Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Vista: Unbekannter Ordner in meinen persönlichen Dateien

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 03.03.2015, 15:16   #1
pasteur
 
Vista: Unbekannter Ordner in meinen persönlichen Dateien - Standard

Vista: Unbekannter Ordner in meinen persönlichen Dateien



Meine persönlichen Dateien speichere ich in der Festplattenpartition „D“. Das System läuft auf „C“.
Seit einiger Zeit findet sich zwischen den Ordnern ein von mir nicht angelegter Ordner mit dem Namen dd89f1be96b5e1ab75dd4407c426. Der Ordner lässt sich nicht löschen oder verschieben. Die Unterordner bestehen aus 4stelligen Zahlen und lassen sich nicht öffnen. In einem Ordner Graphics befinden sich Dateien mit der Endung ico, die sich mit Gimp nicht öffnen lassen.
Es existiert neben weiteren Dateien ein Windows-Installer-Patch NDP40-KB2836939.msp. Mein Rechner läuft mit der jeweils aktuellesten Norten-Versinon. Der AdwareCleaner zeigt den Ordner nicht als Malware an.
Hat jemand eine Ahnung, um was es sich da handeln kann?

Alt 03.03.2015, 15:24   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Vista: Unbekannter Ordner in meinen persönlichen Dateien - Standard

Vista: Unbekannter Ordner in meinen persönlichen Dateien



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 03.03.2015, 15:50   #3
pasteur
 
Vista: Unbekannter Ordner in meinen persönlichen Dateien - Standard

Vista: Unbekannter Ordner in meinen persönlichen Dateien



Danke, für die schnelle Antwort. Norton löscht sofort nach dem Download von frst.exe die Datei mit dem Hinweis auf die Bedrohung Suspicious.cloud.7.EP
__________________

Alt 03.03.2015, 16:46   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Vista: Unbekannter Ordner in meinen persönlichen Dateien - Standard

Vista: Unbekannter Ordner in meinen persönlichen Dateien



Jo, weil Norton sau doof is. Norton aus, oder besser, Norton deinstallieren und nen Bogen drum machen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 03.03.2015, 17:10   #5
pasteur
 
Vista: Unbekannter Ordner in meinen persönlichen Dateien - Standard

Vista: Unbekannter Ordner in meinen persönlichen Dateien



Danke, Schrauber, hab Norton abgeschaltet und jetzt kommen die beiden Datein:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-03-2015
Ran by Matthias (administrator) on MATTHIAS-PC on 03-03-2015 16:21:57
Running from C:\Users\Matthias\Desktop\Downloads
Loaded Profiles: Matthias (Available profiles: Matthias & Gast)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
() C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Symantec Corporation) C:\Program Files\Norton Identity Safe\Engine\2014.7.8.23\NST.exe
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.1.0.9\NS.exe
(NewTech InfoSystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
() C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Symantec Corporation) C:\Program Files\Norton Identity Safe\Engine\2014.7.8.23\NST.exe
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.1.0.9\NS.exe
() C:\Users\Matthias\Desktop\Core Temp.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(brother) C:\Program Files\Brownie\BrStsWnd.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Deutsche Telekom AG, Marmiko IT-Solutions GmbH) C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Akamai Technologies, Inc.) C:\Users\Matthias\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Mail\wlmail.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Contacts\wlcomm.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(brother) C:\Program Files\Brownie\brpjp04a.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Akamai Technologies, Inc.) C:\Users\Matthias\AppData\Local\Akamai\netsession_win.exe
(Realtek Semiconductor Corp.) C:\Users\Matthias\AppData\Local\Temp\RtkBtMnt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_16_0_0_305_ActiveX.exe
() C:\Users\Matthias\Downloads\frst.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [6609440 2008-10-31] (Realtek Semiconductor)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [690720 2008-12-18] (Acer Incorporated)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1398056 2008-11-20] (Synaptics, Inc.)
HKLM\...\Run: [BrStsWnd] => C:\Program Files\Brownie\BrstsWnd.exe [880640 2008-09-18] (brother)
HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2008-10-31] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [ToADiMon.exe] => C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe [286720 2010-04-08] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKU\S-1-5-21-3827918516-2867637020-576463877-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-3827918516-2867637020-576463877-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Matthias\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3827918516-2867637020-576463877-1000\...\Run: [] => [X]
HKU\S-1-5-21-3827918516-2867637020-576463877-1000\...\MountPoints2: {19076bdf-bd55-11de-a648-00235a5338e1} - F:\Menu.exe
HKU\S-1-5-21-3827918516-2867637020-576463877-1000\...\MountPoints2: {d60af5b2-a679-11df-9129-00235a5338e1} - awb3ryk.exe
HKU\S-1-5-21-3827918516-2867637020-576463877-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> 
Startup: C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\E-Mail - Verknüpfung.lnk
ShortcutTarget: E-Mail - Verknüpfung.lnk ->  (No File)
Startup: C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Calendar.lnk
ShortcutTarget: Windows Calendar.lnk -> C:\Program Files\Windows Calendar\WinCal.exe (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0209&m=aspire_5737z
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0209&m=aspire_5737z
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NS&pvid=22.1.0.9
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NS&pvid=22.1.0.9
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NS&pvid=22.1.0.9
HKU\S-1-5-21-3827918516-2867637020-576463877-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.benefind.de/
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3827918516-2867637020-576463877-1000 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE326
SearchScopes: HKU\S-1-5-21-3827918516-2867637020-576463877-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE326
SearchScopes: HKU\S-1-5-21-3827918516-2867637020-576463877-1000 -> {7AE64BE7-E40D-4E58-A1D9-F8DC7719A1DC} URL = hxxp://www.benefind.de/result.html?q={searchTerms}
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine\22.1.0.9\coIEPlg.dll (Symantec Corporation)
BHO: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.1.0.9\coIEPlg.dll (Symantec Corporation)
Toolbar: HKU\S-1-5-21-3827918516-2867637020-576463877-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-3827918516-2867637020-576463877-1000 -> No Name - {CFCB809C-3A22-4616-A916-6C007BD9D920} -  No File
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {C3E3BB4F-269C-41A3-9F5F-A360E933CAD3} https://as.photoprintit.com/ips-opdata/activex/ImageUploader6.cab
DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} https://asp.photoprintit.de/microsite/11093/defaults/activex/ips/IPSUploader4.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 212.27.40.240 212.27.40.241

FireFox:
========
FF ProfilePath: C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\wo64522p.default
FF Homepage: hxxp://www.benefind.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np_gp.dll (NOS Microsystems Ltd.)
FF SearchPlugin: C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\wo64522p.default\searchplugins\benefind.xml
FF Extension: Securita Scout - C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\wo64522p.default\Extensions\plug@securitascout.com [2014-07-13]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\wo64522p.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-05-20]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2015-01-26]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-05-06]
FF HKLM\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
FF HKLM\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.8.23\coFFPlgn
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.1.0.9\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.1.0.9\coFFPlgn [2015-03-03]
FF HKLM\...\Thunderbird\Extensions: [te_7.0@nokia.com] - C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_7.0
FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_7.0 [2011-12-04]

Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.benefind.de/"
CHR DefaultSearchKeyword: Default -> benefind.de
CHR DefaultSearchURL: Default -> hxxp://www.benefind.de/result.html?q={searchTerms}
CHR DefaultSuggestURL: Default -> 
CHR Profile: C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-24]
CHR Extension: (Google Docs) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-09]
CHR Extension: (Google Drive) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-11-09]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-24]
CHR Extension: (YouTube) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-09]
CHR Extension: (Google Search) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-09]
CHR Extension: (Google Sheets) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-24]
CHR Extension: (Norton Identity Safe) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-01-24]
CHR Extension: (Google Wallet) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-24]
CHR Extension: (Gmail) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-09]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.1.0.9\Exts\Chrome.crx [2015-01-08]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] -  [Not Found]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AAV UpdateService; C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 AdobeActiveFileMonitor8.0; C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [169312 2009-09-18] (Adobe Systems Incorporated)
R2 BUNAgentSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [16384 2008-03-03] (NewTech Infosystems, Inc.) [File not signed]
R2 CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [69632 2008-10-04] () [File not signed]
R2 ePowerSvc; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [653856 2008-12-18] (Acer Incorporated)
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed]
S4 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-12-06] () [File not signed]
R2 NCO; C:\Program Files\Norton Identity Safe\Engine\2014.7.8.23\NST.exe [130104 2014-09-20] (Symantec Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [43520 2006-05-11] (Hewlett-Packard) [File not signed]
R2 NS; C:\Program Files\Norton Security\Engine\22.1.0.9\NS.exe [282528 2014-12-10] (Symantec Corporation)
R2 NTIBackupSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [45056 2008-04-25] (NewTech InfoSystems, Inc.) [File not signed]
R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-25] () [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [52736 2006-05-11] (Hewlett-Packard) [File not signed]
S4 RichVideo; C:\Program Files\Cyberlink\Shared files\RichVideo.exe [272024 2007-01-09] ()
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AF15BDA; C:\Windows\System32\DRIVERS\AF15BDA.sys [483200 2010-08-21] (ITETech                  )
R1 BHDrvx86; C:\Program Files\Norton Security\NortonData\22.1.0.9\Definitions\BASHDefs\20150224.001_4f9\BHDrvx86.sys [1164504 2015-02-24] (Symantec Corporation)
R1 ccSet_NS; C:\Windows\system32\drivers\NS\1601000.009\ccSetx86.sys [128728 2014-09-09] (Symantec Corporation)
R1 ccSet_NST; C:\Windows\system32\drivers\NST\7DE07080.017\ccSetx86.sys [127064 2013-09-27] (Symantec Corporation)
R1 DritekPortIO; C:\Program Files\Launch Manager\DPortIO.sys [20112 2006-11-02] (Dritek System Inc.)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [378672 2014-11-25] (Symantec Corporation)
R3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [34760 2007-02-16] (SlySoft, Inc.)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [31088 2010-12-16] (Elaborate Bytes AG)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [111408 2014-11-25] (Symantec Corporation)
R1 IDSVix86; C:\Program Files\Norton Security\NortonData\22.1.0.9\Definitions\IPSDefs\20150302.001\IDSvix86.sys [503512 2015-02-26] (Symantec Corporation)
S3 MTOnlPktAlyX; C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyX.SYS [19200 2010-08-27] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [File not signed]
R3 NAVENG; C:\Program Files\Norton Security\NortonData\22.1.0.9\Definitions\VirusDefs\20150302.034\NAVENG.SYS [95704 2015-02-27] (Symantec Corporation)
R3 NAVEX15; C:\Program Files\Norton Security\NortonData\22.1.0.9\Definitions\VirusDefs\20150302.034\NAVEX15.SYS [1636696 2015-02-27] (Symantec Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [50704 2010-01-27] (CACE Technologies, Inc.)
R3 SRTSP; C:\Windows\system32\drivers\NS\1601000.009\SRTSP.SYS [699608 2014-12-02] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NS\1601000.009\SRTSPX.SYS [36056 2014-12-02] (Symantec Corporation)
S3 StarOpen; C:\Windows\system32\Drivers\StarOpen.sys [7168 2009-09-28] () [File not signed]
R0 SymDS; C:\Windows\System32\drivers\NS\1601000.009\SYMDS.SYS [364760 2014-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NS\1601000.009\SYMEFA.SYS [939224 2014-09-09] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [94424 2015-01-08] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NS\1601000.009\Ironx86.SYS [212696 2014-09-09] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\system32\drivers\NS\1601000.009\SYMTDIV.SYS [358104 2014-09-09] (Symantec Corporation)
R3 usbscan; C:\Windows\System32\DRIVERS\usbscan.sys [12400 1999-10-13] (Microsoft Corporation) [File not signed]
R3 ALSysIO; \??\C:\Users\Matthias\AppData\Local\Temp\ALSysIO.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 taphss6; system32\DRIVERS\taphss6.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-03 16:21 - 2015-03-03 16:22 - 00000000 ____D () C:\FRST
2015-02-28 11:18 - 2015-02-28 11:18 - 00002400 _____ () C:\AdwCleaner[R1].txt
2015-02-28 11:03 - 2008-11-20 17:39 - 00204464 _____ (Synaptics, Inc.) C:\Windows\system32\Drivers\SynTP.sys
2015-02-28 11:03 - 2008-11-20 17:38 - 00206120 _____ (Synaptics, Inc.) C:\Windows\system32\SynCtrl.dll
2015-02-28 11:03 - 2008-11-20 17:38 - 00161064 _____ (Synaptics, Inc.) C:\Windows\system32\SynTPAPI.dll
2015-02-28 11:03 - 2008-11-20 17:38 - 00120104 _____ (Synaptics, Inc.) C:\Windows\system32\SynTPCo4.dll
2015-02-28 10:47 - 2015-02-28 10:45 - 00176552 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2015-02-28 10:47 - 2015-02-28 10:45 - 00176552 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2015-02-28 00:04 - 2015-03-03 15:19 - 00000000 ____D () C:\AdwCleaner
2015-02-28 00:02 - 2015-02-28 00:03 - 02126848 _____ () C:\Users\Matthias\Desktop\adwcleaner_4.111.exe
2015-02-26 19:57 - 2015-02-26 19:57 - 00000053 _____ () C:\Windows\SynInst.log
2015-02-25 23:31 - 2015-02-25 23:31 - 00000000 ____D () C:\Users\Matthias\AppData\Local\TuneUp Software
2015-02-25 23:27 - 2015-02-26 10:59 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2015-02-25 20:56 - 2015-02-25 20:56 - 00000000 ____D () C:\Users\Matthias\AppData\Local\PDFCreator
2015-02-25 10:00 - 2015-02-25 10:00 - 00000000 ____D () C:\Program Files\Common Files\Java(1)
2015-02-23 12:53 - 2015-02-27 23:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2015-02-23 12:53 - 2015-02-23 12:53 - 00000832 _____ () C:\Users\Public\Desktop\PDFCreator.lnk
2015-02-13 17:59 - 2015-01-23 04:00 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-13 17:59 - 2015-01-23 03:51 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-12 10:39 - 2014-11-26 03:05 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-12 10:38 - 2015-01-13 02:39 - 00974848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-12 10:38 - 2015-01-09 01:20 - 02063360 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-12 10:34 - 2015-01-15 05:13 - 00440760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-12 10:34 - 2014-12-08 02:59 - 00306176 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 17:18 - 2015-01-14 02:51 - 12371456 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 17:18 - 2015-01-14 02:49 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-02-11 17:18 - 2015-01-14 02:46 - 09742336 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 17:18 - 2015-01-14 02:43 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 17:18 - 2015-01-14 02:42 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 17:18 - 2015-01-14 02:42 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 17:18 - 2015-01-14 02:41 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 17:18 - 2015-01-14 02:41 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 17:18 - 2015-01-14 02:41 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 17:18 - 2015-01-14 02:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-02-11 17:18 - 2015-01-14 02:41 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 17:18 - 2015-01-14 02:41 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 17:18 - 2015-01-14 02:40 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 17:18 - 2015-01-14 02:40 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 17:18 - 2015-01-14 02:40 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 17:18 - 2015-01-14 02:40 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 17:18 - 2015-01-14 02:40 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 17:18 - 2015-01-14 02:40 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-02-11 17:18 - 2015-01-14 02:40 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-02-11 17:18 - 2015-01-14 02:40 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-02-08 17:35 - 2015-03-03 11:59 - 00001339 _____ () C:\Users\Matthias\Desktop\CoreTemp.ini
2015-02-08 17:35 - 2013-10-08 13:22 - 00794272 _____ () C:\Users\Matthias\Desktop\Core Temp.exe
2015-02-08 17:28 - 2015-02-08 17:28 - 00734473 _____ () C:\Users\Matthias\Desktop\CoreTemp_106.zip

