| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Windows 8: Problem beim Starten von C:\ Problem Files (x86)\HomeTab\TBUpdater.dllWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
25.02.2015, 22:26
| #7 |
| |  Windows 8: Problem beim Starten von C:\ Problem Files (x86)\HomeTab\TBUpdater.dllCode:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=a81ab3e27ce7fb4aaf421b4596e26a20
# engine=22644
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-02-25 09:08:42
# local_time=2015-02-25 10:08:42 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 44925 15202841 0 0
# scanned=231836
# found=45
# cleaned=0
# scan_time=16650
sh=C50FFADED205B01EBC4E7BA772807CA2B44BB10D ft=1 fh=dca2a780d04945e1 vn="Win32/Systweak.O evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-984009953-2054991388-573099890-1001\$RI95H1U\CleanSchedule.exe"
sh=29537B5D9E0B9006067890E1D21D0CE6F22E8A99 ft=1 fh=6e7ef67f604e413f vn="Win32/MyPCBackup.A evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-984009953-2054991388-573099890-1001\$RI95H1U\Cloud_Backup_Setup.exe"
sh=EE0DBC090D6FC9DA0D0A84516D8D34BF1F96E196 ft=1 fh=44b5db033c27eea0 vn="Win32/MyPCBackup.A evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-984009953-2054991388-573099890-1001\$RI95H1U\Cloud_Backup_Setup_Intl.exe"
sh=C609F1B3D3896941E8090DC011CF7992B1E61AA3 ft=1 fh=9bef9bfcb4865cb7 vn="Variante von Win32/Systweak.K evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-984009953-2054991388-573099890-1001\$RI95H1U\RCPUninstall.exe"
sh=EA2AD0C1C62FCC2FFB5EA1C12B309EFA608334D7 ft=1 fh=f1f019b4657bd0a1 vn="Variante von Win32/Systweak evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-984009953-2054991388-573099890-1001\$RI95H1U\RegCleanPro.exe"
sh=4F2D43FFB1775DFE2101529769637B9741E2D473 ft=1 fh=7bf72ba7e7e381f9 vn="MSIL/AdvancedSystemProtector.D evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-984009953-2054991388-573099890-1001\$RI95H1U\systweakasp.exe"
sh=7ADA918402AADF250CF5DB5E0D90DDD0007D3574 ft=0 fh=0000000000000000 vn="Win32/BrowseFox.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\abadlpnchipkpeikchblnfiicfdoabei.crx.vir"
sh=10CFDCD98607281D7BBA2743EB475C12F6E5E289 ft=1 fh=75f0115131d7b472 vn="Variante von Win32/BrowseFox.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\6b89253f709740c79ead.dll.vir"
sh=5A9FDFCB869EDC9436C19858B67AB3D8D8C855BB ft=1 fh=f6cd94441255fa40 vn="Variante von Win32/BrowseFox.M evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\6b89253f709740c79ead2d5b1ceb02e2.dll.vir"
sh=ABC1A35FE3352B8CBB8570228F4568B244D0507D ft=1 fh=2b6aa72a62e67de6 vn="Variante von Win64/BrowseFox.CK evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\6b89253f709740c79ead2d5b1ceb02e264.dll.vir"
sh=8242612D2518F7F91DE68ACDA7C90A81B499ECE1 ft=1 fh=a57eec7ab841a192 vn="Variante von Win64/BrowseFox.CI evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\6b89253f709740c79ead64.dll.vir"
sh=5235A6C9DFC75B1DDEBC36349567C780E56489D5 ft=1 fh=b8a6486d9413c9cf vn="Variante von Win32/BrowseFox.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\94d62e354b43494cbf52.dll.vir"
sh=3311D4C9FC02C887195F1BEC3EFFDA8FD7712C71 ft=1 fh=06106c544737465c vn="Variante von Win64/BrowseFox.CI evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\94d62e354b43494cbf5264.dll.vir"
sh=10BBB079C5C692F10F75A95E92CB613C100B57C6 ft=1 fh=4f79a02a568a2a64 vn="Variante von Win32/BrowseFox.M evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\94d62e354b43494cbf52ba5935df36ef.dll.vir"
sh=AC662A8E097EA309309A636C3A01731E8CC40C83 ft=1 fh=eafb0b787cd16b8c vn="Variante von Win64/BrowseFox.CK evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\94d62e354b43494cbf52ba5935df36ef64.dll.vir"
sh=84DAE4229B0FA25801E9950CF3C882A4DC3225FA ft=1 fh=df28fea5b92c85ee vn="Variante von Win32/BrowseFox.AC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\AdvanceElite.BrowserAdapter.exe.vir"
sh=1D0FF4426E04C22981ECE2580BADB72D90C68FB5 ft=1 fh=f0b54cb21457846b vn="Win64/BrowseFox.CO evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\AdvanceElite.BrowserAdapter64.exe.vir"
sh=513526C62138CCDEC5E47877FAAFF592A26D1A54 ft=1 fh=36a071440f152c3b vn="Variante von Win64/BrowseFox.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\AdvanceElite.PurBrowse64.exe.vir"
sh=0AE6C1B8BB49B036F48FD9A7DD2AE357A0B7A231 ft=1 fh=dd2dc1605ca2e3cd vn="Variante von MSIL/BrowseFox.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\tmpA632.tmp.vir"
sh=ECD9BE001B00AC7EF693098EE7AE54A3AB6A4479 ft=1 fh=7356b78bebb6715b vn="Variante von MSIL/BrowseFox.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\plugins\AdvanceElite.BOAS.dll.vir"
