![]() |
|
Log-Analyse und Auswertung: Bikiniland eingefangenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() | #1 |
![]() | ![]() Bikiniland eingefangen Hallo zusammen, ich weiß gar nicht genau, was ich genau gemacht habe. Auf jeden Fall habe ich mir diesen Bikiniland-Trojaner eingefangen und bekomme ihn nicht entfernt. Ich habe bereits in einem anderen Tread gelesen, welche Vorarbeiten gemacht werden sollen. So habe ich bereits einen FRST-Scan gemacht. Anbei meine Logfiles: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-02-2015 Ran by alf (administrator) on ALF-PC on 23-02-2015 13:10:32 Running from C:\Users\alf\Downloads Loaded Profiles: alf (Available profiles: alf & nicole) Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 9 (Default browser not detected!) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE () C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe (Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (Option) C:\Program Files\T-Mobile\web'n'walk Manager\GtDetectSc.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE (Nero AG) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe () C:\Program Files\CyberLink\Shared Files\RichVideo.exe () C:\Program Files\Search\WebSearch.exe (TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TuneUp Software) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avpui.exe (TuneUp Software) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe (SAMSUNG Electronics co., LTD.) C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe () C:\Program Files\Samsung\Samsung Recovery Solution II\WCScheduler.exe (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe (SAMSUNG Electronics) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe () C:\Users\alf\AppData\Local\Amazon Music\Amazon Music Helper.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe (Dropbox, Inc.) C:\Users\alf\AppData\Roaming\Dropbox\bin\Dropbox.exe (Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Apple Inc.) C:\Program Files\iTunes\iTunes.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_16_0_0_305_ActiveX.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-01-21] (Advanced Micro Devices, Inc.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1029416 2007-10-26] (Synaptics, Inc.) HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2014-02-14] (DivX, LLC) HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-21-3266977579-4003141749-4249582801-1003\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation) HKU\S-1-5-21-3266977579-4003141749-4249582801-1003\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation) HKU\S-1-5-21-3266977579-4003141749-4249582801-1003\...\Run: [Amazon Music] => C:\Users\alf\AppData\Local\Amazon Music\Amazon Music Helper.exe [6281536 2014-09-06] () HKU\S-1-5-21-3266977579-4003141749-4249582801-1003\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [31087200 2015-01-23] (Skype Technologies S.A.) HKU\S-1-5-21-3266977579-4003141749-4249582801-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5496600 2015-01-20] (Piriform Ltd) HKU\S-1-5-21-3266977579-4003141749-4249582801-1003\...\MountPoints2: {52d18c7e-85dd-11e4-a0e1-0013779cb325} - F:\.\Setup.exe AUTORUN=1 HKU\S-1-5-21-3266977579-4003141749-4249582801-1003\...\MountPoints2: {60fed5fe-86cd-11e4-96d5-00f1d000f1d0} - F:\.\Setup.exe AUTORUN=1 HKU\S-1-5-21-3266977579-4003141749-4249582801-1003\...\MountPoints2: {60fed62f-86cd-11e4-96d5-00f1d000f1d0} - F:\.\Setup.exe AUTORUN=1 HKU\S-1-5-21-3266977579-4003141749-4249582801-1003\...\MountPoints2: {60fed635-86cd-11e4-96d5-001e101f4e71} - F:\.\Setup.exe AUTORUN=1 HKU\S-1-5-18\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000 Startup: C:\Users\alf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\alf\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\alf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\alf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\alf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\alf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\alf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\alf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\alf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\alf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled. ProxyServer: [.DEFAULT] => http=127.0.0.1:8897;https=127.0.0.1:8897 ProxyEnable: [S-1-5-21-3266977579-4003141749-4249582801-1003] => Internet Explorer proxy is enabled. ProxyServer: [S-1-5-21-3266977579-4003141749-4249582801-1003] => http=127.0.0.1:8897;https=127.0.0.1:8897 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKU\S-1-5-21-3266977579-4003141749-4249582801-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKU\S-1-5-21-3266977579-4003141749-4249582801-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://depecheworld.de/ HKU\S-1-5-21-3266977579-4003141749-4249582801-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com SearchScopes: HKLM -> DefaultScope value is missing. SearchScopes: HKU\S-1-5-21-3266977579-4003141749-4249582801-1003 -> DefaultScope {E78C2635-504D-4B35-B8F8-CAD77C88FD0F} URL = https://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-3266977579-4003141749-4249582801-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3266977579-4003141749-4249582801-1003 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-3266977579-4003141749-4249582801-1003 -> {E78C2635-504D-4B35-B8F8-CAD77C88FD0F} URL = https://www.google.com/search?q={searchTerms} BHO: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll (Kaspersky Lab ZAO) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll (Kaspersky Lab ZAO) BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation) BHO: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll (Kaspersky Lab ZAO) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKU\S-1-5-21-3266977579-4003141749-4249582801-1003 -> No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File Toolbar: HKU\S-1-5-21-3266977579-4003141749-4249582801-1003 -> No Name - {4F524A2D-5350-4500-76A7-7A786E7484D7} - No File DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {48DD0448-9209-4F81-9F6D-D83562940134} hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} https://as.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-19] (SuperAdBlocker.com) Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\alf\AppData\Roaming\Mozilla\Firefox\Profiles\cdcptm33.default FF Homepage: hxxp://depecheworld.de/ FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll () FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC) FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @kaspersky.com/content_blocker_663BE84DBCC949E88C7600F63CA7F098 -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com () FF Plugin: @kaspersky.com/online_banking_08806E753BE44495B44E90AA2513BDC5 -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com () FF Plugin: @kaspersky.com/virtual_keyboard_07402848C2F6470194F131B0F3DE025E -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @videolan.org/vlc,version=1.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3266977579-4003141749-4249582801-1003: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\alf\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.) FF user.js: detected! => C:\Users\alf\AppData\Roaming\Mozilla\Firefox\Profiles\cdcptm33.default\user.js FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.) FF SearchPlugin: C:\Users\alf\AppData\Roaming\Mozilla\Firefox\Profiles\cdcptm33.default\searchplugins\Binkiland.xml FF Extension: Flash Video Downloader - C:\Users\alf\AppData\Roaming\Mozilla\Firefox\Profiles\cdcptm33.default\Extensions\artur.dubovoy@gmail.com [2014-01-30] FF Extension: DownloadHelper - C:\Users\alf\AppData\Roaming\Mozilla\Firefox\Profiles\cdcptm33.