|
Plagegeister aller Art und deren Bekämpfung: sm.de - wie werde ich das wieder los?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
01.05.2015, 23:38 | #1 |
| sm.de - wie werde ich das wieder los? Hallo! Inzwischen habe ich erfahren, dass es mit der Installation des flv-Players zusammen hängen könnte. Wann immer ich in google eine Suche eingebe, zeigt mir sm.de die Ergebnisse. Ein Tool zum entfernen habe ich bisher nicht gefunden, Wohl aber Programme, die bei Scann meines pc den Störer finden und dann Geld verlangen, um ihn zu entfernen. Ich habe auch ein Virenprogramm mit russisch klingendem Namen, welches noch nicht mal nach malware sucht. Das nervt total. Wie werde ich den störer wieder los? Ach so, sm.de ist nur bei Firefox aktiv. Bei IE bisher noch nicht. Deinstallation von Firefox und Neuinstallation bringen nichts. VLC deinstallieren ist auch wecklos. Mit freundlichen Grüßen Deisto |
02.05.2015, 00:14 | #2 |
/// TB-Ausbilder /// Anleitungs-Guru | sm.de - wie werde ich das wieder los?Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das...
Hinweis: Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden. Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert. Adware & Co. können wir sehr gut entfernen. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean bekommst. Los geht's: Schritt 1 Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
Lesestoff Posten in CODE-Tags: So gehts... Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert uns massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
02.05.2015, 12:56 | #3 |
| sm.de - wie werde ich das wieder los? Hallo Jürgen!
__________________Ich habe Dir die beiden Log-Dateien gepostet, doch sind sie nirgends angekommen. Da brauche ich mich nicht wudnern, wenn ich keine Antwort bekomme. Hier mein zweiter Versuch. Danke! FRST txt FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-04-2015 01 Ran by Home (administrator) on HOME-OFFICE on 02-05-2015 10:32:45 Running from C:\Users\Home\Desktop Loaded Profiles: Home (Available profiles: Home & Gast & Classic .NET AppPool & DefaultAppPool) Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (AMD) C:\Windows\System32\atieclxx.exe () C:\Program Files\Lexware\AAVUpdateManager\aavus.exe (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Bayer Healthcare LLC) C:\Program Files\Bayer HealthCare SmartLaunch\bin\BayerHCService.exe (DATA BECKER GmbH & Co KG) C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe (MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe (Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe () C:\Program Files\CyberLink\Shared files\RichVideo.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (StarWind Software) C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe (TuneUp Software) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Windows\System32\UI0Detect.exe (TuneUp Software) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe () C:\Windows\System32\CmWatch.exe (shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe (CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Wondershare) C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEUPDT.EXE (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [CmCardRun] => C:\Windows\system32\CmWatch.exe [229376 2003-09-16] () HKLM\...\Run: [FreePDF Assistant] => C:\Program Files\FreePDF_XP\fpassist.exe [371200 2011-02-23] (shbox.de) HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2565520 2011-03-15] (CANON INC.) HKLM\...\Run: [CanonSolutionMenuEx] => C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.) HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641704 2012-11-16] (Advanced Micro Devices, Inc.) HKLM\...\Run: [AMD AVT] => C:\Program Files\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] () HKLM\...\Run: [AVP] => C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-09] (Kaspersky Lab ZAO) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12017368 2013-10-24] (Realtek Semiconductor) HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [455512 2014-05-28] (DivX, LLC) HKLM\...\Run: [PDFPrint] => C:\Program Files\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH) HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101584 2014-04-25] (Safer-Networking Ltd.) HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2072928 2014-10-31] (Wondershare) HKLM\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe HKLM\...\Run: [BrowserPlugInHelper] => C:\Program Files\Wondershare\Video Converter Ultimate\BrowserPlugInHelper.exe [1962896 2014-04-25] () Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2012-10-01] (Logitech, Inc.) Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X] HKLM\...\Policies\Explorer: [NoDriveAutoRun] 0x0000 HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\tray.exe [1010008 2015-04-08] (Garmin Ltd. or its subsidiaries) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\2015_Termine.xls - Verknüpfung.lnk [2015-04-15] ShortcutTarget: 2015_Termine.xls - Verknüpfung.lnk -> O:\~Termine\Termine_nach_Jahren\2015_Termine.xls () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Kalenderchen 5.lnk [2015-04-15] ShortcutTarget: Kalenderchen 5.lnk -> C:\Program Files\Kalenderchen\Kalenderchen.exe (Daniel Manger Software) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKU\S-1-5-21-3719280737-1325245270-1685948379-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001 -> {EC9374F2-FD97-4838-9FB3-6C1B76EC6959} URL = https://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=926458&p={searchTerms} BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2013-12-10] (Kaspersky Lab ZAO) BHO: Wondershare Video Converter Ultimate -> {65DEE40A-3E93-4cae-9F98-B8E06DCEE2BF} -> C:\Program Files\Wondershare\Video Converter Ultimate\SVRIEPlugin.dll [2014-04-25] (Wondershare Software Co., Ltd.) BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-05-19] (Kaspersky Lab ZAO) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-09] (Oracle Corporation) BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll [2013-12-10] (Kaspersky Lab ZAO) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-09] (Oracle Corporation) BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll [2013-12-10] (Kaspersky Lab ZAO) Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2010-11-08] (CANON INC.) Toolbar: HKU\.DEFAULT -> No Name - {266FCDCA-7BB3-4DA7-B3BF-F845DEA2EBD6} - No File Toolbar: HKU\.DEFAULT -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKU\.DEFAULT -> No Name - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - No File Toolbar: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2010-11-08] (CANON INC.) Handler: fluxhttp\0x00000007 - {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax [2009-07-16] () Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) Handler: WSWSVCUchrome - No CLSID Value - Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\hl47song.default-1391114288471 FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml FF DefaultSearchEngine: SuchMaschine FF SelectedSearchEngine: Yahoo! FF Homepage: https://www.google.de/?gws_rd=ssl FF Keyword.URL: https://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=926458&p= FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.) FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll [2014-06-03] (DivX, LLC) FF Plugin: @fluxdvd.com/NPWMDRMWrapper -> C:\Program Files\Videoload Manager\NPWMDRMWrapper.dll [2010-02-04] ( ) FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-09] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-09] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2010-03-21] (Microsoft Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation) FF Plugin: @protectdisc.com/NPMPDRM -> C:\Program Files\Common Files\mpDRM\NPMPDRM.dll [2010-02-03] ( ) FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-10-12] (RealNetworks, Inc.) FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-10-12] (RealNetworks, Inc.) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF Plugin HKU\.DEFAULT: @protectdisc.com/NPPDLicenseHelper -> C:\Windows\system32\config\systemprofile\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll [2009-06-25] ( ) FF Plugin HKU\S-1-5-21-3719280737-1325245270-1685948379-1001: @doubletwist.com/NPPodcast -> C:\Program Files\Common Files\doubleTwist\NPPodcast.dll No File FF SearchPlugin: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\hl47song.default-1391114288471\searchplugins\suchmaschine.xml [2015-04-30] FF Extension: WEB.DE MailCheck - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\hl47song.default-1391114288471\Extensions\toolbar@web.de [2015-04-19] FF Extension: Garmin Communicator - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\hl47song.default-1391114288471\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2014-10-29] FF Extension: Easy Youtube Video Downloader Express - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\hl47song.default-1391114288471\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2014-12-07] FF Extension: Video DownloadHelper - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\hl47song.default-1391114288471\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-03-16] FF Extension: Adblock Plus - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\hl47song.default-1391114288471\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-15] FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF HKLM\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-01-30] FF HKLM\...\Firefox\Extensions: - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com FF Extension: Kaspersky URL Advisor - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013-04-05] FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com FF Extension: Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013-04-05] FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com FF Extension: Dangerous Websites Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013-04-05] FF HKLM\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com FF Extension: Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013-04-05] FF HKLM\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com FF Extension: Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013-04-05] FF HKLM\...\Firefox\Extensions: [{8D150B8F-EFE8-45a3-A4A3-053020F48FAC}] - C:\Program Files\Wondershare\Video Converter Ultimate\SVRFirefoxExt FF Extension: Wondershare Video Converter Ultimate - C:\Program Files\Wondershare\Video Converter Ultimate\SVRFirefoxExt [2015-04-30] Chrome: ======= CHR Profile: C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-23] CHR Extension: (Google Drive) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-23] CHR Extension: (YouTube) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-23] CHR Extension: (Google Search) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-23] CHR Extension: (Kaspersky URL Advisor) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2013-10-23] CHR Extension: (Logitech SetPoint) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd [2013-10-23] CHR Extension: (Safe Money) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2013-10-23] CHR Extension: (Content Blocker) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2013-10-23] CHR Extension: (Virtual Keyboard) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2013-10-23] CHR Extension: (Chrome In-App Payments service) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-23] CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2013-10-23] CHR Extension: (Gmail) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-23] CHR Extension: (Anti-Banner) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2013-10-23] CHR HKLM\...\Chrome\Extension: [chgdeabpmphfhkoemjjglmilajldekbp] - C:\Program Files\Wondershare\Video Converter Ultimate\SVRChromePlugin.crx [2015-04-30] CHR HKLM\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx [2012-12-14] CHR HKLM\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx [2013-01-30] CHR HKLM\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx [2012-12-14] CHR HKLM\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx [2012-12-14] CHR HKLM\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx [2012-12-14] CHR HKLM\...\Chrome\Extension: [ngnjhfpfhadncgafgbneeljaginimmmk] - C:\Users\Home\AppData\Local\Temp\tbch.crx [Not Found] CHR HKLM\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx [2012-12-14] Opera: ======= StartMenuInternet: (HKLM) Opera - H:\Opera-Browser\Opera.exe ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AAV UpdateService; C:\Program Files\Lexware\AAVUpdateManager\aavus.exe [128296 2008-10-24] () R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-09] (Kaspersky Lab ZAO) R2 BayerHealthcareService; C:\Program Files\Bayer HealthCare SmartLaunch\bin\BayerHCService.exe [135032 2013-12-05] (Bayer Healthcare LLC) R2 DBService; C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe [187456 2011-01-13] (DATA BECKER GmbH & Co KG) [File not signed] R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1253376 2009-08-27] (MAGIX AG) [File not signed] S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®) [File not signed] R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2015-03-30] (Freemake) [File not signed] S3 Garmin Device Interaction Service; C:\Program Files\Garmin\Device Interaction Service\GarminService.exe [708616 2015-04-08] (Garmin Ltd. or its subsidiaries) S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed] R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [13824 2009-07-14] (Microsoft Corporation) R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [254552 2012-12-21] () R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.) R2 StarWindServiceAE; C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed] R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [1529656 2013-12-11] (TuneUp Software) R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S0 amdkmafd; C:\Windows\System32\DRIVERS\amdkmafd.sys [15968 2013-10-19] (Advanced Micro Devices, Inc.) R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [24832 2013-10-19] (Advanced Micro Devices, Inc.) R3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [26032 