sh=37CE863517E7678619AAE7DDD35BBC22DFDF3F60 ft=1 fh=a6c9b6c0c34ad732 vn="Variante von MSIL/BrowseFox.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\plugins\AdvanceElite.BrowserAdapter.dll.vir"
sh=25C4BB6F3734EFCDB3943542B7B14F3C6BFB5555 ft=1 fh=0661eb1fb4167e74 vn="Variante von MSIL/BrowseFox.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\plugins\AdvanceElite.CompatibilityChecker.dll.vir"
sh=C52443D3303878E0CAC729EB6AC8F2ACA71A1A07 ft=1 fh=47d72a94fa54db6a vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\plugins\AdvanceElite.ExpExt.dll.vir"
sh=2C5A0A41AD73935ABC2DC47C994B7E8E7156E4CC ft=1 fh=ad0e3869d0603c28 vn="Variante von MSIL/BrowseFox.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\plugins\AdvanceElite.FFUpdate.dll.vir"
sh=E8384B39114A596CF36B079138A1E681E034B245 ft=1 fh=348b3ec5bbab11e4 vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\plugins\AdvanceElite.GCUpdate.dll.vir"
sh=E0EAA3F9FF290B7C2FD53D1CCCE31E82C6423F2C ft=1 fh=d68d28db2310d19f vn="Variante von MSIL/BrowseFox.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\plugins\AdvanceElite.PurBrowse.dll.vir"
sh=7F63C44418FD7A4BFD2EE855B899EE0942D324CA ft=1 fh=7db21b28607f3ecd vn="Variante von MSIL/BrowseFox.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AdvanceElite\bin\plugins\AdvanceElite.Repmon.dll.vir"
sh=183FA7884C8F09DB56504441C23D3A150D5DC59C ft=1 fh=3b3e30cb444ba686 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\Smartbar.Resources.HistoryAndStatsWrapper.dll.vir"
sh=12B30F06DE4B38484E58A004543758EA9F65F36A ft=1 fh=781357805484811d vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\sppsm.dll.vir"
sh=C696420672CC9583EE25234BC40103134DEE216D ft=1 fh=52d20409e583a93c vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\spusm.dll.vir"
sh=6B94F68F9F3B598E2E5B4C3845D4F7EBFAB57B58 ft=1 fh=37f0c72682561d35 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\srbs.dll.vir"
sh=B37C9A6AF89E4F0FB618B9B240238E59BAF618BD ft=1 fh=79eafbea18d82a4d vn="Variante von MSIL/Toolbar.Linkury.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\srbu.dll.vir"
sh=CE152C474456A556DA72FF11046823390BB51F01 ft=1 fh=ff20f9951bba5771 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\srptc.dll.vir"
sh=5A46561BEE32696CC4E25BBFE1E1B75F434FBC64 ft=1 fh=847e21de271699c5 vn="Variante von MSIL/Toolbar.Linkury.M.gen evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\srut.dll.vir"
sh=66285FBD827C14BF7808ED02E5133A703F956D59 ft=1 fh=b5072f2ca542d5aa vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\DaemonProcess.exe.vir"
sh=08A5CE348D319335A92076C65C1091277AFED1B9 ft=1 fh=158b9db86261fb7d vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\WINDOWS\System32\roboot64.exe.vir"
sh=8630710F08E8717E29F5E93738131359CEEDC3E2 ft=0 fh=0000000000000000 vn="Win32/BrowseFox.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Steffi\AppData\Local\Google\Chrome\User Data\Default\Extensions\abadlpnchipkpeikchblnfiicfdoabei\1.0.1_0\background.js"
sh=8B63A3C81E933D26AA537ABB290FB33BF487150D ft=0 fh=0000000000000000 vn="Win32/BrowseFox.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Steffi\AppData\Local\Google\Chrome\User Data\Default\Extensions\abadlpnchipkpeikchblnfiicfdoabei\1.0.1_0\content.js"
sh=84837CFB721C1BBA135E2DCB7EFC1A349B4571A4 ft=1 fh=c71c001182094c20 vn="Win32/Advertiso.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Steffi\Downloads\adblock-plus.exe"
sh=2CDBD84DBD3ED4BF8314295F17337DB6D04FBFD0 ft=1 fh=f70fea667de54bb0 vn="Variante von Win32/InstallCore.QW evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Steffi\Downloads\adblock-plus_setup.exe"
sh=B76A5CC63664ACA535AA272C4ECD3194093BD71C ft=1 fh=3be70dd4ab41cb3d vn="Variante von MSIL/DownloadGuide.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Steffi\Downloads\dia-setup-0.97.2-Downloader.exe"
sh=A90F42D44C334CB926312AEDDA4B191E4B0C9FD2 ft=1 fh=accbe7d769f3d88a vn="Variante von Win32/InstallCore.QW evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Steffi\Downloads\FileOpenerSetup.exe"
sh=BFA0871C143D999258583C54E738F55B385C434B ft=1 fh=c7930b9cda96b124 vn="NSIS/StartPage.CC Trojaner" ac=I fn="C:\Users\Steffi\Downloads\vlc-2.0.8-win32.exe"
sh=4D0BE61FEFD01A5073FC17C72F664047A3DB77A2 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Babylon.I evtl. unerwünschte Anwendung" ac=I fn="E:\STEFFI-PC\Backup Set 2013-01-27 190000\Backup Files 2013-06-16 190000\Backup files 1.zip"
sh=C8161E944A7A3AE12D052CE717CF454628324117 ft=0 fh=0000000000000000 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="E:\STEFFI-PC\Backup Set 2013-01-27 190000\Backup Files 2013-06-16 190000\Backup files 3.zip"
