|
Plagegeister aller Art und deren Bekämpfung: Vista: Unbekannter Ordner in meinen persönlichen DateienWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
03.03.2015, 15:16 | #1 |
| Vista: Unbekannter Ordner in meinen persönlichen Dateien Meine persönlichen Dateien speichere ich in der Festplattenpartition „D“. Das System läuft auf „C“. Seit einiger Zeit findet sich zwischen den Ordnern ein von mir nicht angelegter Ordner mit dem Namen dd89f1be96b5e1ab75dd4407c426. Der Ordner lässt sich nicht löschen oder verschieben. Die Unterordner bestehen aus 4stelligen Zahlen und lassen sich nicht öffnen. In einem Ordner Graphics befinden sich Dateien mit der Endung ico, die sich mit Gimp nicht öffnen lassen. Es existiert neben weiteren Dateien ein Windows-Installer-Patch NDP40-KB2836939.msp. Mein Rechner läuft mit der jeweils aktuellesten Norten-Versinon. Der AdwareCleaner zeigt den Ordner nicht als Malware an. Hat jemand eine Ahnung, um was es sich da handeln kann? |
03.03.2015, 15:24 | #2 |
/// the machine /// TB-Ausbilder | Vista: Unbekannter Ordner in meinen persönlichen Dateien hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
03.03.2015, 15:50 | #3 |
| Vista: Unbekannter Ordner in meinen persönlichen Dateien Danke, für die schnelle Antwort. Norton löscht sofort nach dem Download von frst.exe die Datei mit dem Hinweis auf die Bedrohung Suspicious.cloud.7.EP
__________________ |
03.03.2015, 16:46 | #4 |
/// the machine /// TB-Ausbilder | Vista: Unbekannter Ordner in meinen persönlichen Dateien Jo, weil Norton sau doof is. Norton aus, oder besser, Norton deinstallieren und nen Bogen drum machen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
03.03.2015, 17:10 | #5 |
| Vista: Unbekannter Ordner in meinen persönlichen Dateien Danke, Schrauber, hab Norton abgeschaltet und jetzt kommen die beiden Datein: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-03-2015 Ran by Matthias (administrator) on MATTHIAS-PC on 03-03-2015 16:21:57 Running from C:\Users\Matthias\Desktop\Downloads Loaded Profiles: Matthias (Available profiles: Matthias & Gast) Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 9 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe () C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe (Adobe Systems Incorporated) C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe () C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Symantec Corporation) C:\Program Files\Norton Identity Safe\Engine\2014.7.8.23\NST.exe (Symantec Corporation) C:\Program Files\Norton Security\Engine\22.1.0.9\NS.exe (NewTech InfoSystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Symantec Corporation) C:\Program Files\Norton Identity Safe\Engine\2014.7.8.23\NST.exe (Symantec Corporation) C:\Program Files\Norton Security\Engine\22.1.0.9\NS.exe () C:\Users\Matthias\Desktop\Core Temp.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (brother) C:\Program Files\Brownie\BrStsWnd.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe (Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Akamai Technologies, Inc.) C:\Users\Matthias\AppData\Local\Akamai\netsession_win.exe (Microsoft Corporation) C:\Program Files\Windows Live\Mail\wlmail.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (Microsoft Corporation) C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation) C:\Windows\System32\mobsync.exe (brother) C:\Program Files\Brownie\brpjp04a.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Akamai Technologies, Inc.) C:\Users\Matthias\AppData\Local\Akamai\netsession_win.exe (Realtek Semiconductor Corp.) C:\Users\Matthias\AppData\Local\Temp\RtkBtMnt.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_16_0_0_305_ActiveX.exe () C:\Users\Matthias\Downloads\frst.exe (Microsoft Corporation) C:\Windows\System32\conime.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [6609440 2008-10-31] (Realtek Semiconductor) HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [690720 2008-12-18] (Acer Incorporated) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1398056 2008-11-20] (Synaptics, Inc.) HKLM\...\Run: [BrStsWnd] => C:\Program Files\Brownie\BrstsWnd.exe [880640 2008-09-18] (brother) HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2008-10-31] (Realtek Semiconductor Corp.) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated) HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit HKLM\...\Run: [ToADiMon.exe] => C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe [286720 2010-04-08] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation) HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKU\S-1-5-21-3827918516-2867637020-576463877-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation) HKU\S-1-5-21-3827918516-2867637020-576463877-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Matthias\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.) HKU\S-1-5-21-3827918516-2867637020-576463877-1000\...\Run: [] => [X] HKU\S-1-5-21-3827918516-2867637020-576463877-1000\...\MountPoints2: {19076bdf-bd55-11de-a648-00235a5338e1} - F:\Menu.exe HKU\S-1-5-21-3827918516-2867637020-576463877-1000\...\MountPoints2: {d60af5b2-a679-11df-9129-00235a5338e1} - awb3ryk.exe HKU\S-1-5-21-3827918516-2867637020-576463877-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> Startup: C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\E-Mail - Verknüpfung.lnk ShortcutTarget: E-Mail - Verknüpfung.lnk -> (No File) Startup: C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Calendar.lnk ShortcutTarget: Windows Calendar.lnk -> C:\Program Files\Windows Calendar\WinCal.exe (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0209&m=aspire_5737z HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0209&m=aspire_5737z HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NS&pvid=22.1.0.9 HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NS&pvid=22.1.0.9 HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NS&pvid=22.1.0.9 HKU\S-1-5-21-3827918516-2867637020-576463877-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.benefind.de/ SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3827918516-2867637020-576463877-1000 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE326 SearchScopes: HKU\S-1-5-21-3827918516-2867637020-576463877-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE326 SearchScopes: HKU\S-1-5-21-3827918516-2867637020-576463877-1000 -> {7AE64BE7-E40D-4E58-A1D9-F8DC7719A1DC} URL = hxxp://www.benefind.de/result.html?q={searchTerms} BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine\22.1.0.9\coIEPlg.dll (Symantec Corporation) BHO: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.1.0.9\coIEPlg.dll (Symantec Corporation) Toolbar: HKU\S-1-5-21-3827918516-2867637020-576463877-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File Toolbar: HKU\S-1-5-21-3827918516-2867637020-576463877-1000 -> No Name - {CFCB809C-3A22-4616-A916-6C007BD9D920} - No File DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab DPF: {C3E3BB4F-269C-41A3-9F5F-A360E933CAD3} https://as.photoprintit.com/ips-opdata/activex/ImageUploader6.cab DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} https://asp.photoprintit.de/microsite/11093/defaults/activex/ips/IPSUploader4.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 212.27.40.240 212.27.40.241 FireFox: ======== FF ProfilePath: C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\wo64522p.default FF Homepage: hxxp://www.benefind.de/ FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np_gp.dll (NOS Microsystems Ltd.) FF SearchPlugin: C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\wo64522p.default\searchplugins\benefind.xml FF Extension: Securita Scout - C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\wo64522p.default\Extensions\plug@securitascout.com [2014-07-13] FF Extension: Microsoft .NET Framework Assistant - C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\wo64522p.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-05-20] FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2015-01-26] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-05-06] FF HKLM\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn FF HKLM\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.8.23\coFFPlgn FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.1.0.9\coFFPlgn FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.1.0.9\coFFPlgn [2015-03-03] FF HKLM\...\Thunderbird\Extensions: [te_7.0@nokia.com] - C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_7.0 FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_7.0 [2011-12-04] Chrome: ======= CHR StartupUrls: Default -> "hxxp://www.benefind.de/" CHR DefaultSearchKeyword: Default -> benefind.de CHR DefaultSearchURL: Default -> hxxp://www.benefind.de/result.html?q={searchTerms} CHR DefaultSuggestURL: Default -> CHR Profile: C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-24] CHR Extension: (Google Docs) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-09] CHR Extension: (Google Drive) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-11-09] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-24] CHR Extension: (YouTube) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-09] CHR Extension: (Google Search) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-09] CHR Extension: (Google Sheets) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-24] CHR Extension: (Norton Identity Safe) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-01-24] CHR Extension: (Google Wallet) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-24] CHR Extension: (Gmail) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-09] CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.1.0.9\Exts\Chrome.crx [2015-01-08] CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - [Not Found] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AAV UpdateService; C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] () R2 AdobeActiveFileMonitor8.0; C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [169312 2009-09-18] (Adobe Systems Incorporated) R2 BUNAgentSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [16384 2008-03-03] (NewTech Infosystems, Inc.) [File not signed] R2 CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [69632 2008-10-04] () [File not signed] R2 ePowerSvc; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [653856 2008-12-18] (Acer Incorporated) R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed] R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed] S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed] R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed] S4 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-12-06] () [File not signed] R2 NCO; C:\Program Files\Norton Identity Safe\Engine\2014.7.8.23\NST.exe [130104 2014-09-20] (Symantec Corporation) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [43520 2006-05-11] (Hewlett-Packard) [File not signed] R2 NS; C:\Program Files\Norton Security\Engine\22.1.0.9\NS.exe [282528 2014-12-10] (Symantec Corporation) R2 NTIBackupSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [45056 2008-04-25] (NewTech InfoSystems, Inc.) [File not signed] R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-25] () [File not signed] R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [52736 2006-05-11] (Hewlett-Packard) [File not signed] S4 RichVideo; C:\Program Files\Cyberlink\Shared files\RichVideo.exe [272024 2007-01-09] () S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 AF15BDA; C:\Windows\System32\DRIVERS\AF15BDA.sys [483200 2010-08-21] (ITETech ) R1 BHDrvx86; C:\Program Files\Norton Security\NortonData\22.1.0.9\Definitions\BASHDefs\20150224.001_4f9\BHDrvx86.sys [1164504 2015-02-24] (Symantec Corporation) R1 ccSet_NS; C:\Windows\system32\drivers\NS\1601000.009\ccSetx86.sys [128728 2014-09-09] (Symantec Corporation) R1 ccSet_NST; C:\Windows\system32\drivers\NST\7DE07080.017\ccSetx86.sys [127064 2013-09-27] (Symantec Corporation) R1 DritekPortIO; C:\Program Files\Launch Manager\DPortIO.sys [20112 2006-11-02] (Dritek System Inc.) R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [378672 2014-11-25] (Symantec Corporation) R3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [34760 2007-02-16] (SlySoft, Inc.) R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [31088 2010-12-16] (Elaborate Bytes AG) R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [111408 2014-11-25] (Symantec Corporation) R1 IDSVix86; C:\Program Files\Norton Security\NortonData\22.1.0.9\Definitions\IPSDefs\20150302.001\IDSvix86.sys [503512 2015-02-26] (Symantec Corporation) S3 MTOnlPktAlyX; C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyX.SYS [19200 2010-08-27] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [File not signed] R3 NAVENG; C:\Program Files\Norton Security\NortonData\22.1.0.9\Definitions\VirusDefs\20150302.034\NAVENG.SYS [95704 2015-02-27] (Symantec Corporation) R3 NAVEX15; C:\Program Files\Norton Security\NortonData\22.1.0.9\Definitions\VirusDefs\20150302.034\NAVEX15.SYS [1636696 2015-02-27] (Symantec Corporation) R2 npf; C:\Windows\System32\drivers\npf.sys [50704 2010-01-27] (CACE Technologies, Inc.) R3 SRTSP; C:\Windows\system32\drivers\NS\1601000.009\SRTSP.SYS [699608 2014-12-02] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\NS\1601000.009\SRTSPX.SYS [36056 2014-12-02] (Symantec Corporation) S3 StarOpen; C:\Windows\system32\Drivers\StarOpen.sys [7168 2009-09-28] () [File not signed] R0 SymDS; C:\Windows\System32\drivers\NS\1601000.009\SYMDS.SYS [364760 2014-09-09] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\NS\1601000.009\SYMEFA.SYS [939224 2014-09-09] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [94424 2015-01-08] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\NS\1601000.009\Ironx86.SYS [212696 2014-09-09] (Symantec Corporation) R1 SYMTDIv; C:\Windows\system32\drivers\NS\1601000.009\SYMTDIV.SYS [358104 2014-09-09] (Symantec Corporation) R3 usbscan; C:\Windows\System32\DRIVERS\usbscan.sys [12400 1999-10-13] (Microsoft Corporation) [File not signed] R3 ALSysIO; \??\C:\Users\Matthias\AppData\Local\Temp\ALSysIO.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] S3 taphss6; system32\DRIVERS\taphss6.