Sumsisum\AppData\Local\NVIDIA Corporation 2015-01-08 09:55 - 2010-05-18 10:20 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe ==================== Files in the root of some directories ======= 2014-03-01 14:44 - 2014-03-01 14:44 - 0000268 ___RH () C:\Users\Sumsium\AppData\Roaming\Breath Pad 2014-03-01 14:44 - 2014-03-01 14:44 - 0000268 ___RH () C:\Users\Sumsium\AppData\Roaming\Bubble Noise 2013-06-29 16:22 - 2013-06-29 16:42 - 0000077 _____ () C:\Users\Sumsium\AppData\Roaming\Rim.Desktop.Exception.log 2011-03-12 16:59 - 2013-06-29 16:20 - 0003174 _____ () C:\Users\Sumsium\AppData\Roaming\Rim.Desktop.HttpServerSetup.log 2013-06-29 16:22 - 2013-06-29 16:42 - 0000077 _____ () C:\Users\Sumsium\AppData\Roaming\Rim.DesktopHelper.Exception.log 2011-01-08 21:13 - 2011-01-08 21:13 - 0000000 _____ () C:\Users\Sumsium\AppData\Local\AtStart.txt 2011-01-08 21:13 - 2011-01-08 21:13 - 0000000 _____ () C:\Users\Sumsium\AppData\Local\DSwitch.txt 2011-01-08 21:13 - 2011-01-08 21:13 - 0000000 _____ () C:\Users\Sumsium\AppData\Local\QSwitch.txt 2012-01-19 18:19 - 2013-06-22 13:19 - 0007610 _____ () C:\Users\Sumsium\AppData\Local\Resmon.ResmonCfg 2010-12-05 13:30 - 2010-12-28 20:25 - 0000080 ___SH () C:\ProgramData\.zreglib 2014-03-01 14:44 - 2014-03-01 14:44 - 0000268 ___RH () C:\ProgramData\Caches 2014-03-01 14:44 - 2014-03-01 14:44 - 0000268 ___RH () C:\ProgramData\CIOSupport 2014-03-01 14:44 - 2014-03-01 14:44 - 0000012 ___RH () C:\ProgramData\ColorSync 2014-03-01 14:44 - 2014-03-01 14:44 - 0000012 ___RH () C:\ProgramData\Command Line Utility 2010-05-18 09:45 - 2010-11-19 20:38 - 0000188 _____ () C:\ProgramData\HPWALog.txt 2014-05-01 11:17 - 2014-05-01 11:18 - 0000848 ___SH () C:\ProgramData\KGyGaAvL.sys 2014-03-01 14:44 - 2014-03-01 14:44 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT 2014-03-01 14:44 - 2014-03-01 14:44 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT 2010-03-12 01:43 - 2010-03-12 01:43 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log 2010-01-08 23:23 - 2010-01-08 23:23 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log 2010-03-12 01:42 - 2010-03-12 01:42 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log 2010-01-08 23:19 - 2010-01-08 23:20 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log 2010-03-12 01:42 - 2010-03-12 01:42 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log 2010-03-12 01:43 - 2010-03-12 01:43 - 0000032 _____ () C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log 2010-01-08 23:19 - 2010-01-08 23:19 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log 2010-01-08 23:20 - 2010-01-08 23:23 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log 2010-03-12 01:43 - 2010-03-12 01:43 - 0000105 _____ () C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log Some content of TEMP: ==================== C:\Users\Sumsium\AppData\Local\Temp\avgnt.exe C:\Users\Sumsium\AppData\Local\Temp\NOSEventMessages.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-02-05 21:32 ==================== End Of Log ============================ --- --- --- --- --- --- |
|
07.02.2015, 22:58
| #11 |
| Ruhe in Frieden † 2019 | Fund bei Malwarebytes: OpenCandy und Spigot Hallo, da gefällt mir etwas nicht: Schritt 1 Combofix-Skript
|
|
08.02.2015, 19:03
| #12 |
| | Fund bei Malwarebytes: OpenCandy und Spigot Hallo Sandra, hier der nächste Report Code:
ATTFilter ComboFix 15-02-08.01 - Sumsium 08.02.2015 18:49:54.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8183.5955 [GMT 1:00]
ausgeführt von:: c:\users\Sumsium\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Sumsium\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2015-01-08 bis 2015-02-08 ))))))))))))))))))))))))))))))
.
.
2015-02-08 17:59 . 2015-02-08 17:59 -------- d-----w- c:\users\Sumsisum\AppData\Local\temp
2015-02-08 17:59 . 2015-02-08 17:59 -------- d-----w- c:\users\Gast\AppData\Local\temp
2015-02-08 17:59 . 2015-02-08 17:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-02-08 17:59 . 2015-02-08 17:59 -------- d-----w- c:\users\Christian\AppData\Local\temp
2015-02-08 17:59 . 2015-02-08 17:59 -------- d-----w- c:\users\ADMINI~1\AppData\Local\temp
2015-02-07 14:54 . 2015-02-07 14:54 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D6DA2272-55D5-4C71-98E0-6E4F04B3CE85}\offreg.dll
2015-02-06 17:26 . 2014-12-02 10:26 11870360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D6DA2272-55D5-4C71-98E0-6E4F04B3CE85}\mpengine.dll
2015-02-04 21:03 . 2015-02-07 14:20 -------- d-----w- C:\FRST
2015-02-04 19:56 . 2015-02-08 17:40 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-02-04 19:56 . 2015-02-04 19:56 -------- d-----w- c:\program files (x86)\ Malwarebytes Anti-Malware
2015-02-04 19:56 . 2014-11-21 05:14 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-02-04 19:56 . 2014-11-21 05:14 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-02-04 19:31 . 2015-02-04 19:31 -------- d-----w- c:\program files\WEB.DE MailCheck
2015-02-04 19:31 . 2015-02-04 19:31 -------- d-----w- c:\program files (x86)\WEB.DE MailCheck
2015-01-26 17:42 . 2015-01-26 17:42 -------- d-----w- c:\programdata\UUdb
2015-01-26 09:57 . 2015-01-26 09:58 -------- d-----w- c:\users\Sumsisum\KontakteNokia
2015-01-26 09:40 . 2015-01-26 09:52 -------- d-----w- c:\users\Sumsium\KontakteNokia
2015-01-26 08:33 . 2015-01-26 08:33 -------- d-----w- c:\users\Sumsium\AppData\Roaming\Windows Live Writer
2015-01-26 08:33 . 2015-01-26 08:33 -------- d-----w- c:\users\Sumsium\AppData\Local\Windows Live Writer
2015-01-26 07:33 . 2015-01-26 07:33 -------- d-----w- c:\users\Sumsium\AppData\Roaming\Nokia Suite
2015-01-26 07:33 . 2015-01-26 07:33 -------- d-----w- c:\users\Sumsium\AppData\Roaming\Nokia
2015-01-26 07:30 . 2015-01-26 07:30 -------- d-sh--w- c:\users\Sumsium\AppData\Local\EmieBrowserModeList
2015-01-26 07:26 . 2015-02-08 10:24 -------- d-----w- c:\programdata\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-01-26 07:24 . 2015-01-26 07:24 -------- d-----w- c:\users\Sumsium\AppData\Local\Apple Computer
2015-01-23 18:23 . 2015-01-23 18:23 -------- d-----w- c:\users\Gast\AppData\Local\Apple Computer
2015-01-23 18:23 . 2012-10-03 15:14 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2015-01-23 18:23 . 2015-01-23 18:23 -------- d-----w- c:\programdata\Apple Computer
2015-01-23 18:22 . 2015-02-08 10:23 -------- d-----w- c:\program files\Common Files\Apple
2015-01-23 18:21 . 2015-01-23 18:21 -------- d-----w- c:\program files (x86)\Bonjour
2015-01-23 18:21 . 2015-01-23 18:21 -------- d-----w- c:\program files\Bonjour
2015-01-23 18:17 . 2015-01-23 18:17 -------- d-----w- c:\users\Gast\AppData\Local\Google
2015-01-23 18:09 . 2015-01-23 18:09 -------- d-----w- c:\users\Gast\AppData\Roaming\Nokia Suite
2015-01-23 18:09 . 2015-01-26 06:56 -------- d-----w- c:\users\Gast\AppData\Roaming\Nokia
2015-01-23 18:08 . 2015-01-23 18:08 -------- d-----w- c:\users\Gast\AppData\Local\Nokia
2015-01-23 18:08 . 2015-01-26 06:52 -------- d-----w- c:\users\Gast\AppData\Roaming\PC Suite
2015-01-23 10:57 . 2012-10-17 13:53 26112 ----a-w- c:\windows\system32\drivers\pccsmcfdx64.sys
2015-01-23 10:57 . 2015-01-23 10:57 -------- d-----w- c:\program files (x86)\PC Connectivity Solution
2015-01-23 10:03 . 2014-12-11 17:47 87040 ----a-w- c:\windows\system32\TSWbPrxy.exe
2015-01-21 16:25 . 2014-12-19 03:06 210432 ----a-w- c:\windows\system32\profsvc.dll
2015-01-21 16:25 . 2014-12-06 04:17 303616 ----a-w- c:\windows\system32\nlasvc.dll
2015-01-21 16:25 . 2014-12-06 03:50 52224 ----a-w- c:\windows\SysWow64\nlaapi.dll
2015-01-21 16:25 . 2014-12-06 03:50 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
2015-01-21 16:25 . 2014-12-19 01:46 141312 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2015-01-21 16:25 . 2014-12-12 05:35 5553592 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-01-21 16:25 . 2014-12-12 05:11 3971512 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2015-01-21 16:25 . 2014-12-12 05:31 503808 ----a-w- c:\windows\system32\srcore.dll
2015-01-21 16:25 . 2014-12-12 05:31 50176 ----a-w- c:\windows\system32\srclient.dll
2015-01-21 16:25 . 2014-12-12 05:31 296960 ----a-w- c:\windows\system32\rstrui.exe
2015-01-21 16:25 . 2014-12-12 05:11 3916728 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2015-01-21 16:25 . 2014-12-12 05:07 43008 ----a-w- c:\windows\SysWow64\srclient.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-07 14:15 . 2012-03-29 13:54 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-02-07 14:15 . 2011-06-21 16:20 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-01-23 09:53 . 2010-11-19 19:38 113365784 ----a-w- c:\windows\system32\MRT.exe
2015-01-08 08:55 . 2010-05-18 09:20 298120 ------w- c:\windows\system32\MpSigStub.exe
2014-12-13 05:09 . 2015-01-09 16:39 144384 ----a-w- c:\windows\system32\ieUnatt.exe
2014-12-13 03:33 . 2015-01-09 16:39 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2014-12-04 02:50 . 2014-12-11 19:05 413184 ----a-w- c:\windows\system32\generaltel.dll
2014-12-04 02:50 . 2014-12-11 19:05 741376 ----a-w- c:\windows\system32\invagent.dll
2014-12-04 02:50 . 2014-12-11 19:05 396800 ----a-w- c:\windows\system32\devinv.dll
2014-12-04 02:50 . 2014-12-11 19:05 830976 ----a-w- c:\windows\system32\appraiser.dll
2014-12-04 02:50 . 2014-12-11 19:05 192000 ----a-w- c:\windows\system32\aepic.dll
2014-12-04 02:50 . 2014-12-11 19:05 227328 ----a-w- c:\windows\system32\aepdu.dll