Code:
ATTFilter Results of screen317's Security Check version 0.99.96 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Defender WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` McAfee SiteAdvisor Java 7 Update 67 Java version 32-bit out of Date! Java 64-bit 8 Update 31 Adobe Flash Player 16.0.0.305 Mozilla Firefox 32.0.3 Firefox out of Date! Google Chrome (40.0.2214.111) Google Chrome (40.0.2214.115) ````````Process Check: objlist.exe by Laurent```````` Windows Defender MSMpEng.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Malwarebytes Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-02-2015 01 Ran by Steffi (administrator) on STEFANIE on 25-02-2015 22:23:12 Running from C:\Users\Steffi\Downloads Loaded Profiles: Steffi (Available profiles: Steffi) Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Update\Lenovo Smart Update Service.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe (Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe (Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe () C:\ProgramData\ZDSupport\ZDServ\ZDServ.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Intel Corporation) C:\Windows\System32\igfxTray.exe () C:\ProgramData\ZDSupport\ZDServ\CancelAutoPlay_Server.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Intel) C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe (Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (Vimicro) C:\Program Files (x86)\USB Camera2\VM332STI.EXE (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Update\Lenovo Smart Update.exe (Dropbox, Inc.) C:\Users\Steffi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [380544 2012-06-29] (Alcor Micro Corp.) HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp HKLM\...\Run: [SynLenovoGestureMgr] => C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [665400 2012-11-30] (Synaptics) HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [887968 2012-06-14] (Conexant Systems, Inc.) HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] () HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.) HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17079376 2013-02-23] (Lenovo (Beijing) Limited) HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191568 2013-02-23] (Lenovo(beijing) Limited) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3008824 2012-11-30] (Synaptics Incorporated) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-01-27] (Apple Inc.) HKLM-x32\...\Run: [332BigDog] => C:\Program Files (x86)\USB Camera2\VM332STI.EXE [548864 2012-09-06] (Vimicro) HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-07-27] (CyberLink) HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167024 2012-07-27] (CyberLink Corp.) HKLM-x32\...\Run: [Smart Update] => C:\Program Files (x86)\Lenovo\Lenovo Smart Update\Lenovo Smart Update.exe [1706576 2012-07-23] (Lenovo) HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKLM\...\Policies\Explorer: [NoFolderOptions] 0 HKU\S-1-5-21-984009953-2054991388-573099890-1001\...\MountPoints2: {7d499848-3400-11e4-beaa-6036dddd843d} - "E:\AutoRun.exe" Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Motion Control.lnk ShortcutTarget: Motion Control.lnk -> C:\Program Files (x86)\Lenovo\MotionControl\MotionControl.exe () Startup: C:\Users\Steffi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Steffi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Steffi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 1050 J410 series.lnk ShortcutTarget: Tintenwarnungen überwachen - HP Deskjet 1050 J410 series.lnk -> C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.) ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Steffi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Steffi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Steffi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Steffi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.) ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.) ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.) ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Steffi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Steffi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Steffi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-984009953-2054991388-573099890-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKU\S-1-5-21-984009953-2054991388-573099890-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-984009953-2054991388-573099890-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com HKU\S-1-5-21-984009953-2054991388-573099890-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.) BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.) Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.) Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Steffi\AppData\Roaming\Mozilla\Firefox\Profiles\u09o1if9.default FF NewTab: about:home FF DefaultSearchEngine: Sichere Suche FF SearchEngineOrder.1: Sichere Suche FF SelectedSearchEngine: Sichere Suche FF Homepage: about:home FF Keyword.URL: https://de.search.yahoo.com/search?fr=mcafee&type=B114DE0D20140405&p= FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF SearchPlugin: C:\Users\Steffi\AppData\Roaming\Mozilla\Firefox\Profiles\u09o1if9.default\searchplugins\search_engine.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml FF Extension: AdvanceElite 1.0.1 - C:\Users\Steffi\AppData\Roaming\Mozilla\Firefox\Profiles\u09o1if9.default\Extensions\{7ca75459-7fab-41e4-9faa-c3de07fa4a2e}.xpi [2014-12-01] FF Extension: Adblock Plus - C:\Users\Steffi\AppData\Roaming\Mozilla\Firefox\Profiles\u09o1if9.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-09-09] FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14] FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2013-10-28] FF HKU\S-1-5-21-984009953-2054991388-573099890-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] FF Extension: No Name - C:\Users\Steffi\AppData\Roaming\Mozilla\Firefox\Profiles\u09o1if9.default\extensions\support@websteroidsapp.com [Not Found] FF Extension: No Name - C:\Users\Steffi\AppData\Roaming\Mozilla\Firefox\Profiles\u09o1if9.default\extensions\{ad7ef860-f366-4be1-8d12-4363b9356947} [Not Found] StartMenuInternet: FIREFOX.EXE - firefox.exe Chrome: ======= CHR HomePage: Default -> hxxp://search.conduit.com/?gd=&ctid=CT3323737&octid=EB_ORIGINAL_CTID&ISID=&SearchSource=55&CUI=&UM=5&UP=SP9E79B9D3-C825-44DA-95DB-700CB166DDD4&SSPV= CHR StartupUrls: Default -> "hxxp://search.conduit.com/?gd=&ctid=CT3323737&octid=EB_ORIGINAL_CTID&ISID=&SearchSource=55&CUI=&UM=5&UP=SP9E79B9D3-C825-44DA-95DB-700CB166DDD4&SSPV=" CHR DefaultSearchKeyword: Default -> mcafee CHR DefaultSearchURL: Default -> https://de.search.yahoo.com/search?fr=mcafee&type=B214DE0D20140405&p={searchTerms} CHR DefaultSuggestURL: Default -> CHR Profile: C:\Users\Steffi\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\Steffi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-11] CHR Extension: (AdvanceElite) - C:\Users\Steffi\AppData\Local\Google\Chrome\User Data\Default\Extensions\abadlpnchipkpeikchblnfiicfdoabei [2014-12-13] CHR Extension: (Google Docs) - C:\Users\Steffi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-22] CHR Extension: (Google Drive) - C:\Users\Steffi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-22] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Steffi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-11] CHR Extension: (YouTube) - C:\Users\Steffi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-22] CHR Extension: (Adblock Plus) - C:\Users\Steffi\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-12-11] CHR Extension: (Google Search) - C:\Users\Steffi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-22] CHR Extension: (Google Sheets) - C:\Users\Steffi\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-11] CHR Extension: (SiteAdvisor) - C:\Users\Steffi\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2013-10-28] CHR Extension: (Google Wallet) - C:\Users\Steffi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-22] CHR Extension: (Gmail) - C:\Users\Steffi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-22] CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-02-24] CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-02-24] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2711736 2015-01-13] (Microsoft Corporation) R2 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [79664 2012-03-30] (Diskeeper Corporation) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-20] (Intel Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129824 2012-09-19] (Intel Corporation) R2 irstrtsv; C:\WINDOWS\SysWOW64\irstrtsv.exe [193576 2012-08-13] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166688 2012-09-19] (Intel Corporation) R2 Lenovo Smart Update Service; C:\Program Files (x86)\Lenovo\Lenovo Smart Update\Lenovo Smart Update Service.exe [66640 2012-07-18] (Lenovo) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [155368 2015-02-19] (McAfee, Inc.) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] () R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-06-17] (Nitro PDF Software) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation) R2 ZDServ; C:\ProgramData\ZDSupport\ZDServ\ZDServ.exe [427264 2013-08-23] () R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation) S2 speedbrowser; "C:\ProgramData\speedbrowser\speedbrowserService.exe" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-09-24] (Microsoft Corporation) R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [857472 2012-08-29] (Motorola Solutions, Inc.) R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23344 2012-03-30] (Diskeeper Corporation) R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [95024 2012-03-30] (Diskeeper Corporation) R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-08-13] (Intel Corporation) R3 LAD; C:\Windows\System32\drivers\LAD.sys [8704 2012-06-08] (TODO: <Company name>) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-25] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation) R3 NETwNe64; C:\Windows\system32\DRIVERS\Netwew00.sys [3345376 2013-10-08] (Intel Corporation) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31032 2012-11-30] (Synaptics Incorporated) R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-11-29] (Windows (R) Win 7 DDK provider) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation) S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink) R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-11-29] (Windows (R) Win 7 DDK provider) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-25 22:23 - 2015-02-25 22:23 - 00000000 ____D () C:\Users\Steffi\Downloads\FRST-OlderVersion 2015-02-25 22:21 - 2015-02-25 22:21 - 00852594 _____ () C:\Users\Steffi\Downloads\SecurityCheck.exe 2015-02-25 17:29 - 2015-02-25 17:29 - 02347384 _____ (ESET) C:\Users\Steffi\Downloads\esetsmartinstaller_deu.exe 2015-02-25 11:21 - 2014-12-13 22:28 - 00513488 _____ () C:\WINDOWS\SysWOW64\locale.nls 2015-02-25 11:21 - 2014-12-13 22:28 - 00513488 _____ () C:\WINDOWS\system32\locale.nls 2015-02-25 11:21 - 2014-10-29 02:27 - 01200128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll 2015-02-25 11:21 - 2014-10-29 02:27 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll 2015-02-25 11:21 - 2014-10-29 02:04 - 00868352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll 2015-02-25 11:21 - 2014-10-29 02:04 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll 2015-02-24 20:49 - 2015-02-24 20:49 - 00000939 _____ () C:\Users\Steffi\Desktop\JRT.txt 2015-02-24 20:41 - 2015-02-24 20:42 - 01388274 _____ (Thisisu) C:\Users\Steffi\Downloads\JRT.exe 2015-02-24 20:31 - 2015-02-24 20:34 - 00000000 ____D () C:\AdwCleaner 2015-02-24 20:31 - 2015-02-24 20:31 - 02126848 _____ () C:\Users\Steffi\Downloads\AdwCleaner_4.111.exe 2015-02-24 20:28 - 2015-02-24 20:28 - 00001189 _____ () C:\Users\Steffi\Desktop\mbam.txt 2015-02-24 17:42 - 2015-02-25 18:40 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-02-24 17:41 - 2015-02-24 17:41 - 00001125 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-02-24 17:41 - 2015-02-24 17:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-02-24 17:41 - 2015-02-24 17:41 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-02-24 17:41 - 2015-02-24 17:41 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-02-24 17:41 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-02-24 17:41 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2015-02-24 17:41 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2015-02-24 17:39 - 2015-02-24 17:40 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Steffi\Downloads\mbam-setup-2.0.4.1028.exe 2015-02-24 17:26 - 2015-02-24 17:26 - 00001291 _____ () C:\Users\Steffi\Desktop\Revo Uninstaller.lnk 2015-02-24 17:26 - 2015-02-24 17:26 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2015-02-24 17:25 - 2015-02-24 17:25 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Steffi\Downloads\revosetup95.exe 2015-02-23 17:44 - 2015-02-23 17:45 - 00034457 _____ () C:\Users\Steffi\Downloads\Addition.txt 2015-02-23 17:43 - 2015-02-25 22:23 - 00027805 _____ () C:\Users\Steffi\Downloads\FRST.txt 2015-02-23 17:43 - 2015-02-25 22:23 - 00000000 ____D () C:\FRST 2015-02-23 17:42 - 2015-02-25 22:23 - 02087936 _____ (Farbar) C:\Users\Steffi\Downloads\FRST64.exe 2015-02-17 12:09 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2015-02-17 12:09 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2015-02-13 21:14 - 2014-12-19 09:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll 2015-02-13 21:14 - 2014-12-09 00:12 - 00391526 _____ () C:\WINDOWS\system32\ApnDatabase.xml 2015-02-13 21:13 - 2015-02-04 00:38 