2013-06-02] (Wondershare) S3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW73.sys [77312 2013-09-24] (Advanced Micro Devices) [File not signed] R3 BlueletAudio; C:\Windows\System32\DRIVERS\blueletaudio.sys [34576 2007-03-05] (IVT Corporation.) R3 BlueletSCOAudio; C:\Windows\System32\DRIVERS\BlueletSCOAudio.sys [27792 2007-03-05] (IVT Corporation.) R3 BT; C:\Windows\System32\DRIVERS\btnetdrv.sys [18320 2007-03-05] (IVT Corporation.) S3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [39184 2007-03-05] (IVT Corporation.) R0 BTHidEnum; C:\Windows\System32\Drivers\vbtenum.sys [20880 2007-03-05] (IVT Corporation.) R0 BTHidMgr; C:\Windows\System32\Drivers\BTHidMgr.sys [35600 2007-03-05] (IVT Corporation.) S3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [225280 2011-07-19] (Intel Corporation) S3 cvspydr2; C:\Windows\System32\DRIVERS\cvspydr2.sys [33024 2002-04-02] (Colorvision Inc) S1 HCW88AUD; C:\Windows\System32\drivers\hcw88aud.sys [13440 2010-08-16] (Hauppauge Computer Works, Inc) S3 hcw88bda; C:\Windows\System32\drivers\hcw88bda.sys [216576 2010-08-16] (Hauppauge Computer Works, Inc) S3 hcw88rc5; C:\Windows\System32\Drivers\hcw88rc5.sys [12288 2010-08-16] (Hauppauge Computer Works, Inc.) S3 HCW88TSE; C:\Windows\System32\drivers\hcw88tse.sys [321408 2010-08-16] (Hauppauge Computer Works, Inc) S3 hcw88vid; C:\Windows\System32\drivers\hcw88vid.sys [396928 2010-08-16] (Hauppauge Computer Works, Inc) S3 HCW88XBAR; C:\Windows\System32\drivers\HCW88BAR.sys [17920 2010-08-16] (Hauppauge Computer Works, Inc.) S3 iBtFltCoex; C:\Windows\System32\DRIVERS\iBtFltCoex.sys [47104 2011-07-20] (Intel Corporation) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2013-12-10] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [597600 2014-05-19] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25696 2013-12-10] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25696 2013-10-09] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2013-10-09] (Kaspersky Lab ZAO) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [44000 2013-06-18] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [145224 2015-02-17] (Kaspersky Lab ZAO) S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25824 2010-05-07] () S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-05-01] (Malwarebytes Corporation) S3 PAC7311; C:\Windows\System32\DRIVERS\PA707UCM.SYS [154752 2005-10-18] (PixArt Imaging Inc.) S2 ROB_A; C:\Windows\System32\DRIVERS\rob_a.sys [17664 2003-02-10] (Pinnacle Systems GmbH) S2 ROB_V; C:\Windows\System32\drivers\rob_v.sys [125568 2003-04-11] (Pinnacle Systems GmbH) S3 SKYNET; C:\Windows\System32\DRIVERS\SkyNET.SYS [627288 2010-05-10] (TechniSat Digital, S.A.) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [436792 2011-04-04] () [File not signed] S3 StkCMini; C:\Windows\System32\Drivers\StkCMini.sys [1579144 2010-06-07] (Syntek) S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [35592 2012-10-25] (Anchorfree Inc.) S3 tbhsd; C:\Windows\System32\drivers\tbhsd.sys [39048 2014-06-11] (RapidSolution Software AG) S3 TrojanKillerDriver; C:\Windows\System32\DRIVERS\gtkdrv.sys [16128 2015-04-23] (Windows (R) Win 7 DDK provider) R3 ttBudget2; C:\Windows\System32\drivers\ttBudget2.sys [457472 2009-01-16] (TechnoTrend GmbH) S3 TTHID; C:\Windows\System32\DRIVERS\Cinergy_Hybrid-Stick_HID.sys [21752 2009-05-14] (DTV-DVB) R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [10064 2013-10-15] (TuneUp Software) S3 UDXTTM6010; C:\Windows\System32\DRIVERS\UDXTTM6010.sys [762232 2009-05-14] () S3 UMSSSTOR; C:\Windows\System32\DRIVERS\UMSS.SYS [48512 2004-07-13] (C-Media Corporation) R3 VComm; C:\Windows\System32\DRIVERS\VComm.sys [34448 2007-03-05] (IVT Corporation.) R3 VcommMgr; C:\Windows\System32\Drivers\VcommMgr.sys [44304 2007-03-05] (IVT Corporation.) S3 X86BDA; C:\Windows\System32\DRIVERS\OEMDrv.sys [195712 2011-06-08] ( ) U3 ar6l0i1v; C:\Windows\system32\Drivers\ar6l0i1v.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero size file/folder) S3 cpuz132; No ImagePath S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] U5 klflt; C:\Windows\System32\Drivers\klflt.sys [74848 2014-05-19] (Kaspersky Lab ZAO) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-05-02 10:32 - 2015-05-02 10:33 - 00027607 _____ () C:\Users\Home\Desktop\FRST.txt 2015-05-02 09:39 - 2015-05-02 09:39 - 02204160 _____ () C:\Users\Home\Desktop\adwcleaner_4.203.exe 2015-05-02 00:13 - 2015-05-02 00:15 - 00078826 _____ () C:\Users\Home\Downloads\Addition.txt 2015-05-02 00:12 - 2015-05-02 10:29 - 00065812 _____ () C:\Users\Home\Downloads\FRST.txt 2015-05-02 00:11 - 2015-05-02 00:11 - 01140736 _____ (Farbar) C:\Users\Home\Desktop\FRST.exe 2015-05-02 00:02 - 2015-05-02 00:04 - 00000000 ____D () C:\Users\Home\AppData\Roaming\vlc 2015-05-02 00:01 - 2015-05-02 00:01 - 00000994 _____ () C:\Users\Public\Desktop\VLC media player.lnk 2015-05-02 00:01 - 2015-05-02 00:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN 2015-05-01 22:16 - 2015-05-01 22:16 - 00001087 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-05-01 22:16 - 2015-05-01 22:16 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2015-05-01 19:56 - 2015-05-01 19:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-05-01 19:56 - 2015-05-01 19:56 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2015-05-01 19:56 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-05-01 19:56 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-05-01 19:54 - 2015-05-01 19:57 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys 2015-05-01 19:54 - 2015-05-01 19:56 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware 2015-05-01 19:54 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-05-01 18:18 - 2015-05-01 18:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Trojan Killer 2015-05-01 18:18 - 2015-05-01 18:18 - 00000000 ____D () C:\ProgramData\GridinSoft 2015-05-01 18:18 - 2015-05-01 18:18 - 00000000 ____D () C:\Program Files\GridinSoft Trojan Killer 2015-04-30 17:21 - 2015-04-30 17:21 - 00001470 _____ () C:\Users\Home\Desktop\DVD Shrink 3.2 DE.exe - Verknüpfung.lnk 2015-04-30 17:03 - 2015-04-30 17:03 - 00000953 _____ () C:\Users\Gast\Desktop\DVD Shrink 3.2 deutsch.lnk 2015-04-30 17:03 - 2015-04-30 17:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Shrink deutsch 2015-04-30 17:03 - 2015-04-30 17:03 - 00000000 ____D () C:\Program Files\DVD Shrink DE 2015-04-30 16:59 - 2015-04-30 17:00 - 00541240 _____ ( ) C:\Users\Home\Downloads\DVD%20Shrink.exe 2015-04-30 16:37 - 2013-08-23 13:36 - 00721263 _____ () C:\Windows\system32\WSCM64.dll 2015-04-30 16:37 - 2013-08-07 14:31 - 00214528 _____ () C:\Windows\system32\WSCM32.dll 2015-04-30 16:34 - 2015-04-30 16:35 - 41209384 _____ (Wondershare Software ) C:\Users\Home\Downloads\video-converter-ultimate_full1443.exe 2015-04-30 16:33 - 2015-04-30 16:33 - 00000048 _____ () C:\Windows\F27BBFAFCDA5DF0F.log 2015-04-30 16:27 - 2015-04-30 16:27 - 05185720 _____ () C:\Users\Home\Downloads\SetupCloneDVD2930Slysoft.exe 2015-04-30 15:27 - 2015-04-30 15:27 - 00002117 _____ () C:\Users\Home\Desktop\TuneUp Utilities 2012.lnk 