2014-12-04 02:44 . 2014-12-11 19:05 1083392 ----a-w- c:\windows\system32\aeinv.dll
2014-12-01 23:28 . 2014-12-11 19:05 1232040 ----a-w- c:\windows\system32\aitstatic.exe
2014-11-27 01:43 . 2014-12-11 19:04 389296 ----a-w- c:\windows\system32\iedkcs32.dll
2014-11-22 10:46 . 2015-01-09 17:11 38032 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
2014-11-22 10:46 . 2015-01-09 17:11 32400 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
2014-11-22 10:46 . 2014-01-12 17:40 35472 ----a-w- c:\windows\system32\nvaudcap64v.dll
2014-11-22 03:13 . 2014-12-11 19:04 25059840 ----a-w- c:\windows\system32\mshtml.dll
2014-11-22 03:06 . 2014-12-11 19:04 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-11-22 03:06 . 2014-12-11 19:04 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-11-22 02:50 . 2014-12-11 19:04 66560 ----a-w- c:\windows\system32\iesetup.dll
2014-11-22 02:50 . 2014-12-11 19:04 580096 ----a-w- c:\windows\system32\vbscript.dll
2014-11-22 02:49 . 2014-12-11 19:04 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-11-22 02:49 . 2014-12-11 19:04 2885120 ----a-w- c:\windows\system32\iertutil.dll
2014-11-22 02:48 . 2014-12-11 19:04 88064 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-11-22 02:41 . 2014-12-11 19:04 54784 ----a-w- c:\windows\system32\jsproxy.dll
2014-11-22 02:40 . 2014-12-11 19:04 34304 ----a-w- c:\windows\system32\iernonce.dll
2014-11-22 02:37 . 2014-12-11 19:04 633856 ----a-w- c:\windows\system32\ieui.dll
2014-11-22 02:35 . 2014-12-11 19:04 114688 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-11-22 02:34 . 2014-12-11 19:04 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2014-11-22 02:34 . 2014-12-11 19:04 6039552 ----a-w- c:\windows\system32\jscript9.dll
2014-11-22 02:26 . 2014-12-11 19:04 968704 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-11-22 02:22 . 2014-12-11 19:04 490496 ----a-w- c:\windows\system32\dxtmsft.dll
2014-11-22 02:20 . 2014-12-11 19:04 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-11-22 02:14 . 2014-12-11 19:04 77824 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-22 02:09 . 2014-12-11 19:04 199680 ----a-w- c:\windows\system32\msrating.dll
2014-11-22 02:08 . 2014-12-11 19:04 92160 ----a-w- c:\windows\system32\mshtmled.dll
2014-11-22 02:07 . 2014-12-11 19:04 501248 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-11-22 02:07 . 2014-12-11 19:04 62464 ----a-w- c:\windows\SysWow64\iesetup.dll
2014-11-22 02:06 . 2014-12-11 19:04 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05 . 2014-12-11 19:04 64000 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2014-11-22 02:05 . 2014-12-11 19:04 316928 ----a-w- c:\windows\system32\dxtrans.dll
2014-11-22 01:54 . 2014-12-11 19:04 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2014-11-22 01:49 . 2014-12-11 19:04 718848 ----a-w- c:\windows\system32\ie4uinit.exe
2014-11-22 01:49 . 2014-12-11 19:04 800768 ----a-w- c:\windows\system32\msfeeds.dll
2014-11-22 01:47 . 2014-12-11 19:04 1359360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-11-22 01:46 . 2014-12-11 19:04 2125312 ----a-w- c:\windows\system32\inetcpl.cpl
2014-11-22 01:43 . 2014-12-11 19:04 14412800 ----a-w- c:\windows\system32\ieframe.dll
2014-11-22 01:40 . 2014-12-11 19:04 60416 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29 . 2014-12-11 19:04 4299264 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-11-22 01:28 . 2014-12-11 19:04 2358272 ----a-w- c:\windows\system32\wininet.dll
2014-11-22 01:22 . 2014-12-11 19:04 2052096 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2014-11-22 01:21 . 2014-12-11 19:04 1155072 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:15 . 2014-12-11 19:04 1548288 ----a-w- c:\windows\system32\urlmon.dll
2014-11-22 01:03 . 2014-12-11 19:04 800768 ----a-w- c:\windows\system32\ieapfltr.dll
2014-11-22 01:00 . 2014-12-11 19:04 1888256 ----a-w- c:\windows\SysWow64\wininet.dll
2014-11-21 05:14 . 2013-06-20 18:24 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-11-18 13:56 . 2014-11-18 13:56 1202848 ----a-w- c:\windows\SysWow64\FM20.DLL
2014-11-11 03:09 . 2014-12-11 19:04 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-11-11 03:08 . 2014-11-18 18:57 241152 ----a-w- c:\windows\system32\pku2u.dll
2014-11-11 03:08 . 2014-11-18 18:57 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-11-11 02:44 . 2014-12-11 19:04 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44 . 2014-11-18 18:57 186880 ----a-w- c:\windows\SysWow64\pku2u.dll
2014-11-11 02:44 . 2014-11-18 18:57 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-11-11 01:46 . 2014-12-11 19:04 119296 ----a-w- c:\windows\system32\drivers\tdx.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-08-20 2363392]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2014-05-28 843568]
"KiesAirMessage"="c:\program files (x86)\Samsung\Kies\KiesAirMessage.exe" [2013-04-18 578560]
"MyTomTomSA.exe"="c:\program files (x86)\MyTomTom 3\MyTomTomSA.exe" [2013-05-23 455608]
"NokiaSuite.exe"="c:\program files (x86)\Nokia\Nokia Suite\NokiaSuite.exe" [2014-11-19 1092448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Corel File Shell Monitor"="c:\program files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2009-08-25 15544]
"HPCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-08-20 322104]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"AllShareAgent"="c:\program files (x86)\Samsung\AllShare\AllShareAgent.exe" [2011-05-24 250768]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2014-05-28 310064]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2015-01-09 702768]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-19 1022152]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2014-02-07 443408]
"Magic Desktop for HP notification"="c:\programdata\Easybits Magic Desktop for HP\mdhpSUN.exe" [2013-12-07 1243656]
"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2013-09-11 450560]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2013-08-29 1861968]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-10-11 60712]
"Nikon Message Center 2"="c:\program files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe" [2011-10-30 571392]
"MailCheck IE Broker"="c:\program files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe" [2014-11-17 2135104]
.
c:\users\Sumsisum\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
w98Eject.lnk - c:\windows\system\w98eject.exe [2011-11-13 61440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R2 SimpleSlideShowServer;SimpleSlideShowServer;c:\program files (x86)\Samsung\AllShare\AllShareSlideShowService.exe;c:\program files (x86)\Samsung\AllShare\AllShareSlideShowService.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys;c:\windows\SYSNATIVE\drivers\dgderdrv.sys [x]
R3 DlinkUDSMBus;DlinkUDSMBus;SysWOW64\Drivers\DlinkUDSMBus.sys;SysWOW64\Drivers\DlinkUDSMBus.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\SysWOW64\FsUsbExDisk.SYS;c:\windows\SysWOW64\FsUsbExDisk.SYS [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juextctrl.sys [x]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juwwanecm.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys;c:\windows\SYSNATIVE\DRIVERS\lv302a64.sys [x]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys;c:\windows\SYSNATIVE\DRIVERS\LVPr2M64.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys;c:\windows\SYSNATIVE\drivers\LVUSBS64.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 OV550I;OVT Scanner;c:\windows\system32\Drivers\ov550ivx.sys;c:\windows\SYSNATIVE\Drivers\ov550ivx.sys [x]
R3 PDF Architect 2;PDF Architect 2;c:\program files (x86)\PDF Architect 2\ws.exe;c:\program files (x86)\PDF Architect 2\ws.exe [x]
R3 pdfforge CrashHandler;pdfforge CrashHandler;c:\program files (x86)\PDF Architect 2\crash-handler-ws.exe;c:\program files (x86)\PDF Architect 2\crash-handler-ws.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
S1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys;c:\windows\SYSNATIVE\DRIVERS\avfwot.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [x]
S2 AntiVirFirewallService;Avira FireWall;c:\program files (x86)\Avira\AntiVir Desktop\avfwsvc.exe;c:\program files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [x]
S2 AntiVirMailService;Avira Email-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [x]
S2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe;c:\program files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 SamsungAllShare;Samsung AllShare PC Service;c:\program files (x86)\Samsung\AllShare\AllShareDMS\WiselinkPro.exe;c:\program files (x86)\Samsung\AllShare\AllShareDMS\WiselinkPro.exe [x]
S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys;c:\windows\SYSNATIVE\DRIVERS\avfwim.sys [x]
S3 BlackBerry Device Manager;BlackBerry Device Manager;c:\program files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe;c:\program files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [x]
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys;c:\windows\SYSNATIVE\DRIVERS\enecir.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - MBAMSWISSARMY
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 12:24 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-02-07 14:05 1086280 ----a-w- c:\program files (x86)\Google\Chrome\Application\40.0.2214.111\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-02-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 14:16]
.