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-01-30] FF Extension: Set Search Settings - C:\Users\alf\AppData\Roaming\Mozilla\Firefox\Profiles\cdcptm33.default\Extensions\{e48eb377-9675-4f2b-be40-b8ba3e0d933c} [2015-02-20] FF Extension: Adblock Plus - C:\Users\alf\AppData\Roaming\Mozilla\Firefox\Profiles\cdcptm33.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-31] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-02-01] FF HKLM\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru FF HKLM\...\Firefox\Extensions: [content_blocker_663BE84DBCC949E88C7600F63CA7F098@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com FF Extension: Modul zum Sperren von gefährlichen Webseiten - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-02-17] FF HKLM\...\Firefox\Extensions: [virtual_keyboard_07402848C2F6470194F131B0F3DE025E@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com FF Extension: Virtuelle Tastatur - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-02-17] FF HKLM\...\Firefox\Extensions: [online_banking_08806E753BE44495B44E90AA2513BDC5@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com FF Extension: Sicherer Zahlungsverkehr - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-02-17] Chrome: ======= CHR HomePage: Default -> https://www.google.de/webhp?sourceid=chrome-instant&rlz=1C1FLDB_enDE556DE556&ion=1&espv=2&ie=UTF-8 CHR StartupUrls: Default -> "hxxp://binkiland.com/?f=7&a=bnk_secureddownload_15_08&cd=2XzuyEtN2Y1L1QzutDtDtBtCyCtAtC0B0Ezzzzzy0DyDzyyEtN0D0Tzu0StCtCyEtAtN1L2XzutAtFyBtFyBtFzytN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyCtCyEyD0CyB0CzztG0DyByDzztGtAyBtCyBtGyEyDtAtAtGtA0AyCzztByBtA0FtC0CzztB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDyDtA0F0CtA0EyCtGyB0AyD0AtGyEtAyE0DtG0A0A0ByEtG0AtD0BtAtDzyzztAtA0CzzyD2Q&cr=1040231234&ir=" CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter} CHR Profile: C:\Users\alf\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\alf\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-03] CHR Extension: (Google Drive) - C:\Users\alf\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-03] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\alf\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-06] CHR Extension: (YouTube) - C:\Users\alf\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-03] CHR Extension: (Google Search) - C:\Users\alf\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-03] CHR Extension: (Google Wallet) - C:\Users\alf\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-03] CHR Extension: (Gmail) - C:\Users\alf\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-03] CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2015-02-20] (SUPERAntiSpyware.com) R2 ALDITALKVerbindungsassistent_Service; C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe [342984 2011-09-13] () R2 AVP15.0.2; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe [193400 2014-12-23] (Kaspersky Lab ZAO) R2 DailytoolsUpdateService; C:\Windows\System32\update1.dll [352256 2014-08-23] (Dailytools GmbH) [File not signed] S3 FirebirdServerMAGIXInstance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®) [File not signed] R2 GtDetectSc; C:\Program Files\T-Mobile\web'n'walk Manager\GtDetectSc.exe [204915 2007-11-05] (Option) [File not signed] R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2008-11-19] (Hewlett-Packard Co.) [File not signed] R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [135168 2008-03-25] (Hewlett-Packard Co.) [File not signed] S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed] S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed] S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed] R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2006-12-19] () R2 Search; C:\Program Files\Search\WebSearch.exe [435184 2014-12-18] () R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [1514304 2011-12-14] (TuneUp Software) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation) S2 RoxLiveShare10; "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe" [X] S2 SessionLauncher; C:\Users\alf\AppData\Local\Temp\DX9\SessionLauncher.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 14510131; C:\Windows\System32\DRIVERS\14510131.sys [128016 2009-09-25] (Kaspersky Lab) R0 14510132; C:\Windows\System32\DRIVERS\14510132.sys [37392 2009-10-22] (Kaspersky Lab) R1 82524381; C:\Windows\System32\DRIVERS\82524381.sys [128016 2009-09-25] (Kaspersky Lab) R0 82524382; C:\Windows\System32\DRIVERS\82524382.sys [37392 2009-10-22] (Kaspersky Lab) S2 Aspi32; C:\Windows\System32\drivers\aspi32.sys [16512 2002-07-17] (Adaptec) [File not signed] R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42272 2014-03-20] (AVG Technologies) R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [189136 2013-01-14] (Kaspersky Lab UK Ltd) S3 GT72NDISIPXP; C:\Windows\System32\DRIVERS\Gt51Ip.sys [95744 2007-07-09] (Option NV) S3 GT72UBUS; C:\Windows\System32\DRIVERS\gt72ubus.sys [51968 2007-06-26] (Option N.V.) S3 GTPTSER; C:\Windows\System32\DRIVERS\gtptser.sys [8064 2007-03-30] (Option N.V.) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [143968 2014-03-31] (Kaspersky Lab ZAO) R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [37896 2014-08-19] (Kaspersky Lab ZAO) R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [120008 2014-11-28] (Kaspersky Lab ZAO) R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [36040 2014-10-22] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [699576 2014-12-13] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25800 2014-10-10] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [26824 2014-10-30] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2013-08-08] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO) R1 kltdf; C:\Windows\System32\DRIVERS\kltdf.sys [68808 2014-11-06] (Kaspersky Lab ZAO) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [46152 2014-10-09] (Kaspersky Lab ZAO) R2 KMDFMEMIO; C:\Windows\System32\DRIVERS\kmdfmemio.sys [13312 2008-04-16] (SAMSUNG ELECTRONICS CO., LTD.) R3 KMWDFILTER; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [17408 2008-10-09] (Windows (R) Codename Longhorn DDK provider) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [148296 2014-11-10] (Kaspersky Lab ZAO) S3 NETw2v32; C:\Windows\System32\DRIVERS\NETw2v32.sys [2589184 2006-11-02] (Intel® Corporation) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) S3 TSP; C:\Windows\system32\drivers\klif.sys [699576 2014-12-13] (Kaspersky Lab ZAO) R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [10064 2011-12-12] (TuneUp Software) S3 USB28xxBGA; C:\Windows\System32\DRIVERS\emBDA.sys [485920 2008-11-11] (eMPIA Technology, Inc.) S3 USB28xxOEM; C:\Windows\System32\DRIVERS\emOEM.sys [45344 2008-11-11] (eMPIA Technology, Inc.) R3 VMC302; C:\Windows\System32\Drivers\VMC302.sys [242560 2007-10-17] (Vimicro Corporation) S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X] S3 CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfo.