| |
| |||||||
Log-Analyse und Auswertung: pup.optional.facemoods und trojanerwarnung avgWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
25.03.2015, 14:40
| #1 |
| |  pup.optional.facemoods und trojanerwarnung avg Hallo. Ich bin nicht sicher, wie lange das Problem besteht, heute hat mir AVG erst einmal beiläufig eine Trojanerwarnung gegeben, die bei einem zweiten Scan als geheilt galt. Den ersten Bericht habe ich dummerweise archiviert, sprich: er ist raus aus der Liste und ich finde ihn seltsamerweise auch nicht in dem Verzeichnis, in dem er dann ja abgelegt sein müsste. Malwarebytes hat mir dann dieses logfile präsentiert mit Funden, die es als Nicht malware eingestuft hat. Jetzt bin ich unsicher, was ich machen soll... Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 25.03.2015 Suchlauf-Zeit: 13:32:49 Logdatei: logfile.txt Administrator: Ja Version: 2.00.4.1028 Malware Datenbank: v2015.03.25.03 Rootkit Datenbank: v2015.02.25.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows Vista Service Pack 2 CPU: x86 Dateisystem: NTFS Benutzer: (Name) Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 334461 Verstrichene Zeit: 43 Min, 46 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Warnen PUM: Aktiviert (die Details und Pfade kriege ich nicht mitgespeichert...) <?xml version="1.0" encoding="UTF-16" ?> <mbam-log> <header> <date>2015/03/25 13:32:49 +0100</date> <logfile>mbam-log-2015-03-25 (13-32-42).xml</logfile> <isadmin>yes</isadmin> </header> <engine> <version>2.00.4.1028</version> <malware-database>v2015.03.25.03</malware-database> <rootkit-database>v2015.02.25.01</rootkit-database> <license>trial</license> <file-protection>enabled</file-protection> <web-protection>enabled</web-protection> <self-protection>disabled</self-protection> </engine> <system> <osversion>Windows Vista Service Pack 2</osversion> <arch>x86</arch> <username>(Name)</username> <filesys>NTFS</filesys> </system> <summary> <type>threat</type> <result>completed</result> <objects>334461</objects> <time>2626</time> <processes>0</processes> <modules>0</modules> <keys>4</keys> <values>1</values> <datas>0</datas> <folders>0</folders> <files>0</files> <sectors>0</sectors> </summary> <options> <memory>enabled</memory> <startup>enabled</startup> <filesystem>enabled</filesystem> <archives>enabled</archives> <rootkits>disabled</rootkits> <deeprootkit>disabled</deeprootkit> <heuristics>enabled</heuristics> <pup>warn</pup> <pum>enabled</pum> </options> <items> <key><path>HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{64182481-4F71-486B-A045-B233BD0DA8FC}</path><vendor>PUP.Optional.FaceMoods.A</vendor><action></action><hash>67508ebb068437ffbae5ff2ce023d927</hash></key> <key><path>HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{64182481-4F71-486B-A045-B233BD0DA8FC}</path><vendor>PUP.Optional.FaceMoods.A</vendor><action></action><hash>67508ebb068437ffbae5ff2ce023d927</hash></key> <key><path>HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}</path><vendor>PUP.Optional.FaceMoods.A</vendor><action></action><hash>eec968e19af0280e38681d0ebc4705fb</hash></key> <key><path>HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}</path><vendor>PUP.Optional.FaceMoods.A</vendor><action></action><hash>eec968e19af0280e38681d0ebc4705fb</hash></key> <value><path>HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS</path><valuename>fmconverter@gmail.com</valuename><vendor>PUP.Optional.FreeMakeConverter.A</vendor><action></action><valuedata>C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\</valuedata><hash>3681ea5f1773043291649f2c61a23ac6</hash></value> </items> </mbam-log> Geändert von Tinette (25.03.2015 um 14:59 Uhr) |
|
25.03.2015, 15:12
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | pup.optional.facemoods und trojanerwarnung avg Hallo und
__________________ Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten! Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht! Zudem bitte auch ein Log mit Farbars Tool machen: Scan mit Farbar's Recovery Scan Tool (FRST) Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
 Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit. Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
25.03.2015, 15:33
| #3 |
| | pup.optional.facemoods und trojanerwarnung avg Hallo, danke
__________________Nein, vorher war nichts, ausser, dass er ab und zu ein bisschen lahm ist, er ist aber auch einfach sehr voll und vermüllt, weil ich keine externe Festplatte hatte um da mal aufzuräumen... Oh - ich hab gerade das farbar recovery scantool geladen und laufen lassen - war das blöd? - ah, nee, war nicht blöd, so FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015 Ran by Jana (administrator) on JANA-PC on 25-03-2015 15:27:38 Running from C:\Users\Jana\Downloads Loaded Profiles: Jana (Available profiles: Jana) Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 9 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe () C:\ProgramData\Avg_Update_0215av\AVG-Secure-Search-Update_0215av.exe () C:\Program Files\AVG Security Toolbar\AVG-Secure-Search-Update_0814tb.exe (CyberLink Corp.) C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink) C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe (Egis Technology Inc.) C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe (Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe (Egis Technology Inc.) C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Sonix) C:\Windows\vsnp2std.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe (Microsoft Corporation) C:\Windows\WindowsMobile\wmdSync.exe (AVG Secure Search) C:\Program Files\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe () C:\Program Files\AVG Security Toolbar\AVG-Secure-Search-Update_0814tb.exe () C:\Users\Jana\AppData\Roaming\Avg_Update_0215av\AVG-Secure-Search-Update_0215av.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Hidfind.exe (Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe (Microsoft Corporation) C:\Windows\System32\sdclt.exe (Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Malwarebytes Corporation) C:\Program Files\ MALWAREBYTES ANTI-MALWARE \mbamservice.exe (Malwarebytes Corporation) C:\Program Files\ MALWAREBYTES ANTI-MALWARE \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\ MALWAREBYTES ANTI-MALWARE \mbam.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWelcome.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation) HKLM\...\Run: [ArcadeDeluxeAgent] => C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [156968 2009-01-21] (CyberLink Corp.) HKLM\...\Run: [CLMLServer] => C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe [202024 2009-01-21] (CyberLink) HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [204800 2009-02-24] (Alps Electric Co., Ltd.) HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\LManager.exe [1069576 2009-06-25] (Dritek System Inc.) HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe [440864 2009-06-23] (Acer Incorporated) HKLM\...\Run: [mwlDaemon] => C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [345384 2009-05-14] (Egis Technology Inc.) HKLM\...\Run: [snp2std] => C:\Windows\vsnp2std.exe [344064 2007-05-10] (Sonix) HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5188112 2014-12-16] (AVG Technologies CZ, s.r.o.) HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.) HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdSync.exe [215552 2008-01-21] (Microsoft Corporation) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2015-02-13] (Apple Inc.) HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.) Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X] HKU\S-1-5-21-2058867259-2847588522-3491946613-1000\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] => C:\Program Files\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe [1266712 2013-06-04] (AVG Secure Search) HKU\S-1-5-21-2058867259-2847588522-3491946613-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation) HKU\S-1-5-21-2058867259-2847588522-3491946613-1000\...\Run: [AVG-Secure-Search-Update_0814tb] => C:\Program Files\AVG Security Toolbar\AVG-Secure-Search-Update_0814tb.exe [2782744 2014-08-26] () HKU\S-1-5-21-2058867259-2847588522-3491946613-1000\...\Run: [AVG-Secure-Search-Update_1214av] => C:\Users\Jana\AppData\Roaming\Avg_Update_1214av\AVG-Secure-Search-Update_1214av.exe /PROMPT /mid=59650494993fe9a13e2609893a9013bd-d0f9add0c8c22f6c1392a307a4e945381b0f1cb0 /CMPID=1214av HKU\S-1-5-21-2058867259-2847588522-3491946613-1000\...\Run: [AVG-Secure-Search-Update_0215av] => C:\Users\Jana\AppData\Roaming\Avg_Update_0215av\AVG-Secure-Search-Update_0215av.exe [2794520 2015-02-17] () HKU\S-1-5-21-2058867259-2847588522-3491946613-1000\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.) HKU\S-1-5-21-2058867259-2847588522-3491946613-1000\...\MountPoints2: {03dd78ff-bc64-11e0-83ba-001f169a62b2} - E:\setup.exe AUTORUN=1 HKU\S-1-5-21-2058867259-2847588522-3491946613-1000\...\MountPoints2: {360ae716-75e5-11e2-9705-001f169a62b2} - E:\setup.exe -a HKU\S-1-5-21-2058867259-2847588522-3491946613-1000\...\MountPoints2: {d9a0688a-30cd-11e0-9745-001f169a62b2} - E:\setup.exe -a HKU\S-1-5-21-2058867259-2847588522-3491946613-1000\...\MountPoints2: {fbb7201f-c913-11e2-9382-001f169a62b2} - F:\Startme.exe HKU\S-1-5-21-2058867259-2847588522-3491946613-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\Acer.scr [413696 2009-01-22] (Acer) Startup: C:\Users\Jana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Jana\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jana\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jana\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jana\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll (Egis Technology Inc.) BootExecute: autocheck autochk * sdnclean.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0809&m=aspire_5738 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0809&m=aspire_5738 HKU\S-1-5-21-2058867259-2847588522-3491946613-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-2058867259-2847588522-3491946613-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0809&m=aspire_5738 HKU\S-1-5-21-2058867259-2847588522-3491946613-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com/ HKU\S-1-5-21-2058867259-2847588522-3491946613-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com HKU\S-1-5-21-2058867259-2847588522-3491946613-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie URLSearchHook: HKU\S-1-5-21-2058867259-2847588522-3491946613-1000 - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File SearchScopes: HKLM -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW SearchScopes: HKU\.DEFAULT -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = SearchScopes: HKU\S-1-5-21-2058867259-2847588522-3491946613-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE355 BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-25] (Oracle Corporation) BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17] (Microsoft Corporation) BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-25] (Oracle Corporation) Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File Toolbar: HKLM - FireShot - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Program Files\FireShot for Internet Explorer\fsaddin-0.98.59.dll [2014-07-25] (getfireshot.com) Toolbar: HKU\.DEFAULT -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File Toolbar: HKU\S-1-5-21-2058867259-2847588522-3491946613-1000 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File Toolbar: HKU\S-1-5-21-2058867259-2847588522-3491946613-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0055-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File [] Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-09] (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Jana\AppData\Roaming\Mozilla\Firefox\Profiles\1xru579m.default-1404185215601 FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-19] () FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1210150.dll [2014-03-11] (Adobe Systems, Inc.) FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] () FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-25] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-25] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.) FF Plugin: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2008-12-04] (Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation) FF Plugin: @Musicnotes.com/Musicnotes Viewer,version=1.18.9 -> C:\Program Files\Musicnotes\npmusicn.dll No File FF Plugin: @Sibelius.com/Scorch Plugin,version=6.2.0.88 -> C:\Program Files\Sibelius Software\Scorch\npsibelius.dll No File FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll No File FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll No File FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2014-11-05] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2014-11-05] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2014-11-05] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2014-11-05] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2014-11-05] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPSibelius.dll [2013-03-11] () FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\PDFNetC.dll [2010-03-31] (PDFTron Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\ScorchAxPlugin.dll [2010-04-08] () FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\ScorchPDFWrapper.dll [2010-04-08] () FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml [2014-08-25] FF Extension: FireShot - C:\Users\Jana\AppData\Roaming\Mozilla\Firefox\Profiles\1xru579m.default-1404185215601\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2015-02-23] FF Extension: WOT - C:\Users\Jana\AppData\Roaming\Mozilla\Firefox\Profiles\1xru579m.default-1404185215601\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-07-01] FF Extension: ZenMate Security & Privacy VPN - C:\Users\Jana\AppData\Roaming\Mozilla\Firefox\Profiles\1xru579m.default-1404185215601\Extensions\firefox@zenmate.com.xpi [2014-12-04] FF Extension: Adblock Plus - C:\Users\Jana\AppData\Roaming\Mozilla\Firefox\Profiles\1xru579m.default-1404185215601\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-01] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-11-26] FF HKLM\...\Firefox\Extensions: [avg@igeared] - C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared FF HKLM\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox FF Extension: Freemake Video Converter Plugin - C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox [2011-11-13] FF HKLM\...\Firefox\Extensions: [firefox@gingersoftware.2.0.0.74.com] - C:\Program Files\Ginger\Mozilla\firefox@gingersoftware.2.0.0.74.com FF Extension: Ginger - Grammar and Spell Checker - C:\Program Files\Ginger\Mozilla\firefox@gingersoftware.2.0.0.74.com [2014-05-28] Chrome: ======= CHR HKLM\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2011-11-13] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3247120 2014-12-16] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [289328 2014-12-16] (AVG Technologies CZ, s.r.o.) S4 CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [75048 2008-12-18] () S4 ePowerSvc; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [707104 2009-06-23] (Acer Incorporated) S2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2014-12-03] (Freemake) [File not signed] R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-03-12] (Hewlett-Packard Co.) [File not signed] R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 MWLService; C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-05-14] (Egis Technology Inc.) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [File not signed] S4 NTI IScheduleSvc; C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [61184 2009-04-11] (NewTech Infosystems, Inc.) S4 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [144632 2008-09-23] (NewTech Infosystems, Inc.) R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [File not signed] R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.) S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation) S3 AVG Security Toolbar Service; C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe [X] S2 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [X] S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [X] S3 Wecsvc; %SystemRoot%\system32\wecsvc.dll [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-30] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [200984 2014-07-21] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147736 2014-06-17] (AVG Technologies CZ, s.r.o.) R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-17] (AVG Technologies CZ, s.r.o.) R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [189720 2014-10-24] (AVG Technologies CZ, s.r.o.) R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [241944 2014-06-17] (AVG Technologies CZ, s.r.o.) R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [98584 2014-10-29] (AVG Technologies CZ, s.r.o.) R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-17] (AVG Technologies CZ, s.r.o.) R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [197400 2014-10-20] (AVG Technologies CZ, s.r.o.