|
Plagegeister aller Art und deren Bekämpfung: Roll Around Virus eingefangenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
23.02.2015, 17:54 | #1 |
| Roll Around Virus eingefangen Hallo, ich habe mir offenbar am Wochenende einen Virus eingefangen, der dafür sorgt, daß ständig Werbeeinblendungen meinen Bildschirm zumüllen. An den unterschiedlichsten Stellen sind diese Einblendungen mit "Roll Around" oder "Roll Around Advertisement" gekennzeichnet. Wie kann ich das dauerhaft beheben? Ich will nicht unerwähnt lassen, daß ich in Computerdingen recht unbelesen bin. Ich bin zwar seit Jahren Computerbenutzer, mehr aber auch nicht. Vielen Dank im voraus. Wolfgang PS: Mein Betriebssystem ist Win 7 |
23.02.2015, 17:57 | #2 |
/// the machine /// TB-Ausbilder | Roll Around Virus eingefangen hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
23.02.2015, 18:29 | #3 |
| Roll Around Virus eingefangen Hallo Schrauber,
__________________danke für die schnelle Antwort. Ich hoffe, ich mache jetzt alles richtig. Versuchen wir es mal: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-02-2015 Ran by ulfilas (administrator) on ULFILAS-PC2 on 23-02-2015 18:16:58 Running from C:\Users\ulfilas\Downloads Loaded Profiles: ulfilas (Available profiles: ulfilas & UpdatusUser) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (SafeNet Inc.) C:\Windows\System32\hasplms.exe (Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe (pdfforge GmbH) C:\Program Files (x86)\PDF Architect 2\creator-ws.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe (Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (AOL Inc.) C:\Program Files (x86)\Common Files\AOL\1294882704\ee\aolsoftware.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe (Dropbox, Inc.) C:\Users\ulfilas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (AOL LLC) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.7\waol.exe (AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.7\shellmon.exe (AOL Inc.) C:\Program Files (x86)\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe (AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.7\AOLBrowser\aolbrowser.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [134416 2007-01-23] (Logitech Inc.) HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [HostManager] => C:\Program Files (x86)\Common Files\AOL\1294882704\ee\AOLSoftware.exe [41800 2010-03-08] (AOL Inc.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703280 2015-02-12] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Acrobat Assistant 7.0] => C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [483328 2004-12-14] (Adobe Systems Inc.) HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2015-01-19] (Avira Operations GmbH & Co. KG) HKU\S-1-5-21-39457134-2311114567-1202830544-1000\...\Run: [Soft32 Updater.exe] => C:\Users\ulfilas\AppData\Local\Soft32\Soft32 Updater\Soft32 Updater.exe [163640 2011-10-19] (I.T.N.T.) HKU\S-1-5-21-39457134-2311114567-1202830544-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.) HKU\S-1-5-21-39457134-2311114567-1202830544-1000\...\Run: [AOL Fast Start] => C:\Program Files (x86)\AOL Desktop 9.7\AOL.EXE [42320 2012-01-31] (AOL Inc.) HKU\S-1-5-21-39457134-2311114567-1202830544-1000\...\MountPoints2: E - E:\autorun.exe Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat - Schnellstart.lnk ShortcutTarget: Adobe Acrobat - Schnellstart.lnk -> C:\Windows\Installer\{AC76BA86-1033-F400-7760-100000000002}\SC_Acrobat.exe () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.) Startup: C:\Users\ulfilas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) Startup: C:\Users\ulfilas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\ulfilas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ulfilas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ulfilas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ulfilas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ulfilas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\psdprotect.dll (Egis Technology Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ulfilas\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ulfilas\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ulfilas\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\psdprotect.dll (Egis Technology Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-39457134-2311114567-1202830544-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m3800&r=17361209cm16973354k458h892jv8s HKU\S-1-5-21-39457134-2311114567-1202830544-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=8d82658c-bf64-4670-95c2-87ac0d42a30e&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=05/04/2013&type=hp1000 HKU\S-1-5-21-39457134-2311114567-1202830544-1000\Software\Microsoft\Internet Explorer\Main,Start Page Before = hxxp://search.babylon.com/?babsrc=HP_Prot HKU\S-1-5-21-39457134-2311114567-1202830544-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=8d82658c-bf64-4670-95c2-87ac0d42a30e&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=05/04/2013&type=hp1000 HKU\S-1-5-21-39457134-2311114567-1202830544-1000\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://search.babylon.com/?babsrc=HP_ss_gin2g&mntrId=E6ED582C80139263&affID=119357&tt=250613_gr4&tsp=4924 SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=394&systemid=406&sr=0&q={searchTerms} SearchScopes: HKLM -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=394&systemid=406&sr=0&q={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW SearchScopes: HKU\S-1-5-21-39457134-2311114567-1202830544-1000 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = SearchScopes: HKU\S-1-5-21-39457134-2311114567-1202830544-1000 -> bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} SearchScopes: HKU\S-1-5-21-39457134-2311114567-1202830544-1000 -> 07011D6973D74D4683BA58A6A4934816 URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=8d82658c-bf64-4670-95c2-87ac0d42a30e&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=05/04/2013&type=hp1000 SearchScopes: HKU\S-1-5-21-39457134-2311114567-1202830544-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = BHO: DataMngr -> {9D717F81-9148-4f12-8568-69135F087DB0} -> No File BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.) BHO-x32: AcroIEHlprObj Class -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) BHO-x32: PDF Architect Helper -> {691B33B0-B86E-47F3-81C7-56E4FE3B929C} -> C:\Program Files (x86)\PDF Architect 2\creator-ie-helper.dll (pdfforge GmbH) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Roll Around -> {83c0e288-8fa0-43d3-acc7-c1e839d85abc} -> C:\Program Files (x86)\Roll Around\Extensions\83c0e288-8fa0-43d3-acc7-c1e839d85abc.dll No File BHO-x32: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: AcroIEToolbarHelper Class -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File Toolbar: HKLM-x32 - Recorder Toolbar - {120A8821-2BEE-4C29-BCDA-62C577781992} - C:\Program Files (x86)\MedienTeam66\MP3 Recorder for YouTube\IEPlugin.dll (MedienTeam66) Toolbar: HKLM-x32 - ChatZum Toolbar - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - No File Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM-x32 - PDF Architect Toolbar - {DEEB13D7-CEA9-45FB-B77C-E039BEC85221} - C:\Program Files (x86)\PDF Architect 2\creator-ie-plugin.dll (pdfforge GmbH) Toolbar: HKU\S-1-5-21-39457134-2311114567-1202830544-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File Toolbar: HKU\S-1-5-21-39457134-2311114567-1202830544-1000 -> No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File Toolbar: HKU\S-1-5-21-39457134-2311114567-1202830544-1000 -> No Name - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - No File DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: HKLM-x32 {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab DPF: HKLM-x32 {B4977DFF-8AE5-44DC-8A42-C62F56960AA9} hxxp://javadl-esd.sun.com/update/1.4.2/jinstall-1_4_2-windows-i586.cab DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\ulfilas\AppData\Roaming\Mozilla\Firefox\Profiles\dz9z9wt9.default FF SearchEngineOrder.3: Bing FF NetworkProxy: "autoconfig_url", "chrome://viewtubes/content/viewtubes_false.pac" FF NetworkProxy: "type", 2 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8064.0206 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @real.com/nppl3260;version=15.0.2.72 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprjplug;version=15.0.2.72 -> c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.2.72 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.2.72 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpjplug;version=15.0.2.72 -> c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF user.js: detected! => C:\Users\ulfilas\AppData\Roaming\Mozilla\Firefox\Profiles\dz9z9wt9.default\user.js FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.) FF SearchPlugin: C:\Users\ulfilas\AppData\Roaming\Mozilla\Firefox\Profiles\dz9z9wt9.default\searchplugins\bingp.xml FF SearchPlugin: C:\Users\ulfilas\AppData\Roaming\Mozilla\Firefox\Profiles\dz9z9wt9.default\searchplugins\BrowserDefender.xml FF SearchPlugin: C:\Users\ulfilas\AppData\Roaming\Mozilla\Firefox\Profiles\dz9z9wt9.default\searchplugins\buenosearch.xml FF Extension: Avira Browser Safety - C:\Users\ulfilas\AppData\Roaming\Mozilla\Firefox\Profiles\dz9z9wt9.default\Extensions\abs@avira.com [2014-08-14] FF Extension: ProxTube - Unblock YouTube - C:\Users\ulfilas\AppData\Roaming\Mozilla\Firefox\Profiles\dz9z9wt9.default\Extensions\ich@maltegoetz.de [2014-02-07] FF Extension: ChatZum Toolbar - C:\Users\ulfilas\AppData\Roaming\Mozilla\Firefox\Profiles\dz9z9wt9.default\Extensions\{ADFA33FD-16F5-4355-8504-DF4D664CFE83} [2013-04-05] FF Extension: Viewtubes - C:\Users\ulfilas\AppData\Roaming\Mozilla\Firefox\Profiles\dz9z9wt9.default\Extensions\FF_AddOn@viewtubes.de.xpi [2012-04-20] FF Extension: YouTube quality manager - C:\Users\ulfilas\AppData\Roaming\Mozilla\Firefox\Profiles\dz9z9wt9.default\Extensions\youtubequality@rzll.xpi [2012-04-21] FF Extension: Roll Around - C:\Users\ulfilas\AppData\Roaming\Mozilla\Firefox\Profiles\dz9z9wt9.default\Extensions\{711c82f1-361e-4764-aa28-cdd55ff6117e}.xpi [2015-02-20] FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\ulfilas\AppData\Roaming\Mozilla\Firefox\Profiles\dz9z9wt9.default\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi [2015-02-20] FF Extension: Recorder Toolbar - C:\Program Files (x86)\Mozilla Firefox\extensions\{10743931-94DF-476f-A987-4391233C17A2} [2012-11-23] FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14] FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-03-31] FF HKLM-x32\...\Firefox\Extensions: [pdf_architect_2_conv@pdfarchitect.org] - C:\Program Files (x86)\PDF Architect 2\resources\pdfarchitect2firefoxextension FF Extension: PDF Architect 2 Creator - C:\Program Files (x86)\PDF Architect 2\resources\pdfarchitect2firefoxextension [2015-01-07] Chrome: ======= CHR DefaultSuggestURL: Default -> hxxp://ssmsp.ask.com/query?sstype=prefix&li=ff&q={searchTerms} CHR Profile: C:\Users\ulfilas\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (ProxFlow) - C:\Users\ulfilas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2014-11-01] CHR Extension: (Google Docs) - C:\Users\ulfilas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-01] CHR Extension: (Google Drive) - C:\Users\ulfilas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-01] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\ulfilas\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-09] CHR Extension: (YouTube) - C:\Users\ulfilas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-01] CHR Extension: (Adblock Plus) - C:\Users\ulfilas\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-02-22] CHR Extension: (Google Search) - C:\Users\ulfilas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-01] CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\ulfilas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2014-07-01] CHR Extension: (iLivid) - C:\Users\ulfilas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nafaimnnclfjfedmmabolbppcngeolgf [2015-02-20] CHR Extension: (DVDVideoSoft) - C:\Users\ulfilas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2014-01-16] CHR Extension: (Google Wallet) - C:\Users\ulfilas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22] CHR Extension: (Gmail) - C:\Users\ulfilas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-01] CHR HKLM\...\Chrome\Extension: [aaaaahlfahldnilidgnlikdckbfehhca] - https://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [gebcpofjimbbchggpnfcaiieolloeodp] - C:\Users\ulfilas\AppData\Local\BargainWorkbench.crx [2013-09-05] CHR HKU\S-1-5-21-39457134-2311114567-1202830544-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [cgiaikfpllchefojlnehlmpekeogihnm] - C:\Users\ulfilas\AppData\Local\CRE\cgiaikfpllchefojlnehlmpekeogihnm.crx [Not Found] CHR HKU\S-1-5-21-39457134-2311114567-1202830544-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [gebcpofjimbbchggpnfcaiieolloeodp] - C:\Users\ulfilas\AppData\Local\BargainWorkbench.crx [2013-09-05] CHR HKU\S-1-5-21-39457134-2311114567-1202830544-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2012-12-11] CHR HKLM-x32\...\Chrome\Extension: [aaaaahlfahldnilidgnlikdckbfehhca] - https://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - hxxp://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [cgiaikfpllchefojlnehlmpekeogihnm] - C:\Users\ulfilas\AppData\Local\CRE\cgiaikfpllchefojlnehlmpekeogihnm.crx [Not Found] CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [gebcpofjimbbchggpnfcaiieolloeodp] - C:\Users\ulfilas\AppData\Local\BargainWorkbench.crx [2013-09-05] CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-03-31] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-03-28] (Adobe Systems) [File not signed] R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2015-02-12] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2015-02-12] (Avira Operations GmbH & Co. KG) S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [992048 2015-02-12] (Avira Operations GmbH & Co. KG) R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [182520 2015-01-19] (Avira Operations GmbH & Co. KG) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) R2 hasplms; C:\Windows\system32\hasplms.exe [4913608 2011-12-02] (SafeNet Inc.) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.) R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation) R2 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [311592 2009-08-06] (Egis Technology Inc.) R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation) S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1771560 2014-10-10] (pdfforge GmbH) R2 PDF Architect 2 Creator; C:\Program Files (x86)\PDF Architect 2\creator-ws.exe [738856 2014-10-10] (pdfforge GmbH) S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-10-10] (pdfforge GmbH) R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2145080 2014-07-16] (TuneUp Software) S3 UPnPService; C:\Program Files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [544768 2006-12-14] (Magix AG) [File not signed] S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-14] (Microsoft Corporation) R3 akshhl; C:\Windows\System32\DRIVERS\akshhl.sys [57088 2011-09-08] (SafeNet Inc.) R3 aksusb; C:\Windows\System32\DRIVERS\aksusb.sys [21120 2011-08-09] (SafeNet Inc.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-02-12] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-02-12] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-09] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-02-12] (Avira Operations GmbH & Co. KG) R1 cdrblock; C:\Windows\System32\DRIVERS\cdrblock.sys [34360 2008-05-30] (Canopus Co,. Ltd.) S1 FNETURPX; C:\Windows\SysWOW64\drivers\FNETURPX.SYS [7040 2013-01-26] (FNet Co., Ltd.) [File not signed] R2 Hardlock; C:\Windows\system32\drivers\hardlock.sys [321536 2011-10-07] (SafeNet Inc.) R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO64A.SYS [31648 2014-04-05] (REALiX(tm)) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation) R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-12-16] (TuneUp Software) S3 USA19H; C:\Windows\System32\DRIVERS\USA19Hx64.sys [740096 2007-10-30] (Keyspan) S3 USA19HP; C:\Windows\System32\DRIVERS\USA19Hx64p.SYS [35840 2007-10-23] (Keyspan) R1 {9d5747ee-0448-4681-8337-1555de75a3b6}Gw64; C:\Windows\System32\drivers\{9d5747ee-0448-4681-8337-1555de75a3b6}Gw64.sys [61120 2014-06-14] (StdLib) S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X] S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X] S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X] S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X] S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X] S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X] S1 okorkylq; \??\C:\Windows\system32\drivers\okorkylq.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-23 18:16 - 2015-02-23 18:18 - 00032088 _____ () C:\Users\ulfilas\Downloads\FRST.txt 2015-02-23 18:16 - 2015-02-23 18:17 - 00000000 ____D () C:\FRST 2015-02-23 18:16 - 2015-02-23 18:16 - 02087424 _____ (Farbar) C:\Users\ulfilas\Downloads\FRST64.exe 2015-02-23 17:23 - 2015-02-23 17:24 - 00002721 _____ () C:\Users\ulfilas\Downloads\software_removal_tool.log 2015-02-22 23:28 - 2015-02-22 23:32 - 00000000 ____D () C:\Users\ulfilas\Desktop\201+7756-2010-07-23 2015-02-22 23:26 - 2015-02-22 23:26 - 00000000 ____D () C:\Users\ulfilas\Desktop\2007_02 2015-02-22 23:25 - 2015-02-22 23:25 - 00000000 ____D () C:\Users\ulfilas\Desktop\201_35_v_L_20111222_Schloss 2015-02-22 23:24 - 2015-02-22 23:24 - 00000000 ____D () C:\Users\ulfilas\Desktop\bw201-1 2015-02-20 14:03 - 2015-02-20 14:03 - 00000000 ____D () C:\Users\ulfilas\AppData\Roaming\RHEng 2015-02-20 14:03 - 2015-02-20 14:03 - 00000000 ____D () C:\Program Files (x86)\Free Codec Pack 2015-02-20 14:00 - 2015-02-20 14:00 - 03533008 _____ (DVDVideoSoft Ltd. ) C:\Users\ulfilas\Downloads\FreeYouTubeToMP3Converter (1).exe 2015-02-20 13:59 - 2015-02-20 14:01 - 03312648 _____ (DVDVideoSoft Ltd. ) C:\Users\ulfilas\Downloads\FreeYouTubeToMP3Converter.exe 2015-02-17 15:17 - 2015-02-17 18:08 - 01787688 _____ () C:\Users\ulfilas\Desktop\Anzeige Musik Express.tif 2015-02-17 15:17 - 2015-02-17 18:08 - 00841028 _____ () C:\Users\ulfilas\Desktop\Anzeige Musik Express.ai 2015-02-16 20:18 - 2015-02-16 20:18 - 00000000 ____D () C:\Users\ulfilas\Desktop\DatenblattE12 2015-02-16 14:55 - 2015-02-19 21:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2015-02-12 20:00 - 2015-01-23 05:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-02-12 20:00 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-02-12 20:00 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2015-02-12 20:00 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-02-12 17:01 - 2015-02-12 17:02 - 06372800 _____ (Tim Kosse) C:\Users\ulfilas\Downloads\FileZilla_3.10.1.1_win32-setup.exe 2015-02-12 00:03 - 2015-01-14 06:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-02-12 00:03 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-02-12 00:03 - 2015-01-13 04:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2015-02-12 00:03 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2015-02-12 00:03 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-02-12 00:03 - 2015-01-12 04:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-02-12 00:03 - 2015-01-12 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-02-12 00:03 - 2015-01-12 03:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-02-12 00:03 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-02-12 00:03 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-02-12 00:03 - 2015-01-12 03:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-02-12 00:03 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-02-12 00:03 - 2015-01-12 03:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-02-12 00:03 - 2015-01-12 03:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-02-12 00:03 - 2015-01-12 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-02-12 00:03 - 2015-01-12 03:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-02-12 00:03 - 2015-01-12 03:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-02-12 00:03 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-02-12 00:03 - 2015-01-12 03:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-02-12 00:03 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-02-12 00:03 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-02-12 00:03 - 2015-01-12 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-02-12 00:03 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-02-12 00:03 - 2015-01-12 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-02-12 00:03 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-02-12 00:03 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-02-12 00:03 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2015-02-12 00:03 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-02-12 00:03 - 2015-01-12 03:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-02-12 00:03 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-02-12 00:03 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-02-12 00:03 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-02-12 00:03 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-02-12 00:03 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-02-12 00:03 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-02-12 00:03 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-02-12 00:03 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-02-12 00:03 - 2015-01-12 02:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-02-12 00:03 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-02-12 00:03 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-02-12 00:03 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-02-12 00:03 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-02-12 00:03 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-02-12 00:03 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-02-12 00:03 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-02-12 00:03 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-02-12 00:03 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-02-12 00:03 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-02-12 00:03 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-02-12 00:03 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-02-12 00:03 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-02-12 00:03 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-02-12 00:03 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-02-12 00:03 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-02-12 00:03 - 2015-01-10 07:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-02-12 00:03 - 2015-01-10 07:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-02-12 00:03 - 2015-01-10 07:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-02-12 00:03 - 2015-01-10 07:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-02-12 00:03 - 2015-01-10 07:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-02-12 00:03 - 2015-01-10 07:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-02-12 00:03 - 2015-01-10 07:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-02-12 00:03 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-02-12 00:03 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-02-12 00:03 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-02-12 00:03 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-02-12 00:03 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2015-02-12 00:03 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2015-02-12 00:03 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2015-02-12 00:02 - 2015-01-15 09:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-02-12 00:02 - 2015-01-15 09:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-02-12 00:02 - 2015-01-15 09:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-02-12 00:02 - 2015-01-15 09:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-02-12 00:02 - 2015-01-15 09:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-02-12 00:02 - 2015-01-15 09:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-02-12 00:02 - 2015-01-15 09:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-02-12 00:02 - 2015-01-15 09:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-02-12 00:02 - 2015-01-15 09:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-02-12 00:02 - 2015-01-15 09:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-02-12 00:02 - 2015-01-15 09:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-02-12 00:02 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-02-12 00:02 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-02-12 00:02 - 2015-01-15 08:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-02-12 00:02 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-02-12 00:02 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-02-12 00:02 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-02-12 00:02 - 2015-01-15 05:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2015-02-12 00:02 - 2014-12-12 06:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2015-02-12 00:02 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2015-02-12 00:02 - 2014-11-26 04:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2015-02-12 00:02 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2015-02-12 00:02 - 2014-10-04 03:10 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2015-02-12 00:02 - 2014-10-04 02:42 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2015-02-12 00:02 - 2014-10-04 02:42 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll 2015-02-12 00:01 - 2015-01-14 07:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-02-12 00:01 - 2015-01-14 07:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-02-12 00:01 - 2015-01-14 07:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-02-12 00:01 - 2015-01-14 07:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-02-12 00:01 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-02-12 00:01 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-02-12 00:01 - 2015-01-14 06:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-02-12 00:01 - 2015-01-09 03:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-02-12 00:01 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll 2015-02-12 00:01 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll 2015-02-11 01:23 - 2015-02-11 01:23 - 04752438 _____ () C:\Users\ulfilas\Downloads\mt31345,1236865807,HK_uebersicht.bmp 2015-02-10 21:00 - 2015-02-10 21:02 - 00000000 ____D () C:\Users\ulfilas\Desktop\2015-02-1013.53.18 2015-02-10 14:29 - 2015-02-10 14:29 - 42096984 _____ (Apple Inc.) C:\Users\ulfilas\Downloads\QuickTimeInstaller (1).exe 2015-02-09 00:45 - 2015-02-09 00:49 - 00000128 ____H () C:\ProgramData\V93GE 2015-02-09 00:45 - 2015-02-09 00:45 - 00000000 ____D () C:\Users\ulfilas\AppData\Roaming\LaserSoft Imaging 2015-02-09 00:30 - 2015-02-09 00:30 - 17070168 _____ (LaserSoft Imaging AG) C:\Users\ulfilas\Downloads\SF8_Documentation_de.exe 2015-02-09 00:26 - 2015-02-09 00:30 - 427688568 _____ (LaserSoft Imaging AG) C:\Users\ulfilas\Downloads\SF8_Movies_de.exe 2015-02-09 00:26 - 2015-02-09 00:26 - 00000000 ____D () C:\Users\ulfilas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LaserSoft Imaging 2015-02-09 00:25 - 2015-02-09 00:25 - 00000000 ____D () C:\ProgramData\LaserSoft Imaging 2015-02-09 00:25 - 2015-02-09 00:25 - 00000000 ____D () C:\Program Files\SilverFast Application 2015-02-09 00:23 - 2015-02-09 00:24 - 45434944 _____ (LaserSoft Imaging AG) C:\Users\ulfilas\Downloads\SF-8.2.0r3(Nikon)_x64.exe 2015-02-04 03:05 - 2015-02-04 03:05 - 00000985 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\VueScan x64.lnk 2015-02-04 03:05 - 2015-02-04 03:05 - 00000000 ____D () C:\Program Files\VueScan 2015-02-04 03:04 - 2015-02-04 03:04 - 17367649 _____ () C:\Users\ulfilas\Downloads\Vuescan_9.4.60.zip 2015-02-04 03:04 - 2015-02-04 03:04 - 00000000 ____D () C:\Users\ulfilas\Downloads\Vuescan_9.4.60 2015-02-04 02:01 - 2015-02-04 02:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nikon Scan 4 2015-02-04 02:01 - 2015-02-04 02:01 - 00000000 ____D () C:\Program Files (x86)\Nikon 2015-02-04 01:48 - 2015-02-04 01:48 - 00003152 _____ () C:\Windows\System32\Tasks\{6726E861-BE61-476F-A0A6-B34BBB729385} 2015-02-04 01:45 - 2015-02-04 01:45 - 15203632 _____ () C:\Users\ulfilas\Downloads\ns403de (2).exe 2015-02-04 01:20 - 2015-02-04 01:20 - 00000000 ____D () C:\ProgramData\Nikon 2015-02-04 00:38 - 2015-02-04 00:38 - 15203632 _____ () C:\Users\ulfilas\Downloads\ns403de (1).exe 2015-02-04 00:37 - 2015-02-04 02:45 - 00000000 ____D () C:\Users\ulfilas\Desktop\Treiber Nikon Coolscan 5000 ED 2015-02-03 09:47 - 2002-12-04 19:54 - 00006545 _____ (Nikon Corporation) C:\Windows\SysWOW64\NKScnUSD.dll 2015-02-03 09:46 - 2015-02-03 09:46 - 15203632 _____ () C:\Users\ulfilas\Downloads\ns403de.exe 2015-02-01 23:43 - 2015-02-01 23:43 - 00000000 ____D () C:\Users\ulfilas\AppData\Roaming\Nikon 2015-02-01 23:37 - 2015-02-04 02:01 - 00000000 ____D () C:\Windows\SysWOW64\Color 2015-02-01 23:37 - 2002-01-05 21:10 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc70deu.dll 2015-02-01 23:37 - 1997-01-30 20:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Mfc42loc.dll 2015-02-01 23:37 - 1997-01-22 06:26 - 00565760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVCP50.DLL 2015-02-01 23:37 - 1996-03-28 00:13 - 00010656 _____ (Nikon Inc.) C:\Windows\SysWOW64\NKNSCN95.DLL 2015-02-01 23:35 - 2015-02-01 23:35 - 00003046 _____ () C:\Windows\System32\Tasks\{DF64A0B2-4826-4E01-8091-D3A91ED4E841} 2015-01-30 02:23 - 2015-01-30 02:24 - 42096984 _____ (Apple Inc.) C:\Users\ulfilas\Downloads\QuickTimeInstaller.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-23 18:18 - 2012-05-05 15:11 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-02-23 17:54 - 2010-12-30 02:43 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-02-23 17:09 - 2009-11-13 03:01 - 01706379 _____ () C:\Windows\WindowsUpdate.log 2015-02-23 16:14 - 2009-09-03 09:54 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-02-23 16:14 - 2009-07-14 03:34 - 00000489 _____ () C:\Windows\win.ini 2015-02-23 15:45 - 2009-07-14 08:45 - 00000000 ____D () C:\Windows\ShellNew 2015-02-23 15:44 - 2009-12-24 15:31 - 00000000 ____D () C:\Users\ulfilas\AppData\Local\Google 2015-02-23 15:44 - 2009-09-03 10:07 - 00000000 ____D () C:\ProgramData\Google 2015-02-23 15:44 - 2009-09-03 10:07 - 00000000 ____D () C:\Program Files (x86)\Google 2015-02-23 15:02 - 2014-06-16 00:22 - 00000288 _____ () C:\Windows\Tasks\System Speedup_DEFAULT.job 2015-02-23 15:01 - 2014-06-16 00:22 - 00000000 ____D () C:\Users\ulfilas\AppData\Roaming\System Speedup 2015-02-23 14:11 - 2009-07-14 05:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-02-23 14:11 - 2009-07-14 05:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-02-23 14:08 - 2009-09-08 23:47 - 00704324 _____ () C:\Windows\system32\perfh007.dat 2015-02-23 14:08 - 2009-09-08 23:47 - 00152162 _____ () C:\Windows\system32\perfc007.dat 2015-02-23 14:08 - 2009-07-14 06:13 - 01634576 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-02-23 14:05 - 2013-11-19 17:41 - 00000000 ___RD () C:\Users\ulfilas\Dropbox 2015-02-23 14:04 - 2014-05-08 23:09 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf6b0a3cdc10aa.job 2015-02-23 14:04 - 2013-11-19 17:26 - 00000000 ____D () C:\Users\ulfilas\AppData\Roaming\Dropbox 2015-02-23 14:03 - 2012-01-16 13:11 - 00000330 _____ () C:\Windows\Tasks\GlaryInitialize.job 2015-02-23 14:02 - 2009-11-13 03:06 - 00000000 ____D () C:\ProgramData\NVIDIA 2015-02-23 14:02 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-02-23 14:02 - 2009-07-14 05:51 - 00169012 _____ () C:\Windows\setupact.log 2015-02-23 13:43 - 2011-06-20 14:24 - 00003950 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{40457202-43A6-48A0-B73A-FD3D606DDC7E} 2015-02-23 03:18 - 2014-07-01 09:16 - 00000280 _____ () C:\Windows\Tasks\System Speedupsch.job 2015-02-23 02:00 - 2009-12-24 14:37 - 00000000 ____D () C:\Users\ulfilas\AppData\Local\Adobe 2015-02-23 00:51 - 2010-04-02 14:09 - 06338560 ___SH () C:\Users\ulfilas\Desktop\Thumbs.db 2015-02-22 23:14 - 2012-12-03 13:31 - 00000000 ____D () C:\Users\ulfilas\Desktop\Verknüpfungen 2015-02-20 15:40 - 2009-09-03 10:10 - 01422700 _____ () C:\Windows\PFRO.log 2015-02-20 14:04 - 2011-05-08 13:47 - 00000000 ____D () C:\Users\ulfilas\AppData\Roaming\DVDVideoSoft 2015-02-20 14:03 - 2011-05-08 13:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft 2015-02-20 14:03 - 2011-05-08 13:47 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft 2015-02-20 10:35 - 2014-02-07 01:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-02-19 21:03 - 2012-02-25 21:03 - 00000318 _____ () C:\Windows\Tasks\MT66 Software Update.job 2015-02-18 14:42 - 2013-04-30 12:11 - 00000000 ____D () C:\Users\ulfilas\AppData\Roaming\MyPhoneExplorer 2015-02-18 01:22 - 2014-06-16 00:22 - 00000296 _____ () C:\Windows\Tasks\System Speedup_UPDATES.job 2015-02-17 00:49 - 2014-12-04 22:13 - 00000000 ____D () C:\Users\ulfilas\Desktop\Beschriftung Bw 77 2015-02-13 08:30 - 2012-09-27 11:14 - 00000000 ____D () C:\Windows\rescache 2015-02-13 02:59 - 2013-11-19 17:27 - 00002977 _____ () C:\Windows\wininit.ini 2015-02-13 02:59 - 2013-11-19 17:27 - 00000000 ____D () C:\Users\ulfilas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-02-12 17:02 - 2011-04-09 02:31 - 00000000 ____D () C:\Users\ulfilas\AppData\Roaming\FileZilla 2015-02-12 12:35 - 2013-10-06 11:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON PhotoQuicker 2015-02-12 12:35 - 2011-06-23 20:06 - 00000000 ____D () C:\Program Files (x86)\EPSON 2015-02-12 12:35 - 2009-09-03 09:34 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2015-02-12 12:30 - 2013-03-14 03:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-02-12 12:30 - 2013-03-14 03:00 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2015-02-12 12:30 - 2013-03-14 03:00 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2015-02-12 12:22 - 2012-07-23 18:41 - 00000000 ____D () C:\ProgramData\DatacardService 2015-02-12 12:15 - 2012-04-20 18:55 - 00000000 ____D () C:\Users\ulfilas\AppData\Local\Mozilla 2015-02-12 11:38 - 2013-12-22 14:08 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2015-02-12 11:38 - 2013-12-22 14:08 - 00128536 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2015-02-12 11:38 - 2013-12-22 14:08 - 00044088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2015-02-12 11:31 - 2009-07-14 05:45 - 05040184 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-02-12 03:11 - 2013-08-19 02:01 - 00000000 ____D () C:\Windows\system32\MRT 2015-02-12 03:11 - 2012-10-18 18:11 - 00002121 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk 2015-02-12 03:11 - 2012-10-18 18:11 - 00001912 _____ () C:\Windows\epplauncher.mif 2015-02-12 03:11 - 2012-10-18 18:11 - 00000000 ____D () C:\Program Files\Microsoft Security Client 2015-02-12 03:11 - 2012-10-18 18:11 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client 2015-02-12 03:03 - 2010-01-09 03:02 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-02-09 17:23 - 2014-08-14 08:35 - 00000000 ____D () C:\ProgramData\Package Cache 2015-02-09 17:23 - 2013-12-22 14:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2015-02-09 00:26 - 2012-02-27 14:39 - 00030042 _____ () C:\Windows\DPINST.LOG 2015-02-09 00:00 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-02-05 05:49 - 2014-06-21 10:15 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1cf6b0a3cdc10aa 2015-02-05 05:49 - 2010-12-30 02:43 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-02-05 03:18 - 2012-05-05 15:11 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-02-05 03:18 - 2012-05-05 15:11 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-02-05 03:18 - 2012-02-21 01:55 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-02-04 19:52 - 2011-06-07 02:12 - 00038400 ___SH () C:\Users\ulfilas\Documents\Thumbs.db 2015-02-04 19:49 - 2013-08-28 23:13 - 00000000 ____D () C:\Users\ulfilas\Desktop\Schriftverkehr 2015-01-27 13:13 - 2009-12-24 14:15 - 00000000 ____D () C:\Users\ulfilas\AppData\Local\VirtualStore ==================== Files in the root of some directories ======= 2009-09-03 09:44 - 2009-02-10 20:23 - 0192484 _____ () C:\Program Files (x86)\Common Files\Acer GameZone online.ico 2013-07-28 00:16 - 2014-07-23 00:21 - 0000149 _____ () C:\Users\ulfilas\AppData\Roaming\WB.CFG 2013-12-31 01:17 - 2014-01-03 01:17 - 0000005 _____ () C:\Users\ulfilas\AppData\Roaming\WBPU-Q5-TTL.DAT 2013-06-28 09:16 - 2014-01-29 01:17 - 0000005 _____ () C:\Users\ulfilas\AppData\Roaming\WBPU-TTL.DAT 2011-06-27 22:15 - 2013-03-27 10:49 - 0003204 _____ () C:\Users\ulfilas\AppData\Roaming\wklnhst.dat 2012-03-08 18:46 - 2012-03-10 01:37 - 0001456 _____ () C:\Users\ulfilas\AppData\Local\Adobe Für Web speichern 12.0 Prefs 2013-09-05 00:16 - 2013-09-05 00:16 - 0085126 _____ () C:\Users\ulfilas\AppData\Local\BargainWorkbench.crx 2011-02-10 21:41 - 2014-12-12 14:35 - 0030720 _____ () C:\Users\ulfilas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2010-02-11 12:39 - 2010-02-11 12:40 - 0001643 _____ () C:\Users\ulfilas\AppData\Local\MyWinLockerInstaller.txt-20100211.log 2011-06-10 12:54 - 2012-04-27 14:02 - 0007658 _____ () C:\Users\ulfilas\AppData\Local\Resmon.ResmonCfg 2009-11-13 03:07 - 2009-11-13 03:10 - 0008031 _____ () C:\ProgramData\ArcadeDeluxe3.log 2009-09-03 09:44 - 2009-07-18 02:57 - 0036136 _____ (Oberon Media) C:\ProgramData\FullRemove.exe 2015-02-09 00:45 - 2015-02-09 00:49 - 0000128 ____H () C:\ProgramData\V93GE Some content of TEMP: ==================== C:\Users\ulfilas\AppData\Local\Temp\avgnt.exe C:\Users\ulfilas\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpx209hw.dll C:\Users\ulfilas\AppData\Local\Temp\ose00000.exe C:\Users\ulfilas\AppData\Local\Temp\ose00001.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-02-23 13:05 ==================== End Of Log ============================ --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-02-2015 Ran by ulfilas at 2015-02-23 18:19:12 Running from C:\Users\ulfilas\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A} AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7} AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) ACDSee 14 (HKLM-x32\...\{6F5A71BD-9EC9-4A59-BFBD-CA63CFB4885D}) (Version: 14.1.137 - ACD Systems International Inc.) Acer Arcade Deluxe (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 3.1.6731 - CyberLink Corp.) Acer Arcade Deluxe (x32 Version: 3.1.6731 - CyberLink Corp.) Hidden Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3003 - Acer Incorporated) Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.02.3005 - Acer Incorporated) Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0812 - Acer Incorporated) Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.01.3014 - Acer Incorporated) Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated) Adobe Acrobat 7.0 Professional - English, Français, Deutsch (HKLM-x32\...\Adobe Acrobat 7.0 Professional - English, Français, Deutsch - V) (Version: 7.0.0 - Adobe Systems) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated) Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.0.6 - Adobe Systems Incorporated) Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated) Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated) Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated) Adobe Illustrator CS2 (HKLM-x32\...\Adobe Illustrator CS2) (Version: 12.000.000 - Adobe Systems Inc.) Adobe Illustrator CS6 (HKLM-x32\...\{4869414E-7AEA-4C8E-BE1C-8D40977FD517}) (Version: 16.0 - Adobe Systems Incorporated) Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.) Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.) Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version: 3.0 - Adobe Systems, Inc.) Advanced Image Viewer and Converter 1.6 (HKLM-x32\...\Advanced Image Viewer and Converter_is1) (Version: 1.6 - Creabit Development) Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden Akamai NetSession Interface (HKU\S-1-5-21-39457134-2311114567-1202830544-1000\...\Akamai) (Version: - ) AOL Uninstaller (Choose which Products to Remove) (HKLM-x32\...\AOL Uninstaller) (Version: - AOL Inc.) AppCloudUpdater (HKU\S-1-5-21-39457134-2311114567-1202830544-1000\...\AppCloudUpdater) (Version: - AppCloudUpdater) <==== ATTENTION! Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) AVC-C1 (HKLM-x32\...\{88307995-B9B1-4CE9-AD4A-79247F0C2200}) (Version: 1.00 - Canopus) Avira (HKLM-x32\...\{bd538030-07d4-4999-a525-7fafa2483f56}) (Version: 1.1.30.21727 - Avira Operations & Co. KG) Avira (x32 Version: 1.1.30.21727 - Avira Operations & Co. KG) Hidden Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 15.0.8.624 - Avira) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Canopus Codec Option (HKLM-x32\...\{772E9146-D676-4869-A298-047FF2A2B92D}) (Version: 3.04 - ) CDDRV_Installer (x32 Version: 1.00.0000 - Logitech Inc.) Hidden Choice Guard (x32 Version: 1.2.87.0 - Microsoft Corporation) Hidden Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) CrystalDiskInfo 4.5.0 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 4.5.0 - Crystal Dew World) DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation) DiRT (HKLM-x32\...\{57B89E30-0BBA-4F20-9F2C-8E8CDE1CEDB6}) (Version: 1.00.0000 - Codemasters) Dropbox (HKU\S-1-5-21-39457134-2311114567-1202830544-1000\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.) Easy Media Player 1.1.12 (HKLM-x32\...\Easy Media Player) (Version: 1.1.12 - Easy Media Player) EasyCleaner (HKLM-x32\...\{F5346614-B7C4-4E94-826A-E2363155233D}) (Version: 2.0.6.380 - ) eBay Worldwide (HKLM-x32\...\{AAF89271-2594-468D-B578-96B2E30C41C4}) (Version: 2.1.0703 - OEM) EDIUS 5(SetupManager) (HKLM-x32\...\{FA8B6532-78E9-490B-B97D-32379E16810E}) (Version: 5.12 - Thomson Canopus) Epson Print CD (HKLM-x32\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.20.00 - SEIKO EPSON CORPORATION) EPSON Print CD (HKLM-x32\...\{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}) (Version: - ) EPSON PRINT Image Framer Tool2.1 (HKLM-x32\...\{23B59ED4-C360-11D7-875B-0090CC005647}) (Version: - ) EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - ) EPSON-Drucker-Software (HKLM\...\EPSON Printer and Utilities) (Version: - SEIKO EPSON Corporation) ESPR200 Referenzhandbuch (HKLM-x32\...\ESPR200 Referenzhandbuch) (Version: - ) ESPR200 Softwarehandbuch (HKLM-x32\...\ESPR200 Softwarehandbuch) (Version: - ) FileZilla Client 3.9.0.6 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0.6 - Tim Kosse) FoxTab PDF Creator (HKU\S-1-5-21-39457134-2311114567-1202830544-1000\...\FoxTab PDF Creator) (Version: - ) <==== ATTENTION Free 3D Photo Maker version 2.0.13.1206 (HKLM-x32\...\Free 3D Photo Maker_is1) (Version: - DVDVideoSoft Ltd.) Free Studio version 5.3.2 (HKLM-x32\...\Free Studio_is1) (Version: - DVDVideoSoft Ltd.) Free Video to Flash Converter version 5.0.3.1206 (HKLM-x32\...\Free Video to Flash Converter_is1) (Version: - DVDVideoSoft Ltd.) Free YouTube Download version 3.2.20.1230 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.20.1230 - DVDVideoSoft Ltd.) Free YouTube to DVD Converter version 3.0.28.1201 (HKLM-x32\...\Free YouTube to DVD Converter_is1) (Version: 3.0.28.1201 - DVDVideoSoft Ltd.) Free YouTube to MP3 Converter version 3.12.55.219 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.55.219 - DVDVideoSoft Ltd.) Glary Utilities 2.41.0.1358 (HKLM-x32\...\Glary Utilities_is1) (Version: 2.41.0.1358 - Glarysoft Ltd) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.) Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden Hardlock Gerätetreiber (HKLM-x32\...\Hardlock Gerätetreiber) (Version: - ) HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version: - EFD Software) HDR Projects platin (64-Bit) (HKLM\...\HDR Projects platin_is1) (Version: 1.23 - Franzis Verlag GmbH) Hello Engines! Standard 4 (HKLM-x32\...\{51974F4F-7A40-48AE-99B8-243F34F17884}) (Version: 4.0.1 - AceBIT) Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 1.00.3004 - Acer Incorporated) HWiNFO64 Version 4.36 (HKLM\...\HWiNFO64_is1) (Version: 4.36 - Martin Malík - REALiX) Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3001 - Acer Incorporated) ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation) iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.) iZotope VST Plug-ins (HKLM-x32\...\iZotope VST Plug-ins_is1) (Version: 1.00 - iZotope, Inc.) Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle) Junk Mail filter update (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden king.com (remove only) (HKLM-x32\...\king.com) (Version: - Midasplayer Ltd (king.com)) Logitech SetPoint (HKLM-x32\...\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}) (Version: 3.3 - Logitech) Macromedia Flash MX (HKLM-x32\...\{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}) (Version: 6 - Macromedia) McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.) Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation) Microsoft Office PowerPoint Viewer 2007 (German) (HKLM-x32\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{D285FC5F-3021-32E9-9C59-24CA325BDC5C}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Works (HKLM-x32\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation) Mozilla Firefox 27.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 27.0 (x86 de)) (Version: 27.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.2.0 - Mozilla) Mozilla Thunderbird 31.4.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.4.0 (x86 de)) (Version: 31.4.0 - Mozilla) MP3 Recorder for YouTube 1.0 Professional-E (HKLM-x32\...\{2ED4869A-6D7B-4a8f-8261-B842DA4852FA}_is1) (Version: - ) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MT66 Software Update (HKLM-x32\...\{F2E4F3A5-A8F0-46F4-8E91-E8C1DE1FCFE5}_is1) (Version: - ) MyFreeCodec (HKU\S-1-5-21-39457134-2311114567-1202830544-1000\...\MyFreeCodec) (Version: - ) MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.4 - F.J. Wechselberger) MyWinLocker (HKLM-x32\...\{68301905-2DEA-41CE-A4D4-E8B443B099BA}) (Version: 3.1.72.0 - Egis Technology Inc.) Nero 9 Essentials (HKLM-x32\...\{bd521da1-d38b-47ae-824a-c66007866327}) (Version: - Nero AG) NetObjects Fusion 10.0 (HKLM-x32\...\{963938DE-34BE-471A-A341-5318413CEA31}) (Version: 10.0 German - ) NetObjects Fusion 12.0 (HKLM-x32\...\{50F2611D-E53E-4FAD-9A62-50984A9B3DA5}) (Version: 12 German - NetObjects) NetObjects Fusion 12.0 (x32 Version: 12.00.5000.5222 - NetObjects) Hidden NewBlue Effects for EDIUS 5 (HKLM-x32\...\NewBlue Effects for EDIUS 5) (Version: - ) NexusFont 2.5 (ver 2.5.7.1562) (HKLM-x32\...\{EFEDD205-43FE-4208-B682-0937E803E19E}_is1) (Version: - xiles) Nikon Scan (HKLM-x32\...\{9AE4AC96-A5F4-4F19-9D13-066C8B3CE034}) (Version: 4.0 - ) NVIDIA 3D Vision Treiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation) NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 1.10 - NVIDIA Corporation) NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10 - NVIDIA Corporation) NVIDIA Grafiktreiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation) NVIDIA PhysX (HKLM-x32\...\{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}) (Version: 9.09.1112 - NVIDIA Corporation) NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation) Nvu 1.0 (HKLM-x32\...\Nvu_is1) (Version: 1.0 - Thorsten Fritz) OpenAL (HKLM-x32\...\OpenAL) (Version: - ) OpenOffice 4.1.0 (HKLM-x32\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation) PcCloneEX (HKLM-x32\...\PcCloneEX) (Version: - ) PDF Architect 2 (HKLM-x32\...\PDF Architect 2) (Version: 2.0.51.17865 - pdfforge GmbH) PDF Architect 2 Create Module (x32 Version: 2.1.6.19758 - pdfforge GmbH) Hidden PDF Architect 2 Edit Module (x32 Version: 2.1.6.19758 - pdfforge GmbH) Hidden PDF Architect 2 View Module (x32 Version: 2.1.6.19758 - pdfforge GmbH) Hidden PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.0.1 - pdfforge) PIF DESIGNER2.1 (HKLM-x32\...\{23B59B9F-C360-11D7-875B-0090CC005647}) (Version: - ) PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation) ProCoder 3 (HKLM-x32\...\{663118ED-6E80-45D6-9484-6830798B8B86}) (Version: 3.05.91 - Grass Valley) proDAD Heroglyph PEARL Edition 2.0 (HKLM-x32\...\proDAD-Heroglyph-2.0) (Version: - ) proDAD Mercalli 1.0 (HKLM-x32\...\proDAD-Mercalli-1.0) (Version: - ) proDAD Vitascene 1.0 (HKLM-x32\...\proDAD-Vitascene-1.0) (Version: - ) ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.12 - ProtectDisc Software GmbH) QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.) RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5898 - Realtek Semiconductor Corp.) RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden Rossmann Fotowelt Software 4.13 (HKLM-x32\...\Rossmann Fotowelt Software) (Version: 4.13 - ORWO Net) ScanToWeb (HKLM-x32\...\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}) (Version: - ) Setup (x32 Version: 2.01.01 - Default Company Name) Hidden SilverFast 8.2.0r3 (64bit) (HKLM-x32\...\SilverFast 8 x64) (Version: 8.2.0r3 - LaserSoft Imaging AG) Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation) Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.) SmartPCFixer 4.2 (HKLM\...\{2C5927BD-3F65-4207-8FB5-8EDF638A3511}_is1) (Version: 4.2 - LionSea Software) <==== ATTENTION Soft32 Updater (HKU\S-1-5-21-39457134-2311114567-1202830544-1000\...\{9452E3A1-8F98-44D7-9CC9-522F5D36AA9E}_is1) (Version: 1.0.2.0 - Soft32) SSC Service Utility v4.30 (HKLM-x32\...\SSC Service Utility_is1) (Version: - SSC Localization Group) System Requirements Lab (HKLM-x32\...\SystemRequirementsLab) (Version: - ) System Speedup (HKLM-x32\...\System Speedup_is1) (Version: 2.1 - systemspeedup.com) TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.340 - TuneUp Software) Hidden TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities) (Version: 14.0.1000.340 - TuneUp Software) TuneUp Utilities 2014 (x32 Version: 14.0.1000.340 - TuneUp Software) Hidden Ulead DVD MovieFactory 5 (HKLM-x32\...\{B01CC90F-C153-468A-BC33-7BE8A9B8A3D0}) (Version: 5.7 - Corel Corporation) Ulead GIF Animator 5 (HKLM-x32\...