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-23 13:10 - 2015-02-23 13:12 - 00028853 _____ () C:\Users\alf\Downloads\FRST.txt 2015-02-23 13:09 - 2015-02-23 13:10 - 00000000 ____D () C:\FRST 2015-02-23 13:07 - 2015-02-23 13:07 - 01126912 _____ (Farbar) C:\Users\alf\Downloads\FRST.exe 2015-02-20 13:59 - 2015-02-20 13:59 - 00050946 _____ () C:\Windows\PFRO.log 2015-02-20 13:13 - 2015-02-20 13:14 - 00032798 _____ () C:\Users\alf\Downloads\Documents\cc_20150220_131353.reg 2015-02-20 12:49 - 2015-02-20 12:49 - 00000000 ____D () C:\SUPERDelete 2015-02-17 19:38 - 2015-02-17 19:38 - 00002071 _____ () C:\Users\alf\Desktop\Sicherer Zahlungsverkehr.lnk 2015-02-17 19:03 - 2015-02-17 19:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2015-02-17 19:03 - 2015-02-17 18:59 - 00001977 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security.lnk 2015-02-17 18:50 - 2014-12-13 18:21 - 00699576 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys 2015-02-17 18:50 - 2014-11-28 18:19 - 00120008 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys 2015-02-17 18:50 - 2014-10-22 21:13 - 00036040 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klhk.sys 2015-02-17 18:44 - 2015-02-17 18:46 - 197295744 _____ (Kaspersky Lab) C:\Users\alf\Downloads\kis15.0.2.361de-de.exe 2015-02-17 18:18 - 2015-02-17 18:21 - 302470552 _____ (AMD Inc.) C:\Users\alf\Downloads\amd-catalyst-omega-14.12-with-dotnet45-win7-64bit.exe 2015-02-17 16:30 - 2015-02-17 16:30 - 00000000 ____D () C:\ProgramData\{829A6A59-D218-BBDF-639E-CB5DB31C18D3} 2015-02-17 16:29 - 2015-02-17 16:29 - 00000000 ____D () C:\Users\alf\AppData\Local\StormFall 2015-02-12 12:11 - 2015-01-23 04:00 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-02-12 12:11 - 2015-01-23 03:51 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-02-12 11:14 - 2014-11-26 03:05 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2015-02-12 11:11 - 2015-01-09 01:20 - 02063360 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-02-12 11:10 - 2015-01-13 02:39 - 00974848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2015-02-12 11:05 - 2015-01-15 05:13 - 00440760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-02-12 11:05 - 2014-12-08 02:59 - 00306176 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll 2015-02-11 10:34 - 2015-01-14 02:51 - 12371456 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-02-11 10:34 - 2015-01-14 02:49 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-02-11 10:34 - 2015-01-14 02:46 - 09742336 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-02-11 10:34 - 2015-01-14 02:43 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-02-11 10:34 - 2015-01-14 02:42 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-02-11 10:34 - 2015-01-14 02:42 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-02-11 10:34 - 2015-01-14 02:41 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-02-11 10:34 - 2015-01-14 02:41 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-02-11 10:34 - 2015-01-14 02:41 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-02-11 10:34 - 2015-01-14 02:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2015-02-11 10:34 - 2015-01-14 02:41 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-02-11 10:34 - 2015-01-14 02:41 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-02-11 10:34 - 2015-01-14 02:40 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-02-11 10:34 - 2015-01-14 02:40 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-02-11 10:34 - 2015-01-14 02:40 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-02-11 10:34 - 2015-01-14 02:40 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-02-11 10:34 - 2015-01-14 02:40 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-02-11 10:34 - 2015-01-14 02:40 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2015-02-11 10:34 - 2015-01-14 02:40 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2015-02-11 10:34 - 2015-01-14 02:40 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2015-02-08 16:48 - 2015-02-23 13:12 - 00000000 ____D () C:\Users\alf\AppData\Roaming\Skype 2015-02-08 16:48 - 2015-02-10 13:57 - 00002489 _____ () C:\Users\Public\Desktop\Skype.lnk 2015-02-08 16:48 - 2015-02-10 13:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2015-02-08 16:48 - 2015-02-08 16:48 - 00000000 ___RD () C:\Program Files\Skype 2015-02-08 16:48 - 2015-02-08 16:48 - 00000000 ____D () C:\Users\alf\AppData\Local\Skype 2015-02-08 16:48 - 2015-02-08 16:48 - 00000000 ____D () C:\Program Files\Common Files\Skype 2015-02-08 16:47 - 2015-02-10 13:57 - 00000000 ____D () C:\ProgramData\Skype 2015-02-06 21:00 - 2015-02-06 21:00 - 00001624 _____ () C:\Users\Public\Desktop\iTunes.lnk 2015-02-06 21:00 - 2015-02-06 21:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2015-02-06 20:58 - 2015-02-06 21:00 - 00000000 ____D () C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB 2015-02-06 20:58 - 2015-02-06 20:58 - 00000000 ____D () C:\Program Files\iPod 2015-01-30 16:03 - 2015-01-30 16:03 - 00134980 _____ () C:\Users\alf\Downloads\Chordify_Erasure-How-Many-Times-Graham-Foster.zip ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-23 13:03 - 2006-11-02 13:47 - 00003168 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2015-02-23 13:03 - 2006-11-02 13:47 - 00003168 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2015-02-23 13:02 - 2009-02-27 22:54 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2015-02-23 12:34 - 2013-08-17 18:31 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-02-23 12:24 - 2012-03-30 18:17 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-02-23 09:34 - 2008-07-16 11:33 - 01194092 _____ () C:\Windows\WindowsUpdate.log 2015-02-22 20:38 - 2013-08-17 18:33 - 00001923 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-02-22 20:26 - 2008-12-02 09:56 - 00000416 ____H () C:\Windows\Tasks\SupBackGroundTask.job 2015-02-22 19:54 - 2012-05-27 22:09 - 00000000 ___RD () C:\Users\alf\Dropbox 2015-02-22 19:54 - 2012-05-27 22:05 - 00000000 ____D () C:\Users\alf\AppData\Roaming\Dropbox 2015-02-22 19:52 - 2013-08-17 18:31 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-02-22 19:51 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-02-20 16:04 - 2008-04-16 00:00 - 00000012 _____ () C:\Windows\bthservsdp.dat 2015-02-20 16:04 - 2006-11-02 14:01 - 00032558 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-02-20 13:16 - 2009-06-14 19:36 - 00000000 ____D () C:\Windows\pss 2015-02-20 13:07 - 2014-05-31 18:11 - 00000000 ____D () C:\Program Files\Steam 2015-02-20 13:06 - 2009-01-27 15:29 - 00000000 ____D () C:\Windows\Minidump 2015-02-20 13:03 - 2013-01-01 22:26 - 00000764 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2015-02-20 13:03 - 2011-07-02 12:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2015-02-20 13:03 - 2009-03-07 20:35 - 00000000 ____D () C:\Users\alf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner 2015-02-20 13:03 - 2009-03-07 20:35 - 00000000 ____D () C:\Program Files\CCleaner 2015-02-20 11:59 - 2006-11-02 11:33 - 00007240 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-02-20 11:56 - 2012-02-27 23:28 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware 2015-02-17 19:15 - 2009-02-27 22:54 - 00000000 ____D () C:\Program Files\Kaspersky Lab 2015-02-17 19:09 - 2009-02-01 11:06 - 00000000 ____D () C:\ProgramData\Kaspersky Lab Setup Files 2015-02-17 18:58 - 2008-09-08 19:13 - 00000000 ____D () C:\Users\alf 2015-02-17 18:07 - 2008-09-08 21:30 - 00000000 ____D () C:\Users\nicole 2015-02-17 18:07 - 2008-04-16 00:17 - 00000000 ____D () C:\Windows\VMC302 2015-02-17 18:07 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\spool 2015-02-17 18:07 