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-03 16:21 - 2015-03-03 16:22 - 00000000 ____D () C:\FRST 2015-02-28 11:18 - 2015-02-28 11:18 - 00002400 _____ () C:\AdwCleaner[R1].txt 2015-02-28 11:03 - 2008-11-20 17:39 - 00204464 _____ (Synaptics, Inc.) C:\Windows\system32\Drivers\SynTP.sys 2015-02-28 11:03 - 2008-11-20 17:38 - 00206120 _____ (Synaptics, Inc.) C:\Windows\system32\SynCtrl.dll 2015-02-28 11:03 - 2008-11-20 17:38 - 00161064 _____ (Synaptics, Inc.) C:\Windows\system32\SynTPAPI.dll 2015-02-28 11:03 - 2008-11-20 17:38 - 00120104 _____ (Synaptics, Inc.) C:\Windows\system32\SynTPCo4.dll 2015-02-28 10:47 - 2015-02-28 10:45 - 00176552 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2015-02-28 10:47 - 2015-02-28 10:45 - 00176552 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2015-02-28 00:04 - 2015-03-03 15:19 - 00000000 ____D () C:\AdwCleaner 2015-02-28 00:02 - 2015-02-28 00:03 - 02126848 _____ () C:\Users\Matthias\Desktop\adwcleaner_4.111.exe 2015-02-26 19:57 - 2015-02-26 19:57 - 00000053 _____ () C:\Windows\SynInst.log 2015-02-25 23:31 - 2015-02-25 23:31 - 00000000 ____D () C:\Users\Matthias\AppData\Local\TuneUp Software 2015-02-25 23:27 - 2015-02-26 10:59 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} 2015-02-25 20:56 - 2015-02-25 20:56 - 00000000 ____D () C:\Users\Matthias\AppData\Local\PDFCreator 2015-02-25 10:00 - 2015-02-25 10:00 - 00000000 ____D () C:\Program Files\Common Files\Java(1) 2015-02-23 12:53 - 2015-02-27 23:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator 2015-02-23 12:53 - 2015-02-23 12:53 - 00000832 _____ () C:\Users\Public\Desktop\PDFCreator.lnk 2015-02-13 17:59 - 2015-01-23 04:00 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-02-13 17:59 - 2015-01-23 03:51 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-02-12 10:39 - 2014-11-26 03:05 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2015-02-12 10:38 - 2015-01-13 02:39 - 00974848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2015-02-12 10:38 - 2015-01-09 01:20 - 02063360 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-02-12 10:34 - 2015-01-15 05:13 - 00440760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-02-12 10:34 - 2014-12-08 02:59 - 00306176 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll 2015-02-11 17:18 - 2015-01-14 02:51 - 12371456 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-02-11 17:18 - 2015-01-14 02:49 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-02-11 17:18 - 2015-01-14 02:46 - 09742336 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-02-11 17:18 - 2015-01-14 02:43 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-02-11 17:18 - 2015-01-14 02:42 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-02-11 17:18 - 2015-01-14 02:42 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-02-11 17:18 - 2015-01-14 02:41 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-02-11 17:18 - 2015-01-14 02:41 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-02-11 17:18 - 2015-01-14 02:41 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-02-11 17:18 - 2015-01-14 02:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2015-02-11 17:18 - 2015-01-14 02:41 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-02-11 17:18 - 2015-01-14 02:41 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-02-11 17:18 - 2015-01-14 02:40 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-02-11 17:18 - 2015-01-14 02:40 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-02-11 17:18 - 2015-01-14 02:40 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-02-11 17:18 - 2015-01-14 02:40 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-02-11 17:18 - 2015-01-14 02:40 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-02-11 17:18 - 2015-01-14 02:40 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2015-02-11 17:18 - 2015-01-14 02:40 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2015-02-11 17:18 - 2015-01-14 02:40 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2015-02-08 17:35 - 2015-03-03 11:59 - 00001339 _____ () C:\Users\Matthias\Desktop\CoreTemp.ini 2015-02-08 17:35 - 2013-10-08 13:22 - 00794272 _____ () C:\Users\Matthias\Desktop\Core Temp.exe 2015-02-08 17:28 - 2015-02-08 17:28 - 00734473 _____ () C:\Users\Matthias\Desktop\CoreTemp_106.zip ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-03 16:19 - 2009-05-06 20:12 - 00000000 ____D () C:\Users\Matthias 2015-03-03 16:16 - 2009-02-21 15:19 - 01675300 _____ () C:\Windows\WindowsUpdate.log 2015-03-03 16:14 - 2015-01-24 00:03 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-03-03 15:40 - 2013-10-15 11:05 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-03-03 15:35 - 2009-09-13 17:35 - 00000330 _____ () C:\Windows\Brownie.ini 2015-03-03 15:33 - 2015-01-24 00:03 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-03-03 15:33 - 2009-05-06 20:12 - 00207414 _____ () C:\ProgramData\nvModes.001 2015-03-03 15:33 - 2009-01-16 19:58 - 00000147 _____ () C:\Windows\system32\agent.log 2015-03-03 15:33 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-03-03 15:33 - 2006-11-02 13:47 - 00003344 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2015-03-03 15:33 - 2006-11-02 13:47 - 00003344 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2015-03-03 14:32 - 2014-01-29 18:53 - 00000000 ____D () C:\Users\Matthias\.gimp-2.8 2015-03-03 14:27 - 2009-08-02 17:39 - 00002631 _____ () C:\Users\Matthias\Desktop\Microsoft Office Word 2007.lnk 2015-03-03 13:22 - 2009-09-13 17:36 - 00000034 _____ () C:\Windows\system32\BD2150N.DAT 2015-03-03 12:05 - 2009-08-27 21:36 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\Skype 2015-03-02 13:42 - 2015-01-26 21:48 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2015-03-01 23:30 - 2006-11-02 14:01 - 00032578 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-03-01 23:29 - 2009-08-30 20:52 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\vlc 2015-03-01 19:29 - 2008-01-21 08:16 - 01674410 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-02-28 11:59 - 2011-03-24 21:08 - 00000000 ____D () C:\Program Files\Java 2015-02-28 11:31 - 2009-02-21 15:28 - 00207414 _____ () C:\ProgramData\nvModes.dat 2015-02-28 11:05 - 2009-02-21 15:19 - 00063094 _____ () C:\Windows\DPINST.LOG 2015-02-28 11:05 - 2006-11-02 13:52 - 00262190 _____ () C:\Windows\setupact.log 2015-02-28 10:48 - 2013-09-23 21:51 - 00000000 ____D () C:\ProgramData\Oracle 2015-02-28 10:45 - 2014-11-04 21:26 - 00272296 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2015-02-27 23:48 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\Msdtc 2015-02-27 23:48 - 2006-11-02 11:22 - 59244544 _____ () C:\Windows\system32\config\software_previous 2015-02-27 23:48 - 2006-11-02 11:22 - 46661632 _____ () C:\Windows\system32\config\components_previous 2015-02-27 23:48 - 2006-11-02 11:22 - 35651584 _____ () C:\Windows\system32\config\system_previous 2015-02-27 23:48 - 2006-11-02 11:22 - 00524288 _____ () C:\Windows\system32\config\default_previous 2015-02-27 23:48 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\security_previous 2015-02-27 23:48 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\sam_previous 2015-02-27 23:47 - 2013-02-26 11:56 - 00000000 __SHD () C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936} 2015-02-27 23:47 - 2011-11-10 21:54 - 00000000 ____D () C:\Users\Matthias\AppData\Local\Akamai 2015-02-27 23:47 - 2009-08-30 20:52 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\dvdcss 2015-02-27 23:47 - 2009-08-22 11:12 - 00000000 ____D () C:\Users\Gast 2015-02-27 23:47 - 2009-07-11 13:08 - 00000000 ____D () C:\Users\Matthias\AppData\Local\Microsoft Help 2015-02-27 23:47 - 2006-11-02 12:18 - 00000000 ___RD () C:\Users\Public 2015-02-27 23:47 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\spool 2015-02-27 23:46 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\registration 2015-02-27 16:14 - 2008-01-21 03:47 - 02827352 _____ () C:\Windows\PFRO.log 2015-02-27 14:54 - 2009-01-16 19:03 - 00000000 ____D () C:\Program Files\Acer 2015-02-26 10:59 - 2011-10-27 21:20 - 00000000 ____D () C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521} 2015-02-26 10:59 - 2011-04-07 22:52 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\HpUpdate 2015-02-26 10:37 - 2013-02-26 12:29 - 00000000 ____D () C:\ProgramData\TuneUp Software 2015-02-25 23:31 - 2013-02-26 12:30 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\TuneUp Software 2015-02-24 23:26 - 2010-09-05 19:34 - 00000000 ____D () C:\Users\Matthias\AppData\Local\CrashDumps 2015-02-24 12:43 - 2009-08-27 21:27 - 00000000 ___RD () C:\Program Files\Skype 2015-02-24 12:43 - 2009-08-27 21:27 - 00000000 ____D () C:\ProgramData\Skype 2015-02-23 12:53 - 2012-01-21 13:37 - 00000000 ____D () C:\Program Files\PDFCreator 2015-02-20 21:10 - 2015-01-24 00:04 - 00001967 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-02-14 18:16 - 2009-06-14 19:56 - 00049664 _____ () C:\Users\Matthias\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-02-12 21:15 - 2010-08-01 18:01 - 00007592 _____ () C:\Users\Matthias\AppData\Local\d3d9caps.dat 2015-02-12 21:12 - 2006-11-02 13:47 - 03684304 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-02-12 16:50 - 2013-07-16 02:06 - 00000000 ____D () C:\Windows\system32\MRT 2015-02-12 10:40 - 2006-11-02 11:24 - 113756392 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2015-02-12 10:38 - 2009-01-16 18:45 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-02-06 00:14 - 2010-07-23 07:11 - 00002633 _____ () C:\Users\Matthias\Desktop\Microsoft Office Excel 2007.lnk 2015-02-05 21:40 - 2012-03-31 08:57 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-02-05 21:40 - 2011-08-01 09:29 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2015-02-04 17:21 - 2014-11-27 22:59 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service ==================== Files in the root of some directories ======= 2009-06-09 08:40 - 2009-06-09 08:38 - 0005250 _____ () C:\Program Files\0x0407.ini 2009-06-09 08:40 - 2009-06-09 08:38 - 14042624 _____ () C:\Program Files\Turbo Lister 2.msi 2011-03-25 21:15 - 2010-10-16 11:50 - 3056008 _____ (Ask) C:\Program Files\Common Files\AskToolbarInstaller.exe 2010-12-14 13:00 - 2012-03-28 09:14 - 1456640 _____ () C:\Program Files\Common Files\Falk Navi-Manager.msi 2011-03-25 21:15 - 2010-01-26 10:11 - 0444283 _____ () C:\Program Files\Common Files\WinPcapNmap.exe 2009-08-13 23:39 - 2009-08-13 23:39 - 0000319 _____ () C:\Users\Matthias\AppData\Roaming\mdb.bin 2010-08-01 18:01 - 2015-02-12 21:15 - 0007592 _____ () C:\Users\Matthias\AppData\Local\d3d9caps.dat 2009-06-14 19:56 - 2015-02-14 18:16 - 0049664 _____ () C:\Users\Matthias\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2009-08-13 20:38 - 2009-08-13 20:38 - 0000096 _____ () C:\Users\Matthias\AppData\Local\fusioncache.dat 2013-02-09 21:29 - 2013-02-09 21:34 - 0005086 _____ () C:\Users\Matthias\AppData\Local\MyWinLockerInstaller.txt-20130209.log 2014-08-10 19:41 - 2014-08-10 19:41 - 0001491 _____ () C:\Users\Matthias\AppData\Local\recently-used.xbel 2011-04-19 10:35 - 2011-04-21 08:42 - 0001940 _____ () C:\Users\Matthias\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini 2010-10-08 10:32 - 2013-03-04 13:45 - 0000148 ___SH () C:\ProgramData\.zreglib 2011-03-25 21:15 - 2010-05-28 22:37 - 0015086 _____ () C:\ProgramData\Amazon.ico 2009-02-21 15:21 - 2009-02-21 15:23 - 0006112 _____ () C:\ProgramData\ArcadeDeluxe2.log 2011-03-25 21:15 - 2011-03-03 15:50 - 0009662 _____ () C:\ProgramData\BeRuby.ico 2009-08-27 21:43 - 2009-08-27 21:43 - 0000056 ____H () C:\ProgramData\ezsidmv.dat 2009-05-26 07:30 - 2012-04-15 22:27 - 0009789 _____ () C:\ProgramData\hpzinstall.log 2014-12-23 00:44 - 2014-12-23 00:48 - 0020531 ____H () C:\ProgramData\M33KI 2011-03-25 21:15 - 2010-07-20 12:53 - 0071926 _____ () C:\ProgramData\MercadoLivre.ico 2009-05-06 20:12 - 2015-03-03 15:33 - 0207414 _____ () C:\ProgramData\nvModes.001 2009-02-21 15:28 - 2015-02-28 11:31 - 0207414 _____ () C:\ProgramData\nvModes.dat 2011-03-25 21:15 - 2010-05-20 11:05 - 0025214 _____ () C:\ProgramData\QuickStores.ico Some content of TEMP: ==================== C:\Users\Matthias\AppData\Local\Temp\Quarantine.exe C:\Users\Matthias\AppData\Local\Temp\RtkBtMnt.exe C:\Users\Matthias\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-03-03 15:41 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 02-03-2015 Ran by Matthias at 2015-03-03 16:24:10 Running from C:\Users\Matthias\Desktop\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Norton Security (Disabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Norton Security (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66} FW: Norton Security (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) AAVUpdateManager (HKLM\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH) Acer Arcade Deluxe (HKLM\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 2.0.5817 - CyberLink Corp.) Acer Arcade Deluxe (Version: 2.0.5817 - CyberLink Corp.) Hidden Acer Crystal Eye Webcam 2.0.9.1 (HKLM\...\{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}) (Version: 2.0.9.1 - SuYin) Acer ePower Management (HKLM\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 4.00.3001 - Acer Incorporated) Acer eRecovery Management (HKLM\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.00.3001 - Acer Incorporated) Acer GridVista (HKLM\...\GridVista) (Version: 2.72.317 - ) Acer Mobility Center Plug-In (HKLM\...\{11316260-6666-467B-AC34-183FCB5D4335}) (Version: 3.0.3000 - Acer Inc.) Acer Product Registration (HKLM\...\{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}) (Version: 3.0.0.10 - Acer Incorporated) Acer ScreenSaver (HKLM\...\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}) (Version: 1.01.1205 - Acer Incorporated) Adobe AIR (HKLM\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated) Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated) Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated) Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated) Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated) Adobe Photoshop Elements 8.0 (HKLM\...\Adobe Photoshop Elements 8.0) (Version: 8.0 - Adobe Systems Incorporated) Adobe Reader 9.5.5 - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated) AIO_CDA_ProductContext (Version: 82.0.233.000 - Hewlett-Packard) Hidden AIO_CDA_Software (Version: 82.0.233.000 - Hewlett-Packard) Hidden AIO_Scan (Version: 82.0.173.000 - Hewlett-Packard) Hidden Akamai NetSession Interface (HKU\S-1-5-21-3827918516-2867637020-576463877-1000\...\Akamai) (Version: - Akamai Technologies, Inc) Amazon Music (HKU\S-1-5-21-3827918516-2867637020-576463877-1000\...\Amazon Amazon Music) (Version: 3.2.0.591 - Amazon Services LLC) AudioCon (HKLM\...\AudioCon) (Version: 1.0 - Basement Softworks) Bing Bar (HKLM\...\{B4089055-D468-45A4-A6BA-5A138DD715FC}) (Version: 7.0.850.0 - Microsoft Corporation) Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.) Brother HL-2150N (HKLM\...\{797CD9FD-2B9D-46E9-8049-80790391AC24}) (Version: 1.00 - Brother) BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden C5100 (Version: 82.0.233.000 - Hewlett-Packard) Hidden c5100_Help (Version: 82.0.233.000 - Hewlett-Packard) Hidden CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.3.7.2423 - CDBurnerXP) CDex extraction audio (HKLM\...\CDex) (Version: - ) CloneCD (HKLM\...