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-03 16:19 - 2009-05-06 20:12 - 00000000 ____D () C:\Users\Matthias
2015-03-03 16:16 - 2009-02-21 15:19 - 01675300 _____ () C:\Windows\WindowsUpdate.log
2015-03-03 16:14 - 2015-01-24 00:03 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-03 15:40 - 2013-10-15 11:05 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-03 15:35 - 2009-09-13 17:35 - 00000330 _____ () C:\Windows\Brownie.ini
2015-03-03 15:33 - 2015-01-24 00:03 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-03 15:33 - 2009-05-06 20:12 - 00207414 _____ () C:\ProgramData\nvModes.001
2015-03-03 15:33 - 2009-01-16 19:58 - 00000147 _____ () C:\Windows\system32\agent.log
2015-03-03 15:33 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-03 15:33 - 2006-11-02 13:47 - 00003344 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-03 15:33 - 2006-11-02 13:47 - 00003344 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-03 14:32 - 2014-01-29 18:53 - 00000000 ____D () C:\Users\Matthias\.gimp-2.8
2015-03-03 14:27 - 2009-08-02 17:39 - 00002631 _____ () C:\Users\Matthias\Desktop\Microsoft Office Word 2007.lnk
2015-03-03 13:22 - 2009-09-13 17:36 - 00000034 _____ () C:\Windows\system32\BD2150N.DAT
2015-03-03 12:05 - 2009-08-27 21:36 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\Skype
2015-03-02 13:42 - 2015-01-26 21:48 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-03-01 23:30 - 2006-11-02 14:01 - 00032578 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-01 23:29 - 2009-08-30 20:52 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\vlc
2015-03-01 19:29 - 2008-01-21 08:16 - 01674410 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-28 11:59 - 2011-03-24 21:08 - 00000000 ____D () C:\Program Files\Java
2015-02-28 11:31 - 2009-02-21 15:28 - 00207414 _____ () C:\ProgramData\nvModes.dat
2015-02-28 11:05 - 2009-02-21 15:19 - 00063094 _____ () C:\Windows\DPINST.LOG
2015-02-28 11:05 - 2006-11-02 13:52 - 00262190 _____ () C:\Windows\setupact.log
2015-02-28 10:48 - 2013-09-23 21:51 - 00000000 ____D () C:\ProgramData\Oracle
2015-02-28 10:45 - 2014-11-04 21:26 - 00272296 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2015-02-27 23:48 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\Msdtc
2015-02-27 23:48 - 2006-11-02 11:22 - 59244544 _____ () C:\Windows\system32\config\software_previous
2015-02-27 23:48 - 2006-11-02 11:22 - 46661632 _____ () C:\Windows\system32\config\components_previous
2015-02-27 23:48 - 2006-11-02 11:22 - 35651584 _____ () C:\Windows\system32\config\system_previous
2015-02-27 23:48 - 2006-11-02 11:22 - 00524288 _____ () C:\Windows\system32\config\default_previous
2015-02-27 23:48 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\security_previous
2015-02-27 23:48 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\sam_previous
2015-02-27 23:47 - 2013-02-26 11:56 - 00000000 __SHD () C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2015-02-27 23:47 - 2011-11-10 21:54 - 00000000 ____D () C:\Users\Matthias\AppData\Local\Akamai
2015-02-27 23:47 - 2009-08-30 20:52 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\dvdcss
2015-02-27 23:47 - 2009-08-22 11:12 - 00000000 ____D () C:\Users\Gast
2015-02-27 23:47 - 2009-07-11 13:08 - 00000000 ____D () C:\Users\Matthias\AppData\Local\Microsoft Help
2015-02-27 23:47 - 2006-11-02 12:18 - 00000000 ___RD () C:\Users\Public
2015-02-27 23:47 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\spool
2015-02-27 23:46 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\registration
2015-02-27 16:14 - 2008-01-21 03:47 - 02827352 _____ () C:\Windows\PFRO.log
2015-02-27 14:54 - 2009-01-16 19:03 - 00000000 ____D () C:\Program Files\Acer
2015-02-26 10:59 - 2011-10-27 21:20 - 00000000 ____D () C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2015-02-26 10:59 - 2011-04-07 22:52 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\HpUpdate
2015-02-26 10:37 - 2013-02-26 12:29 - 00000000 ____D () C:\ProgramData\TuneUp Software
2015-02-25 23:31 - 2013-02-26 12:30 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\TuneUp Software
2015-02-24 23:26 - 2010-09-05 19:34 - 00000000 ____D () C:\Users\Matthias\AppData\Local\CrashDumps
2015-02-24 12:43 - 2009-08-27 21:27 - 00000000 ___RD () C:\Program Files\Skype
2015-02-24 12:43 - 2009-08-27 21:27 - 00000000 ____D () C:\ProgramData\Skype
2015-02-23 12:53 - 2012-01-21 13:37 - 00000000 ____D () C:\Program Files\PDFCreator
2015-02-20 21:10 - 2015-01-24 00:04 - 00001967 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-14 18:16 - 2009-06-14 19:56 - 00049664 _____ () C:\Users\Matthias\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-12 21:15 - 2010-08-01 18:01 - 00007592 _____ () C:\Users\Matthias\AppData\Local\d3d9caps.dat
2015-02-12 21:12 - 2006-11-02 13:47 - 03684304 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-12 16:50 - 2013-07-16 02:06 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-12 10:40 - 2006-11-02 11:24 - 113756392 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-02-12 10:38 - 2009-01-16 18:45 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-06 00:14 - 2010-07-23 07:11 - 00002633 _____ () C:\Users\Matthias\Desktop\Microsoft Office Excel 2007.lnk
2015-02-05 21:40 - 2012-03-31 08:57 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-05 21:40 - 2011-08-01 09:29 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-02-04 17:21 - 2014-11-27 22:59 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service

==================== Files in the root of some directories =======

2009-06-09 08:40 - 2009-06-09 08:38 - 0005250 _____ () C:\Program Files\0x0407.ini
2009-06-09 08:40 - 2009-06-09 08:38 - 14042624 _____ () C:\Program Files\Turbo Lister 2.msi
2011-03-25 21:15 - 2010-10-16 11:50 - 3056008 _____ (Ask) C:\Program Files\Common Files\AskToolbarInstaller.exe
2010-12-14 13:00 - 2012-03-28 09:14 - 1456640 _____ () C:\Program Files\Common Files\Falk Navi-Manager.msi
2011-03-25 21:15 - 2010-01-26 10:11 - 0444283 _____ () C:\Program Files\Common Files\WinPcapNmap.exe
2009-08-13 23:39 - 2009-08-13 23:39 - 0000319 _____ () C:\Users\Matthias\AppData\Roaming\mdb.bin
2010-08-01 18:01 - 2015-02-12 21:15 - 0007592 _____ () C:\Users\Matthias\AppData\Local\d3d9caps.dat
2009-06-14 19:56 - 2015-02-14 18:16 - 0049664 _____ () C:\Users\Matthias\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-08-13 20:38 - 2009-08-13 20:38 - 0000096 _____ () C:\Users\Matthias\AppData\Local\fusioncache.dat
2013-02-09 21:29 - 2013-02-09 21:34 - 0005086 _____ () C:\Users\Matthias\AppData\Local\MyWinLockerInstaller.txt-20130209.log
2014-08-10 19:41 - 2014-08-10 19:41 - 0001491 _____ () C:\Users\Matthias\AppData\Local\recently-used.xbel
2011-04-19 10:35 - 2011-04-21 08:42 - 0001940 _____ () C:\Users\Matthias\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
2010-10-08 10:32 - 2013-03-04 13:45 - 0000148 ___SH () C:\ProgramData\.zreglib
2011-03-25 21:15 - 2010-05-28 22:37 - 0015086 _____ () C:\ProgramData\Amazon.ico
2009-02-21 15:21 - 2009-02-21 15:23 - 0006112 _____ () C:\ProgramData\ArcadeDeluxe2.log
2011-03-25 21:15 - 2011-03-03 15:50 - 0009662 _____ () C:\ProgramData\BeRuby.ico
2009-08-27 21:43 - 2009-08-27 21:43 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2009-05-26 07:30 - 2012-04-15 22:27 - 0009789 _____ () C:\ProgramData\hpzinstall.log
2014-12-23 00:44 - 2014-12-23 00:48 - 0020531 ____H () C:\ProgramData\M33KI
2011-03-25 21:15 - 2010-07-20 12:53 - 0071926 _____ () C:\ProgramData\MercadoLivre.ico
2009-05-06 20:12 - 2015-03-03 15:33 - 0207414 _____ () C:\ProgramData\nvModes.001
2009-02-21 15:28 - 2015-02-28 11:31 - 0207414 _____ () C:\ProgramData\nvModes.dat
2011-03-25 21:15 - 2010-05-20 11:05 - 0025214 _____ () C:\ProgramData\QuickStores.ico

Some content of TEMP:
====================
C:\Users\Matthias\AppData\Local\Temp\Quarantine.exe
C:\Users\Matthias\AppData\Local\Temp\RtkBtMnt.exe
C:\Users\Matthias\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-03 15:41

