| |
| |||||||
Log-Analyse und Auswertung: Enterprise 1.1 Windows 7Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
08.02.2015, 20:44
| #1 |
| |  Enterprise 1.1 Windows 7 Hallo! Nachdem ich alle Anweisungen (vom 22.08.14) zur Entfernung von Enterprise 1.1 unternommen habe, kam dieser log dabei heraus. Vielleicht könnt ihr mir helfen? Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=4f88ab51f72b304d8c88cd522218501b
# engine=22359
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-02-08 04:17:21
# local_time=2015-02-08 05:17:21 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 31051 175043432 0 0
# scanned=204475
# found=58
# cleaned=0
# scan_time=26727
sh=777304240D73B9B2BB8BE4A2507E0C60FBF6EE3F ft=1 fh=60346f50c0042d1f vn="Variante von Win32/Adware.Bandoo.AC Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Bandoo\Bandoo.exe.vir"
sh=E36D8D1A1F1A16D7358B355E74082CD71A10A7C0 ft=1 fh=add9d02b1f431b85 vn="Variante von Win32/Adware.Bandoo.AB Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Bandoo\BandooUI.exe.vir"
sh=FA65BB9DECDF09EE8179318A7E3D5B13DB3FB18C ft=0 fh=0000000000000000 vn="Win32/BrowseFox.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\BatBrowse\ccncljhbalbbkkfgopogabimepmfkmff.crx.vir"
sh=8992F72873D09212597E582A16F8D9BC60E6A22A ft=1 fh=e21391a34e842ffc vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe.vir"
sh=97BCCD25561F44E9B13F05F6EEF083C9CE9BA529 ft=1 fh=641f1fb3d2e699c4 vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Conduit\Community Alerts\Alert.dll.vir"
sh=8C4832A960077EB75721FE4C2F0546C4DBB1D0A4 ft=1 fh=919659f5a57846d5 vn="Variante von Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Conduit\Community Alerts\Alert0.dll.vir"
sh=57CD8DEAF43DF3A2F4703E5219A69935B119D0DB ft=1 fh=311781f1ea21501f vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\ConduitEngine\ConduitEngine.dll.vir"
sh=57CD8DEAF43DF3A2F4703E5219A69935B119D0DB ft=1 fh=311781f1ea21501f vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Josefine\AppData\LocalLow\ConduitEngine\ConduitEngine.dll.vir"
sh=57CD8DEAF43DF3A2F4703E5219A69935B119D0DB ft=1 fh=311781f1ea21501f vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Luis\AppData\LocalLow\ConduitEngine\ConduitEngine.dll.vir"
sh=0DDC9EFBCBB739ECBC9645E0D81144ACB0DC139F ft=1 fh=2cd04407df9b26ee vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Schneeeule\AppData\Local\Conduit\CT2269050\DVDVideoSoftAutoUpdaterHelper.exe.vir"
sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Schneeeule\AppData\Local\Conduit\CT2269050\DVDVideoSoftTBAutoUpdateHelper.exe.vir"
sh=57CD8DEAF43DF3A2F4703E5219A69935B119D0DB ft=1 fh=311781f1ea21501f vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Schneeeule\AppData\LocalLow\ConduitEngine\ConduitEngine.dll.vir"
sh=4920499AC2B7FC459D45BBAB806A2F75FF4BC25E ft=1 fh=92bccc7991282d5b vn="Variante von Win32/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\windows\system32\roboot.exe.vir"
sh=57CD8DEAF43DF3A2F4703E5219A69935B119D0DB ft=1 fh=311781f1ea21501f vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\DVDVideoSoft\tbDVD0.dll"
sh=3664B7B546B41FBFB469128DEA194DBA1AF556AC ft=1 fh=532d857584187cdc vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\DVDVideoSoft\tbDVD1.dll"
sh=E5C5C36DDD3DC414086EB9EC20DCEF13C06DDD94 ft=1 fh=f4eb487f30a3126f vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\DVDVideoSoft\tbDVDV.dll"
sh=57CD8DEAF43DF3A2F4703E5219A69935B119D0DB ft=1 fh=311781f1ea21501f vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Josefine\AppData\LocalLow\DVDVideoSoft\tbDVD0.dll"
sh=7A5B168BB2B8C06B2A9134B656BBF195830D21C2 ft=1 fh=55d4f387d8566cf4 vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Josefine\AppData\LocalLow\DVDVideoSoft\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll"
sh=57CD8DEAF43DF3A2F4703E5219A69935B119D0DB ft=1 fh=311781f1ea21501f vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Luis\AppData\LocalLow\DVDVideoSoft\tbDVD0.dll"
sh=7A5B168BB2B8C06B2A9134B656BBF195830D21C2 ft=1 fh=55d4f387d8566cf4 vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Luis\AppData\LocalLow\DVDVideoSoft\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll"
sh=2F4AEDAB01E811EBD5E8656B642AA52746CF447E ft=1 fh=fd6db4b0b24bae20 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Schneeeule\AppData\Local\Temp\BandooV6.exe"
sh=2CE0DF21454EB6FD876FD338BC17AEA5DD72D191 ft=1 fh=c71c0011ab81f9fc vn="Variante von Win32/Toolbar.SearchSuite.Z evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Schneeeule\AppData\Local\Temp\installhelper.dll"
sh=FE30284324E5E8245F8103CB3A96297DF5BB6670 ft=0 fh=0000000000000000 vn="Variante von Java/Exploit.CVE-2010-0840.NAD Trojaner" ac=I fn="C:\Users\Schneeeule\AppData\Local\Temp\jar_cache1724291155223709808.tmp"
sh=D42263C39CFFD99E70457EF578E80E31CFB96CC6 ft=0 fh=0000000000000000 vn="Java/Exploit.Agent.ONO Trojaner" ac=I fn="C:\Users\Schneeeule\AppData\Local\Temp\jar_cache6588093507913739277.tmp"
sh=7F4E4C7EF2314F28E971999B09FB3480D3DBD616 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Schneeeule\AppData\Local\Temp\jar_cache673188147049442276.tmp"
sh=603563311979A851314480587AD7E778C877ECEA ft=1 fh=4f788a654e8e8583 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Schneeeule\AppData\Local\Temp\nsn895B.tmp.exe"
sh=603563311979A851314480587AD7E778C877ECEA ft=1 fh=4f788a654e8e8583 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Schneeeule\AppData\Local\Temp\nstC793.tmp.exe"
sh=603563311979A851314480587AD7E778C877ECEA ft=1 fh=4f788a654e8e8583 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Schneeeule\AppData\Local\Temp\nsx6EC9.tmp.exe"
sh=98CF3A8AB41EFD22836750C6DAEA9BAAD05ED4E9 ft=1 fh=4994b3318e612789 vn="Variante von Win32/ReImageRepair.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Schneeeule\AppData\Local\Temp\ReimagePackage.exe"
sh=EF933E0B0B3CF77475C085705FC869C08031EB57 ft=1 fh=8804e9698b3c04be vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Schneeeule\AppData\Local\Temp\BandooFiles\files.exe"
sh=777304240D73B9B2BB8BE4A2507E0C60FBF6EE3F ft=1 fh=60346f50c0042d1f vn="Variante von Win32/Adware.Bandoo.AC Anwendung" ac=I fn="C:\Users\Schneeeule\AppData\Local\Temp\BandooFiles\Bin\Bandoo.exe"
sh=E36D8D1A1F1A16D7358B355E74082CD71A10A7C0 ft=1 fh=add9d02b1f431b85 vn="Variante von Win32/Adware.Bandoo.AB Anwendung" ac=I fn="C:\Users\Schneeeule\AppData\Local\Temp\BandooFiles\Bin\BandooUI.exe"
sh=08131ADF7C15E801A902E72ADA9DBA8EF81AD101 ft=1 fh=0e19461b6ef503f8 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Schneeeule\AppData\Local\Temp\DMR\dmr_72.exe"
sh=32D62E27F86A7B8E046E3A3BF728D972CC349B13 ft=1 fh=0784dd020dbe2c0e vn="Win32/MyPCBackup.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Schneeeule\AppData\Local\Temp\is1275519350\346845_stp\Cloud_Backup_Setup_EU_IEonly.exe"
sh=87253938199F658E1AAD4CAF8EA66321EE377F81 ft=1 fh=a45fa8252c0dc61d vn="Variante von Win32/Packed.ScrambleWrapper.O evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Schneeeule\AppData\Local\Temp\nsa79B5.tmp\FacebookIsGod.dll"
sh=65052E06B3D52FA8BDCB2A9D6968524E1ED909BB ft=1 fh=69eb098fa5a0728a vn="Variante von Win32/Toolbar.CrossRider.BM evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Schneeeule\AppData\Local\Temp\nsa79B5.tmp\Fymvefm.exe"
sh=AA8AC501FAA98C7A8F3D21FD9DB762D314972A20 ft=1 fh=c71c00113d3a2950 vn="Variante von Win32/Packed.VMDetector.L evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Schneeeule\AppData\Local\Temp\nsf8E3F.tmp\InstallerUtils.dll"
sh=A5F6D71BEBAB34C7F18307230A5DB87435148968 ft=1 fh=054321d2e68cad26 vn="Variante von Win32/Packed.VMDetector.I evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Schneeeule\AppData\Local\Temp\nsf8E3F.tmp\InstallerUtils2.dll"
sh=FDFDF7EBCC99C24E59B1144B6C35544CD8CF7DDC ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Schneeeule\AppData\Local\Temp\nsf8E3F.tmp\{B47EB3A1-BD38-46B4-9144-3110A88808D4}\plugins\91.js"
sh=FDFDF7EBCC99C24E59B1144B6C35544CD8CF7DDC ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Schneeeule\AppData\Local\Temp\nsf8E3F.tmp\{D39901FB-99D5-4BBE-9F60-0971A2286D32}\plugins\91.js"
sh=57CD8DEAF43DF3A2F4703E5219A69935B119D0DB ft=1 fh=311781f1ea21501f vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Schneeeule\AppData\LocalLow\DVDVideoSoft\tbDVD0.dll"
sh=7A5B168BB2B8C06B2A9134B656BBF195830D21C2 ft=1 fh=55d4f387d8566cf4 vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Schneeeule\AppData\LocalLow\DVDVideoSoft\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll"
sh=744FF7398DCCB9F2FF2B3C5DD2A4A111CA9A7AD1 ft=0 fh=0000000000000000 vn="Variante von Java/TrojanDownloader.Agent.NAN Trojaner" ac=I fn="C:\Users\Schneeeule\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\660bb69d-6420203c"
