| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Vista: Unbekannter Ordner in meinen persönlichen DateienWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
03.03.2015, 15:16
| #1 |
| |  Vista: Unbekannter Ordner in meinen persönlichen Dateien Meine persönlichen Dateien speichere ich in der Festplattenpartition „D“. Das System läuft auf „C“. Seit einiger Zeit findet sich zwischen den Ordnern ein von mir nicht angelegter Ordner mit dem Namen dd89f1be96b5e1ab75dd4407c426. Der Ordner lässt sich nicht löschen oder verschieben. Die Unterordner bestehen aus 4stelligen Zahlen und lassen sich nicht öffnen. In einem Ordner Graphics befinden sich Dateien mit der Endung ico, die sich mit Gimp nicht öffnen lassen. Es existiert neben weiteren Dateien ein Windows-Installer-Patch NDP40-KB2836939.msp. Mein Rechner läuft mit der jeweils aktuellesten Norten-Versinon. Der AdwareCleaner zeigt den Ordner nicht als Malware an. Hat jemand eine Ahnung, um was es sich da handeln kann? |
|
03.03.2015, 15:24
| #2 |
| /// the machine /// TB-Ausbilder    | Vista: Unbekannter Ordner in meinen persönlichen Dateien hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
03.03.2015, 15:50
| #3 |
| | Vista: Unbekannter Ordner in meinen persönlichen Dateien Danke, für die schnelle Antwort. Norton löscht sofort nach dem Download von frst.exe die Datei mit dem Hinweis auf die Bedrohung Suspicious.cloud.7.EP
__________________ |
|
03.03.2015, 16:46
| #4 |
| /// the machine /// TB-Ausbilder | Vista: Unbekannter Ordner in meinen persönlichen Dateien Jo, weil Norton sau doof is. Norton aus, oder besser, Norton deinstallieren und nen Bogen drum machen 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
03.03.2015, 17:10
| #5 |
| | Vista: Unbekannter Ordner in meinen persönlichen Dateien Danke, Schrauber, hab Norton abgeschaltet und jetzt kommen die beiden Datein: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-03-2015
Ran by Matthias (administrator) on MATTHIAS-PC on 03-03-2015 16:21:57
Running from C:\Users\Matthias\Desktop\Downloads
Loaded Profiles: Matthias (Available profiles: Matthias & Gast)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
() C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Symantec Corporation) C:\Program Files\Norton Identity Safe\Engine\2014.7.8.23\NST.exe
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.1.0.9\NS.exe
(NewTech InfoSystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
() C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Symantec Corporation) C:\Program Files\Norton Identity Safe\Engine\2014.7.8.23\NST.exe
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.1.0.9\NS.exe
() C:\Users\Matthias\Desktop\Core Temp.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(brother) C:\Program Files\Brownie\BrStsWnd.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Deutsche Telekom AG, Marmiko IT-Solutions GmbH) C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Akamai Technologies, Inc.) C:\Users\Matthias\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Mail\wlmail.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Contacts\wlcomm.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(brother) C:\Program Files\Brownie\brpjp04a.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Akamai Technologies, Inc.) C:\Users\Matthias\AppData\Local\Akamai\netsession_win.exe
(Realtek Semiconductor Corp.) C:\Users\Matthias\AppData\Local\Temp\RtkBtMnt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_16_0_0_305_ActiveX.exe
() C:\Users\Matthias\Downloads\frst.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [6609440 2008-10-31] (Realtek Semiconductor)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [690720 2008-12-18] (Acer Incorporated)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1398056 2008-11-20] (Synaptics, Inc.)
HKLM\...\Run: [BrStsWnd] => C:\Program Files\Brownie\BrstsWnd.exe [880640 2008-09-18] (brother)
HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2008-10-31] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [ToADiMon.exe] => C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe [286720 2010-04-08] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKU\S-1-5-21-3827918516-2867637020-576463877-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-3827918516-2867637020-576463877-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Matthias\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3827918516-2867637020-576463877-1000\...\Run: [] => [X]
HKU\S-1-5-21-3827918516-2867637020-576463877-1000\...\MountPoints2: {19076bdf-bd55-11de-a648-00235a5338e1} - F:\Menu.exe
HKU\S-1-5-21-3827918516-2867637020-576463877-1000\...\MountPoints2: {d60af5b2-a679-11df-9129-00235a5338e1} - awb3ryk.exe
HKU\S-1-5-21-3827918516-2867637020-576463877-1000\Control Panel\Desktop\\SCRNSAVE.EXE ->
Startup: C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\E-Mail - Verknüpfung.lnk
ShortcutTarget: E-Mail - Verknüpfung.lnk -> (No File)
Startup: C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Calendar.lnk
ShortcutTarget: Windows Calendar.lnk -> C:\Program Files\Windows Calendar\WinCal.exe (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0209&m=aspire_5737z
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0209&m=aspire_5737z
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NS&pvid=22.1.0.9
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NS&pvid=22.1.0.9
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NS&pvid=22.1.0.9
HKU\S-1-5-21-3827918516-2867637020-576463877-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.benefind.de/
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3827918516-2867637020-576463877-1000 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE326
SearchScopes: HKU\S-1-5-21-3827918516-2867637020-576463877-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE326
SearchScopes: HKU\S-1-5-21-3827918516-2867637020-576463877-1000 -> {7AE64BE7-E40D-4E58-A1D9-F8DC7719A1DC} URL = hxxp://www.benefind.de/result.html?q={searchTerms}
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine\22.1.0.9\coIEPlg.dll (Symantec Corporation)
BHO: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.1.0.9\coIEPlg.dll (Symantec Corporation)
Toolbar: HKU\S-1-5-21-3827918516-2867637020-576463877-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKU\S-1-5-21-3827918516-2867637020-576463877-1000 -> No Name - {CFCB809C-3A22-4616-A916-6C007BD9D920} - No File
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {C3E3BB4F-269C-41A3-9F5F-A360E933CAD3} https://as.photoprintit.com/ips-opdata/activex/ImageUploader6.cab
DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} https://asp.photoprintit.de/microsite/11093/defaults/activex/ips/IPSUploader4.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 212.27.40.240 212.27.40.241
FireFox:
========
FF ProfilePath: C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\wo64522p.default
FF Homepage: hxxp://www.benefind.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np_gp.dll (NOS Microsystems Ltd.)
FF SearchPlugin: C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\wo64522p.default\searchplugins\benefind.xml
FF Extension: Securita Scout - C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\wo64522p.default\Extensions\plug@securitascout.com [2014-07-13]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\wo64522p.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-05-20]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2015-01-26]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-05-06]
FF HKLM\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
FF HKLM\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.8.23\coFFPlgn
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.1.0.9\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.1.0.9\coFFPlgn [2015-03-03]
FF HKLM\...\Thunderbird\Extensions: [te_7.0@nokia.com] - C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_7.0
FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_7.0 [2011-12-04]
Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.benefind.de/"
CHR DefaultSearchKeyword: Default -> benefind.de
CHR DefaultSearchURL: Default -> hxxp://www.benefind.de/result.html?q={searchTerms}
CHR DefaultSuggestURL: Default ->
CHR Profile: C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-24]
CHR Extension: (Google Docs) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-09]
CHR Extension: (Google Drive) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-11-09]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-24]
CHR Extension: (YouTube) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-09]
CHR Extension: (Google Search) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-09]
CHR Extension: (Google Sheets) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-24]
CHR Extension: (Norton Identity Safe) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-01-24]
CHR Extension: (Google Wallet) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-24]
CHR Extension: (Gmail) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-09]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.1.0.9\Exts\Chrome.crx [2015-01-08]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - [Not Found]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AAV UpdateService; C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 AdobeActiveFileMonitor8.0; C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [169312 2009-09-18] (Adobe Systems Incorporated)
R2 BUNAgentSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [16384 2008-03-03] (NewTech Infosystems, Inc.) [File not signed]
R2 CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [69632 2008-10-04] () [File not signed]
R2 ePowerSvc; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [653856 2008-12-18] (Acer Incorporated)
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed]
S4 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-12-06] () [File not signed]
R2 NCO; C:\Program Files\Norton Identity Safe\Engine\2014.7.8.23\NST.exe [130104 2014-09-20] (Symantec Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [43520 2006-05-11] (Hewlett-Packard) [File not signed]
R2 NS; C:\Program Files\Norton Security\Engine\22.1.0.9\NS.exe [282528 2014-12-10] (Symantec Corporation)
R2 NTIBackupSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [45056 2008-04-25] (NewTech InfoSystems, Inc.) [File not signed]
R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-25] () [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [52736 2006-05-11] (Hewlett-Packard) [File not signed]
S4 RichVideo; C:\Program Files\Cyberlink\Shared files\RichVideo.exe [272024 2007-01-09] ()
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 AF15BDA; C:\Windows\System32\DRIVERS\AF15BDA.sys [483200 2010-08-21] (ITETech )
R1 BHDrvx86; C:\Program Files\Norton Security\NortonData\22.1.0.9\Definitions\BASHDefs\20150224.001_4f9\BHDrvx86.sys [1164504 2015-02-24] (Symantec Corporation)
R1 ccSet_NS; C:\Windows\system32\drivers\NS\1601000.009\ccSetx86.sys [128728 2014-09-09] (Symantec Corporation)
R1 ccSet_NST; C:\Windows\system32\drivers\NST\7DE07080.017\ccSetx86.sys [127064 2013-09-27] (Symantec Corporation)
R1 DritekPortIO; C:\Program Files\Launch Manager\DPortIO.sys [20112 2006-11-02] (Dritek System Inc.)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [378672 2014-11-25] (Symantec Corporation)
R3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [34760 2007-02-16] (SlySoft, Inc.)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [31088 2010-12-16] (Elaborate Bytes AG)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [111408 2014-11-25] (Symantec Corporation)
R1 IDSVix86; C:\Program Files\Norton Security\NortonData\22.1.0.9\Definitions\IPSDefs\20150302.001\IDSvix86.sys [503512 2015-02-26] (Symantec Corporation)
S3 MTOnlPktAlyX; C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyX.SYS [19200 2010-08-27] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [File not signed]
R3 NAVENG; C:\Program Files\Norton Security\NortonData\22.1.0.9\Definitions\VirusDefs\20150302.034\NAVENG.SYS [95704 2015-02-27] (Symantec Corporation)
R3 NAVEX15; C:\Program Files\Norton Security\NortonData\22.1.0.9\Definitions\VirusDefs\20150302.034\NAVEX15.SYS [1636696 2015-02-27] (Symantec Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [50704 2010-01-27] (CACE Technologies, Inc.)