==================== End Of Log ============================
         
--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 02-03-2015
Ran by Matthias at 2015-03-03 16:24:10
Running from C:\Users\Matthias\Desktop\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Security (Disabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Security (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AAVUpdateManager (HKLM\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
Acer Arcade Deluxe (HKLM\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 2.0.5817 - CyberLink Corp.)
Acer Arcade Deluxe (Version: 2.0.5817 - CyberLink Corp.) Hidden
Acer Crystal Eye Webcam 2.0.9.1 (HKLM\...\{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}) (Version: 2.0.9.1 - SuYin)
Acer ePower Management (HKLM\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 4.00.3001 - Acer Incorporated)
Acer eRecovery Management (HKLM\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.00.3001 - Acer Incorporated)
Acer GridVista (HKLM\...\GridVista) (Version: 2.72.317 - )
Acer Mobility Center Plug-In (HKLM\...\{11316260-6666-467B-AC34-183FCB5D4335}) (Version: 3.0.3000 - Acer Inc.)
Acer Product Registration (HKLM\...\{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}) (Version: 3.0.0.10 - Acer Incorporated)
Acer ScreenSaver (HKLM\...\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}) (Version: 1.01.1205 - Acer Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Photoshop Elements 8.0 (HKLM\...\Adobe Photoshop Elements 8.0) (Version: 8.0 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
AIO_CDA_ProductContext (Version: 82.0.233.000 - Hewlett-Packard) Hidden
AIO_CDA_Software (Version: 82.0.233.000 - Hewlett-Packard) Hidden
AIO_Scan (Version: 82.0.173.000 - Hewlett-Packard) Hidden
Akamai NetSession Interface (HKU\S-1-5-21-3827918516-2867637020-576463877-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
Amazon Music (HKU\S-1-5-21-3827918516-2867637020-576463877-1000\...\Amazon Amazon Music) (Version: 3.2.0.591 - Amazon Services LLC)
AudioCon (HKLM\...\AudioCon) (Version: 1.0 - Basement Softworks)
Bing Bar (HKLM\...\{B4089055-D468-45A4-A6BA-5A138DD715FC}) (Version: 7.0.850.0 - Microsoft Corporation)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Brother HL-2150N (HKLM\...\{797CD9FD-2B9D-46E9-8049-80790391AC24}) (Version: 1.00 - Brother)
BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden
C5100 (Version: 82.0.233.000 - Hewlett-Packard) Hidden
c5100_Help (Version: 82.0.233.000 - Hewlett-Packard) Hidden
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.3.7.2423 - CDBurnerXP)
CDex extraction audio (HKLM\...\CDex) (Version:  - )
CloneCD (HKLM\...\CloneCD) (Version:  - SlySoft)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Copy (Version: 130.0.366.000 - Hewlett-Packard) Hidden
CyberLink PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 6.5.3524 - CyberLink Corp.)
Destinations (Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 130.0.372.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
DHTML Editing Component (HKLM\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
DocProc (Version: 8.1.0.0 - Hewlett-Packard) Hidden
DocProcQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Dropbox (HKU\S-1-5-21-3827918516-2867637020-576463877-1000\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Falk Navi-Manager (HKLM\...\{3222B0CE-59C5-4CA0-B545-2B88F200756B}) (Version: 2.10.0 - United Navigation GmbH)
Falk Navi-Manager (Version: 2.10.0 - United Navigation GmbH) Hidden
Falk Navi-Manager (Version: 2.5.1 - Falk Navigation GmbH) Hidden
Fax (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Foto Sprechblase 1 (HKLM\...\Foto Sprechblase 1) (Version:  - )
FreeUndelete (HKLM\...\{A35883BD-9C83-4625-82F3-90F86728C662}) (Version: 2.0 - Recoveronix)
GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team)
Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden
Heroes of Hellas (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}) (Version:  - Oberon Media)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP OCR Software 8.0 (HKLM\...\HPOCR) (Version: 8.0 - HP)
HP Photosmart Essential (HKLM\...\{EB21A812-671B-4D08-B974-2A347F0D8F70}) (Version: 1.12.0.46 - HP)
HP Photosmart.All-In-One Driver Software 8.0 .A (HKLM\...\{282E5AB2-8E47-4571-B6FA-6B512555B557}) (Version: 8.0 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM\...\{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}) (Version: 5.002.007.004 - Hewlett-Packard)
HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden
IrfanView (remove only) (HKLM\...\IrfanView) (Version:  - )
JMicron Flash Media Controller Driver (HKLM\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.00.23.06 - JMicron Technology Corp.)
Junk Mail filter update (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Launch Manager (HKLM\...\LManager) (Version: 2.0.03 - Acer Inc.)
LightScribe  1.4.142.1 (Version: 1.4.142.1 - hxxp://www.lightscribe.com) Hidden
Magic Farm (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114717227}) (Version:  - Oberon Media)
Magic Match Adventures (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11408540}) (Version:  - Oberon Media)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 German Language Pack (HKLM\...\{E78BFA60-5393-4C38-82AB-E8019E464EB4}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 de) (HKLM\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 33.1.1 - Mozilla)
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MuseScore 1.3 (HKLM\...\MuseScore) (Version: 1.3.0 - Werner Schweer and Others)
Mystery Solitaire - Secret Island (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}) (Version:  - Oberon Media)
Mythic Mahjong (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113919217}) (Version:  - Oberon Media)
Nokia Connectivity Cable Driver (HKLM\...\{AF88496B-4BBA-4922-97E9-2582D3A28358}) (Version: 7.1.48.0 - Nokia)
Nokia PC Suite (HKLM\...\Nokia PC Suite) (Version: 7.1.60.0 - Nokia)
Nokia PC Suite (Version: 7.1.60.0 - Nokia) Hidden
Nokia Software Updater (HKLM\...\{4D568C38-0552-4CDD-A643-01FAFA2957EF}) (Version: 02.06.006.44298 - Nokia Corporation)
Nokia Suite (HKLM\...\Nokia Suite) (Version: 3.2.100.0 - Nokia)
Nokia Suite (Version: 3.2.100.0 - Nokia) Hidden
Norton Bootable Recovery Tool Wizard (HKLM\...\NBRTWizard) (Version: 5.1.0.26 - Symantec Corporation)
Norton Identity Safe (HKLM\...\NST) (Version: 2014.7.8.23 - Symantec Corporation)
Norton Security (HKLM\...\NS) (Version: 22.1.0.9 - Symantec Corporation)
NTI Backup Now 5 (HKLM\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.606 - NewTech Infosystems)
NTI Backup Now Standard (Version: 5.1.2.606 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.2.6329 - NewTech Infosystems)
NTI Media Maker 8 (Version: 8.0.2.6329 - NewTech Infosystems) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - NVIDIA Corporation)
PC Connectivity Solution (HKLM\...\{55EB7967-5BB1-4EA2-8AFF-B2F9E487E553}) (Version: 11.5.13.0 - Nokia)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.0.2 - pdfforge)
pdfforge Toolbar v6.6 (HKLM\...\{65739FA2-0444-4AB2-B598-872406539EBD}) (Version: 6.6 - Spigot, Inc.) <==== ATTENTION
Photo Collage Creator 3.97 (HKLM\...\Photo Collage Creator_is1) (Version:  - AMS Software)
Photo Transport (HKLM\...\{63CFD835-FF50-4F8B-91CD-5662A8C640F8}) (Version: 1.0.1 - CASIO COMPUTER CO., LTD.)
PhotoNow! (HKLM\...\{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.5203 - CyberLink Corp.)
Putt Mania (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112028410}) (Version:  - Oberon Media)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5730 - Realtek Semiconductor Corp.)
RICOH SP C231SF/C232SF (HKLM\...\RICOH SP C231SF/C232SF) (Version: 1.41.0.0 - )
Scan (Version: 140.0.80.000 - Hewlett-Packard) Hidden
Securita Scout (HKLM\...\Securita Scout) (Version:  - ) <==== ATTENTION
Sibelius Scorch (ActiveX Only) (HKLM\...\{868291A4-229E-4795-B0B0-E60E87AF53CD}) (Version: 6.2.0 - Sibelius Software)
SilverFast AFL 6.6.2r2 (HKLM\...\SilverFast AFL) (Version:  - LaserSoft Imaging AG)
Skype™ 7.1 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Status (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Steuer-Spar-Erklärung 2009 (HKLM\...\{32E00E5E-22B1-4D5A-9DC2-CD75E087A5E6}) (Version: 14.01.0000 - Akademische Arbeitsgemeinschaft Verlag)
Steuer-Spar-Erklärung 2010 (HKLM\...\{D8E1DFEE-622B-46BA-AEFF-AB7E541C0B21}) (Version: 15.13 - Akademische Arbeitsgemeinschaft Verlag)
Steuer-Spar-Erklärung 2011 (HKLM\...\{9F5FD796-86F0-4360-85F8-D54C0F5411EB}) (Version: 16.17 - Akademische Arbeitsgemeinschaft Verlag)
Steuer-Spar-Erklärung 2012 (HKLM\...\{CCD2BAD2-0919-40CB-80CC-E9538B0E4C2E}) (Version: 17.14 - Wolters Kluwer Deutschland GmbH)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 12.0.4.0 - Synaptics)
The Rise of Atlantis (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112548397}) (Version:  - Oberon Media)
Tiks Texas Hold em (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110422467}) (Version:  - Oberon Media)
T-Online 6.0 (HKLM\...\{B1275E23-717A-4D52-997A-1AD1E24BC7F3}) (Version:  - )
T-Online WLAN-Access Finder (HKLM\...\{295C31E5-3F91-498E-9623-DA24D2FA2B6A}) (Version:  - )
Toolbox (Version: 82.0.173.000 - Hewlett-Packard) Hidden
TrayApp (Version: 130.0.376.000 - Hewlett-Packard) Hidden
uMedia uTV (HKLM\...\{5313CFF7-E762-4752-BEC0-1E2CB2C685E4}) (Version: 1.00.000 - uMedia)
UnloadSupport (Version: 1.00.0000 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
VDownloader 3.2.807 (HKLM\...\{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1) (Version:  - Vitzo Limited)
Videograbber 2010 (HKLM\...\{177ADA1F-6D3B-404A-99DA-D7E0E2A36621}_is1) (Version:  - Hoppelsoft)
VLC media player 1.0.1 (HKLM\...\VLC media player) (Version: 1.0.1 - VideoLAN Team)
WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live ID-Anmelde-Assistent (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Mobile-Gerätecenter (HKLM\...\{904CCF62-818D-4675-BC76-D37EB399F917}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Mobile-Gerätecenter: Treiberupdate (HKLM\...\{E7044E25-3038-4A76-9064-344AC038043E}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows-Treiberpaket - Nokia Modem  (06/09/2010 7.01.0.8) (HKLM\...\E5372C32E8562C76C24DBA6525002B1031495F34) (Version: 06/09/2010 7.01.0.8 - Nokia)
Windows-Treiberpaket - Nokia Modem  (10/07/2010 4.6) (HKLM\...\6DA48AFDE796708D5A4C9121A83E7617A63A9A15) (Version: 10/07/2010 4.6 - Nokia)
Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (HKLM\...\504244733D18C8F63FF584AEB290E3904E791693) (Version: 08/22/2008 7.0.0.0 - Nokia)
WinPcap 4.1.1 (HKLM\...\WinPcapInst) (Version: 4.1.0.1753 - CACE Technologies)
WinRAR (HKLM\...\WinRAR archiver) (Version:  - )
Womens Murder Club (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114086870}) (Version:  - Oberon Media)
XMedia Recode Version 3.1.2.8 (HKLM\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.1.2.8 - XMedia Recode)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3827918516-2867637020-576463877-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Matthias\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3827918516-2867637020-576463877-1000_Classes\CLSID\{3A999A50-AB25-4A20-90A9-08F71FCE320F}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\W32X86\3\HPCDMC32.DLL (HP)
CustomCLSID: HKU\S-1-5-21-3827918516-2867637020-576463877-1000_Classes\CLSID\{98087D89-B93F-4BCF-A998-AE4D9F607C14}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\W32X86\3\HPCDMC32.DLL (HP)
CustomCLSID: HKU\S-1-5-21-3827918516-2867637020-576463877-1000_Classes\CLSID\{B286F068-5B17-4AE8-989B-8F9A199C47BA}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\W32X86\3\HPCDMC32.DLL (HP)
CustomCLSID: HKU\S-1-5-21-3827918516-2867637020-576463877-1000_Classes\CLSID\{DCA74850-096D-40CD-BB81-17034E51ACB6}\localserver32 -> C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-3827918516-2867637020-576463877-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matthias\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3827918516-2867637020-576463877-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matthias\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3827918516-2867637020-576463877-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matthias\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3827918516-2867637020-576463877-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matthias\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3827918516-2867637020-576463877-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matthias\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3827918516-2867637020-576463877-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matthias\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3827918516-2867637020-576463877-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matthias\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3827918516-2867637020-576463877-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matthias\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

24-02-2015 16:04:02 Geplanter Prüfpunkt
25-02-2015 23:28:28 TuneUp Utilities 2014 wird installiert
26-02-2015 15:28:38 Removed PDF Architect
26-02-2015 15:36:55 Removed Skype Click to Call
26-02-2015 19:12:58 TuneUp Utilities 2014 wird entfernt
26-02-2015 19:14:31 TuneUp Utilities 2014 (de-DE) wird entfernt
27-02-2015 14:52:38 Installed Acer System Information
27-02-2015 14:53:51 Removed Acer System Information
27-02-2015 23:39:26 Wiederherstellungsvorgang
28-02-2015 11:03:37 Gerätetreiber-Paketinstallation: Synaptics Mäuse und andere Zeigegeräte
28-02-2015 11:23:47 Removed Search App by Ask
28-02-2015 11:25:41 Removed Skype Click to Call
28-02-2015 11:58:32 Removed Java 8 Update 31
01-03-2015 00:59:39 Geplanter Prüfpunkt
01-03-2015 22:16:24 Geplanter Prüfpunkt
02-03-2015 14:22:15 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {015154CD-0AF2-456C-BE11-106FD5E9FD17} - System32\Tasks\Core Temp Autostart Matthias => C:\Users\Matthias\Desktop\Core Temp.exe [2013-10-08] ()
Task: {1D425330-1E5C-4A42-AC62-77D793A8CC54} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files\Norton Identity Safe\Engine\2014.7.8.23\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {295DEB1E-DABC-4A1B-9B8E-96556AF138E9} - System32\Tasks\{46DFFA81-613B-4A7B-BB88-51B3FE5B6CF9} => C:\Program Files\Skype\Phone\Skype.exe [2015-01-23] (Skype Technologies S.A.)
Task: {3522109C-F98F-432C-9993-C0A8EB5F455B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-01-24] (Google Inc.)
Task: {38FE3345-1455-444D-AC5E-E484C119B0E6} - System32\Tasks\{EB5229B8-2D7B-4F8D-987A-7BBE85936BE7} => pcalua.exe -a "C:\Program Files\Acer GameZone\Magic Farm\Uninstall.exe" -c "C:\Program Files\Acer GameZone\Magic Farm\install.log"
Task: {4360545A-70E6-45F7-8AAB-409029B7B72E} - System32\Tasks\AdobeAAMUpdater-1.0-Matthias-PC-Matthias => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {54E3397C-AAF7-4BCE-A6F9-5E40511A6CC4} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Matthias => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)
Task: {6B95EDEE-82E4-4FBA-B53C-F8F5EDFC6512} - System32\Tasks\{70F9738E-9D13-4AD6-B33D-E54328A86B02} => pcalua.exe -a E:\data\Microsoft\msizap.exe -d E:\data -c TW!{0D410F4D-9009-43F8-9DF1-BDADCE7FC43F}
Task: {6C8356E2-90E9-4806-90A2-AB9FED0FD6E1} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated)
Task: {7AC43135-4DCC-4D1E-870E-CA17EA37EC5F} - System32\Tasks\{45394F0A-F8E4-4F82-ADD6-803ACD891632} => pcalua.exe -a C:\Users\Matthias\Downloads\setupDE.exe -d C:\Users\Matthias\Downloads
Task: {7DEA4724-6899-4593-A87F-52664711B83B} - System32\Tasks\{1E620B6F-BF35-4344-BDCB-19FEABBCCB49} => pcalua.exe -a "C:\Program Files\Acer GameZone\The Rise of Atlantis\Uninstall.exe" -c "C:\Program Files\Acer GameZone\The Rise of Atlantis\install.log"
Task: {7DEFDABE-E8A3-44A4-9D9C-FA398AC3C727} - System32\Tasks\{819168EB-639F-4082-9070-7161B3DABCE5} => pcalua.exe -a "C:\Program Files\Acer GameZone\Womens Murder Club\Uninstall.exe" -d "C:\Program Files\TuneUp Utilities 2012" -c "C:\Program Files\Acer GameZone\Womens Murder Club\install.log"
Task: {A21BF1F9-0BED-4C19-9C45-500A929533FB} - \BrowserDefendert No Task File <==== ATTENTION
Task: {A3D2A005-42AE-4212-91FC-A4D06C508C98} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security\Engine\22.1.0.9\WSCStub.exe [2014-12-10] (Symantec Corporation)
Task: {B3AF4D6D-8D4A-45C0-AE58-4455905F5311} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe
Task: {B74F99D7-02BC-4707-AC24-35586AF7F0D1} - System32\Tasks\Norton Security\Norton Error Analyzer => C:\Program Files\Norton Security\Engine\22.1.0.9\SymErr.exe [2014-12-03] (Symantec Corporation)
Task: {D0F912A1-7B02-4C58-8F15-3EF5E7BD5ED5} - System32\Tasks\Norton Security\Norton Error Processor => C:\Program Files\Norton Security\Engine\22.1.0.9\SymErr.exe [2014-12-03] (Symantec Corporation)
Task: {D185CE46-5FA3-42DC-925A-4E976B7B2569} - System32\Tasks\{95CA8384-C212-47FC-A03E-26B3DABF86AA} => pcalua.exe -a E:\Setup.exe -d E:\
Task: {D20C150F-BC6B-41FF-92E8-854FAC49D428} - System32\Tasks\{E37E2140-7FC7-4361-BA3C-F8C8F1C577AA} => pcalua.exe -a C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe -c /M{1C9171AC-5519-4DF4-B44D-B28F678DEB4C}
Task: {D391F8DF-C2F3-4254-9A39-7EC3E7A2996C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {E652FEF4-667E-4665-AC8B-7DE6B4C3D3FB} - System32\Tasks\{C6B00F22-09DB-4A3B-B734-777E38AF6BEC} => pcalua.exe -a C:\Windows\cadkasdeinst01.exe -c "C:\Program Files\Foto Sprechblase 1\"
Task: {E70EF7EE-5BD1-4245-AAA0-EF3007654504} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files\Norton Identity Safe\Engine\2014.7.8.23\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {FA5CCDC9-892C-430D-883F-2FFF4418EAE2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-01-24] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2008-10-16 18:24 - 2008-10-16 18:24 - 00038551 _____ () C:\Windows\System32\R8E6AM.DLL
2008-10-24 16:35 - 2008-10-24 16:35 - 00128296 _____ () C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
2007-06-24 19:09 - 2007-06-24 19:09 - 01024000 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\ACE.dll
2007-06-24 19:09 - 2007-06-24 19:09 - 00098304 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\ACEXML.dll
2007-06-24 19:09 - 2007-06-24 19:09 - 00061440 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\ACEXML_Parser.dll
2009-02-21 15:23 - 2008-10-04 04:09 - 00069632 _____ () C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
2008-04-25 21:36 - 2008-04-25 21:36 - 00131072 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
2015-02-08 17:35 - 2013-10-08 13:22 - 00794272 _____ () C:\Users\Matthias\Desktop\Core Temp.exe
2009-08-27 20:20 - 2009-08-16 16:06 - 00141312 _____ () C:\Program Files\WinRAR\rarext.dll
2015-01-26 21:48 - 2015-01-26 21:48 - 03925104 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2015-02-05 21:40 - 2015-02-05 21:40 - 16852144 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:05113FB9
AlternateDataStreams: C:\ProgramData\Temp:AB689DEA
AlternateDataStreams: C:\ProgramData\Temp:C99F6ECA
AlternateDataStreams: C:\ProgramData\Temp:F3176E45