sh=03D426FC4E1011BA5D3EEF9AAE5CC54C17FF8A24 ft=0 fh=0000000000000000 vn="Variante von Java/Exploit.CVE-2009-3867.G Trojaner" ac=I fn="C:\Users\Schneeeule\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\677c3b20-7a94314a"
sh=BDEF3A640C8974470BC339B2D7F27F4FEC7813C3 ft=1 fh=5f9b7895d81b2d84 vn="Variante von Win32/DownloadGuide.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Schneeeule\Downloads\ccsetup419-Download.exe"
sh=8547D1E5EACE099ECFE5EDBF6958FA077650894B ft=1 fh=61435738673b6524 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Schneeeule\Downloads\FreeYouTubeToMP3Converter.exe"
sh=868A4E50CF341A089F6555049E389DFA0104151F ft=1 fh=1e2d483a4741c28c vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Schneeeule\Downloads\LibreOffice - CHIP-Installer.exe"
sh=F42434EB673DF4B135D8D509943965FE20F75B22 ft=1 fh=84267000d91c779b vn="Win32/ReImageRepair.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Schneeeule\Downloads\ReimageRepair(1).exe"
sh=F42434EB673DF4B135D8D509943965FE20F75B22 ft=1 fh=84267000d91c779b vn="Win32/ReImageRepair.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Schneeeule\Downloads\ReimageRepair.exe"
sh=3DAE542BD4F0368B19B4047C0838D3F4FC4DA090 ft=1 fh=9b1350829aeb80db vn="Variante von Win32/Distromatic.C evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\distro-abb-fix[1]"
sh=3DAE542BD4F0368B19B4047C0838D3F4FC4DA090 ft=1 fh=9b1350829aeb80db vn="Variante von Win32/Distromatic.C evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Temp\TBU001\Update.exe"
sh=B5B290ECCE2E5A28DAEFE3D2F92E77D58374B36A ft=0 fh=0000000000000000 vn="Win32/BrowseFox.B evtl. unerwünschte Anwendung" ac=I fn="D:\SCHNEEEULE-PC\Backup Set 2014-08-24 195430\Backup Files 2014-08-24 195430\Backup files 1.zip"
sh=2E776498EB473A40EF9E7CCDCEAD15656001FCC4 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="D:\SCHNEEEULE-PC\Backup Set 2014-08-24 195430\Backup Files 2014-08-24 195430\Backup files 14.zip"
sh=7DBF12AF2A30584F46FFE303E8256F9E00A1B051 ft=0 fh=0000000000000000 vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="D:\SCHNEEEULE-PC\Backup Set 2014-08-24 195430\Backup Files 2014-08-24 195430\Backup files 2.zip"
sh=491DB61A55AA0E203EA8C735CA3DF20F2F21B123 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="D:\SCHNEEEULE-PC\Backup Set 2014-08-24 195430\Backup Files 2014-08-24 195430\Backup files 5.zip"
sh=B0C9EDA25CF837BE8F2F5797490918A37E8EC579 ft=0 fh=0000000000000000 vn="Win32/Systweak.D evtl. unerwünschte Anwendung" ac=I fn="D:\SCHNEEEULE-PC\Backup Set 2014-08-24 195430\Backup Files 2014-08-24 195430\Backup files 6.zip"
sh=D6B8240DFA4D88F258C8FAEAE113C1284420A359 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="D:\SCHNEEEULE-PC\Backup Set 2014-08-24 195430\Backup Files 2014-08-24 195430\Backup files 7.zip"
sh=543D07381086C28308BCCBDBE69EE646C8BC3BC7 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="D:\SCHNEEEULE-PC\Backup Set 2014-08-24 195430\Backup Files 2014-11-02 190004\Backup files 4.zip"
Geändert von schrauber (09.02.2015 um 18:00 Uhr) |
|
08.02.2015, 20:49
| #2 |
| /// the machine /// TB-Ausbilder    | Enterprise 1.1 Windows 7 hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
09.02.2015, 08:08
| #3 |
| | Enterprise 1.1 Windows 7 Ich hoffe, daß das so richtig ist......
__________________Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 08-02-2015
Ran by Schneeeule at 2015-02-09 07:41:24
Running from C:\Users\Schneeeule\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
2007 Microsoft Office system (HKLM\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
ACDSee for PENTAX 3.0 (HKLM\...\{C40FDA46-40CD-46EE-A79D-EA4AE56EA008}) (Version: 9.0.34 - ACD Systems Ltd.)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Atheros Client Installation Program (HKLM\...\{D1434266-0486-4469-B338-A60082CC04E1}) (Version: 1.0.1.0805 - Atheros)
BatteryLifeExtender (HKLM\...\{AA16A9E5-40E9-44F5-801E-6B3D3CFE79E5}) (Version: 1.0.0 - Samsung)
Business Contact Manager für Outlook 2007 SP2 (HKLM\...\Business Contact Manager) (Version: 3.0.8619.1 - Microsoft Corporation)
Business Contact Manager für Outlook 2007 SP2 (Version: 3.0.8619.1 - Microsoft Corporation) Hidden
Dairy Dash (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}) (Version: - Oberon Media)
Der Schreibtrainer 3.7 (HKLM\...\Der Schreibtrainer) (Version: - )
devolo dLAN Wireless extender Konfiguration (HKLM\...\dlanwlancfg) (Version: 1.0.0.0 - devolo AG)
devolo dLAN-Konfigurationsassistent (HKLM\...\dlanconf) (Version: 14.0.0.0 - devolo AG)
devolo EasyShare (HKLM\...\easyshare) (Version: 4.0.0.0 - devolo AG)
devolo Informer (HKLM\...\dslmon) (Version: 22.0.0.0 - devolo AG)
Dropbox (HKU\S-1-5-21-1131658597-4005637612-88016806-1000\...\Dropbox) (Version: 1.4.7 - Dropbox, Inc.)
Dual Mode Digital Camera Z (HKLM\...\{3C516E56-0B4B-4BDE-88A2-035B4D170A26}) (Version: 2.1 - DSC)
DVDVideoSoft Toolbar (HKLM\...\DVDVideoSoft Toolbar) (Version: - )
Easy Display Manager (HKLM\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.0 - Samsung Electronics Co., Ltd.)
Easy Network Manager (HKLM\...\{A7581D39-EA20-4883-A480-80C21047052B}) (Version: 4.0.2 - Samsung)
Easy SpeedUp Manager (HKLM\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 3.0.0.4 - Samsung Electronics Co.,Ltd.)
EasyBatteryManager (HKLM\...\{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}) (Version: 4.0.0.2 - Samsung)
Epson Easy Photo Print 2 (HKLM\...\{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}) (Version: 2.1.0.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM\...\EPSON Scanner) (Version: - )
Epson Stylus SX210_SX410_TX210_TX410 Handbuch (HKLM\...\Epson Stylus SX210_SX410_TX210_TX410 Benutzerhandbuch) (Version: - )
EPSON SX210 Series Printer Uninstall (HKLM\...\EPSON SX210 Series) (Version: - SEIKO EPSON Corporation)
Farm Frenzy 2 (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}) (Version: - Oberon Media)
flatster Recorder (HKLM\...\{6416B002-B022-4350-BFFB-9CA95D0857A8}_is1) (Version: 2.0 - flatster GmbH)
Free Audio CD Burner version 1.2 (HKLM\...\Free Audio CD Burner_is1) (Version: - DVDVideoSoft Limited.)
Free YouTube to MP3 Converter version 3.10.15.1228 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: - DVDVideoSoft Ltd.)
Game Pack (HKLM\...\{63eafc52-b963-4297-a7eb-d412944e7065}_is1) (Version: 5.3.0.10 - Oberon Media, Inc.)
Garmin City Navigator Europe NT v9 (HKLM\...\{29EA075F-2C61-472F-B01D-80E8D8F023F1}) (Version: 9.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin (HKLM\...\{17079027-EB8A-42C6-9BF8-825B78889F6A}) (Version: 4.0.1 - Garmin Ltd or its subsidiaries)
Garmin MapSource (HKLM\...\{AFBAB9A0-DDE8-49AE-8C17-A01B61BEE64B}) (Version: 6.16.3 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM\...\{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
Go-Go Gourmet (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114072167}) (Version: - Oberon Media)
Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
Google Updater (HKLM\...\Google Updater) (Version: 2.4.1739.5352 - Google Inc.)
Google-Schnellsuchfeld (HKLM\...\Quick Search Box) (Version: 1.2.1151.245 - Google, Inc.)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.2202 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Java(TM) 6 Update 20 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216020F0}) (Version: 6.0.200 - Sun Microsystems, Inc.)
JRE 1.6.1 (HKLM\...\{B256C380-AC47-4681-8342-7F42E4F0F434}) (Version: 1.6.1 - Auerswald GmbH & Co.KG)
Junk Mail filter update (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM\...\{90A40407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8003.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95120000-0122-0407-0000-0000000FF1CE}) (Version: 12.0.6423.1000 - Microsoft Corporation)
Microsoft Office Small Business Connectivity Components (HKLM\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{FDE96E86-7780-431C-92F7-679C6A7CEC51}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MotoHelper 2.0.24 Driver 4.7.1 (HKLM\...\MotoHelper) (Version: 2.0.24 - Motorola)
MotoHelper MergeModules (Version: 1.0.0 - Motorola) Hidden
Motorola Mobile Drivers Installation 4.7.1 (Version: 4.7.1 - Motorola Inc.) Hidden
Mozilla Firefox 35.0.1 (x86 de) (HKLM\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
ODBC (HKLM\...\ODBC) (Version: - )
OpenOffice.org 3.2 (HKLM\...\{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}) (Version: 3.2.9502 - OpenOffice.org)
Pixum Fotobuch (HKLM\...\Pixum Fotobuch) (Version: - )
Presto! Mr. Photo 4 (HKLM\...\{CAF7A270-55D5-455F-B0D1-6C51EADC1C3A}) (Version: 4.00.22 - NewSoft Technology Corporation)
Presto! VideoWorks 6 (HKLM\...\{B0C0F5E6-10B1-11D6-9296-0050BA073EEC}) (Version: 6.35.20 - NewSoft Technology Corporation)
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0008 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5919 - Realtek Semiconductor Corp.)