R3 SRTSP; C:\Windows\system32\drivers\NS\1601000.009\SRTSP.SYS [699608 2014-12-02] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NS\1601000.009\SRTSPX.SYS [36056 2014-12-02] (Symantec Corporation)
S3 StarOpen; C:\Windows\system32\Drivers\StarOpen.sys [7168 2009-09-28] () [File not signed]
R0 SymDS; C:\Windows\System32\drivers\NS\1601000.009\SYMDS.SYS [364760 2014-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NS\1601000.009\SYMEFA.SYS [939224 2014-09-09] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [94424 2015-01-08] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NS\1601000.009\Ironx86.SYS [212696 2014-09-09] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\system32\drivers\NS\1601000.009\SYMTDIV.SYS [358104 2014-09-09] (Symantec Corporation)
R3 usbscan; C:\Windows\System32\DRIVERS\usbscan.sys [12400 1999-10-13] (Microsoft Corporation) [File not signed]
R3 ALSysIO; \??\C:\Users\Matthias\AppData\Local\Temp\ALSysIO.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 taphss6; system32\DRIVERS\taphss6.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-03 16:21 - 2015-03-03 16:22 - 00000000 ____D () C:\FRST
2015-02-28 11:18 - 2015-02-28 11:18 - 00002400 _____ () C:\AdwCleaner[R1].txt
2015-02-28 11:03 - 2008-11-20 17:39 - 00204464 _____ (Synaptics, Inc.) C:\Windows\system32\Drivers\SynTP.sys
2015-02-28 11:03 - 2008-11-20 17:38 - 00206120 _____ (Synaptics, Inc.) C:\Windows\system32\SynCtrl.dll
2015-02-28 11:03 - 2008-11-20 17:38 - 00161064 _____ (Synaptics, Inc.) C:\Windows\system32\SynTPAPI.dll
2015-02-28 11:03 - 2008-11-20 17:38 - 00120104 _____ (Synaptics, Inc.) C:\Windows\system32\SynTPCo4.dll
2015-02-28 10:47 - 2015-02-28 10:45 - 00176552 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2015-02-28 10:47 - 2015-02-28 10:45 - 00176552 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2015-02-28 00:04 - 2015-03-03 15:19 - 00000000 ____D () C:\AdwCleaner
2015-02-28 00:02 - 2015-02-28 00:03 - 02126848 _____ () C:\Users\Matthias\Desktop\adwcleaner_4.111.exe
2015-02-26 19:57 - 2015-02-26 19:57 - 00000053 _____ () C:\Windows\SynInst.log
2015-02-25 23:31 - 2015-02-25 23:31 - 00000000 ____D () C:\Users\Matthias\AppData\Local\TuneUp Software
2015-02-25 23:27 - 2015-02-26 10:59 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2015-02-25 20:56 - 2015-02-25 20:56 - 00000000 ____D () C:\Users\Matthias\AppData\Local\PDFCreator
2015-02-25 10:00 - 2015-02-25 10:00 - 00000000 ____D () C:\Program Files\Common Files\Java(1)
2015-02-23 12:53 - 2015-02-27 23:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2015-02-23 12:53 - 2015-02-23 12:53 - 00000832 _____ () C:\Users\Public\Desktop\PDFCreator.lnk
2015-02-13 17:59 - 2015-01-23 04:00 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-13 17:59 - 2015-01-23 03:51 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-12 10:39 - 2014-11-26 03:05 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-12 10:38 - 2015-01-13 02:39 - 00974848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-12 10:38 - 2015-01-09 01:20 - 02063360 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-12 10:34 - 2015-01-15 05:13 - 00440760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-12 10:34 - 2014-12-08 02:59 - 00306176 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 17:18 - 2015-01-14 02:51 - 12371456 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 17:18 - 2015-01-14 02:49 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-02-11 17:18 - 2015-01-14 02:46 - 09742336 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 17:18 - 2015-01-14 02:43 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 17:18 - 2015-01-14 02:42 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 17:18 - 2015-01-14 02:42 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 17:18 - 2015-01-14 02:41 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 17:18 - 2015-01-14 02:41 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 17:18 - 2015-01-14 02:41 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 17:18 - 2015-01-14 02:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-02-11 17:18 - 2015-01-14 02:41 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 17:18 - 2015-01-14 02:41 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 17:18 - 2015-01-14 02:40 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 17:18 - 2015-01-14 02:40 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 17:18 - 2015-01-14 02:40 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 17:18 - 2015-01-14 02:40 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 17:18 - 2015-01-14 02:40 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 17:18 - 2015-01-14 02:40 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-02-11 17:18 - 2015-01-14 02:40 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-02-11 17:18 - 2015-01-14 02:40 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-02-08 17:35 - 2015-03-03 11:59 - 00001339 _____ () C:\Users\Matthias\Desktop\CoreTemp.ini
2015-02-08 17:35 - 2013-10-08 13:22 - 00794272 _____ () C:\Users\Matthias\Desktop\Core Temp.exe
2015-02-08 17:28 - 2015-02-08 17:28 - 00734473 _____ () C:\Users\Matthias\Desktop\CoreTemp_106.zip
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-03 16:19 - 2009-05-06 20:12 - 00000000 ____D () C:\Users\Matthias
2015-03-03 16:16 - 2009-02-21 15:19 - 01675300 _____ () C:\Windows\WindowsUpdate.log
2015-03-03 16:14 - 2015-01-24 00:03 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-03 15:40 - 2013-10-15 11:05 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-03 15:35 - 2009-09-13 17:35 - 00000330 _____ () C:\Windows\Brownie.ini
2015-03-03 15:33 - 2015-01-24 00:03 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-03 15:33 - 2009-05-06 20:12 - 00207414 _____ () C:\ProgramData\nvModes.001
2015-03-03 15:33 - 2009-01-16 19:58 - 00000147 _____ () C:\Windows\system32\agent.log
2015-03-03 15:33 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-03 15:33 - 2006-11-02 13:47 - 00003344 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-03 15:33 - 2006-11-02 13:47 - 00003344 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-03 14:32 - 2014-01-29 18:53 - 00000000 ____D () C:\Users\Matthias\.gimp-2.8
2015-03-03 14:27 - 2009-08-02 17:39 - 00002631 _____ () C:\Users\Matthias\Desktop\Microsoft Office Word 2007.lnk
2015-03-03 13:22 - 2009-09-13 17:36 - 00000034 _____ () C:\Windows\system32\BD2150N.DAT
2015-03-03 12:05 - 2009-08-27 21:36 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\Skype
2015-03-02 13:42 - 2015-01-26 21:48 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-03-01 23:30 - 2006-11-02 14:01 - 00032578 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-01 23:29 - 2009-08-30 20:52 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\vlc
2015-03-01 19:29 - 2008-01-21 08:16 - 01674410 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-28 11:59 - 2011-03-24 21:08 - 00000000 ____D () C:\Program Files\Java
2015-02-28 11:31 - 2009-02-21 15:28 - 00207414 _____ () C:\ProgramData\nvModes.dat
2015-02-28 11:05 - 2009-02-21 15:19 - 00063094 _____ () C:\Windows\DPINST.LOG
2015-02-28 11:05 - 2006-11-02 13:52 - 00262190 _____ () C:\Windows\setupact.log
2015-02-28 10:48 - 2013-09-23 21:51 - 00000000 ____D () C:\ProgramData\Oracle
2015-02-28 10:45 - 2014-11-04 21:26 - 00272296 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2015-02-27 23:48 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\Msdtc
2015-02-27 23:48 - 2006-11-02 11:22 - 59244544 _____ () C:\Windows\system32\config\software_previous
2015-02-27 23:48 - 2006-11-02 11:22 - 46661632 _____ () C:\Windows\system32\config\components_previous
2015-02-27 23:48 - 2006-11-02 11:22 - 35651584 _____ () C:\Windows\system32\config\system_previous
2015-02-27 23:48 - 2006-11-02 11:22 - 00524288 _____ () C:\Windows\system32\config\default_previous
2015-02-27 23:48 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\security_previous
2015-02-27 23:48 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\sam_previous
2015-02-27 23:47 - 2013-02-26 11:56 - 00000000 __SHD () C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2015-02-27 23:47 - 2011-11-10 21:54 - 00000000 ____D () C:\Users\Matthias\AppData\Local\Akamai
2015-02-27 23:47 - 2009-08-30 20:52 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\dvdcss
2015-02-27 23:47 - 2009-08-22 11:12 - 00000000 ____D () C:\Users\Gast
2015-02-27 23:47 - 2009-07-11 13:08 - 00000000 ____D () C:\Users\Matthias\AppData\Local\Microsoft Help
2015-02-27 23:47 - 2006-11-02 12:18 - 00000000 ___RD () C:\Users\Public
2015-02-27 23:47 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\spool
2015-02-27 23:46 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\registration
2015-02-27 16:14 - 2008-01-21 03:47 - 02827352 _____ () C:\Windows\PFRO.log
2015-02-27 14:54 - 2009-01-16 19:03 - 00000000 ____D () C:\Program Files\Acer
2015-02-26 10:59 - 2011-10-27 21:20 - 00000000 ____D () C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2015-02-26 10:59 - 2011-04-07 22:52 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\HpUpdate
2015-02-26 10:37 - 2013-02-26 12:29 - 00000000 ____D () C:\ProgramData\TuneUp Software
2015-02-25 23:31 - 2013-02-26 12:30 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\TuneUp Software
2015-02-24 23:26 - 2010-09-05 19:34 - 00000000 ____D () C:\Users\Matthias\AppData\Local\CrashDumps
2015-02-24 12:43 - 2009-08-27 21:27 - 00000000 ___RD () C:\Program Files\Skype
2015-02-24 12:43 - 2009-08-27 21:27 - 00000000 ____D () C:\ProgramData\Skype
2015-02-23 12:53 - 2012-01-21 13:37 - 00000000 ____D () C:\Program Files\PDFCreator
2015-02-20 21:10 - 2015-01-24 00:04 - 00001967 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-14 18:16 - 2009-06-14 19:56 - 00049664 _____ () C:\Users\Matthias\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-12 21:15 - 2010-08-01 18:01 - 00007592 _____ () C:\Users\Matthias\AppData\Local\d3d9caps.dat
2015-02-12 21:12 - 2006-11-02 13:47 - 03684304 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-12 16:50 - 2013-07-16 02:06 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-12 10:40 - 2006-11-02 11:24 - 113756392 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-02-12 10:38 - 2009-01-16 18:45 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-06 00:14 - 2010-07-23 07:11 - 00002633 _____ () C:\Users\Matthias\Desktop\Microsoft Office Excel 2007.lnk
2015-02-05 21:40 - 2012-03-31 08:57 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-05 21:40 - 2011-08-01 09:29 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-02-04 17:21 - 2014-11-27 22:59 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
==================== Files in the root of some directories =======
2009-06-09 08:40 - 2009-06-09 08:38 - 0005250 _____ () C:\Program Files\0x0407.ini
2009-06-09 08:40 - 2009-06-09 08:38 - 14042624 _____ () C:\Program Files\Turbo Lister 2.msi
2011-03-25 21:15 - 2010-10-16 11:50 - 3056008 _____ (Ask) C:\Program Files\Common Files\AskToolbarInstaller.exe
2010-12-14 13:00 - 2012-03-28 09:14 - 1456640 _____ () C:\Program Files\Common Files\Falk Navi-Manager.msi
2011-03-25 21:15 - 2010-01-26 10:11 - 0444283 _____ () C:\Program Files\Common Files\WinPcapNmap.exe
2009-08-13 23:39 - 2009-08-13 23:39 - 0000319 _____ () C:\Users\Matthias\AppData\Roaming\mdb.bin
2010-08-01 18:01 - 2015-02-12 21:15 - 0007592 _____ () C:\Users\Matthias\AppData\Local\d3d9caps.dat
2009-06-14 19:56 - 2015-02-14 18:16 - 0049664 _____ () C:\Users\Matthias\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-08-13 20:38 - 2009-08-13 20:38 - 0000096 _____ () C:\Users\Matthias\AppData\Local\fusioncache.dat
2013-02-09 21:29 - 2013-02-09 21:34 - 0005086 _____ () C:\Users\Matthias\AppData\Local\MyWinLockerInstaller.txt-20130209.log
2014-08-10 19:41 - 2014-08-10 19:41 - 0001491 _____ () C:\Users\Matthias\AppData\Local\recently-used.xbel
2011-04-19 10:35 - 2011-04-21 08:42 - 0001940 _____ () C:\Users\Matthias\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
2010-10-08 10:32 - 2013-03-04 13:45 - 0000148 ___SH () C:\ProgramData\.zreglib
2011-03-25 21:15 - 2010-05-28 22:37 - 0015086 _____ () C:\ProgramData\Amazon.ico
2009-02-21 15:21 - 2009-02-21 15:23 - 0006112 _____ () C:\ProgramData\ArcadeDeluxe2.log
2011-03-25 21:15 - 2011-03-03 15:50 - 0009662 _____ () C:\ProgramData\BeRuby.ico
2009-08-27 21:43 - 2009-08-27 21:43 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2009-05-26 07:30 - 2012-04-15 22:27 - 0009789 _____ () C:\ProgramData\hpzinstall.log
2014-12-23 00:44 - 2014-12-23 00:48 - 0020531 ____H () C:\ProgramData\M33KI
2011-03-25 21:15 - 2010-07-20 12:53 - 0071926 _____ () C:\ProgramData\MercadoLivre.ico
2009-05-06 20:12 - 2015-03-03 15:33 - 0207414 _____ () C:\ProgramData\nvModes.001
2009-02-21 15:28 - 2015-02-28 11:31 - 0207414 _____ () C:\ProgramData\nvModes.dat
2011-03-25 21:15 - 2010-05-20 11:05 - 0025214 _____ () C:\ProgramData\QuickStores.ico
Some content of TEMP:
====================
C:\Users\Matthias\AppData\Local\Temp\Quarantine.exe
C:\Users\Matthias\AppData\Local\Temp\RtkBtMnt.exe
C:\Users\Matthias\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-03-03 15:41
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 02-03-2015
Ran by Matthias at 2015-03-03 16:24:10
Running from C:\Users\Matthias\Desktop\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Norton Security (Disabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Security (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
AAVUpdateManager (HKLM\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
Acer Arcade Deluxe (HKLM\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 2.0.5817 - CyberLink Corp.)
Acer Arcade Deluxe (Version: 2.0.5817 - CyberLink Corp.) Hidden
Acer Crystal Eye Webcam 2.0.9.1 (HKLM\...\{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}) (Version: 2.0.9.1 - SuYin)
Acer ePower Management (HKLM\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 4.00.3001 - Acer Incorporated)
Acer eRecovery Management (HKLM\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.00.3001 - Acer Incorporated)
Acer GridVista (HKLM\...\GridVista) (Version: 2.72.317 - )
Acer Mobility Center Plug-In (HKLM\...\{11316260-6666-467B-AC34-183FCB5D4335}) (Version: 3.0.3000 - Acer Inc.)
Acer Product Registration (HKLM\...\{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}) (Version: 3.0.0.10 - Acer Incorporated)
Acer ScreenSaver (HKLM\...\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}) (Version: 1.01.1205 - Acer Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Photoshop Elements 8.0 (HKLM\...\Adobe Photoshop Elements 8.0) (Version: 8.0 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
AIO_CDA_ProductContext (Version: 82.0.233.000 - Hewlett-Packard) Hidden
AIO_CDA_Software (Version: 82.0.233.000 - Hewlett-Packard) Hidden
AIO_Scan (Version: 82.0.173.000 - Hewlett-Packard) Hidden
Akamai NetSession Interface (HKU\S-1-5-21-3827918516-2867637020-576463877-1000\...\Akamai) (Version: - Akamai Technologies, Inc)
Amazon Music (HKU\S-1-5-21-3827918516-2867637020-576463877-1000\...\Amazon Amazon Music) (Version: 3.2.0.591 - Amazon Services LLC)
AudioCon (HKLM\...\AudioCon) (Version: 1.0 - Basement Softworks)
Bing Bar (HKLM\...\{B4089055-D468-45A4-A6BA-5A138DD715FC}) (Version: 7.0.850.0 - Microsoft Corporation)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Brother HL-2150N (HKLM\...\{797CD9FD-2B9D-46E9-8049-80790391AC24}) (Version: 1.00 - Brother)
BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden
C5100 (Version: 82.0.233.000 - Hewlett-Packard) Hidden
c5100_Help (Version: 82.0.233.000 - Hewlett-Packard) Hidden
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.3.7.2423 - CDBurnerXP)
CDex extraction audio (HKLM\...\CDex) (Version: - )
CloneCD (HKLM\...\CloneCD) (Version: - SlySoft)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Copy (Version: 130.0.366.000 - Hewlett-Packard) Hidden
CyberLink PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 6.5.3524 - CyberLink Corp.)
Destinations (Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 130.0.372.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
DHTML Editing Component (HKLM\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
DocProc (Version: 8.1.0.0 - Hewlett-Packard) Hidden
DocProcQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Dropbox (HKU\S-1-5-21-3827918516-2867637020-576463877-1000\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Falk Navi-Manager (HKLM\...\{3222B0CE-59C5-4CA0-B545-2B88F200756B}) (Version: 2.10.0 - United Navigation GmbH)
Falk Navi-Manager (Version: 2.10.0 - United Navigation GmbH) Hidden
Falk Navi-Manager (Version: 2.5.1 - Falk Navigation GmbH) Hidden
Fax (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Foto Sprechblase 1 (HKLM\...\Foto Sprechblase 1) (Version: - )
FreeUndelete (HKLM\...\{A35883BD-9C83-4625-82F3-90F86728C662}) (Version: 2.0 - Recoveronix)
GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team)
Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden
Heroes of Hellas (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}) (Version: - Oberon Media)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP OCR Software 8.0 (HKLM\...\HPOCR) (Version: 8.0 - HP)
HP Photosmart Essential (HKLM\...\{EB21A812-671B-4D08-B974-2A347F0D8F70}) (Version: 1.12.0.46 - HP)
HP Photosmart.All-In-One Driver Software 8.0 .A (HKLM\...\{282E5AB2-8E47-4571-B6FA-6B512555B557}) (Version: 8.0 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM\...\{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}) (Version: 5.002.007.004 - Hewlett-Packard)
HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden
IrfanView (remove only) (HKLM\...\IrfanView) (Version: - )
JMicron Flash Media Controller Driver (HKLM\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.00.23.06 - JMicron Technology Corp.)