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3827918516-2867637020-576463877-1000\Control Panel\Desktop\\Wallpaper -> d:\Bilder\WeihnachtsfriesTaizé.JPG
DNS Servers: Media is not connected to internet.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AAV UpdateService => 2
MSCONFIG\Services: BBSvc => 2
MSCONFIG\Services: BBUpdate => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: BthServ => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: MobilityService => 2
MSCONFIG\Services: PDF Architect Helper Service => 2
MSCONFIG\Services: PDF Architect Service => 2
MSCONFIG\Services: RichVideo => 2
MSCONFIG\Services: ServiceLayer => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: TabletInputService => 2
MSCONFIG\Services: TapiSrv => 3
MSCONFIG\Services: WPCSvc => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Matthias^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Matthias^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Orion.lnk => C:\Windows\pss\Orion.lnk.Startup
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: Amazon Music => "C:\Users\Matthias\AppData\Local\Amazon Music\Amazon Music Helper.exe"
MSCONFIG\startupreg: AnyDVD => C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
MSCONFIG\startupreg: ArcadeDeluxeAgent => "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
MSCONFIG\startupreg: BkupTray => "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
MSCONFIG\startupreg: CLMLServer => "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
MSCONFIG\startupreg: CloneCDTray => "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
MSCONFIG\startupreg: EgisTecLiveUpdate => "C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe"
MSCONFIG\startupreg: Google Desktop Search => "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
MSCONFIG\startupreg: HP Software Update => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: LManager => C:\PROGRA~1\LAUNCH~1\LManager.exe
MSCONFIG\startupreg: msnmsgr => "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: mwlDaemon => C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
MSCONFIG\startupreg: NokiaMServer => C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
MSCONFIG\startupreg: NokiaOviSuite2 => C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
MSCONFIG\startupreg: PC Suite Tray => "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
MSCONFIG\startupreg: PlayMovie => "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
MSCONFIG\startupreg: ProductReg => "C:\Program Files\Acer\WR_PopUp\ProductReg.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: T-Online_Software_6 => 
MSCONFIG\startupreg: ToADiMon.exe => C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe -TOnlineAutodialStart

==================== Accounts: =============================

Administrator (S-1-5-21-3827918516-2867637020-576463877-500 - Administrator - Disabled)
ASPNET (S-1-5-21-3827918516-2867637020-576463877-1002 - Limited - Enabled)
Gast (S-1-5-21-3827918516-2867637020-576463877-501 - Limited - Enabled) => C:\Users\Gast
Matthias (S-1-5-21-3827918516-2867637020-576463877-1000 - Administrator - Enabled) => C:\Users\Matthias

==================== Faulty Device Manager Devices =============

Name: isatap.{DE78060C-D5CF-4A97-84F8-F9B3C0F1C35E}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/03/2015 03:34:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/03/2015 01:08:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/03/2015 09:16:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung iexplore.exe, Version 9.0.8112.16609, Zeitstempel 0x54b5c951, fehlerhaftes Modul USP10.dll, Version 1.626.6002.19096, Zeitstempel 0x535bd85f, Ausnahmecode 0xc0000005, Fehleroffset 0x00009ff8,
Prozess-ID 0x342c, Anwendungsstartzeit iexplore.exe0.

Error: (03/03/2015 09:15:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung iexplore.exe, Version 9.0.8112.16609, Zeitstempel 0x54b5c951, fehlerhaftes Modul USP10.dll, Version 1.626.6002.19096, Zeitstempel 0x535bd85f, Ausnahmecode 0xc0000005, Fehleroffset 0x00009ff8,
Prozess-ID 0x2bc0, Anwendungsstartzeit iexplore.exe0.

Error: (03/03/2015 09:15:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung iexplore.exe, Version 9.0.8112.16609, Zeitstempel 0x54b5c951, fehlerhaftes Modul USP10.dll, Version 1.626.6002.19096, Zeitstempel 0x535bd85f, Ausnahmecode 0xc0000005, Fehleroffset 0x00009ff8,
Prozess-ID 0x2ab4, Anwendungsstartzeit iexplore.exe0.

Error: (03/03/2015 09:15:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung iexplore.exe, Version 9.0.8112.16609, Zeitstempel 0x54b5c951, fehlerhaftes Modul USP10.dll, Version 1.626.6002.19096, Zeitstempel 0x535bd85f, Ausnahmecode 0xc0000005, Fehleroffset 0x00009ff8,
Prozess-ID 0x670, Anwendungsstartzeit iexplore.exe0.

Error: (03/02/2015 01:26:32 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <D:\ARBEIT MATTHIAS\ARBEIT IN FRANKREICH\BUCHPROJEKT\ANSCHREIBEN GÜTERSLOHER VERLAGSHAUS.DOC> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (03/02/2015 01:26:32 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <D:\ARBEIT MATTHIAS\ARBEIT IN FRANKREICH\BUCHPROJEKT\ANSCHREIBEN GÜTERSLOHER VERLAGSHAUS.DOC> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (03/02/2015 11:26:33 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <D:\ARBEIT MATTHIAS\WEITERBILDUNG\POP\3-JAHRESGRUPPE\QUITTUNG 2014.DOC> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (03/02/2015 11:26:33 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <D:\ARBEIT MATTHIAS\WEITERBILDUNG\POP\3-JAHRESGRUPPE\QUITTUNG 2014.DOC> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)


System errors:
=============
Error: (03/03/2015 04:24:35 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: RAS-VerbindungsverwaltungTelefonie%%1058

Error: (03/03/2015 04:24:33 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: RAS-VerbindungsverwaltungTelefonie%%1058

Error: (03/03/2015 04:24:29 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: RAS-VerbindungsverwaltungTelefonie%%1058

Error: (03/03/2015 04:24:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: RAS-VerbindungsverwaltungTelefonie%%1058

Error: (03/03/2015 04:24:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: RAS-VerbindungsverwaltungTelefonie%%1058

Error: (03/03/2015 04:24:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: RAS-VerbindungsverwaltungTelefonie%%1058

Error: (03/03/2015 04:24:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: RAS-VerbindungsverwaltungTelefonie%%1058

Error: (03/03/2015 04:24:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: RAS-VerbindungsverwaltungTelefonie%%1058

Error: (03/03/2015 04:24:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: RAS-VerbindungsverwaltungTelefonie%%1058

Error: (03/03/2015 04:22:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: RAS-VerbindungsverwaltungTelefonie%%1058


Microsoft Office Sessions:
=========================
Error: (02/06/2015 00:18:34 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6712.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 214 seconds with 180 seconds of active time.  This session ended with a crash.

Error: (02/04/2015 05:40:14 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6712.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 7 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (02/04/2015 05:40:01 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6712.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 984 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (02/04/2015 05:37:26 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6712.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 829 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (02/04/2015 05:29:00 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6712.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 11 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (02/04/2015 05:28:38 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6712.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 300 seconds with 180 seconds of active time.  This session ended with a crash.

Error: (01/06/2015 01:26:26 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6712.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 6 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (01/06/2015 01:26:14 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6712.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (01/06/2015 01:25:55 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6712.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 23 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (01/06/2015 01:25:25 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6712.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1994 seconds with 60 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2015-03-03 16:23:35.948
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-03-03 16:23:34.759
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-03-03 16:23:33.512
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-03-03 16:23:32.306
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-03-03 16:23:12.142
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Norton Security\NortonData\22.1.0.9\Definitions\BASHDefs\20150224.001_4f9\BHDrvx86.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-03-03 16:23:10.941
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Norton Security\NortonData\22.1.0.9\Definitions\BASHDefs\20150224.001_4f9\BHDrvx86.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-03-03 16:23:09.729
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Norton Security\NortonData\22.1.0.9\Definitions\BASHDefs\20150224.001_4f9\BHDrvx86.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-03-03 16:23:08.502
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Norton Security\NortonData\22.1.0.9\Definitions\BASHDefs\20150224.001_4f9\BHDrvx86.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-12 18:14:02.996
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-12 18:14:01.858
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz
Percentage of memory in use: 61%
Total physical RAM: 2813.5 MB
Available physical RAM: 1095.63 MB
Total Pagefile: 5847.47 MB
Available Pagefile: 4121.07 MB
Total Virtual: 2047.88 MB
Available Virtual: 1897.72 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:144.04 GB) (Free:60.55 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:144.04 GB) (Free:85.14 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 579CD61E)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=144 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=144 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         


Alt 04.03.2015, 08:37   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Vista: Unbekannter Ordner in meinen persönlichen Dateien - Standard

Vista: Unbekannter Ordner in meinen persönlichen Dateien



Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    pdfforge Toolbar v6.6

    Securita Scout


  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 





Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

Und einen Screenshot von dem Ordner bitte. Ich glaube der kommt von Windows Update.
__________________
--> Vista: Unbekannter Ordner in meinen persönlichen Dateien

Alt 04.03.2015, 19:12   #7
pasteur
 
Vista: Unbekannter Ordner in meinen persönlichen Dateien - Standard

Vista: Unbekannter Ordner in meinen persönlichen Dateien



Hallo Schrauber, vielen Dank. Mit dem Revo-Unistaller konnte ich gleich auch den ganzen Spiele-Mist los werden, der bei ACER dabei war und sichnicht mehr deinstallieren liess, da irgend eine dafür notwendige Datei verloren gegangen ist.
Hier kommen die Logfile
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 04.03.2015
Suchlauf-Zeit: 13:24:52
Logdatei: Malwarebytes Anti-Malware 04-03-15.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.03.04.04
Rootkit Datenbank: v2015.02.25.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows Vista Service Pack 2
CPU: x86
Dateisystem: NTFS
Benutzer: Matthias

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 387703
Verstrichene Zeit: 25 Min, 25 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 0
(Keine schädliche Elemente erkannt)

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
         
Code:
ATTFilter
# AdwCleaner v4.111 - Bericht erstellt 04/03/2015 um 13:56:25
# Aktualisiert 18/02/2015 von Xplode
# Datenbank : 2015-03-02.3 [Server]
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (x86)
# Benutzername : Matthias - MATTHIAS-PC
# Gestarted von : C:\Users\Matthias\Desktop\adwcleaner_4.111.exe
# Option : Suchlauf

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Geplante Tasks ] *****

Task Gefunden : BrowserDefendert

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Daten Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>

***** [ Internetbrowser ] *****

-\\ Internet Explorer v9.0.8112.16609


-\\ Mozilla Firefox v35.0.1 (x86 de)


-\\ Google Chrome v40.0.2214.115

*************************

AdwCleaner[R0].txt - [15586 Bytes] - [28/02/2015 00:04:49]
AdwCleaner[R1].txt - [2400 Bytes] - [28/02/2015 11:10:42]
AdwCleaner[R2].txt - [2459 Bytes] - [28/02/2015 11:21:51]
AdwCleaner[R3].txt - [785 Bytes] - [03/03/2015 15:19:20]
AdwCleaner[R4].txt - [1088 Bytes] - [04/03/2015 13:56:25]
AdwCleaner[S0].txt - [15897 Bytes] - [28/02/2015 00:15:27]
AdwCleaner[S1].txt - [2082 Bytes] - [28/02/2015 11:27:17]

########## EOF - C:\AdwCleaner\AdwCleaner[R4].txt - [1266 Bytes] ##########
         
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.3 (03.01.2015:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Matthias on 04.03.2015 at 18:34:55,77
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] "C:\Windows\wininit.ini"