Samsung Recovery Solution 4 (HKLM\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 4.0.0.3 - Samsung)
Samsung Support Center (HKLM\...\{4D2121FE-5CCC-4D47-B3A0-BF56045A5099}) (Version: 1.0.1 - Samsung)
Samsung Update Plus (HKLM\...\{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}) (Version: 2.0 - Samsung Electronics Co., Ltd.)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.7.8524 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.4.12 - Synaptics Incorporated)
Top50 Viewer (HKLM\...\DeInst_d2vexcrdTop50 Viewer (Build 1.1.5.596)) (Version: - )
Uninstall 1.0.0.1 (HKLM\...\Uninstall_is1) (Version: - )
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (HKLM\...\{07629207-FAA0-4F1A-8092-BF5085BE511F}) (Version: 9.00.5000.00 - Microsoft Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
User Guide (HKLM\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.0 - )
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin)
Windows Live Anmelde-Assistent (HKLM\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1131658597-4005637612-88016806-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Schneeeule\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1131658597-4005637612-88016806-1000_Classes\CLSID\{00B7E0AB-817A-44AD-A04B-D1148D524136}\InprocServer32 -> C:\windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1131658597-4005637612-88016806-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-1131658597-4005637612-88016806-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-1131658597-4005637612-88016806-1000_Classes\CLSID\{7C6E29BC-8B8B-4C3D-859E-AF6CD158BE0F}\InprocServer32 -> C:\windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1131658597-4005637612-88016806-1000_Classes\CLSID\{88D969C0-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1131658597-4005637612-88016806-1000_Classes\CLSID\{88D969C1-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1131658597-4005637612-88016806-1000_Classes\CLSID\{88D969C2-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1131658597-4005637612-88016806-1000_Classes\CLSID\{88D969C3-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1131658597-4005637612-88016806-1000_Classes\CLSID\{88D969C4-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1131658597-4005637612-88016806-1000_Classes\CLSID\{88D969C5-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1131658597-4005637612-88016806-1000_Classes\CLSID\{88D969C6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1131658597-4005637612-88016806-1000_Classes\CLSID\{88D969C8-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1131658597-4005637612-88016806-1000_Classes\CLSID\{88D969C9-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1131658597-4005637612-88016806-1000_Classes\CLSID\{88D969CA-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1131658597-4005637612-88016806-1000_Classes\CLSID\{88D969D6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1131658597-4005637612-88016806-1000_Classes\CLSID\{BB6410D8-F879-4184-9C5C-6A02D16AE0B3}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-1131658597-4005637612-88016806-1000_Classes\CLSID\{CA1073A2-5F3F-4445-8E5E-7109BDCEDDBE}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-1131658597-4005637612-88016806-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-1131658597-4005637612-88016806-1000_Classes\CLSID\{D5A55D2D-C59D-42C3-A5BF-4C08EEE74339}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-1131658597-4005637612-88016806-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Schneeeule\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1131658597-4005637612-88016806-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Schneeeule\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1131658597-4005637612-88016806-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Schneeeule\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1131658597-4005637612-88016806-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Schneeeule\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll (Dropbox, Inc.)
==================== Restore Points =========================
15-01-2015 21:27:43 Windows Update
18-01-2015 19:01:19 Windows-Sicherung
20-01-2015 09:53:33 Windows Update
24-01-2015 08:20:11 Windows Update
25-01-2015 19:01:21 Windows-Sicherung
30-01-2015 07:07:20 Windows Update
02-02-2015 06:57:23 Windows-Sicherung
03-02-2015 07:14:53 Windows Update
05-02-2015 20:17:44 AnyPC Client
05-02-2015 20:27:03 Removed LibreOffice 4.3.3.2
06-02-2015 21:03:26 Windows Update
08-02-2015 19:01:20 Windows-Sicherung
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {2117E412-8311-483B-AA4C-210EEF5832A8} - System32\Tasks\MotoHelper MUM => C:\Program Files\Motorola\MotoHelper\MotoHelperUpdate.exe [2010-09-07] ()
Task: {2EA70280-0F8B-494D-933F-B7BB03B14B87} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe [2010-04-20] ()
Task: {35681757-6F78-4F90-ADD0-9A03A31C3503} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {3B40C32F-1DE4-481C-B04E-C340917D9278} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {5380D285-5F7B-4EC9-A9F5-C9C95CC0552E} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {53B5D342-9D57-4120-B935-441953B36116} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {573D2E57-D493-46E6-95CD-B1BC207EC1D3} - System32\Tasks\{E9C57AD0-3551-4515-9B5F-30F82C1C8CA5} => pcalua.exe -a "C:\Program Files\Common Files\Motorola Shared\Mobile Drivers\Motorola Driver Installer.exe" -d "C:\Program Files\Common Files\Motorola Shared\Mobile Drivers\"
Task: {682B75C7-D259-47F8-8ABA-CA324425ECD8} - System32\Tasks\MotoHelper Update => C:\Program Files\Motorola\MotoHelper\MotoHelperUpdate.exe [2010-09-07] ()
Task: {6C26E75A-35C7-471F-AA49-1C8CE4E389CA} - System32\Tasks\advSRS4 => C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe [2009-08-06] (SEC)
Task: {7A0D0A0B-DC9F-4A69-A646-1F963FCCE23E} - System32\Tasks\BatteryLifeExtender => C:\Program Files\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2009-08-12] (Samsung Electronics. Co. Ltd.)
Task: {99819437-8A67-4F00-89E5-9B6CCDAED898} - System32\Tasks\{10CFCDEB-D8BB-4C11-A583-61DB124C1794} => C:\Program Files\Skype\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {AD0A9A60-58D2-457D-B798-8400D3C9A07B} - System32\Tasks\{57467E81-E921-4D7B-A3BD-56D3A1C8F4C7} => pcalua.exe -a C:\Auerswald\treiber\install\Install.exe -d C:\Auerswald\treiber\install
Task: {B2A658A5-E557-4413-BADF-0003EB869DD5} - System32\Tasks\SamsungSupportCenter => C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe [2009-09-07] (SAMSUNG Electronics)
Task: {BB01EB0E-8B75-42D7-BE30-3BF9D69CF38B} - System32\Tasks\EasySpeedUpManager => C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [2009-08-23] (Samsung Electronics Co., Ltd.)
Task: {C5265011-C843-45D0-8F2B-0D9DE00A416F} - System32\Tasks\EasyDisplayMgr => C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [2009-09-08] (Samsung Electronics Co., Ltd.)
Task: {D26BCE6D-33D9-40F6-9B7B-44EDB866CD45} - System32\Tasks\EasyBatteryManager => C:\Program Files\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2009-08-01] (SAMSUNG Electronics co., LTD.)
Task: {E6EF2FB2-34F9-4A7E-ABED-197767941099} - System32\Tasks\{AEFB7EEB-5A56-42D7-9826-1D1033A047D1} => Firefox.exe hxxp://ui.skype.com/ui/0/5.5.0.124.259/de/abandoninstall?source=lightinstaller&page=tsInstall&installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;disabled
Task: {F05F5178-3AF3-4BE1-B40C-C91CAA19F6DC} - System32\Tasks\MotoHelper Routing => C:\Program Files\Motorola\MotoHelper\MotoHelperUpdate.exe [2010-09-07] ()
Task: {F5CB8F17-3124-4230-B004-0D02CE73B4E2} - System32\Tasks\Abelssoft\Updater scan => C:\Program Files\CHIP Updater\CHIPUpdater.exe
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) ==============
2010-09-07 17:47 - 2010-09-07 17:47 - 00202048 _____ () C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
2009-12-01 18:46 - 2009-08-13 21:58 - 00044312 _____ () C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe
2010-09-07 17:47 - 2010-09-07 17:47 - 00664896 _____ () C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
2009-09-17 07:50 - 2006-08-12 04:48 - 00049152 _____ () C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll
2010-01-27 16:55 - 2011-11-30 14:24 - 00103424 _____ () C:\Program Files\Google\Quick Search Box\bin\1.2.1151.245\rlz.dll
2010-05-04 15:36 - 2010-05-04 15:36 - 00970752 _____ () C:\Program Files\OpenOffice.org 3\program\libxml2.dll
2015-01-30 10:54 - 2015-01-30 10:55 - 03925104 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2009-09-17 07:48 - 2010-04-16 13:11 - 00650920 _____ () C:\Program Files\Samsung\Samsung Update Plus\SUPNotifier.exe
2009-09-17 07:48 - 2010-04-16 13:11 - 00155648 _____ () C:\Program Files\Samsung\Samsung Update Plus\HMXML.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:4CF61E54
AlternateDataStreams: C:\ProgramData\TEMP:A42A9F39
AlternateDataStreams: C:\ProgramData\TEMP:ABE89FFE
AlternateDataStreams: C:\ProgramData\TEMP:E1F04E8D
AlternateDataStreams: C:\Users\Schneeeule\Downloads\Aktive Phase, bitte Anhang beachten.eml:OECustomProperty
AlternateDataStreams: C:\Users\Schneeeule\Downloads\Fw_Aktualisierte_Termine_2013.eml:OECustomProperty
AlternateDataStreams: C:\Users\Schneeeule\Downloads\nachricht(1).eml:OECustomProperty
AlternateDataStreams: C:\Users\Schneeeule\Downloads\nachricht.eml:OECustomProperty
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Registry Areas =====================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1131658597-4005637612-88016806-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Schneeeule\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== Accounts: =============================
Administrator (S-1-5-21-1131658597-4005637612-88016806-500 - Administrator - Disabled)
Gast (S-1-5-21-1131658597-4005637612-88016806-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1131658597-4005637612-88016806-1005 - Limited - Enabled)
Josefine (S-1-5-21-1131658597-4005637612-88016806-1006 - Limited - Enabled) => C:\Users\Josefine
Luis (S-1-5-21-1131658597-4005637612-88016806-1007 - Limited - Enabled) => C:\Users\Luis
Schneeeule (S-1-5-21-1131658597-4005637612-88016806-1000 - Administrator - Enabled) => C:\Users\Schneeeule
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (02/08/2015 07:19:09 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: Die Sicherung war nicht erfolgreich. Fehler: "Am Sicherungsspeicherort ist nicht genügend freier Speicherplatz verfügbar, um die Daten zu sichern. (0x80780048)"
Error: (02/08/2015 09:33:06 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
System errors:
=============
Error: (02/08/2015 09:32:31 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {005A3A96-BAC4-4B0A-94EA-C0CE100EA736}
Microsoft Office Sessions:
=========================
Error: (04/23/2013 06:17:46 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 18731 seconds with 300 seconds of active time. This session ended with a crash.