Junk Mail filter update (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Launch Manager (HKLM\...\LManager) (Version: 2.0.03 - Acer Inc.)
LightScribe 1.4.142.1 (Version: 1.4.142.1 - hxxp://www.lightscribe.com) Hidden
Magic Farm (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114717227}) (Version: - Oberon Media)
Magic Match Adventures (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11408540}) (Version: - Oberon Media)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 German Language Pack (HKLM\...\{E78BFA60-5393-4C38-82AB-E8019E464EB4}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 de) (HKLM\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 33.1.1 - Mozilla)
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MuseScore 1.3 (HKLM\...\MuseScore) (Version: 1.3.0 - Werner Schweer and Others)
Mystery Solitaire - Secret Island (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}) (Version: - Oberon Media)
Mythic Mahjong (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113919217}) (Version: - Oberon Media)
Nokia Connectivity Cable Driver (HKLM\...\{AF88496B-4BBA-4922-97E9-2582D3A28358}) (Version: 7.1.48.0 - Nokia)
Nokia PC Suite (HKLM\...\Nokia PC Suite) (Version: 7.1.60.0 - Nokia)
Nokia PC Suite (Version: 7.1.60.0 - Nokia) Hidden
Nokia Software Updater (HKLM\...\{4D568C38-0552-4CDD-A643-01FAFA2957EF}) (Version: 02.06.006.44298 - Nokia Corporation)
Nokia Suite (HKLM\...\Nokia Suite) (Version: 3.2.100.0 - Nokia)
Nokia Suite (Version: 3.2.100.0 - Nokia) Hidden
Norton Bootable Recovery Tool Wizard (HKLM\...\NBRTWizard) (Version: 5.1.0.26 - Symantec Corporation)
Norton Identity Safe (HKLM\...\NST) (Version: 2014.7.8.23 - Symantec Corporation)
Norton Security (HKLM\...\NS) (Version: 22.1.0.9 - Symantec Corporation)
NTI Backup Now 5 (HKLM\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.606 - NewTech Infosystems)
NTI Backup Now Standard (Version: 5.1.2.606 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.2.6329 - NewTech Infosystems)
NTI Media Maker 8 (Version: 8.0.2.6329 - NewTech Infosystems) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - NVIDIA Corporation)
PC Connectivity Solution (HKLM\...\{55EB7967-5BB1-4EA2-8AFF-B2F9E487E553}) (Version: 11.5.13.0 - Nokia)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.0.2 - pdfforge)
pdfforge Toolbar v6.6 (HKLM\...\{65739FA2-0444-4AB2-B598-872406539EBD}) (Version: 6.6 - Spigot, Inc.) <==== ATTENTION
Photo Collage Creator 3.97 (HKLM\...\Photo Collage Creator_is1) (Version: - AMS Software)
Photo Transport (HKLM\...\{63CFD835-FF50-4F8B-91CD-5662A8C640F8}) (Version: 1.0.1 - CASIO COMPUTER CO., LTD.)
PhotoNow! (HKLM\...\{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.5203 - CyberLink Corp.)
Putt Mania (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112028410}) (Version: - Oberon Media)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5730 - Realtek Semiconductor Corp.)
RICOH SP C231SF/C232SF (HKLM\...\RICOH SP C231SF/C232SF) (Version: 1.41.0.0 - )
Scan (Version: 140.0.80.000 - Hewlett-Packard) Hidden
Securita Scout (HKLM\...\Securita Scout) (Version: - ) <==== ATTENTION
Sibelius Scorch (ActiveX Only) (HKLM\...\{868291A4-229E-4795-B0B0-E60E87AF53CD}) (Version: 6.2.0 - Sibelius Software)
SilverFast AFL 6.6.2r2 (HKLM\...\SilverFast AFL) (Version: - LaserSoft Imaging AG)
Skype™ 7.1 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Status (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Steuer-Spar-Erklärung 2009 (HKLM\...\{32E00E5E-22B1-4D5A-9DC2-CD75E087A5E6}) (Version: 14.01.0000 - Akademische Arbeitsgemeinschaft Verlag)
Steuer-Spar-Erklärung 2010 (HKLM\...\{D8E1DFEE-622B-46BA-AEFF-AB7E541C0B21}) (Version: 15.13 - Akademische Arbeitsgemeinschaft Verlag)
Steuer-Spar-Erklärung 2011 (HKLM\...\{9F5FD796-86F0-4360-85F8-D54C0F5411EB}) (Version: 16.17 - Akademische Arbeitsgemeinschaft Verlag)
Steuer-Spar-Erklärung 2012 (HKLM\...\{CCD2BAD2-0919-40CB-80CC-E9538B0E4C2E}) (Version: 17.14 - Wolters Kluwer Deutschland GmbH)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 12.0.4.0 - Synaptics)
The Rise of Atlantis (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112548397}) (Version: - Oberon Media)
Tiks Texas Hold em (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110422467}) (Version: - Oberon Media)
T-Online 6.0 (HKLM\...\{B1275E23-717A-4D52-997A-1AD1E24BC7F3}) (Version: - )
T-Online WLAN-Access Finder (HKLM\...\{295C31E5-3F91-498E-9623-DA24D2FA2B6A}) (Version: - )
Toolbox (Version: 82.0.173.000 - Hewlett-Packard) Hidden
TrayApp (Version: 130.0.376.000 - Hewlett-Packard) Hidden
uMedia uTV (HKLM\...\{5313CFF7-E762-4752-BEC0-1E2CB2C685E4}) (Version: 1.00.000 - uMedia)
UnloadSupport (Version: 1.00.0000 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
VDownloader 3.2.807 (HKLM\...\{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1) (Version: - Vitzo Limited)
Videograbber 2010 (HKLM\...\{177ADA1F-6D3B-404A-99DA-D7E0E2A36621}_is1) (Version: - Hoppelsoft)
VLC media player 1.0.1 (HKLM\...\VLC media player) (Version: 1.0.1 - VideoLAN Team)
WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live ID-Anmelde-Assistent (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Mobile-Gerätecenter (HKLM\...\{904CCF62-818D-4675-BC76-D37EB399F917}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Mobile-Gerätecenter: Treiberupdate (HKLM\...\{E7044E25-3038-4A76-9064-344AC038043E}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows-Treiberpaket - Nokia Modem (06/09/2010 7.01.0.8) (HKLM\...\E5372C32E8562C76C24DBA6525002B1031495F34) (Version: 06/09/2010 7.01.0.8 - Nokia)
Windows-Treiberpaket - Nokia Modem (10/07/2010 4.6) (HKLM\...\6DA48AFDE796708D5A4C9121A83E7617A63A9A15) (Version: 10/07/2010 4.6 - Nokia)
Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) (HKLM\...\504244733D18C8F63FF584AEB290E3904E791693) (Version: 08/22/2008 7.0.0.0 - Nokia)
WinPcap 4.1.1 (HKLM\...\WinPcapInst) (Version: 4.1.0.1753 - CACE Technologies)
WinRAR (HKLM\...\WinRAR archiver) (Version: - )
Womens Murder Club (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114086870}) (Version: - Oberon Media)
XMedia Recode Version 3.1.2.8 (HKLM\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.1.2.8 - XMedia Recode)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-3827918516-2867637020-576463877-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Matthias\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3827918516-2867637020-576463877-1000_Classes\CLSID\{3A999A50-AB25-4A20-90A9-08F71FCE320F}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\W32X86\3\HPCDMC32.DLL (HP)
CustomCLSID: HKU\S-1-5-21-3827918516-2867637020-576463877-1000_Classes\CLSID\{98087D89-B93F-4BCF-A998-AE4D9F607C14}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\W32X86\3\HPCDMC32.DLL (HP)
CustomCLSID: HKU\S-1-5-21-3827918516-2867637020-576463877-1000_Classes\CLSID\{B286F068-5B17-4AE8-989B-8F9A199C47BA}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\W32X86\3\HPCDMC32.DLL (HP)
CustomCLSID: HKU\S-1-5-21-3827918516-2867637020-576463877-1000_Classes\CLSID\{DCA74850-096D-40CD-BB81-17034E51ACB6}\localserver32 -> C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-3827918516-2867637020-576463877-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matthias\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3827918516-2867637020-576463877-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matthias\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3827918516-2867637020-576463877-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matthias\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3827918516-2867637020-576463877-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matthias\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3827918516-2867637020-576463877-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matthias\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3827918516-2867637020-576463877-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matthias\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3827918516-2867637020-576463877-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matthias\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3827918516-2867637020-576463877-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matthias\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
==================== Restore Points =========================
24-02-2015 16:04:02 Geplanter Prüfpunkt
25-02-2015 23:28:28 TuneUp Utilities 2014 wird installiert
26-02-2015 15:28:38 Removed PDF Architect
26-02-2015 15:36:55 Removed Skype Click to Call
26-02-2015 19:12:58 TuneUp Utilities 2014 wird entfernt
26-02-2015 19:14:31 TuneUp Utilities 2014 (de-DE) wird entfernt
27-02-2015 14:52:38 Installed Acer System Information
27-02-2015 14:53:51 Removed Acer System Information
27-02-2015 23:39:26 Wiederherstellungsvorgang
28-02-2015 11:03:37 Gerätetreiber-Paketinstallation: Synaptics Mäuse und andere Zeigegeräte
28-02-2015 11:23:47 Removed Search App by Ask
28-02-2015 11:25:41 Removed Skype Click to Call
28-02-2015 11:58:32 Removed Java 8 Update 31
01-03-2015 00:59:39 Geplanter Prüfpunkt
01-03-2015 22:16:24 Geplanter Prüfpunkt
02-03-2015 14:22:15 Geplanter Prüfpunkt
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {015154CD-0AF2-456C-BE11-106FD5E9FD17} - System32\Tasks\Core Temp Autostart Matthias => C:\Users\Matthias\Desktop\Core Temp.exe [2013-10-08] ()
Task: {1D425330-1E5C-4A42-AC62-77D793A8CC54} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files\Norton Identity Safe\Engine\2014.7.8.23\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {295DEB1E-DABC-4A1B-9B8E-96556AF138E9} - System32\Tasks\{46DFFA81-613B-4A7B-BB88-51B3FE5B6CF9} => C:\Program Files\Skype\Phone\Skype.exe [2015-01-23] (Skype Technologies S.A.)
Task: {3522109C-F98F-432C-9993-C0A8EB5F455B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-01-24] (Google Inc.)