\{8AF3E926-ED59-11D4-A44B-0000E86D2305}) (Version: - ) Uninstall 1.0.0.1 (HKLM-x32\...\Uninstall_is1) (Version: - ) Update for Zip Opener (HKU\S-1-5-21-39457134-2311114567-1202830544-1000\...\DSite) (Version: - ) <==== ATTENTION Vasco da Gama 4 HDPro (HKLM-x32\...\{05BBF12D-565E-4212-8BDD-C482C72866DD}) (Version: 4.00.0000 - MotionStudios) VisualLightBox (HKLM-x32\...\VisualLightBox_is1) (Version: - ) VueScan (HKLM-x32\...\VueScan) (Version: - ) VueScan x64 (HKLM\...\VueScan x64) (Version: - ) Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.00.3005 - Acer Incorporated) Win7 Games Familie (HKLM-x32\...\{BA104239-E026-4F14-84E5-21D8232879B7}_is1) (Version: - ) Windows Live Anmelde-Assistent (HKLM-x32\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation) Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8064.0206 - Microsoft Corporation) Windows Live Sync (HKLM-x32\...\{ED636101-1959-4360-8BF7-209436E7DEE4}) (Version: 14.0.8064.206 - Microsoft Corporation) Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation) Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version: - ) WinMerge 2.12.4 (HKLM-x32\...\WinMerge_is1) (Version: 2.12.4 - Thingamahoochie Software) Yahoo Community Smartbar Engine (HKU\S-1-5-21-39457134-2311114567-1202830544-1000\...\{507781d8-8ffe-4a7c-a107-2969c1d750c1}) (Version: 1.51.66.11081 - Linkury Inc.) <==== ATTENTION Zip Opener Packages (HKU\S-1-5-21-39457134-2311114567-1202830544-1000\...\Zip Opener Packages) (Version: - ) <==== ATTENTION ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-39457134-2311114567-1202830544-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\ulfilas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-39457134-2311114567-1202830544-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\ulfilas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-39457134-2311114567-1202830544-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ulfilas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-39457134-2311114567-1202830544-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ulfilas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-39457134-2311114567-1202830544-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ulfilas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-39457134-2311114567-1202830544-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ulfilas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-39457134-2311114567-1202830544-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ulfilas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-39457134-2311114567-1202830544-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ulfilas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-39457134-2311114567-1202830544-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ulfilas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-39457134-2311114567-1202830544-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ulfilas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ==================== Restore Points ========================= 19-02-2015 13:33:37 Geplanter Prüfpunkt 20-02-2015 14:03:26 Uniblue PC Mechanic installation 22-02-2015 23:23:15 Windows Update 23-02-2015 15:43:15 Removed Firebird SQL Server - MAGIX Edition 23-02-2015 15:44:24 Microsoft Office File Validation Add-In wird entfernt 23-02-2015 15:44:49 Removed Microsoft Office Home and Student 2007 23-02-2015 16:12:52 Microsoft Office PowerPoint Viewer 2007 (German) wird entfernt 23-02-2015 16:13:24 Removed Microsoft Office Language Pack 2007 - German/Deutsch 23-02-2015 17:23:58 Software Removal Tool ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0A7BBAD0-2F92-4427-ADC4-28FA2D114777} - System32\Tasks\{DF64A0B2-4826-4E01-8091-D3A91ED4E841} => pcalua.exe -a E:\Welcome.exe -d E:\ Task: {1381D620-C902-4016-8B56-2C87F6F18E7F} - System32\Tasks\{F4DDE730-B0CE-4463-BE94-21E2CDBA82F4} => pcalua.exe -a "C:\Users\ulfilas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ZYFR01Y\195.62_desktop_win7_winvista_32bit_international_whql[1].exe" -d C:\Users\ulfilas\Desktop Task: {1527BC50-3043-4B84-B207-666432B8DDC9} - System32\Tasks\System Speedupsch => C:\Program Files (x86)\System Speedup\SystemSpeedup.exe [2013-05-28] (System Speedup) Task: {1672CAB8-6D98-49BA-917E-F30560029FC6} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe [2014-07-16] (TuneUp Software) Task: {16CA613C-B1F6-4F24-B4E9-B3968DEB7021} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.) Task: {228F388E-D5FD-408A-B51F-64B7FCA64DDC} - System32\Tasks\Advanced System Protector => C:\Program Files (x86)\RegClean Pro\SystweakASP.exe <==== ATTENTION Task: {23892EBA-9C54-41A4-979C-625109861922} - System32\Tasks\{E723FADB-826B-409F-B51A-ABE2C0772FB3} => pcalua.exe -a C:\Users\ulfilas\Downloads\EDIUS5UPD_v512\SetupManagerForEDIUS.exe -d C:\Users\ulfilas\Downloads\EDIUS5UPD_v512 Task: {24F0E4AF-4402-417A-BA63-BF176D79B6BE} - System32\Tasks\{0271A1CB-9DF8-4E25-9C38-8C343215C965} => pcalua.exe -a C:\Users\ulfilas\AppData\Local\Temp\Temp1_EDIUS5UPD_v510.part01.zip\EDIUS5UPD_v510.part01.exe Task: {39538910-0BAF-4ABA-9AE9-B45A02B670E6} - System32\Tasks\{CDF299DB-8317-43C4-936A-416101AD5113} => pcalua.exe -a E:\setup.exe -d E:\ Task: {438FC2CB-0C76-459A-9726-6BC54E8722A6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {47941720-6160-4E8E-8F08-4C598E41CB62} - System32\Tasks\{9083B65D-7109-4848-B33E-51D981E0E74E} => pcalua.exe -a "E:\EDIUS_5_weitereUpdates\iZotope EdiusVST_501.exe" -d E:\EDIUS_5_weitereUpdates Task: {484D1538-4973-4ABD-8C2C-19CFC1F30D7A} - System32\Tasks\{5D122795-2115-4DCB-8BCE-DA32635C030A} => pcalua.exe -a "C:\Program Files (x86)\Wings of War\setup.exe" Task: {4B6F66AB-627E-4D4D-A156-16FE40B79DD7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.) Task: {537FF9F3-82C1-40A5-9A2E-A8632CE1F139} - System32\Tasks\{185ADA29-097A-4C46-9086-1357D0CFF13D} => C:\Program Files (x86)\NetObjects\NetObjects Fusion 10.0\Fusion.exe [2009-04-06] (NetObjects) Task: {5BA23C81-C9A7-4491-B40F-5E14A30D07C2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated) Task: {5E7DF6CC-AC1D-4630-8E1C-40C2E0A3A470} - System32\Tasks\{62C59ABE-DBE3-412F-BDDD-E400263A4057} => pcalua.exe -a E:\EDIUS_5_weitereUpdates\mercalli-10-edius.exe -d E:\EDIUS_5_weitereUpdates Task: {6139358D-23D0-4326-8666-772D86C918D3} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-39457134-2311114567-1202830544-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-01-30] (RealNetworks, Inc.) Task: {61F40EA4-A210-4ECB-B008-15111BDE5688} - System32\Tasks\System Speedup_DEFAULT => C:\Program Files (x86)\System Speedup\SystemSpeedup.exe [2013-05-28] (System Speedup) Task: {6244E85A-E40A-42A9-8FBE-BC773950EE4D} - System32\Tasks\{A8FAB7F2-7994-4CB7-8D60-8D9062F36C85} => pcalua.exe -a "C:\Users\ulfilas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PK2THV5G\license-vs10-edius-final-setup[1].exe" -d C:\Users\ulfilas\Desktop Task: {67176B93-9DE5-4F91-8E92-DBE2252091BE} - System32\Tasks\{574334F4-9D1A-4896-A282-A829874577FE} => pcalua.exe -a E:\ABCFontViewer.exe -d E:\ Task: {7C4306B5-AE52-44CD-8848-6699D0CD04AD} - System32\Tasks\System Speedup_UPDATES => C:\Program Files (x86)\System Speedup\SystemSpeedup.exe [2013-05-28] (System Speedup) Task: {81C7775D-FDEF-46C8-AC84-E83709FE379E} - System32\Tasks\{56A937FD-58C7-4C87-AC78-E23245BCED96} => pcalua.exe -a C:\Users\ulfilas\Desktop\license-mc10-edius-final-setup.exe -d C:\Users\ulfilas\Desktop Task: {8920A950-358C-4053-9B20-81417750B0C7} - System32\Tasks\{029039E4-BD59-450A-BAC5-571366525B7F} => pcalua.exe -a "C:\Users\ulfilas\AppData\Local\Temp\Temp1_PX3130_12_83079 (1).zip\Backup software\Setup.exe" Task: {8A32DAE3-73DA-4E5A-B724-C90C00F6AF94} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-39457134-2311114567-1202830544-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-01-30] (RealNetworks, Inc.) Task: {97FE8EA6-E00E-40E1-9BAD-75C1C8844E62} - System32\Tasks\{3C689CEF-9D7E-4CCC-8361-73EA8FCE44B3} => pcalua.exe -a E:\setup.exe -d E:\ Task: {9AB0A1F1-E8E4-4C27-AFDE-511F8A46476B} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-09-26] (Oracle Corporation) Task: {A2B9B6C4-5B90-458A-BFA5-AA376C0D4B89} - System32\Tasks\MT66 Software Update => C:\Program Files (x86)\Common Files\MT66 Software Update\UpdateClient.exe [2009-11-18] (MedienTeam66) Task: {A8AAD325-B2C6-4F99-B550-4374A79E4BDD} - System32\Tasks\AdobeAAMUpdater-1.0-ulfilas-PC2-ulfilas => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated) Task: {AE8BB2BF-F88F-4DA1-8F80-940219156894} - System32\Tasks\{0977B413-051A-436E-B469-A3FD6874AD87} => pcalua.exe -a "E:\EDIUS_5_weitereUpdates\ProDAD EDIUS 5 Plug-ins für optional erhältliche Software\adoplugins.exe" -d "E:\EDIUS_5_weitereUpdates\ProDAD EDIUS 5 Plug-ins für optional erhältliche Software" Task: {AE962257-722B-4C5F-81E0-3EB11F78862F} - System32\Tasks\BitGuard => Sc.exe start BitGuard <==== ATTENTION Task: {B226D1FD-5E7A-4A78-B6AE-EC3C6BE37E27} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {B80842B3-E3B5-4075-9BFF-BFE584E8CBAE} - System32\Tasks\{6726E861-BE61-476F-A0A6-B34BBB729385} => pcalua.exe -a "C:\Users\ulfilas\Downloads\ns403de (2).exe" -d C:\Users\ulfilas\Downloads Task: {DB260857-6A49-46B2-9E6F-31AD5E196803} - System32\Tasks\{6D75AA2F-72CF-4FA8-9A24-3781C616535B} => pcalua.exe -a C:\Users\ulfilas\Downloads\kinginstaller.exe -d C:\Users\ulfilas\Downloads Task: {E1162C2C-F04B-4E5C-B38B-F090EC0942C8} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {E1AB0DC2-78C8-459C-99C6-89474A381581} - System32\Tasks\GlaryInitialize => C:\Program Files (x86)\Glary Utilities\initialize.exe [2011-12-27] (Glarysoft Ltd) Task: {E5DD81AA-A581-4826-8798-606DDCE7D4CF} - System32\Tasks\{BD5AA116-3872-46FA-B9EE-30DA74ED1DCB} => pcalua.exe -a C:\Users\ulfilas\Downloads\Rossmann_Fotosoftware_Setup.exe -d C:\Users\ulfilas\Downloads Task: {EB6FA328-6145-40FE-9859-32F6D861E87D} - System32\Tasks\{504E8EFE-07DF-49D7-ACB0-363966DCD849} => pcalua.exe -a "C:\Users\ulfilas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AA2KSY5V\googleearthwin-peruser[1].exe" -d C:\Users\ulfilas\Desktop Task: {ECF69DC5-821A-4F8E-9C9E-DCBC1C929D3A} - System32\Tasks\GoogleUpdateTaskMachineCore1cf6b0a3cdc10aa => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.) Task: {F38D329C-FDB3-436C-818A-A8FA6DE94742} - System32\Tasks\{A70B6C0D-4BB2-4B0D-ADF4-7E9C82D6D666} => C:\Program Files (x86)\NetObjects\NetObjects Fusion 10.0\Fusion.exe [2009-04-06] (NetObjects) Task: {FBE3B2B7-17E9-4943-AED4-A1ACC00EC1D3} - System32\Tasks\{F0374E83-0A2C-4373-8124-2CB1427251BE} => C:\Program Files (x86)\NetObjects\NetObjects Fusion 10.0\Fusion.exe [2009-04-06] (NetObjects) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GlaryInitialize.job => C:\Program Files (x86)\Glary Utilities\initialize.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf6b0a3cdc10aa.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\MT66 Software Update.job => C:\Program Files (x86)\Common Files\MT66 Software Update\UpdateClient.exe Task: C:\Windows\Tasks\System Speedupsch.job => C:\Program Files (x86)\System Speedup\SystemSpeedup.exe Task: C:\Windows\Tasks\System Speedup_DEFAULT.job => C:\Program Files (x86)\System Speedup\SystemSpeedup.exe Task: C:\Windows\Tasks\System Speedup_UPDATES.job => C:\Program Files (x86)\System Speedup\SystemSpeedup.exe ==================== Loaded Modules (whitelisted) ============== 2012-11-20 03:02 - 2013-01-18 16:00 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2012-04-21 13:09 - 2011-10-04 21:43 - 00087552 _____ () C:\Windows\System32\custmon64i.dll 2014-07-16 09:24 - 2014-07-16 09:24 - 00699704 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\avgrepliba.dll 2014-05-01 20:29 - 2014-05-01 20:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll 2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2015-02-10 22:00 - 2015-02-10 22:00 - 00750080 _____ () C:\Users\ulfilas\AppData\Roaming\Dropbox\bin\libGLESv2.dll 2015-02-23 14:04 - 2015-02-23 14:04 - 00043008 _____ () c:\users\ulfilas\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpx209hw.dll 2015-02-10 22:00 - 2015-02-10 22:00 - 00047616 _____ () C:\Users\ulfilas\AppData\Roaming\Dropbox\bin\libEGL.dll 2015-02-10 22:00 - 2015-02-10 22:00 - 00865280 _____ () C:\Users\ulfilas\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll 2015-02-10 22:00 - 2015-02-10 22:00 - 00200704 _____ () C:\Users\ulfilas\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll 2012-01-31 19:25 - 2012-01-31 19:25 - 00048640 _____ () C:\Program Files (x86)\AOL Desktop 9.7\zlib.dll 2012-01-31 19:25 - 2012-01-31 19:25 - 00094208 _____ () C:\Program Files (x86)\AOL Desktop 9.7\Components\Tier2Svc.dll 2012-01-31 19:25 - 2012-01-31 19:25 - 00060928 _____ () C:\Program Files (x86)\AOL Desktop 9.7\Components\DataSvcs.dll 2014-10-16 10:15 - 2014-10-16 10:15 - 00035328 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll 2014-05-24 17:41 - 2014-05-24 17:41 - 00091648 _____ () C:\Program Files (x86)\FileZilla FTP Client\libgcc_s_sjlj-1.dll 2014-05-24 17:41 - 2014-05-24 17:41 - 00892416 _____ () C:\Program Files (x86)\FileZilla FTP Client\libstdc++-6.dll 2015-02-20 15:55 - 2015-02-17 23:44 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libglesv2.dll 2015-02-20 15:55 - 2015-02-17 23:44 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libegl.dll 2015-02-20 15:55 - 2015-02-17 23:44 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\pdf.dll 2015-02-20 15:55 - 2015-02-17 23:44 - 14965064 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\Temp:0B9176C0 AlternateDataStreams: C:\ProgramData\Temp:423BBE9A AlternateDataStreams: C:\ProgramData\Temp:4D066AD2 AlternateDataStreams: C:\ProgramData\Temp:58DD92AC AlternateDataStreams: C:\ProgramData\Temp:5D7E5A8F AlternateDataStreams: C:\ProgramData\Temp:93DE1838 AlternateDataStreams: C:\ProgramData\Temp:AB689DEA AlternateDataStreams: C:\ProgramData\Temp:D1B5B4F1 AlternateDataStreams: C:\ProgramData\Temp:DDE7FCF4 AlternateDataStreams: C:\ProgramData\Temp:E1F04E8D ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-39457134-2311114567-1202830544-1000\Control Panel\Desktop\\Wallpaper -> DNS Servers: 192.168.2.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk => C:\Windows\pss\Adobe Gamma Loader.exe.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk => C:\Windows\pss\Logitech SetPoint.lnk.CommonStartup MSCONFIG\startupfolder: C:^Users^ulfilas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^_uninst_57685536.lnk => C:\Windows\pss\_uninst_57685536.lnk.Startup MSCONFIG\startupreg: ACSW14DE => "C:\Program Files (x86)\ACD Systems\ACDSee\14.0\ACDSeeInTouch2.exe" /pid ACSW14DE MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\ulfilas\AppData\Local\Akamai\netsession_win.exe" MSCONFIG\startupreg: AOL Fast Start => "C:\Program Files (x86)\AOL Desktop 9.6\AOL.EXE" -b MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: ArcadeDeluxeAgent => "C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" MSCONFIG\startupreg: EgisTecLiveUpdate => "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" MSCONFIG\startupreg: EPSON Stylus Photo R285 Series => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICKE.EXE /FU "C:\Windows\TEMP\E_SAF88.tmp" /EF "HKCU" MSCONFIG\startupreg: HostManager => C:\Program Files (x86)\Common Files\AOL\1294882704\ee\AOLSoftware.exe MSCONFIG\startupreg: Hotkey Utility => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe MSCONFIG\startupreg: IAAnotif => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe MSCONFIG\startupreg: IMBooster => C:\Program Files (x86)\Iminent\IMBooster\imbooster.exe /warmup MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: Kernel and Hardware Abstraction Layer => KHALMNPR.EXE MSCONFIG\startupreg: mwlDaemon => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe MSCONFIG\startupreg: NexusServer => "C:\Program Files (x86)\Common Files\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe" -SelfLaunch MSCONFIG\startupreg: NortonOnlineBackupReminder => "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED MSCONFIG\startupreg: PlayMovie => "C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun MSCONFIG\startupreg: Soft32 Updater.exe => C:\Users\ulfilas\AppData\Local\Soft32\Soft32 Updater\Soft32 Updater.exe /SILENT MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: TkBellExe => "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot ==================== Accounts: ============================= Administrator (S-1-5-21-39457134-2311114567-1202830544-500 - Administrator - Disabled) Gast (S-1-5-21-39457134-2311114567-1202830544-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-39457134-2311114567-1202830544-1002 - Limited - Enabled) ulfilas (S-1-5-21-39457134-2311114567-1202830544-1000 - Administrator - Enabled) => C:\Users\ulfilas UpdatusUser (S-1-5-21-39457134-2311114567-1202830544-1003 - Limited - Enabled) => C:\Users\UpdatusUser ==================== Faulty Device Manager Devices ============= Name: PS/2 Mouse Description: PS/2 Mouse Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318} Manufacturer: Logitech Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: Teredo Tunneling Pseudo-Interface Description: Microsoft-Teredo-Tunneling-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (02/23/2015 02:03:28 PM) (Source: Avira Service Host) (EventID: 0) (User: ) Description: Fehler beim Verarbeiten von Sitzungsänderung. System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt. bei Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription) bei System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId) Error: (02/23/2015 01:46:26 PM) (Source: MsiInstaller) (EventID: 10005) (User: ulfilas-PC2) Description: Produkt: Shopping App by Ask -- Fehler 25001. Die folgenden Anwendungen sollten geschlossen werden, bevor Sie mit der Deinstallation fortfahren: Google Chrome Error: (02/23/2015 01:46:19 PM) (Source: MsiInstaller) (EventID: 10005) (User: ulfilas-PC2) Description: Produkt: Shopping App by Ask -- Fehler 25001. Die folgenden Anwendungen sollten geschlossen werden, bevor Sie mit der Deinstallation fortfahren: Google Chrome Error: (02/23/2015 01:46:17 PM) (Source: MsiInstaller) (EventID: 10005) (User: ulfilas-PC2) Description: Produkt: Shopping App by Ask -- Fehler 25001. Die folgenden Anwendungen sollten geschlossen werden, bevor Sie mit der Deinstallation fortfahren: Google Chrome Error: (02/23/2015 01:46:04 PM) (Source: MsiInstaller) (EventID: 10005) (User: ulfilas-PC2) Description: Produkt: Shopping App by Ask -- Fehler 25001. Die folgenden Anwendungen sollten geschlossen werden, bevor Sie mit der Deinstallation fortfahren: Google Chrome Error: (02/20/2015 04:50:19 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: DVDCreator.exe, Version: 5.10.0.8, Zeitstempel: 0x4a3a7e4f Name des fehlerhaften Moduls: MSVCR90.dll, Version: 9.0.30729.6161, Zeitstempel: 0x4dace5b9 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0003ae7a ID des fehlerhaften Prozesses: 0x12c4 Startzeit der fehlerhaften Anwendung: 0xDVDCreator.exe0 Pfad der fehlerhaften Anwendung: DVDCreator.exe1 Pfad des fehlerhaften Moduls: DVDCreator.exe2 Berichtskennung: DVDCreator.exe3 Error: (02/20/2015 04:49:48 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: DVDCreator.exe, Version: 5.10.0.8, Zeitstempel: 0x4a3a7e4f Name des fehlerhaften Moduls: MSVCR90.dll, Version: 9.0.30729.6161, Zeitstempel: 0x4dace5b9 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0003ae7a ID des fehlerhaften Prozesses: 0x53c Startzeit der fehlerhaften Anwendung: 0xDVDCreator.exe0 Pfad der fehlerhaften Anwendung: DVDCreator.exe1 Pfad des fehlerhaften Moduls: DVDCreator.exe2 Berichtskennung: DVDCreator.exe3 Error: (02/20/2015 04:48:36 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: DVDCreator.exe, Version: 5.10.0.8, Zeitstempel: 0x4a3a7e4f Name des fehlerhaften Moduls: MSVCR90.dll, Version: 9.0.30729.6161, Zeitstempel: 0x4dace5b9 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0003ae7a ID des fehlerhaften Prozesses: 0xe8c Startzeit der fehlerhaften Anwendung: 0xDVDCreator.exe0 Pfad der fehlerhaften Anwendung: DVDCreator.exe1 Pfad des fehlerhaften Moduls: DVDCreator.exe2 Berichtskennung: DVDCreator.exe3 Error: (02/19/2015 02:10:23 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: Nikon Scan.exe, Version: 4.0.3.3000, Zeitstempel: 0x405e6549 Name des fehlerhaften Moduls: LS5000.md3, Version: 1.0.0.3014, Zeitstempel: 0x45c8465c Ausnahmecode: 0xc0000005 Fehleroffset: 0x00086f07 ID des fehlerhaften Prozesses: 0xff0 Startzeit der fehlerhaften Anwendung: 0xNikon Scan.exe0 Pfad der fehlerhaften Anwendung: Nikon Scan.exe1 Pfad des fehlerhaften Moduls: Nikon Scan.exe2 Berichtskennung: Nikon Scan.exe3 Error: (02/19/2015 00:30:31 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: Nikon Scan.exe, Version: 4.0.3.3000, Zeitstempel: 0x405e6549 Name des fehlerhaften Moduls: LS9000.md3, Version: 1.0.0.3009, Zeitstempel: 0x45c84720 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00026fb7 ID des fehlerhaften Prozesses: 0x4e9c Startzeit der fehlerhaften Anwendung: 0xNikon Scan.exe0 Pfad der fehlerhaften Anwendung: Nikon Scan.exe1 Pfad des fehlerhaften Moduls: Nikon Scan.exe2 Berichtskennung: Nikon Scan.exe3 System errors: ============= Error: (02/23/2015 05:00:33 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10. Error: (02/23/2015 05:00:33 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10. Error: (02/23/2015 05:00:33 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10. Error: (02/23/2015 02:06:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error: (02/23/2015 02:06:29 PM) (Source: Service Control Manager) (EventID: 7038) (User: ) Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error: (02/23/2015 02:04:27 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: FNETURPX Error: (02/23/2015 02:02:09 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\FNETURPX.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten. Error: (02/23/2015 01:39:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error: (02/23/2015 01:39:04 PM) (Source: Service Control Manager) (EventID: 7038) (User: ) Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error: (02/23/2015 01:37:02 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: FNETURPX Microsoft Office Sessions: ========================= ==================== Memory info =========================== Processor: Intel(R) Core(TM)2 Quad CPU Q8300 @ 2.50GHz Percentage of memory in use: 43% Total physical RAM: 6143.14 MB Available physical RAM: 3469.03 MB Total Pagefile: 12284.47 MB Available Pagefile: 8983.3 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: (Acer) (Fixed) (Total:690.95 GB) (Free:122.23 GB) NTFS Drive d: (DATA) (Fixed) (Total:691.21 GB) (Free:96.92 GB) NTFS Drive f: (TOSHIBA EXT) (Fixed) (Total:2794.51 GB) (Free:2562.69 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: 3A331294) Partition 1: (Not Active) - (Size=15 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=691 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=691.2 GB) - (Type=07 NTFS) Attempted reading MBR returned 0 bytes. Could not read MBR for disk 1. ==================== End Of Log ============================ |
24.02.2015, 07:01 | #4 |
/// the machine /// TB-Ausbilder | Roll Around Virus eingefangen Lade Dir bitte von hier Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
24.02.2015, 10:21 | #5 |
| Roll Around Virus eingefangen Hallo, ich habe jetzt den Revo Uninstaller ausgeführt, indem ich die beschriebenen Schritte für jedes Programm jeweils nacheinander durchlaufen habe. Alle angegebenen Programme gleichzeitig auszuwählen, war nicht möglich. Ich hoffe, dies war so korrekt. Zwischendurch erhielt ich jedesmal eine Fehlermeldung: Ich habe jeweils auf "Ok" geklickt und den Prozeß fortgesetzt. Nach jedem Entfernen eines Programms habe ich dann, wie beschrieben, die Reste gelöscht. Am Ende eines jeden Durchlaufs konnte ich nur "Zurück" klicken oder "Abbruch". Da ein - probeweiser - Klick auf "Zurück" die Meldung lieferte, ich würde dadurch den moderaten Modus verlassen und mit einem anderen Modus eine tiefere Suche starten (sinngemäß), habe ich mit nach jedem Durchlauf für das Klicken auf "Abbruch" entschieden. War das korrekt? Zwei der in deiner Auflistung genannten Programme habe ich im Fenster "Uninstall" nicht gefunden, und zwar "SmartPCFixer 4.2" und "Update for Zip Opener". Sollen die auf meinem Rechner tatsächlich vorhanden sein, oder war dies eine Standard-Auflistung? Da ich mir nun nicht sicher bin, ob ich bisher alles richtig gemacht habe, stoppe ich an dieser Stelle erstmal und warte deine Antwort ab. Der Scan mit Combofix steht daher zur Zeit noch aus. Viele Grüße Wolfgang |
24.02.2015, 17:04 | #6 |
/// the machine /// TB-Ausbilder | Roll Around Virus eingefangen Nein, nicht Abbruch klicken. Wenn das Reste löschen vorbei ist solltest Du wieder auf der Hauptseite von Revo landen, mit der Anzeige der installierten Programme. Programme die dort nicht gelistet sind normal über Windows deinstallieren. Egal ob das klappt oder nicht, direkt weiter mit Combofix.