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-03-25] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation) R1 mwlPSDFilter; C:\Windows\System32\DRIVERS\mwlPSDFilter.sys [19504 2008-12-04] (Egis Incorporated.) R1 mwlPSDNServ; C:\Windows\System32\DRIVERS\mwlPSDNServ.sys [16432 2008-12-04] (Egis Incorporated.) R1 mwlPSDVDisk; C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys [59952 2008-12-04] (Egis Incorporated.) S3 SNP2STD; C:\Windows\System32\DRIVERS\snp2sxp.sys [12216064 2007-09-22] () S3 sscdbus; C:\Windows\System32\DRIVERS\sscdbus.sys [58352 2005-08-17] (MCCI) [File not signed] R1 StarOpen; C:\Windows\system32\Drivers\StarOpen.sys [5632 2006-07-24] () [File not signed] S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X] S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 motccgp; system32\DRIVERS\motccgp.sys [X] S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X] S3 motmodem; system32\DRIVERS\motmodem.sys [X] S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X] S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X] S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-25 15:27 - 2015-03-25 15:28 - 00023861 _____ () C:\Users\Jana\Downloads\FRST.txt 2015-03-25 15:26 - 2015-03-25 15:27 - 00000000 ____D () C:\FRST 2015-03-25 15:26 - 2015-03-25 15:26 - 01135104 _____ (Farbar) C:\Users\Jana\Downloads\FRST.exe 2015-03-25 14:42 - 2015-03-25 14:18 - 00005336 _____ () C:\logfile.tab 2015-03-25 14:19 - 2015-03-25 14:19 - 00000616 _____ () C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job 2015-03-25 14:19 - 2015-03-25 14:19 - 00000446 _____ () C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job 2015-03-25 14:18 - 2015-03-25 14:19 - 00000644 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job 2015-03-25 14:17 - 2015-03-25 14:17 - 00001974 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk 2015-03-25 14:17 - 2015-03-25 14:17 - 00001962 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk 2015-03-25 14:17 - 2015-03-25 14:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 2015-03-25 14:17 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe 2015-03-25 14:16 - 2015-03-25 15:22 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2 2015-03-25 13:35 - 2015-03-25 13:35 - 01203488 _____ () C:\Users\Jana\Downloads\SpyBot Search Destroy - CHIP-Installer.exe 2015-03-25 13:32 - 2015-03-25 13:32 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-03-25 13:29 - 2015-03-25 13:29 - 00000903 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-03-25 13:29 - 2015-03-25 13:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-03-25 13:28 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-03-25 13:28 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-03-25 13:28 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-03-25 01:18 - 2015-03-25 01:18 - 00001668 _____ () C:\Users\Public\Desktop\iTunes.lnk 2015-03-25 01:18 - 2015-03-25 01:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2015-03-25 01:11 - 2015-03-25 01:18 - 00000000 ____D () C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB 2015-03-25 01:11 - 2015-03-25 01:17 - 00000000 ____D () C:\Program Files\iTunes 2015-03-25 01:11 - 2015-03-25 01:11 - 00000000 ____D () C:\Program Files\iPod 2015-03-25 00:54 - 2015-03-25 00:54 - 00000691 _____ () C:\Users\Jana\Downloads\Mendelssohn__Felix__Hymn__WoO_15_En - Verknüpfung.lnk 2015-03-12 03:21 - 2015-01-29 02:35 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2015-03-12 03:20 - 2015-01-29 02:35 - 00975360 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2015-03-12 03:19 - 2015-02-26 01:18 - 02064384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-03-12 03:09 - 2015-02-20 03:03 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2015-03-12 03:09 - 2015-02-20 01:28 - 00296960 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2015-03-12 03:07 - 2015-02-26 03:01 - 03604408 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2015-03-12 03:07 - 2015-02-26 03:01 - 03552184 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-03-12 03:07 - 2015-01-21 03:02 - 00807936 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll 2015-03-12 03:07 - 2015-01-09 03:04 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-03-12 03:07 - 2015-01-09 01:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-03-12 03:06 - 2015-03-06 05:01 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-03-12 03:05 - 2014-10-13 02:12 - 02264064 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2015-03-12 03:04 - 2015-02-18 03:02 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2015-03-11 16:23 - 2015-02-21 18:37 - 12375040 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-03-11 16:23 - 2015-02-21 18:34 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-03-11 16:23 - 2015-02-21 18:29 - 09747968 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-03-11 16:23 - 2015-02-21 18:28 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-03-11 16:23 - 2015-02-21 18:22 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-03-11 16:23 - 2015-02-21 18:21 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-03-11 16:23 - 2015-02-21 18:21 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-03-11 16:23 - 2015-02-21 18:20 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2015-03-11 16:23 - 2015-02-21 18:20 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-03-11 16:23 - 2015-02-21 18:19 - 01803264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-03-11 16:23 - 2015-02-21 18:19 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-03-11 16:23 - 2015-02-21 18:19 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-03-11 16:23 - 2015-02-21 18:19 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-03-11 16:23 - 2015-02-21 18:19 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-03-11 16:23 - 2015-02-21 18:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-03-11 16:23 - 2015-02-21 18:18 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-03-11 16:23 - 2015-02-21 18:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-03-11 16:23 - 2015-02-21 18:18 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-03-11 16:23 - 2015-02-21 18:18 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2015-03-11 16:23 - 2015-02-21 18:18 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2015-03-11 16:23 - 2015-02-21 18:18 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2015-03-11 16:23 - 2015-02-21 18:17 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-02-27 09:27 - 2015-03-24 14:43 - 00000520 _____ () C:\Windows\Tasks\AVG_SYS_TASK_0215av.job 2015-02-27 09:27 - 2015-03-24 14:43 - 00000388 _____ () C:\Windows\Tasks\AVG_SYS_TASK_0215av_DELETE.job 2015-02-27 09:27 - 2015-02-27 09:27 - 00000000 ____D () C:\Users\Jana\AppData\Roaming\Avg_Update_0215av 2015-02-27 09:27 - 2015-02-27 09:27 - 00000000 ____D () C:\ProgramData\Avg_Update_0215av ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-25 15:23 - 2010-06-13 01:32 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2015-03-25 14:47 - 2009-08-05 12:02 - 01267732 _____ () C:\Windows\WindowsUpdate.log 2015-03-25 14:46 - 2012-10-12 16:12 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-03-25 14:46 - 2010-02-07 12:53 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-03-25 14:43 - 2006-11-02 13:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2015-03-25 14:43 - 2006-11-02 13:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2015-03-25 14:39 - 2011-08-18 11:04 - 00000000 ___RD () C:\Users\Jana\Dropbox 2015-03-25 13:29 - 2012-01-03 21:44 - 00000000 ____D () C:\Program Files\ MALWAREBYTES ANTI-MALWARE 2015-03-25 13:29 - 2011-11-26 08:30 - 00000000 ____D () C:\Users\Jana\AppData\Roaming\Malwarebytes 2015-03-25 13:28 - 2011-11-26 08:30 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-03-25 13:28 - 2011-11-26 08:30 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware 2015-03-25 10:33 - 2011-01-03 19:25 - 00000000 ____D () C:\ProgramData\Musicnotes 2015-03-25 09:49 - 2010-11-13 14:50 - 00000000 ____D () C:\ProgramData\MFAData 2015-03-25 01:11 - 2010-12-20 19:44 - 00000000 ____D () C:\Program Files\Common Files\Apple 2015-03-25 00:58 - 2013-08-21 08:12 - 00000000 ____D () C:\Users\Jana\Documents\Noten PDF 2015-03-24 21:46 - 2010-02-07 12:53 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-03-24 20:29 - 2009-11-18 18:27 - 00031232 _____ () C:\Users\Jana\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-03-24 14:46 - 2011-08-18 10:58 - 00000000 ____D () C:\Users\Jana\AppData\Roaming\Dropbox 2015-03-24 14:43 - 2014-08-26 18:45 - 00000364 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_0814tb_rmv.job 2015-03-24 14:43 - 2014-08-26 18:45 - 00000364 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_0814tb_rel.job 2015-03-24 14:43 - 2013-06-04 09:09 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job 2015-03-24 14:43 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-03-24 14:42 - 2012-04-25 20:43 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2015-03-24 09:39 - 2006-11-02 14:01 - 00032626 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-03-23 20:11 - 2014-09-25 00:02 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2015-03-22 14:36 - 2014-06-28 13:54 - 00004028 _____ () C:\Windows\setupact.log 2015-03-22 07:08 - 2009-11-18 16:42 - 00000000 ____D () C:\Users\Jana 2015-03-21 11:29 - 2006-11-02 11:33 - 00006606 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-03-19 20:59 - 2014-06-15 17:05 - 00000000 ____D () C:\Users\Jana\AppData\Local\Adobe 2015-03-19 20:37 - 2012-04-12 05:51 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-03-19 20:37 - 2011-05-18 22:55 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2015-03-15 21:31 - 2013-04-08 10:19 - 00000000 ____D () C:\Users\Jana\Documents\Homepage 2015-03-15 21:28 - 2011-12-28 15:35 - 00014954 _____ () C:\Users\Jana\Documents\cvJana.odt 2015-03-12 03:41 - 2006-11-02 13:47 - 00353416 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-03-12 03:21 - 2009-03-12 04:11 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-03-12 03:19 - 2013-07-19 02:00 - 00000000 ____D () C:\Windows\system32\MRT 2015-03-12 03:10 - 2006-11-02 11:24 - 119837696 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2015-03-11 16:02 - 2011-08-18 10:58 - 00000000 ____D () C:\Users\Jana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-03-03 03:49 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET ==================== Files in the root of some directories ======= 2010-07-30 21:21 - 2015-01-16 14:05 - 0020520 _____ () C:\Program Files\init.dat 2013-06-25 21:06 - 2014-06-23 06:09 - 0003728 _____ () C:\Program Files\Mozilla Firefoxavg-secure-search.xml 2014-02-10 12:30 - 2014-02-10 12:32 - 0677244 _____ () C:\Users\Jana\AppData\Roaming\Scorch_Install.log 2009-11-18 16:51 - 2010-05-21 07:03 - 0000106 _____ () C:\Users\Jana\AppData\Roaming\wklnhst.dat 2010-04-23 15:20 - 2010-04-23 15:20 - 0000552 _____ () C:\Users\Jana\AppData\Local\d3d8caps.dat 2009-11-18 22:54 - 2014-12-07 00:16 - 0007052 _____ () C:\Users\Jana\AppData\Local\d3d9caps.dat 2009-11-18 18:27 - 2015-03-24 20:29 - 0031232 _____ () C:\Users\Jana\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2010-05-09 13:31 - 2012-05-27 16:03 - 0000000 _____ () C:\Users\Jana\AppData\Local\prvlcl.dat 2009-03-12 04:26 - 2009-08-05 12:17 - 0004536 _____ () C:\ProgramData\ArcadeDeluxe2.log 2010-06-22 21:19 - 2010-06-22 21:19 - 0000056 ____H () C:\ProgramData\ezsidmv.dat 2010-05-21 06:53 - 2010-05-21 07:02 - 0000360 _____ () C:\ProgramData\hpzinstall.log 2010-08-15 15:03 - 2010-12-20 21:06 - 0000000 _____ () C:\ProgramData\LauncherAccess.dt Files to move or delete: ==================== C:\Users\Jana\62868_Hama Webcam Metal Pro.exe C:\Users\Jana\setup.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-03-25 15:05 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by Jana at 2015-03-25 15:29:21
Running from C:\Users\Jana\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
.NET Bildbearbeitung 2.0 (HKLM\...\{40164EEF-164E-4E39-8027-A80575676F8A}) (Version: 2.0.1 - Reben Studio&Aufnahmemedien C.M.Obrecht)
32 Bit HP CIO Components Installer (Version: 1.0.0 - Hewlett-Packard) Hidden
Acer Arcade Deluxe (HKLM\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 2.5.6121 - CyberLink Corp.)
Acer Arcade Deluxe (Version: 2.5.6121 - CyberLink Corp.) Hidden
Acer Backup Manager (HKLM\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 1.0.0.58 - NewTech Infosystems)
Acer eRecovery Management (HKLM\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.00.3008 - Acer Incorporated)
Acer GridVista (HKLM\...\GridVista) (Version: 2.72.317 - )
Acer PowerSmart Manager (HKLM\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 4.01.3016 - Acer Incorporated)
Acer Product Registration (HKLM\...\{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}) (Version: 3.0.0.10 - Acer Incorporated)
Acer ScreenSaver (HKLM\...\Acer Screensaver) (Version: 1.0.0.0226 - Acer)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)
Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version: - Agere Systems)
AIO_Scan (Version: 90.0.222.000 - Hewlett-Packard) Hidden
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.5.2015.101 - Alps Electric)
Amazon MP3-Downloader 1.0.9 (HKLM\...\Amazon MP3-Downloader) (Version: - )
Apple Application Support (32-Bit) (HKLM\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E1DB0812-2D60-43DB-AE09-6C7027D93B28}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4800 - AVG Technologies)
AVG 2014 (Version: 14.0.4311 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4800 - AVG Technologies) Hidden
Backup Manager Basic (Version: 1.0.0.58 - NewTech Infosystems) Hidden
Big Fish: Game Manager (HKLM\...\BFGC) (Version: 3.3.0.2 - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Gigabit NetLink Controller (HKLM\...\{9AF0B106-56F1-461B-A270-95BC1682E282}) (Version: 11.34.02 - Broadcom Corporation)
Choice Guard (Version: 1.2.87.0 - Microsoft Corporation) Hidden
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
dj_aio_corporate (Version: 90.0.222.000 - Hewlett-Packard) Hidden
DJ_AIO_Software_min (Version: 90.0.222.000 - Hewlett-Packard) Hidden
Dropbox (HKU\S-1-5-21-2058867259-2847588522-3491946613-1000\...\Dropbox) (Version: 3.2.9 - Dropbox, Inc.)
eSobi v2 (HKLM\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.3.000223 - esobi Inc.)
eSobi v2 (Version: 2.0.3.000223 - esobi Inc.) Hidden
Express Rip (HKLM\...\ExpressRip) (Version: - NCH Software)
Freemake Video Converter Version 4.1.5 (HKLM\...\Freemake Video Converter_is1) (Version: 4.1.5 - Ellora Assets Corporation)
Google Update Helper (Version: 1.3.23.9 - Google Inc.) Hidden
Grim Tales: Die Steinkönigin (HKLM\...\BFG-Grim Tales - Die Steinkoenigin) (Version: - )
Hama Webcam Metal Pro (HKLM\...\{75438C0E-9925-412E-AD85-D0E71C6CE2ED}) (Version: 5.7.19203.106 - Sonix)
HP Deskjet All-In-One Driver Software 9.0.A Corporate Edition (HKLM\...\{B2C61EBB-F47C-48ba-B375-27A40F8F48F7}) (Version: 9.0 - HP)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
iTunes (HKLM\...\{3A9FE6B1-EE7F-40AC-B831-AC7C9ABB58A0}) (Version: 12.1.1.4 - Apple Inc.)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java(TM) 6 Update 18 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216018F0}) (Version: 6.0.180 - Sun Microsystems, Inc.)
JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Launch Manager (HKLM\...\LManager) (Version: 2.0.10 - Acer Inc.)
LightBox Free Image Editor (HKLM\...\LightBox Free Image Editor) (Version: - )
Mahjong Escape Ancient China (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}) (Version: - Oberon Media)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{62F7DA7E-CCCB-439C-A760-00C3926E761F}) (Version: 9.7.0621 - Microsoft Corporation)
MotoHelper MergeModules (Version: 1.2.0 - Motorola) Hidden
Mozilla Firefox 36.0.4 (x86 de) (HKLM\...\Mozilla Firefox 36.0.4 (x86 de)) (Version: 36.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Musicnotes Software Suite 1.5.3 (HKLM\...\Musicnotes Combined Installer_is1) (Version: 1.5.3 - Musicnotes Inc.)
MyWinLocker (HKLM\...\{68301905-2DEA-41CE-A4D4-E8B443B099BA}) (Version: 3.1.59.0 - Egis Technology Inc.)
Naviextras Toolbox (HKLM\...\Naviextras Toolbox) (Version: 3.18.3.412849 - NNG Llc.)
Naviextras Toolbox Prerequesities (HKLM\...\{537575D6-3B96-474C-BD8F-DFF667363DBD}) (Version: 1.0.0 - NNG Llc.)
NTI Backup Now 5 (HKLM\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.616 - NewTech Infosystems)
NTI Backup Now Standard (Version: 5.1.2.616 - NewTech Infosystems) Hidden
Ocean Express (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111232687}) (Version: - Oberon Media)
OpenOffice 4.1.0 (HKLM\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation)
Opera 12.17 (HKLM\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
Orion (HKLM\...\{5B63A470-9334-44D1-AF61-6CE2DB565AE9}) (Version: 2.5.0 - Convesoft)
PDF24 Creator 6.9.1 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: 6.0.6000.20113 - Realtek Semiconductor Corp.)