und dann noch: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-02-2015 Ran by Schneeeule (administrator) on SCHNEEEULE-PC on 09-02-2015 07:40:13 Running from C:\Users\Schneeeule\Downloads Loaded Profiles: Schneeeule (Available profiles: Schneeeule & Josefine & Luis) Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE (SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe () C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe () C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe () C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe (SEC) C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe (SAMSUNG Electronics) C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Google Inc.) C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_FATIFDE.EXE (ACD Systems, Ltd.) C:\Program Files\Common Files\ACD Systems\DE\DevDetect.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe () C:\Program Files\Samsung\Samsung Update Plus\SUPNotifier.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7711264 2009-08-19] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1541416 2009-07-15] (Synaptics Incorporated) HKLM\...\Run: [Google Quick Search Box] => C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe [122880 2009-12-10] (Google Inc.) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation) HKU\S-1-5-21-1131658597-4005637612-88016806-1000\...\Run: [EPSON SX210 Series] => C:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIFDE.EXE [199680 2008-11-06] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-1131658597-4005637612-88016806-1000\...\Run: [Device Detector] => DevDetect.exe -autorun HKU\S-1-5-21-1131658597-4005637612-88016806-1000\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-1131658597-4005637612-88016806-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\S-1-5-21-1131658597-4005637612-88016806-1000\...\MountPoints2: {64077ee0-49ec-11e3-9059-00245413507b} - F:\Startme.exe HKU\S-1-5-21-1131658597-4005637612-88016806-1000\...\MountPoints2: {9f1de9ad-924f-11e0-91ed-00245413507b} - F:\setup.exe -a Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.) Startup: C:\Users\Josefine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe () Startup: C:\Users\Schneeeule\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Schneeeule\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Schneeeule\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe () ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Schneeeule\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Schneeeule\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Schneeeule\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll (Dropbox, Inc.) GroupPolicyUsers\S-1-5-21-1131658597-4005637612-88016806-1007\User: Group Policy restriction detected <======= ATTENTION GroupPolicyUsers\S-1-5-21-1131658597-4005637612-88016806-1006\User: Group Policy restriction detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-1131658597-4005637612-88016806-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1131658597-4005637612-88016806-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN_de___DE357 BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKU\S-1-5-21-1131658597-4005637612-88016806-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} hxxp://www.navigram.com/engine/v1026/Navigram.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Schneeeule\AppData\Roaming\Mozilla\Firefox\Profiles\0c90xap1.default FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll () FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.) FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @pack.google.com/Google Updater;version=13 -> C:\Program Files\Google\Google Updater\2.4.1739.5352\npCIDetect13.dll (Google) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Users\Schneeeule\AppData\Roaming\Mozilla\Firefox\Profiles\0c90xap1.default\searchplugins\google-images.xml FF SearchPlugin: C:\Users\Schneeeule\AppData\Roaming\Mozilla\Firefox\Profiles\0c90xap1.default\searchplugins\google-maps.xml FF Extension: Garmin Communicator - C:\Users\Schneeeule\AppData\Roaming\Mozilla\Firefox\Profiles\0c90xap1.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2013-11-20] FF Extension: Cliqz Beta - C:\Users\Schneeeule\AppData\Roaming\Mozilla\Firefox\Profiles\0c90xap1.default\Extensions\cliqz@cliqz.com.xpi [2014-11-02] FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-01-30] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-01-30] FF HKU\S-1-5-21-1131658597-4005637612-88016806-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] FF HKU\S-1-5-21-1131658597-4005637612-88016806-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Schneeeule\AppData\Roaming\Mozilla\Firefox\Profiles\0c90xap1.default\extensions\cliqz@cliqz.com Chrome: ======= CHR StartupUrls: Default -> "hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p07_serp_cr_de_display?ie=UTF8&tagbase=bds-p07&tbrId=v1_abb-channel-7_6dc5996352bb46baa561c7e9f23445b8_30_46_20131110_DE_cr_sp_IS0" CHR Profile: C:\Users\Schneeeule\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Skype Click to Call) - C:\Users\Schneeeule\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-02-08] CHR Extension: (Google Wallet) - C:\Users\Schneeeule\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-08] CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-10-18] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 EPSON_EB_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE [143872 2007-12-17] (SEIKO EPSON CORPORATION) R2 EPSON_PM_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE [113664 2007-01-11] (SEIKO EPSON CORPORATION) S2 gupdate1ca8a4289333f5d; C:\Program Files\Google\Update\GoogleUpdate.exe [107912 2014-10-22] (Google Inc.) R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.) R2 MotoHelper; C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe [202048 2010-09-07] () S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation) R2 OberonGameConsoleService; C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe [44312 2009-08-13] () R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R0 Achernar; C:\windows\System32\Drivers\Achernar.sys [18432 2007-02-05] (NewSoft Technology Corporation) [File not signed] S3 auusb; C:\windows\System32\DRIVERS\auusb.sys [160816 2009-09-21] (Auerswald GmbH & Co.KG ) S3 grmnusb; C:\windows\System32\drivers\grmnusb.sys [9344 2009-04-17] (GARMIN Corp.) R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-02-09] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation) R2 NPF_devolo; C:\windows\system32\drivers\npf_devolo.sys [35840 2007-02-07] (CACE Technologies) [File not signed] S3 cpuz134; \??\C:\Users\SCHNEE~1\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-09 07:40 - 2015-02-09 07:40 - 00016923 _____ () C:\Users\Schneeeule\Downloads\FRST.txt 2015-02-09 07:38 - 2015-02-09 07:40 - 00000000 ____D () C:\FRST 2015-02-09 07:37 - 2015-02-09 07:38 - 01124352 _____ (Farbar) C:\Users\Schneeeule\Downloads\FRST.exe 2015-02-08 19:29 - 2015-02-08 19:29 - 02347384 _____ (ESET) C:\Users\Schneeeule\Downloads\esetsmartinstaller_deu(1).exe 2015-02-08 09:37 - 2015-02-08 09:38 - 02347384 _____ (ESET) C:\Users\Schneeeule\Downloads\esetsmartinstaller_deu.exe 2015-02-08 09:21 - 2015-02-08 09:21 - 00001826 _____ () C:\sc-cleaner.txt 2015-02-08 09:20 - 2015-02-08 09:20 - 00441592 _____ (Bleeping Computer, LLC) C:\Users\Schneeeule\Downloads\sc-cleaner.exe 2015-02-08 09:15 - 2015-02-08 09:15 - 00620456 _____ () C:\Users\Schneeeule\Downloads\ccsetup419-Download.exe 2015-02-08 09:08 - 2015-02-08 09:08 - 00001428 _____ () C:\Users\Schneeeule\Desktop\JRT.txt 2015-02-08 09:03 - 2015-02-08 09:03 - 01388274 _____ (Thisisu) C:\Users\Schneeeule\Downloads\JRT42.exe 2015-02-08 09:00 - 2015-02-08 09:00 - 00000705 _____ () C:\Users\Schneeeule\Desktop\AdwCleaner - Verknüpfung.lnk 2015-02-08 08:37 - 2015-02-08 08:47 - 00000000 ____D () C:\AdwCleaner 2015-02-08 08:36 - 2015-02-08 08:37 - 02112512 _____ () C:\Users\Schneeeule\Downloads\adwcleaner_4.110.exe 2015-02-08 08:33 - 2015-02-08 08:33 - 00000049 _____ () C:\mbam.txt 2015-02-08 07:56 - 2015-02-08 08:00 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Schneeeule\Downloads\mbam-setup-2.0.4.1028(2).exe 2015-02-08 07:27 - 2015-02-09 07:04 - 00114904 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2015-02-08 07:27 - 2015-02-08 08:26 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2015-02-08 07:27 - 2015-02-08 08:01 - 00001060 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-02-08 07:27 - 2015-02-08 08:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-02-08 07:27 - 2015-02-08 07:27 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-02-08 07:27 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys 2015-02-08 07:27 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys 2015-02-08 07:27 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys 2015-02-08 07:14 - 2015-02-08 07:25 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Schneeeule\Downloads\mbam-setup-2.0.4.1028(1).exe 2015-02-08 07:11 - 2015-02-08 07:15 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Schneeeule\Downloads\mbam-setup-2.0.4.1028.exe 2015-02-06 09:35 - 2015-02-06 09:36 - 00775968 _____ (Reimage®) C:\Users\Schneeeule\Downloads\ReimageRepair(1).exe 2015-02-06 09:34 - 2015-02-06 09:35 - 00775968 _____ (Reimage®) C:\Users\Schneeeule\Downloads\ReimageRepair.exe 2015-02-05 20:56 - 2015-02-05 20:56 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\Schneeeule\Downloads\SpyHunter-Installer(1).exe 2015-02-05 20:55 - 2015-02-05 