__________________ --> Roll Around Virus eingefangen |
24.02.2015, 19:10 | #7 |
| Roll Around Virus eingefangen Vermutlich habe ich jetzt schon einen Fehler gemacht, indem ich Combofix heruntergeladen und sofort gestartet habe. Es lief auch alles schön durch bis zu dem Punkt, an dem ich darauf hingewiesen wurde, daß Avira und Microsoft Security Essentials noch am Laufen seien. Dieses Dialogfenster habe ich geöffnet gelassen und daraufhin versucht, Avira und Microsoft Security Essentials zu deaktivieren. Ich klickte dann im Dialogfenster von Combofix auf "Ok", um den Prozeß fortzusetzen. Microsoft Security Essentials scheint auch deaktiviert zu sein, Avira aber offenbar nicht, wie sich aus der darauf folgenden Meldung schließen läßt. Was das Deaktivieren von Avira betrifft, bin ich jetzt allerdings auch überfragt. Im Dialogfeld, daß ich über die Leiste am unteren Bildschirmrand aufmachen kann, läßt sich ncihts weiter tun. Klicke ich auf "Geräte verwalten", tut sich gar nichts. Klicke ich über der grünen Fläche "Free Antivirus" auf "Öffnen" (das beim Überfahren mit der Maus sichtbar wird), tut sich dort auch nichts. Combofix warnt mich jetzt, mit dem Suchlauf fortzufahren. Was soll ich tun? Das Combofix-Dialogfeld habe ich nach wie vor offen. Hier ein Screenshot der Combofix- und Avira-Dialogfenster: |
25.02.2015, 07:10 | #8 |
/// the machine /// TB-Ausbilder | Roll Around Virus eingefangen fortfahren
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
26.02.2015, 11:44 | #9 |
| Roll Around Virus eingefangen Hallo, Combofix ist jetzt durchgelaufen. Unten folgt das gelieferte Ergebnis. Zu meiner Schande muß ich aber gestehen, daß ich zwischenzeitlich doch geklickt habe, und auch noch ins blaue Combofix-Fenster hinein: An irgendeiner Stelle meldete Combofix, daß 50 Routinen jetzt beendet seien. Da sich nichts mehr tat, ging ich davon aus, der komplette Ablauf sei beendet und ich müsse jetzt den Text aus diesem Fenster kopieren. Das war aber ein Irrtum. Ich konnte ja nicht wissen, wann genau der Prozeß beendet sein würde. Das Problem ist auch tatsächlich noch nicht behoben. Während ich jetzt auf dieser Seite bin, erscheinen weiterhin Werbeeinblendungen von Roll Around und es gehen von allein entsprechende Seiten auf, die ich nicht sehen will. Hier aber nun erstmal die Textdatei von Combofix: Code:
ATTFilter ComboFix 15-02-16.01 - ulfilas 26.02.2015 11:08:29.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.6143.3657 [GMT 1:00] ausgeführt von:: c:\users\ulfilas\Downloads\ComboFix.exe AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859} AV: Microsoft Security Essentials *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A} SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4} SP: Microsoft Security Essentials *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\Common Files\Acer GameZone online.ico c:\users\ulfilas\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll c:\users\ulfilas\AppData\Roaming\.# c:\windows\IsUn0407.exe c:\windows\msdownld.tmp c:\windows\security\Database\tmp.edb c:\windows\SysWow64\tmp35EE.tmp c:\windows\SysWow64\tmp360E.tmp c:\windows\SysWow64\tmpBB85.tmp c:\windows\SysWow64\UNWISE.EXE F:\install.exe . . ((((((((((((((((((((((((((((((((((((((( Treiber/Dienste ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_ACEDRV11 -------\Service_acedrv11 . . ((((((((((((((((((((((( Dateien erstellt von 2015-01-26 bis 2015-02-26 )))))))))))))))))))))))))))))) . . 2015-02-26 10:19 . 2015-02-26 10:19 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2015-02-26 10:19 . 2015-02-26 10:19 -------- d-----w- c:\users\Default\AppData\Local\temp 2015-02-25 22:37 . 2015-01-29 09:07 11910896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{187FB08E-A80B-423B-8990-F87403485FCD}\mpengine.dll 2015-02-24 19:34 . 2015-01-29 09:07 11910896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2015-02-24 08:45 . 2015-02-24 08:45 -------- d-----w- c:\program files (x86)\VS Revo Group 2015-02-23 17:16 . 2015-02-23 17:20 -------- d-----w- C:\FRST 2015-02-22 22:24 . 2014-09-16 15:09 1188440 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E231660A-B052-4222-AB05-B6F3A22962A1}\gapaengine.dll 2015-02-20 13:03 . 2015-02-20 13:03 -------- d-----w- c:\program files (x86)\Free Codec Pack 2015-02-20 13:03 . 2015-02-20 13:03 -------- d-----w- c:\users\ulfilas\AppData\Roaming\RHEng 2015-02-16 13:55 . 2015-02-19 20:12 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird 2015-02-12 19:00 . 2015-01-23 04:41 6041600 ----a-w- c:\windows\system32\jscript9.dll 2015-02-12 19:00 . 2015-01-23 03:43 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll 2015-02-12 19:00 . 2015-01-23 03:17 4300800 ----a-w- c:\windows\SysWow64\jscript9.dll 2015-02-12 19:00 . 2015-01-23 04:42 814080 ----a-w- c:\windows\system32\jscript9diag.dll 2015-02-11 23:02 . 2015-01-15 08:14 155072 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2015-02-11 23:01 . 2014-12-08 03:09 406528 ----a-w- c:\windows\system32\scesrv.dll 2015-02-11 23:01 . 2014-12-08 02:46 308224 ----a-w- c:\windows\SysWow64\scesrv.dll 2015-02-11 23:01 . 2015-01-14 06:09 5554112 ----a-w- c:\windows\system32\ntoskrnl.exe 2015-02-11 23:01 . 2015-01-14 05:44 3972544 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2015-02-11 23:01 . 2015-01-14 05:44 3917760 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2015-02-11 23:01 . 2015-01-14 06:05 503808 ----a-w- c:\windows\system32\srcore.dll 2015-02-11 23:01 . 2015-01-14 06:04 296960 ----a-w- c:\windows\system32\rstrui.exe 2015-02-11 23:01 . 2015-01-14 06:05 50176 ----a-w- c:\windows\system32\srclient.dll 2015-02-11 23:01 . 2015-01-14 05:41 43008 ----a-w- c:\windows\SysWow64\srclient.dll 2015-02-11 23:01 . 2015-01-09 02:03 3201536 ----a-w- c:\windows\system32\win32k.sys 2015-02-08 23:45 . 2015-02-08 23:45 -------- d-----w- c:\users\ulfilas\AppData\Roaming\LaserSoft Imaging 2015-02-08 23:25 . 2015-02-08 23:25 -------- d-----w- c:\programdata\LaserSoft Imaging 2015-02-08 23:25 . 2015-02-08 23:25 -------- d-----w- c:\program files\SilverFast Application 2015-02-04 02:05 . 2015-02-04 02:05 -------- d-----w- c:\program files\VueScan 2015-02-04 01:01 . 2015-02-04 01:01 -------- d-----w- c:\program files (x86)\Nikon 2015-02-04 00:20 . 2015-02-04 00:20 -------- d-----w- c:\programdata\Nikon 2015-02-03 08:47 . 2002-12-04 18:54 6545 ----a-w- c:\windows\SysWow64\NKScnUSD.dll 2015-02-01 22:43 . 2015-02-01 22:43 -------- d-----w- c:\users\ulfilas\AppData\Roaming\Nikon 2015-02-01 22:37 . 1997-01-22 05:26 565760 ----a-w- c:\windows\SysWow64\MSVCP50.DLL 2015-02-01 22:37 . 2002-01-05 20:10 61440 ----a-w- c:\windows\SysWow64\mfc70deu.dll 2015-02-01 22:37 . 1997-01-30 19:00 51200 ----a-w- c:\windows\SysWow64\Mfc42loc.dll 2015-02-01 22:37 . 1996-03-27 23:13 10656 ----a-w- c:\windows\SysWow64\NKNSCN95.DLL 2015-02-01 22:37 . 2015-02-04 01:01 -------- d-----w- c:\windows\SysWow64\Color 2015-02-01 22:37 . 2015-02-01 22:37 -------- d-----w- c:\program files (x86)\Common Files\Nikon . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2015-02-12 10:38 . 2013-12-22 13:08 44088 ----a-w- c:\windows\system32\drivers\avnetflt.sys 2015-02-12 10:38 . 2013-12-22 13:08 132120 ----a-w- c:\windows\system32\drivers\avipbb.sys 2015-02-12 10:38 . 2013-12-22 13:08 128536 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2015-02-12 02:03 . 2010-01-09 02:02 116773704 ----a-w- c:\windows\system32\MRT.exe 2015-02-05 02:18 . 2012-05-05 14:11 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2015-02-05 02:18 . 2012-02-21 00:55 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2015-01-07 12:25 . 2015-01-07 12:25 114872 ----a-w- c:\windows\system32\pdfcmon.dll 2014-12-31 11:14 . 2009-12-24 14:43 298120 ------w- c:\windows\system32\MpSigStub.exe 2014-12-19 03:06 . 2015-01-15 05:51 210432 ----a-w- c:\windows\system32\profsvc.dll 2014-12-19 01:46 . 2015-01-15 05:51 141312 ----a-w- c:\windows\system32\drivers\mrxdav.sys 2014-12-11 17:47 . 2015-01-15 05:51 52736 ----a-w- c:\windows\system32\TSWbPrxy.exe 2014-12-06 04:17 . 2015-01-15 05:51 303616 ----a-w- c:\windows\system32\nlasvc.dll 2014-12-06 03:50 . 2015-01-15 05:51 52224 ----a-w- c:\windows\SysWow64\nlaapi.dll 2014-12-06 03:50 . 2015-01-15 05:51 156672 ----a-w- c:\windows\SysWow64\ncsi.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{691B33B0-B86E-47F3-81C7-56E4FE3B929C}] 2014-10-10 15:03 37928 ----a-w- c:\program files (x86)\PDF Architect 2\creator-ie-helper.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}] 2015-02-19 18:14 297128 ----a-w- c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{DEEB13D7-CEA9-45FB-B77C-E039BEC85221}"= "c:\program files (x86)\PDF Architect 2\creator-ie-plugin.dll" [2014-10-10 478760] . [HKEY_CLASSES_ROOT\clsid\{deeb13d7-cea9-45fb-b77c-e039bec85221}] [HKEY_CLASSES_ROOT\PDFIEPlugin.PDFIEConverter.1] [HKEY_CLASSES_ROOT\TypeLib\{30CEDC3C-254F-4827-9A25-A4AA041826CC}] [HKEY_CLASSES_ROOT\PDFIEPlugin.PDFIEConverter] . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2015-02-11 01:12 152544 ----a-w- c:\users\ulfilas\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2015-02-11 01:12 152544 ----a-w- c:\users\ulfilas\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2015-02-11 01:12 152544 ----a-w- c:\users\ulfilas\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2009-08-06 17:18 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Soft32 Updater.exe"="c:\users\ulfilas\AppData\Local\Soft32\Soft32 Updater\Soft32 Updater.exe" [2011-10-19 163640] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-05-08 21444224] "AOL Fast Start"="c:\program files (x86)\AOL Desktop 9.7\AOL.EXE" [2012-01-31 42320] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "HostManager"="c:\program files (x86)\Common Files\AOL\1294882704\ee\AOLSoftware.exe" [2010-03-08 41800] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-10-11 60712] "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2015-02-12 703280] "Acrobat Assistant 7.0"="c:\program files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328] "AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312] "Avira Systray"="c:\program files (x86)\Avira\My Avira\Avira.OE.Systray.exe" [2015-01-19 126712] . c:\users\ulfilas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-10-6 110592] Dropbox.lnk - c:\users\ulfilas\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2015-2-11 42555824] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Acrobat - Schnellstart.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-100000000002}\SC_Acrobat.exe [2015-1-6 25214] McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.150\SSScheduler.exe [2014-4-9 332016] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "Userinit"="userinit.exe" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" . R1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS;c:\windows\SYSNATIVE\drivers\FNETURPX.SYS [x] R1 okorkylq;okorkylq;c:\windows\system32\drivers\okorkylq.sys;c:\windows\SYSNATIVE\drivers\okorkylq.sys [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys;c:\windows\SYSNATIVE\Drivers\ssadadb.sys [x] R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x] R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x] R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys;c:\windows\SYSNATIVE\drivers\HCW85BDA.sys [x] R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x] R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x] R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juextctrl.sys [x] R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juwwanecm.sys [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe [x] R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x] R3 PDF Architect 2;PDF Architect 2;c:\program files (x86)\PDF Architect 2\ws.exe;c:\program files (x86)\PDF Architect 2\ws.exe [x] R3 pdfforge CrashHandler;pdfforge CrashHandler;c:\program files (x86)\PDF Architect 2\crash-handler-ws.exe;c:\program files (x86)\PDF Architect 2\crash-handler-ws.exe [x] R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x] R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x] R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x] R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssadserd.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 UPnPService;UPnPService;c:\program files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe;c:\program files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [x] R3 USA19H;USA19H;c:\windows\system32\DRIVERS\USA19Hx64.sys;c:\windows\SYSNATIVE\DRIVERS\USA19Hx64.sys [x] R3 USA19HP;USA19HP;c:\windows\system32\DRIVERS\USA19Hx64p.SYS;c:\windows\SYSNATIVE\DRIVERS\USA19Hx64p.SYS [x] R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R4 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x] S1 {9d5747ee-0448-4681-8337-1555de75a3b6}Gw64;{9d5747ee-0448-4681-8337-1555de75a3b6}Gw64;c:\windows\system32\drivers\{9d5747ee-0448-4681-8337-1555de75a3b6}Gw64.sys;c:\windows\SYSNATIVE\drivers\{9d5747ee-0448-4681-8337-1555de75a3b6}Gw64.sys [x] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x] S1 cdrblock;cdrblock;c:\windows\system32\DRIVERS\cdrblock.sys;c:\windows\SYSNATIVE\DRIVERS\cdrblock.sys [x] S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO64A.SYS;c:\windows\SYSNATIVE\drivers\HWiNFO64A.SYS [x] S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x] S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x] S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x] S2 aksdf;aksdf;c:\windows\system32\DRIVERS\aksdf.sys;c:\windows\SYSNATIVE\DRIVERS\aksdf.sys [x] S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x] S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x] S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x] S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x] S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x] S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe;c:\program files (x86)\Acer\Registration\GregHSRW.exe [x] S2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe;c:\windows\SYSNATIVE\hasplms.exe [x] S2 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [x] S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x] S2 PDF Architect 2 Creator;PDF Architect 2 Creator;c:\program files (x86)\PDF Architect 2\creator-ws.exe;c:\program files (x86)\PDF Architect 2\creator-ws.exe [x] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x] S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [x] S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x] S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1y62x64.sys [x] S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2015-02-20 14:54 1084744 ----a-w- c:\program files (x86)\Google\Chrome\Application\40.0.2214.115\Installer\chrmstp.exe . Inhalt des "geplante Tasks" Ordners . 2015-02-26 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 02:18] . 2015-02-26 c:\windows\Tasks\GlaryInitialize.job - c:\program files (x86)\Glary Utilities\initialize.exe [2012-01-16 08:50] . 2015-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cf6b0a3cdc10aa.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-30 11:20] . 2015-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-30 11:20] . 2015-02-24 c:\windows\Tasks\MT66 Software Update.job - c:\program files (x86)\Common Files\MT66 Software Update\UpdateClient.exe [2012-02-25 17:44] . 2015-02-25 c:\windows\Tasks\System Speedupsch.job - c:\program files (x86)\System Speedup\SystemSpeedup.exe [2014-06-15 16:22] . 2015-02-24 c:\windows\Tasks\System Speedup_DEFAULT.job - c:\program files (x86)\System Speedup\SystemSpeedup.exe [2014-06-15 16:22] . 2015-02-25 c:\windows\Tasks\System Speedup_UPDATES.job - c:\program files (x86)\System Speedup\SystemSpeedup.exe [2014-06-15 16:22] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}] 2015-02-19 13:26 357376 ----a-w- c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2015-02-11 01:12 185824 ----a-w- c:\users\ulfilas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2015-02-11 01:12 185824 ----a-w- c:\users\ulfilas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2015-02-11 01:12 185824 ----a-w- c:\users\ulfilas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2015-02-11 01:12 185824 ----a-w- c:\users\ulfilas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2009-08-06 17:19 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 134416] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-01-30 1332296] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.google.com mDefault_Search_URL = about:blank mDefault_Page_URL = about:blank mStart Page = about:blank mLocal Page = c:\windows\SysWOW64\blank.htm mSearch Page = about:blank uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local> uSearchAssistant = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=8d82658c-bf64-4670-95c2-87ac0d42a30e&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=05/04/2013&type=hp1000 IE: An vorhandene PDF-Datei anfügen IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Auswahl in Adobe PDF konvertieren - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: Free YouTube Download - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm IE: Free YouTube to DVD Converter IE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html IE: In Adobe PDF konvertieren - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: In vorhandene PDF-Datei konvertieren - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Linkziel an vorhandene PDF-Datei anhängen IE: Linkziel in Adobe PDF konvertieren IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll TCP: DhcpNameServer = 192.168.2.1 FF - ProfilePath - c:\users\ulfilas\AppData\Roaming\Mozilla\Firefox\Profiles\dz9z9wt9.default\ FF - prefs.js: network.proxy.type - 2 FF - ExtSQL: !HIDDEN! 2012-05-25 00:58; {1FD91A9C-410C-4090-BBCC-55D3450EF433}; c:\program files (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 user_pref(extensions.autoDisableScopes,14); . - - - - Entfernte verwaiste Registrierungseinträge - - - - . BHO-{83c0e288-8fa0-43d3-acc7-c1e839d85abc} - c:\program files (x86)\Roll Around\Extensions\83c0e288-8fa0-43d3-acc7-c1e839d85abc.dll Toolbar-Locked - (no file) Toolbar-10 - (no file) HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start BHO-{9D717F81-9148-4f12-8568-69135F087DB0} - (no file) Toolbar-Locked - (no file) Toolbar-10 - (no file) AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe AddRemove-Hardlock Gerätetreiber - c:\windows\system32\UNWISE.EXE AddRemove-MyFreeCodec - c:\program files (x86)\MyFree Codec\1.0b beta\uninstall.exe . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_USERS\S-1-5-21-39457134-2311114567-1202830544-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 14.bmp" . [HKEY_USERS\S-1-5-21-39457134-2311114567-1202830544-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 14.cr2" . [HKEY_USERS\S-1-5-21-39457134-2311114567-1202830544-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 14.crw" . [HKEY_USERS\S-1-5-21-39457134-2311114567-1202830544-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 14.dcr" . [HKEY_USERS\S-1-5-21-39457134-2311114567-1202830544-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 14.dib" . [HKEY_USERS\S-1-5-21-39457134-2311114567-1202830544-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 14.dng" . [HKEY_USERS\S-1-5-21-39457134-2311114567-1202830544-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 14.emf" . [HKEY_USERS\S-1-5-21-39457134-2311114567-1202830544-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-39457134-2311114567-1202830544-1000) "Progid"="ACDSee 14.eps" . [HKEY_USERS\S-1-5-21-39457134-2311114567-1202830544-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 14.erf" . [HKEY_USERS\S-1-5-21-39457134-2311114567-1202830544-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 14.fpx" . [HKEY_USERS\S-1-5-21-39457134-2311114567-1202830544-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 14.gif" . [HKEY_USERS\S-1-5-21-39457134-2311114567-1202830544-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 14.hdr" . [HKEY_USERS\S-1-5-21-39457134-2311114567-1202830544-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 14.jfif" . [HKEY_USERS\S-1-5-21-39457134-2311114567-1202830544-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 14.jpe" . [HKEY_USERS\S-1-5-21-39457134-2311114567-1202830544-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice] @Denied: (2) (S-1-5-21-39457134-2311114567-1202830544-1000) @Denied: (2) (LocalSystem) "Progid"="ACDSee 14.jpeg" . [HKEY_USERS\S-1-5-21-39457134-2311114567-1202830544-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-39457134-2311114567-1202830544-1000) "Progid"="ACDSee 14.jpg" . [HKEY_USERS\S-1-5-21-39457134-2311114567-1202830544-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 14.kdc" . [HKEY_USERS\S-1-5-21-39457134-2311114567-1202830544-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Foto-Manager 12.mpv" . [HKEY_USERS\S-1-5-21-39457134-2311114567-1202830544-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 14.mrw" . [HKEY_USERS\S-1-5-21-39457134-2311114567-1202830544-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 14.nef" . [HKEY_USERS\S-1-5-21-39457134-2311114567-1202830544-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 14.orf" . [HKEY_USERS\S-1-5-21-39457134-2311114567-1202830544-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 14.pcd" . [HKEY_USERS\S-1-5-21-39457134-2311114567-1202830544-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 14.pef" . [HKEY_USERS\S-1-5-21-39457134-2311114567-1202830544-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 14.png" . [HKEY_USERS\S-1-5-21-39457134-2311114567-1202830544-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice] @Denied: (2) (S-1-5-21-39457134-2311114567-1202830544-1000) @Denied: (2) (LocalSystem) "Progid"="Photoshop.Image.9" . [HKEY_USERS\S-1-5-21-39457134-2311114567-1202830544-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 14.raf" . [HKEY_USERS\S-1-5-21-39457134-2311114567-1202830544-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 14.rle" . [HKEY_USERS\S-1-5-21-39457134-2311114567-1202830544-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smi\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Foto-Manager 12.smi" . [HKEY_USERS\S-1-5-21-39457134-2311114567-1202830544-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smil\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Foto-Manager 12.smil" . [HKEY_USERS\S-1-5-21-39457134-2311114567-1202830544-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 14.sr2" . [HKEY_USERS\S-1-5-21-39457134-2311114567-1202830544-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 14.srf" . [HKEY_USERS\S-1-5-21-39457134-2311114567-1202830544-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 14.tga" . [HKEY_USERS\S-1-5-21-39457134-2311114567-1202830544-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 14.tif" . [HKEY_USERS\S-1-5-21-39457134-2311114567-1202830544-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 14.tiff" . [HKEY_USERS\S-1-5-21-39457134-2311114567-1202830544-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 14.ttc" . [HKEY_USERS\S-1-5-21-39457134-2311114567-1202830544-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 14.ttf" . [HKEY_USERS\S-1-5-21-39457134-2311114567-1202830544-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice] @Denied: (2) (S-1-5-21-39457134-2311114567-1202830544-1000) @Denied: (2) (LocalSystem) "Progid"="Applications\\Illustrator.exe" . [HKEY_USERS\S-1-5-21-39457134-2311114567-1202830544-1000\Software\SecuROM\License information*] @Allowed: (Read) (RestrictedCode) . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.16" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Weitere laufende Prozesse ------------------------ . c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\windows\system32\hasplms.exe c:\program files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe c:\program files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe . ************************************************************************** . Zeit der Fertigstellung: 2015-02-26 11:30:18 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2015-02-26 10:30 . Vor Suchlauf: 23 Verzeichnis(se), 131.307.466.752 Bytes frei Nach Suchlauf: 31 Verzeichnis(se), 139.139.248.128 Bytes frei . - - End Of File - - 28344B1C03D3D63EF771838D754D98CB A36C5E4F47E84449FF07ED3517B43A31 |