Samsung PC Studio 3 (Version: 3.0.0.80502 - Samsung Electronics Co., Ltd.) Hidden
Scan (Version: 9.0.0.0 - Hewlett-Packard) Hidden
SeaMonkey 2.32.1 (x86 de) (HKLM\...\SeaMonkey 2.32.1 (x86 de)) (Version: 2.32.1 - Mozilla)
Sibelius Scorch (Firefox, Opera, Netscape, Chrome only) (HKLM\...\{41626CC0-A854-4402-AD06-D7939515C282}) (Version: 6.2.0 - Sibelius Software, a division of Avid Technology, Inc.)
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Tod in Rumänien: Ein Dana Knightstone Roman Sammleredition (HKLM\...\BFG-Tod in Rumaenien - Ein Dana Knightstone Roman Sammleredition) (Version: - )
Toolbox (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Tri-Peaks Solitaire To Go (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111205743}) (Version: - Oberon Media)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WavePad Sound Editor (HKLM\...\WavePad) (Version: - NCH Software)
Windows Live Anmelde-Assistent (HKLM\...\{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}) (Version: 5.000.818.6 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{8C1E2925-14F8-45AA-B999-1E2A74BF5607}) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2058867259-2847588522-3491946613-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Jana\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2058867259-2847588522-3491946613-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Jana\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2058867259-2847588522-3491946613-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jana\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2058867259-2847588522-3491946613-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jana\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2058867259-2847588522-3491946613-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jana\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2058867259-2847588522-3491946613-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jana\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2058867259-2847588522-3491946613-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jana\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2058867259-2847588522-3491946613-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jana\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2058867259-2847588522-3491946613-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jana\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2058867259-2847588522-3491946613-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jana\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
==================== Restore Points =========================
08-03-2015 14:00:25 Geplanter Prüfpunkt
12-03-2015 03:00:52 Windows Update
14-03-2015 01:01:17 Geplanter Prüfpunkt
15-03-2015 00:00:08 Geplanter Prüfpunkt
16-03-2015 00:33:40 Geplanter Prüfpunkt
18-03-2015 23:37:57 Geplanter Prüfpunkt
20-03-2015 00:34:03 Geplanter Prüfpunkt
21-03-2015 00:04:49 Geplanter Prüfpunkt
23-03-2015 00:57:26 Geplanter Prüfpunkt
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 11:23 - 2013-08-26 09:07 - 00450573 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
There are 1000 more lines.
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {034223B4-3C8F-4DAF-8322-AE3DAA63272B} - System32\Tasks\{D7EDA30A-839F-4ED7-9315-76A04234245A} => pcalua.exe -a "C:\Program Files\Acer GameZone\Parking Dash\Uninstall.exe" -c "C:\Program Files\Acer GameZone\Parking Dash\install.log"
Task: {0DC572EC-2E18-496A-BA4D-87EBE7E3F2B0} - System32\Tasks\{9394FD75-4F7F-4C95-BB7E-11E799A66C92} => pcalua.exe -a "C:\Program Files\Common Files\Motorola Shared\MotPCSDrivers\Motorola Driver Installer.exe" -d "C:\Program Files\Common Files\Motorola Shared\MotPCSDrivers\"
Task: {0EC075A9-73B8-4581-AF47-20522CBFF2DF} - System32\Tasks\{E98132D1-65D2-4010-97B9-59945DFABB3F} => pcalua.exe -a "C:\Program Files\Acer GameZone\Tradewinds 2\Uninstall.exe" -c "C:\Program Files\Acer GameZone\Tradewinds 2\install.log"
Task: {15353136-507E-462F-BC75-234D2A8E3FDB} - System32\Tasks\{77CA31E2-AFE5-4B90-B0B5-E882F17F63FB} => pcalua.exe -a "C:\Program Files\bfgclient\Uninstall.exe"
Task: {1AA453F0-4729-4C17-99A2-C3905520FF18} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: {4AE90059-B89F-4E05-B224-8C00F69C5E6D} - System32\Tasks\{4E2F7CAF-247E-4330-92E9-E55D74900F8F} => C:\Program Files\Skype\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.)
Task: {4DF43397-4F74-472F-A01F-A184CDCD056A} - System32\Tasks\Refresh immunization (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {570079E8-1123-492A-8C63-6F62CFB13879} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: {596DF877-1496-49E2-9EE3-378C16F496E7} - System32\Tasks\AVG-Secure-Search-Update_0814tb_rel => C:\Program Files\AVG Security Toolbar\AVG-Secure-Search-Update_0814tb.exe [2014-08-26] ()
Task: {5E907BF7-2EB8-43CD-9934-9F984AEBA815} - System32\Tasks\NCH Swift Sound\wavepadShakeIcon => C:\Program Files\NCH Swift Sound\WavePad\WavePad.exe [2010-07-30] (NCH Software)
Task: {69B548AC-6810-4EED-9B8F-D5DACDAC617F} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Jana => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)
Task: {6A39A20B-ADA2-45BA-8CC5-DFF993AD0ED4} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {71A0B785-C030-41F0-A91D-D7F1CAA44C2A} - System32\Tasks\Scan the system (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
Task: {765C12A1-B6EE-40F2-91D0-E67FB5E72403} - System32\Tasks\AVG_SYS_TASK_0215av => C:\ProgramData\Avg_Update_0215av\AVG-Secure-Search-Update_0215av.exe [2015-02-17] ()
Task: {7DD8296F-2119-46B3-B43E-D29AA0AD657A} - System32\Tasks\Egis technology-Online-Aktualisierungsprogramm => C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe [2009-05-13] (Egis Technology Inc.)
Task: {82C5BEAA-329E-41D5-815E-2E152CDB290E} - System32\Tasks\MotoHelper MUM => C:\Program Files\Motorola\MotoHelper\MotoHelperUpdate.exe
Task: {920B4ED2-A12E-46E2-835E-15FBE9C6CD20} - System32\Tasks\AVG_SYS_TASK_0215av_DELETE => C:\ProgramData\Avg_Update_0215av\AVG-Secure-Search-Update_0215av.exe [2015-02-17] ()
Task: {960BBB13-9A23-4F75-B88C-CF48CF324A0F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-19] (Adobe Systems Incorporated)
Task: {96A59E9A-2AF8-473D-B682-E27A26F15E6C} - System32\Tasks\{C4C379BC-CE78-4407-AD9A-11CCC098E7E8} => pcalua.exe -a "C:\Program Files\Acer GameZone\Ocean Express\Uninstall.exe" -c "C:\Program Files\Acer GameZone\Ocean Express\install.log"
Task: {A2EA67EE-9389-4D9D-91D9-61EF2F4945D1} - System32\Tasks\{1A326743-0AA0-45F4-BB30-F8BB4ECE2E83} => pcalua.exe -a "C:\Program Files\Acer GameZone\Turbo Pizza\Uninstall.exe" -c "C:\Program Files\Acer GameZone\Turbo Pizza\install.log"
Task: {A33C5FE3-9589-413B-934F-7E25628F2B76} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {AB090CF3-5AC0-44C5-880F-84A83CA06359} - System32\Tasks\MotoHelper Routing => C:\Program Files\Motorola\MotoHelper\MotoHelperUpdate.exe
Task: {B332CC14-4EB5-4418-A1FC-C65A06916769} - System32\Tasks\{72B49BE9-BB14-49C4-AD86-43849CB95F1D} => pcalua.exe -a "C:\Program Files\Acer GameZone\Wedding Dash\Uninstall.exe" -c "C:\Program Files\Acer GameZone\Wedding Dash\install.log"
Task: {B386ABEF-1BD0-44C9-B47B-A895E06E79D7} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{A939717C-2C0B-4808-A29B-E65781C2E71E}.exe
Task: {B563FCCE-0EC8-414A-8163-0AF6BDD46EE5} - System32\Tasks\Check for updates (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {C72841EF-871D-47AE-9C50-444E72E03C89} - System32\Tasks\{F3AA552E-9274-46F3-8E57-328627C3E121} => pcalua.exe -a "C:\Program Files\Acer GameZone\Tri-Peaks Solitaire To Go\Uninstall.exe" -c "C:\Program Files\Acer GameZone\Tri-Peaks Solitaire To Go\install.log"
Task: {DD812B53-3753-4776-A784-964280C20F6A} - System32\Tasks\{FB0574A4-2DF1-437C-BD3A-0A160A7260D8} => pcalua.exe -a C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\8\INTEL3~1\IDriver.exe -c /M{D48C9BFC-FBCF-4F29-B97D-822ED6D497FE}
Task: {DF05967E-6520-4845-896B-22D6CC01969F} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2014-12-17] (Oracle Corporation)
Task: {DFD42890-F1C5-4976-9757-84C7492A3564} - System32\Tasks\{9AE4F6EC-C735-4246-BB1C-F531D731864C} => pcalua.exe -a "C:\Program Files\Acer GameZone\Luxor 2\Uninstall.exe" -c "C:\Program Files\Acer GameZone\Luxor 2\install.log"
Task: {E7C37B0C-58B2-431E-9F41-CB3B42551582} - System32\Tasks\MotoHelper Update => C:\Program Files\Motorola\MotoHelper\MotoHelperUpdate.exe
Task: {F1FC336B-CBCE-4BF2-9B1A-E91B1A0F0618} - System32\Tasks\MotoHelper Initial Update => C:\Program Files\Motorola\MotoHelper\MotoHelperUpdate.exe
Task: {F637AB4E-1A37-417B-A0DF-09436BAD9D0A} - System32\Tasks\{1FEA2CBF-E282-4C18-9E27-D1D616861DF3} => pcalua.exe -a "C:\Program Files\Acer GameZone\Mahjong Escape Ancient China\Uninstall.exe" -c "C:\Program Files\Acer GameZone\Mahjong Escape Ancient China\install.log"
Task: {F6AA2A58-CCC2-44C0-974B-5DB76D4658B6} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {F9E24EF6-A1E5-4B82-B8D9-E2EDA317F141} - System32\Tasks\BFGLaunch_bfgclient => C:\Program Files\bfgclient\bfgclient.exe [2014-03-05] ()
Task: {FE7BDB05-B2F1-43EF-BE96-0FA20245019D} - System32\Tasks\AVG-Secure-Search-Update_0814tb_rmv => C:\Program Files\AVG Security Toolbar\AVG-Secure-Search-Update_0814tb.exe [2014-08-26] ()
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_0814tb_rel.job => C:\Program Files\AVG Security Toolbar\AVG-Secure-Search-Update_0814tb.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_0814tb_rmv.job => C:\Program Files\AVG Security Toolbar\AVG-Secure-Search-Update_0814tb.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{A939717C-2C0B-4808-A29B-E65781C2E71E}.exe <==== ATTENTION
Task: C:\Windows\Tasks\AVG_SYS_TASK_0215av.job => C:\ProgramData\Avg_Update_0215av\AVG-Secure-Search-Update_0215av.exe
Task: C:\Windows\Tasks\AVG_SYS_TASK_0215av_DELETE.job => C:\ProgramData\Avg_Update_0215av\AVG-Secure-Search-Update_0215av.exe
Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
==================== Loaded Modules (whitelisted) ==============
2015-03-25 14:17 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-03-25 14:17 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2015-02-27 09:27 - 2015-02-17 15:16 - 02794520 _____ () C:\ProgramData\Avg_Update_0215av\AVG-Secure-Search-Update_0215av.exe
2014-08-26 18:45 - 2014-08-26 18:45 - 02782744 _____ () C:\Program Files\AVG Security Toolbar\AVG-Secure-Search-Update_0814tb.exe
2009-01-21 00:41 - 2009-01-21 00:41 - 00872448 _____ () C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMediaLibrary.dll
2009-01-21 00:41 - 2009-01-21 00:41 - 00007680 _____ () C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvcPS.dll
2009-08-05 20:43 - 2003-06-07 22:30 - 00057344 _____ () C:\Program Files\Launch Manager\PowerUtl.dll
2015-02-27 09:27 - 2015-02-17 15:16 - 02794520 _____ () C:\Users\Jana\AppData\Roaming\Avg_Update_0215av\AVG-Secure-Search-Update_0215av.exe
2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 04:20 - 2015-02-13 04:20 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-03-25 14:17 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-03-25 14:17 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2015-03-25 14:17 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:04BC9A2C
AlternateDataStreams: C:\ProgramData\Temp:0860D6D6
AlternateDataStreams: C:\ProgramData\Temp:0B4227B4
AlternateDataStreams: C:\ProgramData\Temp:0F3F6B1E
AlternateDataStreams: C:\ProgramData\Temp:1234ADAE
AlternateDataStreams: C:\ProgramData\Temp:131C0EE9
AlternateDataStreams: C:\ProgramData\Temp:178093AE
AlternateDataStreams: C:\ProgramData\Temp:17C48B08
AlternateDataStreams: C:\ProgramData\Temp:18897B1D
AlternateDataStreams: C:\ProgramData\Temp:260575F1
AlternateDataStreams: C:\ProgramData\Temp:2C678471
AlternateDataStreams: C:\ProgramData\Temp:2C86E2AD
AlternateDataStreams: C:\ProgramData\Temp:2CA4B471
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
AlternateDataStreams: C:\ProgramData\Temp:2F141B68
AlternateDataStreams: C:\ProgramData\Temp:302ECBD6
AlternateDataStreams: C:\ProgramData\Temp:3064D21D
AlternateDataStreams: C:\ProgramData\Temp:315B4A13
AlternateDataStreams: C:\ProgramData\Temp:32AE8659
AlternateDataStreams: C:\ProgramData\Temp:331B7520
AlternateDataStreams: C:\ProgramData\Temp:33384BC0
AlternateDataStreams: C:\ProgramData\Temp:35759C73
AlternateDataStreams: C:\ProgramData\Temp:363E775E
AlternateDataStreams: C:\ProgramData\Temp:3B3A35EC
AlternateDataStreams: C:\ProgramData\Temp:3D887DCC
AlternateDataStreams: C:\ProgramData\Temp:3E06C78F