Task: {38FE3345-1455-444D-AC5E-E484C119B0E6} - System32\Tasks\{EB5229B8-2D7B-4F8D-987A-7BBE85936BE7} => pcalua.exe -a "C:\Program Files\Acer GameZone\Magic Farm\Uninstall.exe" -c "C:\Program Files\Acer GameZone\Magic Farm\install.log"
Task: {4360545A-70E6-45F7-8AAB-409029B7B72E} - System32\Tasks\AdobeAAMUpdater-1.0-Matthias-PC-Matthias => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {54E3397C-AAF7-4BCE-A6F9-5E40511A6CC4} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Matthias => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)
Task: {6B95EDEE-82E4-4FBA-B53C-F8F5EDFC6512} - System32\Tasks\{70F9738E-9D13-4AD6-B33D-E54328A86B02} => pcalua.exe -a E:\data\Microsoft\msizap.exe -d E:\data -c TW!{0D410F4D-9009-43F8-9DF1-BDADCE7FC43F}
Task: {6C8356E2-90E9-4806-90A2-AB9FED0FD6E1} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated)
Task: {7AC43135-4DCC-4D1E-870E-CA17EA37EC5F} - System32\Tasks\{45394F0A-F8E4-4F82-ADD6-803ACD891632} => pcalua.exe -a C:\Users\Matthias\Downloads\setupDE.exe -d C:\Users\Matthias\Downloads
Task: {7DEA4724-6899-4593-A87F-52664711B83B} - System32\Tasks\{1E620B6F-BF35-4344-BDCB-19FEABBCCB49} => pcalua.exe -a "C:\Program Files\Acer GameZone\The Rise of Atlantis\Uninstall.exe" -c "C:\Program Files\Acer GameZone\The Rise of Atlantis\install.log"
Task: {7DEFDABE-E8A3-44A4-9D9C-FA398AC3C727} - System32\Tasks\{819168EB-639F-4082-9070-7161B3DABCE5} => pcalua.exe -a "C:\Program Files\Acer GameZone\Womens Murder Club\Uninstall.exe" -d "C:\Program Files\TuneUp Utilities 2012" -c "C:\Program Files\Acer GameZone\Womens Murder Club\install.log"
Task: {A21BF1F9-0BED-4C19-9C45-500A929533FB} - \BrowserDefendert No Task File <==== ATTENTION
Task: {A3D2A005-42AE-4212-91FC-A4D06C508C98} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security\Engine\22.1.0.9\WSCStub.exe [2014-12-10] (Symantec Corporation)
Task: {B3AF4D6D-8D4A-45C0-AE58-4455905F5311} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe
Task: {B74F99D7-02BC-4707-AC24-35586AF7F0D1} - System32\Tasks\Norton Security\Norton Error Analyzer => C:\Program Files\Norton Security\Engine\22.1.0.9\SymErr.exe [2014-12-03] (Symantec Corporation)
Task: {D0F912A1-7B02-4C58-8F15-3EF5E7BD5ED5} - System32\Tasks\Norton Security\Norton Error Processor => C:\Program Files\Norton Security\Engine\22.1.0.9\SymErr.exe [2014-12-03] (Symantec Corporation)
Task: {D185CE46-5FA3-42DC-925A-4E976B7B2569} - System32\Tasks\{95CA8384-C212-47FC-A03E-26B3DABF86AA} => pcalua.exe -a E:\Setup.exe -d E:\
Task: {D20C150F-BC6B-41FF-92E8-854FAC49D428} - System32\Tasks\{E37E2140-7FC7-4361-BA3C-F8C8F1C577AA} => pcalua.exe -a C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe -c /M{1C9171AC-5519-4DF4-B44D-B28F678DEB4C}
Task: {D391F8DF-C2F3-4254-9A39-7EC3E7A2996C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {E652FEF4-667E-4665-AC8B-7DE6B4C3D3FB} - System32\Tasks\{C6B00F22-09DB-4A3B-B734-777E38AF6BEC} => pcalua.exe -a C:\Windows\cadkasdeinst01.exe -c "C:\Program Files\Foto Sprechblase 1\"
Task: {E70EF7EE-5BD1-4245-AAA0-EF3007654504} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files\Norton Identity Safe\Engine\2014.7.8.23\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {FA5CCDC9-892C-430D-883F-2FFF4418EAE2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-01-24] (Google Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) ==============
2008-10-16 18:24 - 2008-10-16 18:24 - 00038551 _____ () C:\Windows\System32\R8E6AM.DLL
2008-10-24 16:35 - 2008-10-24 16:35 - 00128296 _____ () C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
2007-06-24 19:09 - 2007-06-24 19:09 - 01024000 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\ACE.dll
2007-06-24 19:09 - 2007-06-24 19:09 - 00098304 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\ACEXML.dll
2007-06-24 19:09 - 2007-06-24 19:09 - 00061440 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\ACEXML_Parser.dll
2009-02-21 15:23 - 2008-10-04 04:09 - 00069632 _____ () C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
2008-04-25 21:36 - 2008-04-25 21:36 - 00131072 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
2015-02-08 17:35 - 2013-10-08 13:22 - 00794272 _____ () C:\Users\Matthias\Desktop\Core Temp.exe
2009-08-27 20:20 - 2009-08-16 16:06 - 00141312 _____ () C:\Program Files\WinRAR\rarext.dll
2015-01-26 21:48 - 2015-01-26 21:48 - 03925104 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2015-02-05 21:40 - 2015-02-05 21:40 - 16852144 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:05113FB9
AlternateDataStreams: C:\ProgramData\Temp:AB689DEA
AlternateDataStreams: C:\ProgramData\Temp:C99F6ECA
AlternateDataStreams: C:\ProgramData\Temp:F3176E45
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3827918516-2867637020-576463877-1000\Control Panel\Desktop\\Wallpaper -> d:\Bilder\WeihnachtsfriesTaizé.JPG
DNS Servers: Media is not connected to internet.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: AAV UpdateService => 2
MSCONFIG\Services: BBSvc => 2
MSCONFIG\Services: BBUpdate => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: BthServ => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: MobilityService => 2
MSCONFIG\Services: PDF Architect Helper Service => 2
MSCONFIG\Services: PDF Architect Service => 2
MSCONFIG\Services: RichVideo => 2
MSCONFIG\Services: ServiceLayer => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: TabletInputService => 2
MSCONFIG\Services: TapiSrv => 3
MSCONFIG\Services: WPCSvc => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Matthias^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Matthias^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Orion.lnk => C:\Windows\pss\Orion.lnk.Startup
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: Amazon Music => "C:\Users\Matthias\AppData\Local\Amazon Music\Amazon Music Helper.exe"
MSCONFIG\startupreg: AnyDVD => C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
MSCONFIG\startupreg: ArcadeDeluxeAgent => "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
MSCONFIG\startupreg: BkupTray => "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
MSCONFIG\startupreg: CLMLServer => "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
MSCONFIG\startupreg: CloneCDTray => "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
MSCONFIG\startupreg: EgisTecLiveUpdate => "C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe"
MSCONFIG\startupreg: Google Desktop Search => "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
MSCONFIG\startupreg: HP Software Update => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: LManager => C:\PROGRA~1\LAUNCH~1\LManager.exe
MSCONFIG\startupreg: msnmsgr => "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: mwlDaemon => C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
MSCONFIG\startupreg: NokiaMServer => C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
MSCONFIG\startupreg: NokiaOviSuite2 => C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
MSCONFIG\startupreg: PC Suite Tray => "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
MSCONFIG\startupreg: PlayMovie => "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
MSCONFIG\startupreg: ProductReg => "C:\Program Files\Acer\WR_PopUp\ProductReg.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: T-Online_Software_6 =>
MSCONFIG\startupreg: ToADiMon.exe => C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe -TOnlineAutodialStart
==================== Accounts: =============================
Administrator (S-1-5-21-3827918516-2867637020-576463877-500 - Administrator - Disabled)
ASPNET (S-1-5-21-3827918516-2867637020-576463877-1002 - Limited - Enabled)
Gast (S-1-5-21-3827918516-2867637020-576463877-501 - Limited - Enabled) => C:\Users\Gast
Matthias (S-1-5-21-3827918516-2867637020-576463877-1000 - Administrator - Enabled) => C:\Users\Matthias
==================== Faulty Device Manager Devices =============
Name: isatap.{DE78060C-D5CF-4A97-84F8-F9B3C0F1C35E}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (03/03/2015 03:34:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/03/2015 01:08:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/03/2015 09:16:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung iexplore.exe, Version 9.0.8112.16609, Zeitstempel 0x54b5c951, fehlerhaftes Modul USP10.dll, Version 1.626.6002.19096, Zeitstempel 0x535bd85f, Ausnahmecode 0xc0000005, Fehleroffset 0x00009ff8,
Prozess-ID 0x342c, Anwendungsstartzeit iexplore.exe0.
Error: (03/03/2015 09:15:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung iexplore.exe, Version 9.0.8112.16609, Zeitstempel 0x54b5c951, fehlerhaftes Modul USP10.dll, Version 1.626.6002.19096, Zeitstempel 0x535bd85f, Ausnahmecode 0xc0000005, Fehleroffset 0x00009ff8,
Prozess-ID 0x2bc0, Anwendungsstartzeit iexplore.exe0.
Error: (03/03/2015 09:15:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung iexplore.exe, Version 9.0.8112.16609, Zeitstempel 0x54b5c951, fehlerhaftes Modul USP10.dll, Version 1.626.6002.19096, Zeitstempel 0x535bd85f, Ausnahmecode 0xc0000005, Fehleroffset 0x00009ff8,
Prozess-ID 0x2ab4, Anwendungsstartzeit iexplore.exe0.
Error: (03/03/2015 09:15:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung iexplore.exe, Version 9.0.8112.16609, Zeitstempel 0x54b5c951, fehlerhaftes Modul USP10.dll, Version 1.626.6002.19096, Zeitstempel 0x535bd85f, Ausnahmecode 0xc0000005, Fehleroffset 0x00009ff8,
Prozess-ID 0x670, Anwendungsstartzeit iexplore.exe0.
Error: (03/02/2015 01:26:32 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <D:\ARBEIT MATTHIAS\ARBEIT IN FRANKREICH\BUCHPROJEKT\ANSCHREIBEN GÜTERSLOHER VERLAGSHAUS.DOC> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (03/02/2015 01:26:32 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <D:\ARBEIT MATTHIAS\ARBEIT IN FRANKREICH\BUCHPROJEKT\ANSCHREIBEN GÜTERSLOHER VERLAGSHAUS.DOC> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (03/02/2015 11:26:33 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <D:\ARBEIT MATTHIAS\WEITERBILDUNG\POP\3-JAHRESGRUPPE\QUITTUNG 2014.DOC> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (03/02/2015 11:26:33 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <D:\ARBEIT MATTHIAS\WEITERBILDUNG\POP\3-JAHRESGRUPPE\QUITTUNG 2014.DOC> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
System errors:
=============
Error: (03/03/2015 04:24:35 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: RAS-VerbindungsverwaltungTelefonie%%1058
Error: (03/03/2015 04:24:33 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: RAS-VerbindungsverwaltungTelefonie%%1058
Error: (03/03/2015 04:24:29 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: RAS-VerbindungsverwaltungTelefonie%%1058
Error: (03/03/2015 04:24:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: RAS-VerbindungsverwaltungTelefonie%%1058
Error: (03/03/2015 04:24:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: RAS-VerbindungsverwaltungTelefonie%%1058
Error: (03/03/2015 04:24:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: RAS-VerbindungsverwaltungTelefonie%%1058
Error: (03/03/2015 04:24:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: RAS-VerbindungsverwaltungTelefonie%%1058
Error: (03/03/2015 04:24:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: RAS-VerbindungsverwaltungTelefonie%%1058
Error: (03/03/2015 04:24:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: RAS-VerbindungsverwaltungTelefonie%%1058
Error: (03/03/2015 04:22:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: RAS-VerbindungsverwaltungTelefonie%%1058
Microsoft Office Sessions:
=========================
Error: (02/06/2015 00:18:34 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6712.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 214 seconds with 180 seconds of active time. This session ended with a crash.
Error: (02/04/2015 05:40:14 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6712.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 7 seconds with 0 seconds of active time. This session ended with a crash.
Error: (02/04/2015 05:40:01 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6712.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 984 seconds with 60 seconds of active time. This session ended with a crash.
Error: (02/04/2015 05:37:26 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6712.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 829 seconds with 0 seconds of active time. This session ended with a crash.
Error: (02/04/2015 05:29:00 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6712.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 11 seconds with 0 seconds of active time. This session ended with a crash.
Error: (02/04/2015 05:28:38 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6712.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 300 seconds with 180 seconds of active time. This session ended with a crash.
Error: (01/06/2015 01:26:26 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6712.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 6 seconds with 0 seconds of active time. This session ended with a crash.
Error: (01/06/2015 01:26:14 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6712.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash.
Error: (01/06/2015 01:25:55 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6712.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 23 seconds with 0 seconds of active time. This session ended with a crash.
Error: (01/06/2015 01:25:25 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6712.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1994 seconds with 60 seconds of active time. This session ended with a crash.
CodeIntegrity Errors:
===================================
Date: 2015-03-03 16:23:35.948
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-03 16:23:34.759
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-03 16:23:33.512
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-03 16:23:32.306
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-03 16:23:12.142
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Norton Security\NortonData\22.1.0.9\Definitions\BASHDefs\20150224.001_4f9\BHDrvx86.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-03 16:23:10.941
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Norton Security\NortonData\22.1.0.9\Definitions\BASHDefs\20150224.001_4f9\BHDrvx86.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-03 16:23:09.729
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Norton Security\NortonData\22.1.0.9\Definitions\BASHDefs\20150224.001_4f9\BHDrvx86.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-03 16:23:08.502
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Norton Security\NortonData\22.1.0.9\Definitions\BASHDefs\20150224.001_4f9\BHDrvx86.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-12 18:14:02.996
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-12 18:14:01.858
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz
Percentage of memory in use: 61%
Total physical RAM: 2813.5 MB
Available physical RAM: 1095.63 MB
Total Pagefile: 5847.47 MB
Available Pagefile: 4121.07 MB
Total Virtual: 2047.88 MB
Available Virtual: 1897.72 MB
==================== Drives ================================
Drive c: (ACER) (Fixed) (Total:144.04 GB) (Free:60.55 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:144.04 GB) (Free:85.14 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 579CD61E)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=144 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=144 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
04.03.2015, 08:37
| #6 |
| /// the machine /// TB-Ausbilder | Vista: Unbekannter Ordner in meinen persönlichen Dateien Lade Dir bitte von hier  Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte. Und einen Screenshot von dem Ordner bitte. Ich glaube der kommt von Windows Update.
__________________ --> Vista: Unbekannter Ordner in meinen persönlichen Dateien |
|
04.03.2015, 19:12
| #7 |
| | Vista: Unbekannter Ordner in meinen persönlichen Dateien Hallo Schrauber, vielen Dank. Mit dem Revo-Unistaller konnte ich gleich auch den ganzen Spiele-Mist los werden, der bei ACER dabei war und sichnicht mehr deinstallieren liess, da irgend eine dafür notwendige Datei verloren gegangen ist. Hier kommen die Logfile Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 04.03.2015 Suchlauf-Zeit: 13:24:52 Logdatei: Malwarebytes Anti-Malware 04-03-15.txt Administrator: Ja Version: 2.00.4.1028 Malware Datenbank: v2015.03.04.04 Rootkit Datenbank: v2015.02.25.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows Vista Service Pack 2 CPU: x86 Dateisystem: NTFS Benutzer: Matthias Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 387703 Verstrichene Zeit: 25 Min, 25 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 0 (Keine schädliche Elemente erkannt) Registrierungswerte: 0 (Keine schädliche Elemente erkannt) Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 0 (Keine schädliche Elemente erkannt) Dateien: 0 (Keine schädliche Elemente erkannt) Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) Code:
ATTFilter # AdwCleaner v4.111 - Bericht erstellt 04/03/2015 um 13:56:25
# Aktualisiert 18/02/2015 von Xplode
# Datenbank : 2015-03-02.3 [Server]
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (x86)
# Benutzername : Matthias - MATTHIAS-PC
# Gestarted von : C:\Users\Matthias\Desktop\adwcleaner_4.111.exe
# Option : Suchlauf
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Geplante Tasks ] *****
Task Gefunden : BrowserDefendert
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Daten Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>
***** [ Internetbrowser ] *****
-\\ Internet Explorer v9.0.8112.16609
-\\ Mozilla Firefox v35.0.1 (x86 de)
-\\ Google Chrome v40.0.2214.115
*************************
AdwCleaner[R0].txt - [15586 Bytes] - [28/02/2015 00:04:49]
AdwCleaner[R1].txt - [2400 Bytes] - [28/02/2015 11:10:42]
AdwCleaner[R2].txt - [2459 Bytes] - [28/02/2015 11:21:51]
AdwCleaner[R3].txt - [785 Bytes] - [03/03/2015 15:19:20]
AdwCleaner[R4].txt - [1088 Bytes] - [04/03/2015 13:56:25]
AdwCleaner[S0].txt - [15897 Bytes] - [28/02/2015 00:15:27]
AdwCleaner[S1].txt - [2082 Bytes] - [28/02/2015 11:27:17]
########## EOF - C:\AdwCleaner\AdwCleaner[R4].txt - [1266 Bytes] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.3 (03.01.2015:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Matthias on 04.03.2015 at 18:34:55,77
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
Successfully deleted: [File] "C:\Windows\wininit.ini"
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\Matthias\AppData\Roaming\mozilla\firefox\profiles\wo64522p.default\minidumps [78 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04.03.2015 at 18:39:44,43
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-03-2015
Ran by Matthias (administrator) on MATTHIAS-PC on 04-03-2015 18:44:23
Running from C:\Users\Matthias\Desktop
Loaded Profiles: Matthias (Available profiles: Matthias & Gast)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
() C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
() C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Symantec Corporation) C:\Program Files\Norton Identity Safe\Engine\2014.7.8.23\NST.exe
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.1.0.9\NS.exe
(NewTech InfoSystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
() C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Symantec Corporation) C:\Program Files\Norton Identity Safe\Engine\2014.7.8.23\NST.exe
() C:\Users\Matthias\Desktop\Core Temp.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Deutsche Telekom AG, Marmiko IT-Solutions GmbH) C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Akamai Technologies, Inc.) C:\Users\Matthias\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Akamai Technologies, Inc.) C:\Users\Matthias\AppData\Local\Akamai\netsession_win.exe
(Realtek Semiconductor Corp.) C:\Users\Matthias\AppData\Local\Temp\RtkBtMnt.exe
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.1.0.9\NS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Mail\wlmail.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Contacts\wlcomm.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [6609440 2008-10-31] (Realtek Semiconductor)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [690720 2008-12-18] (Acer Incorporated)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1398056 2008-11-20] (Synaptics, Inc.)