26.02.2015, 18:04 | #10 |
/// the machine /// TB-Ausbilder | Roll Around Virus eingefangen Downloade Dir bitte Malwarebytes Anti-Malware
Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
27.02.2015, 00:34 | #11 |
| Roll Around Virus eingefangen MBAM ist jetzt durchgelaufen. Protokoll folgt weiter unten. Beim Neustart machte der Rechner erhebliche Probleme. Beim ersten Versuch erhielt ich nur einen leeren (grüner Hintergrund) Bildschirm, beim zweiten Versuch dauerte es ca. 23 Minuten, bis sich meine Desktopsymbole zeigten. Der Computer ist jetzt sehr langsam. Internetseiten tun sich auch nur äußerst langsam auf. Ich fahre jetzt mit AdwCleaner fort. Hier das MBAM-Protokoll: HTML-Code: Malwarebytes Anti-Malware www.malwarebytes.org Scan, 27.02.2015 00:10:47, SYSTEM, ULFILAS-PC2, Manual, Start: % 1 "% 2", Dauer: % 1 min 20 Sekunden, Bedrohungs-Suchlauf, Abgeschlossen, 0 Malwareerkennung, 189-Malwareerkennung, Protection, 27.02.2015 00:14:16, SYSTEM, ULFILAS-PC2, Protection, Malware Protection, Starting, Protection, 27.02.2015 00:14:16, SYSTEM, ULFILAS-PC2, Protection, Malware Protection, Started, Protection, 27.02.2015 00:14:17, SYSTEM, ULFILAS-PC2, Protection, Malicious Website Protection, Starting, Protection, 27.02.2015 00:17:00, SYSTEM, ULFILAS-PC2, Protection, Malware Protection, Starting, Protection, 27.02.2015 00:17:00, SYSTEM, ULFILAS-PC2, Protection, Malware Protection, Started, Protection, 27.02.2015 00:17:00, SYSTEM, ULFILAS-PC2, Protection, Malicious Website Protection, Starting, Protection, 27.02.2015 00:18:41, SYSTEM, ULFILAS-PC2, Protection, Malicious Website Protection, Started, (end) Hier die Log-Datei von AdwCleaner:AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v4.111 - Bericht erstellt 27/02/2015 um 00:41:18 # Aktualisiert 18/02/2015 von Xplode # Datenbank : 2015-02-18.3 [Server] # Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64) # Benutzername : ulfilas - ULFILAS-PC2 # Gestarted von : C:\Users\ulfilas\Downloads\AdwCleaner_4.111.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\ProgramData\apn Ordner Gelöscht : C:\ProgramData\Ask Ordner Gelöscht : C:\ProgramData\AskPartnerNetwork Ordner Gelöscht : C:\ProgramData\Systweak Ordner Gelöscht : C:\ProgramData\Viewpoint Ordner Gelöscht : C:\Program Files (x86)\AskPartnerNetwork Ordner Gelöscht : C:\Program Files (x86)\Systweak Ordner Gelöscht : C:\Program Files (x86)\Viewpoint Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB Ordner Gelöscht : C:\Program Files (x86)\Common Files\Plasmoo Ordner Gelöscht : C:\Windows\SysWOW64\SearchProtect Ordner Gelöscht : C:\Users\ulfilas\AppData\Local\b1e Ordner Gelöscht : C:\Users\ulfilas\AppData\Local\Ilivid Player Ordner Gelöscht : C:\Users\ulfilas\AppData\Local\PackageAware Ordner Gelöscht : C:\Users\ulfilas\AppData\Local\pdfforge Ordner Gelöscht : C:\Users\ulfilas\AppData\Roaming\GrabPro Ordner Gelöscht : C:\Users\ulfilas\AppData\Roaming\pdfforge Ordner Gelöscht : C:\Users\ulfilas\AppData\Roaming\System Speedup Ordner Gelöscht : C:\Users\ulfilas\AppData\Roaming\Systweak Ordner Gelöscht : C:\Users\ulfilas\AppData\Roaming\RHEng Ordner Gelöscht : C:\Users\ulfilas\AppData\Roaming\ProgSense Ordner Gelöscht : C:\Users\ulfilas\Documents\Updater Ordner Gelöscht : C:\Users\ulfilas\AppData\Roaming\Mozilla\Firefox\Profiles\dz9z9wt9.default\Extensions\{ADFA33FD-16F5-4355-8504-DF4D664CFE83} Ordner Gelöscht : C:\Users\ulfilas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nafaimnnclfjfedmmabolbppcngeolgf Datei Gelöscht : C:\Windows\System32\roboot64.exe Datei Gelöscht : C:\Users\ulfilas\AppData\Roaming\Mozilla\Firefox\Profiles\dz9z9wt9.default\foxydeal.sqlite Datei Gelöscht : C:\Users\ulfilas\AppData\Roaming\Mozilla\Firefox\Profiles\dz9z9wt9.default\invalidprefs.js Datei Gelöscht : C:\Users\ulfilas\AppData\Roaming\Mozilla\Firefox\Profiles\dz9z9wt9.default\searchplugins\bingp.xml Datei Gelöscht : C:\Users\ulfilas\AppData\Roaming\Mozilla\Firefox\Profiles\dz9z9wt9.default\searchplugins\BrowserDefender.xml Datei Gelöscht : C:\Users\ulfilas\AppData\Roaming\Mozilla\Firefox\Profiles\dz9z9wt9.default\user.js Datei Gelöscht : C:\Users\ulfilas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.oldielyrics.com_0.localstorage Datei Gelöscht : C:\Users\ulfilas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.oldielyrics.com_0.localstorage-journal Datei Gelöscht : C:\Users\ulfilas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage Datei Gelöscht : C:\Users\ulfilas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal Datei Gelöscht : C:\Users\ulfilas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.boostsaves.com_0.localstorage Datei Gelöscht : C:\Users\ulfilas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.boostsaves.com_0.localstorage-journal Datei Gelöscht : C:\Users\ulfilas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage Datei Gelöscht : C:\Users\ulfilas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal ***** [ Geplante Tasks ] ***** Task Gelöscht : Advanced System Protector Task Gelöscht : BitGuard ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search\ask.com Schlüssel Gelöscht : HKCU\Software\e08b8de53bba46 Schlüssel Gelöscht : HKLM\SOFTWARE\e08b8de53bba46 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1BB22D38-A411-4B13-A746-C2A4F4EC7344} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{0C58B7D1-D415-492B-A149-E976156BD3B8} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C55BBCD6-41AD-48AD-9953-3609C48EACC7} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291} Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{1BB22D38-A411-4B13-A746-C2A4F4EC7344}] Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{1BB22D38-A411-4B13-A746-C2A4F4EC7344}] Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C55BBCD6-41AD-48AD-9953-3609C48EACC7}] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\07011D6973D74D4683BA58A6A4934816 Schlüssel Gelöscht : HKCU\Software\ChatZum Toolbar Schlüssel Gelöscht : HKCU\Software\OCS Schlüssel Gelöscht : HKCU\Software\System Speedup Schlüssel Gelöscht : HKCU\Software\systweak Schlüssel Gelöscht : HKCU\Software\ProgSense Schlüssel Gelöscht : HKLM\SOFTWARE\ChatZum Toolbar Schlüssel Gelöscht : HKLM\SOFTWARE\MetaStream Schlüssel Gelöscht : HKLM\SOFTWARE\System Speedup Schlüssel Gelöscht : HKLM\SOFTWARE\systweak Schlüssel Gelöscht : HKLM\SOFTWARE\Uniblue Schlüssel Gelöscht : HKLM\SOFTWARE\Viewpoint Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DSite Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C5927BD-3F65-4207-8FB5-8EDF638A3511}_is1 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467 Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local;127.0.0.1:9421;<local> ***** [ Internetbrowser ] ***** -\\ Internet Explorer v11.0.9600.17631 Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page Before] -\\ Mozilla Firefox v27.0 (de) [dz9z9wt9.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.defaultengine", "Ask.com"); [dz9z9wt9.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.helperbar.DockingPositionDown", false); [dz9z9wt9.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.helperbar.Visibility", false); [dz9z9wt9.default\prefs.js] - Zeile Gelöscht : user_pref("id_chatzum_softonic.firstlaunch", "0"); [dz9z9wt9.default\prefs.js] - Zeile Gelöscht : user_pref("id_chatzum_softonic.guid", "%7B643147D2-ED94-A6A1-E051-C5D2474F85EF%7D"); [dz9z9wt9.default\prefs.js] - Zeile Gelöscht : user_pref("id_chatzum_softonic.hiddenvisual", 0); [dz9z9wt9.default\prefs.js] - Zeile Gelöscht : user_pref("id_chatzum_softonic.variables.SVar1", "%15%11"); [dz9z9wt9.default\prefs.js] - Zeile Gelöscht : user_pref("id_chatzum_softonic.variables.SVar10", "%13"); [dz9z9wt9.default\prefs.js] - Zeile Gelöscht : user_pref("id_chatzum_softonic.variables.SVar2", "%10%13%17%1B%13%12%13%14%17"); [dz9z9wt9.default\prefs.js] - Zeile Gelöscht : user_pref("id_chatzum_softonic.variables.SVar3", "%13"); [dz9z9wt9.default\prefs.js] - Zeile Gelöscht : user_pref("id_chatzum_softonic.variables.SVar4", "%13"); [dz9z9wt9.default\prefs.js] - Zeile Gelöscht : user_pref("id_chatzum_softonic.variables.SVar5", "%13"); [dz9z9wt9.default\prefs.js] - Zeile Gelöscht : user_pref("id_chatzum_softonic.variables.SVar6", "%13"); [dz9z9wt9.default\prefs.js] - Zeile Gelöscht : user_pref("id_chatzum_softonic.variables.SVar7", "%13"); [dz9z9wt9.default\prefs.js] - Zeile Gelöscht : user_pref("id_chatzum_softonic.variables.SVar8", "%13"); [dz9z9wt9.default\prefs.js] - Zeile Gelöscht : user_pref("id_chatzum_softonic.variables.SVar9", "%13"); [dz9z9wt9.default\prefs.js] - Zeile Gelöscht : user_pref("id_chatzum_softonic.variables.Var1", "62"); [dz9z9wt9.default\prefs.js] - Zeile Gelöscht : user_pref("id_chatzum_softonic.variables.Var10", "0"); [dz9z9wt9.default\prefs.js] - Zeile Gelöscht : user_pref("id_chatzum_softonic.variables.Var2", "304801074"); [dz9z9wt9.default\prefs.js] - Zeile Gelöscht : user_pref("id_chatzum_softonic.variables.Var3", "0"); [dz9z9wt9.default\prefs.js] - Zeile Gelöscht : user_pref("id_chatzum_softonic.variables.Var4", "0"); [dz9z9wt9.default\prefs.js] - Zeile Gelöscht : user_pref("id_chatzum_softonic.variables.Var5", "0"); [dz9z9wt9.default\prefs.js] - Zeile Gelöscht : user_pref("id_chatzum_softonic.variables.Var6", "0"); [dz9z9wt9.default\prefs.js] - Zeile Gelöscht : user_pref("id_chatzum_softonic.variables.Var7", "0"); [dz9z9wt9.default\prefs.js] - Zeile Gelöscht : user_pref("id_chatzum_softonic.variables.Var8", "0"); [dz9z9wt9.default\prefs.js] - Zeile Gelöscht : user_pref("id_chatzum_softonic.variables.Var9", "0"); [dz9z9wt9.default\prefs.js] - Zeile Gelöscht : user_pref("id_chatzum_softonic_installed_version", "1.0.20"); -\\ Google Chrome v40.0.2214.115 [C:\Users\ulfilas\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://search.softonic.com/MOY00621/tb_v1?q={searchTerms}&SearchSource=49&cc=&mi=e6eda7f7000000000000002511a156c2 [C:\Users\ulfilas\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://search.babylon.com/?q={searchTerms}&babsrc=SP_ss_sps&mntrId=E6ED582C80139263&affID=119357&tt=250613_gr4&tsp=4924 [C:\Users\ulfilas\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://search.babylon.com/?q={searchTerms}&babsrc=SP_ss_sps&mntrId=E6ED582C80139263&affID=119357&tt=250613_gr4&tsp=4924 [C:\Users\ulfilas\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=8d82658c-bf64-4670-95c2-87ac0d42a30e&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=05/04/2013&type=hp1000 [C:\Users\ulfilas\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=8d82658c-bf64-4670-95c2-87ac0d42a30e&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=05/04/2013&type=hp1000 [C:\Users\ulfilas\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=8d82658c-bf64-4670-95c2-87ac0d42a30e&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=05/04/2013&type=hp1000 [C:\Users\ulfilas\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP7FECF2A3-617E-4846-A470-20BE4BB563AC&q={searchTerms}&SSPV= [C:\Users\ulfilas\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=SP_ss&mntrId=E6ED002511A156C2&affID=127685&tsp=5206 [C:\Users\ulfilas\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.search.ask.com/web?tpid=ORJ-V7C&o=APN11412&l=dis&pf=V7&p2=%5EBBK%5EOSJ000%5EYY%5EDE&gct=&itbv=12.12.2.83&doi=2014-06-27&apn_uid=F5CBA5DE-64BB-4CD2-BE5C-A4B9165F4193&apn_ptnrs=BBK&apn_dtid=%5EOSJ000%5EYY%5EDE&apn_dbr=cr_35.0.1916.153&psv=&pt=tb&trgb=CR&q={searchTerms} [C:\Users\ulfilas\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.search.ask.com/web?tpid=ORJ-V7C&o=APN11412&l=dis&pf=V7&p2=%5EBBK%5EOSJ000%5EYY%5EDE&gct=&itbv=12.12.2.83&doi=2014-06-27&apn_uid=F5CBA5DE-64BB-4CD2-BE5C-A4B9165F4193&apn_ptnrs=BBK&apn_dtid=%5EOSJ000%5EYY%5EDE&apn_dbr=cr_35.0.1916.153&psv=&pt=tb&trgb=CR&q={searchTerms} [C:\Users\ulfilas\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.softonic.de/s/{searchTerms} ************************* AdwCleaner[R0].txt - [22536 Bytes] - [27/02/2015 00:39:00] AdwCleaner[S0].txt - [21979 Bytes] - [27/02/2015 00:41:18] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [22039 Bytes] ########## Hier die von JRT:JRT Logfile: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.4.2 (02.02.2015:1) OS: Windows 7 Home Premium x64 Ran by ulfilas on 27.02.2015 at 0:55:09,82 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\update sizlsearch Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\util sizlsearch ~~~ Files Successfully deleted: [File] "C:\Users\ulfilas\appdata\local\google\chrome\user data\default\local storage\http_static.boostsaves.com_0.localstorage" Successfully deleted: [File] "C:\Users\ulfilas\appdata\local\google\chrome\user data\default\local storage\http_static.boostsaves.com_0.localstorage-journal" Successfully deleted: [File] "C:\Users\ulfilas\appdata\local\google\chrome\user data\default\local storage\https_static.boostsaves.com_0.localstorage" Successfully deleted: [File] "C:\Users\ulfilas\appdata\local\google\chrome\user data\default\local storage\https_static.boostsaves.com_0.localstorage-journal" Successfully deleted: [File] "C:\Windows\wininit.ini" ~~~ Folders ~~~ FireFox Failed to delete: [Folder] "C:\Program Files (x86)\Mozilla Firefox\extensions\{1fd91a9c-410c-4090-bbcc-55d3450ef433}" Failed to delete: [Folder] "C:\Program Files (x86)\Mozilla Firefox\extensions\{1fd91a9c-410c-4090-bbcc-55d3450ef433}" ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 27.02.2015 at 1:01:11,10 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Hier FRST: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-02-2015 01 Ran by ulfilas (administrator) on ULFILAS-PC2 on 27-02-2015 01:04:52 Running from C:\Users\ulfilas\Downloads Loaded Profiles: ulfilas (Available profiles: ulfilas & UpdatusUser) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.7\waol.exe (AOL Inc.) C:\Program Files (x86)\Common Files\AOL\1294882704\ee\aolsoftware.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Dropbox, Inc.) C:\Users\ulfilas\AppData\Roaming\Dropbox\bin\Dropbox.exe (SafeNet Inc.) C:\Windows\System32\hasplms.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (pdfforge GmbH) C:\Program Files (x86)\PDF Architect 2\creator-ws.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (AOL LLC) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe (AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.7\shellmon.exe (Thisisu) C:\Users\ulfilas\Downloads\JRT.exe (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [134416 2007-01-23] (Logitech Inc.) HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [HostManager] => C:\Program Files (x86)\Common Files\AOL\1294882704\ee\AOLSoftware.exe [41800 2010-03-08] (AOL Inc.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703280 2015-02-12] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Acrobat Assistant 7.0] => C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [483328 2004-12-14] (Adobe Systems Inc.) HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2015-01-19] (Avira Operations GmbH & Co. KG) HKU\S-1-5-21-39457134-2311114567-1202830544-1000\...\Run: [Soft32 Updater.exe] => C:\Users\ulfilas\AppData\Local\Soft32\Soft32 Updater\Soft32 Updater.exe [163640 2011-10-19] (I.T.N.T.) HKU\S-1-5-21-39457134-2311114567-1202830544-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.) HKU\S-1-5-21-39457134-2311114567-1202830544-1000\...\Run: [AOL Fast Start] => C:\Program Files (x86)\AOL Desktop 9.7\AOL.EXE [42320 2012-01-31] (AOL Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat - Schnellstart.lnk ShortcutTarget: Adobe Acrobat - Schnellstart.lnk -> C:\Windows\Installer\{AC76BA86-1033-F400-7760-100000000002}\SC_Acrobat.exe () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.) Startup: C:\Users\ulfilas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) Startup: C:\Users\ulfilas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\ulfilas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ulfilas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ulfilas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ulfilas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ulfilas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\psdprotect.dll (Egis Technology Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ulfilas\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ulfilas\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ulfilas\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\psdprotect.dll (Egis Technology Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-39457134-2311114567-1202830544-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-39457134-2311114567-1202830544-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-39457134-2311114567-1202830544-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) BHO-x32: AcroIEHlprObj Class -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) BHO-x32: PDF Architect Helper -> {691B33B0-B86E-47F3-81C7-56E4FE3B929C} -> C:\Program Files (x86)\PDF Architect 2\creator-ie-helper.dll (pdfforge GmbH) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: AcroIEToolbarHelper Class -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM-x32 - Recorder Toolbar - {120A8821-2BEE-4C29-BCDA-62C577781992} - C:\Program Files (x86)\MedienTeam66\MP3 Recorder for YouTube\IEPlugin.dll (MedienTeam66) Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM-x32 - PDF Architect Toolbar - {DEEB13D7-CEA9-45FB-B77C-E039BEC85221} - C:\Program Files (x86)\PDF Architect 2\creator-ie-plugin.dll (pdfforge GmbH) DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: HKLM-x32 {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab DPF: HKLM-x32 {B4977DFF-8AE5-44DC-8A42-C62F56960AA9} hxxp://javadl-esd.sun.com/update/1.4.2/jinstall-1_4_2-windows-i586.cab DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\ulfilas\AppData\Roaming\Mozilla\Firefox\Profiles\dz9z9wt9.default FF SearchEngineOrder.3: Bing FF NetworkProxy: "autoconfig_url", "chrome://viewtubes/content/viewtubes_false.pac" FF NetworkProxy: "type", 2 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8064.0206 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @real.com/nppl3260;version=15.0.2.72 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprjplug;version=15.0.2.72 -> c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.2.72 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.2.72 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpjplug;version=15.0.2.72 -> c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.) FF Extension: Avira Browser Safety - C:\Users\ulfilas\AppData\Roaming\Mozilla\Firefox\Profiles\dz9z9wt9.default\Extensions\abs@avira.com [2014-08-14] FF Extension: ProxTube - Unblock YouTube - C:\Users\ulfilas\AppData\Roaming\Mozilla\Firefox\Profiles\dz9z9wt9.default\Extensions\ich@maltegoetz.de [2014-02-07] FF Extension: Viewtubes - C:\Users\ulfilas\AppData\Roaming\Mozilla\Firefox\Profiles\dz9z9wt9.default\Extensions\FF_AddOn@viewtubes.de.xpi [2012-04-20] FF Extension: YouTube quality manager - C:\Users\ulfilas\AppData\Roaming\Mozilla\Firefox\Profiles\dz9z9wt9.default\Extensions\youtubequality@rzll.xpi [2012-04-21] FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\ulfilas\AppData\Roaming\Mozilla\Firefox\Profiles\dz9z9wt9.default\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi [2015-02-20] FF Extension: Recorder Toolbar - C:\Program Files (x86)\Mozilla Firefox\extensions\{10743931-94DF-476f-A987-4391233C17A2} [2012-11-23] FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14] FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-03-31] FF HKLM-x32\...\Firefox\Extensions: [pdf_architect_2_conv@pdfarchitect.org] - C:\Program Files (x86)\PDF Architect 2\resources\pdfarchitect2firefoxextension FF Extension: PDF Architect 2 Creator - C:\Program Files (x86)\PDF Architect 2\resources\pdfarchitect2firefoxextension [2015-01-07] FF Extension: No Name - C:\Users\ulfilas\AppData\Roaming\Mozilla\Firefox\Profiles\dz9z9wt9.default\extensions\{ADFA33FD-16F5-4355-8504-DF4D664CFE83} [Not Found] Chrome: ======= CHR DefaultSuggestURL: Default -> hxxp://ssmsp.ask.com/query?sstype=prefix&li=ff&q={searchTerms} CHR Profile: C:\Users\ulfilas\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (ProxFlow) - C:\Users\ulfilas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2014-11-01] CHR Extension: (Google Docs) - C:\Users\ulfilas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-01] CHR Extension: (Google Drive) - C:\Users\ulfilas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-01] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\ulfilas\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-09] CHR Extension: (YouTube) - C:\Users\ulfilas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-01] CHR Extension: (Adblock Plus) - C:\Users\ulfilas\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-02-22] CHR Extension: (Google Search) - C:\Users\ulfilas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-01] CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\ulfilas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2014-07-01] CHR Extension: (Google Wallet) - C:\Users\ulfilas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22] CHR Extension: (Gmail) - C:\Users\ulfilas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-01] CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-03-31] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-03-28] (Adobe Systems) [File not signed] R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2015-02-12] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2015-02-12] (Avira Operations GmbH & Co. KG) S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [992048 2015-02-12] (Avira Operations GmbH & Co. KG) R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [182520 2015-01-19] (Avira Operations GmbH & Co. KG) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) R2 hasplms; C:\Windows\system32\hasplms.exe [4913608 2011-12-02] (SafeNet Inc.) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.) R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation) R2 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [311592 2009-08-06] (Egis Technology Inc.) R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation) S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1771560 2014-10-10] (pdfforge GmbH) R2 PDF Architect 2 Creator; C:\Program Files (x86)\PDF Architect 2\creator-ws.exe [738856 2014-10-10] (pdfforge GmbH) S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-10-10] (pdfforge GmbH) R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2145080 2014-07-16] (TuneUp Software) S3 UPnPService; C:\Program Files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [544768 2006-12-14] (Magix AG) [File not signed] S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-14] (Microsoft Corporation) R3 akshhl; C:\Windows\System32\DRIVERS\akshhl.sys [57088 2011-09-08] (SafeNet Inc.) R3 aksusb; C:\Windows\System32\DRIVERS\aksusb.sys [21120 2011-08-09] (SafeNet Inc.