|
Plagegeister aller Art und deren Bekämpfung: Wie werde ich die wizebar in Firefox wieder los?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
12.03.2015, 21:37 | #1 |
| Wie werde ich die wizebar in Firefox wieder los? Hallo, ich habe mir irgendwie eine wizebar eingefangen, die jedesmal aufpopt, wenn ich Firefox starte. Da ich aktuell nicht installiert habe, ist es mir völlig schleierhaft, wie ich mir das eingefangen habe. Mir ist jedoch aufgefallen, dass mein Laptop, das ich gestern Abend nicht heruntergefahren habe, sondern nur den Bildschirm heruntergeklappt habe, nachts plötzlich ansprang und erst durch öffnen und erneutes zuklappen des Bildschirms wieder in den Ruhemodus ging. ich habe gegoogelt und an einigen Stellen gelesen, dass ich in Firefox die addons kontrollieren soll.- Da komme ich aber gar nicht hin, da nach 2 Sekunden die Bildschirm blass wird und die wizebar öffnet. Ich habe Firefox deinstalliert und neu installiert (Firefox restaurieren), aber ohne Erfolg. Ich habe AdwCleaner gestartet, hier ist die log file:AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v4.112 - Bericht erstellt 12/03/2015 um 21:21:52 # Aktualisiert 09/03/2015 von Xplode # Datenbank : 2015-03-05.1 [Server] # Betriebssystem : Windows 7 Professional Service Pack 1 (x86) # Benutzername : Frank Fietz - FRANKFIETZ-PC # Gestarted von : C:\Users\Frank Fietz\Desktop\AdwCleaner_4.112.exe # Option : Suchlauf ***** [ Dienste ] ***** Dienst Gefunden : APNMCP ***** [ Dateien / Ordner ] ***** Datei Gefunden : C:\Users\Frank Fietz\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage Datei Gefunden : C:\Users\Frank Fietz\AppData\Roaming\Mozilla\Firefox\Profiles\yjp2khet.default\Extensions\{5ebdca98-43b3-45bb-87e0-716029fb42ab}.xpi Datei Gefunden : C:\Users\Frank Fietz\AppData\Roaming\Mozilla\Firefox\Profiles\yjp2khet.default\searchplugins\search.xml Datei Gefunden : C:\Users\Frank Fietz\AppData\Roaming\Mozilla\Firefox\Profiles\yjp2khet.default\user.js Ordner Gefunden : C:\Program Files\AskPartnerNetwork Ordner Gefunden : C:\Program Files\Uniblue Ordner Gefunden : C:\ProgramData\apn Ordner Gefunden : C:\ProgramData\AskPartnerNetwork Ordner Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue Ordner Gefunden : C:\SoftwareUpdater Ordner Gefunden : C:\Users\Admin\AppData\Local\AskPartnerNetwork Ordner Gefunden : C:\Users\Büro\AppData\Local\AskPartnerNetwork Ordner Gefunden : C:\Users\Büro\AppData\LocalLow\pdfforge Ordner Gefunden : C:\Users\Büro\AppData\LocalLow\Search Settings Ordner Gefunden : C:\Users\Büro\Desktop\Delta Ordner Gefunden : C:\Users\Frank Fietz\AppData\Local\AskPartnerNetwork Ordner Gefunden : C:\Users\Frank Fietz\AppData\Local\DownloadGuide Ordner Gefunden : C:\Users\Frank Fietz\AppData\Local\OpenCandy Ordner Gefunden : C:\Users\Frank Fietz\AppData\Roaming\Mozilla\Firefox\Profiles\yjp2khet.default\Extensions\{5ebdca98-43b3-45bb-87e0-716029fb42ab}.xpi Ordner Gefunden : C:\Users\Frank Fietz\AppData\Roaming\Mozilla\Firefox\Profiles\yjp2khet.default\Extensions\ffxtlbr@searchya.com Ordner Gefunden : C:\Users\Frank Fietz\AppData\Roaming\Uniblue Ordner Gefunden : C:\Users\FRANKF~1\AppData\Local\Temp\apn ***** [ Geplante Tasks ] ***** ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Daten Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local Schlüssel Gefunden : HKCU\Software\AskPartnerNetwork Schlüssel Gefunden : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{41564952-412D-5637-00A7-7A786E7484D7} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{41564952-412D-5637-00A7-7A786E7484D7} Schlüssel Gefunden : HKCU\Software\searchya.com Schlüssel Gefunden : HKLM\SOFTWARE\AskPartnerNetwork Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{1973277F-87B0-4EA3-9ED2-470A91D284CF} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{41564952-412D-5637-00A7-7A786E7484D7} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{44CBC005-6243-4502-8A02-3A096A282664} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{80703783-E415-4EE3-AB60-D36981C5A6F1} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{D8278076-BC68-4484-9233-6E7F1628B56C} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{F297534D-7B06-459D-BC19-2DD8EF69297B} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{80703783-E415-4EE3-AB60-D36981C5A6F1} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{9945959C-AAD8-4312-8B57-2DE11927E770} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{EEA63863-87BC-4DCA-A5B5-EB97E3B04806} Schlüssel Gefunden : HKLM\SOFTWARE\covus freemium gmbh Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaacalgebmfelllfiaoknifldpngjh Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.apn.native_messaging_host_aaaaacalgebmfelllfiaoknifldpngjh Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{30F5AB16-9F1E-4E99-93F2-ECB9ABB0EC12} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41564952-412D-5637-00A7-7A786E7484D7} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3D2C9DE6-9ADE-4252-A241-E43723B0CE02} Schlüssel Gefunden : HKLM\SOFTWARE\Uniblue Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Main [Backup.old.Start Page] Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{41564952-412D-5637-00A7-7A786E7484D7}] Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon] ***** [ Internetbrowser ] ***** -\\ Internet Explorer v11.0.9600.17689 -\\ Mozilla Firefox v36.0.1 (x86 de) [yjp2khet.default] - Zeile Gefunden : user_pref("extensions.enabledAddons", "ffxtlbr%40searchya.com:1.5.1,%7B5ebdca98-43b3-45bb-87e0-716029fb42ab%7D:9.5.3,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:35.0.1"); [yjp2khet.default] - Zeile Gefunden : user_pref("extensions.searchya.aflt", "foxtab"); [yjp2khet.default] - Zeile Gefunden : user_pref("extensions.searchya.autoRvrt", false); [yjp2khet.default] - Zeile Gefunden : user_pref("extensions.searchya.cntry", "DE"); [yjp2khet.default] - Zeile Gefunden : user_pref("extensions.searchya.dfltLng", ""); [yjp2khet.default] - Zeile Gefunden : user_pref("extensions.searchya.dfltSrch", true); [yjp2khet.default] - Zeile Gefunden : user_pref("extensions.searchya.dnsErr", true); [yjp2khet.default] - Zeile Gefunden : user_pref("extensions.searchya.envrmnt", "production"); [yjp2khet.default] - Zeile Gefunden : user_pref("extensions.searchya.excTlbr", false); [yjp2khet.default] - Zeile Gefunden : user_pref("extensions.searchya.hdrMd5", "35DF7325170BEEE367CDF021AB922424"); [yjp2khet.default] - Zeile Gefunden : user_pref("extensions.searchya.hmpg", true); [yjp2khet.default] - Zeile Gefunden : user_pref("extensions.searchya.hmpgUrl", "hxxp://www.searchya.com/?s=0&a=foxtab&chnl=ft-100&cd=2XzuyEtN2Y1L1Qzu0CyEyEyCtCzy0E0Ezy0BtB0BtCyB0EyEtN0D0Tzu0CtBtCtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1152074174"[...] [yjp2khet.default] - Zeile Gefunden : user_pref("extensions.searchya.id", "C44619EE9B2B17E4"); [yjp2khet.default] - Zeile Gefunden : user_pref("extensions.searchya.instlDay", "15551"); [yjp2khet.default] - Zeile Gefunden : user_pref("extensions.searchya.instlRef", "ft-100"); [yjp2khet.default] - Zeile Gefunden : user_pref("extensions.searchya.isdcmntcmplt", true); [yjp2khet.default] - Zeile Gefunden : user_pref("extensions.searchya.lastVrsnTs", "1.5.25.020:56:14"); [yjp2khet.default] - Zeile Gefunden : user_pref("extensions.searchya.mntrFFxVrsn", "15.0"); [yjp2khet.default] - Zeile Gefunden : user_pref("extensions.searchya.mntrvrsn", "1.3.0"); [yjp2khet.default] - Zeile Gefunden : user_pref("extensions.searchya.newTab", true); [yjp2khet.default] - Zeile Gefunden : user_pref("extensions.searchya.newTabUrl", "hxxp://www.searchya.com/?s=2&a=foxtab&chnl=ft-100&cd=2XzuyEtN2Y1L1Qzu0CyEyEyCtCzy0E0Ezy0BtB0BtCyB0EyEtN0D0Tzu0CtBtCtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=115207417[...] [yjp2khet.default] - Zeile Gefunden : user_pref("extensions.searchya.pnu_base", "{\"newVrsn\":\"65\",\"lastVrsn\":\"65\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"true\",\"msgTs\":0,\"lstMsgTs\":\"0\"}"); [yjp2khet.default] - Zeile Gefunden : user_pref("extensions.searchya.prdct", "searchya"); [yjp2khet.default] - Zeile Gefunden : user_pref("extensions.searchya.propectorlck", 82235039); [yjp2khet.default] - Zeile Gefunden : user_pref("extensions.searchya.prtkds", 0); [yjp2khet.default] - Zeile Gefunden : user_pref("extensions.searchya.prtkhmpg", 0); [yjp2khet.default] - Zeile Gefunden : user_pref("extensions.searchya.prtnrId", "searchya"); [yjp2khet.default] - Zeile Gefunden : user_pref("extensions.searchya.sg", "none"); [yjp2khet.default] - Zeile Gefunden : user_pref("extensions.searchya.smplGrp", "none"); [yjp2khet.default] - Zeile Gefunden : user_pref("extensions.searchya.srchPrvdr", "Search"); [yjp2khet.default] - Zeile Gefunden : user_pref("extensions.searchya.tlbrId", "base"); [yjp2khet.default] - Zeile Gefunden : user_pref("extensions.searchya.tlbrSrchUrl", "hxxp://www.searchya.com/?s=3&a=foxtab&chnl=ft-100&cd=2XzuyEtN2Y1L1Qzu0CyEyEyCtCzy0E0Ezy0BtB0BtCyB0EyEtN0D0Tzu0CtBtCtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1152074[...] [yjp2khet.default] - Zeile Gefunden : user_pref("extensions.searchya.vrsn", "1.5.25.0"); [yjp2khet.default] - Zeile Gefunden : user_pref("extensions.searchya.vrsnTs", "1.5.25.020:56:14"); [yjp2khet.default] - Zeile Gefunden : user_pref("extensions.searchya.vrsni", "1.5.25.0"); [yjp2khet.default] - Zeile Gefunden : user_pref("extensions.searchya_i.newTab", true); [yjp2khet.default] - Zeile Gefunden : user_pref("extensions.searchya_i.smplGrp", "none"); [yjp2khet.default] - Zeile Gefunden : user_pref("extensions.searchya_i.vrsnTs", "1.5.25.020:56:14"); [yjp2khet.default] - Zeile Gefunden : user_pref("extensions.xpiState", "{\"app-profile\":{\"ffxtlbr@searchya.com\":{\"d\":\"C:\\\\Users\\\\Frank Fietz\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\yjp2khet.default\\\\extensio[...] -\\ Google Chrome v ************************* AdwCleaner[R0].txt - [10710 Bytes] - [12/03/2015 21:21:52] ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [10770 Bytes] ########## Ich muss noch sagen, dass ich ein absolut Ahnungsloser bin. Insofern bitte bei Empfehlungen und Fragen so tun, als ob man es mit einem Säugling zu tun hätte Ich bitte um Hilfe und bedanke mich schon einmal vorab ! Frank |
12.03.2015, 21:40 | #2 |
/// the machine /// TB-Ausbilder | Wie werde ich die wizebar in Firefox wieder los? Hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
12.03.2015, 23:08 | #3 |
| Wie werde ich die wizebar in Firefox wieder los? Hallo,
__________________hier die FRST.txt: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015 Ran by Frank Fietz (administrator) on FRANKFIETZ-PC on 12-03-2015 23:04:15 Running from C:\Users\Frank Fietz\Desktop Loaded Profiles: Frank Fietz & Büro & Admin (Available profiles: Frank Fietz & Büro & Admin) Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_41f81f5ce017c35c\stacsv.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchService.exe (Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpHostW.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_41f81f5ce017c35c\AEstSrv.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe (Apple Computer, Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe () C:\Program Files\STMicroelectronics\Accelerometer\InstallFilterService.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe () C:\Program Files\STMicroelectronics\Accelerometer\FF_Protection.exe (CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (Creative Technology Ltd) C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpAgent.exe (Microsoft) C:\dell\DBRM\Reminder\DbrmTrayicon.exe (Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe (Nikon Corporation) C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (APN) C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Acresso Software Inc.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe () C:\Program Files\STMicroelectronics\Accelerometer\FF_Protection.exe (CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (Creative Technology Ltd) C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpAgent.exe (Microsoft) C:\dell\DBRM\Reminder\DbrmTrayicon.exe (Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe (Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (APN) C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPNetworkCommunicator.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_16_0_0_305_ActiveX.exe () C:\Users\Frank Fietz\Desktop\AdwCleaner_4.112.exe (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1602856 2010-01-07] (Synaptics Incorporated) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [495708 2010-01-05] (IDT, Inc.) HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup HKLM\...\Run: [NVHotkey] => rundll32.exe C:\Windows\system32\nvHotkey.dll,Start HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3853080 2009-12-18] (Dell Inc.) HKLM\...\Run: [FreeFallProtection] => C:\Program Files\STMicroelectronics\Accelerometer\FF_Protection.exe [2384896 2009-07-22] () HKLM\...