2015-02-08 c:\windows\Tasks\Google Software Updater.job
- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-05-23 17:15]
.
2015-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-23 13:27]
.
2015-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-23 13:27]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-08-25 610872]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-03-23 487424]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-12-13 2531472]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-07-25 1283136]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube Download - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.2
TCP: Interfaces\{2DD74BF9-228A-47CA-9F74-06C1515BF58C}: NameServer = 139.7.30.125 139.7.30.126
Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - c:\program files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll
FF - ProfilePath - c:\users\Sumsium\AppData\Roaming\Mozilla\Firefox\Profiles\h8p7mo5w.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=827316&p=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Uninstall_is1 - c:\program files (x86)\Common Files\DVDVideoSoft\unins000.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-02-08 19:02:31
ComboFix-quarantined-files.txt 2015-02-08 18:02
ComboFix2.txt 2015-02-05 19:52
.
Vor Suchlauf: 20 Verzeichnis(se), 58.190.909.440 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 57.756.807.168 Bytes frei
.
- - End Of File - - 77BE4E72C3386C131F7A3A18DB3AEABF
C424AE9D08F76D91362FA3C6EDBC5140
|
|
09.02.2015, 23:04
| #13 |
| Ruhe in Frieden † 2019 | Fund bei Malwarebytes: OpenCandy und Spigot Hallo Sabine, sehr vielen Dank. Lass uns bitte einmal kontrollieren, ob cff den auch wirklich gelöscht hat. Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter cmd: dir C:\Users\Sumsisum\AppData\Roaming\Cenaat /s
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 Da der Scan mit Eset sehr gründlich ist, kann er unter Umständen mehrere Stunden dauern  ESET Online Scanner
Schritt 3 Starte noch einmal FRST.
|
|
10.02.2015, 17:27
| #14 |
| | Fund bei Malwarebytes: OpenCandy und Spigot Hallo Sandra, Schritt 1 Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-02-2015
Ran by Sumsium at 2015-02-10 17:26:29 Run:2
Running from C:\Users\Sumsium\Desktop
Loaded Profiles: Sumsium & Gast & (Available profiles: Sumsium & Sumsisum & Gast)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
cmd: dir C:\Users\Sumsisum\AppData\Roaming\Cenaat /s
*****************
========= dir C:\Users\Sumsisum\AppData\Roaming\Cenaat /s =========
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 0C23-5CD5
Datei nicht gefunden
========= End of CMD: =========
==== End of Fixlog 17:26:41 ====
|
|
11.02.2015, 18:30
| #15 |
| | Fund bei Malwarebytes: OpenCandy und Spigot Hallo Sandra, hat lange gedauert, hier Schritt 2 Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=858dd676505c0841a7081cb8719da76d
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-10-24 04:25:17
# local_time=2012-10-24 06:25:17 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 1225526 1225526 0 0
# compatibility_mode=5893 16776574 100 94 1240719 102644851 0 0
# compatibility_mode=8192 67108863 100 0 250735 250735 0 0
# scanned=586563
# found=4
# cleaned=0
# scan_time=37716
C:\_OTL\MovedFiles\10222012_183122\C_Users\Sumsisum\Downloads\PDFCreator-1_2_2_setup.exe Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\10222012_183122\C_Users\Sumsisum\Downloads\Setup21_FreeConverter.exe Win32/Toolbar.SearchSuite application (unable to clean) 00000000000000000000000000000000 I
G:\_C\Users\Sumsisum\Downloads\PDFCreator-1_2_2_setup.exe Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
G:\_C\Users\Sumsisum\Downloads\Setup21_FreeConverter.exe Win32/Toolbar.SearchSuite application (unable to clean) 00000000000000000000000000000000 I
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=858dd676505c0841a7081cb8719da76d
# engine=14111
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-06-20 06:14:51
# local_time=2013-06-20 08:14:51 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 127624 123338741 0 0
# scanned=418876
# found=1
# cleaned=0
# scan_time=57359
sh=69FBCA27AA1DF6B5F4D4F52EB078C19752CCDD4E ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen virus" ac=I fn="G:\$RECYCLE.BIN\S-1-5-21-132197110-3117043442-3119173927-1000\$R91QR4H\Backup Set 2012-11-10 141724\Backup Files 2012-11-10 141724\Backup files 18.zip"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=858dd676505c0841a7081cb8719da76d
# engine=14129
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-06-22 11:54:44
# local_time=2013-06-23 01:54:44 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 108486 123575134 0 0
# scanned=406482
# found=24
# cleaned=0
# scan_time=56899
sh=71435DDB11E00D0243380C4902324853FE4ECE8F ft=1 fh=12b0cd2dde452d65 vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\apnic.dll"
sh=1A3F14C0A66F9AF050D1F34FBACBAADC31751A07 ft=1 fh=2704a03a0f47b728 vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\apntoolbarinstaller.exe"
sh=956358B35B511D8827E09C448D37F9FF040E3F26 ft=1 fh=c44feedd736abfc4 vn="Win32/OpenCandy application" ac=I fn="C:\Users\Sumsisum\Documents\Fanktiktions\ff.net\11_PERUSING_THE_SHELVES\FreeYouTubeToMP3Converter.exe"
sh=3F9EF532E24E3DF156603044CBD61640E98BF2B8 ft=1 fh=022f16081b5eb7ed vn="Win32/OpenCandy application" ac=I fn="C:\Users\Sumsisum\Downloads\FreeAVIVideoConverter.exe"
sh=809AD807BCE0351DB6DE5753DF7926F6E6638776 ft=1 fh=b882ff41e623a318 vn="Win32/OpenCandy application" ac=I fn="C:\Users\Sumsisum\Downloads\FreeScreenVideoRecorder_2.5.27.1031(1).exe"
sh=809AD807BCE0351DB6DE5753DF7926F6E6638776 ft=1 fh=b882ff41e623a318 vn="Win32/OpenCandy application" ac=I fn="C:\Users\Sumsisum\Downloads\FreeScreenVideoRecorder_2.5.27.1031.exe"
sh=13287F94C77CE22E0C11855F6DD07512CC74C105 ft=1 fh=080273d70ec48dd3 vn="Win32/OpenCandy application" ac=I fn="C:\Users\Sumsisum\Downloads\FreeStudio.exe"
sh=391421278AF9A3A4238BA276CA04F18EC820C50A ft=1 fh=632fda6313d8e547 vn="Win32/OpenCandy application" ac=I fn="C:\Users\Sumsisum\Downloads\FreeVideoDub.exe"
sh=0A5D594B277E29C9854223A8AC46DD156C7B0E0E ft=1 fh=55550162f6ca8b1a vn="Win32/OpenCandy application" ac=I fn="C:\Users\Sumsisum\Downloads\FreeYouTubeDownload.exe"
sh=74652BB55B35EAF701B7776753E34D36835EEC6E ft=1 fh=6b672c3a89b6e08f vn="Win32/OpenCandy application" ac=I fn="C:\Users\Sumsisum\Downloads\FreeYouTubeToMP3Converter.exe"
sh=71435DDB11E00D0243380C4902324853FE4ECE8F ft=1 fh=12b0cd2dde452d65 vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="C:\Users\Sumsium\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AQB9WUXE\ApnIC[1].0"
sh=71435DDB11E00D0243380C4902324853FE4ECE8F ft=1 fh=12b0cd2dde452d65 vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="C:\Users\Sumsium\AppData\Local\Temp\AskSLib.dll"
sh=69FBCA27AA1DF6B5F4D4F52EB078C19752CCDD4E ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen virus" ac=I fn="G:\$RECYCLE.BIN\S-1-5-21-132197110-3117043442-3119173927-1000\$R91QR4H\Backup Set 2012-11-10 141724\Backup Files 2012-11-10 141724\Backup files 18.zip"
sh=A747C83B2E04B14BAB5541B55E9E879E7E5BC3E2 ft=0 fh=0000000000000000 vn="Win32/OpenCandy application" ac=I fn="G:\$RECYCLE.BIN\S-1-5-21-132197110-3117043442-3119173927-1000\$RIS93TM\Backup Set 2012-11-17 130838\Backup Files 2012-11-17 130838\Backup files 17.zip"
sh=CC6784AB25D44F4B094F2DE2BFDC940ED07C83EF ft=0 fh=0000000000000000 vn="Win32/OpenCandy application" ac=I fn="G:\$RECYCLE.BIN\S-1-5-21-132197110-3117043442-3119173927-1000\$RTDM8ZS\Backup Set 2012-11-24 230625\Backup Files 2012-11-24 230625\Backup files 21.zip"
sh=956358B35B511D8827E09C448D37F9FF040E3F26 ft=1 fh=c44feedd736abfc4 vn="Win32/OpenCandy application" ac=I fn="G:\Sabines Datein\Fanktiktions\ff.net\11_PERUSING_THE_SHELVES\FreeYouTubeToMP3Converter.exe"
sh=9C29DB4B74DF4310D659676ECCE8EFDDADFDF073 ft=1 fh=248b203137266b2c vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="G:\Sabines Datein\Fanktiktions_13.03.2013\ff.net\11_PERUSING_THE_SHELVES\FreeStudio.exe"
sh=7489404BCBD71EBF20FDF316BCEA07FE5037B25E ft=1 fh=08793377dbf79d45 vn="Win32/OpenCandy application" ac=I fn="G:\Sabines Datein\Fanktiktions_13.03.2013\ff.net\11_PERUSING_THE_SHELVES\FreeVideoToMP3Converter(1).exe"
sh=7489404BCBD71EBF20FDF316BCEA07FE5037B25E ft=1 fh=08793377dbf79d45 vn="Win32/OpenCandy application" ac=I fn="G:\Sabines Datein\Fanktiktions_13.03.2013\ff.net\11_PERUSING_THE_SHELVES\FreeVideoToMP3Converter.exe"
sh=D8D2F1E8B3C865295E55FE5A859120F14E5D42C6 ft=0 fh=0000000000000000 vn="Win32/OpenCandy application" ac=I fn="G:\Sabines Datein\SUMSISUM-PC\Backup Set 2012-12-24 135906\Backup Files 2012-12-24 135906\Backup files 115.zip"
sh=BC7A90A74FCA3DA22032882E9B5B1A291430A557 ft=0 fh=0000000000000000 vn="Win32/OpenCandy application" ac=I fn="G:\Sabines Datein\SUMSISUM-PC\Backup Set 2012-12-24 135906\Backup Files 2012-12-24 135906\Backup files 23.zip"
sh=C44CD0B998FA8E1A07D024F449869F9009496E01 ft=0 fh=0000000000000000 vn="Win32/OpenCandy application" ac=I fn="G:\SUMSISUM-PC\Backup Set 2013-01-24 191453\Backup Files 2013-01-24 191453\Backup files 125.zip"
sh=B55DB82C136BA74A96A78CC5D9955D5F4D70547E ft=0 fh=0000000000000000 vn="Win32/OpenCandy application" ac=I fn="G:\SUMSISUM-PC\Backup Set 2013-01-24 191453\Backup Files 2013-01-24 191453\Backup files 27.zip"
sh=78C7E7C7F6853DCCCAD9E5ED6C43BA1C93E8D21F ft=0 fh=0000000000000000 vn="Win32/OpenCandy application" ac=I fn="G:\SUMSISUM-PC\Backup Set 2013-01-24 191453\Backup Files 2013-01-24 191453\Backup files 28.zip"
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=858dd676505c0841a7081cb8719da76d
# engine=16081
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-11-30 03:18:51
# local_time=2013-11-30 04:18:51 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 34949 137411381 0 0
# scanned=333447
# found=15
# cleaned=0
# scan_time=23201
sh=71435DDB11E00D0243380C4902324853FE4ECE8F ft=1 fh=12b0cd2dde452d65 vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\apnic.dll"
sh=1A3F14C0A66F9AF050D1F34FBACBAADC31751A07 ft=1 fh=2704a03a0f47b728 vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\apntoolbarinstaller.exe"
sh=FD0483A45EF23EB4DEF1523906A28A4A5D3C0D77 ft=1 fh=fcf2e467b851cbbd vn="a variant of Win32/Bundled.Toolbar.Ask.D application" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\Offercast_AVIRAV7_.exe"