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-02-12] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-02-12] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-09] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-02-12] (Avira Operations GmbH & Co. KG) R1 cdrblock; C:\Windows\System32\DRIVERS\cdrblock.sys [34360 2008-05-30] (Canopus Co,. Ltd.) S1 FNETURPX; C:\Windows\SysWOW64\drivers\FNETURPX.SYS [7040 2013-01-26] (FNet Co., Ltd.) [File not signed] R2 Hardlock; C:\Windows\system32\drivers\hardlock.sys [321536 2011-10-07] (SafeNet Inc.) R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO64A.SYS [31648 2014-04-05] (REALiX(tm)) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-27] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation) R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-12-16] (TuneUp Software) S3 USA19H; C:\Windows\System32\DRIVERS\USA19Hx64.sys [740096 2007-10-30] (Keyspan) S3 USA19HP; C:\Windows\System32\DRIVERS\USA19Hx64p.SYS [35840 2007-10-23] (Keyspan) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X] S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X] S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X] S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X] S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X] S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X] S1 okorkylq; \??\C:\Windows\system32\drivers\okorkylq.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-27 01:04 - 2015-02-27 01:04 - 00000000 ____D () C:\Users\ulfilas\Downloads\FRST-OlderVersion 2015-02-27 01:01 - 2015-02-27 01:01 - 00001825 _____ () C:\Users\ulfilas\Desktop\JRT.txt 2015-02-27 00:54 - 2015-02-27 00:54 - 01388274 _____ (Thisisu) C:\Users\ulfilas\Downloads\JRT.exe 2015-02-27 00:35 - 2015-02-27 00:52 - 00000000 ____D () C:\AdwCleaner 2015-02-27 00:34 - 2015-02-27 00:34 - 02126848 _____ () C:\Users\ulfilas\Downloads\AdwCleaner_4.111.exe 2015-02-27 00:09 - 2015-02-27 00:24 - 00000955 _____ () C:\Users\ulfilas\Desktop\mbam.txt 2015-02-26 23:34 - 2015-02-27 00:45 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-02-26 23:34 - 2015-02-26 23:34 - 00001066 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-02-26 23:34 - 2015-02-26 23:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-02-26 23:33 - 2015-02-26 23:33 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-02-26 23:33 - 2015-02-26 23:33 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-02-26 23:33 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-02-26 23:33 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-02-26 23:33 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-02-26 23:29 - 2015-02-26 23:30 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\ulfilas\Downloads\mbam-setup-2.0.4.1028.exe 2015-02-26 23:29 - 2015-02-26 23:30 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\ulfilas\Downloads\mbam-setup-2.0.4.1028 (1).exe 2015-02-26 11:30 - 2015-02-26 11:30 - 00039775 _____ () C:\ComboFix.txt 2015-02-25 12:35 - 2015-01-09 00:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls 2015-02-25 12:35 - 2015-01-09 00:43 - 00419936 _____ () C:\Windows\system32\locale.nls 2015-02-24 20:30 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe 2015-02-24 20:30 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe 2015-02-24 20:30 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-02-24 20:30 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-02-24 20:30 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-02-24 20:30 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe 2015-02-24 20:30 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe 2015-02-24 20:30 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe 2015-02-24 18:48 - 2015-02-26 11:30 - 00000000 ____D () C:\Qoobox 2015-02-24 18:47 - 2015-02-26 11:28 - 00000000 ____D () C:\Windows\erdnt 2015-02-24 18:47 - 2015-02-24 18:47 - 05611903 _____ (Swearware) C:\Users\ulfilas\Downloads\ComboFix (2).exe 2015-02-24 18:46 - 2015-02-24 18:47 - 05611903 _____ (Swearware) C:\Users\ulfilas\Downloads\ComboFix (1).exe 2015-02-24 18:46 - 2015-02-24 18:46 - 05611903 ____R (Swearware) C:\Users\ulfilas\Downloads\ComboFix.exe 2015-02-24 09:45 - 2015-02-24 09:45 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\ulfilas\Downloads\revosetup95.exe 2015-02-24 09:45 - 2015-02-24 09:45 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2015-02-24 01:28 - 2015-02-24 01:28 - 00000000 ____D () C:\Users\ulfilas\Desktop\VueScan Scans 2015-02-24 00:28 - 2015-02-25 14:12 - 00000000 ____D () C:\Users\ulfilas\Desktop\Anzeige Disco 2015-02-23 18:19 - 2015-02-23 18:20 - 00050197 _____ () C:\Users\ulfilas\Downloads\Addition.txt 2015-02-23 18:16 - 2015-02-27 01:04 - 02087936 _____ (Farbar) C:\Users\ulfilas\Downloads\FRST64.exe 2015-02-23 18:16 - 2015-02-27 01:04 - 00027479 _____ () C:\Users\ulfilas\Downloads\FRST.txt 2015-02-23 18:16 - 2015-02-27 01:04 - 00000000 ____D () C:\FRST 2015-02-23 17:23 - 2015-02-23 17:24 - 00002721 _____ () C:\Users\ulfilas\Downloads\software_removal_tool.log 2015-02-22 23:28 - 2015-02-22 23:32 - 00000000 ____D () C:\Users\ulfilas\Desktop\201+7756-2010-07-23 2015-02-22 23:26 - 2015-02-22 23:26 - 00000000 ____D () C:\Users\ulfilas\Desktop\2007_02 2015-02-22 23:25 - 2015-02-22 23:25 - 00000000 ____D () C:\Users\ulfilas\Desktop\201_35_v_L_20111222_Schloss 2015-02-22 23:24 - 2015-02-22 23:24 - 00000000 ____D () C:\Users\ulfilas\Desktop\bw201-1 2015-02-20 14:03 - 2015-02-20 14:03 - 00000000 ____D () C:\Program Files (x86)\Free Codec Pack 2015-02-20 14:00 - 2015-02-20 14:00 - 03533008 _____ (DVDVideoSoft Ltd. ) C:\Users\ulfilas\Downloads\FreeYouTubeToMP3Converter (1).exe 2015-02-20 13:59 - 2015-02-20 14:01 - 03312648 _____ (DVDVideoSoft Ltd. ) C:\Users\ulfilas\Downloads\FreeYouTubeToMP3Converter.exe 2015-02-16 20:18 - 2015-02-16 20:18 - 00000000 ____D () C:\Users\ulfilas\Desktop\DatenblattE12 2015-02-16 14:55 - 2015-02-19 21:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2015-02-12 20:00 - 2015-01-23 05:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-02-12 20:00 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-02-12 20:00 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2015-02-12 20:00 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-02-12 17:01 - 2015-02-12 17:02 - 06372800 _____ (Tim Kosse) C:\Users\ulfilas\Downloads\FileZilla_3.10.1.1_win32-setup.exe 2015-02-12 00:03 - 2015-01-14 06:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-02-12 00:03 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-02-12 00:03 - 2015-01-13 04:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2015-02-12 00:03 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2015-02-12 00:03 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-02-12 00:03 - 2015-01-12 04:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-02-12 00:03 - 2015-01-12 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-02-12 00:03 - 2015-01-12 03:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-02-12 00:03 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-02-12 00:03 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-02-12 00:03 - 2015-01-12 03:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-02-12 00:03 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-02-12 00:03 - 2015-01-12 03:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-02-12 00:03 - 2015-01-12 03:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-02-12 00:03 - 2015-01-12 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-02-12 00:03 - 2015-01-12 03:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-02-12 00:03 - 2015-01-12 03:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-02-12 00:03 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-02-12 00:03 - 2015-01-12 03:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-02-12 00:03 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-02-12 00:03 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-02-12 00:03 - 2015-01-12 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-02-12 00:03 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-02-12 00:03 - 2015-01-12 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-02-12 00:03 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-02-12 00:03 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-02-12 00:03 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2015-02-12 00:03 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-02-12 00:03 - 2015-01-12 03:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-02-12 00:03 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-02-12 00:03 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-02-12 00:03 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-02-12 00:03 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-02-12 00:03 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-02-12 00:03 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-02-12 00:03 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-02-12 00:03 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-02-12 00:03 - 2015-01-12 02:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-02-12 00:03 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-02-12 00:03 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-02-12 00:03 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-02-12 00:03 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-02-12 00:03 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-02-12 00:03 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-02-12 00:03 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-02-12 00:03 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-02-12 00:03 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-02-12 00:03 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-02-12 00:03 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-02-12 00:03 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-02-12 00:03 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-02-12 00:03 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-02-12 00:03 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-02-12 00:03 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-02-12 00:03 - 2015-01-10 07:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-02-12 00:03 - 2015-01-10 07:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-02-12 00:03 - 2015-01-10 07:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-02-12 00:03 - 2015-01-10 07:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-02-12 00:03 - 2015-01-10 07:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-02-12 00:03 - 2015-01-10 07:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-02-12 00:03 - 2015-01-10 07:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-02-12 00:03 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-02-12 00:03 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-02-12 00:03 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-02-12 00:03 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-02-12 00:03 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2015-02-12 00:03 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2015-02-12 00:03 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2015-02-12 00:02 - 2015-01-15 09:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-02-12 00:02 - 2015-01-15 09:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-02-12 00:02 - 2015-01-15 09:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-02-12 00:02 - 2015-01-15 09:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-02-12 00:02 - 2015-01-15 09:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-02-12 00:02 - 2015-01-15 09:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-02-12 00:02 - 2015-01-15 09:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-02-12 00:02 - 2015-01-15 09:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-02-12 00:02 - 2015-01-15 09:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-02-12 00:02 - 2015-01-15 09:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-02-12 00:02 - 2015-01-15 09:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-02-12 00:02 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-02-12 00:02 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-02-12 00:02 - 2015-01-15 08:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-02-12 00:02 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-02-12 00:02 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-02-12 00:02 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-02-12 00:02 - 2015-01-15 05:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2015-02-12 00:02 - 2014-12-12 06:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2015-02-12 00:02 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2015-02-12 00:02 - 2014-11-26 04:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2015-02-12 00:02 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2015-02-12 00:02 - 2014-10-04 03:10 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2015-02-12 00:02 - 2014-10-04 02:42 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2015-02-12 00:02 - 2014-10-04 02:42 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll 2015-02-12 00:01 - 2015-01-14 07:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-02-12 00:01 - 2015-01-14 07:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-02-12 00:01 - 2015-01-14 07:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-02-12 00:01 - 2015-01-14 07:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-02-12 00:01 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-02-12 00:01 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-02-12 00:01 - 2015-01-14 06:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-02-12 00:01 - 2015-01-09 03:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-02-12 00:01 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll 2015-02-12 00:01 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll 2015-02-11 01:23 - 2015-02-11 01:23 - 04752438 _____ () C:\Users\ulfilas\Downloads\mt31345,1236865807,HK_uebersicht.bmp 2015-02-10 21:00 - 2015-02-10 21:02 - 00000000 ____D () C:\Users\ulfilas\Desktop\2015-02-1013.53.18 2015-02-10 14:29 - 2015-02-10 14:29 - 42096984 _____ (Apple Inc.) C:\Users\ulfilas\Downloads\QuickTimeInstaller (1).exe 2015-02-09 00:45 - 2015-02-09 00:49 - 00000128 ____H () C:\ProgramData\V93GE 2015-02-09 00:45 - 2015-02-09 00:45 - 00000000 ____D () C:\Users\ulfilas\AppData\Roaming\LaserSoft Imaging 2015-02-09 00:30 - 2015-02-09 00:30 - 17070168 _____ (LaserSoft Imaging AG) C:\Users\ulfilas\Downloads\SF8_Documentation_de.exe 2015-02-09 00:26 - 2015-02-09 00:30 - 427688568 _____ (LaserSoft Imaging AG) C:\Users\ulfilas\Downloads\SF8_Movies_de.exe 2015-02-09 00:26 - 2015-02-09 00:26 - 00000000 ____D () C:\Users\ulfilas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LaserSoft Imaging 2015-02-09 00:25 - 2015-02-09 00:25 - 00000000 ____D () C:\ProgramData\LaserSoft Imaging 2015-02-09 00:25 - 2015-02-09 00:25 - 00000000 ____D () C:\Program Files\SilverFast Application 2015-02-09 00:23 - 2015-02-09 00:24 - 45434944 _____ (LaserSoft Imaging AG) C:\Users\ulfilas\Downloads\SF-8.2.0r3(Nikon)_x64.exe 2015-02-04 03:05 - 2015-02-04 03:05 - 00000985 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\VueScan x64.lnk 2015-02-04 03:05 - 2015-02-04 03:05 - 00000000 ____D () C:\Program Files\VueScan 2015-02-04 03:04 - 2015-02-04 03:04 - 17367649 _____ () C:\Users\ulfilas\Downloads\Vuescan_9.4.60.zip 2015-02-04 03:04 - 2015-02-04 03:04 - 00000000 ____D () C:\Users\ulfilas\Downloads\Vuescan_9.4.60 2015-02-04 02:01 - 2015-02-04 02:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nikon Scan 4 2015-02-04 02:01 - 2015-02-04 02:01 - 00000000 ____D () C:\Program Files (x86)\Nikon 2015-02-04 01:48 - 2015-02-04 01:48 - 00003152 _____ () C:\Windows\System32\Tasks\{6726E861-BE61-476F-A0A6-B34BBB729385} 2015-02-04 01:45 - 2015-02-04 01:45 - 15203632 _____ () C:\Users\ulfilas\Downloads\ns403de (2).exe 2015-02-04 01:20 - 2015-02-04 01:20 - 00000000 ____D () C:\ProgramData\Nikon 2015-02-04 00:38 - 2015-02-04 00:38 - 15203632 _____ () C:\Users\ulfilas\Downloads\ns403de (1).exe 2015-02-04 00:37 - 2015-02-04 02:45 - 00000000 ____D () C:\Users\ulfilas\Desktop\Treiber Nikon Coolscan 5000 ED 2015-02-03 09:47 - 2002-12-04 19:54 - 00006545 _____ (Nikon Corporation) C:\Windows\SysWOW64\NKScnUSD.dll 2015-02-03 09:46 - 2015-02-03 09:46 - 15203632 _____ () C:\Users\ulfilas\Downloads\ns403de.exe 2015-02-01 23:43 - 2015-02-01 23:43 - 00000000 ____D () C:\Users\ulfilas\AppData\Roaming\Nikon 2015-02-01 23:37 - 2015-02-04 02:01 - 00000000 ____D () C:\Windows\SysWOW64\Color 2015-02-01 23:37 - 2002-01-05 21:10 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc70deu.dll 2015-02-01 23:37 - 1997-01-30 20:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Mfc42loc.dll 2015-02-01 23:37 - 1997-01-22 06:26 - 00565760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVCP50.DLL 2015-02-01 23:37 - 1996-03-28 00:13 - 00010656 _____ (Nikon Inc.) C:\Windows\SysWOW64\NKNSCN95.DLL 2015-02-01 23:35 - 2015-02-01 23:35 - 00003046 _____ () C:\Windows\System32\Tasks\{DF64A0B2-4826-4E01-8091-D3A91ED4E841} 2015-01-30 02:23 - 2015-01-30 02:24 - 42096984 _____ (Apple Inc.) C:\Users\ulfilas\Downloads\QuickTimeInstaller.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-27 00:54 - 2010-12-30 02:43 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-02-27 00:52 - 2009-07-14 05:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-02-27 00:52 - 2009-07-14 05:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-02-27 00:50 - 2009-09-08 23:47 - 00704324 _____ () C:\Windows\system32\perfh007.dat 2015-02-27 00:50 - 2009-09-08 23:47 - 00152162 _____ () C:\Windows\system32\perfc007.dat 2015-02-27 00:50 - 2009-07-14 06:13 - 01634576 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-02-27 00:49 - 2009-11-13 03:01 - 01069172 _____ () C:\Windows\WindowsUpdate.log 2015-02-27 00:44 - 2013-11-19 17:41 - 00000000 ___RD () C:\Users\ulfilas\Dropbox 2015-02-27 00:44 - 2013-11-19 17:26 - 00000000 ____D () C:\Users\ulfilas\AppData\Roaming\Dropbox 2015-02-27 00:43 - 2014-05-08 23:09 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf6b0a3cdc10aa.job 2015-02-27 00:43 - 2012-12-03 13:31 - 00000000 ____D () C:\Users\ulfilas\Desktop\Verknüpfungen 2015-02-27 00:43 - 2012-01-16 13:11 - 00000330 _____ () C:\Windows\Tasks\GlaryInitialize.job 2015-02-27 00:43 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-02-27 00:42 - 2009-11-13 03:06 - 00000000 ____D () C:\ProgramData\NVIDIA 2015-02-27 00:42 - 2009-09-03 10:10 - 01470946 _____ () C:\Windows\PFRO.log 2015-02-27 00:42 - 2009-07-14 05:51 - 00169796 _____ () C:\Windows\setupact.log 2015-02-27 00:21 - 2011-06-20 14:24 - 00003950 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{40457202-43A6-48A0-B73A-FD3D606DDC7E} 2015-02-27 00:19 - 2012-08-15 11:24 - 00000000 ____D () C:\Users\ulfilas\AppData\Roaming\Skype 2015-02-27 00:18 - 2012-05-05 15:11 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-02-27 00:10 - 2009-09-03 10:04 - 00000000 ____D () C:\Windows\oem 2015-02-26 21:03 - 2012-02-25 21:03 - 00000318 _____ () C:\Windows\Tasks\MT66 Software Update.job 2015-02-26 11:30 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default 2015-02-26 11:22 - 2009-07-14 03:34 - 00000248 _____ () C:\Windows\system.ini 2015-02-26 10:49 - 2009-12-24 14:37 - 00000000 ____D () C:\Users\ulfilas\AppData\Local\Adobe 2015-02-25 14:12 - 2010-04-02 14:09 - 06345216 ___SH () C:\Users\ulfilas\Desktop\Thumbs.db 2015-02-25 03:18 - 2014-07-01 09:16 - 00000280 _____ () C:\Windows\Tasks\System Speedupsch.job 2015-02-24 22:26 - 2014-12-04 22:13 - 00000000 ____D () C:\Users\ulfilas\Desktop\Beschriftung Bw 77 2015-02-24 18:57 - 2011-04-09 02:31 - 00000000 ____D () C:\Users\ulfilas\AppData\Roaming\FileZilla 2015-02-23 18:49 - 2009-12-24 14:15 - 00114536 _____ () C:\Users\ulfilas\AppData\Local\GDIPFONTCACHEV1.DAT 2015-02-23 18:49 - 2009-07-14 05:45 - 05037800 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-02-23 18:48 - 2009-09-03 10:07 - 00000000 ____D () C:\Program Files\Google 2015-02-23 18:48 - 2009-09-03 10:07 - 00000000 ____D () C:\Program Files (x86)\Google 2015-02-23 16:14 - 2009-09-03 09:54 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-02-23 16:14 - 2009-07-14 03:34 - 00000489 _____ () C:\Windows\win.ini 2015-02-23 15:45 - 2009-07-14 08:45 - 00000000 ____D () C:\Windows\ShellNew 2015-02-23 15:44 - 2009-12-24 15:31 - 00000000 ____D () C:\Users\ulfilas\AppData\Local\Google 2015-02-23 15:44 - 2009-09-03 10:07 - 00000000 ____D () C:\ProgramData\Google 2015-02-20 14:04 - 2011-05-08 13:47 - 00000000 ____D () C:\Users\ulfilas\AppData\Roaming\DVDVideoSoft 2015-02-20 14:03 - 2011-05-08 13:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft 2015-02-20 14:03 - 2011-05-08 13:47 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft 2015-02-20 10:35 - 2014-02-07 01:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-02-18 14:42 - 2013-04-30 12:11 - 00000000 ____D () C:\Users\ulfilas\AppData\Roaming\MyPhoneExplorer 2015-02-13 08:30 - 2012-09-27 11:14 - 00000000 ____D () C:\Windows\rescache 2015-02-13 02:59 - 2013-11-19 17:27 - 00000000 ____D () C:\Users\ulfilas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-02-12 12:35 - 2013-10-06 11:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON PhotoQuicker 2015-02-12 12:35 - 2011-06-23 20:06 - 00000000 ____D () C:\Program Files (x86)\EPSON 2015-02-12 12:35 - 2009-09-03 09:34 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2015-02-12 12:30 - 2013-03-14 03:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-02-12 12:30 - 2013-03-14 03:00 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2015-02-12 12:30 - 2013-03-14 03:00 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2015-02-12 12:22 - 2012-07-23 18:41 - 00000000 ____D () C:\ProgramData\DatacardService 2015-02-12 12:15 - 2012-04-20 18:55 - 00000000 ____D () C:\Users\ulfilas\AppData\Local\Mozilla 2015-02-12 11:38 - 2013-12-22 14:08 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2015-02-12 11:38 - 2013-12-22 14:08 - 00128536 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2015-02-12 11:38 - 2013-12-22 14:08 - 00044088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2015-02-12 03:11 - 2013-08-19 02:01 - 00000000 ____D () C:\Windows\system32\MRT 2015-02-12 03:11 - 2012-10-18 18:11 - 00002121 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk 2015-02-12 03:11 - 2012-10-18 18:11 - 00001912 _____ () C:\Windows\epplauncher.mif 2015-02-12 03:11 - 2012-10-18 18:11 - 00000000 ____D () C:\Program Files\Microsoft Security Client 2015-02-12 03:11 - 2012-10-18 18:11 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client 2015-02-12 03:03 - 2010-01-09 03:02 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-02-09 17:23 - 2014-08-14 08:35 - 00000000 ____D () C:\ProgramData\Package Cache 2015-02-09 17:23 - 2013-12-22 14:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2015-02-09 00:26 - 2012-02-27 14:39 - 00030042 _____ () C:\Windows\DPINST.LOG 2015-02-09 00:00 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-02-05 05:49 - 2014-06-21 10:15 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1cf6b0a3cdc10aa 2015-02-05 05:49 - 2010-12-30 02:43 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-02-05 03:18 - 2012-05-05 15:11 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-02-05 03:18 - 2012-05-05 15:11 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-02-05 03:18 - 2012-02-21 01:55 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-02-04 19:52 - 2011-06-07 02:12 - 00038400 ___SH () C:\Users\ulfilas\Documents\Thumbs.db 2015-02-04 19:49 - 2013-08-28 23:13 - 00000000 ____D () C:\Users\ulfilas\Desktop\Schriftverkehr ==================== Files in the root of some directories ======= 2013-07-28 00:16 - 2014-07-23 00:21 - 0000149 _____ () C:\Users\ulfilas\AppData\Roaming\WB.CFG 2013-12-31 01:17 - 2014-01-03 01:17 - 0000005 _____ () C:\Users\ulfilas\AppData\Roaming\WBPU-Q5-TTL.DAT 2013-06-28 09:16 - 2014-01-29 01:17 - 0000005 _____ () C:\Users\ulfilas\AppData\Roaming\WBPU-TTL.DAT 2011-06-27 22:15 - 2013-03-27 10:49 - 0003204 _____ () C:\Users\ulfilas\AppData\Roaming\wklnhst.dat 2012-03-08 18:46 - 2012-03-10 01:37 - 0001456 _____ () C:\Users\ulfilas\AppData\Local\Adobe Für Web speichern 12.0 Prefs 2011-02-10 21:41 - 2014-12-12 14:35 - 0030720 _____ () C:\Users\ulfilas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2010-02-11 12:39 - 2010-02-11 12:40 - 0001643 _____ () C:\Users\ulfilas\AppData\Local\MyWinLockerInstaller.txt-20100211.log 2011-06-10 12:54 - 2012-04-27 14:02 - 0007658 _____ () C:\Users\ulfilas\AppData\Local\Resmon.ResmonCfg 2009-11-13 03:07 - 2009-11-13 03:10 - 0008031 _____ () C:\ProgramData\ArcadeDeluxe3.log 2009-09-03 09:44 - 2009-07-18 02:57 - 0036136 _____ (Oberon Media) C:\ProgramData\FullRemove.exe 2015-02-09 00:45 - 2015-02-09 00:49 - 0000128 ____H () C:\ProgramData\V93GE Some content of TEMP: ==================== C:\Users\ulfilas\AppData\Local\Temp\avgnt.exe C:\Users\ulfilas\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpercqqd.dll C:\Users\ulfilas\AppData\Local\Temp\Quarantine.exe C:\Users\ulfilas\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-02-23 13:05 ==================== End Of Log ============================ --- --- --- Vielleicht bin ich ja zu voreilig, aber ich möchte dich trotzdem darüber informieren, daß sich an den Werbeeinblendungen bei mir noch nicht geändert hat: Die Fenster poppen immer noch auf, Links funktionieren nicht richtig, sondern führen weiterhin zu dubiosen Seiten, die keiner sehen will, und Google Chrome ist sehr langsam. Viele Grüße für heute Wolfgang Geändert von ulfilas-bs (27.02.2015 um 01:15 Uhr) |