\CloneCD) (Version: - SlySoft) Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Copy (Version: 130.0.366.000 - Hewlett-Packard) Hidden CyberLink PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 6.5.3524 - CyberLink Corp.) Destinations (Version: 140.0.77.000 - Hewlett-Packard) Hidden DeviceDiscovery (Version: 130.0.372.000 - Hewlett-Packard) Hidden DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden DHTML Editing Component (HKLM\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation) DocProc (Version: 8.1.0.0 - Hewlett-Packard) Hidden DocProcQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden Dropbox (HKU\S-1-5-21-3827918516-2867637020-576463877-1000\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.) eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden Falk Navi-Manager (HKLM\...\{3222B0CE-59C5-4CA0-B545-2B88F200756B}) (Version: 2.10.0 - United Navigation GmbH) Falk Navi-Manager (Version: 2.10.0 - United Navigation GmbH) Hidden Falk Navi-Manager (Version: 2.5.1 - Falk Navigation GmbH) Hidden Fax (Version: 120.0.194.000 - Hewlett-Packard) Hidden Foto Sprechblase 1 (HKLM\...\Foto Sprechblase 1) (Version: - ) FreeUndelete (HKLM\...\{A35883BD-9C83-4625-82F3-90F86728C662}) (Version: 2.0 - Recoveronix) GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team) Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.) Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden Heroes of Hellas (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}) (Version: - Oberon Media) HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP) HP OCR Software 8.0 (HKLM\...\HPOCR) (Version: 8.0 - HP) HP Photosmart Essential (HKLM\...\{EB21A812-671B-4D08-B974-2A347F0D8F70}) (Version: 1.12.0.46 - HP) HP Photosmart.All-In-One Driver Software 8.0 .A (HKLM\...\{282E5AB2-8E47-4571-B6FA-6B512555B557}) (Version: 8.0 - HP) HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP) HP Update (HKLM\...\{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}) (Version: 5.002.007.004 - Hewlett-Packard) HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden IrfanView (remove only) (HKLM\...\IrfanView) (Version: - ) JMicron Flash Media Controller Driver (HKLM\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.00.23.06 - JMicron Technology Corp.) Junk Mail filter update (Version: 14.0.8117.416 - Microsoft Corporation) Hidden Launch Manager (HKLM\...\LManager) (Version: 2.0.03 - Acer Inc.) LightScribe 1.4.142.1 (Version: 1.4.142.1 - hxxp://www.lightscribe.com) Hidden Magic Farm (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114717227}) (Version: - Oberon Media) Magic Match Adventures (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11408540}) (Version: - Oberon Media) Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - ) Microsoft .NET Framework 1.1 German Language Pack (HKLM\...\{E78BFA60-5393-4C38-82AB-E8019E464EB4}) (Version: 1.1.4322 - Microsoft) Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - ) Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - ) Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - ) Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation) Microsoft Office PowerPoint Viewer 2007 (German) (HKLM\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation) Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Mozilla Firefox 35.0.1 (x86 de) (HKLM\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 33.1.1 - Mozilla) MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation) MuseScore 1.3 (HKLM\...\MuseScore) (Version: 1.3.0 - Werner Schweer and Others) Mystery Solitaire - Secret Island (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}) (Version: - Oberon Media) Mythic Mahjong (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113919217}) (Version: - Oberon Media) Nokia Connectivity Cable Driver (HKLM\...\{AF88496B-4BBA-4922-97E9-2582D3A28358}) (Version: 7.1.48.0 - Nokia) Nokia PC Suite (HKLM\...\Nokia PC Suite) (Version: 7.1.60.0 - Nokia) Nokia PC Suite (Version: 7.1.60.0 - Nokia) Hidden Nokia Software Updater (HKLM\...\{4D568C38-0552-4CDD-A643-01FAFA2957EF}) (Version: 02.06.006.44298 - Nokia Corporation) Nokia Suite (HKLM\...\Nokia Suite) (Version: 3.2.100.0 - Nokia) Nokia Suite (Version: 3.2.100.0 - Nokia) Hidden Norton Bootable Recovery Tool Wizard (HKLM\...\NBRTWizard) (Version: 5.1.0.26 - Symantec Corporation) Norton Identity Safe (HKLM\...\NST) (Version: 2014.7.8.23 - Symantec Corporation) Norton Security (HKLM\...\NS) (Version: 22.1.0.9 - Symantec Corporation) NTI Backup Now 5 (HKLM\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.606 - NewTech Infosystems) NTI Backup Now Standard (Version: 5.1.2.606 - NewTech Infosystems) Hidden NTI Media Maker 8 (HKLM\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.2.6329 - NewTech Infosystems) NTI Media Maker 8 (Version: 8.0.2.6329 - NewTech Infosystems) Hidden NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - NVIDIA Corporation) PC Connectivity Solution (HKLM\...\{55EB7967-5BB1-4EA2-8AFF-B2F9E487E553}) (Version: 11.5.13.0 - Nokia) PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.0.2 - pdfforge) pdfforge Toolbar v6.6 (HKLM\...\{65739FA2-0444-4AB2-B598-872406539EBD}) (Version: 6.6 - Spigot, Inc.) <==== ATTENTION Photo Collage Creator 3.97 (HKLM\...\Photo Collage Creator_is1) (Version: - AMS Software) Photo Transport (HKLM\...\{63CFD835-FF50-4F8B-91CD-5662A8C640F8}) (Version: 1.0.1 - CASIO COMPUTER CO., LTD.) PhotoNow! (HKLM\...\{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.5203 - CyberLink Corp.) Putt Mania (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112028410}) (Version: - Oberon Media) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5730 - Realtek Semiconductor Corp.) RICOH SP C231SF/C232SF (HKLM\...\RICOH SP C231SF/C232SF) (Version: 1.41.0.0 - ) Scan (Version: 140.0.80.000 - Hewlett-Packard) Hidden Securita Scout (HKLM\...\Securita Scout) (Version: - ) <==== ATTENTION Sibelius Scorch (ActiveX Only) (HKLM\...\{868291A4-229E-4795-B0B0-E60E87AF53CD}) (Version: 6.2.0 - Sibelius Software) SilverFast AFL 6.6.2r2 (HKLM\...\SilverFast AFL) (Version: - LaserSoft Imaging AG) Skype™ 7.1 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.) SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated) Status (Version: 130.0.373.000 - Hewlett-Packard) Hidden Steuer-Spar-Erklärung 2009 (HKLM\...\{32E00E5E-22B1-4D5A-9DC2-CD75E087A5E6}) (Version: 14.01.0000 - Akademische Arbeitsgemeinschaft Verlag) Steuer-Spar-Erklärung 2010 (HKLM\...\{D8E1DFEE-622B-46BA-AEFF-AB7E541C0B21}) (Version: 15.13 - Akademische Arbeitsgemeinschaft Verlag) Steuer-Spar-Erklärung 2011 (HKLM\...\{9F5FD796-86F0-4360-85F8-D54C0F5411EB}) (Version: 16.17 - Akademische Arbeitsgemeinschaft Verlag) Steuer-Spar-Erklärung 2012 (HKLM\...\{CCD2BAD2-0919-40CB-80CC-E9538B0E4C2E}) (Version: 17.14 - Wolters Kluwer Deutschland GmbH) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 12.0.4.0 - Synaptics) The Rise of Atlantis (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112548397}) (Version: - Oberon Media) Tiks Texas Hold em (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110422467}) (Version: - Oberon Media) T-Online 6.0 (HKLM\...\{B1275E23-717A-4D52-997A-1AD1E24BC7F3}) (Version: - ) T-Online WLAN-Access Finder (HKLM\...\{295C31E5-3F91-498E-9623-DA24D2FA2B6A}) (Version: - ) Toolbox (Version: 82.0.173.000 - Hewlett-Packard) Hidden TrayApp (Version: 130.0.376.000 - Hewlett-Packard) Hidden uMedia uTV (HKLM\...\{5313CFF7-E762-4752-BEC0-1E2CB2C685E4}) (Version: 1.00.000 - uMedia) UnloadSupport (Version: 1.00.0000 - Hewlett-Packard) Hidden Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft) Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft) Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft) VDownloader 3.2.807 (HKLM\...\{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1) (Version: - Vitzo Limited) Videograbber 2010 (HKLM\...\{177ADA1F-6D3B-404A-99DA-D7E0E2A36621}_is1) (Version: - Hoppelsoft) VLC media player 1.0.1 (HKLM\...\VLC media player) (Version: 1.0.1 - VideoLAN Team) WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation) Windows Live ID-Anmelde-Assistent (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation) Windows Live Sync (HKLM\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation) Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation) Windows Mobile-Gerätecenter (HKLM\...\{904CCF62-818D-4675-BC76-D37EB399F917}) (Version: 6.1.6965.0 - Microsoft Corporation) Windows Mobile-Gerätecenter: Treiberupdate (HKLM\...\{E7044E25-3038-4A76-9064-344AC038043E}) (Version: 6.1.6965.0 - Microsoft Corporation) Windows-Treiberpaket - Nokia Modem (06/09/2010 7.01.0.8) (HKLM\...\E5372C32E8562C76C24DBA6525002B1031495F34) (Version: 06/09/2010 7.01.0.8 - Nokia) Windows-Treiberpaket - Nokia Modem (10/07/2010 4.6) (HKLM\...\6DA48AFDE796708D5A4C9121A83E7617A63A9A15) (Version: 10/07/2010 4.6 - Nokia) Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) (HKLM\...\504244733D18C8F63FF584AEB290E3904E791693) (Version: 08/22/2008 7.0.0.0 - Nokia) WinPcap 4.1.1 (HKLM\...\WinPcapInst) (Version: 4.1.0.1753 - CACE Technologies) WinRAR (HKLM\...\WinRAR archiver) (Version: - ) Womens Murder Club (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114086870}) (Version: - Oberon Media) XMedia Recode Version 3.1.2.8 (HKLM\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.1.2.8 - XMedia Recode) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-3827918516-2867637020-576463877-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Matthias\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3827918516-2867637020-576463877-1000_Classes\CLSID\{3A999A50-AB25-4A20-90A9-08F71FCE320F}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\W32X86\3\HPCDMC32.DLL (HP) CustomCLSID: HKU\S-1-5-21-3827918516-2867637020-576463877-1000_Classes\CLSID\{98087D89-B93F-4BCF-A998-AE4D9F607C14}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\W32X86\3\HPCDMC32.DLL (HP) CustomCLSID: HKU\S-1-5-21-3827918516-2867637020-576463877-1000_Classes\CLSID\{B286F068-5B17-4AE8-989B-8F9A199C47BA}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\W32X86\3\HPCDMC32.DLL (HP) CustomCLSID: HKU\S-1-5-21-3827918516-2867637020-576463877-1000_Classes\CLSID\{DCA74850-096D-40CD-BB81-17034E51ACB6}\localserver32 -> C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.) CustomCLSID: HKU\S-1-5-21-3827918516-2867637020-576463877-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matthias\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3827918516-2867637020-576463877-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matthias\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3827918516-2867637020-576463877-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matthias\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3827918516-2867637020-576463877-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matthias\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3827918516-2867637020-576463877-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matthias\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3827918516-2867637020-576463877-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matthias\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3827918516-2867637020-576463877-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matthias\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3827918516-2867637020-576463877-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matthias\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ==================== Restore Points ========================= 24-02-2015 16:04:02 Geplanter Prüfpunkt 25-02-2015 23:28:28 TuneUp Utilities 2014 wird installiert 26-02-2015 15:28:38 Removed PDF Architect 26-02-2015 15:36:55 Removed Skype Click to Call 26-02-2015 19:12:58 TuneUp Utilities 2014 wird entfernt 26-02-2015 19:14:31 TuneUp Utilities 2014 (de-DE) wird entfernt 27-02-2015 14:52:38 Installed Acer System Information 27-02-2015 14:53:51 Removed Acer System Information 27-02-2015 23:39:26 Wiederherstellungsvorgang 28-02-2015 11:03:37 Gerätetreiber-Paketinstallation: Synaptics Mäuse und andere Zeigegeräte 28-02-2015 11:23:47 Removed Search App by Ask 28-02-2015 11:25:41 Removed Skype Click to Call 28-02-2015 11:58:32 Removed Java 8 Update 31 01-03-2015 00:59:39 Geplanter Prüfpunkt 01-03-2015 22:16:24 Geplanter Prüfpunkt 02-03-2015 14:22:15 Geplanter Prüfpunkt ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____N C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {015154CD-0AF2-456C-BE11-106FD5E9FD17} - System32\Tasks\Core Temp Autostart Matthias => C:\Users\Matthias\Desktop\Core Temp.exe [2013-10-08] () Task: {1D425330-1E5C-4A42-AC62-77D793A8CC54} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files\Norton Identity Safe\Engine\2014.7.8.23\SymErr.exe [2014-01-30] (Symantec Corporation) Task: {295DEB1E-DABC-4A1B-9B8E-96556AF138E9} - System32\Tasks\{46DFFA81-613B-4A7B-BB88-51B3FE5B6CF9} => C:\Program Files\Skype\Phone\Skype.exe [2015-01-23] (Skype Technologies S.A.) Task: {3522109C-F98F-432C-9993-C0A8EB5F455B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-01-24] (Google Inc.) Task: {38FE3345-1455-444D-AC5E-E484C119B0E6} - System32\Tasks\{EB5229B8-2D7B-4F8D-987A-7BBE85936BE7} => pcalua.exe -a "C:\Program Files\Acer GameZone\Magic Farm\Uninstall.exe" -c "C:\Program Files\Acer GameZone\Magic Farm\install.log" Task: {4360545A-70E6-45F7-8AAB-409029B7B72E} - System32\Tasks\AdobeAAMUpdater-1.0-Matthias-PC-Matthias => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated) Task: {54E3397C-AAF7-4BCE-A6F9-5E40511A6CC4} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Matthias => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation) Task: {6B95EDEE-82E4-4FBA-B53C-F8F5EDFC6512} - System32\Tasks\{70F9738E-9D13-4AD6-B33D-E54328A86B02} => pcalua.exe -a E:\data\Microsoft\msizap.exe -d E:\data -c TW!