sh=CBC367FDA9FAEA994C924FB8E55207A018184FC4 ft=1 fh=a2af9b8183195b0f vn="Win32/OpenCandy application" ac=I fn="C:\Users\Sumsisum\Documents\Fanktiktions\ff.net\11_PERUSING_THE_SHELVES\FreeYouTubeToMP3Converter.exe"
sh=3F9EF532E24E3DF156603044CBD61640E98BF2B8 ft=1 fh=022f16081b5eb7ed vn="Win32/OpenCandy application" ac=I fn="C:\Users\Sumsisum\Downloads\FreeAVIVideoConverter.exe"
sh=809AD807BCE0351DB6DE5753DF7926F6E6638776 ft=1 fh=b882ff41e623a318 vn="Win32/OpenCandy application" ac=I fn="C:\Users\Sumsisum\Downloads\FreeScreenVideoRecorder_2.5.27.1031(1).exe"
sh=809AD807BCE0351DB6DE5753DF7926F6E6638776 ft=1 fh=b882ff41e623a318 vn="Win32/OpenCandy application" ac=I fn="C:\Users\Sumsisum\Downloads\FreeScreenVideoRecorder_2.5.27.1031.exe"
sh=C999FE70A09E2296FF9E252EE71A2F27846B7003 ft=1 fh=d5557a81a8c26216 vn="Win32/OpenCandy application" ac=I fn="C:\Users\Sumsisum\Downloads\FreeScreenVideoRecorder_2.5.30.827.exe"
sh=13287F94C77CE22E0C11855F6DD07512CC74C105 ft=1 fh=080273d70ec48dd3 vn="Win32/OpenCandy application" ac=I fn="C:\Users\Sumsisum\Downloads\FreeStudio.exe"
sh=391421278AF9A3A4238BA276CA04F18EC820C50A ft=1 fh=632fda6313d8e547 vn="Win32/OpenCandy application" ac=I fn="C:\Users\Sumsisum\Downloads\FreeVideoDub.exe"
sh=9D6553039A1E7FDC57A84CFDEEE3F7A5A0BFF3F8 ft=1 fh=8634a79988cf451d vn="Win32/OpenCandy application" ac=I fn="C:\Users\Sumsisum\Downloads\FreeYouTubeDownload.exe"
sh=956358B35B511D8827E09C448D37F9FF040E3F26 ft=1 fh=c44feedd736abfc4 vn="Win32/OpenCandy application" ac=I fn="C:\Users\Sumsisum\Downloads\FreeYouTubeToMP3Converter.exe"
sh=71435DDB11E00D0243380C4902324853FE4ECE8F ft=1 fh=12b0cd2dde452d65 vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="C:\Users\Sumsium\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AQB9WUXE\ApnIC[1].0"
sh=71435DDB11E00D0243380C4902324853FE4ECE8F ft=1 fh=12b0cd2dde452d65 vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="C:\Users\Sumsium\AppData\Local\Temp\AskSLib.dll"
sh=1B3DC3690CDA8E49F22A506EA26A23423C14217F ft=1 fh=8b8bffd56e113ad4 vn="Win32/OpenCandy application" ac=I fn="C:\Users\Sumsium\AppData\Local\Temp\is-7T7IB.tmp\OCSetupHlp.dll"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=858dd676505c0841a7081cb8719da76d
# engine=16084
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-11-30 10:33:48
# local_time=2013-11-30 11:33:48 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 9188 137437478 0 0
# scanned=334334
# found=15
# cleaned=0
# scan_time=8871
sh=71435DDB11E00D0243380C4902324853FE4ECE8F ft=1 fh=12b0cd2dde452d65 vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\apnic.dll"
sh=1A3F14C0A66F9AF050D1F34FBACBAADC31751A07 ft=1 fh=2704a03a0f47b728 vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\apntoolbarinstaller.exe"
sh=FD0483A45EF23EB4DEF1523906A28A4A5D3C0D77 ft=1 fh=fcf2e467b851cbbd vn="a variant of Win32/Bundled.Toolbar.Ask.D application" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\Offercast_AVIRAV7_.exe"
sh=CBC367FDA9FAEA994C924FB8E55207A018184FC4 ft=1 fh=a2af9b8183195b0f vn="Win32/OpenCandy application" ac=I fn="C:\Users\Sumsisum\Documents\Fanktiktions\ff.net\11_PERUSING_THE_SHELVES\FreeYouTubeToMP3Converter.exe"
sh=3F9EF532E24E3DF156603044CBD61640E98BF2B8 ft=1 fh=022f16081b5eb7ed vn="Win32/OpenCandy application" ac=I fn="C:\Users\Sumsisum\Downloads\FreeAVIVideoConverter.exe"
sh=809AD807BCE0351DB6DE5753DF7926F6E6638776 ft=1 fh=b882ff41e623a318 vn="Win32/OpenCandy application" ac=I fn="C:\Users\Sumsisum\Downloads\FreeScreenVideoRecorder_2.5.27.1031(1).exe"
sh=809AD807BCE0351DB6DE5753DF7926F6E6638776 ft=1 fh=b882ff41e623a318 vn="Win32/OpenCandy application" ac=I fn="C:\Users\Sumsisum\Downloads\FreeScreenVideoRecorder_2.5.27.1031.exe"
sh=C999FE70A09E2296FF9E252EE71A2F27846B7003 ft=1 fh=d5557a81a8c26216 vn="Win32/OpenCandy application" ac=I fn="C:\Users\Sumsisum\Downloads\FreeScreenVideoRecorder_2.5.30.827.exe"
sh=13287F94C77CE22E0C11855F6DD07512CC74C105 ft=1 fh=080273d70ec48dd3 vn="Win32/OpenCandy application" ac=I fn="C:\Users\Sumsisum\Downloads\FreeStudio.exe"
sh=391421278AF9A3A4238BA276CA04F18EC820C50A ft=1 fh=632fda6313d8e547 vn="Win32/OpenCandy application" ac=I fn="C:\Users\Sumsisum\Downloads\FreeVideoDub.exe"
sh=9D6553039A1E7FDC57A84CFDEEE3F7A5A0BFF3F8 ft=1 fh=8634a79988cf451d vn="Win32/OpenCandy application" ac=I fn="C:\Users\Sumsisum\Downloads\FreeYouTubeDownload.exe"
sh=956358B35B511D8827E09C448D37F9FF040E3F26 ft=1 fh=c44feedd736abfc4 vn="Win32/OpenCandy application" ac=I fn="C:\Users\Sumsisum\Downloads\FreeYouTubeToMP3Converter.exe"
sh=71435DDB11E00D0243380C4902324853FE4ECE8F ft=1 fh=12b0cd2dde452d65 vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="C:\Users\Sumsium\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AQB9WUXE\ApnIC[1].0"
sh=71435DDB11E00D0243380C4902324853FE4ECE8F ft=1 fh=12b0cd2dde452d65 vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="C:\Users\Sumsium\AppData\Local\Temp\AskSLib.dll"
sh=1B3DC3690CDA8E49F22A506EA26A23423C14217F ft=1 fh=8b8bffd56e113ad4 vn="Win32/OpenCandy application" ac=I fn="C:\Users\Sumsium\AppData\Local\Temp\is-7T7IB.tmp\OCSetupHlp.dll"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=858dd676505c0841a7081cb8719da76d
# engine=18447
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-05-28 07:34:10
# local_time=2014-05-28 09:34:10 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 89194 152935500 0 0
# scanned=116396
# found=0
# cleaned=0
# scan_time=5943
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=858dd676505c0841a7081cb8719da76d
# engine=18450
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-05-29 02:04:49
# local_time=2014-05-29 04:04:49 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 112633 152958939 0 0
# scanned=342806
# found=6
# cleaned=0
# scan_time=23375
sh=71435DDB11E00D0243380C4902324853FE4ECE8F ft=1 fh=12b0cd2dde452d65 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\apnic.dll"
sh=1A3F14C0A66F9AF050D1F34FBACBAADC31751A07 ft=1 fh=2704a03a0f47b728 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\apntoolbarinstaller.exe"
sh=FD0483A45EF23EB4DEF1523906A28A4A5D3C0D77 ft=1 fh=fcf2e467b851cbbd vn="a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\Offercast_AVIRAV7_.exe"
sh=A43ECC43577DF9002842ECC94A3B7CE8E1A2F146 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Sumsisum\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\12fa9b80-373b2e99"
sh=71435DDB11E00D0243380C4902324853FE4ECE8F ft=1 fh=12b0cd2dde452d65 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Users\Sumsium\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AQB9WUXE\ApnIC[1].0"
sh=71435DDB11E00D0243380C4902324853FE4ECE8F ft=1 fh=12b0cd2dde452d65 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Users\Sumsium\AppData\Local\Temp\AskSLib.dll"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=858dd676505c0841a7081cb8719da76d
# engine=22308
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-02-04 09:09:49
# local_time=2015-02-04 10:09:49 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1805 16777213 100 100 10099 148911078 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 9065 174714039 0 0
# scanned=8996
# found=0
# cleaned=0
# scan_time=1057
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=858dd676505c0841a7081cb8719da76d
# engine=22404
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-02-11 12:00:15
# local_time=2015-02-11 01:00:15 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1805 16777213 100 100 31504 149439704 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 30908 175242665 0 0
# scanned=415571
# found=7
# cleaned=0
# scan_time=26142
sh=A398C5349C675AD6F2A89F9D4BE8A6BF6574DEF6 ft=1 fh=cedc6030e4b3f122 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sumsisum\Downloads\Kindle for PC - CHIP-Installer.exe"
sh=77EEF26155F007461F10AE35A968BE473E0FA628 ft=1 fh=2546056735ff87d1 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sumsisum\Downloads\Nokia Suite - CHIP-Installer.exe"
sh=E2C028A886AA7352539DEE32CBB38770C529A76E ft=1 fh=d2aeb2930bcba9f7 vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sumsisum\Downloads\PDFCreator-1_7_3_setup.exe"
sh=031A54F7A504751C60AFB3B176150C4641EA249E ft=0 fh=0000000000000000 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="G:\Sabines Datein\SUMSISUM-PC\Backup Set 2013-10-27 114449\Backup Files 2013-10-27 114449\Backup files 129.zip"
sh=BF6EEEB79E5F3BF51004B689C97965F12986D183 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="G:\Sabines Datein\SUMSISUM-PC\Backup Set 2013-10-27 114449\Backup Files 2013-10-27 114449\Backup files 30.zip"
sh=F0B2FCDFB6314DAC77EEA6B32F251CBAB8DDA28F ft=0 fh=0000000000000000 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="G:\Sabines Datein\SUMSISUM-PC\Backup Set 2013-10-27 114449\Backup Files 2013-10-27 114449\Backup files 31.zip"
sh=CBC904A6006EE2623CD232689233D1BB69F69326 ft=0 fh=0000000000000000 vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="G:\SUMSISUM-PC\Backup Set 2014-08-03 130555\Backup Files 2014-08-03 130555\Backup files 36.zip"