20:56 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\Schneeeule\Downloads\SpyHunter-Installer.exe 2015-01-31 18:59 - 2015-01-31 18:59 - 00000000 ____D () C:\Users\Schneeeule\Pictures\Documents\Trainingspl_ne_f_r_Enduro_Fahrer 2015-01-30 10:54 - 2015-01-30 10:55 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2015-01-20 10:29 - 2015-01-30 11:02 - 00000000 ____D () C:\Program Files\Mozilla Firefox.bak 2015-01-14 07:38 - 2014-12-19 03:43 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll 2015-01-14 07:38 - 2014-12-19 02:34 - 00116224 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys 2015-01-14 07:38 - 2014-12-11 18:47 - 00046592 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe 2015-01-14 07:38 - 2014-12-06 04:50 - 00242688 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll 2015-01-14 07:35 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\windows\system32\ntkrnlpa.exe 2015-01-14 07:35 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-09 07:36 - 2009-07-14 05:34 - 00023872 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-02-09 07:36 - 2009-07-14 05:34 - 00023872 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-02-09 07:30 - 2012-04-18 18:20 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job 2015-02-09 07:30 - 2009-12-01 18:50 - 00116712 _____ () C:\Users\Schneeeule\AppData\Local\GDIPFONTCACHEV1.DAT 2015-02-09 07:30 - 2009-09-17 07:44 - 01541256 _____ () C:\windows\WindowsUpdate.log 2015-02-09 07:04 - 2012-05-27 20:52 - 00000000 ____D () C:\Users\Schneeeule\AppData\Roaming\Dropbox 2015-02-09 07:04 - 2009-12-31 19:12 - 00001094 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-02-09 07:03 - 2009-09-17 08:19 - 01033446 _____ () C:\windows\PFRO.log 2015-02-09 07:03 - 2009-07-14 05:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2015-02-09 07:03 - 2009-07-14 05:39 - 00211653 _____ () C:\windows\setupact.log 2015-02-08 20:53 - 2009-12-31 19:12 - 00001098 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-02-08 09:33 - 2009-07-26 21:06 - 00393258 _____ () C:\windows\system32\PerfStringBackup.INI 2015-02-08 08:46 - 2013-11-10 10:48 - 00000000 ____D () C:\Program Files\Amazon 2015-02-08 08:27 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\schemas 2015-02-08 08:25 - 2009-12-01 21:09 - 00000000 ____D () C:\Program Files\DVDVideoSoft 2015-02-07 22:26 - 2014-11-02 17:55 - 00001414 _____ () C:\Users\Schneeeule\Desktop\Registry kostenlos entrümpeln!.lnk 2015-02-06 20:54 - 2009-12-31 19:00 - 00002121 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-02-06 11:28 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\Microsoft.NET 2015-02-05 20:31 - 2009-07-14 05:33 - 00438032 _____ () C:\windows\system32\FNTCACHE.DAT 2015-02-05 20:19 - 2014-11-01 05:36 - 00000000 ____D () C:\Program Files\CHIP Updater 2015-02-05 20:19 - 2013-12-10 07:03 - 00000000 ____D () C:\Program Files\Adobe 2015-02-05 20:18 - 2009-09-17 07:41 - 00000000 ____D () C:\Program Files\Common Files\InstallShield 2015-02-05 20:18 - 2009-09-17 07:40 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information 2015-02-05 18:30 - 2012-04-18 18:20 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe 2015-02-05 18:30 - 2011-08-09 07:09 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl 2015-02-01 18:50 - 2014-11-07 22:39 - 00000464 _____ () C:\windows\system32\ScannerSettings 2015-01-31 08:10 - 2012-04-26 06:21 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2015-01-30 10:33 - 2014-11-07 22:45 - 00107040 _____ () C:\windows\system32\ScanResults.xml 2015-01-26 16:10 - 2015-01-07 12:00 - 00000000 ____D () C:\Users\Schneeeule\Pictures\Documents\Josefines Praktikum 2015-01-16 06:55 - 2013-08-19 12:36 - 00000000 ____D () C:\windows\system32\MRT 2015-01-16 03:29 - 2010-01-02 08:41 - 110348472 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe ==================== Files in the root of some directories ======= 2007-03-12 18:59 - 2007-03-12 18:59 - 0299008 _____ () C:\Program Files\navigram_register.exe 2011-04-13 08:53 - 2014-07-08 07:25 - 0018944 _____ () C:\Users\Schneeeule\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2009-12-31 19:01 - 2009-12-31 19:01 - 0000056 ____H () C:\ProgramData\ezsidmv.dat 2009-12-01 18:45 - 2009-08-17 06:54 - 0131368 _____ () C:\ProgramData\FullRemove.exe 2013-06-09 18:38 - 2013-06-09 18:38 - 0000000 _____ () C:\ProgramData\gh7i6z.dat 2013-06-08 22:31 - 2013-06-10 19:22 - 0000000 _____ () C:\ProgramData\kjhy64.txt 2013-06-08 22:31 - 2013-06-10 19:22 - 95023320 ____T () C:\ProgramData\wirqe.pad Files to move or delete: ==================== C:\ProgramData\gh7i6z.dat C:\ProgramData\wirqe.pad C:\Users\Schneeeule\word2007-kb974631-fullfile-x86-glb.exe Some content of TEMP: ==================== C:\Users\Josefine\AppData\Local\Temp\FlashPlayerUpdate.exe C:\Users\Josefine\AppData\Local\Temp\FlashPlayerUpdate01.exe C:\Users\Josefine\AppData\Local\Temp\SearchWithGoogleUpdate.exe C:\Users\Luis\AppData\Local\Temp\FlashPlayerUpdate.exe C:\Users\Luis\AppData\Local\Temp\FlashPlayerUpdate01.exe C:\Users\Luis\AppData\Local\Temp\FlashPlayerUpdate02.exe C:\Users\Schneeeule\AppData\Local\Temp\APNSetup.exe C:\Users\Schneeeule\AppData\Local\Temp\BandooV6.exe C:\Users\Schneeeule\AppData\Local\Temp\FFoxPackage.exe C:\Users\Schneeeule\AppData\Local\Temp\FlashPlayerUpdate.exe C:\Users\Schneeeule\AppData\Local\Temp\FlashPlayerUpdate01.exe C:\Users\Schneeeule\AppData\Local\Temp\FlashPlayerUpdate02.exe C:\Users\Schneeeule\AppData\Local\Temp\FlashPlayerUpdate03.exe C:\Users\Schneeeule\AppData\Local\Temp\FlashPlayerUpdate04.exe C:\Users\Schneeeule\AppData\Local\Temp\GoogleChromeInstaller.exe C:\Users\Schneeeule\AppData\Local\Temp\installhelper.dll C:\Users\Schneeeule\AppData\Local\Temp\jre-6u20-windows-i586-iftw-rv.exe C:\Users\Schneeeule\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe C:\Users\Schneeeule\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe C:\Users\Schneeeule\AppData\Local\Temp\jre-6u30-windows-i586-iftw-rv.exe C:\Users\Schneeeule\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe C:\Users\Schneeeule\AppData\Local\Temp\MotoHelper_2.0.24_Driver_4.7.1.exe C:\Users\Schneeeule\AppData\Local\Temp\nsd9F9A.tmp.exe C:\Users\Schneeeule\AppData\Local\Temp\nsdF4C.tmp.ConduitEngineEmbbed.exe C:\Users\Schneeeule\AppData\Local\Temp\nse5827.tmp.exe C:\Users\Schneeeule\AppData\Local\Temp\nsn30A2.tmp.exe C:\Users\Schneeeule\AppData\Local\Temp\nsn895B.tmp.exe C:\Users\Schneeeule\AppData\Local\Temp\nstC793.tmp.exe C:\Users\Schneeeule\AppData\Local\Temp\nswB5A9.tmp.exe C:\Users\Schneeeule\AppData\Local\Temp\nsx6EC9.tmp.exe C:\Users\Schneeeule\AppData\Local\Temp\Quarantine.exe C:\Users\Schneeeule\AppData\Local\Temp\ReimagePackage.exe C:\Users\Schneeeule\AppData\Local\Temp\SkypeSetup.exe C:\Users\Schneeeule\AppData\Local\Temp\sqlite3.dll C:\Users\Schneeeule\AppData\Local\Temp\SRAssetsHelper.dll C:\Users\Schneeeule\AppData\Local\Temp\ytb.exe C:\Users\Schneeeule\AppData\Local\Temp\_is1FBF.exe C:\Users\Schneeeule\AppData\Local\Temp\_is87E4.exe C:\Users\Schneeeule\AppData\Local\Temp\_isDBBE.exe C:\Users\Schneeeule\AppData\Local\Temp\_isDFB4.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\windows\explorer.exe => File is digitally signed C:\windows\system32\winlogon.exe => File is digitally signed C:\windows\system32\wininit.exe => File is digitally signed C:\windows\system32\svchost.exe => File is digitally signed C:\windows\system32\services.exe => File is digitally signed C:\windows\system32\User32.dll => File is digitally signed C:\windows\system32\userinit.exe => File is digitally signed C:\windows\system32\rpcss.dll => File is digitally signed C:\windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-18 14:32 ==================== End Of Log ============================ |
|
09.02.2015, 18:01
| #4 |
| /// the machine /// TB-Ausbilder | Enterprise 1.1 Windows 7 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Program Files\DVDVideoSoft\tbDVD0.dll
C:\Program Files\DVDVideoSoft\tbDVD1.dll
C:\Program Files\DVDVideoSoft\tbDVDV.dll
C:\Users\Josefine\AppData\LocalLow\DVDVideoSoft\tbDVD0.dll
C:\Users\Josefine\AppData\LocalLow\DVDVideoSoft\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll
C:\Users\Luis\AppData\LocalLow\DVDVideoSoft\tbDVD0.dll
C:\Users\Luis\AppData\LocalLow\DVDVideoSoft\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll
C:\Users\Schneeeule\AppData\Local\Temp\BandooV6.exe
C:\Users\Schneeeule\AppData\Local\Temp\installhelper.dll
C:\Users\Schneeeule\AppData\Local\Temp\jar_cache1724291155223709808.tmp
C:\Users\Schneeeule\AppData\Local\Temp\jar_cache6588093507913739277.tmp
C:\Users\Schneeeule\AppData\Local\Temp\jar_cache673188147049442276.tmp
C:\Users\Schneeeule\AppData\Local\Temp\nsn895B.tmp.exe
C:\Users\Schneeeule\AppData\Local\Temp\nstC793.tmp.exe
C:\Users\Schneeeule\AppData\Local\Temp\nsx6EC9.tmp.exe
C:\Users\Schneeeule\AppData\Local\Temp\ReimagePackage.exe
C:\Users\Schneeeule\AppData\Local\Temp\BandooFiles\files.exe
C:\Users\Schneeeule\AppData\Local\Temp\BandooFiles\Bin\Bandoo.exe
C:\Users\Schneeeule\AppData\Local\Temp\BandooFiles\Bin\BandooUI.exe
C:\Users\Schneeeule\AppData\Local\Temp\DMR\dmr_72.exe
C:\Users\Schneeeule\AppData\Local\Temp\is1275519350\346845_stp\Cloud_Backup_Setup_EU_IEonly.exe
C:\Users\Schneeeule\AppData\Local\Temp\nsa79B5.tmp\FacebookIsGod.dll
C:\Users\Schneeeule\AppData\Local\Temp\nsa79B5.tmp\Fymvefm.exe
C:\Users\Schneeeule\AppData\Local\Temp\nsf8E3F.tmp\InstallerUtils.dll
C:\Users\Schneeeule\AppData\Local\Temp\nsf8E3F.tmp\InstallerUtils2.dll
C:\Users\Schneeeule\AppData\Local\Temp\nsf8E3F.tmp\{B47EB3A1-BD38-46B4-9144-3110A88808D4}\plugins\91.js