AlternateDataStreams: C:\ProgramData\Temp:3E8A3E87
AlternateDataStreams: C:\ProgramData\Temp:41099CE9
AlternateDataStreams: C:\ProgramData\Temp:48977386
AlternateDataStreams: C:\ProgramData\Temp:490BCC52
AlternateDataStreams: C:\ProgramData\Temp:4F636E25
AlternateDataStreams: C:\ProgramData\Temp:5080697C
AlternateDataStreams: C:\ProgramData\Temp:52E1DB1D
AlternateDataStreams: C:\ProgramData\Temp:57176330
AlternateDataStreams: C:\ProgramData\Temp:57EE48CA
AlternateDataStreams: C:\ProgramData\Temp:5A2E8BBF
AlternateDataStreams: C:\ProgramData\Temp:5B4686D7
AlternateDataStreams: C:\ProgramData\Temp:5C353220
AlternateDataStreams: C:\ProgramData\Temp:5C9A6C78
AlternateDataStreams: C:\ProgramData\Temp:60AC3BC3
AlternateDataStreams: C:\ProgramData\Temp:614F17D3
AlternateDataStreams: C:\ProgramData\Temp:663B62CA
AlternateDataStreams: C:\ProgramData\Temp:67BA17B9
AlternateDataStreams: C:\ProgramData\Temp:69F562A6
AlternateDataStreams: C:\ProgramData\Temp:69FD6BF0
AlternateDataStreams: C:\ProgramData\Temp:6AF67671
AlternateDataStreams: C:\ProgramData\Temp:6BD304B9
AlternateDataStreams: C:\ProgramData\Temp:6BF0805F
AlternateDataStreams: C:\ProgramData\Temp:6E11933F
AlternateDataStreams: C:\ProgramData\Temp:6E90EDD7
AlternateDataStreams: C:\ProgramData\Temp:6FD26134
AlternateDataStreams: C:\ProgramData\Temp:70E897B5
AlternateDataStreams: C:\ProgramData\Temp:798A3728
AlternateDataStreams: C:\ProgramData\Temp:7C27C41C
AlternateDataStreams: C:\ProgramData\Temp:7EC01D6D
AlternateDataStreams: C:\ProgramData\Temp:814B9485
AlternateDataStreams: C:\ProgramData\Temp:865F21BF
AlternateDataStreams: C:\ProgramData\Temp:86A7B7DD
AlternateDataStreams: C:\ProgramData\Temp:8750DCE4
AlternateDataStreams: C:\ProgramData\Temp:87A3A233
AlternateDataStreams: C:\ProgramData\Temp:88C5973F
AlternateDataStreams: C:\ProgramData\Temp:8AA99C0C
AlternateDataStreams: C:\ProgramData\Temp:8B480195
AlternateDataStreams: C:\ProgramData\Temp:8DA9DB01
AlternateDataStreams: C:\ProgramData\Temp:8DD20B4A
AlternateDataStreams: C:\ProgramData\Temp:922DA2DB
AlternateDataStreams: C:\ProgramData\Temp:9254F782
AlternateDataStreams: C:\ProgramData\Temp:93226FE3
AlternateDataStreams: C:\ProgramData\Temp:93B0BB6F
AlternateDataStreams: C:\ProgramData\Temp:93B8F954
AlternateDataStreams: C:\ProgramData\Temp:94B25DF5
AlternateDataStreams: C:\ProgramData\Temp:9BFB769D
AlternateDataStreams: C:\ProgramData\Temp:9DF07E8F
AlternateDataStreams: C:\ProgramData\Temp:9E22BBE8
AlternateDataStreams: C:\ProgramData\Temp:A2FF94DF
AlternateDataStreams: C:\ProgramData\Temp:A4AF8D0D
AlternateDataStreams: C:\ProgramData\Temp:A6346EE9
AlternateDataStreams: C:\ProgramData\Temp:A6CDBCAC
AlternateDataStreams: C:\ProgramData\Temp:A78B31DD
AlternateDataStreams: C:\ProgramData\Temp:A819A132
AlternateDataStreams: C:\ProgramData\Temp:A9F13D2D
AlternateDataStreams: C:\ProgramData\Temp:AA60673F
AlternateDataStreams: C:\ProgramData\Temp:ABE89FFE
AlternateDataStreams: C:\ProgramData\Temp:ADE16379
AlternateDataStreams: C:\ProgramData\Temp:ADFAD95A
AlternateDataStreams: C:\ProgramData\Temp:B093E177
AlternateDataStreams: C:\ProgramData\Temp:B203B914
AlternateDataStreams: C:\ProgramData\Temp:B2DC8D6B
AlternateDataStreams: C:\ProgramData\Temp:B3942462
AlternateDataStreams: C:\ProgramData\Temp:B504E4C2
AlternateDataStreams: C:\ProgramData\Temp:B623B5B8
AlternateDataStreams: C:\ProgramData\Temp:BB24555F
AlternateDataStreams: C:\ProgramData\Temp:C0A2E219
AlternateDataStreams: C:\ProgramData\Temp:C0A9B815
AlternateDataStreams: C:\ProgramData\Temp:C7B98566
AlternateDataStreams: C:\ProgramData\Temp:CC7738DB
AlternateDataStreams: C:\ProgramData\Temp:CCB49694
AlternateDataStreams: C:\ProgramData\Temp:CDFF58FE
AlternateDataStreams: C:\ProgramData\Temp:CE0A077E
AlternateDataStreams: C:\ProgramData\Temp:CEE4A457
AlternateDataStreams: C:\ProgramData\Temp:D2D4B33E
AlternateDataStreams: C:\ProgramData\Temp:D4D3884D
AlternateDataStreams: C:\ProgramData\Temp:D8F9D810
AlternateDataStreams: C:\ProgramData\Temp:DCAF903C
AlternateDataStreams: C:\ProgramData\Temp:E027789A
AlternateDataStreams: C:\ProgramData\Temp:E1982A23
AlternateDataStreams: C:\ProgramData\Temp:E4FCDFD9
AlternateDataStreams: C:\ProgramData\Temp:EA701346
AlternateDataStreams: C:\ProgramData\Temp:ED92736E
AlternateDataStreams: C:\ProgramData\Temp:F4362715
AlternateDataStreams: C:\ProgramData\Temp:F4BF61E8
AlternateDataStreams: C:\ProgramData\Temp:F5E8CAE0
AlternateDataStreams: C:\ProgramData\Temp:F67AAFC5
AlternateDataStreams: C:\ProgramData\Temp:F81E7082
AlternateDataStreams: C:\ProgramData\Temp:FC60E0F8
AlternateDataStreams: C:\ProgramData\Temp:FDC41D2C
AlternateDataStreams: C:\ProgramData\Temp:FECEF728
AlternateDataStreams: C:\ProgramData\Temp:FED25C29
AlternateDataStreams: C:\ProgramData\Temp:FEEEFFAD
AlternateDataStreams: C:\Users\Jana\Downloads\AVE_MARIA_BACH_T76Jana-mix1.mp3:TOC.WMV
AlternateDataStreams: C:\Users\Jana\Downloads\O_MIO_BABBINO_CARO-MAIN.mp3:TOC.WMV
AlternateDataStreams: C:\Users\Jana\Documents\17 RusalkaJana.wav:TOC.WMV
AlternateDataStreams: C:\Users\Jana\Documents\Bel Raggio Lusinghier Jana.mp3:TOC.WMV
AlternateDataStreams: C:\Users\Jana\Documents\Connais tu le pays.mp3:TOC.WMV
AlternateDataStreams: C:\Users\Jana\Documents\Re_ Termine mit Emma in 2011.eml:OECustomProperty
AlternateDataStreams: C:\Users\Jana\Documents\Voi che sapete Jana.mp3:TOC.WMV
AlternateDataStreams: C:\Users\Jana\Documents\wennichdichliebenwill.mp3:TOC.WMV
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2058867259-2847588522-3491946613-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Jana\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
DNS Servers: 192.168.178.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AgereModemAudio => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: CLHNService => 2
MSCONFIG\Services: ePowerSvc => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NTI IScheduleSvc => 2
MSCONFIG\Services: NTIBackupSvc => 3
MSCONFIG\Services: NTISchedulerSvc => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Sony PC Companion => 3
MSCONFIG\Services: vToolbarUpdater18.1.9 => 2
MSCONFIG\startupreg: PDFPrint => C:\Program Files\PDF24\pdf24.exe
MSCONFIG\startupreg: tsnp2std => C:\Windows\tsnp2std.exe
==================== Accounts: =============================
Administrator (S-1-5-21-2058867259-2847588522-3491946613-500 - Administrator - Disabled)
Gast (S-1-5-21-2058867259-2847588522-3491946613-501 - Limited - Disabled)
Jana (S-1-5-21-2058867259-2847588522-3491946613-1000 - Administrator - Enabled) => C:\Users\Jana
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (03/25/2015 01:45:40 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: FreemakeUtilsService.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.ArgumentException
Stapel:
bei System.Security.Principal.SecurityIdentifier..ctor(System.String)
bei FreemakeUtilsService.Common.ToolbarInstallationChecker.GetSidToUsernameDictionary()
bei FreemakeUtilsService.Common.ToolbarInstallationChecker.CheckInfo(FreemakeUtilsService.Common.FreemakeToolbarsInfo)
bei FreemakeUtilsService.Statistics.Manager.StartToolbarInfoCheck()
bei FreemakeUtilsService.Statistics.Manager.SettingsSyncFailed(System.Object, System.EventArgs)
bei FreemakeUtilsService.Common.Synchronizer.OnWorkerCompleted(System.Object, System.ComponentModel.RunWorkerCompletedEventArgs)
bei System.ComponentModel.BackgroundWorker.OnRunWorkerCompleted(System.ComponentModel.RunWorkerCompletedEventArgs)
bei System.ComponentModel.BackgroundWorker.AsyncOperationCompleted(System.Object)
bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
bei System.Threading.ThreadPoolWorkQueue.Dispatch()
bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
Error: (03/25/2015 01:04:59 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm SoftwareUpdate.exe, Version 2.1.3.127 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen.
Prozess-ID: 13b0
Anfangszeit: 01d06671bb6dc0af
Zeitpunkt der Beendigung: 5
Error: (03/24/2015 08:11:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung iTunes.exe, Version 12.0.1.26, Zeitstempel 0x543e558b, fehlerhaftes Modul ole32.dll, Version 6.0.6002.18277, Zeitstempel 0x4c28d53e, Ausnahmecode 0xc0000005, Fehleroffset 0x00047456,
Prozess-ID 0xe7c, Anwendungsstartzeit iTunes.exe0.
Error: (03/24/2015 08:07:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung iTunes.exe, Version 12.0.1.26, Zeitstempel 0x543e558b, fehlerhaftes Modul CoreFP.dll, Version 2.7.39.0, Zeitstempel 0x5407fffb, Ausnahmecode 0xc0000005, Fehleroffset 0x00344f56,
Prozess-ID 0x234, Anwendungsstartzeit iTunes.exe0.
Error: (03/24/2015 02:44:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/24/2015 02:43:43 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (03/24/2015 02:43:43 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (03/24/2015 02:43:42 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (03/24/2015 02:43:42 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (03/23/2015 00:58:04 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service Wecsvc since QueryServiceConfig API failed
System Error:
Das System kann die angegebene Datei nicht finden.
System errors:
=============
Error: (03/25/2015 01:45:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Freemake Improver1
Error: (03/24/2015 04:42:26 PM) (Source: iaStor) (EventID: 9) (User: )
Description: Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet.
Error: (03/24/2015 02:46:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Google Update Service (gupdate)%%3
Error: (03/24/2015 02:44:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
Error: (03/22/2015 09:33:26 PM) (Source: iaStor) (EventID: 9) (User: )
Description: Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet.
Error: (03/22/2015 01:53:21 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Windows Update
Error: (03/22/2015 01:52:36 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000SENS
Error: (03/22/2015 01:50:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Google Update Service (gupdate)%%3
Error: (03/22/2015 01:50:13 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000SENS
Error: (03/22/2015 01:47:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Freemake Improver%%1053
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2015-03-25 15:29:07.731
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-25 15:29:06.904
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-25 15:29:06.108
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-25 15:29:05.203
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-25 15:29:03.987
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-25 15:29:03.191
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-25 15:29:02.146
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-25 15:29:01.288
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-25 15:28:21.380
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-25 15:28:20.584
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz
Percentage of memory in use: 72%
Total physical RAM: 3000.09 MB
Available physical RAM: 838.8 MB
Total Pagefile: 6232.45 MB
Available Pagefile: 3833.81 MB
Total Virtual: 2047.88 MB
Available Virtual: 1876.36 MB
==================== Drives ================================
Drive c: (ACER) (Fixed) (Total:223.12 GB) (Free:104.3 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 3C58EAD4)
Partition 1: (Not Active) - (Size=9.8 GB) - (Type=27)
Partition 2: (Active) - (Size=223.1 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
25.03.2015, 15:41
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | pup.optional.facemoods und trojanerwarnung avg Adware/Junkware/Toolbars entfernen Alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop! Virenscanner jetzt vor dem Einsatz dieser Tools bitte komplett deaktivieren! 1. Schritt: adwCleaner Downloade Dir bitte  AdwCleaner auf deinen Desktop.
2. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
3. Schritt: Frisches Log mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
25.03.2015, 23:02
| #5 |
| | pup.optional.facemoods und trojanerwarnung avg Ok, offenbar hatte ich irgendwas seltsames im Log stehen und bin unten durch, ich werd dann den Rechner am Wochenende neu aufsetzen. Logs hab ich dann gelöscht. Danke für die Hilfe soweit! Geändert von Tinette (25.03.2015 um 23:05 Uhr) Grund: eigene Dummheit... |
|
26.03.2015, 00:20
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | pup.optional.facemoods und trojanerwarnung avg wat wat wat  Wer sagt das, dass du unten durch seist? 