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-02-2015 01 Ran by Sumsium (administrator) on SUMSISUM-PC on 11-02-2015 18:28:31 Running from C:\Users\Sumsium\Desktop Loaded Profiles: Sumsium & Gast (Available profiles: Sumsium & Sumsisum & Gast) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe () C:\ProgramData\DatacardService\HWDeviceService64.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\WiselinkPro.exe () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\http_ss_win_pro.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (Samsung Electronics) C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (TomTom) C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe (Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe () C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe ( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe (Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (Samsung) C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe (1und1 Mail und Media GmbH) C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe (BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe (Nokia) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe () C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe (Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\usrreq.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated) HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610872 2009-08-25] () HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-03-23] (IDT, Inc.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM-x32\...\Run: [Corel File Shell Monitor] => C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe [15544 2009-08-25] () HKLM-x32\...\Run: [HPCam_Menu] => c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.) HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [322104 2009-08-20] ( Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard) HKLM-x32\...\Run: [WirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard) HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.) HKLM-x32\...\Run: [AllShareAgent] => C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe [250768 2011-05-24] (Samsung) HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310064 2014-05-28] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2015-01-09] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [443408 2014-02-07] (BlackBerry Limited) HKLM-x32\...\Run: [Magic Desktop for HP notification] => C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe [1243656 2013-12-07] (Easybits) HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-09-11] (DivX, LLC) HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-29] () HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.) HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [571392 2011-10-30] (Nikon Corporation) HKLM-x32\...\Run: [MailCheck IE Broker] => C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe [2135104 2014-11-17] (1und1 Mail und Media GmbH) HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\Direct3DVideoOutput.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\Direct3DVideoOutput.dll",DllRegisterServer HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DirectSoundAudioOutput.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DirectSoundAudioOutput.dll",DllRegisterServer HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DivXASPDecode.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DivXASPDecode.dll",DllRegisterServer HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DivXDeinterlaceFilter.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DivXDeinterlaceFilter.dll",DllRegisterServer HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\MP3SurroundDecode.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\MP3SurroundDecode.dll",DllRegisterServer HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DivXPlaybackModule.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DivXPlaybackModule.dll",DllRegisterServer HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll",DllRegisterServer HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll",DllRegisterServer HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll",DllRegisterServer HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll",DllRegisterServer HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDFXAudioPlugin.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDFXAudioPlugin.dll",DllRegisterServer HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DFXAudioPlugin.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DFXAudioPlugin.dll",DllRegisterServer HKU\S-1-5-21-132197110-3117043442-3119173927-1000\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-08-20] (Hewlett-Packard Company) HKU\S-1-5-21-132197110-3117043442-3119173927-1000\...\Run: [KiesPDLR] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [843568 2014-05-28] (Samsung) HKU\S-1-5-21-132197110-3117043442-3119173927-1000\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe [578560 2013-04-18] (Samsung Electronics) HKU\S-1-5-21-132197110-3117043442-3119173927-1000\...\Run: [MyTomTomSA.exe] => C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe [455608 2013-05-23] (TomTom) HKU\S-1-5-21-132197110-3117043442-3119173927-1000\...\Run: [NokiaSuite.exe] => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1092448 2014-11-19] (Nokia) HKU\S-1-5-21-132197110-3117043442-3119173927-1000\...\Policies\system: [DisableLockWorkstation] 0 HKU\S-1-5-21-132197110-3117043442-3119173927-1000\...\Policies\system: [DisableChangePassword] 0 HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-08-20] (Hewlett-Packard Company) HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [KiesPDLR] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [843568 2014-05-28] (Samsung) HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe [578560 2013-04-18] (Samsung Electronics) HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [MyTomTomSA.exe] => C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe [455608 2013-05-23] (TomTom) HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [NokiaSuite.exe] => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1092448 2014-11-19] (Nokia) HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DisableLockWorkstation] 0 HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DisableChangePassword] 0 HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-08-20] (Hewlett-Packard Company) HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [KiesPDLR] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [843568 2014-05-28] (Samsung) HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe [578560 2013-04-18] (Samsung Electronics) HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [MyTomTomSA.exe] => C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe [455608 2013-05-23] (TomTom) HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [NokiaSuite.exe] => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1092448 2014-11-19] (Nokia) HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Policies\system: [DisableLockWorkstation] 0 HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Policies\system: [DisableChangePassword] 0 HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-08-20] (Hewlett-Packard Company) HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [KiesPDLR] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [843568 2014-05-28] (Samsung) HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe [578560 2013-04-18] (Samsung Electronics) HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [MyTomTomSA.exe] => C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe [455608 2013-05-23] (TomTom) HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [NokiaSuite.exe] => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1092448 2014-11-19] (Nokia) HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Policies\system: [DisableLockWorkstation] 0 HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Policies\system: [DisableChangePassword] 0 HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-08-20] (Hewlett-Packard Company) HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\...\Run: [KiesPDLR] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [843568 2014-05-28] (Samsung) HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe [578560 2013-04-18] (Samsung Electronics) HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\...\Run: [MyTomTomSA.exe] => C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe [455608 2013-05-23] (TomTom) HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\...\Run: [NokiaSuite.exe] => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1092448 2014-11-19] (Nokia) HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\...\Policies\system: [DisableLockWorkstation] 0 HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\...\Policies\system: [DisableChangePassword] 0 HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-4\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-08-20] (Hewlett-Packard Company) HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-4\...\Run: [KiesPDLR] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [843568 2014-05-28] (Samsung) HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-4\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe [578560 2013-04-18] (Samsung Electronics) HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-4\...\Run: [MyTomTomSA.exe] => C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe [455608 2013-05-23] (TomTom) HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-4\...\Run: [NokiaSuite.exe] => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1092448 2014-11-19] (Nokia) HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-4\...\Policies\system: [DisableLockWorkstation] 0 HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-4\...\Policies\system: [DisableChangePassword] 0 HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-08-20] (Hewlett-Packard Company) HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [QuickTime Task] => "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [AnyDVD] => C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [KiesPDLR] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [843568 2014-05-28] (Samsung) HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [843568 2014-05-28] (Samsung) HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [openvpntray.EXE] => C:\Users\Sumsisum\AppData\Roaming\Hotspot Shield\bin\openvpntray.EXE -nonadmin HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [Greenshot] => C:\Users\Sumsisum\AppData\Local\Greenshot\Greenshot.exe [495616 2013-12-12] (Greenshot) HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [KiesPDLR.exe] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [843568 2014-05-28] (Samsung) HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [GoogleChromeAutoLaunch_CC7034B0FA467AF7CA332882BC1B199F] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-02-04] (Google Inc.) HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [NokiaSuite.exe] => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1092448 2014-11-19] (Nokia) HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Policies\system: [DisableLockWorkstation] 0 HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Policies\system: [DisableChangePassword] 0 HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\MountPoints2: {c8af9512-5273-11e1-86e7-d2106dcbbcc7} - G:\AutoRun.exe HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\MountPoints2: {c8af9530-5273-11e1-86e7-d2106dcbbcc7} - G:\AutoRun.exe HKU\S-1-5-21-132197110-3117043442-3119173927-501\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-08-20] (Hewlett-Packard Company) HKU\S-1-5-21-132197110-3117043442-3119173927-501\...