HKLM\...\Run: [BrStsWnd] => C:\Program Files\Brownie\BrstsWnd.exe [880640 2008-09-18] (brother)
HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2008-10-31] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [ToADiMon.exe] => C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe [286720 2010-04-08] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKU\S-1-5-21-3827918516-2867637020-576463877-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-3827918516-2867637020-576463877-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Matthias\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3827918516-2867637020-576463877-1000\...\Run: [] => [X]
HKU\S-1-5-21-3827918516-2867637020-576463877-1000\...\MountPoints2: {19076bdf-bd55-11de-a648-00235a5338e1} - F:\Menu.exe
HKU\S-1-5-21-3827918516-2867637020-576463877-1000\...\MountPoints2: {d60af5b2-a679-11df-9129-00235a5338e1} - awb3ryk.exe
HKU\S-1-5-21-3827918516-2867637020-576463877-1000\Control Panel\Desktop\\SCRNSAVE.EXE ->
Startup: C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\E-Mail - Verknüpfung.lnk
ShortcutTarget: E-Mail - Verknüpfung.lnk -> (No File)
Startup: C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Calendar.lnk
ShortcutTarget: Windows Calendar.lnk -> C:\Program Files\Windows Calendar\WinCal.exe (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0209&m=aspire_5737z
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0209&m=aspire_5737z
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NS&pvid=22.1.0.9
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NS&pvid=22.1.0.9
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NS&pvid=22.1.0.9
HKU\S-1-5-21-3827918516-2867637020-576463877-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.benefind.de/
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3827918516-2867637020-576463877-1000 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE326
SearchScopes: HKU\S-1-5-21-3827918516-2867637020-576463877-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE326
SearchScopes: HKU\S-1-5-21-3827918516-2867637020-576463877-1000 -> {7AE64BE7-E40D-4E58-A1D9-F8DC7719A1DC} URL = hxxp://www.benefind.de/result.html?q={searchTerms}
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine\22.1.0.9\coIEPlg.dll (Symantec Corporation)
BHO: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.1.0.9\coIEPlg.dll (Symantec Corporation)
Toolbar: HKU\S-1-5-21-3827918516-2867637020-576463877-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKU\S-1-5-21-3827918516-2867637020-576463877-1000 -> No Name - {CFCB809C-3A22-4616-A916-6C007BD9D920} - No File
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {C3E3BB4F-269C-41A3-9F5F-A360E933CAD3} https://as.photoprintit.com/ips-opdata/activex/ImageUploader6.cab
DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} https://asp.photoprintit.de/microsite/11093/defaults/activex/ips/IPSUploader4.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 212.27.40.240 212.27.40.241
FireFox:
========
FF ProfilePath: C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\wo64522p.default
FF Homepage: hxxp://www.benefind.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np_gp.dll (NOS Microsystems Ltd.)
FF SearchPlugin: C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\wo64522p.default\searchplugins\benefind.xml
FF Extension: Securita Scout - C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\wo64522p.default\Extensions\plug@securitascout.com [2014-07-13]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\wo64522p.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-05-20]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2015-01-26]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-05-06]
FF HKLM\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
FF HKLM\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.8.23\coFFPlgn
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.1.0.9\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.1.0.9\coFFPlgn [2015-03-04]
FF HKLM\...\Thunderbird\Extensions: [te_7.0@nokia.com] - C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_7.0
FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_7.0 [2011-12-04]
Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.benefind.de/"
CHR DefaultSearchKeyword: Default -> benefind.de
CHR DefaultSearchURL: Default -> hxxp://www.benefind.de/result.html?q={searchTerms}
CHR DefaultSuggestURL: Default ->
CHR Profile: C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-24]
CHR Extension: (Google Docs) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-09]
CHR Extension: (Google Drive) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-11-09]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-24]
CHR Extension: (YouTube) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-09]
CHR Extension: (Google Search) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-09]
CHR Extension: (Google Sheets) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-24]
CHR Extension: (Norton Identity Safe) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-01-24]
CHR Extension: (Google Wallet) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-24]
CHR Extension: (Gmail) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-09]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.1.0.9\Exts\Chrome.crx [2015-01-08]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - [Not Found]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AAV UpdateService; C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 AdobeActiveFileMonitor8.0; C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [169312 2009-09-18] (Adobe Systems Incorporated)
R2 BUNAgentSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [16384 2008-03-03] (NewTech Infosystems, Inc.) [File not signed]
R2 CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [69632 2008-10-04] () [File not signed]
R2 ePowerSvc; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [653856 2008-12-18] (Acer Incorporated)
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed]
S4 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-12-06] () [File not signed]
R2 NCO; C:\Program Files\Norton Identity Safe\Engine\2014.7.8.23\NST.exe [130104 2014-09-20] (Symantec Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [43520 2006-05-11] (Hewlett-Packard) [File not signed]
R2 NS; C:\Program Files\Norton Security\Engine\22.1.0.9\NS.exe [282528 2014-12-10] (Symantec Corporation)
R2 NTIBackupSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [45056 2008-04-25] (NewTech InfoSystems, Inc.) [File not signed]
R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-25] () [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [52736 2006-05-11] (Hewlett-Packard) [File not signed]
S4 RichVideo; C:\Program Files\Cyberlink\Shared files\RichVideo.exe [272024 2007-01-09] ()
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 AF15BDA; C:\Windows\System32\DRIVERS\AF15BDA.sys [483200 2010-08-21] (ITETech )
R1 BHDrvx86; C:\Program Files\Norton Security\NortonData\22.1.0.9\Definitions\BASHDefs\20150224.001_4f9\BHDrvx86.sys [1164504 2015-02-24] (Symantec Corporation)
R1 ccSet_NS; C:\Windows\system32\drivers\NS\1601000.009\ccSetx86.sys [128728 2014-09-09] (Symantec Corporation)
R1 ccSet_NST; C:\Windows\system32\drivers\NST\7DE07080.017\ccSetx86.sys [127064 2013-09-27] (Symantec Corporation)
R1 DritekPortIO; C:\Program Files\Launch Manager\DPortIO.sys [20112 2006-11-02] (Dritek System Inc.)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [378672 2014-11-25] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [111408 2014-11-25] (Symantec Corporation)
R1 IDSVix86; C:\Program Files\Norton Security\NortonData\22.1.0.9\Definitions\IPSDefs\20150303.001\IDSvix86.sys [503512 2015-02-26] (Symantec Corporation)
S3 MTOnlPktAlyX; C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyX.SYS [19200 2010-08-27] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [File not signed]
R3 NAVENG; C:\Program Files\Norton Security\NortonData\22.1.0.9\Definitions\VirusDefs\20150303.034\NAVENG.SYS [95704 2015-02-27] (Symantec Corporation)
R3 NAVEX15; C:\Program Files\Norton Security\NortonData\22.1.0.9\Definitions\VirusDefs\20150303.034\NAVEX15.SYS [1636696 2015-02-27] (Symantec Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [50704 2010-01-27] (CACE Technologies, Inc.)
R3 SRTSP; C:\Windows\system32\drivers\NS\1601000.009\SRTSP.SYS [699608 2014-12-02] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NS\1601000.009\SRTSPX.SYS [36056 2014-12-02] (Symantec Corporation)
S3 StarOpen; C:\Windows\system32\Drivers\StarOpen.sys [7168 2009-09-28] () [File not signed]
R0 SymDS; C:\Windows\System32\drivers\NS\1601000.009\SYMDS.SYS [364760 2014-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NS\1601000.009\SYMEFA.SYS [939224 2014-09-09] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [94424 2015-01-08] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NS\1601000.009\Ironx86.SYS [212696 2014-09-09] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\system32\drivers\NS\1601000.009\SYMTDIV.SYS [358104 2014-09-09] (Symantec Corporation)
R3 usbscan; C:\Windows\System32\DRIVERS\usbscan.sys [12400 1999-10-13] (Microsoft Corporation) [File not signed]
R3 ALSysIO; \??\C:\Users\Matthias\AppData\Local\Temp\ALSysIO.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 taphss6; system32\DRIVERS\taphss6.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-04 18:39 - 2015-03-04 18:39 - 00000829 _____ () C:\Users\Matthias\Desktop\JRT.txt
2015-03-04 13:52 - 2015-03-04 13:52 - 00001240 _____ () C:\Users\Matthias\Desktop\mbam 04-03-15.txt
2015-03-04 12:46 - 2015-03-04 13:22 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-04 12:45 - 2015-03-04 12:45 - 00000903 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-03-04 12:45 - 2015-03-04 12:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-03-04 12:45 - 2015-03-04 12:45 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2015-03-04 12:45 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-04 12:45 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-04 12:45 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-04 12:44 - 2015-03-04 12:44 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Matthias\Desktop\mbam-setup-2.0.4.1028.exe
2015-03-04 11:51 - 2015-03-04 12:41 - 00001061 _____ () C:\Users\Matthias\Desktop\Revo Uninstaller.lnk
2015-03-04 11:51 - 2015-03-04 11:51 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-03-04 11:39 - 2015-03-04 11:39 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Matthias\Desktop\revosetup95.exe
2015-03-03 17:00 - 2015-03-03 17:00 - 00047220 _____ () C:\Users\Matthias\Desktop\Addition.txt
2015-03-03 16:21 - 2015-03-04 18:44 - 00022156 _____ () C:\Users\Matthias\Desktop\FRST.txt
2015-03-03 16:21 - 2015-03-04 18:44 - 00000000 ____D () C:\FRST
2015-03-03 16:15 - 2015-03-03 16:15 - 01132032 _____ (Farbar) C:\Users\Matthias\Desktop\frst.exe
2015-02-28 11:18 - 2015-02-28 11:18 - 00002400 _____ () C:\AdwCleaner[R1].txt
2015-02-28 11:03 - 2008-11-20 17:39 - 00204464 _____ (Synaptics, Inc.) C:\Windows\system32\Drivers\SynTP.sys
2015-02-28 11:03 - 2008-11-20 17:38 - 00206120 _____ (Synaptics, Inc.) C:\Windows\system32\SynCtrl.dll
2015-02-28 11:03 - 2008-11-20 17:38 - 00161064 _____ (Synaptics, Inc.) C:\Windows\system32\SynTPAPI.dll
2015-02-28 11:03 - 2008-11-20 17:38 - 00120104 _____ (Synaptics, Inc.) C:\Windows\system32\SynTPCo4.dll
2015-02-28 10:47 - 2015-02-28 10:45 - 00176552 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2015-02-28 10:47 - 2015-02-28 10:45 - 00176552 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2015-02-28 00:04 - 2015-03-04 13:59 - 00000000 ____D () C:\AdwCleaner
2015-02-28 00:02 - 2015-02-28 00:03 - 02126848 _____ () C:\Users\Matthias\Desktop\adwcleaner_4.111.exe
2015-02-26 19:57 - 2015-02-26 19:57 - 00000053 _____ () C:\Windows\SynInst.log
2015-02-25 23:31 - 2015-02-25 23:31 - 00000000 ____D () C:\Users\Matthias\AppData\Local\TuneUp Software
2015-02-25 23:27 - 2015-02-26 10:59 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2015-02-25 20:56 - 2015-02-25 20:56 - 00000000 ____D () C:\Users\Matthias\AppData\Local\PDFCreator
2015-02-25 10:00 - 2015-02-25 10:00 - 00000000 ____D () C:\Program Files\Common Files\Java(1)
2015-02-23 12:53 - 2015-02-27 23:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2015-02-23 12:53 - 2015-02-23 12:53 - 00000832 _____ () C:\Users\Public\Desktop\PDFCreator.lnk
2015-02-13 17:59 - 2015-01-23 04:00 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-13 17:59 - 2015-01-23 03:51 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-12 10:39 - 2014-11-26 03:05 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-12 10:38 - 2015-01-13 02:39 - 00974848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-12 10:38 - 2015-01-09 01:20 - 02063360 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-12 10:34 - 2015-01-15 05:13 - 00440760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-12 10:34 - 2014-12-08 02:59 - 00306176 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 17:18 - 2015-01-14 02:51 - 12371456 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 17:18 - 2015-01-14 02:49 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-02-11 17:18 - 2015-01-14 02:46 - 09742336 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 17:18 - 2015-01-14 02:43 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 17:18 - 2015-01-14 02:42 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 17:18 - 2015-01-14 02:42 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 17:18 - 2015-01-14 02:41 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 17:18 - 2015-01-14 02:41 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 17:18 - 2015-01-14 02:41 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 17:18 - 2015-01-14 02:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-02-11 17:18 - 2015-01-14 02:41 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 17:18 - 2015-01-14 02:41 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 17:18 - 2015-01-14 02:40 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 17:18 - 2015-01-14 02:40 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 17:18 - 2015-01-14 02:40 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 17:18 - 2015-01-14 02:40 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 17:18 - 2015-01-14 02:40 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 17:18 - 2015-01-14 02:40 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-02-11 17:18 - 2015-01-14 02:40 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-02-11 17:18 - 2015-01-14 02:40 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-02-08 17:35 - 2015-03-04 18:42 - 00001340 _____ () C:\Users\Matthias\Desktop\CoreTemp.ini