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Matthias\AppData\Roaming\mozilla\firefox\profiles\wo64522p.default\minidumps [78 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04.03.2015 at 18:39:44,43
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-03-2015
Ran by Matthias (administrator) on MATTHIAS-PC on 04-03-2015 18:44:23
Running from C:\Users\Matthias\Desktop
Loaded Profiles: Matthias (Available profiles: Matthias & Gast)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
() C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
() C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Symantec Corporation) C:\Program Files\Norton Identity Safe\Engine\2014.7.8.23\NST.exe
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.1.0.9\NS.exe
(NewTech InfoSystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
() C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Symantec Corporation) C:\Program Files\Norton Identity Safe\Engine\2014.7.8.23\NST.exe
() C:\Users\Matthias\Desktop\Core Temp.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Deutsche Telekom AG, Marmiko IT-Solutions GmbH) C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Akamai Technologies, Inc.) C:\Users\Matthias\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Akamai Technologies, Inc.) C:\Users\Matthias\AppData\Local\Akamai\netsession_win.exe
(Realtek Semiconductor Corp.) C:\Users\Matthias\AppData\Local\Temp\RtkBtMnt.exe
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.1.0.9\NS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Mail\wlmail.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Contacts\wlcomm.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [6609440 2008-10-31] (Realtek Semiconductor)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [690720 2008-12-18] (Acer Incorporated)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1398056 2008-11-20] (Synaptics, Inc.)
HKLM\...\Run: [BrStsWnd] => C:\Program Files\Brownie\BrstsWnd.exe [880640 2008-09-18] (brother)
HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2008-10-31] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [ToADiMon.exe] => C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe [286720 2010-04-08] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKU\S-1-5-21-3827918516-2867637020-576463877-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-3827918516-2867637020-576463877-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Matthias\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3827918516-2867637020-576463877-1000\...\Run: [] => [X]
HKU\S-1-5-21-3827918516-2867637020-576463877-1000\...\MountPoints2: {19076bdf-bd55-11de-a648-00235a5338e1} - F:\Menu.exe
HKU\S-1-5-21-3827918516-2867637020-576463877-1000\...\MountPoints2: {d60af5b2-a679-11df-9129-00235a5338e1} - awb3ryk.exe
HKU\S-1-5-21-3827918516-2867637020-576463877-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> 
Startup: C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\E-Mail - Verknüpfung.lnk
ShortcutTarget: E-Mail - Verknüpfung.lnk ->  (No File)
Startup: C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Calendar.lnk
ShortcutTarget: Windows Calendar.lnk -> C:\Program Files\Windows Calendar\WinCal.exe (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0209&m=aspire_5737z
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0209&m=aspire_5737z
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NS&pvid=22.1.0.9
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NS&pvid=22.1.0.9
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NS&pvid=22.1.0.9
HKU\S-1-5-21-3827918516-2867637020-576463877-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.benefind.de/
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3827918516-2867637020-576463877-1000 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE326
SearchScopes: HKU\S-1-5-21-3827918516-2867637020-576463877-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE326
SearchScopes: HKU\S-1-5-21-3827918516-2867637020-576463877-1000 -> {7AE64BE7-E40D-4E58-A1D9-F8DC7719A1DC} URL = hxxp://www.benefind.de/result.html?q={searchTerms}
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine\22.1.0.9\coIEPlg.dll (Symantec Corporation)
BHO: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.1.0.9\coIEPlg.dll (Symantec Corporation)
Toolbar: HKU\S-1-5-21-3827918516-2867637020-576463877-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-3827918516-2867637020-576463877-1000 -> No Name - {CFCB809C-3A22-4616-A916-6C007BD9D920} -  No File
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {C3E3BB4F-269C-41A3-9F5F-A360E933CAD3} https://as.photoprintit.com/ips-opdata/activex/ImageUploader6.cab
DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} https://asp.photoprintit.de/microsite/11093/defaults/activex/ips/IPSUploader4.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 212.27.40.240 212.27.40.241

FireFox:
========
FF ProfilePath: C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\wo64522p.default
FF Homepage: hxxp://www.benefind.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np_gp.dll (NOS Microsystems Ltd.)
FF SearchPlugin: C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\wo64522p.default\searchplugins\benefind.xml
FF Extension: Securita Scout - C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\wo64522p.default\Extensions\plug@securitascout.com [2014-07-13]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\wo64522p.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-05-20]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2015-01-26]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-05-06]
FF HKLM\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
FF HKLM\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.8.23\coFFPlgn
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.1.0.9\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.1.0.9\coFFPlgn [2015-03-04]
FF HKLM\...\Thunderbird\Extensions: [te_7.0@nokia.com] - C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_7.0
FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_7.0 [2011-12-04]

Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.benefind.de/"
CHR DefaultSearchKeyword: Default -> benefind.de
CHR DefaultSearchURL: Default -> hxxp://www.benefind.de/result.html?q={searchTerms}
CHR DefaultSuggestURL: Default -> 
CHR Profile: C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-24]
CHR Extension: (Google Docs) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-09]
CHR Extension: (Google Drive) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-11-09]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-24]
CHR Extension: (YouTube) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-09]
CHR Extension: (Google Search) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-09]
CHR Extension: (Google Sheets) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-24]
CHR Extension: (Norton Identity Safe) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-01-24]
CHR Extension: (Google Wallet) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-24]
CHR Extension: (Gmail) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-09]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.1.0.9\Exts\Chrome.crx [2015-01-08]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] -  [Not Found]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AAV UpdateService; C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 AdobeActiveFileMonitor8.0; C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [169312 2009-09-18] (Adobe Systems Incorporated)
R2 BUNAgentSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [16384 2008-03-03] (NewTech Infosystems, Inc.) [File not signed]
R2 CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [69632 2008-10-04] () [File not signed]
R2 ePowerSvc; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [653856 2008-12-18] (Acer Incorporated)
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed]
S4 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-12-06] () [File not signed]
R2 NCO; C:\Program Files\Norton Identity Safe\Engine\2014.7.8.23\NST.exe [130104 2014-09-20] (Symantec Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [43520 2006-05-11] (Hewlett-Packard) [File not signed]
R2 NS; C:\Program Files\Norton Security\Engine\22.1.0.9\NS.exe [282528 2014-12-10] (Symantec Corporation)
R2 NTIBackupSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [45056 2008-04-25] (NewTech InfoSystems, Inc.) [File not signed]
R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-25] () [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [52736 2006-05-11] (Hewlett-Packard) [File not signed]
S4 RichVideo; C:\Program Files\Cyberlink\Shared files\RichVideo.exe [272024 2007-01-09] ()
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AF15BDA; C:\Windows\System32\DRIVERS\AF15BDA.sys [483200 2010-08-21] (ITETech                  )
R1 BHDrvx86; C:\Program Files\Norton Security\NortonData\22.1.0.9\Definitions\BASHDefs\20150224.001_4f9\BHDrvx86.sys [1164504 2015-02-24] (Symantec Corporation)
R1 ccSet_NS; C:\Windows\system32\drivers\NS\1601000.009\ccSetx86.sys [128728 2014-09-09] (Symantec Corporation)
R1 ccSet_NST; C:\Windows\system32\drivers\NST\7DE07080.017\ccSetx86.sys [127064 2013-09-27] (Symantec Corporation)
R1 DritekPortIO; C:\Program Files\Launch Manager\DPortIO.sys [20112 2006-11-02] (Dritek System Inc.)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [378672 2014-11-25] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [111408 2014-11-25] (Symantec Corporation)
R1 IDSVix86; C:\Program Files\Norton Security\NortonData\22.1.0.9\Definitions\IPSDefs\20150303.001\IDSvix86.sys [503512 2015-02-26] (Symantec Corporation)
S3 MTOnlPktAlyX; C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyX.SYS [19200 2010-08-27] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [File not signed]
R3 NAVENG; C:\Program Files\Norton Security\NortonData\22.1.0.9\Definitions\VirusDefs\20150303.034\NAVENG.SYS [95704 2015-02-27] (Symantec Corporation)
R3 NAVEX15; C:\Program Files\Norton Security\NortonData\22.1.0.9\Definitions\VirusDefs\20150303.034\NAVEX15.SYS [1636696 2015-02-27] (Symantec Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [50704 2010-01-27] (CACE Technologies, Inc.)
R3 SRTSP; C:\Windows\system32\drivers\NS\1601000.009\SRTSP.SYS [699608 2014-12-02] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NS\1601000.009\SRTSPX.SYS [36056 2014-12-02] (Symantec Corporation)
S3 StarOpen; C:\Windows\system32\Drivers\StarOpen.sys [7168 2009-09-28] () [File not signed]
R0 SymDS; C:\Windows\System32\drivers\NS\1601000.009\SYMDS.SYS [364760 2014-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NS\1601000.009\SYMEFA.SYS [939224 2014-09-09] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [94424 2015-01-08] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NS\1601000.009\Ironx86.SYS [212696 2014-09-09] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\system32\drivers\NS\1601000.009\SYMTDIV.SYS [358104 2014-09-09] (Symantec Corporation)
R3 usbscan; C:\Windows\System32\DRIVERS\usbscan.sys [12400 1999-10-13] (Microsoft Corporation) [File not signed]
R3 ALSysIO; \??\C:\Users\Matthias\AppData\Local\Temp\ALSysIO.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 taphss6; system32\DRIVERS\taphss6.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-04 18:39 - 2015-03-04 18:39 - 00000829 _____ () C:\Users\Matthias\Desktop\JRT.txt
2015-03-04 13:52 - 2015-03-04 13:52 - 00001240 _____ () C:\Users\Matthias\Desktop\mbam 04-03-15.txt
2015-03-04 12:46 - 2015-03-04 13:22 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-04 12:45 - 2015-03-04 12:45 - 00000903 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-03-04 12:45 - 2015-03-04 12:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-03-04 12:45 - 2015-03-04 12:45 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2015-03-04 12:45 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-04 12:45 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-04 12:45 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-04 12:44 - 2015-03-04 12:44 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Matthias\Desktop\mbam-setup-2.0.4.1028.exe
2015-03-04 11:51 - 2015-03-04 12:41 - 00001061 _____ () C:\Users\Matthias\Desktop\Revo Uninstaller.lnk
2015-03-04 11:51 - 2015-03-04 11:51 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-03-04 11:39 - 2015-03-04 11:39 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Matthias\Desktop\revosetup95.exe
2015-03-03 17:00 - 2015-03-03 17:00 - 00047220 _____ () C:\Users\Matthias\Desktop\Addition.txt
2015-03-03 16:21 - 2015-03-04 18:44 - 00022156 _____ () C:\Users\Matthias\Desktop\FRST.txt
2015-03-03 16:21 - 2015-03-04 18:44 - 00000000 ____D () C:\FRST
2015-03-03 16:15 - 2015-03-03 16:15 - 01132032 _____ (Farbar) C:\Users\Matthias\Desktop\frst.exe
2015-02-28 11:18 - 2015-02-28 11:18 - 00002400 _____ () C:\AdwCleaner[R1].txt
2015-02-28 11:03 - 2008-11-20 17:39 - 00204464 _____ (Synaptics, Inc.) C:\Windows\system32\Drivers\SynTP.sys
2015-02-28 11:03 - 2008-11-20 17:38 - 00206120 _____ (Synaptics, Inc.) C:\Windows\system32\SynCtrl.dll
2015-02-28 11:03 - 2008-11-20 17:38 - 00161064 _____ (Synaptics, Inc.) C:\Windows\system32\SynTPAPI.dll
2015-02-28 11:03 - 2008-11-20 17:38 - 00120104 _____ (Synaptics, Inc.) C:\Windows\system32\SynTPCo4.dll
2015-02-28 10:47 - 2015-02-28 10:45 - 00176552 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2015-02-28 10:47 - 2015-02-28 10:45 - 00176552 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2015-02-28 00:04 - 2015-03-04 13:59 - 00000000 ____D () C:\AdwCleaner
2015-02-28 00:02 - 2015-02-28 00:03 - 02126848 _____ () C:\Users\Matthias\Desktop\adwcleaner_4.111.exe
2015-02-26 19:57 - 2015-02-26 19:57 - 00000053 _____ () C:\Windows\SynInst.log
2015-02-25 23:31 - 2015-02-25 23:31 - 00000000 ____D () C:\Users\Matthias\AppData\Local\TuneUp Software
2015-02-25 23:27 - 2015-02-26 10:59 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2015-02-25 20:56 - 2015-02-25 20:56 - 00000000 ____D () C:\Users\Matthias\AppData\Local\PDFCreator
2015-02-25 10:00 - 2015-02-25 10:00 - 00000000 ____D () C:\Program Files\Common Files\Java(1)
2015-02-23 12:53 - 2015-02-27 23:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2015-02-23 12:53 - 2015-02-23 12:53 - 00000832 _____ () C:\Users\Public\Desktop\PDFCreator.lnk
2015-02-13 17:59 - 2015-01-23 04:00 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-13 17:59 - 2015-01-23 03:51 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-12 10:39 - 2014-11-26 03:05 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-12 10:38 - 2015-01-13 02:39 - 00974848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-12 10:38 - 2015-01-09 01:20 - 02063360 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-12 10:34 - 2015-01-15 05:13 - 00440760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-12 10:34 - 2014-12-08 02:59 - 00306176 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 17:18 - 2015-01-14 02:51 - 12371456 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 17:18 - 2015-01-14 02:49 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-02-11 17:18 - 2015-01-14 02:46 - 09742336 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 17:18 - 2015-01-14 02:43 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 17:18 - 2015-01-14 02:42 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 17:18 - 2015-01-14 02:42 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 17:18 - 2015-01-14 02:41 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 17:18 - 2015-01-14 02:41 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 17:18 - 2015-01-14 02:41 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 17:18 - 2015-01-14 02:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-02-11 17:18 - 2015-01-14 02:41 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 17:18 - 2015-01-14 02:41 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 17:18 - 2015-01-14 02:40 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 17:18 - 2015-01-14 02:40 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 17:18 - 2015-01-14 02:40 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 17:18 - 2015-01-14 02:40 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 17:18 - 2015-01-14 02:40 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 17:18 - 2015-01-14 02:40 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-02-11 17:18 - 2015-01-14 02:40 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-02-11 17:18 - 2015-01-14 02:40 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-02-08 17:35 - 2015-03-04 18:42 - 00001340 _____ () C:\Users\Matthias\Desktop\CoreTemp.ini
2015-02-08 17:35 - 2013-10-08 13:22 - 00794272 _____ () C:\Users\Matthias\Desktop\Core Temp.exe
2015-02-08 17:28 - 2015-02-08 17:28 - 00734473 _____ () C:\Users\Matthias\Desktop\CoreTemp_106.zip