\Run: [NokiaSuite.exe] => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1092448 2014-11-19] (Nokia) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\w98Eject.lnk ShortcutTarget: w98Eject.lnk -> C:\Windows\system\w98eject.exe (Sigmatel) Startup: C:\Users\Sumsisum\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-132197110-3117043442-3119173927-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-4\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-132197110-3117043442-3119173927-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=BDT3&ocid=BDT3DHP&dt=072113 HKU\S-1-5-21-132197110-3117043442-3119173927-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=BDT3&ocid=BDT3DHP&dt=072113 HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=BDT3&ocid=BDT3DHP&dt=072113 HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=BDT3&ocid=BDT3DHP&dt=072113 HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=BDT3&ocid=BDT3DHP&dt=072113 HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-4\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=BDT3&ocid=BDT3DHP&dt=072113 HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-4\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.facebook.de/ HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4 HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://www.google.de/ hxxp://www.dict.cc/ HKU\S-1-5-21-132197110-3117043442-3119173927-501\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4 HKU\S-1-5-21-132197110-3117043442-3119173927-501\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.uk.msn.com/HPNOT/4 HKU\S-1-5-21-132197110-3117043442-3119173927-501\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4 SearchScopes: HKLM -> {230D7087-5842-4816-985C-8393ACBAC32D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox SearchScopes: HKLM-x32 -> {230D7087-5842-4816-985C-8393ACBAC32D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-4 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-4 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000 -> {230D7087-5842-4816-985C-8393ACBAC32D} URL = SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000 -> {56728EB4-149A-4AB9-845B-0CE539BFAF5F} URL = hxxp://go.web.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000 -> {9FA66BE2-9B22-4EE4-845F-A8C2AEB43E93} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=827316&p={searchTerms} SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000 -> {A3B580D5-7A1E-47A6-8959-EDB56220911B} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000 -> {A8230883-C5FB-4BA4-B422-5AC627B247E4} URL = hxxp://go.gmx.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000 -> {B18110A6-0C60-4152-B054-7492AF998A53} URL = hxxp://go.mail.com/tb/en-us/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {230D7087-5842-4816-985C-8393ACBAC32D} URL = SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {56728EB4-149A-4AB9-845B-0CE539BFAF5F} URL = hxxp://go.web.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {9FA66BE2-9B22-4EE4-845F-A8C2AEB43E93} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=827316&p={searchTerms} SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {A3B580D5-7A1E-47A6-8959-EDB56220911B} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {A8230883-C5FB-4BA4-B422-5AC627B247E4} URL = hxxp://go.gmx.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {B18110A6-0C60-4152-B054-7492AF998A53} URL = hxxp://go.mail.com/tb/en-us/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> {230D7087-5842-4816-985C-8393ACBAC32D} URL = SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> {56728EB4-149A-4AB9-845B-0CE539BFAF5F} URL = hxxp://go.web.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> {9FA66BE2-9B22-4EE4-845F-A8C2AEB43E93} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=827316&p={searchTerms} SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> {A3B580D5-7A1E-47A6-8959-EDB56220911B} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> {A8230883-C5FB-4BA4-B422-5AC627B247E4} URL = hxxp://go.gmx.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> {B18110A6-0C60-4152-B054-7492AF998A53} URL = hxxp://go.mail.com/tb/en-us/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2 -> {230D7087-5842-4816-985C-8393ACBAC32D} URL = SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2 -> {56728EB4-149A-4AB9-845B-0CE539BFAF5F} URL = hxxp://go.web.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2 -> {9FA66BE2-9B22-4EE4-845F-A8C2AEB43E93} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=827316&p={searchTerms} SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2 -> {A3B580D5-7A1E-47A6-8959-EDB56220911B} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2 -> {A8230883-C5FB-4BA4-B422-5AC627B247E4} URL = hxxp://go.gmx.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2 -> {B18110A6-0C60-4152-B054-7492AF998A53} URL = hxxp://go.mail.com/tb/en-us/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3 -> {230D7087-5842-4816-985C-8393ACBAC32D} URL = SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3 -> {56728EB4-149A-4AB9-845B-0CE539BFAF5F} URL = hxxp://go.web.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3 -> {9FA66BE2-9B22-4EE4-845F-A8C2AEB43E93} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=827316&p={searchTerms} SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3 -> {A3B580D5-7A1E-47A6-8959-EDB56220911B} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3 -> {A8230883-C5FB-4BA4-B422-5AC627B247E4} URL = hxxp://go.gmx.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3 -> {B18110A6-0C60-4152-B054-7492AF998A53} URL = hxxp://go.mail.com/tb/en-us/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-4 -> {230D7087-5842-4816-985C-8393ACBAC32D} URL = SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-4 -> {56728EB4-149A-4AB9-845B-0CE539BFAF5F} URL = hxxp://go.web.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-4 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-4 -> {9FA66BE2-9B22-4EE4-845F-A8C2AEB43E93} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=827316&p={searchTerms} SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-4 -> {A3B580D5-7A1E-47A6-8959-EDB56220911B} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-4 -> {A8230883-C5FB-4BA4-B422-5AC627B247E4} URL = hxxp://go.gmx.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-4 -> {B18110A6-0C60-4152-B054-7492AF998A53} URL = hxxp://go.mail.com/tb/en-us/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> DefaultScope {230D7087-5842-4816-985C-8393ACBAC32D} URL = SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> {23E77356-E10E-46C5-AA24-2D9B7C1FB216} URL = hxxp://go.web.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> {675FE16E-301D-44E6-8F1F-1D552559A19E} URL = hxxp://go.gmx.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> {D045F1E8-885E-482D-8207-5DD49111C39E} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> {E9A1BA5E-CB6A-4F07-AD0F-DA446D7AD36B} URL = hxxp://go.mail.com/tb/en-us/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-501 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.) BHO: WEB.DE MailCheck BHO -> {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} -> C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) BHO-x32: WEB.DE MailCheck BHO -> {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} -> C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File Toolbar: HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> No Name - {C424171E-592A-415A-9EB1-DFD6D95D3530} - No File DPF: HKLM-x32 {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) Handler-x32: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) Tcpip\Parameters: [DhcpNameServer] 192.168.0.2 Tcpip\..\Interfaces\{2DD74BF9-228A-47CA-9F74-06C1515BF58C}: [NameServer] 139.7.30.125 139.7.30.126 FireFox: ======== FF ProfilePath: C:\Users\Sumsium\AppData\Roaming\Mozilla\Firefox\Profiles\h8p7mo5w.default FF SelectedSearchEngine: Google FF Keyword.URL: hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=827316&p= FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @innoplus.de/ino3DViewer -> C:\Program Files (x86)\innoplus\3D-Viewer-innoPlus\npIno3DViewer.dll (INNOVA-engineering GmbH Dresden) FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( ) FF Plugin-x32: @pack.google.com/Google Updater;version=14 -> C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll () FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: NitroPDF -> C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll ( ) FF Plugin-x32: PDF Architect 2 -> C:\Program Files (x86)\PDF Architect 2\np-previewer.dll (pdfforge GmbH) FF Plugin HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0: @Google.com/GoogleEarthPlugin -> C:\Users\Sumsisum\AppData\Local\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Extension: Download videos and MP3s from YouTube - C:\Users\Sumsium\AppData\Roaming\Mozilla\Firefox\Profiles\h8p7mo5w.default\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900} [2014-11-12] FF Extension: NoScript - C:\Users\Sumsium\AppData\Roaming\Mozilla\Firefox\Profiles\h8p7mo5w.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012-03-04] FF Extension: Adblock Plus - C:\Users\Sumsium\AppData\Roaming\Mozilla\Firefox\Profiles\h8p7mo5w.