C:\Users\Schneeeule\AppData\Local\Temp\nsf8E3F.tmp\{D39901FB-99D5-4BBE-9F60-0971A2286D32}\plugins\91.js
C:\Users\Schneeeule\AppData\LocalLow\DVDVideoSoft\tbDVD0.dll
C:\Users\Schneeeule\AppData\LocalLow\DVDVideoSoft\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll
C:\Users\Schneeeule\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\660bb69d-6420203c
C:\Users\Schneeeule\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\677c3b20-7a94314a
C:\Users\Schneeeule\Downloads\ccsetup419-Download.exe
C:\Users\Schneeeule\Downloads\FreeYouTubeToMP3Converter.exe
C:\Users\Schneeeule\Downloads\LibreOffice - CHIP-Installer.exe
C:\Users\Schneeeule\Downloads\ReimageRepair(1).exe
C:\Users\Schneeeule\Downloads\ReimageRepair.exe
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\distro-abb-fix[1]
C:\Windows\Temp\TBU001\Update.exe
D:\SCHNEEEULE-PC\Backup Set 2014-08-24 195430\Backup Files 2014-08-24 195430\Backup files 1.zip
D:\SCHNEEEULE-PC\Backup Set 2014-08-24 195430\Backup Files 2014-08-24 195430\Backup files 14.zip
D:\SCHNEEEULE-PC\Backup Set 2014-08-24 195430\Backup Files 2014-08-24 195430\Backup files 2.zip
D:\SCHNEEEULE-PC\Backup Set 2014-08-24 195430\Backup Files 2014-08-24 195430\Backup files 5.zip
D:\SCHNEEEULE-PC\Backup Set 2014-08-24 195430\Backup Files 2014-08-24 195430\Backup files 6.zip
D:\SCHNEEEULE-PC\Backup Set 2014-08-24 195430\Backup Files 2014-08-24 195430\Backup files 7.zip
D:\SCHNEEEULE-PC\Backup Set 2014-08-24 195430\Backup Files 2014-11-02 190004\Backup files 4.zip
Emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Wie läuft der REchner?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
09.02.2015, 20:19
| #5 |
| | Enterprise 1.1 Windows 7 Hi Schrauber! Ich hatte die Fixlist.txt auf dem Desktop, im gleichen Ordner wie die FRST und auf dem Datenträger C: (dort ist FRST). Leider meckert er folgendes: No fixlist.txt found. The fixlist.txt should be in the same folder/directory the tool is located. Sorry, ich bin ne Frau ;-) ansonsten läuft alles gut, keine Spur mehr von Enterprise! |
|
10.02.2015, 06:54
| #6 |
| /// the machine /// TB-Ausbilder | Enterprise 1.1 Windows 7 FRST liegt bei dir im Download Ordner, also muss die fixlist auch in den Download Ordner 
__________________ --> Enterprise 1.1 Windows 7 |
|
10.02.2015, 09:32
| #7 |
| | Enterprise 1.1 Windows 7 Hallo! So, hat geklappt! Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 08-02-2015
Ran by Schneeeule at 2015-02-10 07:34:56 Run:1
Running from C:\Users\Schneeeule\Downloads
Loaded Profiles: Schneeeule (Available profiles: Schneeeule & Josefine & Luis)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
C:\Program Files\DVDVideoSoft\tbDVD0.dll
C:\Program Files\DVDVideoSoft\tbDVD1.dll
C:\Program Files\DVDVideoSoft\tbDVDV.dll
C:\Users\Josefine\AppData\LocalLow\DVDVideoSoft\tbDVD0.dll
C:\Users\Josefine\AppData\LocalLow\DVDVideoSoft\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll
C:\Users\Luis\AppData\LocalLow\DVDVideoSoft\tbDVD0.dll
C:\Users\Luis\AppData\LocalLow\DVDVideoSoft\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll
C:\Users\Schneeeule\AppData\Local\Temp\BandooV6.exe
C:\Users\Schneeeule\AppData\Local\Temp\installhelper.dll
C:\Users\Schneeeule\AppData\Local\Temp\jar_cache1724291155223709808.tmp
C:\Users\Schneeeule\AppData\Local\Temp\jar_cache6588093507913739277.tmp
C:\Users\Schneeeule\AppData\Local\Temp\jar_cache673188147049442276.tmp
C:\Users\Schneeeule\AppData\Local\Temp\nsn895B.tmp.exe
C:\Users\Schneeeule\AppData\Local\Temp\nstC793.tmp.exe
C:\Users\Schneeeule\AppData\Local\Temp\nsx6EC9.tmp.exe
C:\Users\Schneeeule\AppData\Local\Temp\ReimagePackage.exe
C:\Users\Schneeeule\AppData\Local\Temp\BandooFiles\files.exe
C:\Users\Schneeeule\AppData\Local\Temp\BandooFiles\Bin\Bandoo.exe
C:\Users\Schneeeule\AppData\Local\Temp\BandooFiles\Bin\BandooUI.exe
C:\Users\Schneeeule\AppData\Local\Temp\DMR\dmr_72.exe
C:\Users\Schneeeule\AppData\Local\Temp\is1275519350\346845_stp\Cloud_Backup_Setup_EU_IEonly.exe
C:\Users\Schneeeule\AppData\Local\Temp\nsa79B5.tmp\FacebookIsGod.dll
C:\Users\Schneeeule\AppData\Local\Temp\nsa79B5.tmp\Fymvefm.exe
C:\Users\Schneeeule\AppData\Local\Temp\nsf8E3F.tmp\InstallerUtils.dll
C:\Users\Schneeeule\AppData\Local\Temp\nsf8E3F.tmp\InstallerUtils2.dll
C:\Users\Schneeeule\AppData\Local\Temp\nsf8E3F.tmp\{B47EB3A1-BD38-46B4-9144-3110A88808D4}\plugins\91.js
C:\Users\Schneeeule\AppData\Local\Temp\nsf8E3F.tmp\{D39901FB-99D5-4BBE-9F60-0971A2286D32}\plugins\91.js
C:\Users\Schneeeule\AppData\LocalLow\DVDVideoSoft\tbDVD0.dll
C:\Users\Schneeeule\AppData\LocalLow\DVDVideoSoft\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll
C:\Users\Schneeeule\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\660bb69d-6420203c
C:\Users\Schneeeule\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\677c3b20-7a94314a
C:\Users\Schneeeule\Downloads\ccsetup419-Download.exe
C:\Users\Schneeeule\Downloads\FreeYouTubeToMP3Converter.exe
C:\Users\Schneeeule\Downloads\LibreOffice - CHIP-Installer.exe
C:\Users\Schneeeule\Downloads\ReimageRepair(1).exe
C:\Users\Schneeeule\Downloads\ReimageRepair.exe
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\distro-abb-fix[1]
C:\Windows\Temp\TBU001\Update.exe
D:\SCHNEEEULE-PC\Backup Set 2014-08-24 195430\Backup Files 2014-08-24 195430\Backup files 1.zip
D:\SCHNEEEULE-PC\Backup Set 2014-08-24 195430\Backup Files 2014-08-24 195430\Backup files 14.zip
D:\SCHNEEEULE-PC\Backup Set 2014-08-24 195430\Backup Files 2014-08-24 195430\Backup files 2.zip
D:\SCHNEEEULE-PC\Backup Set 2014-08-24 195430\Backup Files 2014-08-24 195430\Backup files 5.zip
D:\SCHNEEEULE-PC\Backup Set 2014-08-24 195430\Backup Files 2014-08-24 195430\Backup files 6.zip
D:\SCHNEEEULE-PC\Backup Set 2014-08-24 195430\Backup Files 2014-08-24 195430\Backup files 7.zip
D:\SCHNEEEULE-PC\Backup Set 2014-08-24 195430\Backup Files 2014-11-02 190004\Backup files 4.zip
Emptytemp:
*****************
C:\Program Files\DVDVideoSoft\tbDVD0.dll => Moved successfully.
C:\Program Files\DVDVideoSoft\tbDVD1.dll => Moved successfully.
C:\Program Files\DVDVideoSoft\tbDVDV.dll => Moved successfully.
C:\Users\Josefine\AppData\LocalLow\DVDVideoSoft\tbDVD0.dll => Moved successfully.
C:\Users\Josefine\AppData\LocalLow\DVDVideoSoft\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll => Moved successfully.
C:\Users\Luis\AppData\LocalLow\DVDVideoSoft\tbDVD0.dll => Moved successfully.
C:\Users\Luis\AppData\LocalLow\DVDVideoSoft\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll => Moved successfully.
C:\Users\Schneeeule\AppData\Local\Temp\BandooV6.exe => Moved successfully.
C:\Users\Schneeeule\AppData\Local\Temp\installhelper.dll => Moved successfully.
C:\Users\Schneeeule\AppData\Local\Temp\jar_cache1724291155223709808.tmp => Moved successfully.
C:\Users\Schneeeule\AppData\Local\Temp\jar_cache6588093507913739277.tmp => Moved successfully.
C:\Users\Schneeeule\AppData\Local\Temp\jar_cache673188147049442276.tmp => Moved successfully.
C:\Users\Schneeeule\AppData\Local\Temp\nsn895B.tmp.exe => Moved successfully.
C:\Users\Schneeeule\AppData\Local\Temp\nstC793.tmp.exe => Moved successfully.
C:\Users\Schneeeule\AppData\Local\Temp\nsx6EC9.tmp.exe => Moved successfully.
C:\Users\Schneeeule\AppData\Local\Temp\ReimagePackage.exe => Moved successfully.
C:\Users\Schneeeule\AppData\Local\Temp\BandooFiles\files.exe => Moved successfully.
C:\Users\Schneeeule\AppData\Local\Temp\BandooFiles\Bin\Bandoo.exe => Moved successfully.
C:\Users\Schneeeule\AppData\Local\Temp\BandooFiles\Bin\BandooUI.exe => Moved successfully.
C:\Users\Schneeeule\AppData\Local\Temp\DMR\dmr_72.exe => Moved successfully.
C:\Users\Schneeeule\AppData\Local\Temp\is1275519350\346845_stp\Cloud_Backup_Setup_EU_IEonly.exe => Moved successfully.
C:\Users\Schneeeule\AppData\Local\Temp\nsa79B5.tmp\FacebookIsGod.dll => Moved successfully.
C:\Users\Schneeeule\AppData\Local\Temp\nsa79B5.tmp\Fymvefm.exe => Moved successfully.
C:\Users\Schneeeule\AppData\Local\Temp\nsf8E3F.tmp\InstallerUtils.dll => Moved successfully.
C:\Users\Schneeeule\AppData\Local\Temp\nsf8E3F.tmp\InstallerUtils2.dll => Moved successfully.
C:\Users\Schneeeule\AppData\Local\Temp\nsf8E3F.tmp\{B47EB3A1-BD38-46B4-9144-3110A88808D4}\plugins\91.js => Moved successfully.
C:\Users\Schneeeule\AppData\Local\Temp\nsf8E3F.tmp\{D39901FB-99D5-4BBE-9F60-0971A2286D32}\plugins\91.js => Moved successfully.
C:\Users\Schneeeule\AppData\LocalLow\DVDVideoSoft\tbDVD0.dll => Moved successfully.
C:\Users\Schneeeule\AppData\LocalLow\DVDVideoSoft\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll => Moved successfully.
C:\Users\Schneeeule\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\660bb69d-6420203c => Moved successfully.
C:\Users\Schneeeule\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\677c3b20-7a94314a => Moved successfully.
C:\Users\Schneeeule\Downloads\ccsetup419-Download.exe => Moved successfully.
C:\Users\Schneeeule\Downloads\FreeYouTubeToMP3Converter.exe => Moved successfully.
C:\Users\Schneeeule\Downloads\LibreOffice - CHIP-Installer.exe => Moved successfully.
C:\Users\Schneeeule\Downloads\ReimageRepair(1).exe => Moved successfully.
C:\Users\Schneeeule\Downloads\ReimageRepair.exe => Moved successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\distro-abb-fix[1] => Moved successfully.
C:\Windows\Temp\TBU001\Update.exe => Moved successfully.
D:\SCHNEEEULE-PC\Backup Set 2014-08-24 195430\Backup Files 2014-08-24 195430\Backup files 1.zip => Moved successfully.
D:\SCHNEEEULE-PC\Backup Set 2014-08-24 195430\Backup Files 2014-08-24 195430\Backup files 14.zip => Moved successfully.