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-04 18:40 - 2013-10-15 11:05 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-04 18:36 - 2009-09-13 17:35 - 00000246 _____ () C:\Windows\Brownie.ini
2015-03-04 18:23 - 2009-02-21 15:19 - 01723957 _____ () C:\Windows\WindowsUpdate.log
2015-03-04 18:14 - 2015-01-24 00:03 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-04 17:16 - 2006-11-02 13:47 - 00003344 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-04 17:16 - 2006-11-02 13:47 - 00003344 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-04 13:17 - 2015-01-24 00:03 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-04 13:16 - 2009-05-06 20:12 - 00207414 _____ () C:\ProgramData\nvModes.001
2015-03-04 13:16 - 2009-01-16 19:58 - 00000147 _____ () C:\Windows\system32\agent.log
2015-03-04 13:16 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-04 13:00 - 2008-01-21 03:47 - 02827708 _____ () C:\Windows\PFRO.log
2015-03-04 12:17 - 2010-10-08 11:11 - 00000000 ____D () C:\Program Files\SlySoft
2015-03-04 11:19 - 2009-02-21 15:28 - 00207414 _____ () C:\ProgramData\nvModes.dat
2015-03-04 10:33 - 2009-08-27 21:36 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\Skype
2015-03-03 16:19 - 2009-05-06 20:12 - 00000000 ____D () C:\Users\Matthias
2015-03-03 14:32 - 2014-01-29 18:53 - 00000000 ____D () C:\Users\Matthias\.gimp-2.8
2015-03-03 14:27 - 2009-08-02 17:39 - 00002631 _____ () C:\Users\Matthias\Desktop\Microsoft Office Word 2007.lnk
2015-03-03 13:22 - 2009-09-13 17:36 - 00000034 _____ () C:\Windows\system32\BD2150N.DAT
2015-03-02 13:42 - 2015-01-26 21:48 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-03-01 23:30 - 2006-11-02 14:01 - 00032578 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-01 23:29 - 2009-08-30 20:52 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\vlc
2015-03-01 19:29 - 2008-01-21 08:16 - 01674410 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-28 11:59 - 2011-03-24 21:08 - 00000000 ____D () C:\Program Files\Java
2015-02-28 11:05 - 2009-02-21 15:19 - 00063094 _____ () C:\Windows\DPINST.LOG
2015-02-28 11:05 - 2006-11-02 13:52 - 00262190 _____ () C:\Windows\setupact.log
2015-02-28 10:48 - 2013-09-23 21:51 - 00000000 ____D () C:\ProgramData\Oracle
2015-02-28 10:45 - 2014-11-04 21:26 - 00272296 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2015-02-27 23:48 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\Msdtc
2015-02-27 23:48 - 2006-11-02 11:22 - 59244544 _____ () C:\Windows\system32\config\software_previous
2015-02-27 23:48 - 2006-11-02 11:22 - 46661632 _____ () C:\Windows\system32\config\components_previous
2015-02-27 23:48 - 2006-11-02 11:22 - 35651584 _____ () C:\Windows\system32\config\system_previous
2015-02-27 23:48 - 2006-11-02 11:22 - 00524288 _____ () C:\Windows\system32\config\default_previous
2015-02-27 23:48 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\security_previous
2015-02-27 23:48 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\sam_previous
2015-02-27 23:47 - 2013-02-26 11:56 - 00000000 __SHD () C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2015-02-27 23:47 - 2011-11-10 21:54 - 00000000 ____D () C:\Users\Matthias\AppData\Local\Akamai
2015-02-27 23:47 - 2009-08-30 20:52 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\dvdcss
2015-02-27 23:47 - 2009-08-22 11:12 - 00000000 ____D () C:\Users\Gast
2015-02-27 23:47 - 2009-07-11 13:08 - 00000000 ____D () C:\Users\Matthias\AppData\Local\Microsoft Help
2015-02-27 23:47 - 2006-11-02 12:18 - 00000000 ___RD () C:\Users\Public
2015-02-27 23:47 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\spool
2015-02-27 23:46 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\registration
2015-02-27 14:54 - 2009-01-16 19:03 - 00000000 ____D () C:\Program Files\Acer
2015-02-26 10:59 - 2011-10-27 21:20 - 00000000 ____D () C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2015-02-26 10:59 - 2011-04-07 22:52 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\HpUpdate
2015-02-26 10:37 - 2013-02-26 12:29 - 00000000 ____D () C:\ProgramData\TuneUp Software
2015-02-25 23:31 - 2013-02-26 12:30 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\TuneUp Software
2015-02-24 23:26 - 2010-09-05 19:34 - 00000000 ____D () C:\Users\Matthias\AppData\Local\CrashDumps
2015-02-24 12:43 - 2009-08-27 21:27 - 00000000 ___RD () C:\Program Files\Skype
2015-02-24 12:43 - 2009-08-27 21:27 - 00000000 ____D () C:\ProgramData\Skype
2015-02-23 12:53 - 2012-01-21 13:37 - 00000000 ____D () C:\Program Files\PDFCreator
2015-02-20 21:10 - 2015-01-24 00:04 - 00001967 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-14 18:16 - 2009-06-14 19:56 - 00049664 _____ () C:\Users\Matthias\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-12 21:15 - 2010-08-01 18:01 - 00007592 _____ () C:\Users\Matthias\AppData\Local\d3d9caps.dat
2015-02-12 21:12 - 2006-11-02 13:47 - 03684304 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-12 16:50 - 2013-07-16 02:06 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-12 10:40 - 2006-11-02 11:24 - 113756392 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-02-12 10:38 - 2009-01-16 18:45 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-06 00:14 - 2010-07-23 07:11 - 00002633 _____ () C:\Users\Matthias\Desktop\Microsoft Office Excel 2007.lnk
2015-02-05 21:40 - 2012-03-31 08:57 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-05 21:40 - 2011-08-01 09:29 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-02-04 17:21 - 2014-11-27 22:59 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service

==================== Files in the root of some directories =======

2009-06-09 08:40 - 2009-06-09 08:38 - 0005250 _____ () C:\Program Files\0x0407.ini
2009-06-09 08:40 - 2009-06-09 08:38 - 14042624 _____ () C:\Program Files\Turbo Lister 2.msi
2011-03-25 21:15 - 2010-10-16 11:50 - 3056008 _____ (Ask) C:\Program Files\Common Files\AskToolbarInstaller.exe
2010-12-14 13:00 - 2012-03-28 09:14 - 1456640 _____ () C:\Program Files\Common Files\Falk Navi-Manager.msi
2011-03-25 21:15 - 2010-01-26 10:11 - 0444283 _____ () C:\Program Files\Common Files\WinPcapNmap.exe
2009-08-13 23:39 - 2009-08-13 23:39 - 0000319 _____ () C:\Users\Matthias\AppData\Roaming\mdb.bin
2010-08-01 18:01 - 2015-02-12 21:15 - 0007592 _____ () C:\Users\Matthias\AppData\Local\d3d9caps.dat
2009-06-14 19:56 - 2015-02-14 18:16 - 0049664 _____ () C:\Users\Matthias\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-08-13 20:38 - 2009-08-13 20:38 - 0000096 _____ () C:\Users\Matthias\AppData\Local\fusioncache.dat
2013-02-09 21:29 - 2013-02-09 21:34 - 0005086 _____ () C:\Users\Matthias\AppData\Local\MyWinLockerInstaller.txt-20130209.log
2014-08-10 19:41 - 2014-08-10 19:41 - 0001491 _____ () C:\Users\Matthias\AppData\Local\recently-used.xbel
2011-04-19 10:35 - 2011-04-21 08:42 - 0001940 _____ () C:\Users\Matthias\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
2010-10-08 10:32 - 2013-03-04 13:45 - 0000148 ___SH () C:\ProgramData\.zreglib
2011-03-25 21:15 - 2010-05-28 22:37 - 0015086 _____ () C:\ProgramData\Amazon.ico
2009-02-21 15:21 - 2009-02-21 15:23 - 0006112 _____ () C:\ProgramData\ArcadeDeluxe2.log
2011-03-25 21:15 - 2011-03-03 15:50 - 0009662 _____ () C:\ProgramData\BeRuby.ico
2009-08-27 21:43 - 2009-08-27 21:43 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2009-05-26 07:30 - 2012-04-15 22:27 - 0009789 _____ () C:\ProgramData\hpzinstall.log
2014-12-23 00:44 - 2014-12-23 00:48 - 0020531 ____H () C:\ProgramData\M33KI
2011-03-25 21:15 - 2010-07-20 12:53 - 0071926 _____ () C:\ProgramData\MercadoLivre.ico
2009-05-06 20:12 - 2015-03-04 13:16 - 0207414 _____ () C:\ProgramData\nvModes.001
2009-02-21 15:28 - 2015-03-04 11:19 - 0207414 _____ () C:\ProgramData\nvModes.dat
2011-03-25 21:15 - 2010-05-20 11:05 - 0025214 _____ () C:\ProgramData\QuickStores.ico

Some content of TEMP:
====================
C:\Users\Matthias\AppData\Local\Temp\RtkBtMnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-04 13:24

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

Wie kann ich den Screenshot hier einfügen?

Lieben Gruß
pasteur

Alt 05.03.2015, 07:13   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Vista: Unbekannter Ordner in meinen persönlichen Dateien - Standard

Vista: Unbekannter Ordner in meinen persönlichen Dateien




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 08.03.2015, 16:32   #9
pasteur
 
Vista: Unbekannter Ordner in meinen persönlichen Dateien - Standard

Vista: Unbekannter Ordner in meinen persönlichen Dateien



Hallo Schrauber, hat ein bisschen bei mir gedauert. Hier kommen die Logs
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=d67d4317fbe38c46bd845b0803068032
# engine=22803
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-03-08 03:04:57
# local_time=2015-03-08 04:04:57 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1=''
# compatibility_mode=5892 16776574 100 100 145449503 263316625 0 0
# scanned=294751
# found=8
# cleaned=0
# scan_time=11724
sh=95826B332BD1AC0543C2BA4DB637D082A994B1E5 ft=1 fh=f3159d8e366dd55a vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Matthias\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\DaemonProcess.exe.vir"
sh=749E0C6D85971204E397EAE65ED10A9A4AEF40AB ft=1 fh=ef830199de104882 vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Matthias\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.exe.vir"
sh=8E6A6992A3C7FEC4000FA1A4D764DD597109E0B5 ft=1 fh=c71c0011cd00713e vn="Win32/NextLive.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Matthias\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\nengine.dll.vir"
sh=93AD648467F47DC2708810D169F26F4A814778C5 ft=1 fh=e589ccabe231da4b vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Matthias\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\New_UpdateMoboGenie.exe.vir"
sh=2B71A57C96480FE13CB46A9F319794A0AF697642 ft=1 fh=296865a4b95bf4e8 vn="Variante von Win32/Toolbar.Babylon.W evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Matthias\AppData\Roaming\BabSolution\Shared\enhancedNT.dll.vir"
sh=76B997BE33132963D2D177908AB15DC0C69C7E89 ft=1 fh=b39dacf1316c7436 vn="Variante von Win32/Adware.Synatix.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Matthias\AppData\Roaming\Security System 2\data\upd.exe.vir"
sh=73098BBBA6CBC76BF206226FBDC659758EAC7F0B ft=1 fh=6c165ff8a046d46e vn="Win32/Adware.Synatix.B Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Matthias\AppData\Roaming\Security System 2\data\ie\ie.dll.vir"
sh=21E57DF72BF484727B155E8F0A15D0847EC7B940 ft=1 fh=f723b40fd3c95b67 vn="Variante von Win32/WinloadSDA.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Matthias\Desktop\Downloads\Hotspot-Shield-lnstall.exe"
         
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.97  
 Windows Vista Service Pack 2 x86 (UAC is enabled)  
 Internet Explorer 9  
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
Norton Security   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
  Java 64-bit 8 Update 31  
 Adobe Flash Player 	16.0.0.305  
 Adobe Reader 9 Adobe Reader out of Date! 
 Mozilla Firefox (36.0.1) 
 Google Chrome (40.0.2214.111) 
 Google Chrome (40.0.2214.115) 
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````
         

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-03-2015 02
Ran by Matthias (administrator) on MATTHIAS-PC on 08-03-2015 16:20:38
Running from C:\Users\Matthias\Desktop\Downloads
Loaded Profiles: Matthias (Available profiles: Matthias & Gast)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
() C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Symantec Corporation) C:\Program Files\Norton Identity Safe\Engine\2014.7.8.23\NST.exe
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.1.0.9\NS.exe
(NewTech InfoSystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
() C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.1.0.9\NS.exe
(Symantec Corporation) C:\Program Files\Norton Identity Safe\Engine\2014.7.8.23\NST.exe
() C:\Users\Matthias\Desktop\Core Temp.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(brother) C:\Program Files\Brownie\BrStsWnd.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Deutsche Telekom AG, Marmiko IT-Solutions GmbH) C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Akamai Technologies, Inc.) C:\Users\Matthias\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Mail\wlmail.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Contacts\wlcomm.exe
(Akamai Technologies, Inc.) C:\Users\Matthias\AppData\Local\Akamai\netsession_win.exe
(brother) C:\Program Files\Brownie\brpjp04a.exe
(Realtek Semiconductor Corp.) C:\Users\Matthias\AppData\Local\Temp\RtkBtMnt.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_16_0_0_305_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [6609440 2008-10-31] (Realtek Semiconductor)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [690720 2008-12-18] (Acer Incorporated)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1398056 2008-11-20] (Synaptics, Inc.)
HKLM\...\Run: [BrStsWnd] => C:\Program Files\Brownie\BrstsWnd.exe [880640 2008-09-18] (brother)
HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2008-10-31] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [ToADiMon.exe] => C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe [286720 2010-04-08] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKU\S-1-5-21-3827918516-2867637020-576463877-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-3827918516-2867637020-576463877-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Matthias\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3827918516-2867637020-576463877-1000\...\Run: [] => [X]
HKU\S-1-5-21-3827918516-2867637020-576463877-1000\...\MountPoints2: {19076bdf-bd55-11de-a648-00235a5338e1} - F:\Menu.exe
HKU\S-1-5-21-3827918516-2867637020-576463877-1000\...\MountPoints2: {d60af5b2-a679-11df-9129-00235a5338e1} - awb3ryk.exe
HKU\S-1-5-21-3827918516-2867637020-576463877-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> 
Startup: C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\E-Mail - Verknüpfung.lnk
ShortcutTarget: E-Mail - Verknüpfung.lnk ->  (No File)
Startup: C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Calendar.lnk
ShortcutTarget: Windows Calendar.lnk -> C:\Program Files\Windows Calendar\WinCal.exe (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0209&m=aspire_5737z
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0209&m=aspire_5737z
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NS&pvid=22.1.0.9
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NS&pvid=22.1.0.9
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NS&pvid=22.1.0.9
HKU\S-1-5-21-3827918516-2867637020-576463877-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.benefind.de/
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3827918516-2867637020-576463877-1000 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE326
SearchScopes: HKU\S-1-5-21-3827918516-2867637020-576463877-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE326
SearchScopes: HKU\S-1-5-21-3827918516-2867637020-576463877-1000 -> {7AE64BE7-E40D-4E58-A1D9-F8DC7719A1DC} URL = hxxp://www.benefind.de/result.html?q={searchTerms}
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine\22.1.0.9\coIEPlg.dll [2014-12-05] (Symantec Corporation)
BHO: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.1.0.9\coIEPlg.dll [2014-12-05] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-3827918516-2867637020-576463877-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-3827918516-2867637020-576463877-1000 -> No Name - {CFCB809C-3A22-4616-A916-6C007BD9D920} -  No File
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {C3E3BB4F-269C-41A3-9F5F-A360E933CAD3} https://as.photoprintit.com/ips-opdata/activex/ImageUploader6.cab
DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} https://asp.photoprintit.de/microsite/11093/defaults/activex/ips/IPSUploader4.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 212.27.40.240 212.27.40.241