__________________ --> pup.optional.facemoods und trojanerwarnung avg |
|
26.03.2015, 00:50
| #7 |
| | pup.optional.facemoods und trojanerwarnung avg Hey, dank dir für die Antwort, ich hab inzwischen schon einiges runtergeschmissen und den adw quarantäne Ordner gelöscht um zu gucken, ob es was ändert, das JRT file hab ich jetzt nicht mehr, das neue ist leer, allein mit denen hier kannst du wahrscheinlich nichts mehr anfangen.. Sorry, ging nicht gegen dich - ich dachte, irgendwas ist - ich bin halt manchmal bissl begriffsstutzig Daher hab ich angefangen, schon mal Sachen runterzuhauen, die ich nicht mit sichern will und dachte mir halt, ich mach den Kleinen am Wochenende einfach platt und frisch... Das kann ich - den Rest leider nicht... War nicht bös gemeint FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015 Ran by Jana (administrator) on JANA-PC on 26-03-2015 00:20:20 Running from C:\Users\Jana\.tfo4\Desktop Loaded Profiles: Jana (Available profiles: Jana) Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 9 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe () C:\ProgramData\Avg_Update_0215av\AVG-Secure-Search-Update_0215av.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (CyberLink Corp.) C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink) C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe (Egis Technology Inc.) C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe (Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe (Egis Technology Inc.) C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Sonix) C:\Windows\vsnp2std.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe (Microsoft Corporation) C:\Windows\WindowsMobile\wmdSync.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Hidfind.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe () C:\Users\Jana\AppData\Roaming\Avg_Update_0215av\AVG-Secure-Search-Update_0215av.exe (Dropbox, Inc.) C:\Users\Jana\AppData\Roaming\Dropbox\bin\Dropbox.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Microsoft Corporation) C:\Windows\System32\sdclt.exe (Microsoft Corporation) C:\Program Files\Windows Live\Photo Gallery\WLXQuickTimeControlHost.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Malwarebytes Corporation) C:\Program Files\ MALWAREBYTES ANTI-MALWARE \mbam.exe (Malwarebytes Corporation) C:\Program Files\ MALWAREBYTES ANTI-MALWARE \mbamservice.exe (Malwarebytes Corporation) C:\Program Files\ MALWAREBYTES ANTI-MALWARE \mbamscheduler.exe (Farbar) C:\Users\Jana\.tfo4\Desktop\FRST(1).exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation) HKLM\...\Run: [ArcadeDeluxeAgent] => C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [156968 2009-01-21] (CyberLink Corp.) HKLM\...\Run: [CLMLServer] => C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe [202024 2009-01-21] (CyberLink) HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [204800 2009-02-24] (Alps Electric Co., Ltd.) HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\LManager.exe [1069576 2009-06-25] (Dritek System Inc.) HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe [440864 2009-06-23] (Acer Incorporated) HKLM\...\Run: [mwlDaemon] => C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [345384 2009-05-14] (Egis Technology Inc.) HKLM\...\Run: [snp2std] => C:\Windows\vsnp2std.exe [344064 2007-05-10] (Sonix) HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5188112 2014-12-16] (AVG Technologies CZ, s.r.o.) HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.) HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdSync.exe [215552 2008-01-21] (Microsoft Corporation) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2015-02-13] (Apple Inc.) HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.) Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X] HKU\S-1-5-21-2058867259-2847588522-3491946613-1000\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] => "C:\Program Files\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe" /PROMPT /CMPID=JUNE2013_TB HKU\S-1-5-21-2058867259-2847588522-3491946613-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation) HKU\S-1-5-21-2058867259-2847588522-3491946613-1000\...\Run: [AVG-Secure-Search-Update_0814tb] => "C:\Program Files\AVG Security Toolbar\AVG-Secure-Search-Update_0814tb.exe" /PROMPT /CMPID=0814tb HKU\S-1-5-21-2058867259-2847588522-3491946613-1000\...\Run: [AVG-Secure-Search-Update_1214av] => C:\Users\Jana\AppData\Roaming\Avg_Update_1214av\AVG-Secure-Search-Update_1214av.exe /PROMPT /mid=59650494993fe9a13e2609893a9013bd-d0f9add0c8c22f6c1392a307a4e945381b0f1cb0 /CMPID=1214av HKU\S-1-5-21-2058867259-2847588522-3491946613-1000\...\Run: [AVG-Secure-Search-Update_0215av] => C:\Users\Jana\AppData\Roaming\Avg_Update_0215av\AVG-Secure-Search-Update_0215av.exe [2794520 2015-02-17] () HKU\S-1-5-21-2058867259-2847588522-3491946613-1000\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.) HKU\S-1-5-21-2058867259-2847588522-3491946613-1000\...\MountPoints2: {03dd78ff-bc64-11e0-83ba-001f169a62b2} - E:\setup.exe AUTORUN=1 HKU\S-1-5-21-2058867259-2847588522-3491946613-1000\...\MountPoints2: {360ae716-75e5-11e2-9705-001f169a62b2} - E:\setup.exe -a HKU\S-1-5-21-2058867259-2847588522-3491946613-1000\...\MountPoints2: {d9a0688a-30cd-11e0-9745-001f169a62b2} - E:\setup.exe -a HKU\S-1-5-21-2058867259-2847588522-3491946613-1000\...\MountPoints2: {fbb7201f-c913-11e2-9382-001f169a62b2} - F:\Startme.exe HKU\S-1-5-21-2058867259-2847588522-3491946613-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\Acer.scr [413696 2009-01-22] (Acer) Startup: C:\Users\Jana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Jana\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jana\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jana\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jana\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll (Egis Technology Inc.) BootExecute: autocheck autochk * sdnclean.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0809&m=aspire_5738 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0809&m=aspire_5738 HKU\S-1-5-21-2058867259-2847588522-3491946613-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-2058867259-2847588522-3491946613-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0809&m=aspire_5738 HKU\S-1-5-21-2058867259-2847588522-3491946613-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com/ HKU\S-1-5-21-2058867259-2847588522-3491946613-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com HKU\S-1-5-21-2058867259-2847588522-3491946613-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie URLSearchHook: HKU\S-1-5-21-2058867259-2847588522-3491946613-1000 - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2058867259-2847588522-3491946613-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE355 BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-25] (Oracle Corporation) BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-25] (Oracle Corporation) Toolbar: HKLM - FireShot - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Program Files\FireShot for Internet Explorer\fsaddin-0.98.59.dll No File Toolbar: HKU\.DEFAULT -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0055-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File [] Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-09] (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL No File [] Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Jana\AppData\Roaming\Mozilla\Firefox\Profiles\1xru579m.default-1404185215601 FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-19] () FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1210150.dll [2014-03-11] (Adobe Systems, Inc.) FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] () FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-25] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-25] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.) FF Plugin: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2008-12-04] (Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation) FF Plugin: @Musicnotes.com/Musicnotes Viewer,version=1.18.9 -> C:\Program Files\Musicnotes\npmusicn.dll No File FF Plugin: @Sibelius.com/Scorch Plugin,version=6.2.0.88 -> C:\Program Files\Sibelius Software\Scorch\npsibelius.dll No File FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll No File FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll No File FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2014-11-05] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2014-11-05] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2014-11-05] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2014-11-05] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2014-11-05] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPSibelius.dll [2013-03-11] () FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\PDFNetC.dll [2010-03-31] (PDFTron Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\ScorchAxPlugin.dll [2010-04-08] () FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\ScorchPDFWrapper.dll [2010-04-08] () FF Extension: FireShot - C:\Users\Jana\AppData\Roaming\Mozilla\Firefox\Profiles\1xru579m.default-1404185215601\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2015-02-23] FF Extension: WOT - C:\Users\Jana\AppData\Roaming\Mozilla\Firefox\Profiles\1xru579m.default-1404185215601\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-07-01] FF Extension: ZenMate Security & Privacy VPN - C:\Users\Jana\AppData\Roaming\Mozilla\Firefox\Profiles\1xru579m.default-1404185215601\Extensions\firefox@zenmate.com.xpi [2014-12-04] FF Extension: Adblock Plus - C:\Users\Jana\AppData\Roaming\Mozilla\Firefox\Profiles\1xru579m.default-1404185215601\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-01] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-11-26] FF HKLM\...\Firefox\Extensions: [avg@igeared] - C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared FF HKLM\...\Firefox\Extensions: [firefox@gingersoftware.2.0.0.74.com] - C:\Program Files\Ginger\Mozilla\firefox@gingersoftware.2.0.0.74.com FF Extension: Ginger - Grammar and Spell Checker - C:\Program Files\Ginger\Mozilla\firefox@gingersoftware.2.0.0.74.com [2014-05-28] Chrome: ======= CHR HKLM\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2011-11-13] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3247120 2014-12-16] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [289328 2014-12-16] (AVG Technologies CZ, s.r.o.) S4 CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [75048 2008-12-18] () S4 ePowerSvc; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [707104 2009-06-23] (Acer Incorporated) S2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2014-12-03] (Freemake) [File not signed] S3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-03-12] (Hewlett-Packard Co.) [File not signed] R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 MWLService; C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-05-14] (Egis Technology Inc.) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [File not signed] S4 NTI IScheduleSvc; C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [61184 2009-04-11] (NewTech Infosystems, Inc.) S4 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [144632 2008-09-23] (NewTech Infosystems, Inc.) R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [File not signed] R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.) S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation) S2 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [X] S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [X] S3 Wecsvc; %SystemRoot%\system32\wecsvc.dll [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-30] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [200984 2014-07-21] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147736 2014-06-17] (AVG Technologies CZ, s.r.o.) R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-17] (AVG Technologies CZ, s.r.o.) R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [189720 2014-10-24] (AVG Technologies CZ, s.r.o.) R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [241944 2014-06-17] (AVG Technologies CZ, s.r.o.) R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [98584 2014-10-29] (AVG Technologies CZ, s.r.o.) R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-17] (AVG Technologies CZ, s.r.o.) R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [197400 2014-10-20] (AVG Technologies CZ, s.r.o.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-03-25] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation) R1 mwlPSDFilter; C:\Windows\System32\DRIVERS\mwlPSDFilter.sys [19504 2008-12-04] (Egis Incorporated.) R1 mwlPSDNServ; C:\Windows\System32\DRIVERS\mwlPSDNServ.sys [16432 2008-12-04] (Egis Incorporated.) R1 mwlPSDVDisk; C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys [59952 2008-12-04] (Egis Incorporated.) S3 SNP2STD; C:\Windows\System32\DRIVERS\snp2sxp.sys [12216064 2007-09-22] () S3 sscdbus; C:\Windows\System32\DRIVERS\sscdbus.sys [58352 2005-08-17] (MCCI) [File not signed] R1 StarOpen; C:\Windows\system32\Drivers\StarOpen.sys [5632 2006-07-24] () [File not signed] S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X] S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 motccgp; system32\DRIVERS\motccgp.sys [X] S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X] S3 motmodem; system32\DRIVERS\motmodem.sys [X] S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X] S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X] S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-25 16:56 - 2015-03-25 16:59 - 00035897 _____ () C:\Users\Jana\Downloads\FRST.txt 2015-03-25 16:56 - 2015-03-25 16:56 - 01135104 _____ (Farbar) C:\Users\Jana\Downloads\FRST.exe 2015-03-25 16:03 - 2015-03-25 16:04 - 01388782 _____ (Thisisu) C:\Users\Jana\Downloads\JRT.exe 2015-03-25 15:44 - 2015-03-25 15:44 - 02168320 _____ () C:\Users\Jana\Downloads\AdwCleaner_4.113.exe 2015-03-25 15:29 - 2015-03-25 16:59 - 00041033 _____ () C:\Users\Jana\Downloads\Addition.txt 2015-03-25 15:26 - 2015-03-26 00:20 - 00000000 ____D () C:\FRST 2015-03-25 14:42 - 2015-03-25 14:18 - 00005336 _____ () C:\logfile.tab 2015-03-25 14:19 - 2015-03-25 15:57 - 00000616 _____ () C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job 2015-03-25 14:19 - 2015-03-25 15:57 - 00000446 _____ () C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job 2015-03-25 14:18 - 2015-03-25 15:59 - 00000644 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job 2015-03-25 14:17 - 2015-03-25 14:17 - 00001974 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk 2015-03-25 14:17 - 2015-03-25 14:17 - 00001962 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk 2015-03-25 14:17 - 2015-03-25 14:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 2015-03-25 14:17 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe 2015-03-25 14:16 - 2015-03-25 15:22 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2 2015-03-25 13:35 - 2015-03-25 13:35 - 01203488 _____ () C:\Users\Jana\Downloads\SpyBot Search Destroy - CHIP-Installer.exe 2015-03-25 13:32 - 2015-03-25 22:57 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-03-25 13:29 - 2015-03-25 13:29 - 00000903 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-03-25 13:29 - 2015-03-25 13:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-03-25 13:28 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-03-25 13:28 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-03-25 13:28 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-03-25 01:18 - 2015-03-25 01:18 - 00001668 _____ () C:\Users\Public\Desktop\iTunes.lnk 2015-03-25 01:18 - 2015-03-25 01:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2015-03-25 01:11 - 2015-03-25 01:18 - 00000000 ____D () C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB 2015-03-25 01:11 - 2015-03-25 01:17 - 00000000 ____D () C:\Program Files\iTunes 2015-03-25 01:11 - 2015-03-25 01:11 - 00000000 ____D () C:\Program Files\iPod 2015-03-25 00:54 - 2015-03-25 00:54 - 00000691 _____ () C:\Users\Jana\Downloads\Mendelssohn__Felix__Hymn__WoO_15_En - Verknüpfung.lnk 2015-03-12 03:21 - 2015-01-29 02:35 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2015-03-12 03:20 - 2015-01-29 02:35 - 00975360 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2015-03-12 03:19 - 2015-02-26 01:18 - 02064384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-03-12 03:09 - 2015-02-20 03:03 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2015-03-12 03:09 - 2015-02-20 01:28 - 00296960 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2015-03-12 03:07 - 2015-02-26 03:01 - 03604408 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2015-03-12 03:07 - 2015-02-26 03:01 - 03552184 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-03-12 03:07 - 2015-01-21 03:02 - 00807936 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll 2015-03-12 03:07 - 2015-01-09 03:04 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-03-12 03:07 - 2015-01-09 01:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-03-12 03:06 - 2015-03-06 05:01 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-03-12 03:05 - 2014-10-13 02:12 - 02264064 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2015-03-12 03:04 - 2015-02-18 03:02 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2015-03-11 16:23 - 2015-02-21 18:37 - 12375040 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-03-11 16:23 - 2015-02-21 18:34 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-03-11 16:23 - 2015-02-21 18:29 - 09747968 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-03-11 16:23 - 2015-02-21 18:28 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-03-11 16:23 - 2015-02-21 18:22 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-03-11 16:23 - 2015-02-21 18:21 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-03-11 16:23 - 2015-02-21 18:21 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-03-11 16:23 - 2015-02-21 18:20 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2015-03-11 16:23 - 2015-02-21 18:20 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-03-11 16:23 - 2015-02-21 18:19 - 01803264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-03-11 16:23 - 2015-02-21 18:19 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-03-11 16:23 - 2015-02-21 18:19 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-03-11 16:23 - 2015-02-21 18:19 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-03-11 16:23 - 2015-02-21 18:19 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-03-11 16:23 - 2015-02-21 18:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-03-11 16:23 - 2015-02-21 18:18 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-03-11 16:23 - 2015-02-21 18:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-03-11 16:23 - 2015-02-21 18:18 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-03-11 16:23 - 2015-02-21 18:18 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2015-03-11 16:23 - 2015-02-21 18:18 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2015-03-11 16:23 - 2015-02-21 18:18 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2015-03-11 16:23 - 2015-02-21 18:17 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-02-27 09:27 - 2015-03-25 15:57 - 00000520 _____ () C:\Windows\Tasks\AVG_SYS_TASK_0215av.job 2015-02-27 09:27 - 2015-03-25 15:57 - 00000388 _____ () C:\Windows\Tasks\AVG_SYS_TASK_0215av_DELETE.job 2015-02-27 09:27 - 2015-02-27 09:27 - 00000000 ____D () C:\Users\Jana\AppData\Roaming\Avg_Update_0215av 2015-02-27 09:27 - 2015-02-27 09:27 - 00000000 ____D () C:\ProgramData\Avg_Update_0215av ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-26 00:03 - 2006-11-02 12:18 - 00000000 ___RD () C:\Users\Public 2015-03-25 23:57 - 2006-11-02 13:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2015-03-25 23:57 - 2006-11-02 13:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2015-03-25 23:46 - 2012-10-12 16:12 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-03-25 23:46 - 2010-02-07 12:53 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-03-25 23:04 - 2009-08-05 12:02 - 01286027 _____ () C:\Windows\WindowsUpdate.log 2015-03-25 21:46 - 2010-02-07 12:53 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-03-25 18:28 - 2010-11-13 14:50 - 00000000 ____D () C:\ProgramData\MFAData 2015-03-25 16:02 - 2011-08-18 11:04 - 00000000 ___RD () C:\Users\Jana\Dropbox 2015-03-25 16:02 - 2011-08-18 10:58 - 00000000 ____D () C:\Users\Jana\AppData\Roaming\Dropbox 2015-03-25 15:57 - 2014-08-26 18:45 - 00000364 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_0814tb_rmv.job 2015-03-25 15:57 - 2014-08-26 18:45 - 00000364 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_0814tb_rel.job 2015-03-25 15:57 - 2013-06-04 09:09 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job 2015-03-25 15:57 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-03-25 15:56 - 2012-12-18 21:14 - 00082248 _____ () C:\Windows\PFRO.log 2015-03-25 15:54 - 2006-11-02 14:01 - 00032626 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-03-25 15:23 - 2010-06-13 01:32 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2015-03-25 13:29 - 2012-01-03 21:44 - 00000000 ____D () C:\Program Files\ MALWAREBYTES ANTI-MALWARE 2015-03-25 13:29 - 2011-11-26 08:30 - 00000000 ____D () C:\Users\Jana\AppData\Roaming\Malwarebytes 2015-03-25 13:28 - 2011-11-26 08:30 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-03-25 10:33 - 2011-01-03 19:25 - 00000000 ____D () C:\ProgramData\Musicnotes 2015-03-25 01:11 - 2010-12-20 19:44 - 00000000 ____D () C:\Program Files\Common Files\Apple 2015-03-25 00:58 - 2013-08-21 08:12 - 00000000 ____D () C:\Users\Jana\Documents\Noten PDF 2015-03-24 20:29 - 2009-11-18 18:27 - 00031232 _____ () C:\Users\Jana\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-03-24 14:42 - 2012-04-25 20:43 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2015-03-23 20:11 - 2014-09-25 00:02 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2015-03-22 14:36 - 2014-06-28 13:54 - 00004028 _____ () C:\Windows\setupact.log 2015-03-22 07:08 - 2009-11-18 16:42 - 00000000 ____D () C:\Users\Jana 2015-03-21 11:29 - 2006-11-02 11:33 - 00006606 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-03-19 20:59 - 2014-06-15 17:05 - 00000000 ____D () C:\Users\Jana\AppData\Local\Adobe 2015-03-19 20:37 - 2012-04-12 05:51 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-03-19 20:37 - 2011-05-18 22:55 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2015-03-15 21:31 - 2013-04-08 10:19 - 00000000 ____D () C:\Users\Jana\Documents\Homepage 2015-03-15 21:28 - 2011-12-28 15:35 - 00014954 _____ () C:\Users\Jana\Documents\cvJana.odt 2015-03-12 03:41 - 2006-11-02 13:47 - 00353416 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-03-12 03:21 - 2009-03-12 04:11 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-03-12 03:19 - 2013-07-19 02:00 - 00000000 ____D () C:\Windows\system32\MRT 2015-03-12 03:10 - 2006-11-02 11:24 - 119837696 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2015-03-11 16:02 - 2011-08-18 10:58 - 00000000 ____D () C:\Users\Jana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-03-03 03:49 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET ==================== Files in the root of some directories ======= 2010-07-30 21:21 - 2015-01-16 14:05 - 0020520 _____ () C:\Program Files\init.dat 2013-06-25 21:06 - 2014-06-23 06:09 - 0003728 _____ () C:\Program Files\Mozilla Firefoxavg-secure-search.xml 2014-02-10 12:30 - 2014-02-10 12:32 - 0677244 _____ () C:\Users\Jana\AppData\Roaming\Scorch_Install.log 2009-11-18 16:51 - 2010-05-21 07:03 - 0000106 _____ () C:\Users\Jana\AppData\Roaming\wklnhst.dat 2010-04-23 15:20 - 2010-04-23 15:20 - 0000552 _____ () C:\Users\Jana\AppData\Local\d3d8caps.dat 2009-11-18 22:54 - 2014-12-07 00:16 - 0007052 _____ () C:\Users\Jana\AppData\Local\d3d9caps.dat 2009-11-18 18:27 - 2015-03-24 20:29 - 0031232 _____ () C:\Users\Jana\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2010-05-09 13:31 - 2012-05-27 16:03 - 0000000 _____ () C:\Users\Jana\AppData\Local\prvlcl.dat 2009-03-12 04:26 - 2009-08-05 12:17 - 0004536 _____ () C:\ProgramData\ArcadeDeluxe2.log 2010-06-22 21:19 - 2010-06-22 21:19 - 0000056 ____H () C:\ProgramData\ezsidmv.dat 2010-05-21 06:53 - 2010-05-21 07:02 - 0000360 _____ () C:\ProgramData\hpzinstall.log 2010-08-15 15:03 - 2010-12-20 21:06 - 0000000 _____ () C:\ProgramData\LauncherAccess.dt Files to move or delete: ==================== C:\Users\Jana\62868_Hama Webcam Metal Pro.exe C:\Users\Jana\setup.exe Some content of TEMP: ==================== C:\Users\Jana\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp8cloem.dll C:\Users\Jana\AppData\Local\Temp\Quarantine.exe C:\Users\Jana\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-03-25 16:06 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by Jana at 2015-03-26 00:21:57
Running from C:\Users\Jana\.tfo4\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
.NET Bildbearbeitung 2.0 (HKLM\...\{40164EEF-164E-4E39-8027-A80575676F8A}) (Version: 2.0.1 - Reben Studio&Aufnahmemedien C.M.Obrecht)
32 Bit HP CIO Components Installer (Version: 1.0.0 - Hewlett-Packard) Hidden
Acer Arcade Deluxe (HKLM\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 2.5.6121 - CyberLink Corp.)