D:\SCHNEEEULE-PC\Backup Set 2014-08-24 195430\Backup Files 2014-08-24 195430\Backup files 2.zip => Moved successfully.
D:\SCHNEEEULE-PC\Backup Set 2014-08-24 195430\Backup Files 2014-08-24 195430\Backup files 5.zip => Moved successfully.
D:\SCHNEEEULE-PC\Backup Set 2014-08-24 195430\Backup Files 2014-08-24 195430\Backup files 6.zip => Moved successfully.
D:\SCHNEEEULE-PC\Backup Set 2014-08-24 195430\Backup Files 2014-08-24 195430\Backup files 7.zip => Moved successfully.
D:\SCHNEEEULE-PC\Backup Set 2014-08-24 195430\Backup Files 2014-11-02 190004\Backup files 4.zip => Moved successfully.
EmptyTemp: => Removed 4.4 GB temporary data.
The system needed a reboot.
==== End of Fixlog 07:41:03 ====
Gestern Abend ist Mozilla Firefox mal abgestürzt...... |
|
10.02.2015, 17:58
| #8 |
| /// the machine /// TB-Ausbilder | Enterprise 1.1 Windows 7 Revo Uninstaller - Download - Filepony damit Firefox deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren. Dann: https://support.mozilla.org/de/kb/fi...einfach-loesen Dann nochmal testen. Und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
13.02.2015, 20:08
| #9 |
| | Enterprise 1.1 Windows 7 Hallo nochmal! Firefox habe ich deinstalliert und wieder neuinstalliert. Danach habe ich mit FRST einen Scan gemacht. Ist das richtig, daß du das gepostet haben möchtest, was dabei herauskommt (FRST.txt)? LG Sabine |
|
14.02.2015, 12:05
| #10 |
| /// the machine /// TB-Ausbilder | Enterprise 1.1 Windows 7 genau
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
14.02.2015, 19:46
| #11 |
| | Enterprise 1.1 Windows 7 Cool! ;-) FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-02-2015 Ran by Schneeeule (administrator) on SCHNEEEULE-PC on 14-02-2015 19:44:18 Running from C:\Users\Schneeeule\Downloads Loaded Profiles: Schneeeule (Available profiles: Schneeeule & Josefine & Luis) Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE (SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe () C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe () C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Google Inc.) C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (ACD Systems, Ltd.) C:\Program Files\Common Files\ACD Systems\DE\DevDetect.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe () C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe (SEC) C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (SAMSUNG Electronics) C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7711264 2009-08-19] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1541416 2009-07-15] (Synaptics Incorporated) HKLM\...\Run: [Google Quick Search Box] => C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe [122880 2009-12-10] (Google Inc.) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation) HKU\S-1-5-21-1131658597-4005637612-88016806-1000\...\Run: [EPSON SX210 Series] => C:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIFDE.EXE [199680 2008-11-06] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-1131658597-4005637612-88016806-1000\...\Run: [Device Detector] => DevDetect.exe -autorun HKU\S-1-5-21-1131658597-4005637612-88016806-1000\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-1131658597-4005637612-88016806-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\S-1-5-21-1131658597-4005637612-88016806-1000\...\MountPoints2: {64077ee0-49ec-11e3-9059-00245413507b} - F:\Startme.exe HKU\S-1-5-21-1131658597-4005637612-88016806-1000\...\MountPoints2: {9f1de9ad-924f-11e0-91ed-00245413507b} - F:\setup.exe -a Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.) Startup: C:\Users\Josefine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe () Startup: C:\Users\Schneeeule\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Schneeeule\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Schneeeule\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe () ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Schneeeule\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Schneeeule\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Schneeeule\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll (Dropbox, Inc.) GroupPolicyUsers\S-1-5-21-1131658597-4005637612-88016806-1007\User: Group Policy restriction detected <======= ATTENTION GroupPolicyUsers\S-1-5-21-1131658597-4005637612-88016806-1006\User: Group Policy restriction detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-1131658597-4005637612-88016806-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1131658597-4005637612-88016806-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN_de___DE357 BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKU\S-1-5-21-1131658597-4005637612-88016806-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} hxxp://www.navigram.com/engine/v1026/Navigram.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Schneeeule\AppData\Roaming\Mozilla\Firefox\Profiles\hpl0fhhj.default-1423684663354 FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll () FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.) FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @pack.google.com/Google Updater;version=13 -> C:\Program Files\Google\Google Updater\2.4.1739.5352\npCIDetect13.dll (Google) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF HKU\S-1-5-21-1131658597-4005637612-88016806-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] FF HKU\S-1-5-21-1131658597-4005637612-88016806-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Schneeeule\AppData\Roaming\Mozilla\Firefox\Profiles\0c90xap1.default\extensions\cliqz@cliqz.com Chrome: ======= CHR StartupUrls: Default -> "hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p07_serp_cr_de_display?ie=UTF8&tagbase=bds-p07&tbrId=v1_abb-channel-7_6dc5996352bb46baa561c7e9f23445b8_30_46_20131110_DE_cr_sp_IS0" CHR Profile: C:\Users\Schneeeule\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Skype Click to Call) - C:\Users\Schneeeule\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-02-08] CHR Extension: (Google Wallet) - C:\Users\Schneeeule\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-08] CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-10-18] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 EPSON_EB_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE [143872 2007-12-17] (SEIKO EPSON CORPORATION) R2 EPSON_PM_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE [113664 2007-01-11] (SEIKO EPSON CORPORATION) S2 gupdate1ca8a4289333f5d; C:\Program Files\Google\Update\GoogleUpdate.exe [107912 2014-10-22] (Google Inc.) R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.) R2 MotoHelper; C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe [202048 2010-09-07] () S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation) R2 OberonGameConsoleService; C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe [44312 2009-08-13] () R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R0 Achernar; C:\windows\System32\Drivers\Achernar.sys [18432 2007-02-05] (NewSoft Technology Corporation) [File not signed] S3 auusb; C:\windows\System32\DRIVERS\auusb.sys [160816 2009-09-21] (Auerswald GmbH & Co.KG ) S3 grmnusb; C:\windows\System32\drivers\grmnusb.sys [9344 2009-04-17] (GARMIN Corp.) R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-02-14] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation) R2 NPF_devolo; C:\windows\system32\drivers\npf_devolo.sys [35840 2007-02-07] (CACE Technologies) [File not signed] S3 cpuz134; \??\C:\Users\SCHNEE~1\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-13 19:49 - 2015-02-13 19:49 - 00033912 _____ () C:\Users\Schneeeule\Desktop\FRST.txt 2015-02-12 17:14 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll 2015-02-12 17:14 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2015-02-11 21:01 - 2015-02-11 21:01 - 00033598 _____ () C:\Users\Schneeeule\Downloads\FRST_11-02-2015_21-01-54.txt 2015-02-11 21:00 - 2015-02-14 19:44 - 00000000 ____D () C:\Users\Schneeeule\Downloads\FRST-OlderVersion 2015-02-11 20:43 - 2015-02-12 07:14 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2015-02-11 20:43 - 2015-02-11 20:50 - 00001117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-02-11 20:43 - 2015-02-11 20:50 - 00001105 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2015-02-11 20:43 - 2015-02-11 20:50 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2015-02-11 20:32 - 2015-02-11 20:43 - 39712504 _____ () C:\Users\Schneeeule\Downloads\Firefox_Setup_de35.0.1 (1).exe 2015-02-11 20:32 - 2015-02-11 20:34 - 39712504 _____ () C:\Users\Schneeeule\Downloads\Firefox_Setup_de35.0.1.exe 2015-02-11 20:29 - 2015-02-11 20:47 - 39712504 _____ () C:\Users\Schneeeule\Desktop\Firefox_Setup_de35.0.1.exe 2015-02-11 14:26 - 2015-02-11 14:26 - 00243664 _____ () C:\Users\Schneeeule\Downloads\Firefox Setup Stub 35.0.1.exe 2015-02-11 13:59 - 2015-02-11 13:59 - 00001222 _____ () C:\Users\Schneeeule\Desktop\Revo Uninstaller.lnk 2015-02-11 13:59 - 2015-02-11 13:59 - 00000000 ____D () C:\Program Files\VS Revo Group 2015-02-11 13:57 - 2015-02-11 13:58 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Schneeeule\Downloads\revosetup95.exe 2015-02-11 07:17 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll 2015-02-11 07:17 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2015-02-11 07:17 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2015-02-11 07:17 - 2015-01-12 03:21 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll 2015-02-11 07:17 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll 2015-02-11 07:17 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2015-02-11 07:17 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll 2015-02-11 07:17 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll 2015-02-11 07:17 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2015-02-11 07:17 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2015-02-11 07:17 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2015-02-11 07:17 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2015-02-11 07:17 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe 2015-02-11 07:17 - 2015-01-12 02:55 - 00102912 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe 2015-02-11 07:17 - 2015-01-12 02:48 - 00667648 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe 2015-02-11 07:17 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll 2015-02-11 07:17 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll 2015-02-11 07:17 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll 2015-02-11 07:17 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll 2015-02-11 07:17 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll 2015-02-11 07:17 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2015-02-11 07:17 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2015-02-11 07:17 - 2015-01-12 02:23 - 00684544 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2015-02-11 07:17 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll 2015-02-11 07:17 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2015-02-11 07:17 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2015-02-11 07:17 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2015-02-11 07:17 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll 2015-02-10 22:05 - 2015-01-15 08:46 - 00136640 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys 2015-02-10 22:05 - 2015-01-15 08:46 - 00067520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys 2015-02-10 22:05 - 2015-01-15 08:43 - 00100352 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll 2015-02-10 