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll 2015-02-13 21:13 - 2015-02-04 00:08 - 00761856 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll 2015-02-13 21:13 - 2015-02-04 00:08 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2015-02-13 21:13 - 2015-02-03 00:11 - 01098752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2015-02-13 21:13 - 2015-02-03 00:11 - 00894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2015-02-13 21:13 - 2015-02-03 00:11 - 00609280 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2015-02-13 21:13 - 2015-01-19 19:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll 2015-02-13 21:13 - 2014-12-19 09:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll 2015-02-13 20:34 - 2015-01-10 10:10 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2015-02-13 20:34 - 2015-01-10 10:10 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2015-02-13 20:34 - 2015-01-10 09:28 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2015-02-13 20:34 - 2014-10-29 03:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll 2015-02-13 20:34 - 2014-10-29 03:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll 2015-02-13 20:34 - 2014-10-29 02:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll 2015-02-13 20:34 - 2014-10-29 02:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll 2015-02-13 20:34 - 2014-10-29 02:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll 2015-02-13 20:34 - 2014-10-29 02:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe 2015-02-13 20:34 - 2014-10-29 02:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe 2015-02-13 20:34 - 2014-10-29 02:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe 2015-02-13 20:32 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2015-02-13 20:32 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2015-02-13 20:32 - 2015-01-12 03:34 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2015-02-13 20:32 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2015-02-13 20:32 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2015-02-13 20:32 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2015-02-13 20:32 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2015-02-13 20:31 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2015-02-13 20:31 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll 2015-02-13 20:31 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll 2015-02-13 20:31 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2015-02-13 20:31 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2015-02-13 20:31 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll 2015-02-13 20:31 - 2015-01-12 02:58 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll 2015-02-13 20:31 - 2015-01-12 02:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2015-02-13 20:31 - 2015-01-12 02:51 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll 2015-02-13 20:31 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2015-02-13 20:31 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2015-02-13 20:31 - 2015-01-12 02:48 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2015-02-13 20:31 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2015-02-13 20:31 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll 2015-02-13 20:31 - 2015-01-12 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll 2015-02-13 20:31 - 2015-01-12 02:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll 2015-02-13 20:31 - 2015-01-12 02:27 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll 2015-02-13 20:31 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2015-02-13 20:31 - 2015-01-12 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll 2015-02-13 20:31 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2015-02-13 20:31 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2015-02-13 20:31 - 2015-01-12 02:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2015-02-13 20:31 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2015-02-13 20:31 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2015-02-13 20:31 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2015-02-13 20:31 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2015-02-13 20:31 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2015-02-13 20:16 - 2015-01-15 23:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2015-02-13 20:16 - 2015-01-15 23:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys 2015-02-13 20:16 - 2015-01-14 05:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll 2015-02-13 20:16 - 2015-01-14 04:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll 2015-02-13 20:16 - 2014-10-29 03:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll 2015-02-13 20:16 - 2014-10-29 03:50 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll 2015-02-13 20:16 - 2014-10-29 03:06 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll 2015-02-13 20:16 - 2014-10-29 03:06 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll 2015-02-13 20:16 - 2014-10-29 02:31 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2015-02-13 20:13 - 2015-01-13 23:11 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll 2015-02-13 20:13 - 2015-01-13 23:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll 2015-02-13 20:13 - 2015-01-10 08:00 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll 2015-02-13 20:13 - 2015-01-10 07:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll 2015-02-13 20:13 - 2014-12-09 04:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll 2015-02-13 20:13 - 2014-12-09 02:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll 2015-02-13 20:12 - 2015-01-10 09:22 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2015-02-05 19:34 - 2015-02-05 19:34 - 00871465 _____ () C:\Users\Steffi\Downloads\kick off terugkomdag 3 1e semester 2014-2015 (2).pptx 2015-02-04 11:15 - 2015-02-04 11:15 - 00871465 _____ () C:\Users\Steffi\Downloads\kick off terugkomdag 3 1e semester 2014-2015 (1).pptx 2015-02-03 13:10 - 2015-02-03 13:10 - 00014723 _____ () C:\Users\Steffi\Downloads\Conceptprogramma presentatiemiddag 2014-2015 periode 1 _1_(1).xlsx 2015-02-03 12:32 - 2015-02-03 12:32 - 00000000 ____D () C:\Users\Steffi\AppData\Local\Microsoft Help 2015-02-03 12:20 - 2015-02-03 13:04 - 00000000 ____D () C:\Users\Steffi\AppData\Roaming\Apple Computer 2015-02-03 12:20 - 2015-02-03 12:20 - 00001776 _____ () C:\Users\Public\Desktop\iTunes.lnk 2015-02-03 12:20 - 2015-02-03 12:20 - 00000000 ____D () C:\Users\Steffi\AppData\Local\Apple Computer 2015-02-03 12:20 - 2015-02-03 12:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2015-02-03 12:20 - 2012-10-03 16:14 - 00033240 _____ (GEAR Software Inc.) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys 2015-02-03 12:18 - 2015-02-03 12:20 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7 2015-02-03 12:18 - 2015-02-03 12:20 - 00000000 ____D () C:\Program Files\iTunes 2015-02-03 12:18 - 2015-02-03 12:18 - 00000000 ____D () C:\ProgramData\Apple Computer 2015-02-03 12:18 - 2015-02-03 12:18 - 00000000 ____D () C:\Program Files\iPod 2015-02-03 12:18 - 2015-02-03 12:18 - 00000000 ____D () C:\Program Files (x86)\iTunes 2015-02-03 12:17 - 2015-02-03 12:17 - 00002535 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk 2015-02-03 12:17 - 2015-02-03 12:17 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Apple 2015-02-03 12:17 - 2015-02-03 12:17 - 00000000 ____D () C:\Users\Steffi\AppData\Local\Apple 2015-02-03 12:17 - 2015-02-03 12:17 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update 2015-02-03 12:16 - 2015-02-03 12:18 - 00000000 ____D () C:\Program Files\Common Files\Apple 2015-02-03 12:16 - 2015-02-03 12:16 - 00000000 ____D () C:\Program Files\Bonjour 2015-02-03 12:16 - 2015-02-03 12:16 - 00000000 ____D () C:\Program Files (x86)\Bonjour 2015-02-03 12:15 - 2015-02-03 12:17 - 00000000 ____D () C:\ProgramData\Apple 2015-02-03 12:12 - 2015-02-03 12:13 - 152439600 _____ (Apple Inc.) C:\Users\Steffi\Downloads\itunes6464setup.exe 2015-02-02 12:50 - 2015-02-02 14:00 - 00000000 ____D () C:\Users\Steffi\AppData\Roaming\dvdcss ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-25 22:22 - 2013-11-09 14:24 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-02-25 22:14 - 2014-10-19 16:56 - 01698909 _____ () C:\WINDOWS\WindowsUpdate.log 2015-02-25 22:10 - 2014-12-10 15:14 - 00003934 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{CDEC3E17-8A98-4030-A8BD-7BFC62C815F8} 2015-02-25 22:01 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2015-02-25 19:45 - 2014-12-11 22:25 - 00001136 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-02-25 17:28 - 2014-09-24 07:17 - 01780340 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2015-02-25 17:28 - 2014-09-24 06:43 - 00766620 _____ () C:\WINDOWS\system32\perfh007.dat 2015-02-25 17:28 - 2014-09-24 06:43 - 00159902 _____ () C:\WINDOWS\system32\perfc007.dat 2015-02-25 17:02 - 2014-08-15 13:31 - 00000000 ____D () C:\Users\Steffi\Documents\Arbeit 2015-02-25 16:28 - 2014-12-11 22:25 - 00001132 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-02-25 16:28 - 2013-10-15 11:51 - 00000500 _____ () C:\WINDOWS\Tasks\SDMsgUpdate (Local).job 2015-02-25 16:28 - 2013-10-15 11:51 - 00000492 _____ () C:\WINDOWS\Tasks\SDMsgUpdate (TE).job 2015-02-25 16:28 - 2013-09-22 17:29 - 00000000 ___RD () C:\Users\Steffi\Dropbox 2015-02-25 16:28 - 2013-09-22 17:26 - 00000000 ____D () C:\Users\Steffi\AppData\Roaming\Dropbox 2015-02-25 16:27 - 2014-09-23 22:06 - 00079728 _____ () C:\WINDOWS\PFRO.log 2015-02-25 16:27 - 2013-08-22 15:46 - 00298139 _____ () C:\WINDOWS\setupact.log 2015-02-25 16:27 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-02-25 16:27 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI 2015-02-25 14:37 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache 2015-02-25 14:00 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2015-02-25 13:57 - 2013-09-21 21:12 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-984009953-2054991388-573099890-1001 2015-02-25 12:29 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2015-02-24 20:54 - 2013-12-29 23:11 - 00000000 ____D () C:\Program Files\Microsoft Office 15 2015-02-24 20:35 - 2013-10-28 17:09 - 00000000 ____D () C:\Program Files (x86)\McAfee 2015-02-24 20:34 - 2014-10-19 16:34 - 00000000 ____D () C:\Users\Steffi 2015-02-24 20:34 - 2013-09-25 07:19 - 00001084 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-02-24 20:34 - 2013-09-25 07:19 - 00001072 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2015-02-24 15:34 - 2012-07-26 06:26 - 00000218 _____ () C:\WINDOWS\win.ini 2015-02-24 15:31 - 2013-09-22 05:07 - 00000000 ____D () C:\Users\Steffi\AppData\Local\Packages 2015-02-21 10:47 - 2014-12-11 22:26 - 00002206 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-02-15 21:21 - 2013-08-22 15:44 - 00398264 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2015-02-15 21:20 - 2014-12-13 15:30 - 00000000 ____D () C:\WINDOWS\system32\appraiser 2015-02-15 21:20 - 2014-09-24 08:43 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel 2015-02-15 21:20 - 2013-09-24 16:25 - 00000000 ____D () C:\WINDOWS\system32\MRT 2015-02-15 21:13 - 2013-09-24 16:25 - 116773704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-02-13 20:21 - 2013-09-22 17:29 - 00001082 _____ () C:\Users\Steffi\Desktop\Dropbox.lnk 2015-02-13 20:21 - 2013-09-22 17:27 - 00000000 ____D () C:\Users\Steffi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-02-09 12:40 - 2014-12-11 22:25 - 00004108 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2015-02-09 12:40 - 2014-12-11 22:25 - 00003872 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2015-02-05 10:22 - 2013-11-09 14:24 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2015-02-04 18:23 - 2014-02-24 10:45 - 00000000 ____D () C:\Users\Steffi\AppData\Roaming\Skype 2015-02-04 16:55 - 2013-09-25 13:14 - 00000000 ____D () C:\Users\Steffi\AppData\Roaming\vlc 2015-02-03 20:31 - 2014-10-24 06:02 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2015-02-03 20:31 - 2014-10-24 06:02 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2015-01-29 19:49 - 2013-09-22 17:45 - 00000000 ____D () C:\Users\Steffi\Documents\Logopädie ==================== Files in the root of some directories ======= 2013-09-22 05:08 - 2013-09-25 18:08 - 0004757 _____ () C:\Users\Steffi\AppData\Roaming\AbsoluteReminder.xml 2013-11-08 09:24 - 2013-11-08 09:24 - 0000057 _____ () C:\ProgramData\Ament.ini 2013-02-23 18:30 - 2013-02-23 18:30 - 0000000 ____H () C:\ProgramData\DP45977C.lfl Some content of TEMP: ==================== C:\Users\Steffi\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpep2dyf.dll C:\Users\Steffi\AppData\Local\Temp\SkypeSetup.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-02-25 16:38 ==================== End Of Log ============================ Okay, vielen vielen Dank!! Es läuft wieder alles und die Meldung erscheint nicht mehr beim starten. Ich aktiviere dann mal wieder die Firewall und den Windows Defender. Hast du sonst noch irgendwelche Tipps für gute Schutzsoftware oder was ich noch so gebrauchen könnte? Vielen Dank nochmal, man ist ja so aufgeschmissen als so ein Nix-Checker...  |
| Themen zu Windows 8: Problem beim Starten von C:\ Problem Files (x86)\HomeTab\TBUpdater.dll |
| beim starten, msil/advancedsystemprotector.d, msil/browsefox.g, msil/browsefox.h, msil/browsefox.l, msil/browsefox.n, msil/toolbar.linkury.f, msil/toolbar.linkury.g, msil/toolbar.linkury.i, msil/toolbar.linkury.m.gen, problem beim starten von c:, wenig ahnung, win32/browsefox.ac, win32/browsefox.m, win32/browsefox.n, win32/browsefox.q, win32/mobogenie.a, win32/mypcbackup.a, win32/systweak.k, win32/systweak.o, win64/browsefox.a, win64/browsefox.ci, win64/browsefox.ck, win64/browsefox.co, win64/systweak.a, windows 8 |
Baum-Darstellung