{0D410F4D-9009-43F8-9DF1-BDADCE7FC43F} Task: {6C8356E2-90E9-4806-90A2-AB9FED0FD6E1} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated) Task: {7AC43135-4DCC-4D1E-870E-CA17EA37EC5F} - System32\Tasks\{45394F0A-F8E4-4F82-ADD6-803ACD891632} => pcalua.exe -a C:\Users\Matthias\Downloads\setupDE.exe -d C:\Users\Matthias\Downloads Task: {7DEA4724-6899-4593-A87F-52664711B83B} - System32\Tasks\{1E620B6F-BF35-4344-BDCB-19FEABBCCB49} => pcalua.exe -a "C:\Program Files\Acer GameZone\The Rise of Atlantis\Uninstall.exe" -c "C:\Program Files\Acer GameZone\The Rise of Atlantis\install.log" Task: {7DEFDABE-E8A3-44A4-9D9C-FA398AC3C727} - System32\Tasks\{819168EB-639F-4082-9070-7161B3DABCE5} => pcalua.exe -a "C:\Program Files\Acer GameZone\Womens Murder Club\Uninstall.exe" -d "C:\Program Files\TuneUp Utilities 2012" -c "C:\Program Files\Acer GameZone\Womens Murder Club\install.log" Task: {A21BF1F9-0BED-4C19-9C45-500A929533FB} - \BrowserDefendert No Task File <==== ATTENTION Task: {A3D2A005-42AE-4212-91FC-A4D06C508C98} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security\Engine\22.1.0.9\WSCStub.exe [2014-12-10] (Symantec Corporation) Task: {B3AF4D6D-8D4A-45C0-AE58-4455905F5311} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe Task: {B74F99D7-02BC-4707-AC24-35586AF7F0D1} - System32\Tasks\Norton Security\Norton Error Analyzer => C:\Program Files\Norton Security\Engine\22.1.0.9\SymErr.exe [2014-12-03] (Symantec Corporation) Task: {D0F912A1-7B02-4C58-8F15-3EF5E7BD5ED5} - System32\Tasks\Norton Security\Norton Error Processor => C:\Program Files\Norton Security\Engine\22.1.0.9\SymErr.exe [2014-12-03] (Symantec Corporation) Task: {D185CE46-5FA3-42DC-925A-4E976B7B2569} - System32\Tasks\{95CA8384-C212-47FC-A03E-26B3DABF86AA} => pcalua.exe -a E:\Setup.exe -d E:\ Task: {D20C150F-BC6B-41FF-92E8-854FAC49D428} - System32\Tasks\{E37E2140-7FC7-4361-BA3C-F8C8F1C577AA} => pcalua.exe -a C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe -c /M{1C9171AC-5519-4DF4-B44D-B28F678DEB4C} Task: {D391F8DF-C2F3-4254-9A39-7EC3E7A2996C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated) Task: {E652FEF4-667E-4665-AC8B-7DE6B4C3D3FB} - System32\Tasks\{C6B00F22-09DB-4A3B-B734-777E38AF6BEC} => pcalua.exe -a C:\Windows\cadkasdeinst01.exe -c "C:\Program Files\Foto Sprechblase 1\" Task: {E70EF7EE-5BD1-4245-AAA0-EF3007654504} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files\Norton Identity Safe\Engine\2014.7.8.23\SymErr.exe [2014-01-30] (Symantec Corporation) Task: {FA5CCDC9-892C-430D-883F-2FFF4418EAE2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-01-24] (Google Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============== 2008-10-16 18:24 - 2008-10-16 18:24 - 00038551 _____ () C:\Windows\System32\R8E6AM.DLL 2008-10-24 16:35 - 2008-10-24 16:35 - 00128296 _____ () C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe 2007-06-24 19:09 - 2007-06-24 19:09 - 01024000 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\ACE.dll 2007-06-24 19:09 - 2007-06-24 19:09 - 00098304 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\ACEXML.dll 2007-06-24 19:09 - 2007-06-24 19:09 - 00061440 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\ACEXML_Parser.dll 2009-02-21 15:23 - 2008-10-04 04:09 - 00069632 _____ () C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe 2008-04-25 21:36 - 2008-04-25 21:36 - 00131072 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe 2015-02-08 17:35 - 2013-10-08 13:22 - 00794272 _____ () C:\Users\Matthias\Desktop\Core Temp.exe 2009-08-27 20:20 - 2009-08-16 16:06 - 00141312 _____ () C:\Program Files\WinRAR\rarext.dll 2015-01-26 21:48 - 2015-01-26 21:48 - 03925104 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll 2015-02-05 21:40 - 2015-02-05 21:40 - 16852144 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\Temp:05113FB9 AlternateDataStreams: C:\ProgramData\Temp:AB689DEA AlternateDataStreams: C:\ProgramData\Temp:C99F6ECA AlternateDataStreams: C:\ProgramData\Temp:F3176E45 ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3827918516-2867637020-576463877-1000\Control Panel\Desktop\\Wallpaper -> d:\Bilder\WeihnachtsfriesTaizé.JPG DNS Servers: Media is not connected to internet. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\Services: AAV UpdateService => 2 MSCONFIG\Services: BBSvc => 2 MSCONFIG\Services: BBUpdate => 2 MSCONFIG\Services: Bonjour Service => 2 MSCONFIG\Services: BthServ => 2 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: MobilityService => 2 MSCONFIG\Services: PDF Architect Helper Service => 2 MSCONFIG\Services: PDF Architect Service => 2 MSCONFIG\Services: RichVideo => 2 MSCONFIG\Services: ServiceLayer => 3 MSCONFIG\Services: SkypeUpdate => 2 MSCONFIG\Services: TabletInputService => 2 MSCONFIG\Services: TapiSrv => 3 MSCONFIG\Services: WPCSvc => 3 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup MSCONFIG\startupfolder: C:^Users^Matthias^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup MSCONFIG\startupfolder: C:^Users^Matthias^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Orion.lnk => C:\Windows\pss\Orion.lnk.Startup MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" MSCONFIG\startupreg: Amazon Music => "C:\Users\Matthias\AppData\Local\Amazon Music\Amazon Music Helper.exe" MSCONFIG\startupreg: AnyDVD => C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe MSCONFIG\startupreg: ArcadeDeluxeAgent => "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" MSCONFIG\startupreg: BkupTray => "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" MSCONFIG\startupreg: CLMLServer => "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" MSCONFIG\startupreg: CloneCDTray => "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s MSCONFIG\startupreg: EgisTecLiveUpdate => "C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe" MSCONFIG\startupreg: Google Desktop Search => "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup MSCONFIG\startupreg: HP Software Update => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe MSCONFIG\startupreg: LManager => C:\PROGRA~1\LAUNCH~1\LManager.exe MSCONFIG\startupreg: msnmsgr => "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background MSCONFIG\startupreg: mwlDaemon => C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe MSCONFIG\startupreg: NokiaMServer => C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup MSCONFIG\startupreg: NokiaOviSuite2 => C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray MSCONFIG\startupreg: PC Suite Tray => "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray MSCONFIG\startupreg: PlayMovie => "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" MSCONFIG\startupreg: ProductReg => "C:\Program Files\Acer\WR_PopUp\ProductReg.exe" MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" MSCONFIG\startupreg: T-Online_Software_6 => MSCONFIG\startupreg: ToADiMon.exe => C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe -TOnlineAutodialStart ==================== Accounts: ============================= Administrator (S-1-5-21-3827918516-2867637020-576463877-500 - Administrator - Disabled) ASPNET (S-1-5-21-3827918516-2867637020-576463877-1002 - Limited - Enabled) Gast (S-1-5-21-3827918516-2867637020-576463877-501 - Limited - Enabled) => C:\Users\Gast Matthias (S-1-5-21-3827918516-2867637020-576463877-1000 - Administrator - Enabled) => C:\Users\Matthias ==================== Faulty Device Manager Devices ============= Name: isatap.{DE78060C-D5CF-4A97-84F8-F9B3C0F1C35E} Description: Microsoft-ISATAP-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (03/03/2015 03:34:53 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/03/2015 01:08:28 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/03/2015 09:16:14 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Fehlerhafte Anwendung iexplore.exe, Version 9.0.8112.16609, Zeitstempel 0x54b5c951, fehlerhaftes Modul USP10.dll, Version 1.626.6002.19096, Zeitstempel 0x535bd85f, Ausnahmecode 0xc0000005, Fehleroffset 0x00009ff8, Prozess-ID 0x342c, Anwendungsstartzeit iexplore.exe0. Error: (03/03/2015 09:15:58 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Fehlerhafte Anwendung iexplore.exe, Version 9.0.8112.16609, Zeitstempel 0x54b5c951, fehlerhaftes Modul USP10.dll, Version 1.626.6002.19096, Zeitstempel 0x535bd85f, Ausnahmecode 0xc0000005, Fehleroffset 0x00009ff8, Prozess-ID 0x2bc0, Anwendungsstartzeit iexplore.exe0. Error: (03/03/2015 09:15:37 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Fehlerhafte Anwendung iexplore.exe, Version 9.0.8112.16609, Zeitstempel 0x54b5c951, fehlerhaftes Modul USP10.dll, Version 1.626.6002.19096, Zeitstempel 0x535bd85f, Ausnahmecode 0xc0000005, Fehleroffset 0x00009ff8, Prozess-ID 0x2ab4, Anwendungsstartzeit iexplore.exe0. Error: (03/03/2015 09:15:09 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Fehlerhafte Anwendung iexplore.exe, Version 9.0.8112.16609, Zeitstempel 0x54b5c951, fehlerhaftes Modul USP10.dll, Version 1.626.6002.19096, Zeitstempel 0x535bd85f, Ausnahmecode 0xc0000005, Fehleroffset 0x00009ff8, Prozess-ID 0x670, Anwendungsstartzeit iexplore.exe0. Error: (03/02/2015 01:26:32 PM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: Eintrag <D:\ARBEIT MATTHIAS\ARBEIT IN FRANKREICH\BUCHPROJEKT\ANSCHREIBEN GÜTERSLOHER VERLAGSHAUS.DOC> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) Error: (03/02/2015 01:26:32 PM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: Eintrag <D:\ARBEIT MATTHIAS\ARBEIT IN FRANKREICH\BUCHPROJEKT\ANSCHREIBEN GÜTERSLOHER VERLAGSHAUS.DOC> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) Error: (03/02/2015 11:26:33 AM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: Eintrag <D:\ARBEIT MATTHIAS\WEITERBILDUNG\POP\3-JAHRESGRUPPE\QUITTUNG 2014.DOC> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) Error: (03/02/2015 11:26:33 AM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: Eintrag <D:\ARBEIT MATTHIAS\WEITERBILDUNG\POP\3-JAHRESGRUPPE\QUITTUNG 2014.DOC> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) System errors: ============= Error: (03/03/2015 04:24:35 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: RAS-VerbindungsverwaltungTelefonie%%1058 Error: (03/03/2015 04:24:33 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: RAS-VerbindungsverwaltungTelefonie%%1058 Error: (03/03/2015 04:24:29 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: RAS-VerbindungsverwaltungTelefonie%%1058 Error: (03/03/2015 04:24:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: RAS-VerbindungsverwaltungTelefonie%%1058 Error: (03/03/2015 04:24:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: RAS-VerbindungsverwaltungTelefonie%%1058 Error: (03/03/2015 04:24:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: RAS-VerbindungsverwaltungTelefonie%%1058 Error: (03/03/2015 04:24:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: RAS-VerbindungsverwaltungTelefonie%%1058 Error: (03/03/2015 04:24:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: RAS-VerbindungsverwaltungTelefonie%%1058 Error: (03/03/2015 04:24:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: RAS-VerbindungsverwaltungTelefonie%%1058 Error: (03/03/2015 04:22:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: RAS-VerbindungsverwaltungTelefonie%%1058 Microsoft Office Sessions: ========================= Error: (02/06/2015 00:18:34 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6712.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 214 seconds with 180 seconds of active time. This session ended with a crash. Error: (02/04/2015 05:40:14 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6712.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 7 seconds with 0 seconds of active time. This session ended with a crash. Error: (02/04/2015 05:40:01 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6712.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 984 seconds with 60 seconds of active time. This session ended with a crash. Error: (02/04/2015 05:37:26 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6712.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 829 seconds with 0 seconds of active time. This session ended with a crash. Error: (02/04/2015 05:29:00 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6712.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 11 seconds with 0 seconds of active time. This session ended with a crash. Error: (02/04/2015 05:28:38 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6712.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 300 seconds with 180 seconds of active time. This session ended with a crash. Error: (01/06/2015 01:26:26 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6712.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 6 seconds with 0 seconds of active time. This session ended with a crash. Error: (01/06/2015 01:26:14 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6712.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash. Error: (01/06/2015 01:25:55 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6712.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 23 seconds with 0 seconds of active time. This session ended with a crash. Error: (01/06/2015 01:25:25 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6712.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1994 seconds with 60 seconds of active time. This session ended with a crash. CodeIntegrity Errors: =================================== Date: 2015-03-03 16:23:35.948 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-03-03 16:23:34.759 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-03-03 16:23:33.512 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-03-03 16:23:32.306 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-03-03 16:23:12.142 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Norton Security\NortonData\22.1.0.9\Definitions\BASHDefs\20150224.001_4f9\BHDrvx86.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-03-03 16:23:10.941 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Norton Security\NortonData\22.1.0.9\Definitions\BASHDefs\20150224.001_4f9\BHDrvx86.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-03-03 16:23:09.729 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Norton Security\NortonData\22.1.0.9\Definitions\BASHDefs\20150224.001_4f9\BHDrvx86.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-03-03 16:23:08.502 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Norton Security\NortonData\22.1.0.9\Definitions\BASHDefs\20150224.001_4f9\BHDrvx86.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-01-12 18:14:02.996 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-01-12 18:14:01.858 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Processor: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz Percentage of memory in use: 61% Total physical RAM: 2813.5 MB Available physical RAM: 1095.63 MB Total Pagefile: 5847.47 MB Available Pagefile: 4121.07 MB Total Virtual: 2047.88 MB Available Virtual: 1897.72 MB ==================== Drives ================================ Drive c: (ACER) (Fixed) (Total:144.04 GB) (Free:60.55 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (DATA) (Fixed) (Total:144.04 GB) (Free:85.14 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 579CD61E) Partition 1: (Not Active) - (Size=10 GB) - (Type=27) Partition 2: (Active) - (Size=144 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=144 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
04.03.2015, 08:37 | #6 |
/// the machine /// TB-Ausbilder | Vista: Unbekannter Ordner in meinen persönlichen Dateien Lade Dir bitte von hier Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Downloade Dir bitte Malwarebytes Anti-Malware
Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte. Und einen Screenshot von dem Ordner bitte. Ich glaube der kommt von Windows Update.