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\registration 2015-02-17 18:07 - 2006-11-02 11:22 - 93061120 _____ () C:\Windows\system32\config\system_previous 2015-02-17 18:07 - 2006-11-02 11:22 - 80216064 _____ () C:\Windows\system32\config\software_previous 2015-02-17 18:07 - 2006-11-02 11:22 - 45613056 _____ () C:\Windows\system32\config\components_previous 2015-02-17 18:07 - 2006-11-02 11:22 - 04980736 _____ () C:\Windows\system32\config\default_previous 2015-02-17 18:07 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\security_previous 2015-02-17 18:07 - 2006-11-02 11:22 - 00098304 _____ () C:\Windows\system32\config\sam_previous 2015-02-17 17:36 - 2013-05-07 15:59 - 00262144 _____ () C:\Windows\system32\config\elam 2015-02-13 11:04 - 2014-09-23 17:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-02-13 10:06 - 2012-05-27 22:09 - 00000949 _____ () C:\Users\alf\Desktop\Dropbox.lnk 2015-02-13 10:06 - 2012-05-27 22:07 - 00000000 ____D () C:\Users\alf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-02-12 11:46 - 2006-11-02 13:47 - 02525824 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-02-12 11:39 - 2013-08-15 17:47 - 00000000 ____D () C:\Windows\system32\MRT 2015-02-12 11:16 - 2006-11-02 11:24 - 113756392 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2015-02-12 11:13 - 2008-04-16 02:34 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-02-10 13:48 - 2012-03-13 09:07 - 00000000 ____D () C:\Users\alf\AppData\Roaming\Spotify 2015-02-10 13:06 - 2012-03-13 09:09 - 00000000 ____D () C:\Users\alf\AppData\Local\Spotify 2015-02-09 15:18 - 2013-10-21 18:47 - 00000000 ____D () C:\ProgramData\Oracle 2015-02-09 14:58 - 2009-03-12 21:41 - 00000000 ____D () C:\Program Files\Java 2015-02-09 14:56 - 2014-11-29 16:55 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2015-02-06 21:00 - 2012-04-01 09:56 - 00000000 ____D () C:\Program Files\iTunes 2015-02-06 20:58 - 2008-09-20 20:37 - 00000000 ____D () C:\Program Files\Common Files\Apple 2015-02-06 19:24 - 2012-03-30 18:17 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-02-06 19:24 - 2011-05-15 09:55 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl ==================== Files in the root of some directories ======= 2014-03-05 17:11 - 2014-03-20 20:43 - 0000000 _____ () C:\Program Files\Mozilla Firefoxavg-secure-search.xml 2009-02-24 21:36 - 2009-02-24 21:41 - 2616184 _____ () C:\Users\alf\AppData\Roaming\install.txt 2010-03-14 22:00 - 2010-03-14 22:00 - 0000018 _____ () C:\Users\alf\AppData\Roaming\userdic.tlx 2009-01-01 16:58 - 2009-09-03 19:49 - 0005402 _____ () C:\Users\alf\AppData\Roaming\UserTile.png 2013-07-27 15:15 - 2014-01-27 21:25 - 0000139 _____ () C:\Users\alf\AppData\Roaming\WB.CFG 2013-06-18 19:15 - 2014-01-27 21:25 - 0000005 _____ () C:\Users\alf\AppData\Roaming\WBPU-TTL.DAT 2008-10-28 22:10 - 2014-01-28 18:23 - 0000680 _____ () C:\Users\alf\AppData\Local\d3d9caps.dat 2008-09-09 21:20 - 2014-12-23 12:22 - 0149504 _____ () C:\Users\alf\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2009-06-12 19:41 - 2009-06-12 19:41 - 0000091 _____ () C:\Users\alf\AppData\Local\fusioncache.dat 2010-02-16 22:25 - 2012-02-08 23:06 - 1184696 _____ () C:\Users\alf\AppData\Local\rx_audio.Cache 2010-02-16 22:24 - 2012-02-08 23:06 - 18382848 _____ () C:\Users\alf\AppData\Local\rx_image.Cache 2012-03-05 21:07 - 2012-03-05 21:07 - 0017408 _____ () C:\Users\alf\AppData\Local\WebpageIcons.db 2013-07-13 19:24 - 2013-07-13 19:32 - 0000008 _____ () C:\Users\alf\AppData\Local\~wmrg 2009-08-30 15:32 - 2009-09-01 16:33 - 0002060 _____ () C:\ProgramData\hpzinstall.log Some content of TEMP: ==================== C:\Users\alf\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpiqwpv6.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-02-22 20:06 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 22-02-2015 Ran by alf at 2015-02-23 13:13:12 Running from C:\Users\alf\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.9.0.1380 - Adobe Systems Incorporated) Adobe Dreamweaver CS3 (HKLM\...\Adobe_25db75244653b42cb93dc27939d1c0e) (Version: 9.0 - Adobe Systems Incorporated) Adobe Fireworks CS4 (HKLM\...\Adobe_ccb135070a90ff24d6e7cc4bc5a59cb) (Version: 10.0 - Adobe Systems Incorporated) Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated) Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated) Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated) Adobe Reader X (10.1.13) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated) Adobe Shockwave Player 11.5 (HKLM\...\Adobe Shockwave Player) (Version: 11.5.1.601 - Adobe Systems, Inc.) Adobe SVG Viewer 3.0 (HKLM\...\Adobe SVG Viewer) (Version: 3.0 - ) Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version: - Agere Systems) AIO_CDA_Software (Version: 82.0.233.000 - Hewlett-Packard) Hidden AIO_Scan (Version: 82.0.173.000 - Hewlett-Packard) Hidden ALDI TALK Verbindungsassistent (HKLM\...\ALDITALKVerbindungsassistent) (Version: ALDI TALK 4.0 - ALDI TALK Verbindungsassistent) Amazon Music (HKU\S-1-5-21-3266977579-4003141749-4249582801-1003\...\Amazon Amazon Music) (Version: 3.4.0.628 - Amazon Services LLC) Apple Application Support (32-Bit) (HKLM\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{28ED482A-56DB-47D9-8D9E-990FA8CD7D3D}) (Version: 8.1.0.18 - Apple Inc.) Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Atheros WLAN Client (HKLM\...\{04983D37-2202-4295-94A2-8B547C66133F}) (Version: 1.00.000 - ) ATI Catalyst Install Manager (HKLM\...\{9DCC214C-CD1A-1115-6775-A9056185FE4E}) (Version: 3.0.664.0 - ATI Technologies, Inc.) AudibleManager (HKLM\...\AudibleManager) (Version: 34790577.-2.1999270006.1999269020 - Audible, Inc.) AviSynth 2.5 (HKLM\...\AviSynth) (Version: - ) AVStation Now (HKLM\...\InstallShield_{FD53302C-8E7B-4730-8AD8-86A889BDBFAB}) (Version: 4.0.10.6 - Ihr Firmenname) AVStation Now (Version: 4.0.10.6 - Ihr Firmenname) Hidden Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.) BUDNI Fotowelt (HKLM\...\BUDNI Fotowelt) (Version: 5.0.1 - CEWE COLOR AG u Co. OHG) BufferChm (Version: 82.0.173.000 - Hewlett-Packard) Hidden Business Contact Manager für Outlook 2007 SP2 (HKLM\...\Business Contact Manager) (Version: 3.0.8619.1 - Microsoft Corporation) Business Contact Manager für Outlook 2007 SP2 (Version: 3.0.8619.1 - Microsoft Corporation) Hidden Catalyst Control Center - Branding (HKLM\...\{2433BAD7-453F-473D-BE81-455E68940DEB}) (Version: 1.00.0000 - ATI) ccc-core-static (Version: 2008.0318.2139.36886 - Ihr Firmenname) Hidden CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform) Connect (Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden Copy (Version: 120.0.214.000 - Hewlett-Packard) Hidden Core Temp version 0.99.8 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 0.99.8 - Arthur Liberman) CorelDRAW Graphics Suite 12 (HKLM\...\{505AFDC0-5E72-4928-8368-5DEA385E3647}) (Version: 12.0.0.458 - Corel Corporation) CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden D6100 (Version: 82.0.233.000 - Hewlett-Packard) Hidden D6100_D7100_D7300_Help (Version: 82.0.233.000 - Hewlett-Packard) Hidden Destination Component (Version: 090.000.091.086 - Hewlett-Packard) Hidden DeviceDiscovery (Version: 110.0.180.000 - Hewlett-Packard) Hidden DirectXInstallService (Version: 9.0.1 - Roxio) Hidden DivX Converter (HKLM\...\{B13A7C41581B411290FBC0395694E2A9}) (Version: 7.1.0 - DivX, Inc.) DivX Plus DirectShow Filters (HKLM\...\DivX Plus DirectShow Filters) (Version: - DivX, Inc.) DivX-Setup (HKLM\...