2015-04-30 14:52 - 2015-05-01 08:52 - 00000000 ____D () C:\Program Files\CloneDVD 7 Ultimate 2015-04-30 14:52 - 2015-04-30 14:53 - 00000000 ____D () C:\Windows\system32\sysdir 2015-04-30 14:52 - 2015-04-30 14:52 - 00000000 ____D () C:\ProgramData\CloneDVD Studio 2015-04-30 14:46 - 2015-04-30 16:33 - 00000000 ____D () C:\Program Files\Elaborate Bytes 2015-04-30 14:46 - 2015-04-30 16:30 - 00000085 ___SH () C:\ProgramData\.zreglib 2015-04-30 10:34 - 2015-04-30 10:34 - 00000000 ____D () C:\Users\Home\Desktop\Bücher und Schreiberei\Büroarbeiten\Documents\Tipard Studio 2015-04-30 10:34 - 2015-04-30 10:34 - 00000000 ____D () C:\Users\Home\AppData\Local\Tipard Studio 2015-04-30 10:34 - 2015-04-30 10:34 - 00000000 ____D () C:\ProgramData\Tipard Studio 2015-04-30 10:34 - 2015-04-30 10:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tipard 2015-04-30 10:34 - 2015-04-30 10:34 - 00000000 ____D () C:\Program Files\Tipard Studio 2015-04-30 10:28 - 2015-04-30 10:28 - 00000000 ____D () C:\Users\Home\AppData\Roaming\NCH Software 2015-04-30 10:28 - 2015-04-30 10:28 - 00000000 ____D () C:\ProgramData\NCH Software 2015-04-30 10:28 - 2015-04-30 10:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Produktpalette 2015-04-30 10:28 - 2015-04-30 10:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audioverwandte Programme 2015-04-30 10:28 - 2015-04-30 10:28 - 00000000 ____D () C:\Program Files\NCH Software 2015-04-30 10:27 - 2015-04-30 10:27 - 00660504 _____ (NCH Software) C:\Users\Home\Downloads\switchsetup.exe 2015-04-30 08:41 - 2015-04-30 08:41 - 00000995 _____ () C:\Users\Public\Desktop\XMedia Recode.lnk 2015-04-30 08:41 - 2015-04-30 08:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XMedia Recode 2015-04-30 08:37 - 2015-04-30 08:37 - 08039043 _____ (XMedia Recode ) C:\Users\Home\Downloads\XMediaRecode3227_setup.exe 2015-04-30 08:17 - 2015-04-30 08:17 - 00000000 ____D () C:\Program Files\Startfenster 2015-04-30 08:15 - 2015-04-30 08:15 - 29013544 _____ () C:\Users\Home\Downloads\vlc-2.2.1-win32.exe 2015-04-29 23:21 - 2015-04-29 23:21 - 00001515 _____ () C:\Users\Home\Desktop\Windows Media Player.lnk 2015-04-29 23:18 - 2015-04-29 23:19 - 00000686 _____ () C:\Windows\wmsetup.log 2015-04-29 23:15 - 2015-04-29 23:16 - 01203488 _____ () C:\Users\Home\Downloads\Windows Media Player - CHIP-Installer.exe 2015-04-29 22:59 - 2015-04-29 22:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvsoft 2015-04-29 22:56 - 2015-04-29 22:57 - 37546360 _____ (Any-DVD-Converter.com ) C:\Users\Home\Downloads\any-dvd-converter.exe 2015-04-29 22:49 - 2015-04-29 22:49 - 00000000 ____D () C:\Users\Home\Desktop\Bücher und Schreiberei\Büroarbeiten\Documents\Wondershare MediaServer 2015-04-29 22:48 - 2015-04-29 23:07 - 00000000 ____D () C:\ProgramData\Wondershare 2015-04-29 22:46 - 2015-04-29 22:46 - 00811592 _____ () C:\Users\Home\Downloads\video-converter-ultimate_setup_full1045.exe 2015-04-29 11:05 - 2015-04-29 11:05 - 00001050 _____ () C:\Users\Home\Desktop\CDex.lnk 2015-04-26 17:56 - 2015-04-26 17:56 - 00000000 ____D () C:\Users\Home\AppData\Roaming\HandBrake 2015-04-26 17:49 - 2015-04-26 17:49 - 01203488 _____ () C:\Users\Home\Downloads\Free DVD Video Converter - CHIP-Installer.exe 2015-04-23 16:57 - 2015-04-23 16:57 - 00016128 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\gtkdrv.sys 2015-04-21 08:43 - 2015-04-21 08:43 - 00619753 _____ () C:\Users\Home\Downloads\flvplayer2_1.4.0.t3x 2015-04-21 08:22 - 2015-04-21 08:23 - 36790512 _____ (Movavi) C:\Users\Home\Downloads\MovaviVideoConverterSetupF(1).exe 2015-04-20 22:25 - 2015-04-20 22:31 - 00000000 ____D () C:\ProgramData\Eltima Software 2015-04-17 12:13 - 2015-04-17 12:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IVT BlueSoleil 2015-04-17 11:45 - 2015-04-17 11:45 - 00000000 ____D () C:\Program Files\Free Codec Pack 2015-04-17 10:56 - 2015-04-17 10:56 - 00001511 _____ () C:\Users\Home\Desktop\Für_Erstattungen_gesammelte_Belege - Verknüpfung.lnk 2015-04-17 10:06 - 2015-04-17 10:06 - 34359344 _____ (DVDVideoSoft Ltd. ) C:\Users\Home\Downloads\FreeYouTubeDownload_3.2.56.324.exe 2015-04-16 17:26 - 2015-04-16 17:26 - 00000000 ____D () C:\Users\Home\Desktop\Bücher und Schreiberei\Büroarbeiten\Documents\QuickSteuer 2015-04-16 17:26 - 2015-04-16 17:26 - 00000000 ____D () C:\Users\Home\AppData\Local\HL 2015-04-16 17:23 - 2015-04-20 13:23 - 00000000 ____D () C:\ProgramData\AAV 2015-04-16 17:22 - 2015-04-16 17:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexware 2015-04-16 17:14 - 2015-04-16 17:14 - 00000000 ____D () C:\ProgramData\HL 2015-04-16 17:03 - 2015-04-16 17:12 - 351504736 _____ () C:\Users\Home\Downloads\QuickSteuer2015.exe 2015-04-16 15:18 - 2015-04-26 09:48 - 00000000 _____ () C:\Users\Home\.gtk-bookmarks 2015-04-15 18:31 - 2015-04-15 18:40 - 00001633 _____ () C:\Users\Home\Desktop\2015_Grundwassermessung_Grauwinkel.lnk 2015-04-15 14:00 - 2015-04-15 14:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2015-04-15 11:08 - 2015-04-15 11:08 - 00001801 _____ () C:\Users\Home\Desktop\FreeDoko.lnk 2015-04-15 11:08 - 2015-04-15 11:08 - 00000000 ____D () C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeDoko 2015-04-15 11:08 - 2015-04-15 11:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeDoko 2015-04-15 11:08 - 2015-04-15 11:08 - 00000000 ____D () C:\Program Files\FreeDoko 2015-04-15 11:03 - 2015-04-15 11:03 - 01203488 _____ () C:\Users\Home\Downloads\FreeDoko - CHIP-Installer.exe 2015-04-15 05:32 - 2015-04-15 05:32 - 00001907 _____ () C:\Users\Home\Desktop\Kalenderchen 5.lnk 2015-04-15 05:26 - 2015-03-23 05:06 - 00860160 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-04-15 05:26 - 2015-03-23 05:06 - 00630784 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-04-15 05:26 - 2015-03-23 05:06 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-04-15 05:26 - 2015-03-23 05:06 - 00331264 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-04-15 05:26 - 2015-03-23 05:06 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-04-15 05:26 - 2015-03-23 05:06 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2015-04-15 05:26 - 2015-03-23 05:06 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2015-04-15 05:26 - 2015-03-23 04:59 - 00896000 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-04-15 05:26 - 2015-03-17 07:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2015-04-15 05:26 - 2015-03-17 07:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-04-15 05:26 - 2015-03-17 07:01 - 00137656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-04-15 05:26 - 2015-03-17 07:01 - 00067512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-04-15 05:26 - 2015-03-17 06:59 - 01306112 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-04-15 05:26 - 2015-03-17 06:57 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-04-15 05:26 - 2015-03-17 06:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-04-15 05:26 - 2015-03-17 06:57 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-04-15 05:26 - 2015-03-17 06:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-04-15 05:26 - 2015-03-17 06:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-04-15 