27.02.2015, 15:17 | #12 |
/// the machine /// TB-Ausbilder | Roll Around Virus eingefangenESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
02.03.2015, 13:34 | #13 |
| Roll Around Virus eingefangen Logfile ESET: Code:
ATTFilter
Ich muß allerdings dazusagen, daß der Ablauf des ESET Scans deutlich anders war als von AdminBot beschrieben. Das Fenster "Bedrohungen erkannt" bzw. "Keine Bedrohungen gefunden" tat sich bei mir gar nicht auf. Insofern hatte ich den Button "Fertig stellen" auch nicht. Ich konnte Ende des Prozesses das letzte Info-Fenster nur wegklicken. Geändert von ulfilas-bs (02.03.2015 um 13:48 Uhr) |
02.03.2015, 17:06 | #14 |
/// the machine /// TB-Ausbilder | Roll Around Virus eingefangen Den Rest von Oben bitte noch
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
02.03.2015, 17:56 | #15 |
| Roll Around Virus eingefangen Schön, daß du etwas geschrieben hast. Ich wollte nämlich vorhin meinen vorherigen Beitrag noch ändern, das ging aber nicht mehr, weil schon mehr als eine Stunde herum war. Es hatte mir keine Ruhe gelassen, daß sich der Ablauf des ESET-Scanprogramms bei mir so ganz anders dargestellt hatte als von euch beschrieben. Ich habe es daher noch einmal durchlaufen lassen, und diesmal entsprach auch alles der Beschreibung. Hier nun zunächst der Inhalt des AKTUELLEN ESET-Logfiles: Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=3ade74a99987da4082e68375e1e509b1 # engine=22704 # end=stopped # remove_checked=false # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2015-03-01 11:51:16 # local_time=2015-03-02 12:51:16 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='Microsoft Security Essentials' # compatibility_mode=5895 16777213 100 100 1550374 96547498 0 0 # scanned=5091 # found=2 # cleaned=0 # scan_time=109 sh=8992F72873D09212597E582A16F8D9BC60E6A22A ft=1 fh=e21391a34e842ffc vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe.vir" sh=8BFB7B00E3A4E6BD83CEDD7A98459190270ECC71 ft=1 fh=6fe2e7156dcadca6 vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir" ESETSmartInstaller@High as downloader log: all ok ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=3ade74a99987da4082e68375e1e509b1 # engine=22704 # end=finished # remove_checked=false # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2015-03-02 03:43:55 # local_time=2015-03-02 04:43:55 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='Microsoft Security Essentials' # compatibility_mode=5895 16777213 100 100 1564333 96561457 0 0 # scanned=540022 # found=22 # cleaned=0 # scan_time=13642 sh=8992F72873D09212597E582A16F8D9BC60E6A22A ft=1 fh=e21391a34e842ffc vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe.vir" sh=8BFB7B00E3A4E6BD83CEDD7A98459190270ECC71 ft=1 fh=6fe2e7156dcadca6 vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir" sh=6EDA4285A495C1A690CDD9A93BD440DCB275C970 ft=1 fh=6cd9e736b83741ee vn="Variante von Win32/InstallCore.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\PDFCreator\message.exe" sh=E993050FA3157F5CD308D48C4764DE785D11EF50 ft=0 fh=0000000000000000 vn="PHP/Agent.DD Trojaner" ac=I fn="C:\Users\ulfilas\Desktop\Websites\Website BIN\Backup-CD BIN\Backup09022014\htdocs\4cJi1NqS.php" sh=2604195866F18197D1D1F4589AD2CEC422F6AED9 ft=0 fh=0000000000000000 vn="PHP/Agent.DD Trojaner" ac=I fn="C:\Users\ulfilas\Desktop\Websites\Website BIN\Backup-CD BIN\Backup09022014\htdocs\cCGtJRmK.php" sh=9EBB34EB30CD7EC3901BA1477B12767235F1F9C9 ft=0 fh=0000000000000000 vn="PHP/Agent.DD Trojaner" ac=I fn="C:\Users\ulfilas\Desktop\Websites\Website BIN\Backup-CD BIN\Backup09022014\htdocs\count.php" sh=2AB20B5FB718DC8D006F0F8A11C250FA44EED984 ft=1 fh=17b2900a6c3a46de vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\ulfilas\Downloads\PDFCreator-2_0_1-setup.exe" sh=129C160A9EFDC0DFA369F49A43B062CCAF0F2162 ft=1 fh=c0a8075e318a7835 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll" sh=3DAE542BD4F0368B19B4047C0838D3F4FC4DA090 ft=1 fh=9b1350829aeb80db vn="Variante von Win32/Distromatic.C evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\distro-abb-fix[1]" sh=3DAE542BD4F0368B19B4047C0838D3F4FC4DA090 ft=1 fh=9b1350829aeb80db vn="Variante von Win32/Distromatic.C evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\distro-abb-fix[2]" sh=3DAE542BD4F0368B19B4047C0838D3F4FC4DA090 ft=1 fh=9b1350829aeb80db vn="Variante von Win32/Distromatic.C evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\distro-abb-fix[3]" sh=3DAE542BD4F0368B19B4047C0838D3F4FC4DA090 ft=1 fh=9b1350829aeb80db vn="Variante von Win32/Distromatic.C evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\distro-abb-fix[4]" sh=E4333469F3070D049E4FDA053756B96B9F59569B ft=1 fh=5e9b3d881266bb41 vn="Win32/Distromatic evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\distro-search-protect-fix-2[1]" sh=63981687FFC14608CDAE65C7EFEA1B24ACAF1DF4 ft=1 fh=c82ffca9f6717ccb vn="Variante von Win32/Distromatic.C evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\distro-search-protect-fix-3[1]" sh=29E421AB9476F9D2E23DAC7CFDE8DD9EE9D0768A ft=1 fh=d53e88ba43d6b8ab vn="Win32/Distromatic.B evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\distro-search-protect-fix-4[1]" sh=3DAE542BD4F0368B19B4047C0838D3F4FC4DA090 ft=1 fh=9b1350829aeb80db vn="Variante von Win32/Distromatic.C evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\distro-abb-fix[1]" sh=3DAE542BD4F0368B19B4047C0838D3F4FC4DA090 ft=1 fh=9b1350829aeb80db vn="Variante von Win32/Distromatic.C evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\distro-abb-fix[2]" sh=3DAE542BD4F0368B19B4047C0838D3F4FC4DA090 ft=1 fh=9b1350829aeb80db vn="Variante von Win32/Distromatic.C evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\distro-abb-fix[3]" sh=3DAE542BD4F0368B19B4047C0838D3F4FC4DA090 ft=1 fh=9b1350829aeb80db vn="Variante von Win32/Distromatic.C evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\distro-abb-fix[4]" sh=E4333469F3070D049E4FDA053756B96B9F59569B ft=1 fh=5e9b3d881266bb41 vn="Win32/Distromatic evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\distro-search-protect-fix-2[1]" sh=63981687FFC14608CDAE65C7EFEA1B24ACAF1DF4 ft=1 fh=c82ffca9f6717ccb vn="Variante von Win32/Distromatic.C evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\distro-search-protect-fix-3[1]" sh=29E421AB9476F9D2E23DAC7CFDE8DD9EE9D0768A ft=1 fh=d53e88ba43d6b8ab vn="Win32/Distromatic.B evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\distro-search-protect-fix-4[1]" ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=3ade74a99987da4082e68375e1e509b1 # engine=22713 # end=stopped # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2015-03-02 02:28:28 # local_time=2015-03-02 03:28:28 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='Microsoft Security Essentials' # compatibility_mode=5895 16777213 100 100 1599406 96600130 0 0 # scanned=90178 # found=2 # cleaned=0 # scan_time=5968 sh=8992F72873D09212597E582A16F8D9BC60E6A22A ft=1 fh=e21391a34e842ffc vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe.vir" sh=8BFB7B00E3A4E6BD83CEDD7A98459190270ECC71 ft=1 fh=6fe2e7156dcadca6 vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir" Ich hoffe, ich habe dir damit jetzt nicht auch noch doppelte Arbeit gemacht. Die Deinstallation des ESET-Scanners habe ich durchgeführt. SecurityCheck vermeldet dies: Code:
ATTFilter Results of screen317's Security Check version 0.99.96 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Microsoft Security Essentials Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` TuneUp Utilities 2014 TuneUp Utilities 2014 (de-DE) TuneUp Utilities 2014 EasyCleaner Java 7 Update 71 Java version 32-bit out of Date! Java 64-bit 8 Update 31 Adobe Flash Player 16.0.0.305 Adobe Reader XI Mozilla Firefox 27.0 Firefox out of Date! Mozilla Thunderbird (31.4.0) Google Chrome (40.0.2214.111) Google Chrome (40.0.2214.115) ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Avira Antivir avgnt.exe Avira Antivir avguard.exe Malwarebytes Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` Aktuelles FRST-Log: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-03-2015 Ran by ulfilas (administrator) on ULFILAS-PC2 on 02-03-2015 18:07:05 Running from C:\Users\ulfilas\Downloads Loaded Profiles: ulfilas (Available profiles: ulfilas & UpdatusUser) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (SafeNet Inc.) C:\Windows\System32\hasplms.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe (pdfforge GmbH) C:\Program Files (x86)\PDF Architect 2\creator-ws.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe (Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe (Dropbox, Inc.) C:\Users\ulfilas\AppData\Roaming\Dropbox\bin\Dropbox.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (AOL Inc.) C:\Program Files (x86)\Common Files\AOL\1294882704\ee\aolsoftware.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (AOL LLC) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.7\waol.exe (AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.7\shellmon.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () C:\Users\ulfilas\Downloads\SecurityCheck (1).exe (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [134416 2007-01-23] (Logitech Inc.) HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [HostManager] => C:\Program Files (x86)\Common Files\AOL\1294882704\ee\AOLSoftware.exe [41800 2010-03-08] (AOL Inc.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703280 2015-02-12] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Acrobat Assistant 7.0] => C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [483328 2004-12-14] (Adobe Systems Inc.) HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2015-01-19] (Avira Operations GmbH & Co. KG) HKU\S-1-5-21-39457134-2311114567-1202830544-1000\...\Run: [Soft32 Updater.exe] => C:\Users\ulfilas\AppData\Local\Soft32\Soft32 Updater\Soft32 Updater.exe [163640 2011-10-19] (I.T.N.T.) HKU\S-1-5-21-39457134-2311114567-1202830544-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.) HKU\S-1-5-21-39457134-2311114567-1202830544-1000\...\Run: [AOL Fast Start] => C:\Program Files (x86)\AOL Desktop 9.7\AOL.EXE [42320 2012-01-31] (AOL Inc.) HKU\S-1-5-21-39457134-2311114567-1202830544-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [242688 2010-11-20] (Microsoft Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat - Schnellstart.lnk ShortcutTarget: Adobe Acrobat - Schnellstart.lnk -> C:\Windows\Installer\{AC76BA86-1033-F400-7760-100000000002}\SC_Acrobat.exe () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.) Startup: C:\Users\ulfilas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) Startup: C:\Users\ulfilas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\ulfilas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ulfilas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ulfilas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ulfilas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ulfilas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\psdprotect.dll (Egis Technology Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ulfilas\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ulfilas\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ulfilas\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\psdprotect.dll (Egis Technology Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-39457134-2311114567-1202830544-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-39457134-2311114567-1202830544-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-39457134-2311114567-1202830544-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) BHO-x32: AcroIEHlprObj Class -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) BHO-x32: PDF Architect Helper -> {691B33B0-B86E-47F3-81C7-56E4FE3B929C} -> C:\Program Files (x86)\PDF Architect 2\creator-ie-helper.dll (pdfforge GmbH) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: AcroIEToolbarHelper Class -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM-x32 - Recorder Toolbar - {120A8821-2BEE-4C29-BCDA-62C577781992} - C:\Program Files (x86)\MedienTeam66\MP3 Recorder for YouTube\IEPlugin.dll (MedienTeam66) Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM-x32 - PDF Architect Toolbar - {DEEB13D7-CEA9-45FB-B77C-E039BEC85221} - C:\Program Files (x86)\PDF Architect 2\creator-ie-plugin.dll (pdfforge GmbH) DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: HKLM-x32 {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab DPF: HKLM-x32 {B4977DFF-8AE5-44DC-8A42-C62F56960AA9} hxxp://javadl-esd.sun.com/update/1.4.2/jinstall-1_4_2-windows-i586.cab DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\ulfilas\AppData\Roaming\Mozilla\Firefox\Profiles\dz9z9wt9.default FF SearchEngineOrder.3: Bing FF NetworkProxy: "autoconfig_url", "chrome://viewtubes/content/viewtubes_false.pac" FF NetworkProxy: "type", 2 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8064.0206 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @real.com/nppl3260;version=15.0.2.72 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprjplug;version=15.0.2.72 -> c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.2.72 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.2.72 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpjplug;version=15.0.2.72 -> c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.) FF Extension: Avira Browser Safety - C:\Users\ulfilas\AppData\Roaming\Mozilla\Firefox\Profiles\dz9z9wt9.default\Extensions\abs@avira.com [2014-08-14] FF Extension: ProxTube - Unblock YouTube - C:\Users\ulfilas\AppData\Roaming\Mozilla\Firefox\Profiles\dz9z9wt9.default\Extensions\ich@maltegoetz.de [2014-02-07] FF Extension: Viewtubes - C:\Users\ulfilas\AppData\Roaming\Mozilla\Firefox\Profiles\dz9z9wt9.default\Extensions\FF_AddOn@viewtubes.de.xpi [2012-04-20] FF Extension: YouTube quality manager - C:\Users\ulfilas\AppData\Roaming\Mozilla\Firefox\Profiles\dz9z9wt9.default\Extensions\youtubequality@rzll.xpi [2012-04-21] FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\ulfilas\AppData\Roaming\Mozilla\Firefox\Profiles\dz9z9wt9.default\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi [2015-02-20] FF Extension: Recorder Toolbar - C:\Program Files (x86)\Mozilla Firefox\extensions\{10743931-94DF-476f-A987-4391233C17A2} [2012-11-23] FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14] FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-03-31] FF HKLM-x32\...\Firefox\Extensions: [pdf_architect_2_conv@pdfarchitect.org] - C:\Program Files (x86)\PDF Architect 2\resources\pdfarchitect2firefoxextension FF Extension: PDF Architect 2 Creator - C:\Program Files (x86)\PDF Architect 2\resources\pdfarchitect2firefoxextension [2015-01-07] FF Extension: No Name - C:\Users\ulfilas\AppData\Roaming\Mozilla\Firefox\Profiles\dz9z9wt9.default\extensions\{ADFA33FD-16F5-4355-8504-DF4D664CFE83} [Not Found] Chrome: ======= CHR DefaultSuggestURL: Default -> hxxp://ssmsp.ask.com/query?sstype=prefix&li=ff&q={searchTerms} CHR Profile: C:\Users\ulfilas\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (ProxFlow) - C:\Users\ulfilas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2014-11-01] CHR Extension: (Google Docs) - C:\Users\ulfilas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-01] CHR Extension: (Google Drive) - C:\Users\ulfilas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-01] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\ulfilas\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-09] CHR Extension: (YouTube) - C:\Users\ulfilas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-01] CHR Extension: (Adblock Plus) - C:\Users\ulfilas\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-02-22] CHR Extension: (Google Search) - C:\Users\ulfilas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-01] CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\ulfilas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2014-07-01] CHR Extension: (Google Wallet) - C:\Users\ulfilas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22] CHR Extension: (Gmail) - C:\Users\ulfilas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-01] CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-03-31] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-03-28] (Adobe Systems) [File not signed] R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2015-02-12] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2015-02-12] (Avira Operations GmbH & Co. KG) S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [992048 2015-02-12] (Avira Operations GmbH & Co. KG) R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [182520 2015-01-19] (Avira Operations GmbH & Co. KG) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) R2 hasplms; C:\Windows\system32\hasplms.exe [4913608 2011-12-02] (SafeNet Inc.) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.) R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation) R2 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [311592 2009-08-06] (Egis Technology Inc.) R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation) S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1771560 2014-10-10] (pdfforge GmbH) R2 PDF Architect 2 Creator; C:\Program Files (x86)\PDF Architect 2\creator-ws.exe [738856 2014-10-10] (pdfforge GmbH) S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-10-10] (pdfforge GmbH) R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2145080 2014-07-16] (TuneUp Software) S3 UPnPService; C:\Program Files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [544768 2006-12-14] (Magix AG) [File not signed] S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-14] (Microsoft Corporation) R3 akshhl; C:\Windows\System32\DRIVERS\akshhl.sys [57088 2011-09-08] (SafeNet Inc.) R3 aksusb; C:\Windows\System32\DRIVERS\aksusb.sys [21120 2011-08-09] (SafeNet Inc.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-02-12] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-02-12] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-09] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-02-12] (Avira Operations GmbH & Co. KG) R1 cdrblock; C:\Windows\System32\DRIVERS\cdrblock.sys [34360 2008-05-30] (Canopus Co,. Ltd.) S1 FNETURPX; C:\Windows\SysWOW64\drivers\FNETURPX.SYS [7040 2013-01-26] (FNet Co., Ltd.) [File not signed] R2 Hardlock; C:\Windows\system32\drivers\hardlock.sys [321536 2011-10-07] (SafeNet Inc.) R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO64A.SYS [31648 2014-04-05] (REALiX(tm)) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-02] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation) R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-12-16] (TuneUp Software) S3 USA19H; C:\Windows\System32\DRIVERS\USA19Hx64.sys [740096 2007-10-30] (Keyspan) S3 USA19HP; C:\Windows\System32\DRIVERS\USA19Hx64p.SYS [35840 2007-10-23] (Keyspan) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X] S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X] S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X] S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X] S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X] S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X] S1 okorkylq; \??\C:\Windows\system32\drivers\okorkylq.