2015-02-08 17:35 - 2013-10-08 13:22 - 00794272 _____ () C:\Users\Matthias\Desktop\Core Temp.exe
2015-02-08 17:28 - 2015-02-08 17:28 - 00734473 _____ () C:\Users\Matthias\Desktop\CoreTemp_106.zip
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-04 18:40 - 2013-10-15 11:05 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-04 18:36 - 2009-09-13 17:35 - 00000246 _____ () C:\Windows\Brownie.ini
2015-03-04 18:23 - 2009-02-21 15:19 - 01723957 _____ () C:\Windows\WindowsUpdate.log
2015-03-04 18:14 - 2015-01-24 00:03 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-04 17:16 - 2006-11-02 13:47 - 00003344 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-04 17:16 - 2006-11-02 13:47 - 00003344 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-04 13:17 - 2015-01-24 00:03 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-04 13:16 - 2009-05-06 20:12 - 00207414 _____ () C:\ProgramData\nvModes.001
2015-03-04 13:16 - 2009-01-16 19:58 - 00000147 _____ () C:\Windows\system32\agent.log
2015-03-04 13:16 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-04 13:00 - 2008-01-21 03:47 - 02827708 _____ () C:\Windows\PFRO.log
2015-03-04 12:17 - 2010-10-08 11:11 - 00000000 ____D () C:\Program Files\SlySoft
2015-03-04 11:19 - 2009-02-21 15:28 - 00207414 _____ () C:\ProgramData\nvModes.dat
2015-03-04 10:33 - 2009-08-27 21:36 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\Skype
2015-03-03 16:19 - 2009-05-06 20:12 - 00000000 ____D () C:\Users\Matthias
2015-03-03 14:32 - 2014-01-29 18:53 - 00000000 ____D () C:\Users\Matthias\.gimp-2.8
2015-03-03 14:27 - 2009-08-02 17:39 - 00002631 _____ () C:\Users\Matthias\Desktop\Microsoft Office Word 2007.lnk
2015-03-03 13:22 - 2009-09-13 17:36 - 00000034 _____ () C:\Windows\system32\BD2150N.DAT
2015-03-02 13:42 - 2015-01-26 21:48 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-03-01 23:30 - 2006-11-02 14:01 - 00032578 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-01 23:29 - 2009-08-30 20:52 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\vlc
2015-03-01 19:29 - 2008-01-21 08:16 - 01674410 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-28 11:59 - 2011-03-24 21:08 - 00000000 ____D () C:\Program Files\Java
2015-02-28 11:05 - 2009-02-21 15:19 - 00063094 _____ () C:\Windows\DPINST.LOG
2015-02-28 11:05 - 2006-11-02 13:52 - 00262190 _____ () C:\Windows\setupact.log
2015-02-28 10:48 - 2013-09-23 21:51 - 00000000 ____D () C:\ProgramData\Oracle
2015-02-28 10:45 - 2014-11-04 21:26 - 00272296 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2015-02-27 23:48 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\Msdtc
2015-02-27 23:48 - 2006-11-02 11:22 - 59244544 _____ () C:\Windows\system32\config\software_previous
2015-02-27 23:48 - 2006-11-02 11:22 - 46661632 _____ () C:\Windows\system32\config\components_previous
2015-02-27 23:48 - 2006-11-02 11:22 - 35651584 _____ () C:\Windows\system32\config\system_previous
2015-02-27 23:48 - 2006-11-02 11:22 - 00524288 _____ () C:\Windows\system32\config\default_previous
2015-02-27 23:48 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\security_previous
2015-02-27 23:48 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\sam_previous
2015-02-27 23:47 - 2013-02-26 11:56 - 00000000 __SHD () C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2015-02-27 23:47 - 2011-11-10 21:54 - 00000000 ____D () C:\Users\Matthias\AppData\Local\Akamai
2015-02-27 23:47 - 2009-08-30 20:52 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\dvdcss
2015-02-27 23:47 - 2009-08-22 11:12 - 00000000 ____D () C:\Users\Gast
2015-02-27 23:47 - 2009-07-11 13:08 - 00000000 ____D () C:\Users\Matthias\AppData\Local\Microsoft Help
2015-02-27 23:47 - 2006-11-02 12:18 - 00000000 ___RD () C:\Users\Public
2015-02-27 23:47 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\spool
2015-02-27 23:46 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\registration
2015-02-27 14:54 - 2009-01-16 19:03 - 00000000 ____D () C:\Program Files\Acer
2015-02-26 10:59 - 2011-10-27 21:20 - 00000000 ____D () C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2015-02-26 10:59 - 2011-04-07 22:52 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\HpUpdate
2015-02-26 10:37 - 2013-02-26 12:29 - 00000000 ____D () C:\ProgramData\TuneUp Software
2015-02-25 23:31 - 2013-02-26 12:30 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\TuneUp Software
2015-02-24 23:26 - 2010-09-05 19:34 - 00000000 ____D () C:\Users\Matthias\AppData\Local\CrashDumps
2015-02-24 12:43 - 2009-08-27 21:27 - 00000000 ___RD () C:\Program Files\Skype
2015-02-24 12:43 - 2009-08-27 21:27 - 00000000 ____D () C:\ProgramData\Skype
2015-02-23 12:53 - 2012-01-21 13:37 - 00000000 ____D () C:\Program Files\PDFCreator
2015-02-20 21:10 - 2015-01-24 00:04 - 00001967 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-14 18:16 - 2009-06-14 19:56 - 00049664 _____ () C:\Users\Matthias\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-12 21:15 - 2010-08-01 18:01 - 00007592 _____ () C:\Users\Matthias\AppData\Local\d3d9caps.dat
2015-02-12 21:12 - 2006-11-02 13:47 - 03684304 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-12 16:50 - 2013-07-16 02:06 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-12 10:40 - 2006-11-02 11:24 - 113756392 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-02-12 10:38 - 2009-01-16 18:45 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-06 00:14 - 2010-07-23 07:11 - 00002633 _____ () C:\Users\Matthias\Desktop\Microsoft Office Excel 2007.lnk
2015-02-05 21:40 - 2012-03-31 08:57 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-05 21:40 - 2011-08-01 09:29 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-02-04 17:21 - 2014-11-27 22:59 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
==================== Files in the root of some directories =======
2009-06-09 08:40 - 2009-06-09 08:38 - 0005250 _____ () C:\Program Files\0x0407.ini
2009-06-09 08:40 - 2009-06-09 08:38 - 14042624 _____ () C:\Program Files\Turbo Lister 2.msi
2011-03-25 21:15 - 2010-10-16 11:50 - 3056008 _____ (Ask) C:\Program Files\Common Files\AskToolbarInstaller.exe
2010-12-14 13:00 - 2012-03-28 09:14 - 1456640 _____ () C:\Program Files\Common Files\Falk Navi-Manager.msi
2011-03-25 21:15 - 2010-01-26 10:11 - 0444283 _____ () C:\Program Files\Common Files\WinPcapNmap.exe
2009-08-13 23:39 - 2009-08-13 23:39 - 0000319 _____ () C:\Users\Matthias\AppData\Roaming\mdb.bin
2010-08-01 18:01 - 2015-02-12 21:15 - 0007592 _____ () C:\Users\Matthias\AppData\Local\d3d9caps.dat
2009-06-14 19:56 - 2015-02-14 18:16 - 0049664 _____ () C:\Users\Matthias\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-08-13 20:38 - 2009-08-13 20:38 - 0000096 _____ () C:\Users\Matthias\AppData\Local\fusioncache.dat
2013-02-09 21:29 - 2013-02-09 21:34 - 0005086 _____ () C:\Users\Matthias\AppData\Local\MyWinLockerInstaller.txt-20130209.log
2014-08-10 19:41 - 2014-08-10 19:41 - 0001491 _____ () C:\Users\Matthias\AppData\Local\recently-used.xbel
2011-04-19 10:35 - 2011-04-21 08:42 - 0001940 _____ () C:\Users\Matthias\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
2010-10-08 10:32 - 2013-03-04 13:45 - 0000148 ___SH () C:\ProgramData\.zreglib
2011-03-25 21:15 - 2010-05-28 22:37 - 0015086 _____ () C:\ProgramData\Amazon.ico
2009-02-21 15:21 - 2009-02-21 15:23 - 0006112 _____ () C:\ProgramData\ArcadeDeluxe2.log
2011-03-25 21:15 - 2011-03-03 15:50 - 0009662 _____ () C:\ProgramData\BeRuby.ico
2009-08-27 21:43 - 2009-08-27 21:43 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2009-05-26 07:30 - 2012-04-15 22:27 - 0009789 _____ () C:\ProgramData\hpzinstall.log
2014-12-23 00:44 - 2014-12-23 00:48 - 0020531 ____H () C:\ProgramData\M33KI
2011-03-25 21:15 - 2010-07-20 12:53 - 0071926 _____ () C:\ProgramData\MercadoLivre.ico
2009-05-06 20:12 - 2015-03-04 13:16 - 0207414 _____ () C:\ProgramData\nvModes.001
2009-02-21 15:28 - 2015-03-04 11:19 - 0207414 _____ () C:\ProgramData\nvModes.dat
2011-03-25 21:15 - 2010-05-20 11:05 - 0025214 _____ () C:\ProgramData\QuickStores.ico
Some content of TEMP:
====================
C:\Users\Matthias\AppData\Local\Temp\RtkBtMnt.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-03-04 13:24
==================== End Of Log ============================
--- --- --- --- --- --- Wie kann ich den Screenshot hier einfügen? Lieben Gruß pasteur |
|
05.03.2015, 07:13
| #8 |
| /// the machine /// TB-Ausbilder | Vista: Unbekannter Ordner in meinen persönlichen DateienESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
08.03.2015, 16:32
| #9 |
| | Vista: Unbekannter Ordner in meinen persönlichen Dateien Hallo Schrauber, hat ein bisschen bei mir gedauert. Hier kommen die Logs Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=d67d4317fbe38c46bd845b0803068032
# engine=22803
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-03-08 03:04:57
# local_time=2015-03-08 04:04:57 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1=''
# compatibility_mode=5892 16776574 100 100 145449503 263316625 0 0
# scanned=294751
# found=8
# cleaned=0
# scan_time=11724
sh=95826B332BD1AC0543C2BA4DB637D082A994B1E5 ft=1 fh=f3159d8e366dd55a vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Matthias\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\DaemonProcess.exe.vir"
sh=749E0C6D85971204E397EAE65ED10A9A4AEF40AB ft=1 fh=ef830199de104882 vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Matthias\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.exe.vir"
sh=8E6A6992A3C7FEC4000FA1A4D764DD597109E0B5 ft=1 fh=c71c0011cd00713e vn="Win32/NextLive.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Matthias\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\nengine.dll.vir"
sh=93AD648467F47DC2708810D169F26F4A814778C5 ft=1 fh=e589ccabe231da4b vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Matthias\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\New_UpdateMoboGenie.exe.vir"
sh=2B71A57C96480FE13CB46A9F319794A0AF697642 ft=1 fh=296865a4b95bf4e8 vn="Variante von Win32/Toolbar.Babylon.W evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Matthias\AppData\Roaming\BabSolution\Shared\enhancedNT.dll.vir"
sh=76B997BE33132963D2D177908AB15DC0C69C7E89 ft=1 fh=b39dacf1316c7436 vn="Variante von Win32/Adware.Synatix.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Matthias\AppData\Roaming\Security System 2\data\upd.exe.vir"
sh=73098BBBA6CBC76BF206226FBDC659758EAC7F0B ft=1 fh=6c165ff8a046d46e vn="Win32/Adware.Synatix.B Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Matthias\AppData\Roaming\Security System 2\data\ie\ie.dll.vir"
sh=21E57DF72BF484727B155E8F0A15D0847EC7B940 ft=1 fh=f723b40fd3c95b67 vn="Variante von Win32/WinloadSDA.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Matthias\Desktop\Downloads\Hotspot-Shield-lnstall.exe"
Code:
ATTFilter Results of screen317's Security Check version 0.99.97
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Norton Security
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Java 64-bit 8 Update 31
Adobe Flash Player 16.0.0.305
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (36.0.1)
Google Chrome (40.0.2214.111)
Google Chrome (40.0.2214.115)
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-03-2015 02
Ran by Matthias (administrator) on MATTHIAS-PC on 08-03-2015 16:20:38
Running from C:\Users\Matthias\Desktop\Downloads
Loaded Profiles: Matthias (Available profiles: Matthias & Gast)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
() C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Symantec Corporation) C:\Program Files\Norton Identity Safe\Engine\2014.7.8.23\NST.exe
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.1.0.9\NS.exe
(NewTech InfoSystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
() C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.1.0.9\NS.exe
(Symantec Corporation) C:\Program Files\Norton Identity Safe\Engine\2014.7.8.23\NST.exe
() C:\Users\Matthias\Desktop\Core Temp.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(brother) C:\Program Files\Brownie\BrStsWnd.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Deutsche Telekom AG, Marmiko IT-Solutions GmbH) C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Akamai Technologies, Inc.) C:\Users\Matthias\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Mail\wlmail.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Contacts\wlcomm.exe
(Akamai Technologies, Inc.) C:\Users\Matthias\AppData\Local\Akamai\netsession_win.exe
(brother) C:\Program Files\Brownie\brpjp04a.exe
(Realtek Semiconductor Corp.) C:\Users\Matthias\AppData\Local\Temp\RtkBtMnt.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_16_0_0_305_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [6609440 2008-10-31] (Realtek Semiconductor)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [690720 2008-12-18] (Acer Incorporated)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1398056 2008-11-20] (Synaptics, Inc.)