05:26 - 2015-03-17 06:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-04-15 05:26 - 2015-03-17 06:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-04-15 05:26 - 2015-03-17 06:57 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-04-15 05:26 - 2015-03-17 06:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-04-15 05:26 - 2015-03-17 06:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-04-15 05:26 - 2015-03-17 06:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-04-15 05:26 - 2015-03-17 06:57 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-04-15 05:26 - 2015-03-17 06:56 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-04-15 05:26 - 2015-03-17 06:56 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-04-15 05:26 - 2015-03-17 06:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-04-15 05:26 - 2015-03-17 06:56 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-04-15 05:26 - 2015-03-17 06:56 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-04-15 05:26 - 2015-03-17 06:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-04-15 05:26 - 2015-03-17 06:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-04-15 05:26 - 2015-03-17 06:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-04-15 05:26 - 2015-03-17 06:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-04-15 05:26 - 2015-03-17 06:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-04-15 05:26 - 2015-03-04 06:16 - 00249784 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys 2015-04-15 05:26 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll 2015-04-15 05:25 - 2015-04-02 01:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-04-15 05:25 - 2015-03-25 05:00 - 03088384 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-04-15 05:25 - 2015-03-25 05:00 - 02020864 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-04-15 05:25 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-04-15 05:25 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-04-15 05:25 - 2015-03-25 05:00 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-04-15 05:25 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-04-15 05:25 - 2015-03-25 05:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll 2015-04-15 05:25 - 2015-03-25 05:00 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2015-04-15 05:25 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-04-15 05:25 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2015-04-15 05:25 - 2015-03-25 05:00 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll 2015-04-15 05:25 - 2015-03-13 05:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-04-15 05:25 - 2015-03-13 05:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-04-15 05:25 - 2015-03-13 05:42 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-04-15 05:25 - 2015-03-13 05:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-04-15 05:25 - 2015-03-13 05:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-04-15 05:25 - 2015-03-13 05:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-04-15 05:25 - 2015-03-13 05:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-04-15 05:25 - 2015-03-13 05:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-04-15 05:25 - 2015-03-13 05:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-04-15 05:25 - 2015-03-13 05:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-04-15 05:25 - 2015-03-13 05:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-04-15 05:25 - 2015-03-13 05:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-04-15 05:25 - 2015-03-13 05:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-04-15 05:25 - 2015-03-13 05:16 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-04-15 05:25 - 2015-03-13 05:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-04-15 05:25 - 2015-03-13 05:09 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-04-15 05:25 - 2015-03-13 05:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-04-15 05:25 - 2015-03-13 05:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-04-15 05:25 - 2015-03-13 04:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-04-15 05:25 - 2015-03-13 04:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-04-15 05:25 - 2015-03-13 04:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-04-15 05:25 - 2015-03-13 04:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-04-15 05:25 - 2015-03-13 04:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-04-15 05:25 - 2015-03-13 04:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-04-15 05:25 - 2015-03-13 04:43 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-04-15 05:25 - 2015-03-13 04:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-04-15 05:25 - 2015-03-13 04:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-04-15 05:25 - 2015-03-13 04:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-04-15 05:25 - 2015-03-13 04:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-04-15 05:25 - 2015-03-13 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-04-15 05:25 - 2015-03-05 06:06 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2015-04-15 05:24 - 2015-02-25 05:03 - 00514560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys 2015-04-15 05:23 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2015-04-15 05:23 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2015-04-14 16:46 - 2015-04-14 16:46 - 00001883 _____ () C:\Users\Home\Downloads\Auslieferung 17.4.2015 (2015_4_14 16_46).csv 2015-04-14 14:55 - 2015-04-14 14:55 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012.lnk 2015-04-14 14:55 - 2015-04-14 14:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012 2015-04-14 14:55 - 2013-12-11 09:59 - 00032568 _____ (TuneUp Software) C:\Windows\system32\TURegOpt.exe 2015-04-14 14:55 - 2013-12-11 09:59 - 00022328 _____ (TuneUp Software) C:\Windows\system32\authuitu.dll 2015-04-14 14:54 - 2015-04-14 14:55 - 00000000 ____D () C:\Program Files\TuneUp Utilities 2012 2015-04-14 14:47 - 2015-04-14 14:48 - 27620744 _____ (TuneUp Software) C:\Users\Home\Downloads\TuneUpUtilities2012_de-DE.exe 2015-04-14 14:07 - 2015-04-14 14:08 - 16107931 _____ (INTENIUM GmbH) C:\Users\Home\Downloads\greatmahjong.exe 2015-04-14 13:58 - 2015-04-14 13:59 - 00381120 _____ () C:\Users\Home\Downloads\greatmahjong_CB-DL-Manager.exe 2015-04-14 13:49 - 2015-04-14 13:49 - 00001328 _____ () C:\Users\Home\Desktop\Mahjongg 2000.lnk 2015-04-14 13:44 - 2015-04-14 13:44 - 00757261 _____ () C:\Users\Home\Downloads\mj32xpde.zip 2015-04-14 13:26 - 2015-04-14 13:26 - 00800216 _____ (Generic Web ) C:\Users\Home\Downloads\IObitUninstallerSetup.exe 2015-04-14 13:22 - 2015-04-14 13:33 - 00000000 ____D () C:\Program Files\FreeGamePick.com 2015-04-14 13:19 - 2015-04-14 13:19 - 05942469 _____ ( ) C:\Users\Home\Downloads\MahjongCity.exe 2015-04-14 13:18 - 2015-04-14 13:18 - 00381120 _____ () C:\Users\Home\Downloads\MahjongCity_CB-DL-Manager.exe 2015-04-14 12:31 - 2015-04-14 13:10 - 00000000 ____D () C:\Program Files\Kyodai Mahjongg 2006 2015-04-14 12:30 - 2015-04-14 12:30 - 00000000 ____D () C:\Program Files\WEB.DE MailCheck 2015-04-14 12:10 - 2015-04-14 