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-02 18:07 - 2015-03-02 18:07 - 00027842 _____ () C:\Users\ulfilas\Downloads\FRST.txt 2015-03-02 18:06 - 2015-03-02 18:06 - 00000000 ____D () C:\Users\ulfilas\Downloads\FRST-OlderVersion 2015-03-02 17:56 - 2015-03-02 17:56 - 00852594 _____ () C:\Users\ulfilas\Downloads\SecurityCheck (1).exe 2015-03-02 17:53 - 2015-03-02 17:53 - 00852594 _____ () C:\Users\ulfilas\Downloads\SecurityCheck.exe 2015-03-02 00:53 - 2015-03-02 00:53 - 02347384 _____ (ESET) C:\Users\ulfilas\Downloads\esetsmartinstaller_deu (2).exe 2015-03-02 00:52 - 2015-03-02 00:52 - 02347384 _____ (ESET) C:\Users\ulfilas\Downloads\esetsmartinstaller_deu (1).exe 2015-03-02 00:46 - 2015-03-02 00:46 - 02347384 _____ (ESET) C:\Users\ulfilas\Downloads\esetsmartinstaller_deu.exe 2015-03-01 23:56 - 2015-03-01 23:56 - 00000000 ____D () C:\Users\ulfilas\Desktop\DSCF0047 2015-02-27 01:44 - 2015-02-27 01:44 - 00000000 ____D () C:\Users\ulfilas\Documents\Updater 2015-02-27 00:54 - 2015-02-27 00:54 - 01388274 _____ (Thisisu) C:\Users\ulfilas\Downloads\JRT.exe 2015-02-27 00:35 - 2015-02-27 00:52 - 00000000 ____D () C:\AdwCleaner 2015-02-27 00:34 - 2015-02-27 00:34 - 02126848 _____ () C:\Users\ulfilas\Downloads\AdwCleaner_4.111.exe 2015-02-26 23:34 - 2015-03-02 16:27 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-02-26 23:34 - 2015-02-26 23:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-02-26 23:33 - 2015-02-26 23:33 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-02-26 23:33 - 2015-02-26 23:33 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-02-26 23:33 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-02-26 23:33 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-02-26 23:33 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-02-26 23:29 - 2015-02-26 23:30 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\ulfilas\Downloads\mbam-setup-2.0.4.1028.exe 2015-02-26 23:29 - 2015-02-26 23:30 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\ulfilas\Downloads\mbam-setup-2.0.4.1028 (1).exe 2015-02-26 11:30 - 2015-02-26 11:30 - 00039775 _____ () C:\ComboFix.txt 2015-02-25 12:35 - 2015-01-09 00:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls 2015-02-25 12:35 - 2015-01-09 00:43 - 00419936 _____ () C:\Windows\system32\locale.nls 2015-02-24 20:30 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe 2015-02-24 20:30 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe 2015-02-24 20:30 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-02-24 20:30 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-02-24 20:30 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-02-24 20:30 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe 2015-02-24 20:30 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe 2015-02-24 20:30 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe 2015-02-24 18:48 - 2015-02-26 11:30 - 00000000 ____D () C:\Qoobox 2015-02-24 18:47 - 2015-02-26 11:28 - 00000000 ____D () C:\Windows\erdnt 2015-02-24 18:47 - 2015-02-24 18:47 - 05611903 _____ (Swearware) C:\Users\ulfilas\Downloads\ComboFix (2).exe 2015-02-24 18:46 - 2015-02-24 18:47 - 05611903 _____ (Swearware) C:\Users\ulfilas\Downloads\ComboFix (1).exe 2015-02-24 18:46 - 2015-02-24 18:46 - 05611903 ____R (Swearware) C:\Users\ulfilas\Downloads\ComboFix.exe 2015-02-24 09:45 - 2015-02-24 09:45 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\ulfilas\Downloads\revosetup95.exe 2015-02-24 09:45 - 2015-02-24 09:45 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2015-02-24 01:28 - 2015-02-24 01:28 - 00000000 ____D () C:\Users\ulfilas\Desktop\VueScan Scans 2015-02-24 00:28 - 2015-02-25 14:12 - 00000000 ____D () C:\Users\ulfilas\Desktop\Anzeige Disco 2015-02-23 18:19 - 2015-02-23 18:20 - 00050197 _____ () C:\Users\ulfilas\Downloads\Addition.txt 2015-02-23 18:16 - 2015-03-02 18:07 - 00000000 ____D () C:\FRST 2015-02-23 18:16 - 2015-03-02 18:06 - 02092544 _____ (Farbar) C:\Users\ulfilas\Downloads\FRST64.exe 2015-02-23 17:23 - 2015-02-23 17:24 - 00002721 _____ () C:\Users\ulfilas\Downloads\software_removal_tool.log 2015-02-22 23:28 - 2015-02-22 23:32 - 00000000 ____D () C:\Users\ulfilas\Desktop\201+7756-2010-07-23 2015-02-22 23:26 - 2015-02-22 23:26 - 00000000 ____D () C:\Users\ulfilas\Desktop\2007_02 2015-02-22 23:25 - 2015-02-22 23:25 - 00000000 ____D () C:\Users\ulfilas\Desktop\201_35_v_L_20111222_Schloss 2015-02-22 23:24 - 2015-02-22 23:24 - 00000000 ____D () C:\Users\ulfilas\Desktop\bw201-1 2015-02-20 14:03 - 2015-02-20 14:03 - 00000000 ____D () C:\Program Files (x86)\Free Codec Pack 2015-02-20 14:00 - 2015-02-20 14:00 - 03533008 _____ (DVDVideoSoft Ltd. ) C:\Users\ulfilas\Downloads\FreeYouTubeToMP3Converter (1).exe 2015-02-20 13:59 - 2015-02-20 14:01 - 03312648 _____ (DVDVideoSoft Ltd. ) C:\Users\ulfilas\Downloads\FreeYouTubeToMP3Converter.exe 2015-02-16 20:18 - 2015-02-27 12:24 - 00000000 ____D () C:\Users\ulfilas\Desktop\DatenblattE12 2015-02-16 14:55 - 2015-02-19 21:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2015-02-12 20:00 - 2015-01-23 05:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-02-12 20:00 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-02-12 20:00 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2015-02-12 20:00 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-02-12 17:01 - 2015-02-12 17:02 - 06372800 _____ (Tim Kosse) C:\Users\ulfilas\Downloads\FileZilla_3.10.1.1_win32-setup.exe 2015-02-12 00:03 - 2015-01-14 06:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-02-12 00:03 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-02-12 00:03 - 2015-01-13 04:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2015-02-12 00:03 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2015-02-12 00:03 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-02-12 00:03 - 2015-01-12 04:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-02-12 00:03 - 2015-01-12 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-02-12 00:03 - 2015-01-12 03:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-02-12 00:03 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-02-12 00:03 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-02-12 00:03 - 2015-01-12 03:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-02-12 00:03 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-02-12 00:03 - 2015-01-12 03:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-02-12 00:03 - 2015-01-12 03:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-02-12 00:03 - 2015-01-12 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-02-12 00:03 - 2015-01-12 03:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-02-12 00:03 - 2015-01-12 03:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-02-12 00:03 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-02-12 00:03 - 2015-01-12 03:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-02-12 00:03 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-02-12 00:03 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-02-12 00:03 - 2015-01-12 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-02-12 00:03 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-02-12 00:03 - 2015-01-12 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-02-12 00:03 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-02-12 00:03 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-02-12 00:03 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2015-02-12 00:03 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-02-12 00:03 - 2015-01-12 03:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-02-12 00:03 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-02-12 00:03 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-02-12 00:03 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-02-12 00:03 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-02-12 00:03 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-02-12 00:03 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-02-12 00:03 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-02-12 00:03 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-02-12 00:03 - 2015-01-12 02:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-02-12 00:03 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-02-12 00:03 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-02-12 00:03 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-02-12 00:03 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-02-12 00:03 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-02-12 00:03 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-02-12 00:03 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-02-12 00:03 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-02-12 00:03 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-02-12 00:03 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-02-12 00:03 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-02-12 00:03 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-02-12 00:03 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-02-12 00:03 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-02-12 00:03 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-02-12 00:03 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-02-12 00:03 - 2015-01-10 07:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-02-12 00:03 - 2015-01-10 07:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-02-12 00:03 - 2015-01-10 07:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-02-12 00:03 - 2015-01-10 07:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-02-12 00:03 - 2015-01-10 07:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-02-12 00:03 - 2015-01-10 07:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-02-12 00:03 - 2015-01-10 07:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-02-12 00:03 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-02-12 00:03 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-02-12 00:03 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-02-12 00:03 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-02-12 00:03 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2015-02-12 00:03 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2015-02-12 00:03 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2015-02-12 00:02 - 2015-01-15 09:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-02-12 00:02 - 2015-01-15 09:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-02-12 00:02 - 2015-01-15 09:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-02-12 00:02 - 2015-01-15 09:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-02-12 00:02 - 2015-01-15 09:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-02-12 00:02 - 2015-01-15 09:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-02-12 00:02 - 2015-01-15 09:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-02-12 00:02 - 2015-01-15 09:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-02-12 00:02 - 2015-01-15 09:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-02-12 00:02 - 2015-01-15 09:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-02-12 00:02 - 2015-01-15 09:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-02-12 00:02 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-02-12 00:02 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-02-12 00:02 - 2015-01-15 08:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-02-12 00:02 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-02-12 00:02 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-02-12 00:02 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-02-12 00:02 - 2015-01-15 05:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2015-02-12 00:02 - 2014-12-12 06:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2015-02-12 00:02 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2015-02-12 00:02 - 2014-11-26 04:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2015-02-12 00:02 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2015-02-12 00:02 - 2014-10-04 03:10 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2015-02-12 00:02 - 2014-10-04 02:42 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2015-02-12 00:02 - 2014-10-04 02:42 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll 2015-02-12 00:01 - 2015-01-14 07:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-02-12 00:01 - 2015-01-14 07:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-02-12 00:01 - 2015-01-14 07:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-02-12 00:01 - 2015-01-14 07:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-02-12 00:01 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-02-12 00:01 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-02-12 00:01 - 2015-01-14 06:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-02-12 00:01 - 2015-01-09 03:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-02-12 00:01 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll 2015-02-12 00:01 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll 2015-02-11 01:23 - 2015-02-11 01:23 - 04752438 _____ () C:\Users\ulfilas\Downloads\mt31345,1236865807,HK_uebersicht.bmp 2015-02-10 21:00 - 2015-02-10 21:02 - 00000000 ____D () C:\Users\ulfilas\Desktop\2015-02-1013.53.18 2015-02-10 14:29 - 2015-02-10 14:29 - 42096984 _____ (Apple Inc.) C:\Users\ulfilas\Downloads\QuickTimeInstaller (1).exe 2015-02-09 00:45 - 2015-02-09 00:49 - 00000128 ____H () C:\ProgramData\V93GE 2015-02-09 00:45 - 2015-02-09 00:45 - 00000000 ____D () C:\Users\ulfilas\AppData\Roaming\LaserSoft Imaging 2015-02-09 00:30 - 2015-02-09 00:30 - 17070168 _____ (LaserSoft Imaging AG) C:\Users\ulfilas\Downloads\SF8_Documentation_de.exe 2015-02-09 00:26 - 2015-02-09 00:30 - 427688568 _____ (LaserSoft Imaging AG) C:\Users\ulfilas\Downloads\SF8_Movies_de.exe 2015-02-09 00:26 - 2015-02-09 00:26 - 00000000 ____D () C:\Users\ulfilas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LaserSoft Imaging 2015-02-09 00:25 - 2015-02-09 00:25 - 00000000 ____D () C:\ProgramData\LaserSoft Imaging 2015-02-09 00:25 - 2015-02-09 00:25 - 00000000 ____D () C:\Program Files\SilverFast Application 2015-02-09 00:23 - 2015-02-09 00:24 - 45434944 _____ (LaserSoft Imaging AG) C:\Users\ulfilas\Downloads\SF-8.2.0r3(Nikon)_x64.exe 2015-02-04 03:05 - 2015-02-04 03:05 - 00000985 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\VueScan x64.lnk 2015-02-04 03:05 - 2015-02-04 03:05 - 00000000 ____D () C:\Program Files\VueScan 2015-02-04 03:04 - 2015-02-04 03:04 - 17367649 _____ () C:\Users\ulfilas\Downloads\Vuescan_9.4.60.zip 2015-02-04 03:04 - 2015-02-04 03:04 - 00000000 ____D () C:\Users\ulfilas\Downloads\Vuescan_9.4.60 2015-02-04 02:01 - 2015-02-04 02:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nikon Scan 4 2015-02-04 02:01 - 2015-02-04 02:01 - 00000000 ____D () C:\Program Files (x86)\Nikon 2015-02-04 01:48 - 2015-02-04 01:48 - 00003152 _____ () C:\Windows\System32\Tasks\{6726E861-BE61-476F-A0A6-B34BBB729385} 2015-02-04 01:45 - 2015-02-04 01:45 - 15203632 _____ () C:\Users\ulfilas\Downloads\ns403de (2).exe 2015-02-04 01:20 - 2015-02-04 01:20 - 00000000 ____D () C:\ProgramData\Nikon 2015-02-04 00:38 - 2015-02-04 00:38 - 15203632 _____ () C:\Users\ulfilas\Downloads\ns403de (1).exe 2015-02-04 00:37 - 2015-02-04 02:45 - 00000000 ____D () C:\Users\ulfilas\Desktop\Treiber Nikon Coolscan 5000 ED 2015-02-03 09:47 - 2002-12-04 19:54 - 00006545 _____ (Nikon Corporation) C:\Windows\SysWOW64\NKScnUSD.dll 2015-02-03 09:46 - 2015-02-03 09:46 - 15203632 _____ () C:\Users\ulfilas\Downloads\ns403de.exe 2015-02-01 23:43 - 2015-02-01 23:43 - 00000000 ____D () C:\Users\ulfilas\AppData\Roaming\Nikon 2015-02-01 23:37 - 2015-02-04 02:01 - 00000000 ____D () C:\Windows\SysWOW64\Color 2015-02-01 23:37 - 2002-01-05 21:10 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc70deu.dll 2015-02-01 23:37 - 1997-01-30 20:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Mfc42loc.dll 2015-02-01 23:37 - 1997-01-22 06:26 - 00565760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVCP50.DLL 2015-02-01 23:37 - 1996-03-28 00:13 - 00010656 _____ (Nikon Inc.) C:\Windows\SysWOW64\NKNSCN95.DLL 2015-02-01 23:35 - 2015-02-01 23:35 - 00003046 _____ () C:\Windows\System32\Tasks\{DF64A0B2-4826-4E01-8091-D3A91ED4E841} ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-02 18:02 - 2009-11-13 03:01 - 01229737 _____ () C:\Windows\WindowsUpdate.log 2015-03-02 18:01 - 2009-09-08 23:47 - 00704324 _____ () C:\Windows\system32\perfh007.dat 2015-03-02 18:01 - 2009-09-08 23:47 - 00152162 _____ () C:\Windows\system32\perfc007.dat 2015-03-02 18:01 - 2009-07-14 06:13 - 01634576 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-03-02 17:54 - 2010-12-30 02:43 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-03-02 17:18 - 2012-05-05 15:11 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-03-02 13:43 - 2009-07-14 05:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-03-02 13:43 - 2009-07-14 05:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-03-02 13:37 - 2014-05-08 23:09 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf6b0a3cdc10aa.job 2015-03-02 13:37 - 2013-11-19 17:41 - 00000000 ___RD () C:\Users\ulfilas\Dropbox 2015-03-02 13:37 - 2013-11-19 17:26 - 00000000 ____D () C:\Users\ulfilas\AppData\Roaming\Dropbox 2015-03-02 13:37 - 2012-01-16 13:11 - 00000330 _____ () C:\Windows\Tasks\GlaryInitialize.job 2015-03-02 13:33 - 2009-11-13 03:06 - 00000000 ____D () C:\ProgramData\NVIDIA 2015-03-02 13:33 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-03-02 13:33 - 2009-07-14 05:51 - 00170020 _____ () C:\Windows\setupact.log 2015-03-02 13:32 - 2009-09-03 10:10 - 01472590 _____ () C:\Windows\PFRO.log 2015-03-02 13:32 - 2009-07-14 04:20 - 00000000 __RSD () C:\Windows\Media 2015-03-02 03:16 - 2014-07-01 09:16 - 00000280 _____ () C:\Windows\Tasks\System Speedupsch.job 2015-03-02 02:00 - 2009-12-24 14:37 - 00000000 ____D () C:\Users\ulfilas\AppData\Local\Adobe 2015-03-02 01:02 - 2011-06-20 14:24 - 00003950 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{40457202-43A6-48A0-B73A-FD3D606DDC7E} 2015-02-27 12:24 - 2010-04-02 14:09 - 06384640 ___SH () C:\Users\ulfilas\Desktop\Thumbs.db 2015-02-27 12:22 - 2012-02-11 23:34 - 00006233 _____ () C:\Users\ulfilas\Sti_Trace.log 2015-02-27 10:44 - 2012-12-03 13:31 - 00000000 ____D () C:\Users\ulfilas\Desktop\Verknüpfungen 2015-02-27 00:19 - 2012-08-15 11:24 - 00000000 ____D () C:\Users\ulfilas\AppData\Roaming\Skype 2015-02-27 00:13 - 2009-09-03 10:04 - 00000000 ____D () C:\Windows\oem 2015-02-26 21:03 - 2012-02-25 21:03 - 00000318 _____ () C:\Windows\Tasks\MT66 Software Update.job 2015-02-26 11:30 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default 2015-02-26 11:22 - 2009-07-14 03:34 - 00000248 _____ () C:\Windows\system.ini 2015-02-24 22:26 - 2014-12-04 22:13 - 00000000 ____D () C:\Users\ulfilas\Desktop\Beschriftung Bw 77 2015-02-24 18:57 - 2011-04-09 02:31 - 00000000 ____D () C:\Users\ulfilas\AppData\Roaming\FileZilla 2015-02-23 18:49 - 2009-12-24 14:15 - 00114536 _____ () C:\Users\ulfilas\AppData\Local\GDIPFONTCACHEV1.DAT 2015-02-23 18:49 - 2009-07-14 05:45 - 05037800 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-02-23 18:48 - 2009-09-03 10:07 - 00000000 ____D () C:\Program Files\Google 2015-02-23 18:48 - 2009-09-03 10:07 - 00000000 ____D () C:\Program Files (x86)\Google 2015-02-23 16:14 - 2009-09-03 09:54 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-02-23 16:14 - 2009-07-14 03:34 - 00000489 _____ () C:\Windows\win.ini 2015-02-23 15:45 - 2009-07-14 08:45 - 00000000 ____D () C:\Windows\ShellNew 2015-02-23 15:44 - 2009-12-24 15:31 - 00000000 ____D () C:\Users\ulfilas\AppData\Local\Google 2015-02-23 15:44 - 2009-09-03 10:07 - 00000000 ____D () C:\ProgramData\Google 2015-02-20 14:04 - 2011-05-08 13:47 - 00000000 ____D () C:\Users\ulfilas\AppData\Roaming\DVDVideoSoft 2015-02-20 14:03 - 2011-05-08 13:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft 2015-02-20 14:03 - 2011-05-08 13:47 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft 2015-02-20 10:35 - 2014-02-07 01:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-02-18 14:42 - 2013-04-30 12:11 - 00000000 ____D () C:\Users\ulfilas\AppData\Roaming\MyPhoneExplorer 2015-02-13 08:30 - 2012-09-27 11:14 - 00000000 ____D () C:\Windows\rescache 2015-02-13 02:59 - 2013-11-19 17:27 - 00000000 ____D () C:\Users\ulfilas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-02-12 12:35 - 2013-10-06 11:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON PhotoQuicker 2015-02-12 12:35 - 2011-06-23 20:06 - 00000000 ____D () C:\Program Files (x86)\EPSON 2015-02-12 12:35 - 2009-09-03 09:34 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2015-02-12 12:30 - 2013-03-14 03:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-02-12 12:30 - 2013-03-14 03:00 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2015-02-12 12:30 - 2013-03-14 03:00 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2015-02-12 12:22 - 2012-07-23 18:41 - 00000000 ____D () C:\ProgramData\DatacardService 2015-02-12 12:15 - 2012-04-20 18:55 - 00000000 ____D () C:\Users\ulfilas\AppData\Local\Mozilla 2015-02-12 11:38 - 2013-12-22 14:08 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2015-02-12 11:38 - 2013-12-22 14:08 - 00128536 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2015-02-12 11:38 - 2013-12-22 14:08 - 00044088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2015-02-12 03:11 - 2013-08-19 02:01 - 00000000 ____D () C:\Windows\system32\MRT 2015-02-12 03:11 - 2012-10-18 18:11 - 00002121 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk 2015-02-12 03:11 - 2012-10-18 18:11 - 00001912 _____ () C:\Windows\epplauncher.mif 2015-02-12 03:11 - 2012-10-18 18:11 - 00000000 ____D () C:\Program Files\Microsoft Security Client 2015-02-12 03:11 - 2012-10-18 18:11 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client 2015-02-12 03:03 - 2010-01-09 03:02 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-02-09 17:23 - 2014-08-14 08:35 - 00000000 ____D () C:\ProgramData\Package Cache 2015-02-09 17:23 - 2013-12-22 14:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2015-02-09 00:26 - 2012-02-27 14:39 - 00030042 _____ () C:\Windows\DPINST.LOG 2015-02-09 00:00 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-02-05 05:49 - 2014-06-21 10:15 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1cf6b0a3cdc10aa 2015-02-05 05:49 - 2010-12-30 02:43 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-02-05 03:18 - 2012-05-05 15:11 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-02-05 03:18 - 2012-05-05 15:11 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-02-05 03:18 - 2012-02-21 01:55 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-02-04 19:52 - 2011-06-07 02:12 - 00038400 ___SH () C:\Users\ulfilas\Documents\Thumbs.db 2015-02-04 19:49 - 2013-08-28 23:13 - 00000000 ____D () C:\Users\ulfilas\Desktop\Schriftverkehr ==================== Files in the root of some directories ======= 2013-07-28 00:16 - 2014-07-23 00:21 - 0000149 _____ () C:\Users\ulfilas\AppData\Roaming\WB.CFG 2013-12-31 01:17 - 2014-01-03 01:17 - 0000005 _____ () C:\Users\ulfilas\AppData\Roaming\WBPU-Q5-TTL.DAT 2013-06-28 09:16 - 2014-01-29 01:17 - 0000005 _____ () C:\Users\ulfilas\AppData\Roaming\WBPU-TTL.DAT 2011-06-27 22:15 - 2013-03-27 10:49 - 0003204 _____ () C:\Users\ulfilas\AppData\Roaming\wklnhst.dat 2012-03-08 18:46 - 2012-03-10 01:37 - 0001456 _____ () C:\Users\ulfilas\AppData\Local\Adobe Für Web speichern 12.0 Prefs 2011-02-10 21:41 - 2014-12-12 14:35 - 0030720 _____ () C:\Users\ulfilas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2010-02-11 12:39 - 2010-02-11 12:40 - 0001643 _____ () C:\Users\ulfilas\AppData\Local\MyWinLockerInstaller.txt-20100211.log 2011-06-10 12:54 - 2012-04-27 14:02 - 0007658 _____ () C:\Users\ulfilas\AppData\Local\Resmon.ResmonCfg 2009-11-13 03:07 - 2009-11-13 03:10 - 0008031 _____ () C:\ProgramData\ArcadeDeluxe3.log 2009-09-03 09:44 - 2009-07-18 02:57 - 0036136 _____ (Oberon Media) C:\ProgramData\FullRemove.exe 2015-02-09 00:45 - 2015-02-09 00:49 - 0000128 ____H () C:\ProgramData\V93GE Some content of TEMP: ==================== C:\Users\ulfilas\AppData\Local\Temp\avgnt.exe C:\Users\ulfilas\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfexods.dll C:\Users\ulfilas\AppData\Local\Temp\Quarantine.exe C:\Users\ulfilas\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-02-23 13:05 ==================== End Of Log ============================ --- --- --- Update: Habe jetzt meinen Papierkorb geleert und einen Neustart gemacht. Leider poppen die Werbeeinblendungen immer noch auf. Geändert von ulfilas-bs (02.03.2015 um 18:49 Uhr) |
Themen zu Roll Around Virus eingefangen |
advertisement, beheben, bildschirm, compu, dauerhaft, eingefangen, gefangen, gen, jahre, malware, recht, roll around, stelle, trojaner, virus, virus eingefangen, werbeeinblendungen, will nicht, woche |