FireFox:
========
FF ProfilePath: C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\wo64522p.default
FF Homepage: hxxp://www.benefind.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-16] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np_gp.dll [2009-08-07] (NOS Microsystems Ltd.)
FF SearchPlugin: C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\wo64522p.default\searchplugins\benefind.xml [2013-12-23]
FF Extension: Securita Scout - C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\wo64522p.default\Extensions\plug@securitascout.com [2014-07-13]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\wo64522p.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-05-20]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2015-03-06]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-05-06]
FF HKLM\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
FF HKLM\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.8.23\coFFPlgn
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.1.0.9\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.1.0.9\coFFPlgn [2015-03-08]
FF HKLM\...\Thunderbird\Extensions: [te_7.0@nokia.com] - C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_7.0
FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_7.0 [2011-12-04]

Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.benefind.de/"
CHR DefaultSearchKeyword: Default -> benefind.de
CHR DefaultSearchURL: Default -> hxxp://www.benefind.de/result.html?q={searchTerms}
CHR DefaultSuggestURL: Default -> 
CHR Profile: C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-24]
CHR Extension: (Google Docs) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-09]
CHR Extension: (Google Drive) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-11-09]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-24]
CHR Extension: (YouTube) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-09]
CHR Extension: (Google Search) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-09]
CHR Extension: (Google Sheets) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-24]
CHR Extension: (Norton Identity Safe) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-01-24]
CHR Extension: (Google Wallet) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-24]
CHR Extension: (Gmail) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-09]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.1.0.9\Exts\Chrome.crx [2015-01-08]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] -  [Not Found]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AAV UpdateService; C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 AdobeActiveFileMonitor8.0; C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [169312 2009-09-18] (Adobe Systems Incorporated)
R2 BUNAgentSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [16384 2008-03-03] (NewTech Infosystems, Inc.) [File not signed]
R2 CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [69632 2008-10-04] () [File not signed]
R2 ePowerSvc; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [653856 2008-12-18] (Acer Incorporated)
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed]
S4 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-12-06] () [File not signed]
R2 NCO; C:\Program Files\Norton Identity Safe\Engine\2014.7.8.23\NST.exe [130104 2014-09-20] (Symantec Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [43520 2006-05-11] (Hewlett-Packard) [File not signed]
R2 NS; C:\Program Files\Norton Security\Engine\22.1.0.9\NS.exe [282528 2014-12-10] (Symantec Corporation)
R2 NTIBackupSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [45056 2008-04-25] (NewTech InfoSystems, Inc.) [File not signed]
R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-25] () [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [52736 2006-05-11] (Hewlett-Packard) [File not signed]
S4 RichVideo; C:\Program Files\Cyberlink\Shared files\RichVideo.exe [272024 2007-01-09] ()
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AF15BDA; C:\Windows\System32\DRIVERS\AF15BDA.sys [483200 2010-08-21] (ITETech                  )
R1 BHDrvx86; C:\Program Files\Norton Security\NortonData\22.1.0.9\Definitions\BASHDefs\20150224.001_4f9\BHDrvx86.sys [1164504 2015-02-24] (Symantec Corporation)
R1 ccSet_NS; C:\Windows\system32\drivers\NS\1601000.009\ccSetx86.sys [128728 2014-09-09] (Symantec Corporation)
R1 ccSet_NST; C:\Windows\system32\drivers\NST\7DE07080.017\ccSetx86.sys [127064 2013-09-27] (Symantec Corporation)
R1 DritekPortIO; C:\Program Files\Launch Manager\DPortIO.sys [20112 2006-11-02] (Dritek System Inc.)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [378672 2014-11-25] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [111408 2014-11-25] (Symantec Corporation)
R1 IDSVix86; C:\Program Files\Norton Security\NortonData\22.1.0.9\Definitions\IPSDefs\20150306.001\IDSvix86.sys [503512 2015-02-26] (Symantec Corporation)
S3 MTOnlPktAlyX; C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyX.SYS [19200 2010-08-27] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [File not signed]
R3 NAVENG; C:\Program Files\Norton Security\NortonData\22.1.0.9\Definitions\VirusDefs\20150307.003\NAVENG.SYS [95704 2015-02-27] (Symantec Corporation)
R3 NAVEX15; C:\Program Files\Norton Security\NortonData\22.1.0.9\Definitions\VirusDefs\20150307.003\NAVEX15.SYS [1636696 2015-02-27] (Symantec Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [50704 2010-01-27] (CACE Technologies, Inc.)
R3 SRTSP; C:\Windows\system32\drivers\NS\1601000.009\SRTSP.SYS [699608 2014-12-02] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NS\1601000.009\SRTSPX.SYS [36056 2014-12-02] (Symantec Corporation)
S3 StarOpen; C:\Windows\system32\Drivers\StarOpen.sys [7168 2009-09-28] () [File not signed]
R0 SymDS; C:\Windows\System32\drivers\NS\1601000.009\SYMDS.SYS [364760 2014-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NS\1601000.009\SYMEFA.SYS [939224 2014-09-09] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [94424 2015-01-08] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NS\1601000.009\Ironx86.SYS [212696 2014-09-09] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\system32\drivers\NS\1601000.009\SYMTDIV.SYS [358104 2014-09-09] (Symantec Corporation)
S3 usbscan; C:\Windows\System32\DRIVERS\usbscan.sys [12400 1999-10-13] (Microsoft Corporation) [File not signed]
R3 ALSysIO; \??\C:\Users\Matthias\AppData\Local\Temp\ALSysIO.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 taphss6; system32\DRIVERS\taphss6.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-08 00:47 - 2015-03-08 00:47 - 00000000 ____D () C:\Program Files\ESET
2015-03-07 22:21 - 2015-03-07 22:21 - 00013875 _____ () C:\Users\Matthias\Desktop\Sicherungskopie von KV-Norton.wbk
2015-03-07 21:03 - 2015-03-07 21:03 - 00000910 _____ () C:\Users\Matthias\Desktop\checkup.txt
2015-03-07 00:10 - 2015-03-07 00:10 - 00026624 _____ () C:\Users\Matthias\Desktop\Sicherungskopie von Bitte oder frommer Wunsch.wbk
2015-03-06 18:16 - 2015-03-06 18:17 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-03-04 22:12 - 2015-03-04 22:12 - 00000764 _____ () C:\Users\Matthias\Desktop\TechPowerUp GPU-Z.lnk
2015-03-04 22:12 - 2015-03-04 22:12 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TechPowerUp GPU-Z
2015-03-04 22:12 - 2015-03-04 22:12 - 00000000 ____D () C:\Program Files\GPU-Z
2015-03-04 18:39 - 2015-03-04 18:39 - 00000829 _____ () C:\Users\Matthias\Desktop\JRT.txt
2015-03-04 13:52 - 2015-03-04 13:52 - 00001240 _____ () C:\Users\Matthias\Desktop\mbam 04-03-15.txt
2015-03-04 12:46 - 2015-03-04 13:22 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-04 12:45 - 2015-03-04 12:45 - 00000903 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-03-04 12:45 - 2015-03-04 12:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-03-04 12:45 - 2015-03-04 12:45 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2015-03-04 12:45 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-04 12:45 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-04 12:45 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-04 12:44 - 2015-03-04 12:44 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Matthias\Desktop\mbam-setup-2.0.4.1028.exe
2015-03-04 11:51 - 2015-03-04 12:41 - 00001061 _____ () C:\Users\Matthias\Desktop\Revo Uninstaller.lnk
2015-03-04 11:51 - 2015-03-04 11:51 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-03-04 11:39 - 2015-03-04 11:39 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Matthias\Desktop\revosetup95.exe
2015-03-03 17:00 - 2015-03-03 17:00 - 00047220 _____ () C:\Users\Matthias\Desktop\Addition.txt
2015-03-03 16:21 - 2015-03-08 16:20 - 00000000 ____D () C:\FRST
2015-03-03 16:21 - 2015-03-04 18:45 - 00038248 _____ () C:\Users\Matthias\Desktop\FRST.txt
2015-02-28 11:18 - 2015-02-28 11:18 - 00002400 _____ () C:\AdwCleaner[R1].txt
2015-02-28 11:03 - 2008-11-20 17:39 - 00204464 _____ (Synaptics, Inc.) C:\Windows\system32\Drivers\SynTP.sys
2015-02-28 11:03 - 2008-11-20 17:38 - 00206120 _____ (Synaptics, Inc.) C:\Windows\system32\SynCtrl.dll
2015-02-28 11:03 - 2008-11-20 17:38 - 00161064 _____ (Synaptics, Inc.) C:\Windows\system32\SynTPAPI.dll
2015-02-28 11:03 - 2008-11-20 17:38 - 00120104 _____ (Synaptics, Inc.) C:\Windows\system32\SynTPCo4.dll
2015-02-28 10:47 - 2015-02-28 10:45 - 00176552 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2015-02-28 10:47 - 2015-02-28 10:45 - 00176552 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2015-02-28 00:04 - 2015-03-04 13:59 - 00000000 ____D () C:\AdwCleaner
2015-02-28 00:02 - 2015-02-28 00:03 - 02126848 _____ () C:\Users\Matthias\Desktop\adwcleaner_4.111.exe
2015-02-26 19:57 - 2015-02-26 19:57 - 00000053 _____ () C:\Windows\SynInst.log
2015-02-25 23:31 - 2015-02-25 23:31 - 00000000 ____D () C:\Users\Matthias\AppData\Local\TuneUp Software
2015-02-25 23:27 - 2015-02-26 10:59 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2015-02-25 20:56 - 2015-02-25 20:56 - 00000000 ____D () C:\Users\Matthias\AppData\Local\PDFCreator
2015-02-25 10:00 - 2015-02-25 10:00 - 00000000 ____D () C:\Program Files\Common Files\Java(1)
2015-02-23 12:53 - 2015-02-27 23:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2015-02-23 12:53 - 2015-02-23 12:53 - 00000832 _____ () C:\Users\Public\Desktop\PDFCreator.lnk
2015-02-13 17:59 - 2015-01-23 04:00 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-13 17:59 - 2015-01-23 03:51 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-12 10:39 - 2014-11-26 03:05 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-12 10:38 - 2015-01-13 02:39 - 00974848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-12 10:38 - 2015-01-09 01:20 - 02063360 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-12 10:34 - 2015-01-15 05:13 - 00440760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-12 10:34 - 2014-12-08 02:59 - 00306176 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 17:18 - 2015-01-14 02:51 - 12371456 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 17:18 - 2015-01-14 02:49 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-02-11 17:18 - 2015-01-14 02:46 - 09742336 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 17:18 - 2015-01-14 02:43 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 17:18 - 2015-01-14 02:42 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 17:18 - 2015-01-14 02:42 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 17:18 - 2015-01-14 02:41 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 17:18 - 2015-01-14 02:41 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 17:18 - 2015-01-14 02:41 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 17:18 - 2015-01-14 02:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-02-11 17:18 - 2015-01-14 02:41 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 17:18 - 2015-01-14 02:41 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 17:18 - 2015-01-14 02:40 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 17:18 - 2015-01-14 02:40 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 17:18 - 2015-01-14 02:40 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 17:18 - 2015-01-14 02:40 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 17:18 - 2015-01-14 02:40 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 17:18 - 2015-01-14 02:40 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-02-11 17:18 - 2015-01-14 02:40 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-02-11 17:18 - 2015-01-14 02:40 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-02-08 17:35 - 2015-03-07 23:20 - 00001340 _____ () C:\Users\Matthias\Desktop\CoreTemp.ini
2015-02-08 17:35 - 2013-10-08 13:22 - 00794272 _____ () C:\Users\Matthias\Desktop\Core Temp.exe
2015-02-08 17:28 - 2015-02-08 17:28 - 00734473 _____ () C:\Users\Matthias\Desktop\CoreTemp_106.zip

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-08 16:14 - 2015-01-24 00:03 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-08 15:40 - 2013-10-15 11:05 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-08 15:28 - 2009-02-21 15:19 - 01870872 _____ () C:\Windows\WindowsUpdate.log
2015-03-08 15:12 - 2009-09-13 17:35 - 00000330 _____ () C:\Windows\Brownie.ini
2015-03-08 15:11 - 2015-01-24 00:03 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-08 15:08 - 2009-05-06 20:12 - 00207414 _____ () C:\ProgramData\nvModes.001
2015-03-08 15:08 - 2009-01-16 19:58 - 00000147 _____ () C:\Windows\system32\agent.log
2015-03-08 15:08 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-08 15:08 - 2006-11-02 13:47 - 00003344 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-08 15:08 - 2006-11-02 13:47 - 00003344 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-08 06:02 - 2006-11-02 14:01 - 00032578 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-07 23:22 - 2008-01-21 08:16 - 01674410 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-07 21:13 - 2009-08-02 17:39 - 00002631 _____ () C:\Users\Matthias\Desktop\Microsoft Office Word 2007.lnk
2015-03-07 18:55 - 2009-01-16 19:56 - 00000000 ____D () C:\Program Files\Common Files\LightScribe
2015-03-07 07:59 - 2009-02-21 15:28 - 00207414 _____ () C:\ProgramData\nvModes.dat
2015-03-07 07:41 - 2014-11-27 22:59 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-03-06 20:56 - 2009-08-27 21:36 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\Skype
2015-03-06 16:36 - 2011-11-10 21:54 - 00000000 ____D () C:\Users\Matthias\AppData\Local\Akamai
2015-03-06 16:36 - 2009-09-13 17:36 - 00000000 ____D () C:\Program Files\Brownie
2015-03-05 18:47 - 2009-11-30 21:17 - 00000000 ____D () C:\eg
2015-03-04 21:50 - 2014-10-01 09:15 - 00002379 _____ () C:\Users\Public\Desktop\Skype.lnk
2015-03-04 13:00 - 2008-01-21 03:47 - 02827708 _____ () C:\Windows\PFRO.log
2015-03-04 12:17 - 2010-10-08 11:11 - 00000000 ____D () C:\Program Files\SlySoft
2015-03-03 16:19 - 2009-05-06 20:12 - 00000000 ____D () C:\Users\Matthias
2015-03-03 14:32 - 2014-01-29 18:53 - 00000000 ____D () C:\Users\Matthias\.gimp-2.8
2015-03-03 13:22 - 2009-09-13 17:36 - 00000034 _____ () C:\Windows\system32\BD2150N.DAT
2015-03-01 23:29 - 2009-08-30 20:52 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\vlc
2015-02-28 11:59 - 2011-03-24 21:08 - 00000000 ____D () C:\Program Files\Java
2015-02-28 11:05 - 2009-02-21 15:19 - 00063094 _____ () C:\Windows\DPINST.LOG
2015-02-28 11:05 - 2006-11-02 13:52 - 00262190 _____ () C:\Windows\setupact.log
2015-02-28 10:48 - 2013-09-23 21:51 - 00000000 ____D () C:\ProgramData\Oracle
2015-02-28 10:45 - 2014-11-04 21:26 - 00272296 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2015-02-27 23:48 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\Msdtc
2015-02-27 23:48 - 2006-11-02 11:22 - 59244544 _____ () C:\Windows\system32\config\software_previous
2015-02-27 23:48 - 2006-11-02 11:22 - 46661632 _____ () C:\Windows\system32\config\components_previous
2015-02-27 23:48 - 2006-11-02 11:22 - 35651584 _____ () C:\Windows\system32\config\system_previous
2015-02-27 23:48 - 2006-11-02 11:22 - 00524288 _____ () C:\Windows\system32\config\default_previous
2015-02-27 23:48 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\security_previous
2015-02-27 23:48 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\sam_previous
2015-02-27 23:47 - 2013-02-26 11:56 - 00000000 __SHD () C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2015-02-27 23:47 - 2009-08-30 20:52 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\dvdcss
2015-02-27 23:47 - 2009-08-22 11:12 - 00000000 ____D () C:\Users\Gast
2015-02-27 23:47 - 2009-07-11 13:08 - 00000000 ____D () C:\Users\Matthias\AppData\Local\Microsoft Help
2015-02-27 23:47 - 2006-11-02 12:18 - 00000000 ___RD () C:\Users\Public
2015-02-27 23:47 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\spool
2015-02-27 23:46 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\registration
2015-02-27 14:54 - 2009-01-16 19:03 - 00000000 ____D () C:\Program Files\Acer
2015-02-26 10:59 - 2011-10-27 21:20 - 00000000 ____D () C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2015-02-26 10:59 - 2011-04-07 22:52 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\HpUpdate
2015-02-26 10:37 - 2013-02-26 12:29 - 00000000 ____D () C:\ProgramData\TuneUp Software
2015-02-25 23:31 - 2013-02-26 12:30 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\TuneUp Software
2015-02-24 23:26 - 2010-09-05 19:34 - 00000000 ____D () C:\Users\Matthias\AppData\Local\CrashDumps
2015-02-24 12:43 - 2009-08-27 21:27 - 00000000 ___RD () C:\Program Files\Skype
2015-02-24 12:43 - 2009-08-27 21:27 - 00000000 ____D () C:\ProgramData\Skype
2015-02-23 12:53 - 2012-01-21 13:37 - 00000000 ____D () C:\Program Files\PDFCreator
2015-02-20 21:10 - 2015-01-24 00:04 - 00001967 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-14 18:16 - 2009-06-14 19:56 - 00049664 _____ () C:\Users\Matthias\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-12 21:15 - 2010-08-01 18:01 - 00007592 _____ () C:\Users\Matthias\AppData\Local\d3d9caps.dat
2015-02-12 21:12 - 2006-11-02 13:47 - 03684304 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-12 16:50 - 2013-07-16 02:06 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-12 10:40 - 2006-11-02 11:24 - 113756392 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-02-12 10:38 - 2009-01-16 18:45 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-06 00:14 - 2010-07-23 07:11 - 00002633 _____ () C:\Users\Matthias\Desktop\Microsoft Office Excel 2007.lnk