__________________ --> Vista: Unbekannter Ordner in meinen persönlichen Dateien |
04.03.2015, 19:12 | #7 |
| Vista: Unbekannter Ordner in meinen persönlichen Dateien Hallo Schrauber, vielen Dank. Mit dem Revo-Unistaller konnte ich gleich auch den ganzen Spiele-Mist los werden, der bei ACER dabei war und sichnicht mehr deinstallieren liess, da irgend eine dafür notwendige Datei verloren gegangen ist. Hier kommen die Logfile Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 04.03.2015 Suchlauf-Zeit: 13:24:52 Logdatei: Malwarebytes Anti-Malware 04-03-15.txt Administrator: Ja Version: 2.00.4.1028 Malware Datenbank: v2015.03.04.04 Rootkit Datenbank: v2015.02.25.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows Vista Service Pack 2 CPU: x86 Dateisystem: NTFS Benutzer: Matthias Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 387703 Verstrichene Zeit: 25 Min, 25 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 0 (Keine schädliche Elemente erkannt) Registrierungswerte: 0 (Keine schädliche Elemente erkannt) Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 0 (Keine schädliche Elemente erkannt) Dateien: 0 (Keine schädliche Elemente erkannt) Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) Code:
ATTFilter # AdwCleaner v4.111 - Bericht erstellt 04/03/2015 um 13:56:25 # Aktualisiert 18/02/2015 von Xplode # Datenbank : 2015-03-02.3 [Server] # Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (x86) # Benutzername : Matthias - MATTHIAS-PC # Gestarted von : C:\Users\Matthias\Desktop\adwcleaner_4.111.exe # Option : Suchlauf ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** ***** [ Geplante Tasks ] ***** Task Gefunden : BrowserDefendert ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Daten Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local> ***** [ Internetbrowser ] ***** -\\ Internet Explorer v9.0.8112.16609 -\\ Mozilla Firefox v35.0.1 (x86 de) -\\ Google Chrome v40.0.2214.115 ************************* AdwCleaner[R0].txt - [15586 Bytes] - [28/02/2015 00:04:49] AdwCleaner[R1].txt - [2400 Bytes] - [28/02/2015 11:10:42] AdwCleaner[R2].txt - [2459 Bytes] - [28/02/2015 11:21:51] AdwCleaner[R3].txt - [785 Bytes] - [03/03/2015 15:19:20] AdwCleaner[R4].txt - [1088 Bytes] - [04/03/2015 13:56:25] AdwCleaner[S0].txt - [15897 Bytes] - [28/02/2015 00:15:27] AdwCleaner[S1].txt - [2082 Bytes] - [28/02/2015 11:27:17] ########## EOF - C:\AdwCleaner\AdwCleaner[R4].txt - [1266 Bytes] ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.4.3 (03.01.2015:1) OS: Windows Vista (TM) Home Premium x86 Ran by Matthias on 04.03.2015 at 18:34:55,77 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files Successfully deleted: [File] "C:\Windows\wininit.ini" ~~~ Folders ~~~ FireFox Emptied folder: C:\Users\Matthias\AppData\Roaming\mozilla\firefox\profiles\wo64522p.default\minidumps [78 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 04.03.2015 at 18:39:44,43 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-03-2015 Ran by Matthias (administrator) on MATTHIAS-PC on 04-03-2015 18:44:23 Running from C:\Users\Matthias\Desktop Loaded Profiles: Matthias (Available profiles: Matthias & Gast) Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 9 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe () C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe (Adobe Systems Incorporated) C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe () C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Symantec Corporation) C:\Program Files\Norton Identity Safe\Engine\2014.7.8.23\NST.exe (Symantec Corporation) C:\Program Files\Norton Security\Engine\22.1.0.9\NS.exe (NewTech InfoSystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Symantec Corporation) C:\Program Files\Norton Identity Safe\Engine\2014.7.8.23\NST.exe () C:\Users\Matthias\Desktop\Core Temp.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe (Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Akamai Technologies, Inc.) C:\Users\Matthias\AppData\Local\Akamai\netsession_win.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (Microsoft Corporation) C:\Windows\System32\mobsync.exe (Akamai Technologies, Inc.) C:\Users\Matthias\AppData\Local\Akamai\netsession_win.exe (Realtek Semiconductor Corp.) C:\Users\Matthias\AppData\Local\Temp\RtkBtMnt.exe (Symantec Corporation) C:\Program Files\Norton Security\Engine\22.1.0.9\NS.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Program Files\Windows Live\Mail\wlmail.exe (Microsoft Corporation) C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation) C:\Windows\System32\conime.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [6609440 2008-10-31] (Realtek Semiconductor) HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [690720 2008-12-18] (Acer Incorporated) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1398056 2008-11-20] (Synaptics, Inc.) HKLM\...\Run: [BrStsWnd] => C:\Program Files\Brownie\BrstsWnd.exe [880640 2008-09-18] (brother) HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2008-10-31] (Realtek Semiconductor Corp.) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated) HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit HKLM\...\Run: [ToADiMon.exe] => C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe [286720 2010-04-08] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation) HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKU\S-1-5-21-3827918516-2867637020-576463877-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation) HKU\S-1-5-21-3827918516-2867637020-576463877-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Matthias\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.) HKU\S-1-5-21-3827918516-2867637020-576463877-1000\...\Run: [] => [X] HKU\S-1-5-21-3827918516-2867637020-576463877-1000\...\MountPoints2: {19076bdf-bd55-11de-a648-00235a5338e1} - F:\Menu.exe HKU\S-1-5-21-3827918516-2867637020-576463877-1000\...\MountPoints2: {d60af5b2-a679-11df-9129-00235a5338e1} - awb3ryk.exe HKU\S-1-5-21-3827918516-2867637020-576463877-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> Startup: C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\E-Mail - Verknüpfung.lnk ShortcutTarget: E-Mail - Verknüpfung.lnk -> (No File) Startup: C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Calendar.lnk ShortcutTarget: Windows Calendar.lnk -> C:\Program Files\Windows Calendar\WinCal.exe (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0209&m=aspire_5737z HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0209&m=aspire_5737z HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NS&pvid=22.1.0.9 HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NS&pvid=22.1.0.9 HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NS&pvid=22.1.0.9 HKU\S-1-5-21-3827918516-2867637020-576463877-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.benefind.de/ SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3827918516-2867637020-576463877-1000 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE326 SearchScopes: HKU\S-1-5-21-3827918516-2867637020-576463877-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE326 SearchScopes: HKU\S-1-5-21-3827918516-2867637020-576463877-1000 -> {7AE64BE7-E40D-4E58-A1D9-F8DC7719A1DC} URL = hxxp://www.benefind.de/result.html?q={searchTerms} BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine\22.1.0.9\coIEPlg.dll (Symantec Corporation) BHO: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.1.0.9\coIEPlg.dll (Symantec Corporation) Toolbar: HKU\S-1-5-21-3827918516-2867637020-576463877-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File Toolbar: HKU\S-1-5-21-3827918516-2867637020-576463877-1000 -> No Name - {CFCB809C-3A22-4616-A916-6C007BD9D920} - No File DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab DPF: {C3E3BB4F-269C-41A3-9F5F-A360E933CAD3} https://as.photoprintit.com/ips-opdata/activex/ImageUploader6.cab DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} https://asp.photoprintit.de/microsite/11093/defaults/activex/ips/IPSUploader4.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 212.27.40.240 212.27.40.241 FireFox: ======== FF ProfilePath: C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\wo64522p.default FF Homepage: hxxp://www.benefind.de/ FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np_gp.dll (NOS Microsystems Ltd.) FF SearchPlugin: C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\wo64522p.default\searchplugins\benefind.xml FF Extension: Securita Scout - C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\wo64522p.default\Extensions\plug@securitascout.com [2014-07-13] FF Extension: Microsoft .NET Framework Assistant - C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\wo64522p.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-05-20] FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2015-01-26] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-05-06] FF HKLM\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn FF HKLM\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.8.23\coFFPlgn FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.1.0.9\coFFPlgn FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.1.0.9\coFFPlgn [2015-03-04] FF HKLM\...\Thunderbird\Extensions: [te_7.0@nokia.com] - C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_7.0 FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_7.0 [2011-12-04] Chrome: ======= CHR StartupUrls: Default -> "hxxp://www.benefind.de/" CHR DefaultSearchKeyword: Default -> benefind.de CHR DefaultSearchURL: Default -> hxxp://www.benefind.de/result.html?q={searchTerms} CHR DefaultSuggestURL: Default -> CHR Profile: C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-24] CHR Extension: (Google Docs) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-09] CHR Extension: (Google Drive) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-11-09] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-24] CHR Extension: (YouTube) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-09] CHR Extension: (Google Search) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-09] CHR Extension: (Google Sheets) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-24] CHR Extension: (Norton Identity Safe) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-01-24] CHR Extension: (Google Wallet) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-24] CHR Extension: (Gmail) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-09] CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.1.0.9\Exts\Chrome.crx [2015-01-08] CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - [Not Found] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AAV UpdateService; C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] () R2 AdobeActiveFileMonitor8.0; C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [169312 2009-09-18] (Adobe Systems Incorporated) R2 BUNAgentSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [16384 2008-03-03] (NewTech Infosystems, Inc.) [File not signed] R2 CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [69632 2008-10-04] () [File not signed] R2 ePowerSvc; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [653856 2008-12-18] (Acer Incorporated) R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed] R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed] S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed] R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed] S4 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-12-06] () [File not signed] R2 NCO; C:\Program Files\Norton Identity Safe\Engine\2014.7.8.23\NST.exe [130104 2014-09-20] (Symantec Corporation) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [43520 2006-05-11] (Hewlett-Packard) [File not signed] R2 NS; C:\Program Files\Norton Security\Engine\22.1.0.9\NS.exe [282528 2014-12-10] (Symantec Corporation) R2 NTIBackupSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [45056 2008-04-25] (NewTech InfoSystems, Inc.) [File not signed] R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-25] () [File not signed] R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [52736 2006-05-11] (Hewlett-Packard) [File not signed] S4 RichVideo; C:\Program Files\Cyberlink\Shared files\RichVideo.exe [272024 2007-01-09] () S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 AF15BDA; C:\Windows\System32\DRIVERS\AF15BDA.sys [483200 2010-08-21] (ITETech ) R1 BHDrvx86; C:\Program Files\Norton Security\NortonData\22.1.0.9\Definitions\BASHDefs\20150224.001_4f9\BHDrvx86.sys [1164504 2015-02-24] (Symantec Corporation) R1 ccSet_NS; C:\Windows\system32\drivers\NS\1601000.009\ccSetx86.sys [128728 2014-09-09] (Symantec Corporation) R1 ccSet_NST; C:\Windows\system32\drivers\NST\7DE07080.017\ccSetx86.sys [127064 2013-09-27] (Symantec Corporation) R1 DritekPortIO; C:\Program Files\Launch Manager\DPortIO.sys [20112 2006-11-02] (Dritek System Inc.) R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [378672 2014-11-25] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [111408 2014-11-25] (Symantec Corporation) R1 IDSVix86; C:\Program Files\Norton Security\NortonData\22.1.0.9\Definitions\IPSDefs\20150303.001\IDSvix86.sys [503512 2015-02-26] (Symantec Corporation) S3 MTOnlPktAlyX; C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyX.SYS [19200 2010-08-27] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [File not signed] R3 NAVENG; C:\Program Files\Norton Security\NortonData\22.1.0.9\Definitions\VirusDefs\20150303.034\NAVENG.SYS [95704 2015-02-27] (Symantec Corporation) R3 NAVEX15; C:\Program Files\Norton Security\NortonData\22.1.0.9\Definitions\VirusDefs\20150303.034\NAVEX15.SYS [1636696 2015-02-27] (Symantec Corporation) R2 npf; C:\Windows\System32\drivers\npf.sys [50704 2010-01-27] (CACE Technologies, Inc.) R3 SRTSP; C:\Windows\system32\drivers\NS\1601000.009\SRTSP.SYS [699608 2014-12-02] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\NS\1601000.009\SRTSPX.SYS [36056 2014-12-02] (Symantec Corporation) S3 StarOpen; C:\Windows\system32\Drivers\StarOpen.sys [7168 2009-09-28] () [File not signed] R0 SymDS; C:\Windows\System32\drivers\NS\1601000.009\SYMDS.SYS [364760 2014-09-09] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\NS\1601000.009\SYMEFA.SYS [939224 2014-09-09] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [94424 2015-01-08] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\NS\1601000.009\Ironx86.SYS [212696 2014-09-09] (Symantec Corporation) R1 SYMTDIv; C:\Windows\system32\drivers\NS\1601000.009\SYMTDIV.SYS [358104 2014-09-09] (Symantec Corporation) R3 usbscan; C:\Windows\System32\DRIVERS\usbscan.sys [12400 1999-10-13] (Microsoft Corporation) [File not signed] R3 ALSysIO; \??\C:\Users\Matthias\AppData\Local\Temp\ALSysIO.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] S3 taphss6; system32\DRIVERS\taphss6.