Acer Arcade Deluxe (Version: 2.5.6121 - CyberLink Corp.) Hidden
Acer Backup Manager (HKLM\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 1.0.0.58 - NewTech Infosystems)
Acer eRecovery Management (HKLM\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.00.3008 - Acer Incorporated)
Acer GridVista (HKLM\...\GridVista) (Version: 2.72.317 - )
Acer PowerSmart Manager (HKLM\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 4.01.3016 - Acer Incorporated)
Acer Product Registration (HKLM\...\{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}) (Version: 3.0.0.10 - Acer Incorporated)
Acer ScreenSaver (HKLM\...\Acer Screensaver) (Version: 1.0.0.0226 - Acer)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)
Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version: - Agere Systems)
AIO_Scan (Version: 90.0.222.000 - Hewlett-Packard) Hidden
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.5.2015.101 - Alps Electric)
Amazon MP3-Downloader 1.0.9 (HKLM\...\Amazon MP3-Downloader) (Version: - )
Apple Application Support (32-Bit) (HKLM\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E1DB0812-2D60-43DB-AE09-6C7027D93B28}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4800 - AVG Technologies)
AVG 2014 (Version: 14.0.4311 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4800 - AVG Technologies) Hidden
Backup Manager Basic (Version: 1.0.0.58 - NewTech Infosystems) Hidden
Big Fish: Game Manager (HKLM\...\BFGC) (Version: 3.3.0.2 - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Gigabit NetLink Controller (HKLM\...\{9AF0B106-56F1-461B-A270-95BC1682E282}) (Version: 11.34.02 - Broadcom Corporation)
Choice Guard (Version: 1.2.87.0 - Microsoft Corporation) Hidden
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
dj_aio_corporate (Version: 90.0.222.000 - Hewlett-Packard) Hidden
DJ_AIO_Software_min (Version: 90.0.222.000 - Hewlett-Packard) Hidden
Dropbox (HKU\S-1-5-21-2058867259-2847588522-3491946613-1000\...\Dropbox) (Version: 3.2.9 - Dropbox, Inc.)
eSobi v2 (HKLM\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.3.000223 - esobi Inc.)
eSobi v2 (Version: 2.0.3.000223 - esobi Inc.) Hidden
Express Rip (HKLM\...\ExpressRip) (Version: - NCH Software)
Freemake Video Converter Version 4.1.5 (HKLM\...\Freemake Video Converter_is1) (Version: 4.1.5 - Ellora Assets Corporation)
Google Update Helper (Version: 1.3.23.9 - Google Inc.) Hidden
Grim Tales: Die Steinkönigin (HKLM\...\BFG-Grim Tales - Die Steinkoenigin) (Version: - )
Hama Webcam Metal Pro (HKLM\...\{75438C0E-9925-412E-AD85-D0E71C6CE2ED}) (Version: 5.7.19203.106 - Sonix)
HP Deskjet All-In-One Driver Software 9.0.A Corporate Edition (HKLM\...\{B2C61EBB-F47C-48ba-B375-27A40F8F48F7}) (Version: 9.0 - HP)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
iTunes (HKLM\...\{3A9FE6B1-EE7F-40AC-B831-AC7C9ABB58A0}) (Version: 12.1.1.4 - Apple Inc.)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java(TM) 6 Update 18 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216018F0}) (Version: 6.0.180 - Sun Microsystems, Inc.)
JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Launch Manager (HKLM\...\LManager) (Version: 2.0.10 - Acer Inc.)
LightBox Free Image Editor (HKLM\...\LightBox Free Image Editor) (Version: - )
Mahjong Escape Ancient China (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}) (Version: - Oberon Media)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{62F7DA7E-CCCB-439C-A760-00C3926E761F}) (Version: 9.7.0621 - Microsoft Corporation)
MotoHelper MergeModules (Version: 1.2.0 - Motorola) Hidden
Mozilla Firefox 36.0.4 (x86 de) (HKLM\...\Mozilla Firefox 36.0.4 (x86 de)) (Version: 36.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Musicnotes Software Suite 1.5.3 (HKLM\...\Musicnotes Combined Installer_is1) (Version: 1.5.3 - Musicnotes Inc.)
MyWinLocker (HKLM\...\{68301905-2DEA-41CE-A4D4-E8B443B099BA}) (Version: 3.1.59.0 - Egis Technology Inc.)
Naviextras Toolbox (HKLM\...\Naviextras Toolbox) (Version: 3.18.3.412849 - NNG Llc.)
Naviextras Toolbox Prerequesities (HKLM\...\{537575D6-3B96-474C-BD8F-DFF667363DBD}) (Version: 1.0.0 - NNG Llc.)
NTI Backup Now 5 (HKLM\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.616 - NewTech Infosystems)
NTI Backup Now Standard (Version: 5.1.2.616 - NewTech Infosystems) Hidden
Ocean Express (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111232687}) (Version: - Oberon Media)
OpenOffice 4.1.0 (HKLM\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation)
Opera 12.17 (HKLM\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
Orion (HKLM\...\{5B63A470-9334-44D1-AF61-6CE2DB565AE9}) (Version: 2.5.0 - Convesoft)
PDF24 Creator 6.9.1 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: 6.0.6000.20113 - Realtek Semiconductor Corp.)
Samsung PC Studio 3 (Version: 3.0.0.80502 - Samsung Electronics Co., Ltd.) Hidden
Scan (Version: 9.0.0.0 - Hewlett-Packard) Hidden
SeaMonkey 2.32.1 (x86 de) (HKLM\...\SeaMonkey 2.32.1 (x86 de)) (Version: 2.32.1 - Mozilla)
Sibelius Scorch (Firefox, Opera, Netscape, Chrome only) (HKLM\...\{41626CC0-A854-4402-AD06-D7939515C282}) (Version: 6.2.0 - Sibelius Software, a division of Avid Technology, Inc.)
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Tod in Rumänien: Ein Dana Knightstone Roman Sammleredition (HKLM\...\BFG-Tod in Rumaenien - Ein Dana Knightstone Roman Sammleredition) (Version: - )
Toolbox (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Tri-Peaks Solitaire To Go (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111205743}) (Version: - Oberon Media)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WavePad Sound Editor (HKLM\...\WavePad) (Version: - NCH Software)
Windows Live Anmelde-Assistent (HKLM\...\{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}) (Version: 5.000.818.6 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{8C1E2925-14F8-45AA-B999-1E2A74BF5607}) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2058867259-2847588522-3491946613-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Jana\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2058867259-2847588522-3491946613-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Jana\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2058867259-2847588522-3491946613-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jana\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2058867259-2847588522-3491946613-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jana\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2058867259-2847588522-3491946613-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jana\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2058867259-2847588522-3491946613-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jana\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2058867259-2847588522-3491946613-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jana\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2058867259-2847588522-3491946613-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jana\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2058867259-2847588522-3491946613-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jana\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2058867259-2847588522-3491946613-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jana\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
==================== Restore Points =========================
12-03-2015 03:00:52 Windows Update
14-03-2015 01:01:17 Geplanter Prüfpunkt
15-03-2015 00:00:08 Geplanter Prüfpunkt
16-03-2015 00:33:40 Geplanter Prüfpunkt
18-03-2015 23:37:57 Geplanter Prüfpunkt
20-03-2015 00:34:03 Geplanter Prüfpunkt
21-03-2015 00:04:49 Geplanter Prüfpunkt
23-03-2015 00:57:26 Geplanter Prüfpunkt
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 11:23 - 2013-08-26 09:07 - 00450573 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
There are 1000 more lines.
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {034223B4-3C8F-4DAF-8322-AE3DAA63272B} - System32\Tasks\{D7EDA30A-839F-4ED7-9315-76A04234245A} => pcalua.exe -a "C:\Program Files\Acer GameZone\Parking Dash\Uninstall.exe" -c "C:\Program Files\Acer GameZone\Parking Dash\install.log"
Task: {0DC572EC-2E18-496A-BA4D-87EBE7E3F2B0} - System32\Tasks\{9394FD75-4F7F-4C95-BB7E-11E799A66C92} => pcalua.exe -a "C:\Program Files\Common Files\Motorola Shared\MotPCSDrivers\Motorola Driver Installer.exe" -d "C:\Program Files\Common Files\Motorola Shared\MotPCSDrivers\"
Task: {0EC075A9-73B8-4581-AF47-20522CBFF2DF} - System32\Tasks\{E98132D1-65D2-4010-97B9-59945DFABB3F} => pcalua.exe -a "C:\Program Files\Acer GameZone\Tradewinds 2\Uninstall.exe" -c "C:\Program Files\Acer GameZone\Tradewinds 2\install.log"
Task: {15353136-507E-462F-BC75-234D2A8E3FDB} - System32\Tasks\{77CA31E2-AFE5-4B90-B0B5-E882F17F63FB} => pcalua.exe -a "C:\Program Files\bfgclient\Uninstall.exe"
Task: {1AA453F0-4729-4C17-99A2-C3905520FF18} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: {4AE90059-B89F-4E05-B224-8C00F69C5E6D} - System32\Tasks\{4E2F7CAF-247E-4330-92E9-E55D74900F8F} => C:\Program Files\Skype\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.)
Task: {4DF43397-4F74-472F-A01F-A184CDCD056A} - System32\Tasks\Refresh immunization (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {570079E8-1123-492A-8C63-6F62CFB13879} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: {596DF877-1496-49E2-9EE3-378C16F496E7} - System32\Tasks\AVG-Secure-Search-Update_0814tb_rel => C:\Program Files\AVG Security Toolbar\AVG-Secure-Search-Update_0814tb.exe
Task: {5E907BF7-2EB8-43CD-9934-9F984AEBA815} - System32\Tasks\NCH Swift Sound\wavepadShakeIcon => C:\Program Files\NCH Swift Sound\WavePad\WavePad.exe [2010-07-30] (NCH Software)
Task: {6A39A20B-ADA2-45BA-8CC5-DFF993AD0ED4} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {71A0B785-C030-41F0-A91D-D7F1CAA44C2A} - System32\Tasks\Scan the system (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
Task: {765C12A1-B6EE-40F2-91D0-E67FB5E72403} - System32\Tasks\AVG_SYS_TASK_0215av => C:\ProgramData\Avg_Update_0215av\AVG-Secure-Search-Update_0215av.exe [2015-02-17] ()
Task: {7DD8296F-2119-46B3-B43E-D29AA0AD657A} - System32\Tasks\Egis technology-Online-Aktualisierungsprogramm => C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe [2009-05-13] (Egis Technology Inc.)