\DivX Setup) (Version: 2.6.1.100 - DivX, LLC) DocProc (Version: 8.1.0.0 - Hewlett-Packard) Hidden DocProcQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden Dropbox (HKU\S-1-5-21-3266977579-4003141749-4249582801-1003\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.) DVD Suite (HKLM\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 5.0.2103 - CyberLink Corporation) East-Tec DisposeSecure 2006 Enterprise Version 3.5 (HKLM\...\East-Tec DisposeSecure 2006 Enterprise_is1) (Version: - EAST Technologies) Easy Battery Manager (HKLM\...\{6F730513-8688-4C3C-90A3-6B9792CE2EF3}) (Version: 3.2.1.1 - ) Easy Display Manager (HKLM\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 2.0.0.0 - Samsung) Easy Network Manager 3.0 (HKLM\...\InstallShield_{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}) (Version: 3.0.0.0 - Ihr Firmenname) Easy Network Manager 3.0 (Version: 3.0.0.0 - Ihr Firmenname) Hidden Easy SpeedUp Manager (HKLM\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 2.0.0.14 - ) EMC 10 Content (HKLM\...\{FDB46DE7-9045-47BB-970A-3E4ED5369E03}) (Version: 1.0.015 - Ihr Firmenname) eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden Exact Audio Copy 0.99pb3 (HKLM\...\Exact Audio Copy) (Version: 0.99pb3 - Andre Wiethoff) Fax (Version: 120.0.194.000 - Hewlett-Packard) Hidden Firebird SQL Server - MAGIX Edition (HKLM\...\Firebird SQL Server D) (Version: 2.0.1.13 - MAGIX AG) Firefighters 2014 (HKLM\...\Steam App 291910) (Version: - VIS - Visual Imagination Software) GEAR driver installer 4.020 (HKLM\...\{983CFCAC-5C96-4018-8BEC-D6581644C654}) (Version: 4.020.5 - GEAR Software) Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.) Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden HP Customer Participation Program 8.0 (HKLM\...\HPExtendedCapabilities) (Version: 8.0 - HP) HP Deskjet & Photosmart Printer Driver Software 8.0.A (HKLM\...\{981DE354-9301-440f-AAFC-025AA2354A93}) (Version: 8.0 - HP) HP Imaging Device Functions 8.0 (HKLM\...\HP Imaging Device Functions) (Version: 8.0 - HP) HP OCR Software 8.0 (HKLM\...\HPOCR) (Version: 8.0 - HP) HP Photosmart Essential (HKLM\...\{EB21A812-671B-4D08-B974-2A347F0D8F70}) (Version: 1.12.0.46 - HP) HP Photosmart.All-In-One Driver Software 8.0 .A (HKLM\...\{282E5AB2-8E47-4571-B6FA-6B512555B557}) (Version: 8.0 - HP) HP PrecisionScan LTX (HKLM\...\HP PrecisionScan LTX) (Version: - ) HP Solution Center 8.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 8.0 - HP) HP Update (HKLM\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard) HPProductAssistant (Version: 82.0.173.000 - Hewlett-Packard) Hidden HPSSupply (HKLM\...\{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}) (Version: 2.1.3.0000 - Ihr Firmenname) imagine digital freedom - Samsung (HKLM\...\{00AF10C1-44BD-4862-9D7F-24E6BA3E87FD}) (Version: 1.0.2.0 - Samsung Electronics Co., LTD) IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.35 - Irfan Skiljan) iTunes (HKLM\...\{B8032A6B-C4D0-4744-B75F-9DDCB56B5C6F}) (Version: 12.1.0.71 - Apple Inc.) Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation) Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Kaspersky Internet Security (HKLM\...\InstallWIX_{02FECEE0-16B2-43DB-BC3B-C844477FC142}) (Version: 15.0.2.361 - Kaspersky Lab) Kaspersky Internet Security (Version: 15.0.2.361 - Kaspersky Lab) Hidden kuler (Version: 2.0 - Adobe Systems Incorporated) Hidden LabelPrint 2.0 (HKLM\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: - ) Lansweeper 3.2 (HKLM\...\Lansweeper_is1) (Version: 3.2 - Lansweeper.com) LightScribe 1.8.15.1 (Version: 1.8.15.1 - hxxp://www.lightscribe.com) Hidden MarketResearch (Version: 82.0.174.000 - Hewlett-Packard) Hidden Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - ) Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - ) Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - ) Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - ) Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office 2003 Web Components (HKLM\...\{90A40407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8003.0 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office FrontPage 2003 (HKLM\...\{90170407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation) Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation) Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation) Microsoft Office Small Business Connectivity Components (HKLM\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SOAP Toolkit 2.0 SP2 (HKLM\...\{36BEAD11-8577-49AD-9250-E06A50AE87B0}) (Version: 623.1 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Mozilla Firefox 26.0 (x86 de) (HKLM\...\Mozilla Firefox 26.0 (x86 de)) (Version: 26.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 26.0 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP2 and SOAP Toolkit 3.0 (Version: 1.0.0.0 - Webroot Software, Inc.) Hidden Namo WebEditor 8 (HKLM\...\{D3507473-2CE3-4073-A6BA-A0846B5CC687}) (Version: 8.00.000 - Namo Interactive, Inc.) Nero 8 (HKLM\...\{B944FA21-81AF-4A77-8328-CE4F4CC51031}) (Version: 8.10.20 - Nero AG) OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden PDF24 Creator 6.2.0 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org) Photoshop Camera Raw (Version: 5.0 - Adobe Systems Incorporated) Hidden Play AVStation (HKLM\...\InstallShield_{955597D8-E5E1-474D-B647-60AC44566D24}) (Version: 4.1.20.47 - Ihr Firmenname) Play AVStation (Version: 4.1.20.47 - Ihr Firmenname) Hidden PlayCamera (HKLM\...\{804F1285-8CBF-408D-8CDC-D4D40003B2E4}) (Version: 1.0.1.1 - ) Power2Go 5.0 (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: - ) PowerDirector (HKLM\...\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: - ) PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.0.2802.0 - CyberLink Corporation) PowerProducer (HKLM\...\{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 074429(3.7)_Vista_SSPC - CyberLink Corp.) QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5659 - Realtek Semiconductor Corp.) Safari (HKLM\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.) Samsung Magic Doctor (HKLM\...\{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}) (Version: 5.00 - Samsung Electronics Co., LTD) Samsung Recovery Solution II (HKLM\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 1.0.3.21 - Samsung) Samsung Update Plus (HKLM\...\InstallShield_{A5F483F0-2D79-4FCA-AE09-D0D96E23EBF7}) (Version: 2.0 - Samsung Electronics Co., LTD) Samsung Update Plus (Version: 2.0 - Samsung Electronics Co., LTD) Hidden Scan (Version: 8.1.0.0 - Hewlett-Packard) Hidden Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden SF_CDA_ProductContext (Version: 82.0.233.000 - Hewlett-Packard) Hidden SF_CDA_Software (Version: 82.0.233.000 - Hewlett-Packard) Hidden Skins (Version: 2008.0318.2139.36886 - ATI) Hidden Skype™ 7.1 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.) SmartSound Quicktracks Plugin (HKLM\...\InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}) (Version: 3.0.8.0 - SmartSound Software Inc) SmartSound Quicktracks Plugin (Version: 3.0.8.0 - SmartSound Software Inc) Hidden SolutionCenter (Version: 82.0.188.000 - Hewlett-Packard) Hidden Spotify (HKU\S-1-5-21-3266977579-4003141749-4249582801-1003\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB) Status (Version: 110.0.180.000 - Hewlett-Packard) Hidden Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) Suite Shared Configuration CS4 (Version: 1.0 - Adobe Systems Incorporated) Hidden SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.0.1144 - SUPERAntiSpyware.com) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.1.2.0 - Synaptics) TomTom HOME (HKLM\...