\Run: [PDVDDXSrv] => C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-12-29] (CyberLink Corp.) HKLM\...\Run: [Dell Webcam Central] => C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd) HKLM\...\Run: [DpAgent] => C:\Program Files\DigitalPersona\Bin\dpagent.exe [842816 2009-05-12] (DigitalPersona, Inc.) HKLM\...\Run: [DBRMTray] => C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe [203776 2009-11-12] (Microsoft) HKLM\...\Run: [NWEReboot] => [X] HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [620152 2006-10-22] (Adobe Systems Inc.) HKLM\...\Run: [Nikon Message Center 2] => C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe [570880 2013-12-27] (Nikon Corporation) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM\...\Run: [AdobeCS6ServiceManager] => C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.) HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [703280 2015-03-11] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [ApnTBMon] => C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1934744 2015-01-27] (APN) HKLM\...\Run: [] => [X] HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard) HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [127792 2015-02-12] (Avira Operations GmbH & Co. KG) HKLM\...\RunOnce: [DBRMTray] => C:\Dell\DBRM\Reminder\TrayApp.exe [7168 2010-02-04] (Microsoft) HKU\S-1-5-21-3583340597-3711195315-3280567221-1000\...\Run: [msnmsgr] => C:\Program Files\Windows Live\Messenger\msnmsgr.exe [3883840 2009-07-26] (Microsoft Corporation) HKU\S-1-5-21-3583340597-3711195315-3280567221-1000\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-3583340597-3711195315-3280567221-1000\...\Run: [HP Photosmart 5520 series (NET)] => C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe [1837672 2012-10-17] (Hewlett-Packard Co.) HKU\S-1-5-21-3583340597-3711195315-3280567221-1000\...\MountPoints2: {9404f231-7b01-11df-b51e-c44619ee9b2b} - "F:\WD SmartWare.exe" autoplay=true HKU\S-1-5-21-3583340597-3711195315-3280567221-1000\...\MountPoints2: {abff56d5-7aae-11df-a400-a4badbcc28cf} - "E:\WD SmartWare.exe" autoplay=true HKU\S-1-5-21-3583340597-3711195315-3280567221-1000\...\MountPoints2: {faf7b043-70cc-11df-bd02-806e6f6e6963} - D:\setup.exe HKU\S-1-5-21-3583340597-3711195315-3280567221-1003\...\MountPoints2: {faf7b043-70cc-11df-bd02-806e6f6e6963} - D:\loomes.exe HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-03-20] (Microsoft Corporation) Lsa: [Notification Packages] scecli DPPWDFLT Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat - Schnellstart.lnk ShortcutTarget: Adobe Acrobat - Schnellstart.lnk -> C:\Windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk ShortcutTarget: Adobe Reader Synchronizer.lnk -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-3583340597-3711195315-3280567221-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKU\S-1-5-21-3583340597-3711195315-3280567221-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USSMB/8 HKU\S-1-5-21-3583340597-3711195315-3280567221-1000\Software\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = hxxp://g.uk.msn.com/USSMB/8 HKU\S-1-5-21-3583340597-3711195315-3280567221-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-3583340597-3711195315-3280567221-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USSMB/8 HKU\S-1-5-21-3583340597-3711195315-3280567221-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp SearchScopes: HKLM -> DefaultScope {30F5AB16-9F1E-4E99-93F2-ECB9ABB0EC12} URL = hxxp://www.searchya.com/?q={searchTerms}&s=1&a=foxtab&chnl=ft-100&cd=2XzuyEtN2Y1L1Qzu0CyEyEyCtCzy0E0Ezy0BtB0BtCyB0EyEtN0D0Tzu0CtBtCtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1152074174 SearchScopes: HKLM -> Backup.Old.DefaultScope {95ABE1F7-5A46-45DA-991F-33A173BAE842} SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {30F5AB16-9F1E-4E99-93F2-ECB9ABB0EC12} URL = hxxp://www.searchya.com/?q={searchTerms}&s=1&a=foxtab&chnl=ft-100&cd=2XzuyEtN2Y1L1Qzu0CyEyEyCtCzy0E0Ezy0BtB0BtCyB0EyEtN0D0Tzu0CtBtCtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1152074174 SearchScopes: HKLM -> {95ABE1F7-5A46-45DA-991F-33A173BAE842} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-3583340597-3711195315-3280567221-1000 -> DefaultScope {95ABE1F7-5A46-45DA-991F-33A173BAE842} URL = SearchScopes: HKU\S-1-5-21-3583340597-3711195315-3280567221-1000 -> Backup.Old.DefaultScope {95ABE1F7-5A46-45DA-991F-33A173BAE842} SearchScopes: HKU\S-1-5-21-3583340597-3711195315-3280567221-1000 -> {30F5AB16-9F1E-4E99-93F2-ECB9ABB0EC12} URL = SearchScopes: HKU\S-1-5-21-3583340597-3711195315-3280567221-1000 -> {95ABE1F7-5A46-45DA-991F-33A173BAE842} URL = SearchScopes: HKU\S-1-5-21-3583340597-3711195315-3280567221-1003 -> DefaultScope {7C2B5568-686E-4B38-A2DB-925C15EC1081} URL = hxxp://www.google.de/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-3583340597-3711195315-3280567221-1003 -> {7C2B5568-686E-4B38-A2DB-925C15EC1081} URL = hxxp://www.google.de/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-3583340597-3711195315-3280567221-1003 -> {95ABE1F7-5A46-45DA-991F-33A173BAE842} URL = BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.) BHO: DigitalPersona Fingerprint Software Extension -> {395610AE-C624-4f58-B89E-23733EA00F9A} -> C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll [2009-05-12] (DigitalPersona, Inc.) BHO: Avira SearchFree Toolbar -> {41564952-412D-5637-00A7-7A786E7484D7} -> C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll [2015-01-27] (APN LLC.) BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2012-12-07] (Oracle Corporation) BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation) BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22] (Adobe Systems Incorporated) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-12-07] (Oracle Corporation) Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22] (Adobe Systems Incorporated) Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll [2015-01-27] (APN LLC.) Toolbar: HKLM - Free PDF Perfect - {EFC2B9BE-AB2B-47F1-A47D-9EB28E58C917} - C:\Program Files\Freemium\Free PDF Perfect\ieagent32.dll [2013-08-14] (soft Xpansion) Toolbar: HKU\S-1-5-21-3583340597-3711195315-3280567221-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File Toolbar: HKU\S-1-5-21-3583340597-3711195315-3280567221-1000 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22] (Adobe Systems Incorporated) Toolbar: HKU\S-1-5-21-3583340597-3711195315-3280567221-1003 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22] (Adobe Systems Incorporated) Toolbar: HKU\S-1-5-21-3583340597-3711195315-3280567221-1003 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-11-28] (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies) Winsock: Catalog5 06 C:\Program Files\Bonjour\mdnsNSP.dll [94208] (Apple Computer, Inc.) Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 20 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Tcpip\Parameters: [DhcpNameServer] 80.69.100.102 192.168.0.1 Tcpip\..\Interfaces\{85FC32D2-AC82-4B23-9895-F4110319D42E}: [NameServer] 192.168.254.254 FireFox: ======== FF ProfilePath: C:\Users\Frank Fietz\AppData\Roaming\Mozilla\Firefox\Profiles\yjp2khet.default FF SelectedSearchEngine: Google FF Homepage: hxxp://www.google.com FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-06] () FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\system32\npDeployJava1.dll [2012-12-07] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.9.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2012-12-07] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.) FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation) FF Plugin: @soft-xpansion/npsxpdf -> C:\Program Files\Common Files\Freemium\np-sxpdf.dll [2013-08-14] (soft-Xpansion) FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-05-23] (Wacom) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-05-08] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3583340597-3711195315-3280567221-1000: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-05-23] (Wacom) FF user.js: detected! => C:\Users\Frank Fietz\AppData\Roaming\Mozilla\Firefox\Profiles\yjp2khet.default\user.js [2012-07-30] FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL [2007-03-22] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-05-08] (Adobe Systems Inc.) FF SearchPlugin: C:\Users\Frank Fietz\AppData\Roaming\Mozilla\Firefox\Profiles\yjp2khet.default\searchplugins\Search.xml [2012-07-30] FF Extension: searchya.com - C:\Users\Frank Fietz\AppData\Roaming\Mozilla\Firefox\Profiles\yjp2khet.default\Extensions\ffxtlbr@searchya.com [2012-07-30] FF Extension: Ghostery - C:\Users\Frank Fietz\AppData\Roaming\Mozilla\Firefox\Profiles\yjp2khet.default\Extensions\firefox@ghostery.com.xpi [2014-02-08] FF Extension: Avira SearchFree Toolbar plus Web Protection - C:\Users\Frank Fietz\AppData\Roaming\Mozilla\Firefox\Profiles\yjp2khet.default\Extensions\toolbar_AVIRA-V7@apn.ask.com.xpi [2013-07-26] FF Extension: SearchYa NewTab - C:\Users\Frank Fietz\AppData\Roaming\Mozilla\Firefox\Profiles\yjp2khet.default\Extensions\{5ebdca98-43b3-45bb-87e0-716029fb42ab}.xpi [2013-10-09] FF HKLM\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files\DigitalPersona\Bin\FirefoxExt FF Extension: DigitalPersona Extension - C:\Program Files\DigitalPersona\Bin\FirefoxExt [2010-06-06] FF HKLM\...\Firefox\Extensions: [{B45418F9-6406-4828-9D1A-35313FB1E2D6}] - C:\ProgramData\Freemium\Free PDF Perfect\Data\fftb FF Extension: Free PDF Perfect - C:\ProgramData\Freemium\Free PDF Perfect\Data\fftb [2013-08-14] FF HKLM\...\Thunderbird\Extensions: [{B45418F9-6406-4828-9D1A-35313FB1E2D6}] - C:\ProgramData\Freemium\Free PDF Perfect\Data\fftb FF HKU\S-1-5-21-3583340597-3711195315-3280567221-1000\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files\DigitalPersona\Bin\firefoxext FF HKU\S-1-5-21-3583340597-3711195315-3280567221-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] FF HKU\S-1-5-21-3583340597-3711195315-3280567221-1003\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files\DigitalPersona\Bin\firefoxext FF HKU\S-1-5-21-3583340597-3711195315-3280567221-1004\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files\DigitalPersona\Bin\firefoxext FF HKU\S-1-5-21-3583340597-3711195315-3280567221-1004\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi Chrome: ======= CHR Profile: C:\Users\Frank Fietz\AppData\Local\Google\Chrome\User Data\Default CHR HKLM\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx [2015-02-05] CHR HKLM\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - hxxp://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\FRANKF~1\AppData\Local\speeddial.crx [2012-07-30] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-3583340597-3711195315-3280567221-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\FRANKF~1\AppData\Local\speeddial.crx [2012-07-30] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [432888 2015-03-11] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [432888 2015-03-11] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [992504 2015-03-11] (Avira Operations GmbH & Co. KG) R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [177560 2015-01-27] (APN LLC.) R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [184056 2015-02-12] (Avira Operations GmbH & Co. KG) R2 Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed] R2 DpHost; C:\Program Files\DigitalPersona\Bin\DpHostW.exe [322624 2009-05-12] (DigitalPersona, Inc.) [File not signed] S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed] R2 InstallFilterService; C:\Program Files\STMicroelectronics\Accelerometer\InstallFilterService.exe [60928 2009-11-30] () [File not signed] S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.) R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_41f81f5ce017c35c\STacSV.exe [229458 2010-01-05] (IDT, Inc.) S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] S3 SXDS10; C:\Program Files\Common Files\soft Xpansion\sxds10.exe [234096 2013-08-14] (soft Xpansion) R2 TabletServiceWacom; C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe [7470496 2012-08-02] (Wacom Technology, Corp.) R2 TouchServiceWacom; C:\Program Files\Tablet\Wacom\Wacom_TouchService.exe [481696 2012-08-02] (Wacom Technology, Corp.) R2 vcsFPService; C:\Windows\system32\vcsFPService.exe [1656112 2009-07-13] (Validity Sensors, Inc.) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 Acceler; C:\Windows\System32\DRIVERS\Acceler.sys [41648 2009-12-02] (ST Microelectronics) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105864 2015-03-11] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2015-03-11] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-27] (Avira Operations GmbH & Co. KG) S3 hidkmdf; C:\Windows\System32\DRIVERS\hidkmdf.sys [11680 2012-06-21] (Windows (R) Win 7 DDK provider) R2 risdpcie; C:\Windows\System32\DRIVERS\risdpe86.sys [49152 2009-06-30] (REDC) R2 rixdpcie; C:\Windows\System32\DRIVERS\rixdpe86.sys [38400 2009-07-04] (REDC) R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-08-11] (Avira GmbH) S3 WacHidRouter; C:\Windows\System32\DRIVERS\wachidrouter.sys [57760 2012-06-21] (Wacom Technology) S3 wacomrouterfilter; C:\Windows\System32\DRIVERS\wacomrouterfilter.sys [13688 2012-05-22] (Wacom Technology) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-12 23:04 - 2015-03-12 23:05 - 00028186 _____ () C:\Users\Frank Fietz\Desktop\FRST.txt 2015-03-12 23:04 - 2015-03-12 23:04 - 00000000 ____D () C:\FRST 2015-03-12 23:03 - 2015-03-12 23:03 - 01135104 _____ (Farbar) C:\Users\Frank Fietz\Desktop\FRST.exe 2015-03-12 22:52 - 2015-03-12 22:52 - 00017517 _____ () C:\Users\Frank Fietz\Desktop\get-mirror-server.htm 2015-03-12 21:21 - 2015-03-12 21:23 - 00000000 ____D () C:\AdwCleaner 2015-03-12 21:20 - 2015-03-12 21:21 - 02171392 _____ () C:\Users\Frank Fietz\Desktop\AdwCleaner_4.112.exe 2015-03-12 21:11 - 2015-03-12 21:11 - 00001123 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-03-12 21:11 - 2015-03-12 21:11 - 00001111 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2015-03-12 21:11 - 2015-03-12 21:11 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2015-03-12 21:05 - 2015-03-12 21:05 - 00243528 _____ () C:\Users\Frank Fietz\Downloads\Firefox Setup Stub 36.0.1.exe 2015-03-12 20:57 - 2015-03-12 20:57 - 40824144 _____ () C:\Users\Admin\Downloads\Firefox_Setup_36.0.1.exe 2015-03-11 14:57 - 2015-02-26 04:11 - 02381312 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-03-11 14:57 - 2015-02-24 03:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-03-11 14:57 - 2015-02-21 01:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-03-11 14:57 - 2015-02-21 01:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-03-11 14:57 - 2015-02-21 01:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-03-11 14:57 - 2015-02-21 01:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-03-11 14:57 - 2015-02-21 00:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-03-11 14:57 - 2015-02-20 03:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-03-11 14:57 - 2015-02-20 03:22 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-03-11 14:57 - 2015-02-20 03:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-03-11 14:57 - 2015-02-20 03:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-03-11 14:57 - 2015-02-20 03:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-03-11 14:57 - 2015-02-20 03:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-03-11 14:57 - 2015-02-20 03:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-03-11 14:57 - 2015-02-20 03:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-03-11 14:57 - 2015-02-20 03:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-03-11 14:57 - 2015-02-20 02:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-03-11 14:57 - 2015-02-20 02:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-03-11 14:57 - 2015-02-20 02:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-03-11 14:57 - 2015-02-20 02:56 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-03-11 14:57 - 2015-02-20 02:50 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-03-11 14:57 - 2015-02-20 02:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-03-11 14:57 - 2015-02-20 02:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-03-11 14:57 - 2015-02-20 02:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-03-11 14:57 - 2015-02-20 02:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-03-11 14:57 - 2015-02-20 02:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-03-11 14:57 - 2015-02-20 02:24 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-03-11 14:57 - 2015-02-20 02:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-03-11 14:57 - 2015-02-20 02:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-03-11 14:57 - 2015-02-20 01:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-03-11 14:57 - 2015-02-20 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-03-11 14:57 - 2015-02-13 06:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2015-03-11 14:57 - 2015-02-03 04:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2015-03-11 14:57 - 2015-01-17 03:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll 2015-03-11 14:56 - 2015-03-06 06:15 - 00137656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-03-11 14:56 - 2015-03-06 06:15 - 00067512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-03-11 14:56 - 2015-03-06 06:10 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-03-11 14:56 - 2015-03-06 06:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-03-11 14:56 - 2015-03-06 06:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-03-11 14:56 - 2015-03-06 06:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-03-11 14:56 - 2015-03-06 06:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-03-11 14:56 - 2015-03-06 06:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-03-11 14:56 - 2015-03-06 06:10 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-03-11 14:56 - 2015-03-06 06:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-03-11 14:56 - 2015-03-06 06:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-03-11 14:56 - 2015-03-06 06:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-03-11 14:56 - 2015-03-06 06:10 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-03-11 14:56 - 2015-03-06 06:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-03-11 14:56 - 2015-03-06 06:09 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-03-11 14:56 - 2015-03-06 06:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-03-11 14:56 - 2015-03-06 06:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-03-11 14:56 - 2015-03-06 06:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-03-11 14:56 - 2015-02-20 05:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2015-03-11 14:56 - 2015-02-20 05:13 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2015-03-11 14:56 - 2015-02-20 05:13 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2015-03-11 14:56 - 2015-02-20 05:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2015-03-11 14:56 - 2015-02-20 04:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2015-03-11 14:56 - 2015-02-04 03:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2015-03-11 14:56 - 2015-02-03 04:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2015-03-11 14:56 - 2015-02-03 04:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-03-11 14:56 - 2015-02-03 04:16 - 00078784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys 2015-03-11 14:56 - 2015-02-03 04:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2015-03-11 14:56 - 2015-02-03 04:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2015-03-11 14:56 - 2015-02-03 04:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll 2015-03-11 14:56 - 2015-02-03 04:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2015-03-11 14:56 - 2015-02-03 04:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll 2015-03-11 14:56 - 2015-02-03 04:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll 2015-03-11 14:56 - 2015-02-03 04:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll 2015-03-11 14:56 - 2015-02-03 04:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll 2015-03-11 14:56 - 2015-02-03 04:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll 2015-03-11 14:56 - 2015-02-03 04:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll 2015-03-11 14:56 - 2015-02-03 04:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll 2015-03-11 14:56 - 2015-02-03 04:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll 2015-03-11 14:56 - 2015-02-03 04:12 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll 2015-03-11 14:56 - 2015-02-03 04:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll 2015-03-11 14:56 - 2015-02-03 04:00 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys 2015-03-11 14:56 - 2015-01-31 00:56 - 00370488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2015-03-11 14:56 - 2014-06-28 01:21 - 00455752 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe 2015-03-11 14:55 - 2015-02-03 04:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2015-03-11 14:55 - 2015-02-03 04:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll 2015-03-11 14:55 - 2015-02-03 04:12 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2015-03-11 14:55 - 2015-02-03 04:12 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-03-11 14:55 - 2015-02-03 04:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2015-03-11 14:55 - 2015-02-03 04:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll 2015-03-11 14:55 - 2015-02-03 04:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2015-03-11 14:55 - 2015-02-03 04:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2015-03-11 14:55 - 2015-02-03 04:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2015-03-11 14:55 - 2015-02-03 04:12 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2015-03-11 14:55 - 2015-02-03 04:11 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-03-11 14:55 - 2015-02-03 04:11 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe 2015-03-11 14:55 - 2015-02-03 04:11 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2015-03-11 14:55 - 2014-10-31 23:22 - 00521384 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe 2015-03-11 14:55 - 2014-06-28 01:21 - 00409272 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll 2015-03-11 14:29 - 2015-02-03 04:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2015-03-11 14:29 - 2015-02-03 04:12 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2015-03-11 14:29 - 2015-02-03 04:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2015-03-11 14:29 - 2015-02-03 04:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll 2015-03-11 14:29 - 2015-02-03 04:12 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-03-11 14:29 - 2015-02-03 04:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2015-03-11 14:29 - 2015-02-03 04:12 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2015-03-11 14:29 - 2015-02-03 04:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-03-11 14:29 - 2015-02-03 04:12 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-03-11 14:29 - 2015-02-03 04:12 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll 2015-03-11 14:29 - 2015-02-03 04:12 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll 2015-03-11 14:29 - 2015-02-03 04:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll 2015-03-11 14:29 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx 2015-03-11 14:29 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll 2015-03-11 14:29 - 2015-02-03 04:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2015-03-11 14:29 - 2015-02-03 04:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe 2015-03-11 14:29 - 2015-02-03 04:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe 2015-03-11 14:29 - 2015-02-03 04:11 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2015-03-11 14:29 - 2015-02-03 04:11 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe 2015-03-11 14:29 - 2015-02-03 04:11 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe 2015-03-11 14:29 - 2015-02-03 04:10 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll 2015-03-11 14:29 - 2015-02-03 04:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll 2015-03-11 14:29 - 2015-02-03 04:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-03-11 14:29 - 2015-02-03 03:26 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2015-02-25 03:02 - 2015-01-09 00:44 - 00419936 _____ () C:\Windows\system32\locale.nls 2015-02-18 20:51 - 2015-03-12 07:07 - 00000000 ____D () C:\Windows\rescache 2015-02-16 21:57 - 2015-02-16 22:00 - 00000022 _____ () C:\Users\Frank Fietz\Downloads\Details.zip 2015-02-11 03:12 - 2014-10-04 02:42 - 03221504 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2015-02-11 03:12 - 2014-10-04 02:42 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll 2015-02-11 03:11 - 2015-02-04 03:54 - 00482304 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-02-11 03:11 - 2015-02-04 03:53 - 00767488 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-02-11 03:11 - 2015-02-04 03:53 - 00621056 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-02-11 03:11 - 2015-02-04 03:53 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-02-11 03:11 - 2015-02-04 03:53 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-02-11 03:11 - 2015-02-04 03:53 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2015-02-11 03:11 - 2015-02-04 03:49 - 00886784 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-02-11 03:11 - 2015-01-28 00:36 - 01167520 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe 2015-02-11 03:11 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2015-02-11 03:09 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll 2015-02-10 20:53 - 2015-01-09 03:48 - 00635904 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll 2015-02-10 20:53 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll 2015-02-10 20:53 - 2015-01-09 03:48 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll 2015-02-10 12:42 - 2015-02-10 12:42 - 00000000 ____D () C:\Users\Admin\AppData\Local\Nemetschek_Allplan_GmbH 2015-02-10 12:36 - 2015-02-10 12:36 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Nemetschek ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-12 23:00 - 2009-07-14 05:55 - 01345804 _____ () C:\Windows\WindowsUpdate.log 2015-03-12 22:38 - 2012-05-25 23:25 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-03-12 22:06 - 2015-01-16 10:06 - 00000402 _____ () C:\Windows\Tasks\Allplan AutoUpdate 2011.job 2015-03-12 21:16 - 2011-05-21 14:36 - 00000000 ____D () C:\Users\Frank Fietz\Tracing 2015-03-12 21:15 - 2009-07-14 05:34 - 00025424 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-03-12 21:15 - 2009-07-14 05:34 - 00025424 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-03-12 21:11 - 2015-01-26 21:26 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2015-03-12 21:07 - 2010-06-05 19:06 - 00242376 _____ () C:\Windows\PFRO.log 2015-03-12 21:07 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-03-12 21:07 - 2009-07-14 05:39 - 00117852 _____ () C:\Windows\setupact.log 2015-03-12 20:03 - 2015-01-16 10:06 - 00000658 _____ () C:\Windows\Tasks\WebContent AutoUpdate 2011.job 2015-03-12 03:33 - 2009-07-14 05:33 - 04004056 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-03-12 03:29 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE 2015-03-12 03:13 - 2015-01-09 12:59 - 00000000 ____D () C:\Windows\system32\MRT 2015-03-12 03:05 - 2015-01-09 12:58 - 119837696 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-03-12 03:01 - 2010-06-17 19:17 - 00000000 ____D () C:\Users\Frank Fietz\AppData\Local\Adobe 2015-03-11 14:08 - 2013-08-11 08:29 - 00037896 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2015-03-11 14:08 - 2013-08-11 08:27 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2015-03-11 14:08 - 2013-08-11 08:27 - 00105864 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2015-03-09 09:32 - 2010-06-17 19:17 - 00000000 ____D () C:\Users\Frank Fietz\Desktop\EFH Harnackstraße 40 2015-03-05 21:23 - 2013-08-14 19:38 - 00000000 ____D () C:\ProgramData\Package Cache 2015-03-05 21:22 - 2013-08-11 08:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2015-03-05 21:22 - 2013-08-11 08:27 - 00000000 ____D () C:\Program Files\Avira 2015-02-28 13:47 - 2011-10-14 20:41 - 00000020 ____H () C:\ProgramData\PKP_DLet.DAT 2015-02-24 21:21 - 2011-10-21 17:01 - 00000020 ____H () C:\ProgramData\PKP_DLbx.DAT 2015-02-24 03:23 - 2010-08-15 13:58 - 00246920 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2015-02-12 19:32 - 2014-12-10 03:19 - 00000000 ____D () C:\Windows\system32\appraiser 2015-02-12 19:32 - 2014-05-01 02:02 - 00000000 ___SD () C:\Windows\system32\CompatTel 2015-02-12 19:32 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\tracing ==================== Files in the root of some directories ======= 2015-01-26 12:49 - 2015-01-26 12:49 - 0007218 _____ () C:\Users\Frank Fietz\AppData\Roaming\ContactSheetII.log 2010-06-18 23:45 - 2012-02-06 21:36 - 0000000 _____ () C:\Users\Frank Fietz\AppData\Roaming\Dictionaries 2011-10-14 20:41 - 2011-10-14 20:41 - 0000268 ___RH () C:\Users\Frank Fietz\AppData\Roaming\Displays 2011-10-14 20:41 - 2011-10-14 20:41 - 0000268 ___RH () C:\Users\Frank Fietz\AppData\Roaming\Distortion 2011-10-14 20:41 - 2011-10-14 20:41 - 0000268 ___RH () C:\Users\Frank Fietz\AppData\Roaming\Documentation 2012-08-10 17:41 - 2012-12-14 22:10 - 0000268 ___RH () C:\Users\Frank Fietz\AppData\Roaming\Equalizer 2011-10-21 17:06 - 2011-10-21 17:06 - 0000268 ___RH () C:\Users\Frank Fietz\AppData\Roaming\Jazz Kit 2015-01-26 12:49 - 2015-01-26 12:49 - 0000725 _____ () C:\Users\Frank Fietz\AppData\Roaming\Kontaktabzug II.xml 2012-09-26 20:44 - 2012-12-20 21:58 - 0001456 _____ () C:\Users\Frank Fietz\AppData\Local\Adobe Für Web speichern 13.0 Prefs 2012-07-30 19:56 - 2012-07-30 19:56 - 0384835 _____ () C:\Users\Frank Fietz\AppData\Local\speeddial.crx 2015-01-17 22:44 - 2015-01-17 22:44 - 0000057 _____ () C:\ProgramData\Ament.ini 2014-09-03 20:01 - 2014-09-03 20:01 - 0000000 _____ () C:\ProgramData\CustomDataViews 2014-09-03 20:01 - 2014-09-03 20:01 - 0000000 _____ () C:\ProgramData\Digital Light 2011-10-14 20:41 - 2011-10-14 20:41 - 0000268 ___RH () C:\ProgramData\Drum Kits 2011-10-14 20:41 - 2011-10-14 20:41 - 0000268 ___RH () C:\ProgramData\Drums 2011-10-14 20:41 - 2011-10-14 20:41 - 0000268 ___RH () C:\ProgramData\Dynamic Library 2011-10-14 20:41 - 2012-12-14 22:10 - 0000268 ___RH () C:\ProgramData\External Build System 2011-10-14 20:41 - 2011-10-14 20:41 - 0000012 ___RH () C:\ProgramData\Filesystems 2011-10-14 20:41 - 2011-10-14 20:41 - 0000012 ___RH () C:\ProgramData\Filters 2012-08-10 17:41 - 2012-12-14 22:10 - 0000012 ___RH () C:\ProgramData\Guitars 2011-10-21 17:06 - 2011-10-21 17:06 - 0000268 ___RH () C:\ProgramData\Keychains 2011-10-21 17:01 - 2015-02-24 21:21 - 0000020 ____H () C:\ProgramData\PKP_DLbx.DAT 2011-10-21 17:08 - 2014-09-03 20:01 - 0000000 ____H () C:\ProgramData\PKP_DLdu.DAT 2010-06-18 23:45 - 2012-02-06 21:36 - 0000000 ____H () C:\ProgramData\PKP_DLdw.DAT 2012-08-10 17:41 - 2012-12-14 22:10 - 0000020 ____H () C:\ProgramData\PKP_DLeo.DAT 2011-10-14 20:41 - 2014-08-17 20:04 - 0000020 ____H () C:\ProgramData\PKP_DLes.DAT 2011-10-14 20:41 - 2015-02-28 13:47 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT 2011-10-14 20:41 - 2011-10-14 20:41 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT 2011-10-21 17:06 - 2011-10-21 17:06 - 0000012 ___RH () C:\ProgramData\Spacious Some content of TEMP: ==================== C:\Users\Admin\AppData\Local\Temp\avgnt.exe C:\Users\Büro\AppData\Local\Temp\AskSLib.dll C:\Users\Büro\AppData\Local\Temp\avgnt.exe C:\Users\Frank Fietz\AppData\Local\Temp\AskSLib.dll C:\Users\Frank Fietz\AppData\Local\Temp\atl80.dll C:\Users\Frank Fietz\AppData\Local\Temp\avgnt.exe C:\Users\Frank Fietz\AppData\Local\Temp\FlashPlayerUpdate.exe C:\Users\Frank Fietz\AppData\Local\Temp\mfc80.dll C:\Users\Frank Fietz\AppData\Local\Temp\mfc80u.dll C:\Users\Frank Fietz\AppData\Local\Temp\mfcm80.dll C:\Users\Frank Fietz\AppData\Local\Temp\mfcm80u.dll C:\Users\Frank Fietz\AppData\Local\Temp\msvcm80.dll C:\Users\Frank Fietz\AppData\Local\Temp\msvcp80.dll C:\Users\Frank Fietz\AppData\Local\Temp\msvcr80.dll C:\Users\Frank Fietz\AppData\Local\Temp\ose00000.exe C:\Users\Frank Fietz\AppData\Local\Temp\ose00001.exe C:\Users\Frank Fietz\AppData\Local\Temp\ose00002.exe C:\Users\Frank Fietz\AppData\Local\Temp\ose00003.exe C:\Users\Frank Fietz\AppData\Local\Temp\Quarantine.exe C:\Users\Frank Fietz\AppData\Local\Temp\Setup-Wacom.exe C:\Users\Frank Fietz\AppData\Local\Temp\sqlite3.dll C:\Users\Frank Fietz\AppData\Local\Temp\TmDbg32.dll C:\Users\Frank Fietz\AppData\Local\Temp\UninstManager.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-03-12 04:14 ==================== End Of Log ============================ und hier die Addition.txt:FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015 Ran by Frank Fietz at 2015-03-12 23:05:30 Running from C:\Users\Frank Fietz\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Accelerometer (HKLM\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 1.06.08.33 - STMicroelectronics) Adobe Acrobat 8 Professional - English, Français, Deutsch (HKLM\...\Adobe Acrobat 8 Professional - English, Français, Deutsch) (Version: 8.0.0 - Adobe Systems) Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated) Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated) Adobe Photoshop CS3 (HKLM\...\Adobe_5f143314a5d434c8511097393d17397) (Version: 10.0 - Adobe Systems Incorporated) Adobe Photoshop CS6 (HKLM\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated) Adobe Reader X (10.1.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated) Advanced Audio FX Engine (HKLM\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd) Avira (HKLM\...\{d9ed6dcf-6bfc-4fbb-802e-81dd5b767d6e}) (Version: 1.1.32.25147 - Avira Operations & Co. KG) Avira (Version: 1.1.32.25147 - Avira Operations & Co. KG) Hidden Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 15.0.8.650 - Avira) Avira SearchFree Toolbar (HKLM\...\{41564952-412D-5637-00A7-A758B70C1500}) (Version: 12.21.0.3946 - APN, LLC) Avira SearchFree Toolbar (HKLM\...\{41564952-412D-5637-00A7-A758B70C1801}) (Version: 12.24.1.234 - APN, LLC) Biet-O-Matic v2.14.12 (HKLM\...\Biet-O-Matic v2.14.12) (Version: 2.14.12 - BOM Development Team) Capture NX 2 (HKLM\...\Capture NX 2) (Version: 2.3.4 - NIKON CORPORATION) CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.3.7.2423 - CDBurnerXP) Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Dell Backup and Recovery Manager (HKLM\...\{AC474F86-9A17-4BCB-8B15-11ABFD5B7F95}) (Version: 1.2.3 - Dell Inc.) Dell Edoc Viewer (HKLM\...\{3138EAD3-700B-4A10-B617-B3F8096EE30D}) (Version: 1.0.0 - Dell Inc) Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 15.0.2.0 - Synaptics Incorporated) Dell Webcam Central (HKLM\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd) DigitalPersona Personal 4.01 (HKLM\...\{3D8AE086-030F-4EF4-B705-63F8130B043E}) (Version: 4.01.3765 - DigitalPersona, Inc.) dm-Fotowelt (HKLM\...\dm-Fotowelt) (Version: 5.1.7 - CEWE Stiftung u Co. KGaA) DW WLAN Card (HKLM\...\DW WLAN Card) (Version: 5.60.18.34 - Dell Inc.) File Uploader (HKLM\...\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}) (Version: 1.2.5 - Nikon) FORMA "StandAlone-Version" (HKLM\...\{2CCC9712-D015-40E7-BBC3-E061FB135F8F}) (Version: 5.00.0000 - SJ Software GmbH) fotokasten comfort 5.0 (HKLM\...\fotokasten comfort_is1) (Version: - ) Free Pdf Perfect Prereq (HKLM\...\{dc0b7acb-e3f1-4bdb-8672-340890b4891b}) (Version: 1.1.0.70 - Covus Freemium GmbH) Free Pdf Perfect Prereq (Version: 1.1.0.70 - Covus Freemium GmbH) Hidden Freemium Free PDF Perfect (HKLM\...\{88265079-D6F4-4292-86BE-D2053E80BFE4}) (Version: 1.0 - Freemium) General Runtime Files for Allplan 2011 Release (Version: 1.3.0.0 - Nemetschek Allplan GmbH) Hidden HP Photosmart 5520 series - Grundlegende Software für das Gerät (HKLM\...\{88EFC235-396D-4A12-96AE-48C3451A0F79}) (Version: 28.0.1315.0 - Hewlett-Packard Co.) HP Update (HKLM\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard) Intel(R) Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation) Ipswitch WS_FTP Pro Uninstall (HKLM\...\WS_FTPPro) (Version: - ) Java 7 Update 9 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217009FF}) (Version: 7.0.90 - Oracle) Java(TM) 6 Update 18 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216018FF}) (Version: 6.0.180 - Sun Microsystems, Inc.) Junk Mail filter update (Version: 14.0.8089.726 - Microsoft Corporation) Hidden Live! Cam Avatar Creator (HKLM\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.3009.1 - Creative Technology Ltd) McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.) Microsoft .NET Framework 1.1 (HKLM\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft) Microsoft .NET Framework 1.1 German Language Pack (HKLM\...\{E78BFA60-5393-4C38-82AB-E8019E464EB4}) (Version: 1.1.4322 - Microsoft) Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation) Microsoft Office Professional Edition 2003 (HKLM\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation) Microsoft Report Viewer Redistributable 2008 (KB971119) (HKLM\...\Microsoft Report Viewer Redistributable 2008 (KB971119)) (Version: - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation) Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Works (HKLM\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation) Mozilla Firefox 36.0.1 (x86 de) (HKLM\...\Mozilla Firefox 36.0.1 (x86 de)) (Version: 36.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 36.0.1 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Nemetschek Allplan 2006 (HKLM\...\{53BEDB3B-BDBF-452F-B8B3-F698F03927DB}) (Version: 2006.0 - ) Nemetschek Allplan 2011 (HKLM\...\{DF71C8D1-9258-4504-89AF-BA80748CC0D2}) (Version: 2011.0 - Nemetschek Allplan GmbH) Nemetschek SoftLock 2006 (HKLM\...\{7262D0C8-41CC-4F75-8383-A6C7C61D7FC6}) (Version: 1.00.0000 - ) Nikon Message Center (HKLM\...\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}) (Version: 0.92.000 - Nikon) Nikon Message Center 2 (HKLM\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.1.1 - Nikon) Nikon Movie Editor (HKLM\...\{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}) (Version: 2.9.2 - Nikon) NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.57.35 - NVIDIA Corporation) ORCA AVA (HKLM\...\ORCA AVA) (Version: - ) PDF Settings CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden PDF Settings CS6 (Version: 11.0 - Adobe Systems Incorporated) Hidden Picture Control Utility (HKLM\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.4.7 - Nikon) Picture Control Utility 2 (HKLM\...