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-10-21] FF HKU\S-1-5-21-132197110-3117043442-3119173927-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-11-12] FF HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff FF HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff FF HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff FF HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff FF HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-4\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff Chrome: ======= CHR HomePage: Default -> hxxp://www.google.com/ CHR StartupUrls: Default -> "hxxp://www.google.com/" CHR Profile: C:\Users\Sumsium\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Sumsium\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-04] CHR Extension: (YouTube) - C:\Users\Sumsium\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-01] CHR Extension: (Adblock Plus) - C:\Users\Sumsium\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-03-01] CHR Extension: (Hide My Ass! Web Proxy) - C:\Users\Sumsium\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmgnmcnlncejehjlnhaglpnoolgbflbd [2014-06-13] CHR Extension: (Google-Suche) - C:\Users\Sumsium\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-01] CHR Extension: (Avira Browserschutz) - C:\Users\Sumsium\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-06-13] CHR Extension: (ScriptBlock) - C:\Users\Sumsium\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcdjknjpbnhdoabbngpmfekaecnpajba [2015-02-06] CHR Extension: (Google Wallet) - C:\Users\Sumsium\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-01] CHR Extension: (Google Mail) - C:\Users\Sumsium\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-01] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation) R2 AntiVirFirewallService; C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [1044784 2014-11-25] (Avira Operations GmbH & Co. KG) R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [807672 2015-01-09] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2015-01-09] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2015-01-09] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [993584 2015-01-09] (Avira Operations GmbH & Co. KG) R3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [585728 2014-01-21] (BlackBerry Limited) [File not signed] S2 ezSharedSvc; C:\Windows\SysWOW64\ezsvc7.dll [129584 2009-02-22] (EasyBits Sofware AS) [File not signed] R2 HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [120832 2009-10-15] (Hewlett-Packard) [File not signed] R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] () R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-08-20] (Hewlett-Packard Company) [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 NitroReaderDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [341296 2011-06-21] (Nitro PDF Software) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-13] (NVIDIA Corporation) S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1716264 2014-04-30] (pdfforge GmbH) S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-04-30] (pdfforge GmbH) R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-06] () R2 SamsungAllShare; C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\WiselinkPro.exe [7237024 2011-05-24] () R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe [247808 2010-03-23] (IDT, Inc.) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R3 avfwim; C:\Windows\System32\DRIVERS\avfwim.sys [114608 2013-02-12] (Avira GmbH) R1 avfwot; C:\Windows\System32\DRIVERS\avfwot.sys [141376 2013-02-12] (Avira GmbH) R1 avfwot; C:\Windows\SysWOW64\DRIVERS\avfwot.sys [131336 2011-06-30] (Avira GmbH) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-01] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-01] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [43064 2014-10-01] (Avira Operations GmbH & Co. KG) S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-04-18] () [File not signed] R3 GEARAspiWDM; C:\Windows\SysWOW64\DRIVERS\GEARAspiWDM.sys [15664 2011-11-19] (GEAR Software Inc.) S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [212992 2012-02-13] (Huawei Technologies Co., Ltd.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-11] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation) S3 OV550I; C:\Windows\System32\Drivers\ov550ivx.sys [196992 2008-02-21] (Omnivision Technologies, Inc.) S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [79872 2013-12-02] (BlackBerry Limited) R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd) S3 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp.sys [145360 2010-02-12] (Sun Microsystems, Inc.) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 dgderdrv; System32\drivers\dgderdrv.sys [X] S3 DlinkUDSMBus; SysWOW64\Drivers\DlinkUDSMBus.sys [X] S3 lvpepf64; system32\DRIVERS\lv302a64.sys [X] S3 LVPr2M64; system32\DRIVERS\LVPr2M64.sys [X] S3 LVRS64; system32\DRIVERS\lvrs64.sys [X] S3 PID_PEPI; system32\DRIVERS\LV302V64.SYS [X] S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X] S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-11 18:23 - 2015-02-11 18:23 - 00001007 _____ () C:\Users\Sumsium\Desktop\ESET_2015-02-11.txt 2015-02-10 17:40 - 2015-02-10 17:40 - 02347384 _____ (ESET) C:\Users\Sumsium\Downloads\esetsmartinstaller_deu.exe 2015-02-10 17:25 - 2015-02-11 18:28 - 00000000 ____D () C:\Users\Sumsium\Desktop\FRST-OlderVersion 2015-02-08 21:32 - 2015-02-08 21:32 - 00033999 _____ () C:\Users\Sumsium\Desktop\08022015.txt 2015-02-08 19:02 - 2015-02-08 19:02 - 00033999 _____ () C:\ComboFix.txt 2015-02-08 18:42 - 2015-02-08 18:42 - 05609947 ____R (Swearware) C:\Users\Sumsium\Desktop\ComboFix.exe 2015-02-07 15:17 - 2015-02-11 18:28 - 02134016 _____ (Farbar) C:\Users\Sumsium\Desktop\FRST64.exe 2015-02-06 20:15 - 2015-02-06 20:15 - 00060042 _____ () C:\Users\Sumsium\Desktop\FRST_06022015.txt 2015-02-06 20:15 - 2015-02-06 20:15 - 00050179 _____ () C:\Users\Sumsium\Desktop\Addition_06022015.txt 2015-02-06 19:58 - 2015-02-06 19:58 - 00001209 _____ () C:\Users\Sumsium\Desktop\MWB_06.02.2015.txt 2015-02-06 19:11 - 2015-02-11 10:24 - 00000986 _____ () C:\Windows\Tasks\Google Software Updater.job 2015-02-06 19:11 - 2015-02-06 19:11 - 00003536 _____ () C:\Windows\System32\Tasks\Google Software Updater 2015-02-06 18:59 - 2015-02-06 18:59 - 02112512 _____ () C:\Users\Sumsium\Downloads\AdwCleaner_4.110.exe 2015-02-05 21:08 - 2015-02-05 21:08 - 00060051 _____ () C:\Users\Sumsium\Desktop\FRST_05.02.2015.txt 2015-02-05 21:08 - 2015-02-05 21:08 - 00049146 _____ () C:\Users\Sumsium\Desktop\Addition_05.02.2015.txt 2015-02-05 21:06 - 2015-02-07 15:20 - 00064689 _____ () C:\Users\Sumsium\Downloads\FRST.txt 2015-02-05 21:06 - 2015-02-06 20:02 - 00050179 _____ () C:\Users\Sumsium\Downloads\Addition.txt 2015-02-05 21:01 - 2015-02-05 21:01 - 00034595 _____ () C:\Users\Sumsium\Desktop\Combo_05022015.txt 2015-02-05 20:36 - 2015-02-08 19:02 - 00000000 ____D () C:\Qoobox 2015-02-05 20:36 - 2015-02-05 20:51 - 00000000 ____D () C:\Windows\erdnt 2015-02-05 20:36 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe 2015-02-05 20:36 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe 2015-02-05 20:36 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-02-05 20:36 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-02-05 20:36 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-02-05 20:36 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe 2015-02-05 20:36 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe 2015-02-05 20:36 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe 2015-02-04 22:04 - 2015-02-04 22:05 - 00051768 _____ () C:\Users\Sumsium\Desktop\Addition.txt 2015-02-04 22:03 - 2015-02-11 18:28 - 00056164 _____ () C:\Users\Sumsium\Desktop\FRST.txt 2015-02-04 22:03 - 2015-02-11 18:28 - 00000000 ____D () C:\FRST 2015-02-04 22:03 - 2015-02-04 22:03 - 02131968 _____ (Farbar) C:\Users\Sumsium\Downloads\FRST64.exe 2015-02-04 21:39 - 2015-02-04 21:39 - 00001596 _____ () C:\Users\Sumsium\Desktop\MWB_04.02.2015.txt 2015-02-04 20:56 - 2015-02-11 16:42 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-02-04 20:56 - 2015-02-04 20:56 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-02-04 20:56 - 2015-02-04 20:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-02-04 20:56 - 2015-02-04 20:56 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-02-04 20:56 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-02-04 20:56 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-02-04 20:35 - 2015-02-04 20:35 - 02194432 _____ () C:\Users\Sumsium\Downloads\AdwCleaner09.exe 2015-02-04 20:31 - 2015-02-04 20:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WEB.DE MailCheck 2015-02-04 20:31 - 2015-02-04 20:31 - 00000000 ____D () C:\Program Files\WEB.DE MailCheck 2015-02-04 20:31 - 2015-02-04 20:31 - 00000000 ____D () C:\Program Files (x86)\WEB.DE MailCheck 2015-02-02 18:10 - 2015-02-02 18:11 - 00000000 ____D () C:\Users\Sumsisum\AppData\Local\{BCB7DE81-8D52-4792-B5AF-BEB777D12830} 2015-02-01 17:50 - 2015-02-01 17:50 - 00000000 ____D () C:\Users\Sumsisum\AppData\Local\{2EBA8608-3E96-4F27-92D9-C942EDED9FF6} 2015-01-31 18:50 - 2015-01-31 18:51 - 00000000 ____D () C:\Users\Sumsisum\AppData\Local\{BA1C8A95-E08D-458F-BFBB-3D4399D73349} 2015-01-28 19:44 - 2015-01-28 19:44 - 49464479 _____ () C:\Users\Sumsisum\Downloads\Sky_go_v.1.1.apk 2015-01-28 19:24 - 2015-01-28 19:27 - 00000000 ____D () C:\Users\Sumsisum\Desktop\kindle 2015-01-27 18:56 - 2015-01-27 18:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-01-26 18:42 - 2015-01-26 18:42 - 00003882 _____ () C:\Windows\System32\Tasks\Registration 1und1 Task 2015-01-26 18:42 - 2015-01-26 18:42 - 00000000 ____D () C:\ProgramData\UUdb 2015-01-26 11:02 - 2015-01-26 11:02 - 00022720 _____ () C:\Users\Sumsisum\KontakteNokia.7z 2015-01-26 10:57 - 2015-01-26 10:58 - 00000000 ____D () C:\Users\Sumsisum\KontakteNokia 2015-01-26 10:40 - 2015-01-26 10:52 - 00000000 ____D () C:\Users\Sumsium\KontakteNokia 2015-01-26 09:33 - 2015-01-26 09:33 - 00000000 ____D () C:\Users\Sumsium\AppData\Roaming\Windows Live Writer 2015-01-26 09:33 - 2015-01-26 09:33 - 00000000 ____D () C:\Users\Sumsium\AppData\Local\Windows Live Writer 2015-01-26 09:33 - 2015-01-26 09:33 - 00000000 ____D () C:\Users\Sumsium\AppData\Local\{8FFF0D90-6E4F-4354-8769-B7908F254471} 2015-01-26 09:33 - 2015-01-26 09:33 - 00000000 ____D () C:\Users\Sumsium\AppData\Local\{74770D46-27FE-443A-B9EF-4A06FDF3873F} 2015-01-26 08:33 - 2015-01-26 08:33 - 00000000 ____D () C:\Users\Sumsium\AppData\Roaming\Nokia Suite 2015-01-26 08:33 - 2015-01-26 08:33 - 00000000 ____D () C:\Users\Sumsium\AppData\Roaming\Nokia 2015-01-26 08:30 - 2015-01-26 08:30 - 00000000 __SHD () C:\Users\Sumsium\AppData\Local\EmieBrowserModeList 2015-01-26 08:26 - 2015-02-08 11:24 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7 2015-01-26 08:24 - 2015-01-26 08:24 - 00000000 ____D () C:\Users\Sumsium\AppData\Local\Apple Computer 2015-01-25 