\{99072AB4-D795-44D5-9D65-E3C9F8322C97}) (Version: 2.9.7 - Ihr Firmenname) TomTom HOME Visual Studio Merge Modules (HKLM\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.) Toolbox (Version: 82.0.173.000 - Hewlett-Packard) Hidden Total Commander (Remove or Repair) (HKLM\...\Totalcmd) (Version: - ) TrayApp (Version: 110.0.180.000 - Hewlett-Packard) Hidden TuneUp Utilities 2012 (HKLM\...\TuneUp Utilities 2012) (Version: 12.0.2160.11 - TuneUp Software) TuneUp Utilities 2012 (Version: 12.0.2160.11 - TuneUp Software) Hidden TuneUp Utilities Language Pack (de-DE) (Version: 12.0.2160.11 - TuneUp Software) Hidden Ulead GIF Animator 5 (HKLM\...\{8AF3E926-ED59-11D4-A44B-0000E86D2305}) (Version: - ) UnloadSupport (Version: 1.00.0000 - Hewlett-Packard) Hidden Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft) Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft) Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft) Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft) User Guide (HKLM\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.0 - ) VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden VCRedistSetup (Version: 1.0.0 - Nero AG) Hidden Vimicro UVC Camera (HKLM\...\{71A51B09-E7D3-11DB-A386-005056C00008}) (Version: 1.00.0000 - Vimicro Corporation) VLC media player 2.1.2 (HKLM\...\VLC media player) (Version: 2.1.2 - VideoLAN) VueScan x32 (HKLM\...\VueScan x32) (Version: - ) WebEx Support Manager for Internet Explorer (HKLM\...\{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}) (Version: 6.5.47 - WebEx Communications Inc.) web'n'walk Manager (HKLM\...\{25DEC9F7-08C7-4511-9B4A-40A61E40658E}) (Version: 2.5.0.68 - Option NV) WebReg (Version: 82.0.173.000 - Hewlett-Packard) Hidden WIDCOMM Bluetooth Software 6.0.1.5000 (HKLM\...\{03D1988F-469F-4843-8E6E-E5FE9D17889D}) (Version: 6.0.1.5000 - WIDCOMM, Inc.) Windows 7 Upgrade Advisor (HKLM\...\{9A4D182C-35C7-4791-8484-4304EBC9101A}) (Version: 2.0.5000.0 - Microsoft Corporation) Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation) Windows Live Mesh ActiveX control for remote connections (HKLM\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Sync (HKLM\...\{ED636101-1959-4360-8BF7-209436E7DEE4}) (Version: 14.0.8064.206 - Microsoft Corporation) Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp) Windows Movie Maker 2.6 (HKLM\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4040.0 - Microsoft Corporation) WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - ) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-3266977579-4003141749-4249582801-1003_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\alf\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3266977579-4003141749-4249582801-1003_Classes\CLSID\{3A999A50-AB25-4A20-90A9-08F71FCE320F}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\W32X86\3\HPCDMC32.DLL (HP) CustomCLSID: HKU\S-1-5-21-3266977579-4003141749-4249582801-1003_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> C:\Users\alf\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.) CustomCLSID: HKU\S-1-5-21-3266977579-4003141749-4249582801-1003_Classes\CLSID\{98087D89-B93F-4BCF-A998-AE4D9F607C14}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\W32X86\3\HPCDMC32.DLL (HP) CustomCLSID: HKU\S-1-5-21-3266977579-4003141749-4249582801-1003_Classes\CLSID\{B286F068-5B17-4AE8-989B-8F9A199C47BA}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\W32X86\3\HPCDMC32.DLL (HP) CustomCLSID: HKU\S-1-5-21-3266977579-4003141749-4249582801-1003_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\alf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3266977579-4003141749-4249582801-1003_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\alf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3266977579-4003141749-4249582801-1003_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\alf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3266977579-4003141749-4249582801-1003_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\alf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3266977579-4003141749-4249582801-1003_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\alf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3266977579-4003141749-4249582801-1003_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\alf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3266977579-4003141749-4249582801-1003_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\alf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3266977579-4003141749-4249582801-1003_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\alf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3266977579-4003141749-4249582801-1003_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\alf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ==================== Restore Points ========================= 20-02-2015 10:56:09 Geplanter Prüfpunkt 22-02-2015 21:10:20 Geplanter Prüfpunkt ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2006-11-02 11:23 - 2013-03-15 17:31 - 00000147 ___RA C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {11DEB8AD-8E8C-419C-9F28-016A1A1AD042} - System32\Tasks\SupBackGroundTask => C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe [2010-04-20] () Task: {15AACBCD-297F-4BB0-AB85-AB400AC60522} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {21F9C1A5-3777-4A83-9D09-83197CE45669} - System32\Tasks\{AB9605BB-53F4-494E-AE24-32FB6BA003F3} => pcalua.exe -a C:\Users\alf\Downloads\INSTALL.EXE -d C:\Users\alf\Downloads Task: {264C2D85-4D5C-48FB-9363-5D0CC6859E69} - System32\Tasks\{6D9A986F-D59D-421B-831B-EA8AA0DEF238} => pcalua.exe -a "C:\Users\alf\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4TP1BFNC\vlc[1].exe" -d C:\Users\alf\Desktop Task: {2AA082C7-4803-4954-B360-FF0E5BC76E68} - System32\Tasks\EasyBatteryManager => C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe [2008-01-02] (SAMSUNG Electronics co., LTD.) Task: {2B8DA84C-C3AF-4A6E-BB38-C16B0B72FAFC} - System32\Tasks\Microsoft\Windows\RestartManager\{92ADDA93-CC20-4b30-8ED0-D8B450D62735} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation) Task: {42016A41-AF7B-4605-86F6-9DA4A299A70E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {4F3F5B76-406E-40B7-94CD-8BD3C1163081} - System32\Tasks\{CF628063-ABC7-480C-BD11-65B3E8D0773F} => pcalua.exe -a "C:\Users\alf\Downloads\Documents\ImTOO DVD Ripper 2.0.11\SETUP.exe" -d "C:\Users\alf\Downloads\Documents\ImTOO DVD Ripper 2.0.11" Task: {560263C3-F387-4F2A-8AB2-F60B20106E19} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2012 => C:\Program Files\TuneUp Utilities 2012\OneClick.exe [2011-12-14] (TuneUp Software) Task: {578A8F9A-D86C-4B43-BB35-831D6DA7E1EB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-08-17] (Google Inc.) Task: {578F03D0-EE09-4B88-8CDB-BB25BAE85976} - System32\Tasks\Microsoft\Windows\RestartManager\{5577BCA0-7EED-4e1e-AD1E-5325F08E3608} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation) Task: {58E271A3-5212-4CC5-BCA1-9190A360B28B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-08-17] (Google Inc.) Task: {66636432-B073-4797-9DB4-D68B08855FDE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-06] (Adobe Systems Incorporated) Task: {76D47263-9F0C-4474-B644-4BEC73D0EAA8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd) Task: {7F369FDF-17D5-4130-B165-7917412526D4} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {82583C58-CBA8-4AC1-A74E-8CE24ADE034E} - System32\Tasks\EasySpeedUpManager => C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [2007-12-28] (Samsung Electronics Co., Ltd.) Task: {827EAA49-9A57-4686-AFE9-C82866E5C0AD} - System32\Tasks\advSRSII => C:\Program Files\Samsung\Samsung Recovery Solution II\WCScheduler.exe [2008-01-30] () Task: {8BF12B5C-D95F-479D-833E-EF0E03E76985} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-19] (Microsoft Corporation) Task: {999BD4AD-CB5B-43F6-86D9-30E8C1B0B88F} - System32\Tasks\Divx-Online-Aktualisierungsprogramm => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2014-01-10] () Task: {B6FAED13-534C-4A73-80DD-01F6B6D4BC88} - System32\Tasks\{385CEB9D-3E12-4A4D-87B1-FD8BBC53EA74} => pcalua.exe -a "C:\Users\alf\Downloads\Documents\ImTOO DVD Audio Ripper 1.0.17\SETUP.exe" -d "C:\Users\alf\Downloads\Documents\ImTOO DVD Audio Ripper 1.0.17" Task: {C1C46FF6-7EA2-4B8B-9405-6113FED34DD7} - System32\Tasks\{3F0472EA-5B61-440E-BD66-7371BC1CE214} => pcalua.exe -a E:\EMC_100\BIN\DotNetFX.exe -d E:\ -c /q:a /c:"install /l /q" Task: {C599191B-7D1C-4794-BD13-42607939D790} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2014-12-17] (Oracle Corporation) Task: {D9ED82AA-A714-40E1-84F5-FEC679BEE95E} - System32\Tasks\Microsoft\Windows\RestartManager\{5C024DC4-95AB-47d0-A784-B08DE36E3C6F} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation) Task: {E12679BA-7AFE-4C57-9320-951BE12D7ADA} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - alf => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation) Task: {EC7BFDA4-4533-4C92-95E6-2AFF5B0DDB81} - System32\Tasks\SamsungMagicDoctor => C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe [2007-07-04] (Samsung Electronics Co., Ltd.) Task: {F8A5340B-69BF-4AEE-9F50-6E30203EF659} - System32\Tasks\EasyDisplayMgr => C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [2007-06-01] (SAMSUNG Electronics) Task: {FB3124CF-9294-4236-82B0-D1B1037E56AD} - System32\Tasks\{FDB66AAD-065A-4401-A416-6116F367E2FF} => pcalua.exe -a C:\Users\alf\Downloads\sj644ge\SETUP.EXE -d C:\Users\alf\Downloads\sj644ge (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\SupBackGroundTask.job => C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe Task: C:\Windows\Tasks\User_Feed_Synchronization-{D403DEC0-4150-4592-8848-B141569C6080}.job => C:\Windows\system32\msfeedssync.exe ==================== Loaded Modules (whitelisted) ============== 2014-12-17 12:26 - 2011-09-13 09:16 - 00342984 ____N () C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe 2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2015-01-20 22:35 - 2015-01-20 22:35 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2014-12-23 16:54 - 2014-12-23 16:54 - 01272616 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\kpcengine.2.3.dll 2008-04-16 00:22 - 2006-12-19 14:23 - 00272024 _____ () C:\Program Files\CyberLink\Shared Files\RichVideo.exe 2014-08-08 22:13 - 2014-12-18 17:20 - 00435184 _____ () C:\Program Files\Search\WebSearch.exe 2008-12-01 16:16 - 2005-10-07 15:05 - 00125440 _____ () C:\Program Files\WinRAR\rarext.dll 2008-04-15 06:40 - 2008-03-18 14:04 - 00159744 ____N () C:\Windows\system32\atitmmxx.dll 2008-04-16 00:43 - 2006-08-12 04:48 - 00049152 _____ () C:\Program Files\SAMSUNG\EasySpeedUpManager\HookDllPS2.dll 2008-04-16 00:39 - 2008-01-30 04:00 - 01926144 _____ () C:\Program Files\Samsung\Samsung Recovery Solution II\WCScheduler.exe 2008-04-16 00:39 - 2007-12-09 07:08 - 02811392 _____ () C:\Program Files\Samsung\Samsung Recovery Solution II\Resdll.dll 2008-04-16 02:14 - 2006-08-12 04:48 - 00049152 _____ () C:\Program Files\Samsung\Samsung Magic Doctor\HookDllPS2.dll 2008-04-16 00:37 - 2006-08-12 04:48 - 00049152 _____ () C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll 2008-04-16 00:37 - 2006-09-19 01:52 - 00028672 _____ () C:\Program Files\Samsung\Easy Display Manager\WinMove.dll 2014-10-06 23:15 - 2014-09-06 01:54 - 06281536 _____ () C:\Users\alf\AppData\Local\Amazon Music\Amazon Music Helper.exe 2015-02-10 22:00 - 2015-02-10 22:00 - 00750080 _____ () C:\Users\alf\AppData\Roaming\Dropbox\bin\libGLESv2.dll 2015-02-22 19:54 - 2015-02-22 19:54 - 00043008 _____ () c:\users\alf\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpiqwpv6.dll 2015-02-10 22:00 - 2015-02-10 22:00 - 00047616 _____ () C:\Users\alf\AppData\Roaming\Dropbox\bin\libEGL.dll 2015-02-10 22:00 - 2015-02-10 22:00 - 00865280 _____ () C:\Users\alf\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll 2015-02-10 22:00 - 2015-02-10 22:00 - 00200704 _____ () C:\Users\alf\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll 2015-01-21 03:06 - 2015-01-21 03:06 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll 2008-03-18 04:21 - 2008-03-18 04:21 - 00016384 ____R () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll 2015-01-20 22:35 - 2015-01-20 22:35 - 00237352 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxslt.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:AD022376 ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3266977579-4003141749-4249582801-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\alf\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg DNS Servers: 192.168.0.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\Services: WinDefend => 3 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Dienst-Manager.lnk => C:\Windows\pss\Dienst-Manager.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Launcher.lnk => C:\Windows\pss\Launcher.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^web'n'walk Manager.lnk => C:\Windows\pss\web'n'walk Manager.lnk.CommonStartup MSCONFIG\startupfolder: C:^Users^alf^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup MSCONFIG\startupfolder: C:^Users^alf^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Windows Calendar.lnk => C:\Windows\pss\Windows Calendar.lnk.Startup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" MSCONFIG\startupreg: AdobeCS4ServiceManager => "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin MSCONFIG\startupreg: Amazon Cloud Player => "C:\Users\alf\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe" MSCONFIG\startupreg: AmazonMP3DownloaderHelper => C:\Users\alf\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe MSCONFIG\startupreg: CorelDRAW Graphics Suite 11b => C:\Program Files\Corel\Corel Graphics 12\Languages\DE\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=040509 serial=dr12cub-5137358-mcc lang=DE MSCONFIG\startupreg: DivXMediaServer => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe MSCONFIG\startupreg: DivXUpdate => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW MSCONFIG\startupreg: DMXLauncher => "C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe" MSCONFIG\startupreg: HP Software Update => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: LanguageShortcut => "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" MSCONFIG\startupreg: LELA => "C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" /minimized MSCONFIG\startupreg: NBKeyScan => "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" MSCONFIG\startupreg: NeroFilterCheck => C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe MSCONFIG\startupreg: PDFPrint => C:\Program Files\pdf24\pdf24.exe MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: RemoteControl => "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" MSCONFIG\startupreg: RoxWatchTray => "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" MSCONFIG\startupreg: RtHDVCpl => RtHDVCpl.exe MSCONFIG\startupreg: SDTray => "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" MSCONFIG\startupreg: Spotify => "C:\Users\alf\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\alf\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" MSCONFIG\startupreg: Spybot-S&D Cleaning => "C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean MSCONFIG\startupreg: TomTomHOME.exe => "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" MSCONFIG\startupreg: TrayServer => C:\Program Files\MAGIX\Filme_auf_DVD_7_TerraTec_Edition\TrayServer.exe MSCONFIG\startupreg: Windows Defender => "%ProgramFiles%\Windows Defender\MSASCui.exe" -hide ==================== Accounts: ============================= Administrator (S-1-5-21-3266977579-4003141749-4249582801-500 - Administrator - Disabled) alf (S-1-5-21-3266977579-4003141749-4249582801-1003 - Administrator - Enabled) => C:\Users\alf ASPNET (S-1-5-21-3266977579-4003141749-4249582801-1007 - Limited - Enabled) Gast (S-1-5-21-3266977579-4003141749-4249582801-501 - Limited - Disabled) nicole (S-1-5-21-3266977579-4003141749-4249582801-1004 - Limited - Enabled) => C:\Users\nicole ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (02/23/2015 09:33:20 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 40741611 Error: (02/23/2015 09:33:20 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 40741611 Error: (02/23/2015 09:33:20 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (02/23/2015 09:33:19 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 40740597 Error: (02/23/2015 09:33:19 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 40740597 Error: (02/23/2015 09:33:19 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (02/23/2015 09:33:18 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 40739599 Error: (02/23/2015 09:33:18 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 40739599 Error: (02/23/2015 09:33:18 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (02/23/2015 09:33:17 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 40738601 System errors: ============= Error: (02/22/2015 07:53:25 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: Search Error: (02/22/2015 07:53:22 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: HP CUE DeviceDiscovery Service Error: (02/22/2015 07:52:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: SessionLauncher%%3 Error: (02/22/2015 07:52:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Aspi32%%2 Error: (02/22/2015 07:52:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Parallel port driver%%1058 Error: (02/20/2015 02:46:38 PM) (Source: DCOM) (EventID: 10016) (User: alf-PC) Description: ComputerstandardLokalAktivierung{9BA05972-F6A8-11CF-A442-00A0C90A8F39}alf-PCalfS-1-5-21-3266977579-4003141749-4249582801-1003LocalHost (unter Verwendung von LRPC) Error: (02/20/2015 02:01:30 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: Search Error: (02/20/2015 02:01:30 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: HP CUE DeviceDiscovery Service Error: (02/20/2015 02:01:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: SessionLauncher%%3 Error: (02/20/2015 02:01:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Aspi32%%2 Microsoft Office Sessions: ========================= Error: (01/03/2015 09:35:19 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6713.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1343 seconds with 480 seconds of active time. This session ended with a crash. Error: (12/17/2014 00:35:37 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6713.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 41 seconds with 0 seconds of active time. This session ended with a crash. Error: (10/07/2013 06:35:07 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 28 seconds with 0 seconds of active time. This session ended with a crash. Error: (05/22/2013 05:26:56 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 13832 seconds with 7920 seconds of active time. This session ended with a crash. Error: (01/06/2012 10:59:42 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 2611 seconds with 180 seconds of active time. This session ended with a crash. Error: (09/16/2011 06:47:31 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9 seconds with 0 seconds of active time. This session ended with a crash. Error: (09/16/2010 07:16:59 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 237 seconds with 120 seconds of active time. This session ended with a crash. Error: (07/20/2010 08:25:06 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 80 seconds with 60 seconds of active time. This session ended with a crash. Error: (03/08/2010 02:49:43 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1450 seconds with 120 seconds of active time. This session ended with a crash. Error: (03/01/2010 05:38:11 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 258 seconds with 180 seconds of active time. This session ended with a crash. CodeIntegrity Errors: =================================== Date: 2015-02-23 13:12:54.026 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\klif.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-02-23 13:12:53.073 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\klif.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-02-23 13:12:52.102 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\klif.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-02-23 13:12:51.129 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\klif.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-02-23 13:12:49.865 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\klhk.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-02-23 13:12:48.900 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\klhk.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-02-23 13:12:47.924 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\klhk.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-02-23 13:12:46.958 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\klhk.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-02-23 13:12:45.923 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\klflt.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-02-23 13:12:44.957 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\klflt.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Processor: Intel(R) Pentium(R) Dual CPU T2390 @ 1.86GHz Percentage of memory in use: 62% Total physical RAM: 3069.45 MB Available physical RAM: 1143.38 MB Total Pagefile: 6375.21 MB Available Pagefile: 3918.01 MB Total Virtual: 2047.88 MB Available Virtual: 1884.48 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:144 GB) (Free:20.4 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: () (Fixed) (Total:144.09 GB) (Free:35.17 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 298.1 GB) (Disk ID: BD17C37C) Partition 1: (Not Active) - (Size=10 GB) - (Type=27) Partition 2: (Active) - (Size=144 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=144.1 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Ich hoffe, Ihr könnt mir evtl. helfen. Vielen Dank schonmal!!! |
Themen zu Bikiniland eingefangen |
adware, autorun, bonjour, branding, browser, converter, cpu, desktop, device driver, excel, flash player, home, homepage, install.exe, kaspersky, kis, mozilla, registry, rundll, security, services.exe, software, svchost.exe, system, tastatur, usb, windows, wlan |