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-04 18:39 - 2015-03-04 18:39 - 00000829 _____ () C:\Users\Matthias\Desktop\JRT.txt 2015-03-04 13:52 - 2015-03-04 13:52 - 00001240 _____ () C:\Users\Matthias\Desktop\mbam 04-03-15.txt 2015-03-04 12:46 - 2015-03-04 13:22 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-03-04 12:45 - 2015-03-04 12:45 - 00000903 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-03-04 12:45 - 2015-03-04 12:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-03-04 12:45 - 2015-03-04 12:45 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2015-03-04 12:45 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-03-04 12:45 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-03-04 12:45 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-03-04 12:44 - 2015-03-04 12:44 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Matthias\Desktop\mbam-setup-2.0.4.1028.exe 2015-03-04 11:51 - 2015-03-04 12:41 - 00001061 _____ () C:\Users\Matthias\Desktop\Revo Uninstaller.lnk 2015-03-04 11:51 - 2015-03-04 11:51 - 00000000 ____D () C:\Program Files\VS Revo Group 2015-03-04 11:39 - 2015-03-04 11:39 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Matthias\Desktop\revosetup95.exe 2015-03-03 17:00 - 2015-03-03 17:00 - 00047220 _____ () C:\Users\Matthias\Desktop\Addition.txt 2015-03-03 16:21 - 2015-03-04 18:44 - 00022156 _____ () C:\Users\Matthias\Desktop\FRST.txt 2015-03-03 16:21 - 2015-03-04 18:44 - 00000000 ____D () C:\FRST 2015-03-03 16:15 - 2015-03-03 16:15 - 01132032 _____ (Farbar) C:\Users\Matthias\Desktop\frst.exe 2015-02-28 11:18 - 2015-02-28 11:18 - 00002400 _____ () C:\AdwCleaner[R1].txt 2015-02-28 11:03 - 2008-11-20 17:39 - 00204464 _____ (Synaptics, Inc.) C:\Windows\system32\Drivers\SynTP.sys 2015-02-28 11:03 - 2008-11-20 17:38 - 00206120 _____ (Synaptics, Inc.) C:\Windows\system32\SynCtrl.dll 2015-02-28 11:03 - 2008-11-20 17:38 - 00161064 _____ (Synaptics, Inc.) C:\Windows\system32\SynTPAPI.dll 2015-02-28 11:03 - 2008-11-20 17:38 - 00120104 _____ (Synaptics, Inc.) C:\Windows\system32\SynTPCo4.dll 2015-02-28 10:47 - 2015-02-28 10:45 - 00176552 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2015-02-28 10:47 - 2015-02-28 10:45 - 00176552 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2015-02-28 00:04 - 2015-03-04 13:59 - 00000000 ____D () C:\AdwCleaner 2015-02-28 00:02 - 2015-02-28 00:03 - 02126848 _____ () C:\Users\Matthias\Desktop\adwcleaner_4.111.exe 2015-02-26 19:57 - 2015-02-26 19:57 - 00000053 _____ () C:\Windows\SynInst.log 2015-02-25 23:31 - 2015-02-25 23:31 - 00000000 ____D () C:\Users\Matthias\AppData\Local\TuneUp Software 2015-02-25 23:27 - 2015-02-26 10:59 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} 2015-02-25 20:56 - 2015-02-25 20:56 - 00000000 ____D () C:\Users\Matthias\AppData\Local\PDFCreator 2015-02-25 10:00 - 2015-02-25 10:00 - 00000000 ____D () C:\Program Files\Common Files\Java(1) 2015-02-23 12:53 - 2015-02-27 23:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator 2015-02-23 12:53 - 2015-02-23 12:53 - 00000832 _____ () C:\Users\Public\Desktop\PDFCreator.lnk 2015-02-13 17:59 - 2015-01-23 04:00 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-02-13 17:59 - 2015-01-23 03:51 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-02-12 10:39 - 2014-11-26 03:05 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2015-02-12 10:38 - 2015-01-13 02:39 - 00974848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2015-02-12 10:38 - 2015-01-09 01:20 - 02063360 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-02-12 10:34 - 2015-01-15 05:13 - 00440760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-02-12 10:34 - 2014-12-08 02:59 - 00306176 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll 2015-02-11 17:18 - 2015-01-14 02:51 - 12371456 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-02-11 17:18 - 2015-01-14 02:49 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-02-11 17:18 - 2015-01-14 02:46 - 09742336 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-02-11 17:18 - 2015-01-14 02:43 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-02-11 17:18 - 2015-01-14 02:42 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-02-11 17:18 - 2015-01-14 02:42 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-02-11 17:18 - 2015-01-14 02:41 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-02-11 17:18 - 2015-01-14 02:41 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-02-11 17:18 - 2015-01-14 02:41 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-02-11 17:18 - 2015-01-14 02:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2015-02-11 17:18 - 2015-01-14 02:41 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-02-11 17:18 - 2015-01-14 02:41 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-02-11 17:18 - 2015-01-14 02:40 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-02-11 17:18 - 2015-01-14 02:40 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-02-11 17:18 - 2015-01-14 02:40 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-02-11 17:18 - 2015-01-14 02:40 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-02-11 17:18 - 2015-01-14 02:40 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-02-11 17:18 - 2015-01-14 02:40 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2015-02-11 17:18 - 2015-01-14 02:40 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2015-02-11 17:18 - 2015-01-14 02:40 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2015-02-08 17:35 - 2015-03-04 18:42 - 00001340 _____ () C:\Users\Matthias\Desktop\CoreTemp.ini 2015-02-08 17:35 - 2013-10-08 13:22 - 00794272 _____ () C:\Users\Matthias\Desktop\Core Temp.exe 2015-02-08 17:28 - 2015-02-08 17:28 - 00734473 _____ () C:\Users\Matthias\Desktop\CoreTemp_106.zip ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-04 18:40 - 2013-10-15 11:05 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-03-04 18:36 - 2009-09-13 17:35 - 00000246 _____ () C:\Windows\Brownie.ini 2015-03-04 18:23 - 2009-02-21 15:19 - 01723957 _____ () C:\Windows\WindowsUpdate.log 2015-03-04 18:14 - 2015-01-24 00:03 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-03-04 17:16 - 2006-11-02 13:47 - 00003344 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2015-03-04 17:16 - 2006-11-02 13:47 - 00003344 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2015-03-04 13:17 - 2015-01-24 00:03 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-03-04 13:16 - 2009-05-06 20:12 - 00207414 _____ () C:\ProgramData\nvModes.001 2015-03-04 13:16 - 2009-01-16 19:58 - 00000147 _____ () C:\Windows\system32\agent.log 2015-03-04 13:16 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-03-04 13:00 - 2008-01-21 03:47 - 02827708 _____ () C:\Windows\PFRO.log 2015-03-04 12:17 - 2010-10-08 11:11 - 00000000 ____D () C:\Program Files\SlySoft 2015-03-04 11:19 - 2009-02-21 15:28 - 00207414 _____ () C:\ProgramData\nvModes.dat 2015-03-04 10:33 - 2009-08-27 21:36 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\Skype 2015-03-03 16:19 - 2009-05-06 20:12 - 00000000 ____D () C:\Users\Matthias 2015-03-03 14:32 - 2014-01-29 18:53 - 00000000 ____D () C:\Users\Matthias\.gimp-2.8 2015-03-03 14:27 - 2009-08-02 17:39 - 00002631 _____ () C:\Users\Matthias\Desktop\Microsoft Office Word 2007.lnk 2015-03-03 13:22 - 2009-09-13 17:36 - 00000034 _____ () C:\Windows\system32\BD2150N.DAT 2015-03-02 13:42 - 2015-01-26 21:48 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2015-03-01 23:30 - 2006-11-02 14:01 - 00032578 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-03-01 23:29 - 2009-08-30 20:52 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\vlc 2015-03-01 19:29 - 2008-01-21 08:16 - 01674410 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-02-28 11:59 - 2011-03-24 21:08 - 00000000 ____D () C:\Program Files\Java 2015-02-28 11:05 - 2009-02-21 15:19 - 00063094 _____ () C:\Windows\DPINST.LOG 2015-02-28 11:05 - 2006-11-02 13:52 - 00262190 _____ () C:\Windows\setupact.log 2015-02-28 10:48 - 2013-09-23 21:51 - 00000000 ____D () C:\ProgramData\Oracle 2015-02-28 10:45 - 2014-11-04 21:26 - 00272296 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2015-02-27 23:48 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\Msdtc 2015-02-27 23:48 - 2006-11-02 11:22 - 59244544 _____ () C:\Windows\system32\config\software_previous 2015-02-27 23:48 - 2006-11-02 11:22 - 46661632 _____ () C:\Windows\system32\config\components_previous 2015-02-27 23:48 - 2006-11-02 11:22 - 35651584 _____ () C:\Windows\system32\config\system_previous 2015-02-27 23:48 - 2006-11-02 11:22 - 00524288 _____ () C:\Windows\system32\config\default_previous 2015-02-27 23:48 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\security_previous 2015-02-27 23:48 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\sam_previous 2015-02-27 23:47 - 2013-02-26 11:56 - 00000000 __SHD () C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936} 2015-02-27 23:47 - 2011-11-10 21:54 - 00000000 ____D () C:\Users\Matthias\AppData\Local\Akamai 2015-02-27 23:47 - 2009-08-30 20:52 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\dvdcss 2015-02-27 23:47 - 2009-08-22 11:12 - 00000000 ____D () C:\Users\Gast 2015-02-27 23:47 - 2009-07-11 13:08 - 00000000 ____D () C:\Users\Matthias\AppData\Local\Microsoft Help 2015-02-27 23:47 - 2006-11-02 12:18 - 00000000 ___RD () C:\Users\Public 2015-02-27 23:47 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\spool 2015-02-27 23:46 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\registration 2015-02-27 14:54 - 2009-01-16 19:03 - 00000000 ____D () C:\Program Files\Acer 2015-02-26 10:59 - 2011-10-27 21:20 - 00000000 ____D () C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521} 2015-02-26 10:59 - 2011-04-07 22:52 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\HpUpdate 2015-02-26 10:37 - 2013-02-26 12:29 - 00000000 ____D () C:\ProgramData\TuneUp Software 2015-02-25 23:31 - 2013-02-26 12:30 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\TuneUp Software 2015-02-24 23:26 - 2010-09-05 19:34 - 00000000 ____D () C:\Users\Matthias\AppData\Local\CrashDumps 2015-02-24 12:43 - 2009-08-27 21:27 - 00000000 ___RD () C:\Program Files\Skype 2015-02-24 12:43 - 2009-08-27 21:27 - 00000000 ____D () C:\ProgramData\Skype 2015-02-23 12:53 - 2012-01-21 13:37 - 00000000 ____D () C:\Program Files\PDFCreator 2015-02-20 21:10 - 2015-01-24 00:04 - 00001967 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-02-14 18:16 - 2009-06-14 19:56 - 00049664 _____ () C:\Users\Matthias\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-02-12 21:15 - 2010-08-01 18:01 - 00007592 _____ () C:\Users\Matthias\AppData\Local\d3d9caps.dat 2015-02-12 21:12 - 2006-11-02 13:47 - 03684304 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-02-12 16:50 - 2013-07-16 02:06 - 00000000 ____D () C:\Windows\system32\MRT 2015-02-12 10:40 - 2006-11-02 11:24 - 113756392 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2015-02-12 10:38 - 2009-01-16 18:45 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-02-06 00:14 - 2010-07-23 07:11 - 00002633 _____ () C:\Users\Matthias\Desktop\Microsoft Office Excel 2007.lnk 2015-02-05 21:40 - 2012-03-31 08:57 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-02-05 21:40 - 2011-08-01 09:29 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2015-02-04 17:21 - 2014-11-27 22:59 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service ==================== Files in the root of some directories ======= 2009-06-09 08:40 - 2009-06-09 08:38 - 0005250 _____ () C:\Program Files\0x0407.ini 2009-06-09 08:40 - 2009-06-09 08:38 - 14042624 _____ () C:\Program Files\Turbo Lister 2.msi 2011-03-25 21:15 - 2010-10-16 11:50 - 3056008 _____ (Ask) C:\Program Files\Common Files\AskToolbarInstaller.exe 2010-12-14 13:00 - 2012-03-28 09:14 - 1456640 _____ () C:\Program Files\Common Files\Falk Navi-Manager.msi 2011-03-25 21:15 - 2010-01-26 10:11 - 0444283 _____ () C:\Program Files\Common Files\WinPcapNmap.exe 2009-08-13 23:39 - 2009-08-13 23:39 - 0000319 _____ () C:\Users\Matthias\AppData\Roaming\mdb.bin 2010-08-01 18:01 - 2015-02-12 21:15 - 0007592 _____ () C:\Users\Matthias\AppData\Local\d3d9caps.dat 2009-06-14 19:56 - 2015-02-14 18:16 - 0049664 _____ () C:\Users\Matthias\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2009-08-13 20:38 - 2009-08-13 20:38 - 0000096 _____ () C:\Users\Matthias\AppData\Local\fusioncache.dat 2013-02-09 21:29 - 2013-02-09 21:34 - 0005086 _____ () C:\Users\Matthias\AppData\Local\MyWinLockerInstaller.txt-20130209.log 2014-08-10 19:41 - 2014-08-10 19:41 - 0001491 _____ () C:\Users\Matthias\AppData\Local\recently-used.xbel 2011-04-19 10:35 - 2011-04-21 08:42 - 0001940 _____ () C:\Users\Matthias\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini 2010-10-08 10:32 - 2013-03-04 13:45 - 0000148 ___SH () C:\ProgramData\.zreglib 2011-03-25 21:15 - 2010-05-28 22:37 - 0015086 _____ () C:\ProgramData\Amazon.ico 2009-02-21 15:21 - 2009-02-21 15:23 - 0006112 _____ () C:\ProgramData\ArcadeDeluxe2.log 2011-03-25 21:15 - 2011-03-03 15:50 - 0009662 _____ () C:\ProgramData\BeRuby.ico 2009-08-27 21:43 - 2009-08-27 21:43 - 0000056 ____H () C:\ProgramData\ezsidmv.dat 2009-05-26 07:30 - 2012-04-15 22:27 - 0009789 _____ () C:\ProgramData\hpzinstall.log 2014-12-23 00:44 - 2014-12-23 00:48 - 0020531 ____H () C:\ProgramData\M33KI 2011-03-25 21:15 - 2010-07-20 12:53 - 0071926 _____ () C:\ProgramData\MercadoLivre.ico 2009-05-06 20:12 - 2015-03-04 13:16 - 0207414 _____ () C:\ProgramData\nvModes.001 2009-02-21 15:28 - 2015-03-04 11:19 - 0207414 _____ () C:\ProgramData\nvModes.dat 2011-03-25 21:15 - 2010-05-20 11:05 - 0025214 _____ () C:\ProgramData\QuickStores.ico Some content of TEMP: ==================== C:\Users\Matthias\AppData\Local\Temp\RtkBtMnt.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-03-04 13:24 ==================== End Of Log ============================ --- --- --- --- --- --- Wie kann ich den Screenshot hier einfügen? Lieben Gruß pasteur |
05.03.2015, 07:13 | #8 |
/// the machine /// TB-Ausbilder | Vista: Unbekannter Ordner in meinen persönlichen DateienESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
08.03.2015, 16:32 | #9 |
| Vista: Unbekannter Ordner in meinen persönlichen Dateien Hallo Schrauber, hat ein bisschen bei mir gedauert. Hier kommen die Logs Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=d67d4317fbe38c46bd845b0803068032 # engine=22803 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2015-03-08 03:04:57 # local_time=2015-03-08 04:04:57 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1031 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode_1='' # compatibility_mode=5892 16776574 100 100 145449503 263316625 0 0 # scanned=294751 # found=8 # cleaned=0 # scan_time=11724 sh=95826B332BD1AC0543C2BA4DB637D082A994B1E5 ft=1 fh=f3159d8e366dd55a vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Matthias\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\DaemonProcess.exe.vir" sh=749E0C6D85971204E397EAE65ED10A9A4AEF40AB ft=1 fh=ef830199de104882 vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Matthias\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.exe.vir" sh=8E6A6992A3C7FEC4000FA1A4D764DD597109E0B5 ft=1 fh=c71c0011cd00713e vn="Win32/NextLive.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Matthias\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\nengine.dll.vir" sh=93AD648467F47DC2708810D169F26F4A814778C5 ft=1 fh=e589ccabe231da4b vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Matthias\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\New_UpdateMoboGenie.exe.vir" sh=2B71A57C96480FE13CB46A9F319794A0AF697642 ft=1 fh=296865a4b95bf4e8 vn="Variante von Win32/Toolbar.Babylon.W evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Matthias\AppData\Roaming\BabSolution\Shared\enhancedNT.dll.vir" sh=76B997BE33132963D2D177908AB15DC0C69C7E89 ft=1 fh=b39dacf1316c7436 vn="Variante von Win32/Adware.Synatix.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Matthias\AppData\Roaming\Security System 2\data\upd.exe.vir" sh=73098BBBA6CBC76BF206226FBDC659758EAC7F0B ft=1 fh=6c165ff8a046d46e vn="Win32/Adware.Synatix.B Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Matthias\AppData\Roaming\Security System 2\data\ie\ie.dll.vir" sh=21E57DF72BF484727B155E8F0A15D0847EC7B940 ft=1 fh=f723b40fd3c95b67 vn="Variante von Win32/WinloadSDA.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Matthias\Desktop\Downloads\Hotspot-Shield-lnstall.exe" Code:
ATTFilter Results of screen317's Security Check version 0.99.97 Windows Vista Service Pack 2 x86 (UAC is enabled) Internet Explorer 9 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Norton Security WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Java 64-bit 8 Update 31 Adobe Flash Player 16.0.0.305 Adobe Reader 9 Adobe Reader out of Date! Mozilla Firefox (36.0.1) Google Chrome (40.0.2214.111) Google Chrome (40.0.2214.115) ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-03-2015 02 Ran by Matthias (administrator) on MATTHIAS-PC on 08-03-2015 16:20:38 Running from C:\Users\Matthias\Desktop\Downloads Loaded Profiles: Matthias (Available profiles: Matthias & Gast) Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 9 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe () C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe (Adobe Systems Incorporated) C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe () C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Symantec Corporation) C:\Program Files\Norton Identity Safe\Engine\2014.7.8.23\NST.exe (Symantec Corporation) C:\Program Files\Norton Security\Engine\22.1.0.9\NS.exe (NewTech InfoSystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Symantec Corporation) C:\Program Files\Norton Security\Engine\22.1.0.9\NS.exe (Symantec Corporation) C:\Program Files\Norton Identity Safe\Engine\2014.7.8.23\NST.exe () C:\Users\Matthias\Desktop\Core Temp.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (brother) C:\Program Files\Brownie\BrStsWnd.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe (Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Akamai Technologies, Inc.) C:\Users\Matthias\AppData\Local\Akamai\netsession_win.exe (Microsoft Corporation) C:\Program Files\Windows Live\Mail\wlmail.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (Microsoft Corporation) C:\Program Files\Windows Live\Contacts\wlcomm.exe (Akamai Technologies, Inc.) C:\Users\Matthias\AppData\Local\Akamai\netsession_win.exe (brother) C:\Program Files\Brownie\brpjp04a.exe (Realtek Semiconductor Corp.) C:\Users\Matthias\AppData\Local\Temp\RtkBtMnt.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_16_0_0_305_ActiveX.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [6609440 2008-10-31] (Realtek Semiconductor) HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [690720 2008-12-18] (Acer Incorporated) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1398056 2008-11-20] (Synaptics, Inc.) HKLM\...\Run: [BrStsWnd] => C:\Program Files\Brownie\BrstsWnd.exe [880640 2008-09-18] (brother) HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2008-10-31] (Realtek Semiconductor Corp.) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated) HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit HKLM\...\Run: [ToADiMon.exe] => C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe [286720 2010-04-08] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation) HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKU\S-1-5-21-3827918516-2867637020-576463877-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation) HKU\S-1-5-21-3827918516-2867637020-576463877-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Matthias\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.) HKU\S-1-5-21-3827918516-2867637020-576463877-1000\...\Run: [] => [X] HKU\S-1-5-21-3827918516-2867637020-576463877-1000\...\MountPoints2: {19076bdf-bd55-11de-a648-00235a5338e1} - F:\Menu.exe HKU\S-1-5-21-3827918516-2867637020-576463877-1000\...\MountPoints2: {d60af5b2-a679-11df-9129-00235a5338e1} - awb3ryk.exe HKU\S-1-5-21-3827918516-2867637020-576463877-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> Startup: C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\E-Mail - Verknüpfung.lnk ShortcutTarget: E-Mail - Verknüpfung.lnk -> (No File) Startup: C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Calendar.lnk ShortcutTarget: Windows Calendar.lnk -> C:\Program Files\Windows Calendar\WinCal.exe (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0209&m=aspire_5737z HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0209&m=aspire_5737z HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NS&pvid=22.1.0.9 HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NS&pvid=22.1.0.9 HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NS&pvid=22.1.0.9 HKU\S-1-5-21-3827918516-2867637020-576463877-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.benefind.de/ SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3827918516-2867637020-576463877-1000 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE326 SearchScopes: HKU\S-1-5-21-3827918516-2867637020-576463877-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE326 SearchScopes: HKU\S-1-5-21-3827918516-2867637020-576463877-1000 -> {7AE64BE7-E40D-4E58-A1D9-F8DC7719A1DC} URL = hxxp://www.benefind.de/result.html?q={searchTerms} BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated) BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine\22.1.0.9\coIEPlg.dll [2014-12-05] (Symantec Corporation) BHO: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.1.0.9\coIEPlg.dll [2014-12-05] (Symantec Corporation) Toolbar: HKU\S-1-5-21-3827918516-2867637020-576463877-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File Toolbar: HKU\S-1-5-21-3827918516-2867637020-576463877-1000 -> No Name - {CFCB809C-3A22-4616-A916-6C007BD9D920} - No File DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab DPF: {C3E3BB4F-269C-41A3-9F5F-A360E933CAD3} https://as.photoprintit.com/ips-opdata/activex/ImageUploader6.cab DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} https://asp.photoprintit.de/microsite/11093/defaults/activex/ips/IPSUploader4.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 212.27.40.240 212.27.40.241 FireFox: ======== FF ProfilePath: C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\wo64522p.default FF Homepage: hxxp://www.benefind.de/ FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.) FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-16] (Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np_gp.dll [2009-08-07] (NOS Microsystems Ltd.) FF SearchPlugin: C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\wo64522p.default\searchplugins\benefind.xml [2013-12-23] FF Extension: Securita Scout - C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\wo64522p.default\Extensions\plug@securitascout.com [2014-07-13] FF Extension: Microsoft .NET Framework Assistant - C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\wo64522p.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-05-20] FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2015-03-06] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-05-06] FF HKLM\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn FF HKLM\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.8.23\coFFPlgn FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.1.0.9\coFFPlgn FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.1.0.9\coFFPlgn [2015-03-08] FF HKLM\...\Thunderbird\Extensions: [te_7.0@nokia.com] - C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_7.0 FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_7.0 [2011-12-04] Chrome: ======= CHR StartupUrls: Default -> "hxxp://www.benefind.de/" CHR DefaultSearchKeyword: Default -> benefind.de CHR DefaultSearchURL: Default -> hxxp://www.benefind.de/result.html?q={searchTerms} CHR DefaultSuggestURL: Default -> CHR Profile: C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-24] CHR Extension: (Google Docs) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-09] CHR Extension: (Google Drive) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-11-09] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-24] CHR Extension: (YouTube) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-09] CHR Extension: (Google Search) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-09] CHR Extension: (Google Sheets) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-24] CHR Extension: (Norton Identity Safe) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-01-24] CHR Extension: (Google Wallet) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-24] CHR Extension: (Gmail) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-09] CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.1.0.9\Exts\Chrome.crx [2015-01-08] CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - [Not Found] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AAV UpdateService; C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] () R2 AdobeActiveFileMonitor8.0; C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [169312 2009-09-18] (Adobe Systems Incorporated) R2 BUNAgentSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [16384 2008-03-03] (NewTech Infosystems, Inc.) [File not signed] R2 CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [69632 2008-10-04] () [File not signed] R2 ePowerSvc; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [653856 2008-12-18] (Acer Incorporated) R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed] R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed] S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed] R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed] S4 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-12-06] () [File not signed] R2 NCO; C:\Program Files\Norton Identity Safe\Engine\2014.7.8.23\NST.exe [130104 2014-09-20] (Symantec Corporation) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [43520 2006-05-11] (Hewlett-Packard) [File not signed] R2 NS; C:\Program Files\Norton Security\Engine\22.1.0.9\NS.exe [282528 2014-12-10] (Symantec Corporation) R2 NTIBackupSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [45056 2008-04-25] (NewTech InfoSystems, Inc.) [File not signed] R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-25] () [File not signed] R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [52736 2006-05-11] (Hewlett-Packard) [File not signed] S4 RichVideo; C:\Program Files\Cyberlink\Shared files\RichVideo.exe [272024 2007-01-09] () S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 AF15BDA; C:\Windows\System32\DRIVERS\AF15BDA.sys [483200 2010-08-21] (ITETech ) R1 BHDrvx86; C:\Program Files\Norton Security\NortonData\22.1.0.9\Definitions\BASHDefs\20150224.001_4f9\BHDrvx86.sys [1164504 2015-02-24] (Symantec Corporation) R1 ccSet_NS; C:\Windows\system32\drivers\NS\1601000.009\ccSetx86.sys [128728 2014-09-09] (Symantec Corporation) R1 ccSet_NST; C:\Windows\system32\drivers\NST\7DE07080.017\ccSetx86.sys [127064 2013-09-27] (Symantec Corporation) R1 DritekPortIO; C:\Program Files\Launch Manager\DPortIO.sys [20112 2006-11-02] (Dritek System Inc.) R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [378672 2014-11-25] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [111408 2014-11-25] (Symantec Corporation) R1 IDSVix86; C:\Program Files\Norton Security\NortonData\22.1.0.9\Definitions\IPSDefs\20150306.001\IDSvix86.sys [503512 2015-02-26] (Symantec Corporation) S3 MTOnlPktAlyX; C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyX.SYS [19200 2010-08-27] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [File not signed] R3 NAVENG; C:\Program Files\Norton Security\NortonData\22.1.0.9\Definitions\VirusDefs\20150307.003\NAVENG.SYS [95704 2015-02-27] (Symantec Corporation) R3 NAVEX15; C:\Program Files\Norton Security\NortonData\22.1.0.9\Definitions\VirusDefs\20150307.003\NAVEX15.SYS [1636696 2015-02-27] (Symantec Corporation) R2 npf; C:\Windows\System32\drivers\npf.sys [50704 2010-01-27] (CACE Technologies, Inc.) R3 SRTSP; C:\Windows\system32\drivers\NS\1601000.009\SRTSP.SYS [699608 2014-12-02] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\NS\1601000.009\SRTSPX.SYS [36056 2014-12-02] (Symantec Corporation) S3 StarOpen; C:\Windows\system32\Drivers\StarOpen.sys [7168 2009-09-28] () [File not signed] R0 SymDS; C:\Windows\System32\drivers\NS\1601000.009\SYMDS.SYS [364760 2014-09-09] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\NS\1601000.009\SYMEFA.SYS [939224 2014-09-09] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [94424 2015-01-08] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\NS\1601000.009\Ironx86.SYS [212696 2014-09-09] (Symantec Corporation) R1 SYMTDIv; C:\Windows\system32\drivers\NS\1601000.009\SYMTDIV.SYS [358104 2014-09-09] (Symantec Corporation) S3 usbscan; C:\Windows\System32\DRIVERS\usbscan.sys [12400 1999-10-13] (Microsoft Corporation) [File not signed] R3 ALSysIO; \??\C:\Users\Matthias\AppData\Local\Temp\ALSysIO.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] S3 taphss6; system32\DRIVERS\taphss6.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-08 00:47 - 2015-03-08 00:47 - 00000000 ____D () C:\Program Files\ESET 2015-03-07 22:21 - 2015-03-07 22:21 - 00013875 _____ () C:\Users\Matthias\Desktop\Sicherungskopie von KV-Norton.wbk 2015-03-07 21:03 - 2015-03-07 21:03 - 00000910 _____ () C:\Users\Matthias\Desktop\checkup.txt 2015-03-07 00:10 - 2015-03-07 00:10 - 00026624 _____ () C:\Users\Matthias\Desktop\Sicherungskopie von Bitte oder frommer Wunsch.wbk 2015-03-06 18:16 - 2015-03-06 18:17 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2015-03-04 22:12 - 2015-03-04 22:12 - 00000764 _____ () C:\Users\Matthias\Desktop\TechPowerUp GPU-Z.lnk 2015-03-04 22:12 - 2015-03-04 22:12 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TechPowerUp GPU-Z 2015-03-04 22:12 - 2015-03-04 22:12 - 00000000 ____D () C:\Program Files\GPU-Z 2015-03-04 18:39 - 2015-03-04 18:39 - 00000829 _____ () C:\Users\Matthias\Desktop\JRT.txt 2015-03-04 13:52 - 2015-03-04 13:52 - 00001240 _____ () C:\Users\Matthias\Desktop\mbam 04-03-15.txt 2015-03-04 12:46 - 2015-03-04 13:22 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-03-04 12:45 - 2015-03-04 12:45 - 00000903 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-03-04 12:45 - 2015-03-04 12:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-03-04 12:45 - 2015-03-04 12:45 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2015-03-04 12:45 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-03-04 12:45 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-03-04 12:45 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-03-04 12:44 - 2015-03-04 12:44 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Matthias\Desktop\mbam-setup-2.0.4.1028.exe 2015-03-04 11:51 - 2015-03-04 12:41 - 00001061 _____ () C:\Users\Matthias\Desktop\Revo Uninstaller.lnk 2015-03-04 11:51 - 2015-03-04 11:51 - 00000000 ____D () C:\Program Files\VS Revo Group 2015-03-04 11:39 - 2015-03-04 11:39 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Matthias\Desktop\revosetup95.exe 2015-03-03 17:00 - 2015-03-03 17:00 - 00047220 _____ () C:\Users\Matthias\Desktop\Addition.txt 2015-03-03 16:21 - 2015-03-08 16:20 - 00000000 ____D () C:\FRST 2015-03-03 16:21 - 2015-03-04 18:45 - 00038248 _____ () C:\Users\Matthias\Desktop\FRST.txt 2015-02-28 11:18 - 2015-02-28 11:18 - 00002400 _____ () C:\AdwCleaner[R1].txt 2015-02-28 11:03 - 2008-11-20 17:39 - 00204464 _____ (Synaptics, Inc.) C:\Windows\system32\Drivers\SynTP.sys 2015-02-28 11:03 - 2008-11-20 17:38 - 00206120 _____ (Synaptics, Inc.) C:\Windows\system32\SynCtrl.dll 2015-02-28 11:03 - 2008-11-20 17:38 - 00161064 _____ (Synaptics, Inc.) C:\Windows\system32\SynTPAPI.dll 2015-02-28 11:03 - 2008-11-20 17:38 - 00120104 _____ (Synaptics, Inc.) C:\Windows\system32\SynTPCo4.dll 2015-02-28 10:47 - 2015-02-28 10:45 - 00176552 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2015-02-28 10:47 - 2015-02-28 10:45 - 00176552 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2015-02-28 00:04 - 2015-03-04 13:59 - 00000000 ____D () C:\AdwCleaner 2015-02-28 00:02 - 2015-02-28 00:03 - 02126848 _____ () C:\Users\Matthias\Desktop\adwcleaner_4.111.exe 2015-02-26 19:57 - 2015-02-26 19:57 - 00000053 _____ () C:\Windows\SynInst.log 2015-02-25 23:31 - 2015-02-25 23:31 - 00000000 ____D () C:\Users\Matthias\AppData\Local\TuneUp Software 2015-02-25 23:27 - 2015-02-26 10:59 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} 2015-02-25 20:56 - 2015-02-25 20:56 - 00000000 ____D () C:\Users\Matthias\AppData\Local\PDFCreator 2015-02-25 10:00 - 2015-02-25 10:00 - 00000000 ____D () C:\Program Files\Common Files\Java(1) 2015-02-23 12:53 - 2015-02-27 23:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator 2015-02-23 12:53 - 2015-02-23 12:53 - 00000832 _____ () C:\Users\Public\Desktop\PDFCreator.lnk 2015-02-13 17:59 - 2015-01-23 04:00 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-02-13 17:59 - 2015-01-23 03:51 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-02-12 10:39 - 2014-11-26 03:05 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2015-02-12 10:38 - 2015-01-13 02:39 - 00974848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2015-02-12 10:38 - 2015-01-09 01:20 - 02063360 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-02-12 10:34 - 2015-01-15 05:13 - 00440760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-02-12 10:34 - 2014-12-08 02:59 - 00306176 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll 2015-02-11 17:18 - 2015-01-14 02:51 - 12371456 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-02-11 17:18 - 2015-01-14 02:49 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-02-11 17:18 - 2015-01-14 02:46 - 09742336 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-02-11 17:18 - 2015-01-14 02:43 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-02-11 17:18 - 2015-01-14 02:42 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-02-11 17:18 - 2015-01-14 02:42 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-02-11 17:18 - 2015-01-14 02:41 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-02-11 17:18 - 2015-01-14 02:41 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-02-11 17:18 - 2015-01-14 02:41 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-02-11 17:18 - 2015-01-14 02:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2015-02-11 17:18 - 2015-01-14 02:41 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-02-11 17:18 - 2015-01-14 02:41 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-02-11 17:18 - 2015-01-14 02:40 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-02-11 17:18 - 2015-01-14 02:40 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-02-11 17:18 - 2015-01-14 02:40 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-02-11 17:18 - 2015-01-14 02:40 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-02-11 17:18 - 2015-01-14 02:40 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-02-11 17:18 - 2015-01-14 02:40 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2015-02-11 17:18 - 2015-01-14 02:40 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2015-02-11 17:18 - 2015-01-14 02:40 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2015-02-08 17:35 - 2015-03-07 23:20 - 00001340 _____ () C:\Users\Matthias\Desktop\CoreTemp.ini 2015-02-08 17:35 - 2013-10-08 13:22 - 00794272 _____ () C:\Users\Matthias\Desktop\Core Temp.exe 2015-02-08 17:28 - 2015-02-08 17:28 - 00734473 _____ () C:\Users\Matthias\Desktop\CoreTemp_106.zip ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-08 16:14 - 2015-01-24 00:03 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-03-08 15:40 - 2013-10-15 11:05 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-03-08 15:28 - 2009-02-21 15:19 - 01870872 _____ () C:\Windows\WindowsUpdate.log 2015-03-08 15:12 - 2009-09-13 17:35 - 00000330 _____ () C:\Windows\Brownie.ini 2015-03-08 15:11 - 2015-01-24 00:03 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-03-08 15:08 - 2009-05-06 20:12 - 00207414 _____ () C:\ProgramData\nvModes.001 2015-03-08 15:08 - 2009-01-16 19:58 - 00000147 _____ () C:\Windows\system32\agent.log 2015-03-08 15:08 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-03-08 15:08 - 2006-11-02 13:47 - 00003344 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2015-03-08 15:08 - 2006-11-02 13:47 - 00003344 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2015-03-08 06:02 - 2006-11-02 14:01 - 00032578 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-03-07 23:22 - 2008-01-21 08:16 - 01674410 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-03-07 21:13 - 2009-08-02 17:39 - 00002631 _____ () C:\Users\Matthias\Desktop\Microsoft Office Word 2007.lnk 2015-03-07 18:55 - 2009-01-16 19:56 - 00000000 ____D () C:\Program Files\Common Files\LightScribe 2015-03-07 07:59 - 2009-02-21 15:28 - 00207414 _____ () C:\ProgramData\nvModes.dat 2015-03-07 07:41 - 2014-11-27 22:59 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2015-03-06 20:56 - 2009-08-27 21:36 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\Skype 2015-03-06 16:36 - 2011-11-10 21:54 - 00000000 ____D () C:\Users\Matthias\AppData\Local\Akamai 2015-03-06 16:36 - 2009-09-13 17:36 - 00000000 ____D () C:\Program Files\Brownie 2015-03-05 18:47 - 2009-11-30 21:17 - 00000000 ____D () C:\eg 2015-03-04 21:50 - 2014-10-01 09:15 - 00002379 _____ () C:\Users\Public\Desktop\Skype.lnk 2015-03-04 13:00 - 2008-01-21 03:47 - 02827708 _____ () C:\Windows\PFRO.log 2015-03-04 12:17 - 2010-10-08 11:11 - 00000000 ____D () C:\Program Files\SlySoft 2015-03-03 16:19 - 2009-05-06 20:12 - 00000000 ____D () C:\Users\Matthias 2015-03-03 14:32 - 2014-01-29 18:53 - 00000000 ____D () C:\Users\Matthias\.gimp-2.8 2015-03-03 13:22 - 2009-09-13 17:36 - 00000034 _____ () C:\Windows\system32\BD2150N.DAT 2015-03-01 23:29 - 2009-08-30 20:52 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\vlc 2015-02-28 11:59 - 2011-03-24 21:08 - 00000000 ____D () C:\Program Files\Java 2015-02-28 11:05 - 2009-02-21 15:19 - 00063094 _____ () C:\Windows\DPINST.LOG 2015-02-28 11:05 - 2006-11-02 13:52 - 00262190 _____ () C:\Windows\setupact.log 2015-02-28 10:48 - 2013-09-23 21:51 - 00000000 ____D () C:\ProgramData\Oracle 2015-02-28 10:45 - 2014-11-04 21:26 - 00272296 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2015-02-27 23:48 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\Msdtc 2015-02-27 23:48 - 2006-11-02 11:22 - 59244544 _____ () C:\Windows\system32\config\software_previous 2015-02-27 23:48 - 2006-11-02 11:22 - 46661632 _____ () C:\Windows\system32\config\components_previous 2015-02-27 23:48 - 2006-11-02 11:22 - 35651584 _____ () C:\Windows\system32\config\system_previous 2015-02-27 23:48 - 2006-11-02 11:22 - 00524288 _____ () C:\Windows\system32\config\default_previous 2015-02-27 23:48 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\security_previous 2015-02-27 23:48 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\sam_previous 2015-02-27 23:47 - 2013-02-26 11:56 - 00000000 __SHD () C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936} 2015-02-27 23:47 - 2009-08-30 20:52 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\dvdcss 2015-02-27 23:47 - 2009-08-22 11:12 - 00000000 ____D () C:\Users\Gast 2015-02-27 23:47 - 2009-07-11 13:08 - 00000000 ____D () C:\Users\Matthias\AppData\Local\Microsoft Help 2015-02-27 23:47 - 2006-11-02 12:18 - 00000000 ___RD () C:\Users\Public 2015-02-27 23:47 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\spool 2015-02-27 23:46 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\registration 2015-02-27 14:54 - 2009-01-16 19:03 - 00000000 ____D () C:\Program Files\Acer 2015-02-26 10:59 - 2011-10-27 21:20 - 00000000 ____D () C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521} 2015-02-26 10:59 - 2011-04-07 22:52 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\HpUpdate 2015-02-26 10:37 - 2013-02-26 12:29 - 00000000 ____D () C:\ProgramData\TuneUp Software 2015-02-25 23:31 - 2013-02-26 12:30 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\TuneUp Software 2015-02-24 23:26 - 2010-09-05 19:34 - 00000000 ____D () C:\Users\Matthias\AppData\Local\CrashDumps 2015-02-24 12:43 - 2009-08-27 21:27 - 00000000 ___RD () C:\Program Files\Skype 2015-02-24 12:43 - 2009-08-27 21:27 - 00000000 ____D () C:\ProgramData\Skype 2015-02-23 12:53 - 2012-01-21 13:37 - 00000000 ____D () C:\Program Files\PDFCreator 2015-02-20 21:10 - 2015-01-24 00:04 - 00001967 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-02-14 18:16 - 2009-06-14 19:56 - 00049664 _____ () C:\Users\Matthias\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-02-12 21:15 - 2010-08-01 18:01 - 00007592 _____ () C:\Users\Matthias\AppData\Local\d3d9caps.dat 2015-02-12 21:12 - 2006-11-02 13:47 - 03684304 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-02-12 16:50 - 2013-07-16 02:06 - 00000000 ____D () C:\Windows\system32\MRT 2015-02-12 10:40 - 2006-11-02 11:24 - 113756392 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2015-02-12 10:38 - 2009-01-16 18:45 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-02-06 00:14 - 2010-07-23 07:11 - 00002633 _____ () C:\Users\Matthias\Desktop\Microsoft Office Excel 2007.lnk ==================== Files in the root of some directories ======= 2009-06-09 08:40 - 2009-06-09 08:38 - 0005250 _____ () C:\Program Files\0x0407.ini 2009-06-09 08:40 - 2009-06-09 08:38 - 14042624 _____ () C:\Program Files\Turbo Lister 2.msi 2011-03-25 21:15 - 2010-10-16 11:50 - 3056008 _____ (Ask) C:\Program Files\Common Files\AskToolbarInstaller.exe 2010-12-14 13:00 - 2012-03-28 09:14 - 1456640 _____ () C:\Program Files\Common Files\Falk Navi-Manager.msi 2011-03-25 21:15 - 2010-01-26 10:11 - 0444283 _____ () C:\Program Files\Common Files\WinPcapNmap.exe 2009-08-13 23:39 - 2009-08-13 23:39 - 0000319 _____ () C:\Users\Matthias\AppData\Roaming\mdb.bin 2010-08-01 18:01 - 2015-02-12 21:15 - 0007592 _____ () C:\Users\Matthias\AppData\Local\d3d9caps.dat 2009-06-14 19:56 - 2015-02-14 18:16 - 0049664 _____ () C:\Users\Matthias\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2009-08-13 20:38 - 2009-08-13 20:38 - 0000096 _____ () C:\Users\Matthias\AppData\Local\fusioncache.dat 2013-02-09 21:29 - 2013-02-09 21:34 - 0005086 _____ () C:\Users\Matthias\AppData\Local\MyWinLockerInstaller.txt-20130209.log 2014-08-10 19:41 - 2014-08-10 19:41 - 0001491 _____ () C:\Users\Matthias\AppData\Local\recently-used.xbel 2011-04-19 10:35 - 2011-04-21 08:42 - 0001940 _____ () C:\Users\Matthias\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini 2010-10-08 10:32 - 2013-03-04 13:45 - 0000148 ___SH () C:\ProgramData\.zreglib 2011-03-25 21:15 - 2010-05-28 22:37 - 0015086 _____ () C:\ProgramData\Amazon.ico 2009-02-21 15:21 - 2009-02-21 15:23 - 0006112 _____ () C:\ProgramData\ArcadeDeluxe2.log 2011-03-25 21:15 - 2011-03-03 15:50 - 0009662 _____ () C:\ProgramData\BeRuby.ico 2009-08-27 21:43 - 2009-08-27 21:43 - 0000056 ____H () C:\ProgramData\ezsidmv.dat 2009-05-26 07:30 - 2012-04-15 22:27 - 0009789 _____ () C:\ProgramData\hpzinstall.log 2014-12-23 00:44 - 2014-12-23 00:48 - 0020531 ____H () C:\ProgramData\M33KI 2011-03-25 21:15 - 2010-07-20 12:53 - 0071926 _____ () C:\ProgramData\MercadoLivre.ico 2009-05-06 20:12 - 2015-03-08 15:08 - 0207414 _____ () C:\ProgramData\nvModes.001 2009-02-21 15:28 - 2015-03-07 07:59 - 0207414 _____ () C:\ProgramData\nvModes.dat 2011-03-25 21:15 - 2010-05-20 11:05 - 0025214 _____ () C:\ProgramData\QuickStores.ico Some content of TEMP: ==================== C:\Users\Matthias\AppData\Local\Temp\RtkBtMnt.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-03-08 15:17 ==================== End Of Log ============================ --- --- --- Neuerdings lassen sich alle Dateien des bewussten Ordners, zu dem ich meine Anfrage gestartet hatte, öffnen. Wie ist das möglich? Auch die Bilder werden angezeigt. Es handelt sich ganz offensichtlich wirklich um ein Windows-update. Mir ist nur etwas rätselhaft, wie das auf D: landen konnte, da es eigentlich auf C: gehört. Es gibt noch ein Problem, das ich aber nicht mit Malware in Verbindung bringe. Der Laptop (ACER Aspire 5737Z) stürzt in letzter Zeit immer mal ab. Regelmäßig passiert das inzwischen bei der Nutzung von Skype. In der Regel arbeitet vorher der Lüfter sehr intensiv. Meine Vermutung ist, dass der Lüfter gereinigt werden müsste, bzw. die Wärmeleitpads zu überprüfen sind. Der Laptop ist 6 Jahre alt. (Meine Frau hat den gleichen Rechner mit selbem Alter. Da trat das Problem etwas eher auf, besonders beim Streaming aus Mediatheken von ZDF du ARD. Sie arbeitet aber auch mehr mit dem Laptop und in ihrem Arbeitszimmer macht es sich die Katze oft gemütlich.) Ich habe bei mir CoreTemp installiert. Die beiden CPU kommen immer mal etwas über 90 Grad. Gestern habe ich dann beim Skypen mal experimentiert. Der Rechner stieg aus, während CoreTemp nur 83 Grad anzeigte. Vielleicht ist es dann doch die Kühlung der Graphikkarte, oder was da auch immer drin passieren kann? Um zu sehen, was da los ist, habe ich TechPowerUP GPU-Z installiert. Doch da komme ich an meine Grenzen, weil ich mit den ausgelesenen Daten nicht klarkomme. Kannst Du mir da noch weiter helfen? Oder hilft da nur der Weg in die Werkstatt? Leider ist das Teil ziemlich verbaut. Der Lüfter hat keine Serviceklappe, man müsste den ganzen Laptop auseinander nehmen. Lieben Gruß und vielen Dank Pasteur |
08.03.2015, 19:23 | #10 |
/// the machine /// TB-Ausbilder | Vista: Unbekannter Ordner in meinen persönlichen Dateien Adobe updaten. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Users\Matthias\Desktop\Downloads\Hotspot-Shield-lnstall.exe Emptytemp: Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Mit dem Problem mal bei uns hier im Hardwarebereich anfragen, aber ein Weg in die Werkstatt bleibt dir nicht erspart denke ich. Selbst 83 Grad sind schon extrem.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
09.03.2015, 13:02 | #11 |
| Vista: Unbekannter Ordner in meinen persönlichen Dateien Hallo Schrauber, ich glaub ich habe eien Fehler gemacht, denn ich habe die Hotspot Shield Install.exe in den letzten Tagen gelöscht, als ich sie dort sah. Ich hatte die Datei im August bei Chip runtergeladen und brauchte sie jetzt nicht mehr. Entsprechend ist der Scan jetz ohne Ergebnis Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 08-03-2015 02 Ran by Matthias at 2015-03-09 12:41:25 Run:1 Running from C:\Users\Matthias\Desktop\Downloads Loaded Profiles: Matthias (Available profiles: Matthias & Gast) Boot Mode: Normal ============================================== Content of fixlist: ***************** C:\Users\Matthias\Desktop\Downloads\Hotspot-Shield-lnstall.exe Emptytemp: ***************** "C:\Users\Matthias\Desktop\Downloads\Hotspot-Shield-lnstall.exe" => File/Directory not found. EmptyTemp: => Removed 1.2 GB temporary data. The system needed a reboot. ==== End of Fixlog 12:44:05 ==== pasteur |
09.03.2015, 19:00 | #12 |
/// the machine /// TB-Ausbilder | Vista: Unbekannter Ordner in meinen persönlichen Dateien passt. Cleanup: (Die Reihenfolge ist hier entscheidend) Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken. Falls Combofix verwendet wurde: Combofix deinstallieren
Alle Logs gepostet? Dann lade Dir bitte DelFix herunter.
Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst. Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen. Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...und/oder das Forum mit einer kleinen Spende unterstützen. Absicherung: Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen: Browser Java Flash-Player PDF-Reader Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren. Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen. Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig. Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank. Meine Empfehlung: Emsisoft Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen. Optional: NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen. Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen. Lade Software von einem sauberen Portal wie . Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen. Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner . Abschließend noch ein paar grundsätzliche Bemerkungen: Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems. Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu Vista: Unbekannter Ordner in meinen persönlichen Dateien |
ahnung, befinden, bekannter, dateien, einiger, festplatte, festplattenpartition, löschen, malware, namen, nicht löschbar, nicht löschen, ordner, ordnern, partition, persönliche, persönlichen, platte, rechner, stellige, system, unbekannter, unbekannter ordner, vista, weiteren, zahlen, zwischen |