HKLM\...\Run: [BrStsWnd] => C:\Program Files\Brownie\BrstsWnd.exe [880640 2008-09-18] (brother)
HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2008-10-31] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [ToADiMon.exe] => C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe [286720 2010-04-08] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKU\S-1-5-21-3827918516-2867637020-576463877-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-3827918516-2867637020-576463877-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Matthias\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3827918516-2867637020-576463877-1000\...\Run: [] => [X]
HKU\S-1-5-21-3827918516-2867637020-576463877-1000\...\MountPoints2: {19076bdf-bd55-11de-a648-00235a5338e1} - F:\Menu.exe
HKU\S-1-5-21-3827918516-2867637020-576463877-1000\...\MountPoints2: {d60af5b2-a679-11df-9129-00235a5338e1} - awb3ryk.exe
HKU\S-1-5-21-3827918516-2867637020-576463877-1000\Control Panel\Desktop\\SCRNSAVE.EXE ->
Startup: C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\E-Mail - Verknüpfung.lnk
ShortcutTarget: E-Mail - Verknüpfung.lnk -> (No File)
Startup: C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Calendar.lnk
ShortcutTarget: Windows Calendar.lnk -> C:\Program Files\Windows Calendar\WinCal.exe (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0209&m=aspire_5737z
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0209&m=aspire_5737z
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NS&pvid=22.1.0.9
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NS&pvid=22.1.0.9
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NS&pvid=22.1.0.9
HKU\S-1-5-21-3827918516-2867637020-576463877-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.benefind.de/
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3827918516-2867637020-576463877-1000 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE326
SearchScopes: HKU\S-1-5-21-3827918516-2867637020-576463877-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE326
SearchScopes: HKU\S-1-5-21-3827918516-2867637020-576463877-1000 -> {7AE64BE7-E40D-4E58-A1D9-F8DC7719A1DC} URL = hxxp://www.benefind.de/result.html?q={searchTerms}
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine\22.1.0.9\coIEPlg.dll [2014-12-05] (Symantec Corporation)
BHO: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.1.0.9\coIEPlg.dll [2014-12-05] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-3827918516-2867637020-576463877-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKU\S-1-5-21-3827918516-2867637020-576463877-1000 -> No Name - {CFCB809C-3A22-4616-A916-6C007BD9D920} - No File
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {C3E3BB4F-269C-41A3-9F5F-A360E933CAD3} https://as.photoprintit.com/ips-opdata/activex/ImageUploader6.cab
DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} https://asp.photoprintit.de/microsite/11093/defaults/activex/ips/IPSUploader4.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 212.27.40.240 212.27.40.241
FireFox:
========
FF ProfilePath: C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\wo64522p.default
FF Homepage: hxxp://www.benefind.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-16] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np_gp.dll [2009-08-07] (NOS Microsystems Ltd.)
FF SearchPlugin: C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\wo64522p.default\searchplugins\benefind.xml [2013-12-23]
FF Extension: Securita Scout - C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\wo64522p.default\Extensions\plug@securitascout.com [2014-07-13]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\wo64522p.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-05-20]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2015-03-06]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-05-06]
FF HKLM\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
FF HKLM\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.8.23\coFFPlgn
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.1.0.9\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.1.0.9\coFFPlgn [2015-03-08]
FF HKLM\...\Thunderbird\Extensions: [te_7.0@nokia.com] - C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_7.0
FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_7.0 [2011-12-04]
Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.benefind.de/"
CHR DefaultSearchKeyword: Default -> benefind.de
CHR DefaultSearchURL: Default -> hxxp://www.benefind.de/result.html?q={searchTerms}
CHR DefaultSuggestURL: Default ->
CHR Profile: C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-24]
CHR Extension: (Google Docs) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-09]
CHR Extension: (Google Drive) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-11-09]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-24]
CHR Extension: (YouTube) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-09]
CHR Extension: (Google Search) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-09]
CHR Extension: (Google Sheets) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-24]
CHR Extension: (Norton Identity Safe) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-01-24]
CHR Extension: (Google Wallet) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-24]
CHR Extension: (Gmail) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-09]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.1.0.9\Exts\Chrome.crx [2015-01-08]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - [Not Found]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AAV UpdateService; C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 AdobeActiveFileMonitor8.0; C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [169312 2009-09-18] (Adobe Systems Incorporated)
R2 BUNAgentSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [16384 2008-03-03] (NewTech Infosystems, Inc.) [File not signed]
R2 CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [69632 2008-10-04] () [File not signed]
R2 ePowerSvc; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [653856 2008-12-18] (Acer Incorporated)
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed]
S4 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-12-06] () [File not signed]
R2 NCO; C:\Program Files\Norton Identity Safe\Engine\2014.7.8.23\NST.exe [130104 2014-09-20] (Symantec Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [43520 2006-05-11] (Hewlett-Packard) [File not signed]
R2 NS; C:\Program Files\Norton Security\Engine\22.1.0.9\NS.exe [282528 2014-12-10] (Symantec Corporation)
R2 NTIBackupSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [45056 2008-04-25] (NewTech InfoSystems, Inc.) [File not signed]
R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-25] () [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [52736 2006-05-11] (Hewlett-Packard) [File not signed]
S4 RichVideo; C:\Program Files\Cyberlink\Shared files\RichVideo.exe [272024 2007-01-09] ()
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 AF15BDA; C:\Windows\System32\DRIVERS\AF15BDA.sys [483200 2010-08-21] (ITETech )
R1 BHDrvx86; C:\Program Files\Norton Security\NortonData\22.1.0.9\Definitions\BASHDefs\20150224.001_4f9\BHDrvx86.sys [1164504 2015-02-24] (Symantec Corporation)
R1 ccSet_NS; C:\Windows\system32\drivers\NS\1601000.009\ccSetx86.sys [128728 2014-09-09] (Symantec Corporation)
R1 ccSet_NST; C:\Windows\system32\drivers\NST\7DE07080.017\ccSetx86.sys [127064 2013-09-27] (Symantec Corporation)
R1 DritekPortIO; C:\Program Files\Launch Manager\DPortIO.sys [20112 2006-11-02] (Dritek System Inc.)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [378672 2014-11-25] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [111408 2014-11-25] (Symantec Corporation)
R1 IDSVix86; C:\Program Files\Norton Security\NortonData\22.1.0.9\Definitions\IPSDefs\20150306.001\IDSvix86.sys [503512 2015-02-26] (Symantec Corporation)
S3 MTOnlPktAlyX; C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyX.SYS [19200 2010-08-27] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [File not signed]
R3 NAVENG; C:\Program Files\Norton Security\NortonData\22.1.0.9\Definitions\VirusDefs\20150307.003\NAVENG.SYS [95704 2015-02-27] (Symantec Corporation)
R3 NAVEX15; C:\Program Files\Norton Security\NortonData\22.1.0.9\Definitions\VirusDefs\20150307.003\NAVEX15.SYS [1636696 2015-02-27] (Symantec Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [50704 2010-01-27] (CACE Technologies, Inc.)
R3 SRTSP; C:\Windows\system32\drivers\NS\1601000.009\SRTSP.SYS [699608 2014-12-02] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NS\1601000.009\SRTSPX.SYS [36056 2014-12-02] (Symantec Corporation)
S3 StarOpen; C:\Windows\system32\Drivers\StarOpen.sys [7168 2009-09-28] () [File not signed]
R0 SymDS; C:\Windows\System32\drivers\NS\1601000.009\SYMDS.SYS [364760 2014-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NS\1601000.009\SYMEFA.SYS [939224 2014-09-09] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [94424 2015-01-08] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NS\1601000.009\Ironx86.SYS [212696 2014-09-09] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\system32\drivers\NS\1601000.009\SYMTDIV.SYS [358104 2014-09-09] (Symantec Corporation)
S3 usbscan; C:\Windows\System32\DRIVERS\usbscan.sys [12400 1999-10-13] (Microsoft Corporation) [File not signed]
R3 ALSysIO; \??\C:\Users\Matthias\AppData\Local\Temp\ALSysIO.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 taphss6; system32\DRIVERS\taphss6.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-08 00:47 - 2015-03-08 00:47 - 00000000 ____D () C:\Program Files\ESET
2015-03-07 22:21 - 2015-03-07 22:21 - 00013875 _____ () C:\Users\Matthias\Desktop\Sicherungskopie von KV-Norton.wbk
2015-03-07 21:03 - 2015-03-07 21:03 - 00000910 _____ () C:\Users\Matthias\Desktop\checkup.txt
2015-03-07 00:10 - 2015-03-07 00:10 - 00026624 _____ () C:\Users\Matthias\Desktop\Sicherungskopie von Bitte oder frommer Wunsch.wbk
2015-03-06 18:16 - 2015-03-06 18:17 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-03-04 22:12 - 2015-03-04 22:12 - 00000764 _____ () C:\Users\Matthias\Desktop\TechPowerUp GPU-Z.lnk
2015-03-04 22:12 - 2015-03-04 22:12 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TechPowerUp GPU-Z
2015-03-04 22:12 - 2015-03-04 22:12 - 00000000 ____D () C:\Program Files\GPU-Z
2015-03-04 18:39 - 2015-03-04 18:39 - 00000829 _____ () C:\Users\Matthias\Desktop\JRT.txt
2015-03-04 13:52 - 2015-03-04 13:52 - 00001240 _____ () C:\Users\Matthias\Desktop\mbam 04-03-15.txt
2015-03-04 12:46 - 2015-03-04 13:22 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-04 12:45 - 2015-03-04 12:45 - 00000903 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-03-04 12:45 - 2015-03-04 12:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-03-04 12:45 - 2015-03-04 12:45 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2015-03-04 12:45 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-04 12:45 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-04 12:45 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-04 12:44 - 2015-03-04 12:44 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Matthias\Desktop\mbam-setup-2.0.4.1028.exe
2015-03-04 11:51 - 2015-03-04 12:41 - 00001061 _____ () C:\Users\Matthias\Desktop\Revo Uninstaller.lnk
2015-03-04 11:51 - 2015-03-04 11:51 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-03-04 11:39 - 2015-03-04 11:39 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Matthias\Desktop\revosetup95.exe
2015-03-03 17:00 - 2015-03-03 17:00 - 00047220 _____ () C:\Users\Matthias\Desktop\Addition.txt
2015-03-03 16:21 - 2015-03-08 16:20 - 00000000 ____D () C:\FRST
2015-03-03 16:21 - 2015-03-04 18:45 - 00038248 _____ () C:\Users\Matthias\Desktop\FRST.txt
2015-02-28 11:18 - 2015-02-28 11:18 - 00002400 _____ () C:\AdwCleaner[R1].txt
2015-02-28 11:03 - 2008-11-20 17:39 - 00204464 _____ (Synaptics, Inc.) C:\Windows\system32\Drivers\SynTP.sys
2015-02-28 11:03 - 2008-11-20 17:38 - 00206120 _____ (Synaptics, Inc.) C:\Windows\system32\SynCtrl.dll
2015-02-28 11:03 - 2008-11-20 17:38 - 00161064 _____ (Synaptics, Inc.) C:\Windows\system32\SynTPAPI.dll
2015-02-28 11:03 - 2008-11-20 17:38 - 00120104 _____ (Synaptics, Inc.) C:\Windows\system32\SynTPCo4.dll
2015-02-28 10:47 - 2015-02-28 10:45 - 00176552 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2015-02-28 10:47 - 2015-02-28 10:45 - 00176552 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2015-02-28 00:04 - 2015-03-04 13:59 - 00000000 ____D () C:\AdwCleaner
2015-02-28 00:02 - 2015-02-28 00:03 - 02126848 _____ () C:\Users\Matthias\Desktop\adwcleaner_4.111.exe
2015-02-26 19:57 - 2015-02-26 19:57 - 00000053 _____ () C:\Windows\SynInst.log
2015-02-25 23:31 - 2015-02-25 23:31 - 00000000 ____D () C:\Users\Matthias\AppData\Local\TuneUp Software
2015-02-25 23:27 - 2015-02-26 10:59 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2015-02-25 20:56 - 2015-02-25 20:56 - 00000000 ____D () C:\Users\Matthias\AppData\Local\PDFCreator
2015-02-25 10:00 - 2015-02-25 10:00 - 00000000 ____D () C:\Program Files\Common Files\Java(1)
2015-02-23 12:53 - 2015-02-27 23:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2015-02-23 12:53 - 2015-02-23 12:53 - 00000832 _____ () C:\Users\Public\Desktop\PDFCreator.lnk
2015-02-13 17:59 - 2015-01-23 04:00 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-13 17:59 - 2015-01-23 03:51 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-12 10:39 - 2014-11-26 03:05 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-12 10:38 - 2015-01-13 02:39 - 00974848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-12 10:38 - 2015-01-09 01:20 - 02063360 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-12 10:34 - 2015-01-15 05:13 - 00440760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-12 10:34 - 2014-12-08 02:59 - 00306176 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 17:18 - 2015-01-14 02:51 - 12371456 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 17:18 - 2015-01-14 02:49 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-02-11 17:18 - 2015-01-14 02:46 - 09742336 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 17:18 - 2015-01-14 02:43 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 17:18 - 2015-01-14 02:42 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 17:18 - 2015-01-14 02:42 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 17:18 - 2015-01-14 02:41 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 17:18 - 2015-01-14 02:41 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 17:18 - 2015-01-14 02:41 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 17:18 - 2015-01-14 02:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-02-11 17:18 - 2015-01-14 02:41 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 17:18 - 2015-01-14 02:41 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 17:18 - 2015-01-14 02:40 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 17:18 - 2015-01-14 02:40 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 17:18 - 2015-01-14 02:40 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 17:18 - 2015-01-14 02:40 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 17:18 - 2015-01-14 02:40 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 17:18 - 2015-01-14 02:40 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-02-11 17:18 - 2015-01-14 02:40 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-02-11 17:18 - 2015-01-14 02:40 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-02-08 17:35 - 2015-03-07 23:20 - 00001340 _____ () C:\Users\Matthias\Desktop\CoreTemp.ini