==================== Files in the root of some directories =======

2009-06-09 08:40 - 2009-06-09 08:38 - 0005250 _____ () C:\Program Files\0x0407.ini
2009-06-09 08:40 - 2009-06-09 08:38 - 14042624 _____ () C:\Program Files\Turbo Lister 2.msi
2011-03-25 21:15 - 2010-10-16 11:50 - 3056008 _____ (Ask) C:\Program Files\Common Files\AskToolbarInstaller.exe
2010-12-14 13:00 - 2012-03-28 09:14 - 1456640 _____ () C:\Program Files\Common Files\Falk Navi-Manager.msi
2011-03-25 21:15 - 2010-01-26 10:11 - 0444283 _____ () C:\Program Files\Common Files\WinPcapNmap.exe
2009-08-13 23:39 - 2009-08-13 23:39 - 0000319 _____ () C:\Users\Matthias\AppData\Roaming\mdb.bin
2010-08-01 18:01 - 2015-02-12 21:15 - 0007592 _____ () C:\Users\Matthias\AppData\Local\d3d9caps.dat
2009-06-14 19:56 - 2015-02-14 18:16 - 0049664 _____ () C:\Users\Matthias\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-08-13 20:38 - 2009-08-13 20:38 - 0000096 _____ () C:\Users\Matthias\AppData\Local\fusioncache.dat
2013-02-09 21:29 - 2013-02-09 21:34 - 0005086 _____ () C:\Users\Matthias\AppData\Local\MyWinLockerInstaller.txt-20130209.log
2014-08-10 19:41 - 2014-08-10 19:41 - 0001491 _____ () C:\Users\Matthias\AppData\Local\recently-used.xbel
2011-04-19 10:35 - 2011-04-21 08:42 - 0001940 _____ () C:\Users\Matthias\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
2010-10-08 10:32 - 2013-03-04 13:45 - 0000148 ___SH () C:\ProgramData\.zreglib
2011-03-25 21:15 - 2010-05-28 22:37 - 0015086 _____ () C:\ProgramData\Amazon.ico
2009-02-21 15:21 - 2009-02-21 15:23 - 0006112 _____ () C:\ProgramData\ArcadeDeluxe2.log
2011-03-25 21:15 - 2011-03-03 15:50 - 0009662 _____ () C:\ProgramData\BeRuby.ico
2009-08-27 21:43 - 2009-08-27 21:43 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2009-05-26 07:30 - 2012-04-15 22:27 - 0009789 _____ () C:\ProgramData\hpzinstall.log
2014-12-23 00:44 - 2014-12-23 00:48 - 0020531 ____H () C:\ProgramData\M33KI
2011-03-25 21:15 - 2010-07-20 12:53 - 0071926 _____ () C:\ProgramData\MercadoLivre.ico
2009-05-06 20:12 - 2015-03-08 15:08 - 0207414 _____ () C:\ProgramData\nvModes.001
2009-02-21 15:28 - 2015-03-07 07:59 - 0207414 _____ () C:\ProgramData\nvModes.dat
2011-03-25 21:15 - 2010-05-20 11:05 - 0025214 _____ () C:\ProgramData\QuickStores.ico

Some content of TEMP:
====================
C:\Users\Matthias\AppData\Local\Temp\RtkBtMnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-08 15:17

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Neuerdings lassen sich alle Dateien des bewussten Ordners, zu dem ich meine Anfrage gestartet hatte, öffnen. Wie ist das möglich? Auch die Bilder werden angezeigt. Es handelt sich ganz offensichtlich wirklich um ein Windows-update. Mir ist nur etwas rätselhaft, wie das auf D: landen konnte, da es eigentlich auf C: gehört.

Es gibt noch ein Problem, das ich aber nicht mit Malware in Verbindung bringe. Der Laptop (ACER Aspire 5737Z) stürzt in letzter Zeit immer mal ab. Regelmäßig passiert das inzwischen bei der Nutzung von Skype. In der Regel arbeitet vorher der Lüfter sehr intensiv. Meine Vermutung ist, dass der Lüfter gereinigt werden müsste, bzw. die Wärmeleitpads zu überprüfen sind. Der Laptop ist 6 Jahre alt. (Meine Frau hat den gleichen Rechner mit selbem Alter. Da trat das Problem etwas eher auf, besonders beim Streaming aus Mediatheken von ZDF du ARD. Sie arbeitet aber auch mehr mit dem Laptop und in ihrem Arbeitszimmer macht es sich die Katze oft gemütlich.) Ich habe bei mir CoreTemp installiert. Die beiden CPU kommen immer mal etwas über 90 Grad. Gestern habe ich dann beim Skypen mal experimentiert. Der Rechner stieg aus, während CoreTemp nur 83 Grad anzeigte. Vielleicht ist es dann doch die Kühlung der Graphikkarte, oder was da auch immer drin passieren kann? Um zu sehen, was da los ist, habe ich TechPowerUP GPU-Z installiert. Doch da komme ich an meine Grenzen, weil ich mit den ausgelesenen Daten nicht klarkomme. Kannst Du mir da noch weiter helfen? Oder hilft da nur der Weg in die Werkstatt? Leider ist das Teil ziemlich verbaut. Der Lüfter hat keine Serviceklappe, man müsste den ganzen Laptop auseinander nehmen.
Lieben Gruß und vielen Dank
Pasteur

Alt 08.03.2015, 19:23   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Vista: Unbekannter Ordner in meinen persönlichen Dateien - Standard

Vista: Unbekannter Ordner in meinen persönlichen Dateien



Adobe updaten.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
C:\Users\Matthias\Desktop\Downloads\Hotspot-Shield-lnstall.exe
Emptytemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.




Mit dem Problem mal bei uns hier im Hardwarebereich anfragen, aber ein Weg in die Werkstatt bleibt dir nicht erspart denke ich. Selbst 83 Grad sind schon extrem.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 09.03.2015, 13:02   #11
pasteur
 
Vista: Unbekannter Ordner in meinen persönlichen Dateien - Standard

Vista: Unbekannter Ordner in meinen persönlichen Dateien



Hallo Schrauber,

ich glaub ich habe eien Fehler gemacht, denn ich habe die Hotspot Shield Install.exe in den letzten Tagen gelöscht, als ich sie dort sah. Ich hatte die Datei im August bei Chip runtergeladen und brauchte sie jetzt nicht mehr. Entsprechend ist der Scan jetz ohne Ergebnis
Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 08-03-2015 02
Ran by Matthias at 2015-03-09 12:41:25 Run:1
Running from C:\Users\Matthias\Desktop\Downloads
Loaded Profiles: Matthias (Available profiles: Matthias & Gast)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
C:\Users\Matthias\Desktop\Downloads\Hotspot-Shield-lnstall.exe
Emptytemp:
*****************

"C:\Users\Matthias\Desktop\Downloads\Hotspot-Shield-lnstall.exe" => File/Directory not found.
EmptyTemp: => Removed 1.2 GB temporary data.


The system needed a reboot. 

==== End of Fixlog 12:44:05 ====
         
Gruß
pasteur

Alt 09.03.2015, 19:00   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Vista: Unbekannter Ordner in meinen persönlichen Dateien - Standard

Vista: Unbekannter Ordner in meinen persönlichen Dateien



passt.



Cleanup:
(Die Reihenfolge ist hier entscheidend)

Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken.

Falls Combofix verwendet wurde:
Combofix deinstallieren
  • Wichtig: Bitte Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.
  • Drücke bitte die + R Taste und schreibe Combofix /Uninstall in das Ausführen-Fenster.
  • Klicke auf OK.
    Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert.
  • Nun die eben deaktivierten Programme wieder aktivieren.

Alle Logs gepostet? Dann lade Dir bitte DelFix herunter.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Setze vor jede Funktion ein Häkchen.
  • Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...und/oder das Forum mit einer kleinen Spende unterstützen.


Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:

Browser
Java
Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank.
Meine Empfehlung:

Emsisoft

Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

Optional:
NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.
Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.


Lade Software von einem sauberen Portal wie .
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner .


Abschließend noch ein paar grundsätzliche Bemerkungen:
Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Vista: Unbekannter Ordner in meinen persönlichen Dateien
ahnung, befinden, bekannter, dateien, einiger, festplatte, festplattenpartition, löschen, malware, namen, nicht löschbar, nicht löschen, ordner, ordnern, partition, persönliche, persönlichen, platte, rechner, stellige, system, unbekannter, unbekannter ordner, vista, weiteren, zahlen, zwischen




Ähnliche Themen: Vista: Unbekannter Ordner in meinen persönlichen Dateien


  1. Unbekannter Ordner: 3590F75ABA9E485486C100C1A9D4FF06ZZ........ZZZZZZ
    Plagegeister aller Art und deren Bekämpfung - 15.02.2015 (17)
  2. CryptoApp.exe - .encrypted Files auf Desktop und persönlichen Ordner
    Plagegeister aller Art und deren Bekämpfung - 14.11.2014 (30)
  3. softwareupdater.ui.exe (Windows vista) will auf meinen rechner zugreifen
    Plagegeister aller Art und deren Bekämpfung - 30.11.2013 (15)
  4. Win 7 - AVG entdeckt Virus - *.sys dateien im windows ordner- Nach Löschung entstehen neue befallene Dateien
    Plagegeister aller Art und deren Bekämpfung - 14.09.2013 (13)
  5. Unbekannter hat Kontrolle über meinen Rechner, was soll ich tun?
    Plagegeister aller Art und deren Bekämpfung - 26.02.2013 (11)
  6. Unbekannter Ordner 'boot' in Nicht-OS Partition
    Alles rund um Windows - 24.08.2012 (9)
  7. Verschlüsselungstrojaner blockiert meinen Bildschirm (Windows Vista)
    Log-Analyse und Auswertung - 10.06.2012 (1)
  8. Unbekannter Ordner aufgetauchst + Verdächtiges Scan Ergebnis
    Plagegeister aller Art und deren Bekämpfung - 25.10.2011 (22)
  9. Unbekannter Virus hat meinen PC geschrottet :'(
    Plagegeister aller Art und deren Bekämpfung - 20.08.2011 (3)
  10. Unbekannter Virus verseucht alle index.html/php Dateien auf dem Server!
    Plagegeister aller Art und deren Bekämpfung - 19.12.2010 (4)
  11. Unbekannter Ordner mit Titel, der nur aus Zahlen besteht gefunden
    Alles rund um Windows - 06.07.2010 (6)
  12. Unbekannter Virus! Festplate als Ordner + Verknüpfungen + autorun
    Mülltonne - 10.12.2009 (7)
  13. Ich habe keine Kontrolle über meinen PC (Vista)
    Alles rund um Windows - 14.01.2009 (5)
  14. ordner bei vista
    Alles rund um Windows - 04.03.2008 (13)
  15. WIN-Dateien mit unbekannter Version ersetzt
    Log-Analyse und Auswertung - 01.03.2005 (3)
  16. GRAUER DESKTOP & UNBEKANNTER ORDNER IN DER TASKLEISTE
    Plagegeister aller Art und deren Bekämpfung - 03.02.2005 (21)
  17. unbekannter Ordner
    Alles rund um Windows - 14.02.2003 (29)

Zum Thema Vista: Unbekannter Ordner in meinen persönlichen Dateien - Meine persönlichen Dateien speichere ich in der Festplattenpartition „D“. Das System läuft auf „C“. Seit einiger Zeit findet sich zwischen den Ordnern ein von mir nicht angelegter Ordner mit dem - Vista: Unbekannter Ordner in meinen persönlichen Dateien...
Archiv
Du betrachtest: Vista: Unbekannter Ordner in meinen persönlichen Dateien auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.