22:05 - 2015-01-15 08:43 - 00015872 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll 2015-02-10 22:05 - 2015-01-15 08:42 - 01061376 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll 2015-02-10 22:05 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe 2015-02-10 22:05 - 2015-01-15 08:42 - 00022528 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe 2015-02-10 22:05 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll 2015-02-10 22:05 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll 2015-02-10 22:05 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll 2015-02-10 22:05 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll 2015-02-10 22:05 - 2015-01-15 05:21 - 00369968 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys 2015-02-10 22:05 - 2015-01-09 02:45 - 02380288 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2015-02-10 22:04 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\windows\system32\ntkrnlpa.exe 2015-02-10 22:04 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe 2015-02-10 22:03 - 2015-02-04 03:54 - 00482304 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll 2015-02-10 22:03 - 2015-02-04 03:53 - 00767488 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll 2015-02-10 22:03 - 2015-02-04 03:53 - 00621056 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll 2015-02-10 22:03 - 2015-02-04 03:53 - 00325632 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll 2015-02-10 22:03 - 2015-02-04 03:53 - 00202752 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll 2015-02-10 22:03 - 2015-02-04 03:53 - 00159744 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll 2015-02-10 22:03 - 2015-02-04 03:49 - 00886784 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll 2015-02-10 22:03 - 2015-01-28 00:36 - 01167520 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe 2015-02-10 22:03 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll 2015-02-10 22:03 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll 2015-02-10 22:03 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll 2015-02-10 22:03 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll 2015-02-10 22:03 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll 2015-02-10 22:03 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll 2015-02-10 22:03 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll 2015-02-10 22:03 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll 2015-02-10 22:03 - 2014-10-04 02:42 - 03221504 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll 2015-02-10 22:03 - 2014-10-04 02:42 - 00131584 _____ (Microsoft Corporation) C:\windows\system32\aaclient.dll 2015-02-10 21:58 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll 2015-02-10 21:58 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll 2015-02-10 21:58 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\windows\system32\scesrv.dll 2015-02-09 07:41 - 2015-02-09 07:42 - 00028461 _____ () C:\Users\Schneeeule\Downloads\Addition.txt 2015-02-09 07:40 - 2015-02-14 19:44 - 00016035 _____ () C:\Users\Schneeeule\Downloads\FRST.txt 2015-02-09 07:38 - 2015-02-14 19:44 - 00000000 ____D () C:\FRST 2015-02-09 07:37 - 2015-02-14 19:44 - 01125888 _____ (Farbar) C:\Users\Schneeeule\Downloads\FRST.exe 2015-02-08 19:29 - 2015-02-08 19:29 - 02347384 _____ (ESET) C:\Users\Schneeeule\Downloads\esetsmartinstaller_deu(1).exe 2015-02-08 09:37 - 2015-02-08 09:38 - 02347384 _____ (ESET) C:\Users\Schneeeule\Downloads\esetsmartinstaller_deu.exe 2015-02-08 09:21 - 2015-02-08 09:21 - 00001826 _____ () C:\sc-cleaner.txt 2015-02-08 09:20 - 2015-02-08 09:20 - 00441592 _____ (Bleeping Computer, LLC) C:\Users\Schneeeule\Downloads\sc-cleaner.exe 2015-02-08 09:08 - 2015-02-08 09:08 - 00001428 _____ () C:\Users\Schneeeule\Desktop\JRT.txt 2015-02-08 09:03 - 2015-02-08 09:03 - 01388274 _____ (Thisisu) C:\Users\Schneeeule\Downloads\JRT42.exe 2015-02-08 09:00 - 2015-02-08 09:00 - 00000705 _____ () C:\Users\Schneeeule\Desktop\AdwCleaner - Verknüpfung.lnk 2015-02-08 08:37 - 2015-02-08 08:47 - 00000000 ____D () C:\AdwCleaner 2015-02-08 08:36 - 2015-02-08 08:37 - 02112512 _____ () C:\Users\Schneeeule\Downloads\adwcleaner_4.110.exe 2015-02-08 08:33 - 2015-02-08 08:33 - 00000049 _____ () C:\mbam.txt 2015-02-08 07:56 - 2015-02-08 08:00 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Schneeeule\Downloads\mbam-setup-2.0.4.1028(2).exe 2015-02-08 07:27 - 2015-02-14 10:52 - 00114904 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2015-02-08 07:27 - 2015-02-08 08:26 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2015-02-08 07:27 - 2015-02-08 08:01 - 00001060 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-02-08 07:27 - 2015-02-08 08:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-02-08 07:27 - 2015-02-08 07:27 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-02-08 07:27 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys 2015-02-08 07:27 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys 2015-02-08 07:27 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys 2015-02-08 07:14 - 2015-02-08 07:25 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Schneeeule\Downloads\mbam-setup-2.0.4.1028(1).exe 2015-02-08 07:11 - 2015-02-08 07:15 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Schneeeule\Downloads\mbam-setup-2.0.4.1028.exe 2015-02-05 20:56 - 2015-02-05 20:56 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\Schneeeule\Downloads\SpyHunter-Installer(1).exe 2015-02-05 20:55 - 2015-02-05 20:56 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\Schneeeule\Downloads\SpyHunter-Installer.exe 2015-01-31 18:59 - 2015-01-31 18:59 - 00000000 ____D () C:\Users\Schneeeule\Pictures\Documents\Trainingspl_ne_f_r_Enduro_Fahrer 2015-01-20 10:29 - 2015-01-30 11:02 - 00000000 ____D () C:\Program Files\Mozilla Firefox.bak ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-14 19:44 - 2009-12-31 19:12 - 00001094 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-02-14 19:38 - 2012-04-18 18:20 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job 2015-02-14 19:38 - 2009-12-31 19:12 - 00001098 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-02-14 19:38 - 2009-09-17 07:44 - 01413089 _____ () C:\windows\WindowsUpdate.log 2015-02-14 10:50 - 2012-05-27 20:52 - 00000000 ____D () C:\Users\Schneeeule\AppData\Roaming\Dropbox 2015-02-14 09:44 - 2009-07-14 05:34 - 00023872 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-02-14 09:44 - 2009-07-14 05:34 - 00023872 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-02-14 09:40 - 2009-07-26 21:06 - 00393258 _____ () C:\windows\system32\PerfStringBackup.INI 2015-02-14 09:36 - 2009-07-14 05:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2015-02-14 09:36 - 2009-07-14 05:39 - 00212045 _____ () C:\windows\setupact.log 2015-02-12 20:25 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\rescache 2015-02-12 07:14 - 2009-09-17 08:19 - 01034170 _____ () C:\windows\PFRO.log 2015-02-11 20:23 - 2009-07-14 05:33 - 00438032 _____ () C:\windows\system32\FNTCACHE.DAT 2015-02-11 20:20 - 2014-12-11 06:45 - 00000000 ____D () C:\windows\system32\appraiser 2015-02-11 20:20 - 2014-05-07 06:40 - 00000000 ___SD () C:\windows\system32\CompatTel 2015-02-11 20:20 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\system32\de-DE 2015-02-11 20:10 - 2013-08-19 12:36 - 00000000 ____D () C:\windows\system32\MRT 2015-02-11 20:06 - 2010-01-02 08:41 - 113756392 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2015-02-11 20:04 - 2009-12-01 18:47 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-02-11 14:25 - 2009-12-01 20:39 - 00000000 ____D () C:\Users\Schneeeule\AppData\Local\Google 2015-02-10 07:34 - 2009-12-01 21:09 - 00000000 ____D () C:\Program Files\DVDVideoSoft 2015-02-09 07:30 - 2009-12-01 18:50 - 00116712 _____ () C:\Users\Schneeeule\AppData\Local\GDIPFONTCACHEV1.DAT 2015-02-08 08:46 - 2013-11-10 10:48 - 00000000 ____D () C:\Program Files\Amazon 2015-02-08 08:27 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\schemas 2015-02-07 22:26 - 2014-11-02 17:55 - 00001414 _____ () C:\Users\Schneeeule\Desktop\Registry kostenlos entrümpeln!.lnk 2015-02-06 20:54 - 2009-12-31 19:00 - 00002121 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-02-06 11:28 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\Microsoft.NET 2015-02-05 20:19 - 2014-11-01 05:36 - 00000000 ____D () C:\Program Files\CHIP Updater 2015-02-05 20:19 - 2013-12-10 07:03 - 00000000 ____D () C:\Program Files\Adobe 2015-02-05 20:18 - 2009-09-17 07:41 - 00000000 ____D () C:\Program Files\Common Files\InstallShield 2015-02-05 20:18 - 2009-09-17 07:40 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information 2015-02-05 18:30 - 2012-04-18 18:20 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe 2015-02-05 18:30 - 2011-08-09 07:09 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl 2015-02-01 18:50 - 2014-11-07 22:39 - 00000464 _____ () C:\windows\system32\ScannerSettings 2015-01-30 10:33 - 2014-11-07 22:45 - 00107040 _____ () C:\windows\system32\ScanResults.xml 2015-01-26 16:10 - 2015-01-07 12:00 - 00000000 ____D () C:\Users\Schneeeule\Pictures\Documents\Josefines Praktikum ==================== Files in the root of some directories ======= 2007-03-12 18:59 - 2007-03-12 18:59 - 0299008 _____ () C:\Program Files\navigram_register.exe 2011-04-13 08:53 - 2014-07-08 07:25 - 0018944 _____ () C:\Users\Schneeeule\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2009-12-31 19:01 - 2009-12-31 19:01 - 0000056 ____H () C:\ProgramData\ezsidmv.dat 2009-12-01 18:45 - 2009-08-17 06:54 - 0131368 _____ () C:\ProgramData\FullRemove.exe 2013-06-09 18:38 - 2013-06-09 18:38 - 0000000 _____ () C:\ProgramData\gh7i6z.dat 2013-06-08 22:31 - 2013-06-10 19:22 - 0000000 _____ () C:\ProgramData\kjhy64.txt 2013-06-08 22:31 - 2013-06-10 19:22 - 95023320 ____T () C:\ProgramData\wirqe.pad Files to move or delete: ==================== C:\ProgramData\gh7i6z.dat C:\ProgramData\wirqe.pad C:\Users\Schneeeule\word2007-kb974631-fullfile-x86-glb.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\windows\explorer.exe => File is digitally signed C:\windows\system32\winlogon.exe => File is digitally signed C:\windows\system32\wininit.exe => File is digitally signed C:\windows\system32\svchost.exe => File is digitally signed C:\windows\system32\services.exe => File is digitally signed C:\windows\system32\User32.dll => File is digitally signed C:\windows\system32\userinit.exe => File is digitally signed C:\windows\system32\rpcss.dll => File is digitally signed C:\windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-02-11 15:16 ==================== End Of Log ============================ |
|
15.02.2015, 08:44
| #12 |
| /// the machine /// TB-Ausbilder | Enterprise 1.1 Windows 7 BEstehen aktuell noch Probleme mit dem System?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
21.02.2015, 20:01
| #13 |
| | Enterprise 1.1 Windows 7 Hallo! Ich habe jetzt mal ein paar Tage das System beobachtet. Soweit läuft alles in Ordnung :-). Vielen Dank erstmal für die Hilfe! Toll, daß es das hier gibt!!!!!! LG und vielleicht bis bald mal wieder ;-) Sabine |
|
22.02.2015, 09:13
| #14 |
| /// the machine /// TB-Ausbilder | Enterprise 1.1 Windows 7 Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Enterprise 1.1 Windows 7 |
| anwendung, appdata, c:\windows, cache, ccsetup, config, downloader, escan, files, found, gen, internet, log, microsoft, onlinescan, service, setup, system, system32, temp, trojaner, update.exe, version, win, windows, windows 7 |
Linear-Darstellung