Task: {82C5BEAA-329E-41D5-815E-2E152CDB290E} - System32\Tasks\MotoHelper MUM => C:\Program Files\Motorola\MotoHelper\MotoHelperUpdate.exe
Task: {920B4ED2-A12E-46E2-835E-15FBE9C6CD20} - System32\Tasks\AVG_SYS_TASK_0215av_DELETE => C:\ProgramData\Avg_Update_0215av\AVG-Secure-Search-Update_0215av.exe [2015-02-17] ()
Task: {960BBB13-9A23-4F75-B88C-CF48CF324A0F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-19] (Adobe Systems Incorporated)
Task: {96A59E9A-2AF8-473D-B682-E27A26F15E6C} - System32\Tasks\{C4C379BC-CE78-4407-AD9A-11CCC098E7E8} => pcalua.exe -a "C:\Program Files\Acer GameZone\Ocean Express\Uninstall.exe" -c "C:\Program Files\Acer GameZone\Ocean Express\install.log"
Task: {98E64647-10D7-45CC-BE20-BAD6638061A1} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Jana => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)
Task: {A2EA67EE-9389-4D9D-91D9-61EF2F4945D1} - System32\Tasks\{1A326743-0AA0-45F4-BB30-F8BB4ECE2E83} => pcalua.exe -a "C:\Program Files\Acer GameZone\Turbo Pizza\Uninstall.exe" -c "C:\Program Files\Acer GameZone\Turbo Pizza\install.log"
Task: {A33C5FE3-9589-413B-934F-7E25628F2B76} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {AB090CF3-5AC0-44C5-880F-84A83CA06359} - System32\Tasks\MotoHelper Routing => C:\Program Files\Motorola\MotoHelper\MotoHelperUpdate.exe
Task: {B332CC14-4EB5-4418-A1FC-C65A06916769} - System32\Tasks\{72B49BE9-BB14-49C4-AD86-43849CB95F1D} => pcalua.exe -a "C:\Program Files\Acer GameZone\Wedding Dash\Uninstall.exe" -c "C:\Program Files\Acer GameZone\Wedding Dash\install.log"
Task: {B386ABEF-1BD0-44C9-B47B-A895E06E79D7} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{A939717C-2C0B-4808-A29B-E65781C2E71E}.exe
Task: {B563FCCE-0EC8-414A-8163-0AF6BDD46EE5} - System32\Tasks\Check for updates (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {C72841EF-871D-47AE-9C50-444E72E03C89} - System32\Tasks\{F3AA552E-9274-46F3-8E57-328627C3E121} => pcalua.exe -a "C:\Program Files\Acer GameZone\Tri-Peaks Solitaire To Go\Uninstall.exe" -c "C:\Program Files\Acer GameZone\Tri-Peaks Solitaire To Go\install.log"
Task: {DD812B53-3753-4776-A784-964280C20F6A} - System32\Tasks\{FB0574A4-2DF1-437C-BD3A-0A160A7260D8} => pcalua.exe -a C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\8\INTEL3~1\IDriver.exe -c /M{D48C9BFC-FBCF-4F29-B97D-822ED6D497FE}
Task: {DF05967E-6520-4845-896B-22D6CC01969F} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2014-12-17] (Oracle Corporation)
Task: {DFD42890-F1C5-4976-9757-84C7492A3564} - System32\Tasks\{9AE4F6EC-C735-4246-BB1C-F531D731864C} => pcalua.exe -a "C:\Program Files\Acer GameZone\Luxor 2\Uninstall.exe" -c "C:\Program Files\Acer GameZone\Luxor 2\install.log"
Task: {E7C37B0C-58B2-431E-9F41-CB3B42551582} - System32\Tasks\MotoHelper Update => C:\Program Files\Motorola\MotoHelper\MotoHelperUpdate.exe
Task: {F1FC336B-CBCE-4BF2-9B1A-E91B1A0F0618} - System32\Tasks\MotoHelper Initial Update => C:\Program Files\Motorola\MotoHelper\MotoHelperUpdate.exe
Task: {F637AB4E-1A37-417B-A0DF-09436BAD9D0A} - System32\Tasks\{1FEA2CBF-E282-4C18-9E27-D1D616861DF3} => pcalua.exe -a "C:\Program Files\Acer GameZone\Mahjong Escape Ancient China\Uninstall.exe" -c "C:\Program Files\Acer GameZone\Mahjong Escape Ancient China\install.log"
Task: {F6AA2A58-CCC2-44C0-974B-5DB76D4658B6} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {F9E24EF6-A1E5-4B82-B8D9-E2EDA317F141} - System32\Tasks\BFGLaunch_bfgclient => C:\Program Files\bfgclient\bfgclient.exe
Task: {FE7BDB05-B2F1-43EF-BE96-0FA20245019D} - System32\Tasks\AVG-Secure-Search-Update_0814tb_rmv => C:\Program Files\AVG Security Toolbar\AVG-Secure-Search-Update_0814tb.exe
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_0814tb_rel.job => C:\Program Files\AVG Security Toolbar\AVG-Secure-Search-Update_0814tb.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_0814tb_rmv.job => C:\Program Files\AVG Security Toolbar\AVG-Secure-Search-Update_0814tb.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{A939717C-2C0B-4808-A29B-E65781C2E71E}.exe <==== ATTENTION
Task: C:\Windows\Tasks\AVG_SYS_TASK_0215av.job => C:\ProgramData\Avg_Update_0215av\AVG-Secure-Search-Update_0215av.exe
Task: C:\Windows\Tasks\AVG_SYS_TASK_0215av_DELETE.job => C:\ProgramData\Avg_Update_0215av\AVG-Secure-Search-Update_0215av.exe
Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
==================== Loaded Modules (whitelisted) ==============
2015-02-27 09:27 - 2015-02-17 15:16 - 02794520 _____ () C:\ProgramData\Avg_Update_0215av\AVG-Secure-Search-Update_0215av.exe
2009-01-21 00:41 - 2009-01-21 00:41 - 00872448 _____ () C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMediaLibrary.dll
2009-01-21 00:41 - 2009-01-21 00:41 - 00007680 _____ () C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvcPS.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 04:20 - 2015-02-13 04:20 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-03-25 14:17 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-03-25 14:17 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2015-03-25 14:17 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-03-25 14:17 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2015-03-25 14:17 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2009-08-05 20:43 - 2003-06-07 22:30 - 00057344 _____ () C:\Program Files\Launch Manager\PowerUtl.dll
2015-02-27 09:27 - 2015-02-17 15:16 - 02794520 _____ () C:\Users\Jana\AppData\Roaming\Avg_Update_0215av\AVG-Secure-Search-Update_0215av.exe
2015-03-04 23:08 - 2015-03-04 23:08 - 00750080 _____ () C:\Users\Jana\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-25 16:02 - 2015-03-25 16:02 - 00043008 _____ () c:\users\jana\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp8cloem.dll
2015-03-04 23:08 - 2015-03-04 23:08 - 00047616 _____ () C:\Users\Jana\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 23:08 - 2015-03-04 23:08 - 00865280 _____ () C:\Users\Jana\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 23:07 - 2015-03-04 23:07 - 00200704 _____ () C:\Users\Jana\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:04BC9A2C
AlternateDataStreams: C:\ProgramData\Temp:0860D6D6
AlternateDataStreams: C:\ProgramData\Temp:0B4227B4
AlternateDataStreams: C:\ProgramData\Temp:0F3F6B1E
AlternateDataStreams: C:\ProgramData\Temp:1234ADAE
AlternateDataStreams: C:\ProgramData\Temp:131C0EE9
AlternateDataStreams: C:\ProgramData\Temp:178093AE
AlternateDataStreams: C:\ProgramData\Temp:17C48B08
AlternateDataStreams: C:\ProgramData\Temp:18897B1D
AlternateDataStreams: C:\ProgramData\Temp:260575F1
AlternateDataStreams: C:\ProgramData\Temp:2C678471
AlternateDataStreams: C:\ProgramData\Temp:2C86E2AD
AlternateDataStreams: C:\ProgramData\Temp:2CA4B471
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
AlternateDataStreams: C:\ProgramData\Temp:2F141B68
AlternateDataStreams: C:\ProgramData\Temp:302ECBD6
AlternateDataStreams: C:\ProgramData\Temp:3064D21D
AlternateDataStreams: C:\ProgramData\Temp:315B4A13
AlternateDataStreams: C:\ProgramData\Temp:32AE8659
AlternateDataStreams: C:\ProgramData\Temp:331B7520
AlternateDataStreams: C:\ProgramData\Temp:33384BC0
AlternateDataStreams: C:\ProgramData\Temp:35759C73
AlternateDataStreams: C:\ProgramData\Temp:363E775E
AlternateDataStreams: C:\ProgramData\Temp:3B3A35EC
AlternateDataStreams: C:\ProgramData\Temp:3D887DCC
AlternateDataStreams: C:\ProgramData\Temp:3E06C78F
AlternateDataStreams: C:\ProgramData\Temp:3E8A3E87
AlternateDataStreams: C:\ProgramData\Temp:41099CE9
AlternateDataStreams: C:\ProgramData\Temp:48977386
AlternateDataStreams: C:\ProgramData\Temp:490BCC52
AlternateDataStreams: C:\ProgramData\Temp:4F636E25
AlternateDataStreams: C:\ProgramData\Temp:5080697C
AlternateDataStreams: C:\ProgramData\Temp:52E1DB1D
AlternateDataStreams: C:\ProgramData\Temp:57176330
AlternateDataStreams: C:\ProgramData\Temp:57EE48CA
AlternateDataStreams: C:\ProgramData\Temp:5A2E8BBF
AlternateDataStreams: C:\ProgramData\Temp:5B4686D7
AlternateDataStreams: C:\ProgramData\Temp:5C353220
AlternateDataStreams: C:\ProgramData\Temp:5C9A6C78
AlternateDataStreams: C:\ProgramData\Temp:60AC3BC3
AlternateDataStreams: C:\ProgramData\Temp:614F17D3
AlternateDataStreams: C:\ProgramData\Temp:663B62CA
AlternateDataStreams: C:\ProgramData\Temp:67BA17B9
AlternateDataStreams: C:\ProgramData\Temp:69F562A6
AlternateDataStreams: C:\ProgramData\Temp:69FD6BF0
AlternateDataStreams: C:\ProgramData\Temp:6AF67671
AlternateDataStreams: C:\ProgramData\Temp:6BD304B9
AlternateDataStreams: C:\ProgramData\Temp:6BF0805F
AlternateDataStreams: C:\ProgramData\Temp:6E11933F
AlternateDataStreams: C:\ProgramData\Temp:6E90EDD7
AlternateDataStreams: C:\ProgramData\Temp:6FD26134
AlternateDataStreams: C:\ProgramData\Temp:70E897B5
AlternateDataStreams: C:\ProgramData\Temp:798A3728
AlternateDataStreams: C:\ProgramData\Temp:7C27C41C
AlternateDataStreams: C:\ProgramData\Temp:7EC01D6D
AlternateDataStreams: C:\ProgramData\Temp:814B9485
AlternateDataStreams: C:\ProgramData\Temp:865F21BF
AlternateDataStreams: C:\ProgramData\Temp:86A7B7DD
AlternateDataStreams: C:\ProgramData\Temp:8750DCE4
AlternateDataStreams: C:\ProgramData\Temp:87A3A233
AlternateDataStreams: C:\ProgramData\Temp:88C5973F
AlternateDataStreams: C:\ProgramData\Temp:8AA99C0C
AlternateDataStreams: C:\ProgramData\Temp:8B480195
AlternateDataStreams: C:\ProgramData\Temp:8DA9DB01
AlternateDataStreams: C:\ProgramData\Temp:8DD20B4A
AlternateDataStreams: C:\ProgramData\Temp:922DA2DB
AlternateDataStreams: C:\ProgramData\Temp:9254F782
AlternateDataStreams: C:\ProgramData\Temp:93226FE3
AlternateDataStreams: C:\ProgramData\Temp:93B0BB6F
AlternateDataStreams: C:\ProgramData\Temp:93B8F954
AlternateDataStreams: C:\ProgramData\Temp:94B25DF5
AlternateDataStreams: C:\ProgramData\Temp:9BFB769D
AlternateDataStreams: C:\ProgramData\Temp:9DF07E8F
AlternateDataStreams: C:\ProgramData\Temp:9E22BBE8
AlternateDataStreams: C:\ProgramData\Temp:A2FF94DF
AlternateDataStreams: C:\ProgramData\Temp:A4AF8D0D
AlternateDataStreams: C:\ProgramData\Temp:A6346EE9
AlternateDataStreams: C:\ProgramData\Temp:A6CDBCAC
AlternateDataStreams: C:\ProgramData\Temp:A78B31DD
AlternateDataStreams: C:\ProgramData\Temp:A819A132
AlternateDataStreams: C:\ProgramData\Temp:A9F13D2D
AlternateDataStreams: C:\ProgramData\Temp:AA60673F
AlternateDataStreams: C:\ProgramData\Temp:ABE89FFE
AlternateDataStreams: C:\ProgramData\Temp:ADE16379
AlternateDataStreams: C:\ProgramData\Temp:ADFAD95A
AlternateDataStreams: C:\ProgramData\Temp:B093E177
AlternateDataStreams: C:\ProgramData\Temp:B203B914
AlternateDataStreams: C:\ProgramData\Temp:B2DC8D6B
AlternateDataStreams: C:\ProgramData\Temp:B3942462
AlternateDataStreams: C:\ProgramData\Temp:B504E4C2
AlternateDataStreams: C:\ProgramData\Temp:B623B5B8
AlternateDataStreams: C:\ProgramData\Temp:BB24555F
AlternateDataStreams: C:\ProgramData\Temp:C0A2E219
AlternateDataStreams: C:\ProgramData\Temp:C0A9B815
AlternateDataStreams: C:\ProgramData\Temp:C7B98566
AlternateDataStreams: C:\ProgramData\Temp:CC7738DB
AlternateDataStreams: C:\ProgramData\Temp:CCB49694
AlternateDataStreams: C:\ProgramData\Temp:CDFF58FE
AlternateDataStreams: C:\ProgramData\Temp:CE0A077E
AlternateDataStreams: C:\ProgramData\Temp:CEE4A457
AlternateDataStreams: C:\ProgramData\Temp:D2D4B33E
AlternateDataStreams: C:\ProgramData\Temp:D4D3884D
AlternateDataStreams: C:\ProgramData\Temp:D8F9D810
AlternateDataStreams: C:\ProgramData\Temp:DCAF903C
AlternateDataStreams: C:\ProgramData\Temp:E027789A
AlternateDataStreams: C:\ProgramData\Temp:E1982A23
AlternateDataStreams: C:\ProgramData\Temp:E4FCDFD9
AlternateDataStreams: C:\ProgramData\Temp:EA701346
AlternateDataStreams: C:\ProgramData\Temp:ED92736E
AlternateDataStreams: C:\ProgramData\Temp:F4362715
AlternateDataStreams: C:\ProgramData\Temp:F4BF61E8
AlternateDataStreams: C:\ProgramData\Temp:F5E8CAE0
AlternateDataStreams: C:\ProgramData\Temp:F67AAFC5
AlternateDataStreams: C:\ProgramData\Temp:F81E7082
AlternateDataStreams: C:\ProgramData\Temp:FC60E0F8
AlternateDataStreams: C:\ProgramData\Temp:FDC41D2C
AlternateDataStreams: C:\ProgramData\Temp:FECEF728
AlternateDataStreams: C:\ProgramData\Temp:FED25C29
AlternateDataStreams: C:\ProgramData\Temp:FEEEFFAD
AlternateDataStreams: C:\Users\Jana\Downloads\AVE_MARIA_BACH_T76Jana-mix1.mp3:TOC.WMV
AlternateDataStreams: C:\Users\Jana\Downloads\O_MIO_BABBINO_CARO-MAIN.mp3:TOC.WMV
AlternateDataStreams: C:\Users\Jana\Documents\17 RusalkaJana.wav:TOC.WMV
AlternateDataStreams: C:\Users\Jana\Documents\Bel Raggio Lusinghier Jana.mp3:TOC.WMV
AlternateDataStreams: C:\Users\Jana\Documents\Connais tu le pays.mp3:TOC.WMV
AlternateDataStreams: C:\Users\Jana\Documents\Re_ Termine mit Emma in 2011.eml:OECustomProperty
AlternateDataStreams: C:\Users\Jana\Documents\Voi che sapete Jana.mp3:TOC.WMV
AlternateDataStreams: C:\Users\Jana\Documents\wennichdichliebenwill.mp3:TOC.WMV
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2058867259-2847588522-3491946613-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Jana\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
DNS Servers: 192.168.178.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AgereModemAudio => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: CLHNService => 2
MSCONFIG\Services: ePowerSvc => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NTI IScheduleSvc => 2
MSCONFIG\Services: NTIBackupSvc => 3
MSCONFIG\Services: NTISchedulerSvc => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Sony PC Companion => 3
MSCONFIG\Services: vToolbarUpdater18.1.9 => 2
MSCONFIG\startupreg: PDFPrint => C:\Program Files\PDF24\pdf24.exe
MSCONFIG\startupreg: tsnp2std => C:\Windows\tsnp2std.exe
==================== Accounts: =============================
Administrator (S-1-5-21-2058867259-2847588522-3491946613-500 - Administrator - Disabled)
Gast (S-1-5-21-2058867259-2847588522-3491946613-501 - Limited - Disabled)
Jana (S-1-5-21-2058867259-2847588522-3491946613-1000 - Administrator - Enabled) => C:\Users\Jana
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (03/25/2015 06:14:03 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm WLXPhotoGallery.exe, Version 14.0.8051.1204 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen.