2015-02-08 17:35 - 2013-10-08 13:22 - 00794272 _____ () C:\Users\Matthias\Desktop\Core Temp.exe
2015-02-08 17:28 - 2015-02-08 17:28 - 00734473 _____ () C:\Users\Matthias\Desktop\CoreTemp_106.zip
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-08 16:14 - 2015-01-24 00:03 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-08 15:40 - 2013-10-15 11:05 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-08 15:28 - 2009-02-21 15:19 - 01870872 _____ () C:\Windows\WindowsUpdate.log
2015-03-08 15:12 - 2009-09-13 17:35 - 00000330 _____ () C:\Windows\Brownie.ini
2015-03-08 15:11 - 2015-01-24 00:03 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-08 15:08 - 2009-05-06 20:12 - 00207414 _____ () C:\ProgramData\nvModes.001
2015-03-08 15:08 - 2009-01-16 19:58 - 00000147 _____ () C:\Windows\system32\agent.log
2015-03-08 15:08 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-08 15:08 - 2006-11-02 13:47 - 00003344 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-08 15:08 - 2006-11-02 13:47 - 00003344 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-08 06:02 - 2006-11-02 14:01 - 00032578 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-07 23:22 - 2008-01-21 08:16 - 01674410 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-07 21:13 - 2009-08-02 17:39 - 00002631 _____ () C:\Users\Matthias\Desktop\Microsoft Office Word 2007.lnk
2015-03-07 18:55 - 2009-01-16 19:56 - 00000000 ____D () C:\Program Files\Common Files\LightScribe
2015-03-07 07:59 - 2009-02-21 15:28 - 00207414 _____ () C:\ProgramData\nvModes.dat
2015-03-07 07:41 - 2014-11-27 22:59 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-03-06 20:56 - 2009-08-27 21:36 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\Skype
2015-03-06 16:36 - 2011-11-10 21:54 - 00000000 ____D () C:\Users\Matthias\AppData\Local\Akamai
2015-03-06 16:36 - 2009-09-13 17:36 - 00000000 ____D () C:\Program Files\Brownie
2015-03-05 18:47 - 2009-11-30 21:17 - 00000000 ____D () C:\eg
2015-03-04 21:50 - 2014-10-01 09:15 - 00002379 _____ () C:\Users\Public\Desktop\Skype.lnk
2015-03-04 13:00 - 2008-01-21 03:47 - 02827708 _____ () C:\Windows\PFRO.log
2015-03-04 12:17 - 2010-10-08 11:11 - 00000000 ____D () C:\Program Files\SlySoft
2015-03-03 16:19 - 2009-05-06 20:12 - 00000000 ____D () C:\Users\Matthias
2015-03-03 14:32 - 2014-01-29 18:53 - 00000000 ____D () C:\Users\Matthias\.gimp-2.8
2015-03-03 13:22 - 2009-09-13 17:36 - 00000034 _____ () C:\Windows\system32\BD2150N.DAT
2015-03-01 23:29 - 2009-08-30 20:52 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\vlc
2015-02-28 11:59 - 2011-03-24 21:08 - 00000000 ____D () C:\Program Files\Java
2015-02-28 11:05 - 2009-02-21 15:19 - 00063094 _____ () C:\Windows\DPINST.LOG
2015-02-28 11:05 - 2006-11-02 13:52 - 00262190 _____ () C:\Windows\setupact.log
2015-02-28 10:48 - 2013-09-23 21:51 - 00000000 ____D () C:\ProgramData\Oracle
2015-02-28 10:45 - 2014-11-04 21:26 - 00272296 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2015-02-27 23:48 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\Msdtc
2015-02-27 23:48 - 2006-11-02 11:22 - 59244544 _____ () C:\Windows\system32\config\software_previous
2015-02-27 23:48 - 2006-11-02 11:22 - 46661632 _____ () C:\Windows\system32\config\components_previous
2015-02-27 23:48 - 2006-11-02 11:22 - 35651584 _____ () C:\Windows\system32\config\system_previous
2015-02-27 23:48 - 2006-11-02 11:22 - 00524288 _____ () C:\Windows\system32\config\default_previous
2015-02-27 23:48 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\security_previous
2015-02-27 23:48 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\sam_previous
2015-02-27 23:47 - 2013-02-26 11:56 - 00000000 __SHD () C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2015-02-27 23:47 - 2009-08-30 20:52 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\dvdcss
2015-02-27 23:47 - 2009-08-22 11:12 - 00000000 ____D () C:\Users\Gast
2015-02-27 23:47 - 2009-07-11 13:08 - 00000000 ____D () C:\Users\Matthias\AppData\Local\Microsoft Help
2015-02-27 23:47 - 2006-11-02 12:18 - 00000000 ___RD () C:\Users\Public
2015-02-27 23:47 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\spool
2015-02-27 23:46 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\registration
2015-02-27 14:54 - 2009-01-16 19:03 - 00000000 ____D () C:\Program Files\Acer
2015-02-26 10:59 - 2011-10-27 21:20 - 00000000 ____D () C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2015-02-26 10:59 - 2011-04-07 22:52 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\HpUpdate
2015-02-26 10:37 - 2013-02-26 12:29 - 00000000 ____D () C:\ProgramData\TuneUp Software
2015-02-25 23:31 - 2013-02-26 12:30 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\TuneUp Software
2015-02-24 23:26 - 2010-09-05 19:34 - 00000000 ____D () C:\Users\Matthias\AppData\Local\CrashDumps
2015-02-24 12:43 - 2009-08-27 21:27 - 00000000 ___RD () C:\Program Files\Skype
2015-02-24 12:43 - 2009-08-27 21:27 - 00000000 ____D () C:\ProgramData\Skype
2015-02-23 12:53 - 2012-01-21 13:37 - 00000000 ____D () C:\Program Files\PDFCreator
2015-02-20 21:10 - 2015-01-24 00:04 - 00001967 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-14 18:16 - 2009-06-14 19:56 - 00049664 _____ () C:\Users\Matthias\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-12 21:15 - 2010-08-01 18:01 - 00007592 _____ () C:\Users\Matthias\AppData\Local\d3d9caps.dat
2015-02-12 21:12 - 2006-11-02 13:47 - 03684304 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-12 16:50 - 2013-07-16 02:06 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-12 10:40 - 2006-11-02 11:24 - 113756392 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-02-12 10:38 - 2009-01-16 18:45 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-06 00:14 - 2010-07-23 07:11 - 00002633 _____ () C:\Users\Matthias\Desktop\Microsoft Office Excel 2007.lnk
==================== Files in the root of some directories =======
2009-06-09 08:40 - 2009-06-09 08:38 - 0005250 _____ () C:\Program Files\0x0407.ini
2009-06-09 08:40 - 2009-06-09 08:38 - 14042624 _____ () C:\Program Files\Turbo Lister 2.msi
2011-03-25 21:15 - 2010-10-16 11:50 - 3056008 _____ (Ask) C:\Program Files\Common Files\AskToolbarInstaller.exe
2010-12-14 13:00 - 2012-03-28 09:14 - 1456640 _____ () C:\Program Files\Common Files\Falk Navi-Manager.msi
2011-03-25 21:15 - 2010-01-26 10:11 - 0444283 _____ () C:\Program Files\Common Files\WinPcapNmap.exe
2009-08-13 23:39 - 2009-08-13 23:39 - 0000319 _____ () C:\Users\Matthias\AppData\Roaming\mdb.bin
2010-08-01 18:01 - 2015-02-12 21:15 - 0007592 _____ () C:\Users\Matthias\AppData\Local\d3d9caps.dat
2009-06-14 19:56 - 2015-02-14 18:16 - 0049664 _____ () C:\Users\Matthias\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-08-13 20:38 - 2009-08-13 20:38 - 0000096 _____ () C:\Users\Matthias\AppData\Local\fusioncache.dat
2013-02-09 21:29 - 2013-02-09 21:34 - 0005086 _____ () C:\Users\Matthias\AppData\Local\MyWinLockerInstaller.txt-20130209.log
2014-08-10 19:41 - 2014-08-10 19:41 - 0001491 _____ () C:\Users\Matthias\AppData\Local\recently-used.xbel
2011-04-19 10:35 - 2011-04-21 08:42 - 0001940 _____ () C:\Users\Matthias\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
2010-10-08 10:32 - 2013-03-04 13:45 - 0000148 ___SH () C:\ProgramData\.zreglib
2011-03-25 21:15 - 2010-05-28 22:37 - 0015086 _____ () C:\ProgramData\Amazon.ico
2009-02-21 15:21 - 2009-02-21 15:23 - 0006112 _____ () C:\ProgramData\ArcadeDeluxe2.log
2011-03-25 21:15 - 2011-03-03 15:50 - 0009662 _____ () C:\ProgramData\BeRuby.ico
2009-08-27 21:43 - 2009-08-27 21:43 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2009-05-26 07:30 - 2012-04-15 22:27 - 0009789 _____ () C:\ProgramData\hpzinstall.log
2014-12-23 00:44 - 2014-12-23 00:48 - 0020531 ____H () C:\ProgramData\M33KI
2011-03-25 21:15 - 2010-07-20 12:53 - 0071926 _____ () C:\ProgramData\MercadoLivre.ico
2009-05-06 20:12 - 2015-03-08 15:08 - 0207414 _____ () C:\ProgramData\nvModes.001
2009-02-21 15:28 - 2015-03-07 07:59 - 0207414 _____ () C:\ProgramData\nvModes.dat
2011-03-25 21:15 - 2010-05-20 11:05 - 0025214 _____ () C:\ProgramData\QuickStores.ico
Some content of TEMP:
====================
C:\Users\Matthias\AppData\Local\Temp\RtkBtMnt.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-03-08 15:17
==================== End Of Log ============================
--- --- --- Neuerdings lassen sich alle Dateien des bewussten Ordners, zu dem ich meine Anfrage gestartet hatte, öffnen. Wie ist das möglich? Auch die Bilder werden angezeigt. Es handelt sich ganz offensichtlich wirklich um ein Windows-update. Mir ist nur etwas rätselhaft, wie das auf D: landen konnte, da es eigentlich auf C: gehört. Es gibt noch ein Problem, das ich aber nicht mit Malware in Verbindung bringe. Der Laptop (ACER Aspire 5737Z) stürzt in letzter Zeit immer mal ab. Regelmäßig passiert das inzwischen bei der Nutzung von Skype. In der Regel arbeitet vorher der Lüfter sehr intensiv. Meine Vermutung ist, dass der Lüfter gereinigt werden müsste, bzw. die Wärmeleitpads zu überprüfen sind. Der Laptop ist 6 Jahre alt. (Meine Frau hat den gleichen Rechner mit selbem Alter. Da trat das Problem etwas eher auf, besonders beim Streaming aus Mediatheken von ZDF du ARD. Sie arbeitet aber auch mehr mit dem Laptop und in ihrem Arbeitszimmer macht es sich die Katze oft gemütlich.) Ich habe bei mir CoreTemp installiert. Die beiden CPU kommen immer mal etwas über 90 Grad. Gestern habe ich dann beim Skypen mal experimentiert. Der Rechner stieg aus, während CoreTemp nur 83 Grad anzeigte. Vielleicht ist es dann doch die Kühlung der Graphikkarte, oder was da auch immer drin passieren kann? Um zu sehen, was da los ist, habe ich TechPowerUP GPU-Z installiert. Doch da komme ich an meine Grenzen, weil ich mit den ausgelesenen Daten nicht klarkomme. Kannst Du mir da noch weiter helfen? Oder hilft da nur der Weg in die Werkstatt? Leider ist das Teil ziemlich verbaut. Der Lüfter hat keine Serviceklappe, man müsste den ganzen Laptop auseinander nehmen. Lieben Gruß und vielen Dank Pasteur |
|
08.03.2015, 19:23
| #10 |
| /// the machine /// TB-Ausbilder | Vista: Unbekannter Ordner in meinen persönlichen Dateien Adobe updaten. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Users\Matthias\Desktop\Downloads\Hotspot-Shield-lnstall.exe
Emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Mit dem Problem mal bei uns hier im Hardwarebereich anfragen, aber ein Weg in die Werkstatt bleibt dir nicht erspart denke ich. Selbst 83 Grad sind schon extrem.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
09.03.2015, 13:02
| #11 |
| | Vista: Unbekannter Ordner in meinen persönlichen Dateien Hallo Schrauber, ich glaub ich habe eien Fehler gemacht, denn ich habe die Hotspot Shield Install.exe in den letzten Tagen gelöscht, als ich sie dort sah. Ich hatte die Datei im August bei Chip runtergeladen und brauchte sie jetzt nicht mehr. Entsprechend ist der Scan jetz ohne Ergebnis Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 08-03-2015 02
Ran by Matthias at 2015-03-09 12:41:25 Run:1
Running from C:\Users\Matthias\Desktop\Downloads
Loaded Profiles: Matthias (Available profiles: Matthias & Gast)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
C:\Users\Matthias\Desktop\Downloads\Hotspot-Shield-lnstall.exe
Emptytemp:
*****************
"C:\Users\Matthias\Desktop\Downloads\Hotspot-Shield-lnstall.exe" => File/Directory not found.
EmptyTemp: => Removed 1.2 GB temporary data.
The system needed a reboot.
==== End of Fixlog 12:44:05 ====
pasteur |
|
09.03.2015, 19:00
| #12 |
| /// the machine /// TB-Ausbilder | Vista: Unbekannter Ordner in meinen persönlichen Dateien passt.  Cleanup: (Die Reihenfolge ist hier entscheidend) Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken. Falls Combofix verwendet wurde:  Combofix deinstallieren
Alle Logs gepostet? Dann lade Dir bitte  DelFix herunter.
Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst. Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen. Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...  und/oder das Forum mit einer kleinen Spende  unterstützen.   Absicherung: Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen: Browser Java Flash-Player PDF-Reader Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren. Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen. Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig. Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank. Meine Empfehlung:  Emsisoft Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen. Optional:  NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen. Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.Lade Software von einem sauberen Portal wie  .Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen. Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner . Abschließend noch ein paar grundsätzliche Bemerkungen: Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems. Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Vista: Unbekannter Ordner in meinen persönlichen Dateien |
| ahnung, befinden, bekannter, dateien, einiger, festplatte, festplattenpartition, löschen, malware, namen, nicht löschbar, nicht löschen, ordner, ordnern, partition, persönliche, persönlichen, platte, rechner, stellige, system, unbekannter, unbekannter ordner, vista, weiteren, zahlen, zwischen |
dann auf 
und dann auf 
. 
+ R Taste und schreibe Combofix /Uninstall in das 
Linear-Darstellung