\{4946D03F-421F-480D-96C9-D6CF90640D33}) (Version: 2.0.0 - Nikon) PowerDVD DX (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.6029 - CyberLink Corp.) QuickSet32 (HKLM\...\{C4972073-2BFE-475D-8441-564EA97DA161}) (Version: 1.3.2 - Dell Inc.) Roxio Creator DE 10.3 (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.3 - Roxio) Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.) SyncBack (HKLM\...\SyncBack_is1) (Version: - 2BrightSparks) Uniblue RegistryBooster (HKLM\...\{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1) (Version: - Uniblue Systems Ltd) Validity Sensors DDK (HKLM\...\{62A20ECA-920E-4052-BF77-88C78DD20FAA}) (Version: 3.1.366 - Validity Sensors, Inc.) ViewNX 2 (HKLM\...\{E64C137C-D0B7-467A-B47F-460AAB30F0A3}) (Version: 2.10.0 - Nikon) Wacom Tablett (HKLM\...\Wacom Tablet Driver) (Version: 6.3.3-4 - Wacom Technology Corp.) WebTablet FB Plugin 32 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.2 - Wacom Technology Corp.) WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.900 - Broadcom Corporation) Windows Live Anmelde-Assistent (HKLM\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation) Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation) Windows Live Sync (HKLM\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation) Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation) Windows-Treiberpaket - Leaf Imaging Ltd. Image (02/11/2010 ) (HKLM\...\A35BD68D4A1B3E191138E3C9AA417190A9468F7E) (Version: 02/11/2010 - Leaf Imaging Ltd.) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-3583340597-3711195315-3280567221-1000_Classes\CLSID\{00B7E0AB-817A-44AD-A04B-D1148D524136}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3583340597-3711195315-3280567221-1000_Classes\CLSID\{092dfa86-5807-5a94-bf3b-5a53ba9e5308}\InprocServer32 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom) CustomCLSID: HKU\S-1-5-21-3583340597-3711195315-3280567221-1000_Classes\CLSID\{7C6E29BC-8B8B-4C3D-859E-AF6CD158BE0F}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3583340597-3711195315-3280567221-1000_Classes\CLSID\{88D969C0-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3583340597-3711195315-3280567221-1000_Classes\CLSID\{88D969C1-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3583340597-3711195315-3280567221-1000_Classes\CLSID\{88D969C2-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3583340597-3711195315-3280567221-1000_Classes\CLSID\{88D969C3-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3583340597-3711195315-3280567221-1000_Classes\CLSID\{88D969C4-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3583340597-3711195315-3280567221-1000_Classes\CLSID\{88D969C5-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3583340597-3711195315-3280567221-1000_Classes\CLSID\{88D969C6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3583340597-3711195315-3280567221-1000_Classes\CLSID\{88D969C8-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3583340597-3711195315-3280567221-1000_Classes\CLSID\{88D969C9-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3583340597-3711195315-3280567221-1000_Classes\CLSID\{88D969CA-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3583340597-3711195315-3280567221-1000_Classes\CLSID\{88D969D6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3583340597-3711195315-3280567221-1004_Classes\CLSID\{00B7E0AB-817A-44AD-A04B-D1148D524136}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3583340597-3711195315-3280567221-1004_Classes\CLSID\{092dfa86-5807-5a94-bf3b-5a53ba9e5308}\InprocServer32 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom) CustomCLSID: HKU\S-1-5-21-3583340597-3711195315-3280567221-1004_Classes\CLSID\{7C6E29BC-8B8B-4C3D-859E-AF6CD158BE0F}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3583340597-3711195315-3280567221-1004_Classes\CLSID\{88D969C0-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3583340597-3711195315-3280567221-1004_Classes\CLSID\{88D969C1-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3583340597-3711195315-3280567221-1004_Classes\CLSID\{88D969C2-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3583340597-3711195315-3280567221-1004_Classes\CLSID\{88D969C3-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3583340597-3711195315-3280567221-1004_Classes\CLSID\{88D969C4-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3583340597-3711195315-3280567221-1004_Classes\CLSID\{88D969C5-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3583340597-3711195315-3280567221-1004_Classes\CLSID\{88D969C6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3583340597-3711195315-3280567221-1004_Classes\CLSID\{88D969C8-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3583340597-3711195315-3280567221-1004_Classes\CLSID\{88D969C9-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3583340597-3711195315-3280567221-1004_Classes\CLSID\{88D969CA-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3583340597-3711195315-3280567221-1004_Classes\CLSID\{88D969D6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) ==================== Restore Points ========================= ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0EC5E0AF-5171-4552-AC4C-B40FD290392E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-06] (Adobe Systems Incorporated) Task: {28E3E120-F708-4D51-BB28-E0444E50EC7F} - System32\Tasks\AdobeAAMUpdater-1.0-FrankFietz-PC-Frank Fietz => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated) Task: {3BF32D5F-901C-4797-8CEC-295ADA3405BE} - System32\Tasks\{85A37ED8-A04D-4F32-A77A-32A434CD18EC} => pcalua.exe -a "D:\Adobe Photoshop CS3\APSCS3_Extended_Patch\Step1cache.exe" -d "D:\Adobe Photoshop CS3\APSCS3_Extended_Patch" Task: {6CDF68DD-224A-4120-9594-37709B761CE6} - System32\Tasks\Allplan AutoUpdate 2011 => C:\Program Files\Nemetschek\Allplan_2011\prg\LaunchAllplanAutoUpdate.exe [2010-10-15] (Nemetschek Allplan GmbH) Task: {B2E5ADF3-20AD-4AD1-8220-E5B38462E25B} - System32\Tasks\{57185403-A297-4D3F-85A5-B6B7E8C9879C} => pcalua.exe -a D:\SETUP.EXE -d D:\ Task: {D5BA2945-F4B6-4D43-90F0-63BCEBF26BA2} - System32\Tasks\{CB7D25BE-35EA-42E7-A88B-6F670588F21B} => pcalua.exe -a "C:\Program Files\ORCA AVA\AVASTART.EXE" Task: {F99186F4-3BD5-4E09-9ACD-3867FD228120} - System32\Tasks\WebContent AutoUpdate 2011 => C:\Program Files\Nemetschek\Allplan_2011\prg\NemDownloadHandler.exe [2010-10-15] (Nemetschek Allplan GmbH) Task: {FD50F21D-51DF-4B60-9B7C-A23E9830A6E6} - System32\Tasks\{45E1E124-B5A7-4898-867E-396BA7C5FDE3} => pcalua.exe -a D:\Installationsanleitung.EXE -d D:\ (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\Allplan AutoUpdate 2011.job => C:\Program Files\Nemetschek\Allplan_2011\prg\LaunchAllplanAutoUpdate.exe Task: C:\Windows\Tasks\WebContent AutoUpdate 2011.job => C:\Program Files\Nemetschek\Allplan_2011\prg\NemDownloadHandler.exe…/f C:\Daten\Nemetschek\Allplan_2011\Std\AllplanUpdate.inf /one http:/autoupdate.allplan.com/Updates/Allplan/MyPlan/WebContent.upd ==================== Loaded Modules (whitelisted) ============== 2010-06-06 02:15 - 2009-11-30 04:41 - 00060928 _____ () C:\Program Files\STMicroelectronics\Accelerometer\InstallFilterService.exe 2012-09-18 19:18 - 2012-08-02 12:41 - 00963488 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll 1999-07-23 07:59 - 1999-07-23 07:59 - 00036864 _____ () C:\Program Files\WS_FTP Pro\ftpstub.dll 1999-11-11 14:26 - 1999-11-11 14:26 - 00040960 _____ () C:\Program Files\WS_FTP Pro\nsftpch.dll 2010-06-06 02:15 - 2009-07-22 13:52 - 02384896 _____ () C:\Program Files\STMicroelectronics\Accelerometer\FF_Protection.exe 2009-10-20 15:12 - 2009-10-20 15:12 - 00132384 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll 2015-03-12 21:20 - 2015-03-12 21:21 - 02171392 _____ () C:\Users\Frank Fietz\Desktop\AdwCleaner_4.112.exe ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3583340597-3711195315-3280567221-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Frank Fietz\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg HKU\S-1-5-21-3583340597-3711195315-3280567221-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Büro\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg HKU\S-1-5-21-3583340597-3711195315-3280567221-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 80.69.100.102 - 192.168.0.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== Accounts: ============================= Admin (S-1-5-21-3583340597-3711195315-3280567221-1004 - Administrator - Enabled) => C:\Users\Admin Administrator (S-1-5-21-3583340597-3711195315-3280567221-500 - Administrator - Disabled) ASPNET (S-1-5-21-3583340597-3711195315-3280567221-1002 - Limited - Enabled) Büro (S-1-5-21-3583340597-3711195315-3280567221-1003 - Limited - Enabled) => C:\Users\Büro Frank Fietz (S-1-5-21-3583340597-3711195315-3280567221-1000 - Administrator - Enabled) => C:\Users\Frank Fietz Gast (S-1-5-21-3583340597-3711195315-3280567221-501 - Limited - Disabled) ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (03/12/2015 09:47:07 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: NkMC2.exe, Version: 2.1.1.3000, Zeitstempel: 0x52bd0b7c Name des fehlerhaften Moduls: btmmhook.dll, Version: 6.2.1.900, Zeitstempel: 0x4adddff1 Ausnahmecode: 0x40000015 Fehleroffset: 0x00011958 ID des fehlerhaften Prozesses: 0x758 Startzeit der fehlerhaften Anwendung: 0xNkMC2.exe0 Pfad der fehlerhaften Anwendung: NkMC2.exe1 Pfad des fehlerhaften Moduls: NkMC2.exe2 Berichtskennung: NkMC2.exe3 Error: (03/12/2015 09:16:45 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: DllHost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc6b7 Name des fehlerhaften Moduls: pdf32.dll, Version: 8.9.0.5, Zeitstempel: 0x50e53381 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0025e27f ID des fehlerhaften Prozesses: 0x308 Startzeit der fehlerhaften Anwendung: 0xDllHost.exe0 Pfad der fehlerhaften Anwendung: DllHost.exe1 Pfad des fehlerhaften Moduls: DllHost.exe2 Berichtskennung: DllHost.exe3 Error: (03/12/2015 08:48:20 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: DllHost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc6b7 Name des fehlerhaften Moduls: pdf32.dll, Version: 8.9.0.5, Zeitstempel: 0x50e53381 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0025e27f ID des fehlerhaften Prozesses: 0x14e8 Startzeit der fehlerhaften Anwendung: 0xDllHost.exe0 Pfad der fehlerhaften Anwendung: DllHost.exe1 Pfad des fehlerhaften Moduls: DllHost.exe2 Berichtskennung: DllHost.exe3 Error: (03/12/2015 08:05:25 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: NkMC2.exe, Version: 2.1.1.3000, Zeitstempel: 0x52bd0b7c Name des fehlerhaften Moduls: btmmhook.dll, Version: 6.2.1.900, Zeitstempel: 0x4adddff1 Ausnahmecode: 0x40000015 Fehleroffset: 0x00011958 ID des fehlerhaften Prozesses: 0x127c Startzeit der fehlerhaften Anwendung: 0xNkMC2.exe0 Pfad der fehlerhaften Anwendung: NkMC2.exe1 Pfad des fehlerhaften Moduls: NkMC2.exe2 Berichtskennung: NkMC2.exe3 Error: (03/12/2015 07:04:53 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: DllHost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc6b7 Name des fehlerhaften Moduls: pdf32.dll, Version: 8.9.0.5, Zeitstempel: 0x50e53381 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0025e27f ID des fehlerhaften Prozesses: 0x1478 Startzeit der fehlerhaften Anwendung: 0xDllHost.exe0 Pfad der fehlerhaften Anwendung: DllHost.exe1 Pfad des fehlerhaften Moduls: DllHost.exe2 Berichtskennung: DllHost.exe3 Error: (03/12/2015 04:16:43 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (03/09/2015 09:16:14 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm Allplan_2011.exe, Version 16.252.2841.1110 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: d2c Startzeit: 01d05269194aaae6 Endzeit: 2527 Anwendungspfad: C:\Program Files\Nemetschek\Allplan_2011\Prg\Allplan_2011.exe Berichts-ID: 448faf8a-c634-11e4-a574-c44619ee9b2b Error: (03/02/2015 00:10:25 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: WINWORD.EXE, Version: 11.0.8411.0, Zeitstempel: 0x532a603f Name des fehlerhaften Moduls: msoagent32.dll, Version: 8.0.3.4, Zeitstempel: 0x50e54333 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000662d9 ID des fehlerhaften Prozesses: 0x37c Startzeit der fehlerhaften Anwendung: 0xWINWORD.EXE0 Pfad der fehlerhaften Anwendung: WINWORD.EXE1 Pfad des fehlerhaften Moduls: WINWORD.EXE2 Berichtskennung: WINWORD.EXE3 Error: (03/01/2015 05:47:27 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (02/27/2015 11:26:02 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". System errors: ============= Error: (03/12/2015 10:27:58 PM) (Source: volsnap) (EventID: 36) (User: ) Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. Error: (03/12/2015 08:57:16 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252. Error: (03/12/2015 08:57:16 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252. Error: (03/12/2015 08:52:22 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252. Error: (03/12/2015 08:52:22 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252. Error: (03/12/2015 08:03:41 PM) (Source: BTHUSB) (EventID: 17) (User: ) Description: Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen. Error: (03/12/2015 07:04:07 AM) (Source: BTHUSB) (EventID: 17) (User: ) Description: Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen. Error: (03/12/2015 03:39:12 AM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Schedule erreicht. Error: (03/12/2015 03:39:12 AM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst eventlog erreicht. Error: (03/12/2015 03:38:42 AM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst eventlog erreicht. Microsoft Office Sessions: ========================= Error: (03/12/2015 09:47:07 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: NkMC2.exe2.1.1.300052bd0b7cbtmmhook.dll6.2.1.9004adddff1400000150001195875801d05d016a4fc8d3C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exeC:\Program Files\WIDCOMM\Bluetooth Software\btmmhook.dllf1d4bef9-c8f8-11e4-b189-c44619ee9b2b Error: (03/12/2015 09:16:45 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: DllHost.exe6.1.7600.163854a5bc6b7pdf32.dll8.9.0.550e53381c00000050025e27f30801d05d016efd1cfdC:\Windows\system32\DllHost.exeC:\Program Files\Freemium\Free PDF Perfect\pdf32.dllb41c5619-c8f4-11e4-b189-c44619ee9b2b Error: (03/12/2015 08:48:20 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: DllHost.exe6.1.7600.163854a5bc6b7pdf32.dll8.9.0.550e53381c00000050025e27f14e801d05cfd7ac32070C:\Windows\system32\DllHost.exeC:\Program Files\Freemium\Free PDF Perfect\pdf32.dllbbc17692-c8f0-11e4-9efe-a4badbcc28cf Error: (03/12/2015 08:05:25 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: NkMC2.exe2.1.1.300052bd0b7cbtmmhook.dll6.2.1.9004adddff14000001500011958127c01d05c8a6841f851C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exeC:\Program Files\WIDCOMM\Bluetooth Software\btmmhook.dllbcf28c81-c8ea-11e4-9efe-a4badbcc28cf Error: (03/12/2015 07:04:53 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: DllHost.exe6.1.7600.163854a5bc6b7pdf32.dll8.9.0.550e53381c00000050025e27f147801d05c8a696de5b4C:\Windows\system32\DllHost.exeC:\Program Files\Freemium\Free PDF Perfect\pdf32.dllb28f0fe6-c87d-11e4-9efe-a4badbcc28cf Error: (03/12/2015 04:16:43 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\HP\HP Photosmart 5520 series\DriverStore\Pipeline\amd64\hpinkinsB111.exe Error: (03/09/2015 09:16:14 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Allplan_2011.exe16.252.2841.1110d2c01d05269194aaae62527C:\Program Files\Nemetschek\Allplan_2011\Prg\Allplan_2011.exe448faf8a-c634-11e4-a574-c44619ee9b2b Error: (03/02/2015 00:10:25 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: WINWORD.EXE11.0.8411.0532a603fmsoagent32.dll8.0.3.450e54333c0000005000662d937c01d054d9792732a8C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXEC:\Program Files\Freemium\Free PDF Perfect\msoagent32.dllb99454d9-c0cc-11e4-a574-c44619ee9b2b Error: (03/01/2015 05:47:27 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\HP\HP Photosmart 5520 series\DriverStore\Pipeline\amd64\hpinkinsB111.exe Error: (02/27/2015 11:26:02 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\HP\HP Photosmart 5520 series\DriverStore\Pipeline\amd64\hpinkinsB111.exe ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5 CPU M 520 @ 2.40GHz Percentage of memory in use: 45% Total physical RAM: 3062.61 MB Available physical RAM: 1672.01 MB Total Pagefile: 6123.5 MB Available Pagefile: 3960.6 MB Total Virtual: 2047.88 MB Available Virtual: 1889.75 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:451.07 GB) (Free:8.85 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 3876DA77) Partition 1: (Not Active) - (Size=39 MB) - (Type=DE) Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=451.1 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
13.03.2015, 12:35 | #4 |
/// the machine /// TB-Ausbilder | Wie werde ich die wizebar in Firefox wieder los? AdwCleaner nochmal, Funde auch löschen lassen. Downloade Dir bitte Malwarebytes Anti-Malware
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
14.03.2015, 13:44 | #5 |
| Wie werde ich die wizebar in Firefox wieder los? Hallo, hier die JRT.txt: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.4.3 (03.01.2015:1) OS: Windows 7 Professional x86 Ran by Frank Fietz on 14.03.2015 at 13:34:46,20 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} ~~~ Files ~~~ Folders ~~~ FireFox Successfully deleted: [File] C:\Users\Frank Fietz\AppData\Roaming\mozilla\firefox\profiles\yjp2khet.default\extensions\toolbar_avira-v7@apn.ask.com.xpi Emptied folder: C:\Users\Frank Fietz\AppData\Roaming\mozilla\firefox\profiles\yjp2khet.default\minidumps [367 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 14.03.2015 at 13:37:16,10 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ und die mbam.txt: Malwarebytes Anti-Malware Malwarebytes | Free Anti-Malware & Internet Security Software Scan Date: 14.03.2015 Scan Time: 13:00:18 Logfile: mbam.txt Administrator: Yes Version: 2.00.4.1028 Malware Database: v2015.03.14.02 Rootkit Database: v2015.02.25.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x86 File System: NTFS User: Frank Fietz Scan Type: Threat Scan Result: Completed Objects Scanned: 423912 Time Elapsed: 24 min, 59 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) FRST.log folgt. Gruß Hier noch die FRST.log: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015 Ran by Frank Fietz (administrator) on FRANKFIETZ-PC on 14-03-2015 13:41:59 Running from C:\Users\Frank Fietz\Desktop Loaded Profiles: Frank Fietz & (Available profiles: Frank Fietz & Büro & Admin) Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_41f81f5ce017c35c\stacsv.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchService.exe (Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpHostW.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_41f81f5ce017c35c\AEstSrv.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Apple Computer, Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe () C:\Program Files\STMicroelectronics\Accelerometer\InstallFilterService.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe (Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe () C:\Program Files\STMicroelectronics\Accelerometer\FF_Protection.exe (CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (Creative Technology Ltd) C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpAgent.exe (Microsoft) C:\dell\DBRM\Reminder\DbrmTrayicon.exe (Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe (Nikon Corporation) C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe (Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Acresso Software Inc.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPNetworkCommunicator.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Thisisu) C:\Users\Frank Fietz\Desktop\JRT.exe (Microsoft Corporation) C:\Windows\System32\cmd.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1602856 2010-01-07] (Synaptics Incorporated) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [495708 2010-01-05] (IDT, Inc.) HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup HKLM\...\Run: [NVHotkey] => rundll32.exe C:\Windows\system32\nvHotkey.dll,Start HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3853080 2009-12-18] (Dell Inc.) HKLM\...\Run: [FreeFallProtection] => C:\Program Files\STMicroelectronics\Accelerometer\FF_Protection.exe [2384896 2009-07-22] () HKLM\...\Run: [PDVDDXSrv] => C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-12-29] (CyberLink Corp.) HKLM\...\Run: [Dell Webcam Central] => C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd) HKLM\...\Run: [DpAgent] => C:\Program Files\DigitalPersona\Bin\dpagent.exe [842816 2009-05-12] (DigitalPersona, Inc.) HKLM\...\Run: [DBRMTray] => C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe [203776 2009-11-12] (Microsoft) HKLM\...\Run: [NWEReboot] => [X] HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [620152 2006-10-22] (Adobe Systems Inc.) HKLM\...\Run: [Nikon Message Center 2] => C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe [570880 2013-12-27] (Nikon Corporation) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM\...\Run: [AdobeCS6ServiceManager] => C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.) HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [703280 2015-03-11] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [] => [X] HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard) HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [127792 2015-02-12] (Avira Operations GmbH & Co. KG) HKLM\...\RunOnce: [DBRMTray] => C:\Dell\DBRM\Reminder\TrayApp.exe [7168 2010-02-04] (Microsoft) HKU\S-1-5-21-3583340597-3711195315-3280567221-1000\...\Run: [msnmsgr] => C:\Program Files\Windows Live\Messenger\msnmsgr.exe [3883840 2009-07-26] (Microsoft Corporation) HKU\S-1-5-21-3583340597-3711195315-3280567221-1000\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-3583340597-3711195315-3280567221-1000\...\Run: [HP Photosmart 5520 series (NET)] => C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe [1837672 2012-10-17] (Hewlett-Packard Co.) HKU\S-1-5-21-3583340597-3711195315-3280567221-1000\...\MountPoints2: {9404f231-7b01-11df-b51e-c44619ee9b2b} - "F:\WD SmartWare.exe" autoplay=true HKU\S-1-5-21-3583340597-3711195315-3280567221-1000\...\MountPoints2: {abff56d5-7aae-11df-a400-a4badbcc28cf} - "E:\WD SmartWare.exe" autoplay=true HKU\S-1-5-21-3583340597-3711195315-3280567221-1000\...\MountPoints2: {faf7b043-70cc-11df-bd02-806e6f6e6963} - D:\setup.exe HKU\S-1-5-21-3583340597-3711195315-3280567221-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\MountPoints2: {faf7b043-70cc-11df-bd02-806e6f6e6963} - D:\loomes.exe HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-03-20] (Microsoft Corporation) Lsa: [Notification Packages] scecli DPPWDFLT Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat - Schnellstart.lnk ShortcutTarget: Adobe Acrobat - Schnellstart.lnk -> C:\Windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk ShortcutTarget: Adobe Reader Synchronizer.lnk -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-3583340597-3711195315-3280567221-1000\Software\Microsoft\Internet Explorer\Main,Start Page = Google HKU\S-1-5-21-3583340597-3711195315-3280567221-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USSMB/8 HKU\S-1-5-21-3583340597-3711195315-3280567221-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-3583340597-3711195315-3280567221-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USSMB/8 SearchScopes: HKLM -> Backup.Old.DefaultScope {95ABE1F7-5A46-45DA-991F-33A173BAE842} SearchScopes: HKLM -> {95ABE1F7-5A46-45DA-991F-33A173BAE842} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3583340597-3711195315-3280567221-1000 -> Backup.Old.DefaultScope {95ABE1F7-5A46-45DA-991F-33A173BAE842} SearchScopes: HKU\S-1-5-21-3583340597-3711195315-3280567221-1000 -> {30F5AB16-9F1E-4E99-93F2-ECB9ABB0EC12} URL = SearchScopes: HKU\S-1-5-21-3583340597-3711195315-3280567221-1000 -> {95ABE1F7-5A46-45DA-991F-33A173BAE842} URL = SearchScopes: HKU\S-1-5-21-3583340597-3711195315-3280567221-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3583340597-3711195315-3280567221-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> {7C2B5568-686E-4B38-A2DB-925C15EC1081} URL = hxxp://www.google.de/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-3583340597-3711195315-3280567221-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> {95ABE1F7-5A46-45DA-991F-33A173BAE842} URL = BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.) BHO: DigitalPersona Fingerprint Software Extension -> {395610AE-C624-4f58-B89E-23733EA00F9A} -> C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll [2009-05-12] (DigitalPersona, Inc.) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2012-12-07] (Oracle Corporation) BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation) BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22] (Adobe Systems Incorporated) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-12-07] (Oracle Corporation) Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22] (Adobe Systems Incorporated) Toolbar: HKLM - Free PDF Perfect - {EFC2B9BE-AB2B-47F1-A47D-9EB28E58C917} - C:\Program Files\Freemium\Free PDF Perfect\ieagent32.dll [2013-08-14] (soft Xpansion) Toolbar: HKU\S-1-5-21-3583340597-3711195315-3280567221-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File Toolbar: HKU\S-1-5-21-3583340597-3711195315-3280567221-1000 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22] (Adobe Systems Incorporated) Toolbar: HKU\S-1-5-21-3583340597-3711195315-3280567221-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22] (Adobe Systems Incorporated) Toolbar: HKU\S-1-5-21-3583340597-3711195315-3280567221-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-11-28] (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies) Winsock: Catalog5 06 C:\Program Files\Bonjour\mdnsNSP.dll [94208] (Apple Computer, Inc.) Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 20 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Tcpip\Parameters: [DhcpNameServer] 80.69.100.102 192.168.0.1 Tcpip\..\Interfaces\{85FC32D2-AC82-4B23-9895-F4110319D42E}: [NameServer] 192.168.254.254 FireFox: ======== FF ProfilePath: C:\Users\Frank Fietz\AppData\Roaming\Mozilla\Firefox\Profiles\yjp2khet.default FF SelectedSearchEngine: Google FF Homepage: hxxp://www.google.com FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-06] () FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\system32\npDeployJava1.dll [2012-12-07] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.9.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2012-12-07] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.) FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation) FF Plugin: @soft-xpansion/npsxpdf -> C:\Program Files\Common Files\Freemium\np-sxpdf.dll [2013-08-14] (soft-Xpansion) FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-05-23] (Wacom) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-05-08] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3583340597-3711195315-3280567221-1000: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-05-23] (Wacom) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL [2007-03-22] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-05-08] (Adobe Systems Inc.) FF Extension: Ghostery - C:\Users\Frank Fietz\AppData\Roaming\Mozilla\Firefox\Profiles\yjp2khet.default\Extensions\firefox@ghostery.com.xpi [2014-02-08] FF HKLM\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files\DigitalPersona\Bin\FirefoxExt FF Extension: DigitalPersona Extension - C:\Program Files\DigitalPersona\Bin\FirefoxExt [2010-06-06] FF HKLM\...\Firefox\Extensions: [{B45418F9-6406-4828-9D1A-35313FB1E2D6}] - C:\ProgramData\Freemium\Free PDF Perfect\Data\fftb FF Extension: Free PDF Perfect - C:\ProgramData\Freemium\Free PDF Perfect\Data\fftb [2013-08-14] FF HKLM\...\Thunderbird\Extensions: [{B45418F9-6406-4828-9D1A-35313FB1E2D6}] - C:\ProgramData\Freemium\Free PDF Perfect\Data\fftb FF HKU\S-1-5-21-3583340597-3711195315-3280567221-1000\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files\DigitalPersona\Bin\firefoxext FF HKU\S-1-5-21-3583340597-3711195315-3280567221-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] FF HKU\S-1-5-21-3583340597-3711195315-3280567221-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files\DigitalPersona\Bin\firefoxext FF Extension: No Name - C:\Users\Frank Fietz\AppData\Roaming\Mozilla\Firefox\Profiles\yjp2khet.default\extensions\ffxtlbr@searchya.com [Not Found] FF Extension: No Name - C:\Users\Frank Fietz\AppData\Roaming\Mozilla\Firefox\Profiles\yjp2khet.default\extensions\{5ebdca98-43b3-45bb-87e0-716029fb42ab}.xpi [Not Found] Chrome: ======= CHR Profile: C:\Users\Frank Fietz\AppData\Local\Google\Chrome\User Data\Default CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [432888 2015-03-11] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [432888 2015-03-11] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [992504 2015-03-11] (Avira Operations GmbH & Co. KG) R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [184056 2015-02-12] (Avira Operations GmbH & Co. KG) R2 Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed] R2 DpHost; C:\Program Files\DigitalPersona\Bin\DpHostW.exe [322624 2009-05-12] (DigitalPersona, Inc.) [File not signed] S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed] R2 InstallFilterService; C:\Program Files\STMicroelectronics\Accelerometer\InstallFilterService.exe [60928 2009-11-30] () [File not signed] S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.) R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_41f81f5ce017c35c\STacSV.exe [229458 2010-01-05] (IDT, Inc.) S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] S3 SXDS10; C:\Program Files\Common Files\soft Xpansion\sxds10.exe [234096 2013-08-14] (soft Xpansion) R2 TabletServiceWacom; C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe [7470496 2012-08-02] (Wacom Technology, Corp.) R2 TouchServiceWacom; C:\Program Files\Tablet\Wacom\Wacom_TouchService.exe [481696 2012-08-02] (Wacom Technology, Corp.) R2 vcsFPService; C:\Windows\system32\vcsFPService.exe [1656112 2009-07-13] (Validity Sensors, Inc.) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 Acceler; C:\Windows\System32\DRIVERS\Acceler.sys [41648 2009-12-02] (ST Microelectronics) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105864 2015-03-11] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2015-03-11] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-27] (Avira Operations GmbH & Co. KG) S3 hidkmdf; C:\Windows\System32\DRIVERS\hidkmdf.sys [11680 2012-06-21] (Windows (R) Win 7 DDK provider) R2 risdpcie; C:\Windows\System32\DRIVERS\risdpe86.sys [49152 2009-06-30] (REDC) R2 rixdpcie; C:\Windows\System32\DRIVERS\rixdpe86.sys [38400 2009-07-04] (REDC) R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-08-11] (Avira GmbH) S3 WacHidRouter; C:\Windows\System32\DRIVERS\wachidrouter.sys [57760 2012-06-21] (Wacom Technology) S3 wacomrouterfilter; C:\Windows\System32\DRIVERS\wacomrouterfilter.sys [13688 2012-05-22] (Wacom Technology) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-14 13:37 - 2015-03-14 13:37 - 00001214 _____ () C:\Users\Frank Fietz\Desktop\JRT.txt 2015-03-14 13:34 - 2015-03-14 13:34 - 01388333 _____ (Thisisu) C:\Users\Frank Fietz\Desktop\JRT.exe 2015-03-14 13:27 - 2015-03-14 13:27 - 00001062 _____ () C:\Users\Frank Fietz\Desktop\mbam.txt 2015-03-14 12:58 - 2015-03-14 12:58 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-03-14 12:57 - 2015-03-14 12:57 - 00001066 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-03-14 12:57 - 2015-03-14 12:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-03-14 12:57 - 2015-03-14 12:57 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-03-14 12:57 - 2015-03-14 12:57 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2015-03-14 12:57 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-03-14 12:57 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-03-14 12:57 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-03-14 12:55 - 2015-03-14 12:56 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Frank Fietz\Downloads\mbam-setup-2.0.4.1028.exe 2015-03-12 23:05 - 2015-03-12 23:06 - 00034265 _____ () C:\Users\Frank Fietz\Desktop\Addition.txt 2015-03-12 23:04 - 2015-03-14 13:42 - 00000000 ____D () C:\FRST 2015-03-12 23:04 - 2015-03-14 13:41 - 00023643 _____ () C:\Users\Frank Fietz\Desktop\FRST.txt 2015-03-12 23:03 - 2015-03-12 23:03 - 01135104 _____ (Farbar) C:\Users\Frank Fietz\Desktop\FRST.exe 2015-03-12 22:52 - 2015-03-12 22:52 - 00017517 _____ () C:\Users\Frank Fietz\Desktop\get-mirror-server.htm 2015-03-12 21:21 - 2015-03-14 12:51 - 00000000 ____D () C:\AdwCleaner 2015-03-12 21:20 - 2015-03-12 21:21 - 02171392 _____ () C:\Users\Frank Fietz\Desktop\AdwCleaner_4.112.exe 2015-03-12 21:11 - 2015-03-12 21:11 - 00001123 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-03-12 21:11 - 2015-03-12 21:11 - 00001111 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2015-03-12 21:11 - 2015-03-12 21:11 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2015-03-12 21:05 - 2015-03-12 21:05 - 00243528 _____ () C:\Users\Frank Fietz\Downloads\Firefox Setup Stub 36.0.1.exe 2015-03-12 20:57 - 2015-03-12 20:57 - 40824144 _____ () C:\Users\Admin\Downloads\Firefox_Setup_36.0.1.exe 2015-03-11 14:57 - 2015-02-26 04:11 - 02381312 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-03-11 14:57 - 2015-02-24 03:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-03-11 14:57 - 2015-02-21 01:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-03-11 14:57 - 2015-02-21 01:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-03-11 14:57 - 2015-02-21 01:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-03-11 14:57 - 2015-02-21 01:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-03-11 14:57 - 2015-02-21 00:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-03-11 14:57 - 2015-02-20 03:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-03-11 14:57 - 2015-02-20 03:22 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-03-11 14:57 - 2015-02-20 03:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-03-11 14:57 - 2015-02-20 03:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-03-11 14:57 - 2015-02-20 03:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-03-11 14:57 - 2015-02-20 03:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-03-11 14:57 - 2015-02-20 03:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-03-11 14:57 - 2015-02-20 03:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-03-11 14:57 - 2015-02-20 03:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-03-11 14:57 - 2015-02-20 02:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-03-11 14:57 - 2015-02-20 02:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-03-11 14:57 - 2015-02-20 02:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-03-11 14:57 - 2015-02-20 02:56 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-03-11 14:57 - 2015-02-20 02:50 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-03-11 14:57 - 2015-02-20 02:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-03-11 14:57 - 2015-02-20 02:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-03-11 14:57 - 2015-02-20 02:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-03-11 14:57 - 2015-02-20 02:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-03-11 14:57 - 2015-02-20 02:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-03-11 14:57 - 2015-02-20 02:24 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-03-11 14:57 - 2015-02-20 02:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-03-11 14:57 - 2015-02-20 02:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-03-11 14:57 - 2015-02-20 01:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-03-11 14:57 - 2015-02-20 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-03-11 14:57 - 2015-02-13 06:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2015-03-11 14:57 - 2015-02-03 04:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2015-03-11 14:57 - 2015-01-17 03:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll 2015-03-11 14:56 - 2015-03-06 06:15 - 00137656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-03-11 14:56 - 2015-03-06 06:15 - 00067512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-03-11 14:56 - 2015-03-06 06:10 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-03-11 14:56 - 2015-03-06 06:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-03-11 14:56 - 2015-03-06 06:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-03-11 14:56 - 2015-03-06 06:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-03-11 14:56 - 2015-03-06 06:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-03-11 14:56 - 2015-03-06 06:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-03-11 14:56 - 2015-03-06 06:10 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-03-11 14:56 - 2015-03-06 06:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-03-11 14:56 - 2015-03-06 06:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-03-11 14:56 - 2015-03-06 06:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-03-11 14:56 - 2015-03-06 06:10 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-03-11 14:56 - 2015-03-06 06:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-03-11 14:56 - 2015-03-06 06:09 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-03-11 14:56 - 2015-03-06 06:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-03-11 14:56 - 2015-03-06 06:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-03-11 14:56 - 2015-03-06 06:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-03-11 14:56 - 2015-02-20 05:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2015-03-11 14:56 - 2015-02-20 05:13 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2015-03-11 14:56 - 2015-02-20 05:13 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2015-03-11 14:56 - 2015-02-20 05:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2015-03-11 14:56 - 2015-02-20 04:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2015-03-11 14:56 - 2015-02-04 03:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2015-03-11 14:56 - 2015-02-03 04:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2015-03-11 14:56 - 2015-02-03 04:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-03-11 14:56 - 2015-02-03 04:16 - 00078784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys 2015-03-11 14:56 - 2015-02-03 04:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2015-03-11 14:56 - 2015-02-03 04:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2015-03-11 14:56 - 2015-02-03 04:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll 2015-03-11 14:56 - 2015-02-03 04:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2015-03-11 14:56 - 2015-02-03 04:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll 2015-03-11 14:56 - 2015-02-03 04:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll 2015-03-11 14:56 - 2015-02-03 04:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll 2015-03-11 14:56 - 2015-02-03 04:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll 2015-03-11 14:56 - 2015-02-03 04:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll 2015-03-11 14:56 - 2015-02-03 04:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll 2015-03-11 14:56 - 2015-02-03 04:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll 2015-03-11 14:56 - 2015-02-03 04:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll 2015-03-11 14:56 - 2015-02-03 04:12 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll 2015-03-11 14:56 - 2015-02-03 04:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll 2015-03-11 14:56 - 2015-02-03 04:00 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys 2015-03-11 14:56 - 2015-01-31 00:56 - 00370488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2015-03-11 14:56 - 2014-06-28 01:21 - 00455752 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe 2015-03-11 14:55 - 2015-02-03 04:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2015-03-11 14:55 - 2015-02-03 04:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll 2015-03-11 14:55 - 2015-02-03 04:12 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2015-03-11 14:55 - 2015-02-03 04:12 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-03-11 14:55 - 2015-02-03 04:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2015-03-11 14:55 - 2015-02-03 04:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll 2015-03-11 14:55 - 2015-02-03 04:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2015-03-11 14:55 - 2015-02-03 04:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2015-03-11 14:55 - 2015-02-03 04:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2015-03-11 14:55 - 2015-02-03 04:12 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2015-03-11 14:55 - 2015-02-03 04:11 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-03-11 14:55 - 2015-02-03 04:11 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe 2015-03-11 14:55 - 2015-02-03 04:11 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2015-03-11 14:55 - 2014-10-31 23:22 - 00521384 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe 2015-03-11 14:55 - 2014-06-28 01:21 - 00409272 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll 2015-03-11 14:29 - 2015-02-03 04:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2015-03-11 14:29 - 2015-02-03 04:12 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2015-03-11 14:29 - 2015-02-03 04:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2015-03-11 14:29 - 2015-02-03 04:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll 2015-03-11 14:29 - 2015-02-03 04:12 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-03-11 14:29 - 2015-02-03 04:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2015-03-11 14:29 - 2015-02-03 04:12 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2015-03-11 14:29 - 2015-02-03 04:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-03-11 14:29 - 2015-02-03 04:12 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-03-11 14:29 - 2015-02-03 04:12 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll 2015-03-11 14:29 - 2015-02-03 04:12 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll 2015-03-11 14:29 - 2015-02-03 04:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll 2015-03-11 14:29 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx 2015-03-11 14:29 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll 2015-03-11 14:29 - 2015-02-03 04:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2015-03-11 14:29 - 2015-02-03 04:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe 2015-03-11 14:29 - 2015-02-03 04:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe 2015-03-11 14:29 - 2015-02-03 04:11 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2015-03-11 14:29 - 2015-02-03 04:11 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe 2015-03-11 14:29 - 2015-02-03 04:11 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe 2015-03-11 14:29 - 2015-02-03 04:10 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll 2015-03-11 14:29 - 2015-02-03 04:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll 2015-03-11 14:29 - 2015-02-03 04:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-03-11 14:29 - 2015-02-03 03:26 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2015-02-25 03:02 - 2015-01-09 00:44 - 00419936 _____ () C:\Windows\system32\locale.nls 2015-02-18 20:51 - 2015-03-12 07:07 - 00000000 ____D () C:\Windows\rescache 2015-02-16 21:57 - 2015-02-16 22:00 - 00000022 _____ () C:\Users\Frank Fietz\Downloads\Details.zip ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-14 13:38 - 2012-05-25 23:25 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-03-14 13:37 - 2009-07-14 05:34 - 00025424 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-03-14 13:37 - 2009-07-14 05:34 - 00025424 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-03-14 13:31 - 2011-05-21 14:36 - 00000000 ____D () C:\Users\Frank Fietz\Tracing 2015-03-14 13:29 - 2010-06-05 19:06 - 00243492 _____ () C:\Windows\PFRO.log 2015-03-14 13:29 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-03-14 13:29 - 2009-07-14 05:39 - 00117964 _____ () C:\Windows\setupact.log 2015-03-14 13:28 - 2009-07-14 05:55 - 01423616 _____ () C:\Windows\WindowsUpdate.log 2015-03-14 13:27 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\tracing 2015-03-14 13:06 - 2015-01-16 10:06 - 00000402 _____ () C:\Windows\Tasks\Allplan AutoUpdate 2011.job 2015-03-14 12:59 - 2015-01-16 10:06 - 00000658 _____ () C:\Windows\Tasks\WebContent AutoUpdate 2011.job 2015-03-13 06:53 - 2010-06-17 19:17 - 00000000 ____D () C:\Users\Frank Fietz\AppData\Local\Adobe 2015-03-12 21:11 - 2015-01-26 21:26 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2015-03-12 03:33 - 2009-07-14 05:33 - 04004056 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-03-12 03:29 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE 2015-03-12 03:13 - 2015-01-09 12:59 - 00000000 ____D () C:\Windows\system32\MRT 2015-03-12 03:05 - 2015-01-09 12:58 - 119837696 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-03-11 14:08 - 2013-08-11 08:29 - 00037896 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2015-03-11 14:08 - 2013-08-11 08:27 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2015-03-11 14:08 - 2013-08-11 08:27 - 00105864 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2015-03-09 09:32 - 2010-06-17 19:17 - 00000000 ____D () C:\Users\Frank Fietz\Desktop\EFH Harnackstraße 40 2015-03-05 21:23 - 2013-08-14 19:38 - 00000000 ____D () C:\ProgramData\Package Cache 2015-03-05 21:22 - 2013-08-11 08:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2015-03-05 21:22 - 2013-08-11 08:27 - 00000000 ____D () C:\Program Files\Avira 2015-02-28 13:47 - 2011-10-14 20:41 - 00000020 ____H () C:\ProgramData\PKP_DLet.DAT 2015-02-24 21:21 - 2011-10-21 17:01 - 00000020 ____H () C:\ProgramData\PKP_DLbx.DAT 2015-02-24 03:23 - 2010-08-15 13:58 - 00246920 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2015-02-12 19:32 - 2014-12-10 03:19 - 00000000 ____D () C:\Windows\system32\appraiser 2015-02-12 19:32 - 2014-05-01 02:02 - 00000000 ___SD () C:\Windows\system32\CompatTel ==================== Files in the root of some directories ======= 2015-01-26 12:49 - 2015-01-26 12:49 - 0007218 _____ () C:\Users\Frank Fietz\AppData\Roaming\ContactSheetII.log 2010-06-18 23:45 - 2012-02-06 21:36 - 0000000 _____ () C:\Users\Frank Fietz\AppData\Roaming\Dictionaries 2011-10-14 20:41 - 2011-10-14 20:41 - 0000268 ___RH () C:\Users\Frank Fietz\AppData\Roaming\Displays 2011-10-14 20:41 - 2011-10-14 20:41 - 0000268 ___RH () C:\Users\Frank Fietz\AppData\Roaming\Distortion 2011-10-14 20:41 - 2011-10-14 20:41 - 0000268 ___RH () C:\Users\Frank Fietz\AppData\Roaming\Documentation 2012-08-10 17:41 - 2012-12-14 22:10 - 0000268 ___RH () C:\Users\Frank Fietz\AppData\Roaming\Equalizer 2011-10-21 17:06 - 2011-10-21 17:06 - 0000268 ___RH () C:\Users\Frank Fietz\AppData\Roaming\Jazz Kit 2015-01-26 12:49 - 2015-01-26 12:49 - 0000725 _____ () C:\Users\Frank Fietz\AppData\Roaming\Kontaktabzug II.xml 2012-09-26 20:44 - 2012-12-20 21:58 - 0001456 _____ () C:\Users\Frank Fietz\AppData\Local\Adobe Für Web speichern 13.0 Prefs 2012-07-30 19:56 - 2012-07-30 19:56 - 0384835 _____ () C:\Users\Frank Fietz\AppData\Local\speeddial.crx 2015-01-17 22:44 - 2015-01-17 22:44 - 0000057 _____ () C:\ProgramData\Ament.ini 2014-09-03 20:01 - 2014-09-03 20:01 - 0000000 _____ () C:\ProgramData\CustomDataViews 2014-09-03 20:01 - 2014-09-03 20:01 - 0000000 _____ () C:\ProgramData\Digital Light 2011-10-14 20:41 - 2011-10-14 20:41 - 0000268 ___RH () C:\ProgramData\Drum Kits 2011-10-14 20:41 - 2011-10-14 20:41 - 0000268 ___RH () C:\ProgramData\Drums 2011-10-14 20:41 - 2011-10-14 20:41 - 0000268 ___RH () C:\ProgramData\Dynamic Library 2011-10-14 20:41 - 2012-12-14 22:10 - 0000268 ___RH () C:\ProgramData\External Build System 2011-10-14 20:41 - 2011-10-14 20:41 - 0000012 ___RH () C:\ProgramData\Filesystems 2011-10-14 20:41 - 2011-10-14 20:41 - 0000012 ___RH () C:\ProgramData\Filters 2012-08-10 17:41 - 2012-12-14 22:10 - 0000012 ___RH () C:\ProgramData\Guitars 2011-10-21 17:06 - 2011-10-21 17:06 - 0000268 ___RH () C:\ProgramData\Keychains 2011-10-21 17:01 - 2015-02-24 21:21 - 0000020 ____H () C:\ProgramData\PKP_DLbx.DAT 2011-10-21 17:08 - 2014-09-03 20:01 - 0000000 ____H () C:\ProgramData\PKP_DLdu.DAT 2010-06-18 23:45 - 2012-02-06 21:36 - 0000000 ____H () C:\ProgramData\PKP_DLdw.DAT 2012-08-10 17:41 - 2012-12-14 22:10 - 0000020 ____H () C:\ProgramData\PKP_DLeo.DAT 2011-10-14 20:41 - 2014-08-17 20:04 - 0000020 ____H () C:\ProgramData\PKP_DLes.DAT 2011-10-14 20:41 - 2015-02-28 13:47 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT 2011-10-14 20:41 - 2011-10-14 20:41 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT 2011-10-21 17:06 - 2011-10-21 17:06 - 0000012 ___RH () C:\ProgramData\Spacious Some content of TEMP: ==================== C:\Users\Admin\AppData\Local\Temp\avgnt.exe C:\Users\Büro\AppData\Local\Temp\AskSLib.dll C:\Users\Büro\AppData\Local\Temp\avgnt.exe C:\Users\Frank Fietz\AppData\Local\Temp\AskSLib.dll C:\Users\Frank Fietz\AppData\Local\Temp\atl80.dll C:\Users\Frank Fietz\AppData\Local\Temp\avgnt.exe C:\Users\Frank Fietz\AppData\Local\Temp\FlashPlayerUpdate.exe C:\Users\Frank Fietz\AppData\Local\Temp\mfc80.dll C:\Users\Frank Fietz\AppData\Local\Temp\mfc80u.dll C:\Users\Frank Fietz\AppData\Local\Temp\mfcm80.dll C:\Users\Frank Fietz\AppData\Local\Temp\mfcm80u.dll C:\Users\Frank Fietz\AppData\Local\Temp\msvcm80.dll C:\Users\Frank Fietz\AppData\Local\Temp\msvcp80.dll C:\Users\Frank Fietz\AppData\Local\Temp\msvcr80.dll C:\Users\Frank Fietz\AppData\Local\Temp\ose00000.exe C:\Users\Frank Fietz\AppData\Local\Temp\ose00001.exe C:\Users\Frank Fietz\AppData\Local\Temp\ose00002.exe C:\Users\Frank Fietz\AppData\Local\Temp\ose00003.exe C:\Users\Frank Fietz\AppData\Local\Temp\Quarantine.exe C:\Users\Frank Fietz\AppData\Local\Temp\Setup-Wacom.exe C:\Users\Frank Fietz\AppData\Local\Temp\sqlite3.dll C:\Users\Frank Fietz\AppData\Local\Temp\TmDbg32.dll C:\Users\Frank Fietz\AppData\Local\Temp\UninstManager.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-03-12 04:14 ==================== End Of Log ============================ --- --- --- |
14.03.2015, 18:07 | #6 |
/// the machine /// TB-Ausbilder | Wie werde ich die wizebar in Firefox wieder los?ESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ --> Wie werde ich die wizebar in Firefox wieder los? |
15.03.2015, 17:49 | #7 |
| Wie werde ich die wizebar in Firefox wieder los? Hallo, die wizebar ist schon weg.- schonmal großes Dankeschön dafür. Muss ich die neuen Schritte auch noch machen ? Gruß, Frank |
16.03.2015, 08:42 | #8 |
/// the machine /// TB-Ausbilder | Wie werde ich die wizebar in Firefox wieder los? als Kontrollscans, ja
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
16.03.2015, 21:52 | #9 |
| Wie werde ich die wizebar in Firefox wieder los? Jetzt muss ich mal eine ganz doofe Frage stellen: Wie/ Wo deaktiviere ich mein AVIRA und meine Firewall (Windows) ? ich weiß;- peinlich |
17.03.2015, 10:05 | #10 |
/// the machine /// TB-Ausbilder | Wie werde ich die wizebar in Firefox wieder los? Firewall kann an bleiben. Avira Rechtsklick auf den Schirm
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu Wie werde ich die wizebar in Firefox wieder los? |
appdata, bericht, bildschirm, browser, dateien, desktop, explorer, file, firefox, frage, google, helper, internet, internet explorer, laptop, log, log file, microsoft, mozilla, ordner, roaming, sekunden, server, temp, windows, wizebar firefox |