Prozess-ID: 808
Anfangszeit: 01d0671e7be8f403
Zeitpunkt der Beendigung: 79
System errors:
=============
Error: (03/25/2015 04:27:12 PM) (Source: iaStor) (EventID: 9) (User: )
Description: Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet.
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2015-03-26 00:22:48.324
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-26 00:22:47.458
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-26 00:22:46.563
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-26 00:22:44.793
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-26 00:22:33.742
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-26 00:22:31.788
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-26 00:22:30.909
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-26 00:22:29.656
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-26 00:22:28.523
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-26 00:22:27.519
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz
Percentage of memory in use: 40%
Total physical RAM: 3000.09 MB
Available physical RAM: 1785 MB
Total Pagefile: 6224.45 MB
Available Pagefile: 4408.23 MB
Total Virtual: 2047.88 MB
Available Virtual: 1885.77 MB
==================== Drives ================================
Drive c: (ACER) (Fixed) (Total:223.12 GB) (Free:107.57 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 3C58EAD4)
Partition 1: (Not Active) - (Size=9.8 GB) - (Type=27)
Partition 2: (Active) - (Size=223.1 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
26.03.2015, 00:55
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | pup.optional.facemoods und trojanerwarnung avg Versteh immer noch was du da meinst. Ist das der Grund, dass du die Logs von adwCleaner und JRT nicht postest?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.03.2015, 01:29
| #9 |
| | pup.optional.facemoods und trojanerwarnung avg nee, die hab ich nicht mehr, die sind mit dem temporären Ordner runtergeflogen  und als ich gerade den jrt nochmal laufen liess war Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.6 (03.22.2015:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Jana on 26.03.2015 at 0:31:03,55
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26.03.2015 at 0:36:02,31
End of JRT log
den adw cleaner hab ich nicht nochmal laufen lassen fällt mir auf, hängt das so zusammen? ich dachte, ich hab beim Rumgelösche einfach alles gekillt, was Infos gibt (was ja nicht heisst, dass es weg ist) Code:
ATTFilter # AdwCleaner v4.113 - Bericht erstellt 26/03/2015 um 01:10:25
# Aktualisiert 22/03/2015 von Xplode
# Datenbank : 2015-03-22.2 [Lokal]
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (x86)
# Benutzername : Jana - JANA-PC
# Gestarted von : C:\Users\Jana\Downloads\AdwCleaner_4.113(1).exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Geplante Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Internetbrowser ] *****
-\\ Internet Explorer v9.0.8112.16633
-\\ Mozilla Firefox v36.0.4 (x86 de)
*************************
AdwCleaner[R1].txt - [799 Bytes] - [26/03/2015 01:07:07]
AdwCleaner[S1].txt - [722 Bytes] - [26/03/2015 01:10:25]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [780 Bytes] ##########
Und nicht zum "Verstecken", ich hatte es ja vorher auch gepostet und dachte auch, ich hätte es irgendwo gebunkert. Ich hab es aber offenbar temporär abgelegt, also ist's weg. Also bleibt wahrscheinlich eh nur: neu aufsetzen Tut mir leid um deine Zeit und Geduld, aber ich schick euch auf jeden Fall ne Spende |
|
26.03.2015, 10:12
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | pup.optional.facemoods und trojanerwarnung avg FRST-Fix Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft! Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter URLSearchHook: HKU\S-1-5-21-2058867259-2847588522-3491946613-1000 - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{A939717C-2C0B-4808-A29B-E65781C2E71E}.exe <==== ATTENTION
C:\Users\Jana\62868_Hama Webcam Metal Pro.exe
C:\Users\Jana\setup.exe
AlternateDataStreams: C:\ProgramData\Temp:04BC9A2C
AlternateDataStreams: C:\ProgramData\Temp:0860D6D6
AlternateDataStreams: C:\ProgramData\Temp:0B4227B4
AlternateDataStreams: C:\ProgramData\Temp:0F3F6B1E
AlternateDataStreams: C:\ProgramData\Temp:1234ADAE
AlternateDataStreams: C:\ProgramData\Temp:131C0EE9
AlternateDataStreams: C:\ProgramData\Temp:178093AE
AlternateDataStreams: C:\ProgramData\Temp:17C48B08
AlternateDataStreams: C:\ProgramData\Temp:18897B1D
AlternateDataStreams: C:\ProgramData\Temp:260575F1
AlternateDataStreams: C:\ProgramData\Temp:2C678471
AlternateDataStreams: C:\ProgramData\Temp:2C86E2AD
AlternateDataStreams: C:\ProgramData\Temp:2CA4B471
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
AlternateDataStreams: C:\ProgramData\Temp:2F141B68
AlternateDataStreams: C:\ProgramData\Temp:302ECBD6
AlternateDataStreams: C:\ProgramData\Temp:3064D21D
AlternateDataStreams: C:\ProgramData\Temp:315B4A13
AlternateDataStreams: C:\ProgramData\Temp:32AE8659
AlternateDataStreams: C:\ProgramData\Temp:331B7520
AlternateDataStreams: C:\ProgramData\Temp:33384BC0
AlternateDataStreams: C:\ProgramData\Temp:35759C73
AlternateDataStreams: C:\ProgramData\Temp:363E775E
AlternateDataStreams: C:\ProgramData\Temp:3B3A35EC
AlternateDataStreams: C:\ProgramData\Temp:3D887DCC
AlternateDataStreams: C:\ProgramData\Temp:3E06C78F
AlternateDataStreams: C:\ProgramData\Temp:3E8A3E87
AlternateDataStreams: C:\ProgramData\Temp:41099CE9
AlternateDataStreams: C:\ProgramData\Temp:48977386
AlternateDataStreams: C:\ProgramData\Temp:490BCC52
AlternateDataStreams: C:\ProgramData\Temp:4F636E25
AlternateDataStreams: C:\ProgramData\Temp:5080697C
AlternateDataStreams: C:\ProgramData\Temp:52E1DB1D
AlternateDataStreams: C:\ProgramData\Temp:57176330
AlternateDataStreams: C:\ProgramData\Temp:57EE48CA
AlternateDataStreams: C:\ProgramData\Temp:5A2E8BBF
AlternateDataStreams: C:\ProgramData\Temp:5B4686D7
AlternateDataStreams: C:\ProgramData\Temp:5C353220
AlternateDataStreams: C:\ProgramData\Temp:5C9A6C78
AlternateDataStreams: C:\ProgramData\Temp:60AC3BC3
AlternateDataStreams: C:\ProgramData\Temp:614F17D3
AlternateDataStreams: C:\ProgramData\Temp:663B62CA
AlternateDataStreams: C:\ProgramData\Temp:67BA17B9
AlternateDataStreams: C:\ProgramData\Temp:69F562A6
AlternateDataStreams: C:\ProgramData\Temp:69FD6BF0
AlternateDataStreams: C:\ProgramData\Temp:6AF67671
AlternateDataStreams: C:\ProgramData\Temp:6BD304B9
AlternateDataStreams: C:\ProgramData\Temp:6BF0805F
AlternateDataStreams: C:\ProgramData\Temp:6E11933F
AlternateDataStreams: C:\ProgramData\Temp:6E90EDD7
AlternateDataStreams: C:\ProgramData\Temp:6FD26134
AlternateDataStreams: C:\ProgramData\Temp:70E897B5
AlternateDataStreams: C:\ProgramData\Temp:798A3728
AlternateDataStreams: C:\ProgramData\Temp:7C27C41C
AlternateDataStreams: C:\ProgramData\Temp:7EC01D6D
AlternateDataStreams: C:\ProgramData\Temp:814B9485
AlternateDataStreams: C:\ProgramData\Temp:865F21BF
AlternateDataStreams: C:\ProgramData\Temp:86A7B7DD
AlternateDataStreams: C:\ProgramData\Temp:8750DCE4
AlternateDataStreams: C:\ProgramData\Temp:87A3A233
AlternateDataStreams: C:\ProgramData\Temp:88C5973F
AlternateDataStreams: C:\ProgramData\Temp:8AA99C0C
AlternateDataStreams: C:\ProgramData\Temp:8B480195
AlternateDataStreams: C:\ProgramData\Temp:8DA9DB01
AlternateDataStreams: C:\ProgramData\Temp:8DD20B4A
AlternateDataStreams: C:\ProgramData\Temp:922DA2DB
AlternateDataStreams: C:\ProgramData\Temp:9254F782
AlternateDataStreams: C:\ProgramData\Temp:93226FE3
AlternateDataStreams: C:\ProgramData\Temp:93B0BB6F
AlternateDataStreams: C:\ProgramData\Temp:93B8F954
AlternateDataStreams: C:\ProgramData\Temp:94B25DF5
AlternateDataStreams: C:\ProgramData\Temp:9BFB769D
AlternateDataStreams: C:\ProgramData\Temp:9DF07E8F
AlternateDataStreams: C:\ProgramData\Temp:9E22BBE8
AlternateDataStreams: C:\ProgramData\Temp:A2FF94DF
AlternateDataStreams: C:\ProgramData\Temp:A4AF8D0D
AlternateDataStreams: C:\ProgramData\Temp:A6346EE9
AlternateDataStreams: C:\ProgramData\Temp:A6CDBCAC
AlternateDataStreams: C:\ProgramData\Temp:A78B31DD
AlternateDataStreams: C:\ProgramData\Temp:A819A132
AlternateDataStreams: C:\ProgramData\Temp:A9F13D2D
AlternateDataStreams: C:\ProgramData\Temp:AA60673F
AlternateDataStreams: C:\ProgramData\Temp:ABE89FFE
AlternateDataStreams: C:\ProgramData\Temp:ADE16379
AlternateDataStreams: C:\ProgramData\Temp:ADFAD95A
AlternateDataStreams: C:\ProgramData\Temp:B093E177
AlternateDataStreams: C:\ProgramData\Temp:B203B914
AlternateDataStreams: C:\ProgramData\Temp:B2DC8D6B
AlternateDataStreams: C:\ProgramData\Temp:B3942462
AlternateDataStreams: C:\ProgramData\Temp:B504E4C2
AlternateDataStreams: C:\ProgramData\Temp:B623B5B8
AlternateDataStreams: C:\ProgramData\Temp:BB24555F
AlternateDataStreams: C:\ProgramData\Temp:C0A2E219
AlternateDataStreams: C:\ProgramData\Temp:C0A9B815
AlternateDataStreams: C:\ProgramData\Temp:C7B98566
AlternateDataStreams: C:\ProgramData\Temp:CC7738DB
AlternateDataStreams: C:\ProgramData\Temp:CCB49694
AlternateDataStreams: C:\ProgramData\Temp:CDFF58FE
AlternateDataStreams: C:\ProgramData\Temp:CE0A077E
AlternateDataStreams: C:\ProgramData\Temp:CEE4A457
AlternateDataStreams: C:\ProgramData\Temp:D2D4B33E
AlternateDataStreams: C:\ProgramData\Temp:D4D3884D
AlternateDataStreams: C:\ProgramData\Temp:D8F9D810
AlternateDataStreams: C:\ProgramData\Temp:DCAF903C
AlternateDataStreams: C:\ProgramData\Temp:E027789A
AlternateDataStreams: C:\ProgramData\Temp:E1982A23
AlternateDataStreams: C:\ProgramData\Temp:E4FCDFD9
AlternateDataStreams: C:\ProgramData\Temp:EA701346
AlternateDataStreams: C:\ProgramData\Temp:ED92736E
AlternateDataStreams: C:\ProgramData\Temp:F4362715
AlternateDataStreams: C:\ProgramData\Temp:F4BF61E8
AlternateDataStreams: C:\ProgramData\Temp:F5E8CAE0
AlternateDataStreams: C:\ProgramData\Temp:F67AAFC5
AlternateDataStreams: C:\ProgramData\Temp:F81E7082
AlternateDataStreams: C:\ProgramData\Temp:FC60E0F8
AlternateDataStreams: C:\ProgramData\Temp:FDC41D2C
AlternateDataStreams: C:\ProgramData\Temp:FECEF728
AlternateDataStreams: C:\ProgramData\Temp:FED25C29
AlternateDataStreams: C:\ProgramData\Temp:FEEEFFAD
EmptyTemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.03.2015, 12:06
| #11 |
| | pup.optional.facemoods und trojanerwarnung avg No Way... Ich hab alles ausgestellt, es läuft nicht durch. Auch beim dritten Mal hängt es sich auf, selbst die Firewall ist aus. Ab einem gewissen Punkt rührt sich nichts mehr. |
|
26.03.2015, 12:17
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | pup.optional.facemoods und trojanerwarnung avg Dann mach den Fix im abgesicherten Modus von Windows.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.03.2015, 12:24
| #13 |
| | pup.optional.facemoods und trojanerwarnung avg Geht nicht. Hängt noch schneller. |
|
26.03.2015, 12:30
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | pup.optional.facemoods und trojanerwarnung avg Was genau hängt da eigentlich...wenn wir da nix fixen können musst du das OS neu aufspielen.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.03.2015, 12:35
| #15 |
| | pup.optional.facemoods und trojanerwarnung avg Es scannt, dann bleibt der Balken stehen und es heißt oben "keine Rückmeldung" ich kann es dann nicht mal gleich schließen, es kommt nochmal die Fehlermeldung und dauert bis es sich schließen lässt. Das OS? Was heißt das? Betriebssystem? Geändert von Tinette (26.03.2015 um 12:41 Uhr) |
|
| Themen zu pup.optional.facemoods und trojanerwarnung avg |
| bericht, datenbank, eingestuft, logfile, nicht sicher, objekte, problem, pup.optional.facemoods.a, schutz, service, trojanerwarnung, unsicher, verzeichnis, virus oder malware oder harmlos, webseite, webseiten, windows, windows vista |
Linear-Darstellung