10:59 - 2015-01-25 10:59 - 00000000 ____D () C:\Users\Sumsisum\Desktop\Sigi Geburtstag 2015-01-23 20:58 - 2015-01-23 20:58 - 02470949 _____ () C:\Users\Sumsisum\Downloads\HollywoodTowers.mp4 2015-01-23 20:55 - 2015-01-23 20:55 - 02842206 _____ () C:\Users\Sumsisum\Downloads\SevenDwarfs.mp4 2015-01-23 19:23 - 2015-01-23 19:23 - 00000000 ____D () C:\Users\Gast\AppData\Local\Apple Computer 2015-01-23 19:23 - 2015-01-23 19:23 - 00000000 ____D () C:\ProgramData\Apple Computer 2015-01-23 19:23 - 2012-10-03 16:14 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys 2015-01-23 19:22 - 2015-02-08 11:23 - 00000000 ____D () C:\Program Files\Common Files\Apple 2015-01-23 19:21 - 2015-01-23 19:21 - 00000000 ____D () C:\Program Files\Bonjour 2015-01-23 19:21 - 2015-01-23 19:21 - 00000000 ____D () C:\Program Files (x86)\Bonjour 2015-01-23 19:20 - 2015-01-23 19:20 - 122418480 _____ (Apple Inc.) C:\Users\Gast\Downloads\iTunes64Setup.exe 2015-01-23 19:17 - 2015-01-23 19:17 - 00002247 _____ () C:\Users\Gast\Desktop\Google Chrome.lnk 2015-01-23 19:17 - 2015-01-23 19:17 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google 2015-01-23 19:14 - 2015-01-23 19:14 - 00001270 _____ () C:\Users\Gast\Desktop\Kontakte - Verknüpfung.lnk 2015-01-23 19:09 - 2015-01-26 07:56 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\Nokia 2015-01-23 19:09 - 2015-01-23 19:09 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\Nokia Suite 2015-01-23 19:08 - 2015-01-26 07:52 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\PC Suite 2015-01-23 19:08 - 2015-01-23 19:08 - 00000000 ____D () C:\Users\Gast\AppData\Local\Nokia 2015-01-23 11:57 - 2015-01-23 11:57 - 00002089 _____ () C:\Users\Public\Desktop\Nokia Suite.lnk 2015-01-23 11:57 - 2015-01-23 11:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nokia 2015-01-23 11:57 - 2015-01-23 11:57 - 00000000 ____D () C:\Program Files (x86)\PC Connectivity Solution 2015-01-23 11:57 - 2012-10-17 14:53 - 00026112 _____ (Nokia) C:\Windows\system32\Drivers\pccsmcfdx64.sys 2015-01-23 11:27 - 2015-01-23 11:27 - 01191200 _____ () C:\Users\Sumsisum\Downloads\Nokia Suite - CHIP-Installer.exe 2015-01-23 11:03 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2015-01-21 17:25 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2015-01-21 17:25 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2015-01-21 17:25 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-01-21 17:25 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-01-21 17:25 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-01-21 17:25 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-01-21 17:25 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-01-21 17:25 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-01-21 17:25 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-01-21 17:25 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll 2015-01-21 17:25 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll 2015-01-21 17:25 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-11 18:23 - 2010-05-23 14:32 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-02-11 18:15 - 2012-03-29 14:54 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-02-11 13:49 - 2010-03-12 01:19 - 01800161 _____ () C:\Windows\WindowsUpdate.log 2015-02-11 11:23 - 2010-05-23 14:32 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-02-08 18:59 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini 2015-02-08 11:18 - 2010-05-23 14:32 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-02-08 11:18 - 2010-05-23 14:32 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-02-07 15:16 - 2012-03-29 14:54 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-02-07 15:15 - 2012-03-29 14:54 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-02-07 15:15 - 2011-06-21 17:20 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-02-06 19:16 - 2009-07-14 05:45 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-02-06 19:16 - 2009-07-14 05:45 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-02-06 19:07 - 2011-05-04 16:32 - 00330520 _____ () C:\Windows\SysWOW64\http_ss.log 2015-02-06 19:07 - 2010-03-12 01:22 - 00665532 _____ () C:\Windows\PFRO.log 2015-02-06 19:07 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-02-06 19:07 - 2009-07-14 05:51 - 00210233 _____ () C:\Windows\setupact.log 2015-02-06 19:02 - 2013-11-30 08:58 - 00000000 ____D () C:\AdwCleaner 2015-02-05 20:52 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default 2015-02-04 20:56 - 2013-06-20 19:24 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware 2015-02-04 20:56 - 2012-03-04 12:38 - 00000000 ____D () C:\Users\Sumsium\AppData\Roaming\Malwarebytes 2015-02-04 20:56 - 2012-03-04 12:38 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-02-04 20:21 - 2012-09-24 10:34 - 00003954 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{61CDC14D-922F-48FB-A877-B41883A6DD8B} 2015-02-01 17:47 - 2014-08-27 19:26 - 00000000 ____D () C:\Users\Sumsisum\Documents\Wohnung 2015-01-31 18:51 - 2012-01-06 23:04 - 00000000 ____D () C:\Users\Sumsisum\AppData\Local\Windows Live 2015-01-31 12:38 - 2012-06-10 08:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-01-30 23:07 - 2010-01-09 06:07 - 09650414 _____ () C:\Windows\system32\perfh007.dat 2015-01-30 23:07 - 2010-01-09 06:07 - 03042540 _____ () C:\Windows\system32\perfc007.dat 2015-01-30 23:07 - 2009-07-14 06:13 - 00006504 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-01-26 18:42 - 2014-03-22 16:32 - 00000000 ____D () C:\Program Files (x86)\1und1Softwareaktualisierung 2015-01-26 11:02 - 2010-05-18 14:50 - 00000000 ____D () C:\Users\Sumsisum 2015-01-26 10:58 - 2012-07-21 18:33 - 00000000 ____D () C:\Users\Sumsisum\Documents\Rezepte 2015-01-26 10:40 - 2010-05-18 09:40 - 00000000 ____D () C:\Users\Sumsium 2015-01-26 09:33 - 2012-01-06 21:17 - 00000000 ____D () C:\Users\Sumsium\AppData\Local\Windows Live 2015-01-26 08:38 - 2012-01-07 23:18 - 00000000 ____D () C:\Users\Sumsium\AppData\Roaming\Apple Computer 2015-01-26 08:33 - 2012-10-23 18:23 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2015-01-26 08:32 - 2010-11-01 09:38 - 00000000 ____D () C:\Users\Sumsium\AppData\Roaming\PC Suite 2015-01-26 08:06 - 2014-01-21 19:59 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\Apple Computer 2015-01-23 19:21 - 2011-10-31 21:11 - 00000000 ____D () C:\ProgramData\Apple 2015-01-23 12:02 - 2010-09-25 10:22 - 00000000 ____D () C:\Users\Sumsisum\AppData\Local\Nokia 2015-01-23 11:58 - 2010-09-24 19:14 - 00000000 ____D () C:\ProgramData\Nokia 2015-01-23 11:58 - 2010-09-22 10:45 - 00000000 ____D () C:\Users\Sumsium\AppData\Local\Nokia 2015-01-23 11:57 - 2010-09-22 10:41 - 00000000 ____D () C:\Program Files (x86)\Nokia 2015-01-23 11:57 - 2010-03-12 01:17 - 00109498 _____ () C:\Windows\DPINST.LOG 2015-01-23 11:06 - 2013-07-21 11:26 - 00000000 ____D () C:\Windows\system32\MRT 2015-01-23 10:53 - 2010-11-19 20:38 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-01-14 17:52 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-01-13 18:07 - 2014-01-07 12:27 - 00000000 ____D () C:\Users\Sumsisum\AppData\Local\Greenshot ==================== Files in the root of some directories ======= 2014-03-01 14:44 - 2014-03-01 14:44 - 0000268 ___RH () C:\Users\Sumsium\AppData\Roaming\Breath Pad 2014-03-01 14:44 - 2014-03-01 14:44 - 0000268 ___RH () C:\Users\Sumsium\AppData\Roaming\Bubble Noise 2013-06-29 16:22 - 2013-06-29 16:42 - 0000077 _____ () C:\Users\Sumsium\AppData\Roaming\Rim.Desktop.Exception.log 2011-03-12 16:59 - 2013-06-29 16:20 - 0003174 _____ () C:\Users\Sumsium\AppData\Roaming\Rim.Desktop.HttpServerSetup.log 2013-06-29 16:22 - 2013-06-29 16:42 - 0000077 _____ () C:\Users\Sumsium\AppData\Roaming\Rim.DesktopHelper.Exception.log 2011-01-08 21:13 - 2011-01-08 21:13 - 0000000 _____ () C:\Users\Sumsium\AppData\Local\AtStart.txt 2011-01-08 21:13 - 2011-01-08 21:13 - 0000000 _____ () C:\Users\Sumsium\AppData\Local\DSwitch.txt 2011-01-08 21:13 - 2011-01-08 21:13 - 0000000 _____ () C:\Users\Sumsium\AppData\Local\QSwitch.txt 2012-01-19 18:19 - 2013-06-22 13:19 - 0007610 _____ () C:\Users\Sumsium\AppData\Local\Resmon.ResmonCfg 2010-12-05 13:30 - 2010-12-28 20:25 - 0000080 ___SH () C:\ProgramData\.zreglib 2014-03-01 14:44 - 2014-03-01 14:44 - 0000268 ___RH () C:\ProgramData\Caches 2014-03-01 14:44 - 2014-03-01 14:44 - 0000268 ___RH () C:\ProgramData\CIOSupport 2014-03-01 14:44 - 2014-03-01 14:44 - 0000012 ___RH () C:\ProgramData\ColorSync 2014-03-01 14:44 - 2014-03-01 14:44 - 0000012 ___RH () C:\ProgramData\Command Line Utility 2010-05-18 09:45 - 2010-11-19 20:38 - 0000188 _____ () C:\ProgramData\HPWALog.txt 2014-05-01 11:17 - 2014-05-01 11:18 - 0000848 ___SH () C:\ProgramData\KGyGaAvL.sys 2014-03-01 14:44 - 2014-03-01 14:44 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT 2014-03-01 14:44 - 2014-03-01 14:44 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT 2010-03-12 01:43 - 2010-03-12 01:43 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log 2010-01-08 23:23 - 2010-01-08 23:23 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log 2010-03-12 01:42 - 2010-03-12 01:42 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log 2010-01-08 23:19 - 2010-01-08 23:20 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log 2010-03-12 01:42 - 2010-03-12 01:42 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log 2010-03-12 01:43 - 2010-03-12 01:43 - 0000032 _____ () C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log 2010-01-08 23:19 - 2010-01-08 23:19 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log 2010-01-08 23:20 - 2010-01-08 23:23 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log 2010-03-12 01:43 - 2010-03-12 01:43 - 0000105 _____ () C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log Some content of TEMP: ==================== C:\Users\Sumsium\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-02-05 21:32 ==================== End Of Log ============================ --- --- --- |
|
| Themen zu Fund bei Malwarebytes: OpenCandy und Spigot |
| appdatalow, bedenklich, candy, einfach, elemente, entferne, entfernen, erkannt, fund, gefunde, laufe, laufen, local, malwarebytes, opencandy, profi, schädliche, search, search settings, software, spigot, temp, users |
WARNUNG an die MITLESER: 
Linear-Darstellung