12:10 - 00000356 _____ () C:\Users\Home\Desktop\Hearts.lnk 2015-04-14 11:27 - 2015-04-14 11:27 - 00000884 _____ () C:\Users\Home\Desktop\Downloads - Verknüpfung.lnk 2015-04-14 11:23 - 2015-04-14 11:24 - 10717440 _____ () C:\Users\Home\Downloads\TU2007TrialDE.exe 2015-04-14 10:16 - 2015-04-14 10:16 - 00000000 ____D () C:\Program Files\Royal Doppelkopf 2015-04-14 09:37 - 2015-04-14 09:37 - 03556352 _____ () C:\Users\Home\Downloads\SetupRoyalDokosv.exe 2015-04-14 09:31 - 2015-04-14 09:31 - 00381120 _____ () C:\Users\Home\Downloads\SetupRoyalDokosv_CB-DL-Manager.exe 2015-04-14 08:57 - 2015-04-14 08:57 - 00000851 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Napster 5.0.lnk 2015-04-14 08:57 - 2015-04-14 08:57 - 00000000 ____D () C:\Program Files\Napster 5.0 2015-04-14 08:55 - 2015-04-14 08:55 - 01203488 _____ () C:\Users\Home\Downloads\Napster - CHIP-Installer.exe 2015-04-14 08:26 - 2015-04-14 15:32 - 00000000 ____D () C:\ProgramData\AVAST Software 2015-04-12 12:24 - 2015-04-12 12:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Napster Rienf Repair 2015-04-12 12:13 - 2015-04-12 12:14 - 07411200 _____ () C:\Users\Home\Downloads\NapsterRienfRepairSetup_1.1.9.msi 2015-04-12 11:32 - 2015-04-12 11:32 - 00000000 ____D () C:\Program Files\NA 2015-04-12 10:16 - 2015-04-12 12:01 - 00000943 _____ () C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Napster Music Community.lnk 2015-04-12 10:16 - 2015-04-12 12:01 - 00000919 _____ () C:\Users\Gast\Desktop\Napster Music Community.lnk 2015-04-12 10:16 - 2015-04-12 12:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Napster 2015-04-11 11:40 - 2015-04-12 10:22 - 00000000 _____ () C:\Windows\system32\mx_0020b.00- 2015-04-11 11:38 - 2015-04-12 12:01 - 00000000 ____D () C:\Program Files\Napster 2015-04-11 10:28 - 2015-04-11 10:28 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia 2015-04-11 10:28 - 2015-04-11 10:28 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia 2015-04-11 10:28 - 2015-04-11 10:28 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR 2015-04-10 13:30 - 2015-04-10 13:30 - 00000000 ____D () C:\Users\Home\.fontconfig 2015-04-10 13:18 - 2015-04-10 13:19 - 36790512 _____ (Movavi) C:\Users\Home\Downloads\MovaviVideoConverterSetupF.exe 2015-04-10 12:02 - 2015-04-10 12:02 - 00000000 ____D () C:\Users\Default\AppData\Local\Garmin_Ltd._or_its_subsid 2015-04-10 12:02 - 2015-04-10 12:02 - 00000000 ____D () C:\Users\Default User\AppData\Local\Garmin_Ltd._or_its_subsid 2015-04-08 12:12 - 2015-04-08 12:17 - 00000000 ____D () C:\Users\Home\AppData\Roaming\Mp3tag 2015-04-08 12:12 - 2015-04-08 12:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag 2015-04-08 12:12 - 2015-04-08 12:12 - 00000000 ____D () C:\Program Files\Mp3tag 2015-04-08 12:09 - 2015-04-08 12:09 - 02802944 _____ () C:\Users\Home\Downloads\mp3tagv269setup.exe 2015-04-07 09:20 - 2015-04-07 09:20 - 00001248 _____ () C:\Users\Public\Desktop\Freemake Video Converter.lnk 2015-04-07 09:16 - 2015-04-07 09:16 - 01270552 _____ (Ellora Assets Corporation ) C:\Users\Home\Downloads\FreemakeVideoConverterSetup.exe 2015-04-06 18:31 - 2015-04-06 18:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftMaker Office Standard 2012 2015-04-06 18:30 - 2015-04-06 18:44 - 00000000 ____D () C:\Program Files\SoftMaker Office Standard 2012 2015-04-06 10:22 - 2015-04-06 10:25 - 113784328 _____ (SoftMaker Software GmbH) C:\Users\Home\Downloads\ofw2012std.exe 2015-04-05 10:46 - 2015-04-05 10:46 - 15621448 _____ (Ventis Media Inc. ) C:\Users\Home\Downloads\MediaMonkey_4.1.6.1736.exe 2015-04-05 10:22 - 2015-04-05 10:22 - 01906385 _____ () C:\Users\Home\Downloads\cdtomp3freeware.exe 2015-04-05 10:22 - 2015-04-05 10:22 - 00000938 _____ () C:\Users\Gast\Desktop\Free CD to MP3 Converter.lnk 2015-04-05 10:22 - 2015-04-05 10:22 - 00000000 ____D () C:\Users\Home\AppData\Roaming\Eusing 2015-04-05 10:22 - 2015-04-05 10:22 - 00000000 ____D () C:\Program Files\CD to MP3 Freeware 2015-04-05 10:20 - 2015-04-05 10:20 - 00232216 _____ () C:\Users\Home\Downloads\cdtomp3freeware-33399310.exe 2015-04-04 10:45 - 2015-04-04 10:45 - 00000000 ___SD () C:\Windows\system32\GWX 2015-04-02 08:59 - 2015-04-02 08:59 - 01054912 _____ (Adobe) C:\Users\Home\Downloads\install_flashplayer17x32au_mssd_aaa_aih(2).exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-05-02 10:32 - 2013-10-28 20:58 - 00000000 ____D () C:\FRST 2015-05-02 10:21 - 2013-04-05 07:54 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2015-05-02 10:19 - 2009-07-14 06:34 - 00029760 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-05-02 10:19 - 2009-07-14 06:34 - 00029760 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-05-02 10:14 - 2010-02-18 19:57 - 01395243 _____ () C:\Windows\WindowsUpdate.log 2015-05-02 10:13 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\inetsrv 2015-05-02 10:11 - 2015-02-25 21:55 - 00015189 _____ () C:\Windows\setupact.log 2015-05-02 10:11 - 2012-01-14 15:24 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics 2015-05-02 10:11 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-05-02 10:10 - 2012-03-31 17:58 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-05-02 10:09 - 2013-09-01 01:36 - 00000000 ___DC () C:\AdwCleaner 2015-05-02 00:00 - 2010-03-07 01:41 - 00000000 ____D () C:\Program Files\VideoLAN 2015-05-01 23:28 - 2015-02-25 21:54 - 00016698 _____ () C:\Windows\PFRO.log 2015-05-01 23:28 - 2014-07-02 10:52 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2015-05-01 23:25 - 2013-10-23 21:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-05-01 23:16 - 2015-03-03 15:29 - 00000000 ____D () C:\Users\Home\AppData\Roaming\FreeDoko 2015-05-01 22:37 - 2010-02-20 12:39 - 00000000 ___RD () C:\Users\Home\Desktop\Computer&Games 2015-05-01 22:36 - 2011-10-06 13:59 - 00000000 ____D () C:\Users\Home\Desktop\Musik 2015-05-01 19:56 - 2011-10-31 14:12 - 00000000 ____D () C:\Users\Home\AppData\Roaming\Malwarebytes 2015-05-01 17:58 - 2013-02-05 13:34 - 00000000 ____D () C:\Users\Home\AppData\Roaming\MediaMonkey 2015-04-30 17:55 - 2010-06-20 14:29 - 00000000 ____D () C:\Users\Home\AppData\Roaming\dvdcss 2015-04-30 17:34 - 2013-04-24 14:15 - 00000000 ____D () C:\ProgramData\DVD Shrink 2015-04-30 16:48 - 2011-04-04 17:33 - 00000327 _____ () C:\Users\Home\Desktop\Bücher und Schreiberei\Büroarbeiten\Documents\ax_files.xml 2015-04-30 16:39 - 2014-07-05 10:09 - 00000000 ____D () C:\ProgramData\Wondershare Video Converter Ultimate 2015-04-30 16:37 - 2014-12-17 11:51 - 00000000 ____D () C:\Program Files\Wondershare 2015-04-30 16:37 - 2014-07-05 10:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare 2015-04-30 14:55 - 2014-01-21 09:25 - 00000033 _____ () C:\Users\Home\AppData\Roaming\pcouffin.log 2015-04-30 14:55 - 2014-01-21 09:23 - 00087608 _____ () C:\Users\Home\AppData\Roaming\inst.exe 2015-04-30 14:55 - 2014-01-21 09:23 - 00047360 _____ (VSO Software) C:\Users\Home\AppData\Roaming\pcouffin.sys 2015-04-30 14:55 - 2014-01-21 09:23 - 00007887 _____ () C:\Users\Home\AppData\Roaming\pcouffin.cat 2015-04-30 14:55 - 2014-01-21 09:23 - 00000000 ____D () C:\Users\Home\AppData\Roaming\Vso 2015-04-30 10:30 - 2012-03-22 10:20 - 00000040 _____ () C:\Users\Home\AppData\Roaming\cdr.ini 2015-04-30 08:41 - 2014-03-13 16:30 - 00000000 ____D () C:\Program Files\XMedia Recode 2015-04-29 23:00 - 2013-09-01 16:15 - 00000000 ____D () C:\Users\Home\Desktop\Bücher und Schreiberei\Büroarbeiten\Documents\Any DVD Converter Professional 2015-04-29 22:58 - 2014-06-29 21:02 - 00000000 ____D () C:\Program Files\AnvSoft 2015-04-29 22:58 - 2012-11-10 09:49 - 00000000 ____D () C:\Users\Home\AppData\Roaming\AnvSoft 2015-04-28 15:31 - 2010-02-18 20:11 - 01765786 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-04-26 17:53 - 2014-12-07 02:07 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft 2015-04-26 17:53 - 2013-12-31 13:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft 2015-04-26 17:53 - 2013-09-01 19:42 - 00000000 ____D () C:\Users\Home\AppData\Roaming\DVDVideoSoft 2015-04-26 17:53 - 2013-09-01 19:42 - 00000000 ____D () C:\Program Files\DVDVideoSoft 2015-04-25 16:38 - 2011-05-07 17:48 - 00000000 ____D () C:\Users\Home\Desktop\Bücher und Schreiberei\Büroarbeiten\Documents\SoftMaker 2015-04-22 20:51 - 2009-07-14 06:53 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-04-20 22:29 - 2013-09-01 16:15 - 00000000 ____D () C:\ProgramData\TEMP 2015-04-18 17:27 - 2015-02-14 19:53 - 00000000 ____D () C:\Users\Home\AppData\Local\CDex 2015-04-17 12:14 - 2011-10-09 20:27 - 00000000 ____D () C:\ProgramData\Bluetooth 2015-04-17 12:13 - 2011-10-09 20:13 - 00000032 _____ () C:\Windows\0 2015-04-17 11:50 - 2009-07-14 04:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories 2015-04-17 06:40 - 2009-07-14 06:33 - 00615568 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-04-16 18:30 - 2010-04-21 23:12 - 00000000 ____D () C:\Users\Home\dwhelper 2015-04-16 17:27 - 2011-09-25 11:31 - 00198424 _____ () C:\Users\Home\AppData\Local\GDIPFONTCACHEV1.DAT 2015-04-16 17:23 - 2010-04-04 19:50 - 00000000 ____D () C:\Program Files\Lexware 2015-04-16 15:18 - 2010-02-18 20:06 - 00000000 ____D () C:\Users\Home 2015-04-16 00:18 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\AppCompat 2015-04-15 19:10 - 2012-03-31 17:58 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-04-15 19:10 - 2011-05-16 16:46 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2015-04-15 18:49 - 2010-04-30 09:13 - 00000000 ____D () C:\Users\Home\AppData\Local\FreePDF_XP 2015-04-15 15:43 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache 2015-04-15 14:55 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2015-04-15 14:39 - 2014-05-06 20:28 - 00000000 ___SD () C:\Windows\system32\CompatTel 2015-04-15 14:38 - 2014-12-10 14:31 - 00000000 ____D () C:\Windows\system32\appraiser 2015-04-15 14:38 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE 2015-04-15 14:05 - 2013-08-17 18:06 - 00000000 ____D () C:\Windows\system32\MRT 2015-04-15 14:05 - 2010-02-18 20:13 - 125832184 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-04-15 14:00 - 2013-01-25 19:38 - 00000000 ____D () C:\Program Files\Common Files\Skype 2015-04-15 14:00 - 2010-09-09 09:34 - 00000000 ___RD () C:\Program Files\Skype 2015-04-15 14:00 - 2010-09-09 09:34 - 00000000 ____D () C:\ProgramData\Skype 2015-04-15 11:08 - 2015-03-03 15:28 - 00001801 _____ () C:\Users\Gast\Desktop\FreeDoko.lnk 2015-04-15 05:07 - 2010-03-24 08:22 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-04-15 05:07 - 2010-03-24 08:22 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-04-14 14:53 - 2011-12-26 12:27 - 00000000 __SHD () C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936} 2015-04-14 14:46 - 2010-02-19 22:54 - 00000000 ____D () C:\Users\Home\AppData\Roaming\TuneUp Software 2015-04-14 14:13 - 2015-02-06 19:23 - 00000000 ____D () C:\Users\Home\AppData\Roaming\dlg 2015-04-14 14:10 - 2013-08-07 19:56 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird 2015-04-14 14:04 - 2014-05-28 20:54 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} 2015-04-14 12:25 - 2013-11-19 11:52 - 00000000 ____D () C:\Program Files\OXXOGames 2015-04-14 12:10 - 2013-10-27 12:06 - 00000000 ____D () C:\Users\Home\AppData\Local\Microsoft Games 2015-04-14 11:43 - 2013-04-27 13:46 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard 2015-04-14 10:39 - 2011-01-14 14:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2015-04-14 10:28 - 2011-04-16 14:49 - 00000000 __HDC () C:\ProgramData\{53238C6C-48A3-4507-BBBB-C8A8D54603CF} 2015-04-14 10:28 - 2010-02-28 14:50 - 00000000 ____D () C:\Users\Home\AppData\Local\Downloaded Installations 2015-04-14 10:19 - 2010-02-19 22:51 - 00000000 ____D () C:\ProgramData\TuneUp Software 2015-04-14 08:47 - 2014-03-21 10:32 - 00000000 ____D () C:\Users\Home\AppData\Roaming\com.Rhapsody.Napster5 2015-04-12 14:19 - 2012-04-10 11:46 - 00000000 ____D () C:\Users\DefaultAppPool 2015-04-12 14:19 - 2011-09-26 22:01 - 00000000 ____D () C:\Users\Classic .NET AppPool 2015-04-12 12:01 - 2012-07-13 21:50 - 00000000 ____D () C:\Users\Gast 2015-04-11 10:28 - 2010-02-19 20:23 - 00000000 ____D () C:\Program Files\Adobe 2015-04-10 12:03 - 2014-04-09 22:34 - 00000000 ____D () C:\ProgramData\Package Cache 2015-04-10 12:02 - 2014-10-29 10:39 - 00000000 ____D () C:\Program Files\Garmin 2015-04-10 12:01 - 2014-10-29 10:12 - 00000000 ____D () C:\ProgramData\Garmin 2015-04-10 12:00 - 2014-10-29 10:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin 2015-04-09 09:50 - 2014-07-05 19:39 - 00000000 ____D () C:\Users\Home\AppData\Local\Adobe 2015-04-08 16:01 - 2009-07-14 06:46 - 00001515 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2015-04-07 09:20 - 2014-06-02 16:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake 2015-04-06 18:48 - 2011-05-07 17:48 - 00000000 ____D () C:\Users\Home\AppData\Roaming\SoftMaker 2015-04-06 18:27 - 2015-02-11 17:03 - 00000000 ____D () C:\Program Files\SoftMaker Office Home & Business 2012 2015-04-05 10:22 - 2012-03-22 10:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CD to MP3 Freeware ==================== Files in the root of some directories ======= 2011-10-03 20:14 - 2014-10-17 13:36 - 0000030 _____ () C:\Program Files\Exiferupdate.ini 2014-06-29 21:36 - 2014-07-02 17:25 - 5082084 _____ (The Public) C:\Users\Home\AppData\Roaming\Avisynth.exe 2014-06-29 21:36 - 2014-07-02 17:26 - 5243208 _____ ( ) C:\Users\Home\AppData\Roaming\AvsP.exe 2010-02-19 19:04 - 2010-02-19 19:04 - 0000054 _____ () C:\Users\Home\AppData\Roaming\burnaware.ini 2014-08-18 18:55 - 2015-01-02 20:17 - 0000100 _____ () C:\Users\Home\AppData\Roaming\Camdata.ini 2014-08-18 18:55 - 2015-01-02 20:17 - 0000408 _____ () C:\Users\Home\AppData\Roaming\CamLayout.ini 2014-08-18 18:55 - 2015-01-02 20:17 - 0000408 _____ () C:\Users\Home\AppData\Roaming\CamShapes.ini 2014-08-19 16:30 - 2015-01-02 20:17 - 0004546 _____ () C:\Users\Home\AppData\Roaming\CamStudio.cfg 2012-03-22 10:20 - 2015-04-30 10:30 - 0000040 _____ () C:\Users\Home\AppData\Roaming\cdr.ini 2014-06-29 21:36 - 2014-07-02 17:26 - 5514668 _____ (LIGHTNING UK!) C:\Users\Home\AppData\Roaming\Imgburn.exe 2014-01-21 09:23 - 2015-04-30 14:55 - 0087608 _____ () C:\Users\Home\AppData\Roaming\inst.exe 2014-06-29 21:36 - 2014-07-02 17:26 - 1357348 _____ () C:\Users\Home\AppData\Roaming\MatroskaSplitter.exe 2014-01-21 09:23 - 2015-04-30 14:55 - 0007887 _____ () C:\Users\Home\AppData\Roaming\pcouffin.cat 2014-01-21 09:23 - 2015-04-30 14:55 - 0001144 _____ () C:\Users\Home\AppData\Roaming\pcouffin.inf 2014-01-21 09:25 - 2015-04-30 14:55 - 0000033 _____ () C:\Users\Home\AppData\Roaming\pcouffin.log 2014-01-21 09:23 - 2015-04-30 14:55 - 0047360 _____ (VSO Software) C:\Users\Home\AppData\Roaming\pcouffin.sys 2013-05-01 17:06 - 2013-05-01 19:54 - 0000154 _____ () C:\Users\Home\AppData\Roaming\Safer-Networking.log 2014-06-29 21:36 - 2014-07-02 17:26 - 7760687 _____ (Boraxsoft) C:\Users\Home\AppData\Roaming\SetupGFD.exe 2014-08-18 18:52 - 2015-01-02 20:11 - 0000096 _____ () C:\Users\Home\AppData\Roaming\version2.xml 2013-08-02 20:30 - 2013-09-21 12:32 - 0000099 _____ () C:\Users\Home\AppData\Roaming\WB.CFG 2014-06-29 21:36 - 2014-07-02 17:26 - 0117723 _____ () C:\Users\Home\AppData\Roaming\yuvcodecs-1.3.exe 2011-10-29 09:51 - 2014-01-16 18:03 - 0008704 _____ () C:\Users\Home\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-08-17 21:12 - 2014-08-17 21:12 - 0007634 _____ () C:\Users\Home\AppData\Local\Resmon.ResmonCfg 2011-12-26 12:53 - 2011-12-26 12:53 - 0017408 _____ () C:\Users\Home\AppData\Local\WebpageIcons.db 2015-04-30 14:46 - 2015-04-30 16:30 - 0000085 ___SH () C:\ProgramData\.zreglib 2013-10-19 21:32 - 2013-10-19 21:32 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2010-09-09 09:39 - 2010-09-09 09:39 - 0000056 ____H () C:\ProgramData\ezsidmv.dat Some content of TEMP: ==================== C:\Users\Home\AppData\Local\Temp\mpegc.dll C:\Users\Home\AppData\Local\Temp\mpegm.dll C:\Users\Home\AppData\Local\Temp\Quarantine.exe C:\Users\Home\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-04-24 10:50 ==================== End Of Log ============================ |
02.05.2015, 12:58 | #4 |
| sm.de - wie werde ich das wieder los? Und hier der addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 29-04-2015 01 Ran by Home at 2015-05-02 10:33:49 Running from C:\Users\Home\Desktop Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3719280737-1325245270-1685948379-500 - Administrator - Disabled) Gast (S-1-5-21-3719280737-1325245270-1685948379-501 - Limited - Enabled) => C:\Users\Gast Home (S-1-5-21-3719280737-1325245270-1685948379-1001 - Administrator - Enabled) => C:\Users\Home HomeGroupUser$ (S-1-5-21-3719280737-1325245270-1685948379-1008 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Kaspersky Internet Security (Enabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5} AS: Kaspersky Internet Security (Enabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} FW: Kaspersky Internet Security (Enabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) AAVUpdateManager (HKLM\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH) ABBYY FineReader 5.0 Pro (HKLM\...\ABBYY FineReader 5.0 Pro) (Version: 5.0 - ABBYY Software House) abramania mahjongg freeware 1.0 (HKLM\...\abramania mahjongg freeware 1.0) (Version: 1.0 - abramedia) Accent OFFICE Password Recovery 4.0 (HKLM\...\Accent OFFICE Password Recovery_is1) (Version: 4.0 - AccentSoft Team) Adobe AIR (HKLM\...\Adobe AIR) (Version: 17.0.0.124 - Adobe Systems Incorporated) Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated) Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated) Adobe Reader XI (11.0.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) Advanced Renamer (HKLM\...\Advanced Renamer_is1) (Version: 3.64 - Hulubulu Software) Agent Ransack (HKLM\...\{8B51F879-18C4-4C37-8D2B-E340AEE7AACB}) (Version: 7.0.828.1 - Mythicsoft Ltd) ANT Drivers Installer x86 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden Any DVD Converter Professional 5.8.0 (HKLM\...\Any DVD Converter Professional_is1) (Version: - Any-DVD-Converter.com) Apowersoft Bildschirmrekorder Pro V1.3.2 (HKLM\...\{BADAA284-1D15-4EBB-B1E5-7C86603CDBBB}_is1) (Version: 1.3.2 - Apowersoft) Ashampoo Burning Studio 2014 v.12.0.5 (HKLM\...\{91B33C97-280F-B76D-E27B-E712D7041B76}_is1) (Version: 12.0.5 - Ashampoo GmbH & Co. KG) ATI AVIVO Codecs (Version: 11.6.0.51118 - ATI Technologies Inc.) Hidden ATI Catalyst Registration (Version: 3.00.0000 - ATI Technologies Inc.) Hidden ATI Problem Report Wizard (Version: 3.0.800.0 - ATI Technologies) Hidden Avery Zweckform DesignPro 2000 (HKLM\...\DesignPro) (Version: - ) AviSynth 2.6 (HKLM\...\AviSynth) (Version: 2.6.0.2 - GPL Public release.) AVM FRITZ!Box Dokumentation (HKLM\...\AVMFBox) (Version: - AVM Berlin) AVM FRITZ!Box Druckeranschluss (HKLM\...\AVMFBoxPrinter) (Version: - AVM Berlin) AvsP (HKLM\...\AvsP_is1) (Version: - ) Bluesoleil2.6.0.1 Release 070402 (HKLM\...\{11B5E957-FCF2-469D-AB66-963C38134231}) (Version: 2.6.0.1 Release 070402 - IVT Corporation) CameraHelperMsi (Version: 13.31.1038.0 - Logitech) Hidden Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version: - ) Canon Inkjet Printer Driver Add-On Module (HKLM\...\CANONIJINBOXADDON100) (Version: - ) Canon iP4900 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4900_series) (Version: - ) Canon My Printer (HKLM\...\CanonMyPrinter) (Version: - ) Canon RAW Codec (HKLM\...\Canon RAW Codec) (Version: 1.4.1.44 - ) Canon Solution Menu EX (HKLM\...\CanonSolutionMenuEX) (Version: - ) Canon Utilities Easy-PrintToolBox (HKLM\...\Easy-PrintToolBox) (Version: - ) Canon Utilities File Viewer Utility 1.3 (HKLM\...\InstallShield_{74344F10-34CA-480E-BD02-B3F4FA692BFA}) (Version: 1.3.1 - Canon) Canon Utilities PhotoStitch 3.1 (HKLM\...\InstallShield_{F11A403B-0DE9-4953-B790-7A2F014FBB2B}) (Version: 3.1.10 - Canon) CCleaner (HKLM\...\CCleaner) (Version: 3.04 - Piriform) CDex - Open Source Digital Audio CD Extractor (HKLM\...\CDex) (Version: 1.77.0.2015 - Georgy Berdyshev) CD-LabelPrint (HKLM\...\MediaNavigation.CDLabelPrint) (Version: - ) C-Media USB Mass Storage Driver (HKLM\...\C-Media Card Reader Driver) (Version: - ) Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) CorelDRAW Graphics Suite X4 - Capture (Version: 14.2 - Corel Corporation) Hidden CorelDRAW Graphics Suite X4 - Content (Version: 14.2 - Corel Corporation) Hidden CorelDRAW Graphics Suite X4 - Draw (Version: 14.2 - Corel Corporation) Hidden CorelDRAW Graphics Suite X4 - Filters (Version: 14.2 - Corel Corporation) Hidden CorelDRAW Graphics Suite X4 - FontNav (Version: 14.2 - Corel Corporation) Hidden CorelDRAW Graphics SUite X4 - ICA (Version: 14.2 - Corel Corporation) Hidden CorelDRAW Graphics Suite X4 - IPM (Version: 14.2 - Corel Corporation) Hidden CorelDRAW Graphics Suite X4 - Lang BR (Version: 14.2 - Corel Corporation) Hidden CorelDRAW Graphics Suite X4 - Lang CZ (Version: 14.2 - Corel Corporation) Hidden CorelDRAW Graphics Suite X4 - Lang DE (Version: 14.2 - Corel Corporation) Hidden CorelDRAW Graphics Suite X4 - Lang EN (Version: 14.2 - Corel Corporation) Hidden CorelDRAW Graphics Suite X4 - Lang ES (Version: 14.2 - Corel Corporation) Hidden CorelDRAW Graphics Suite X4 - Lang FR (Version: 14.2 - Corel Corporation) Hidden CorelDRAW Graphics Suite X4 - Lang IT (Version: 14.2 - Corel Corporation) Hidden CorelDRAW Graphics Suite X4 - Lang NL (Version: 14.2 - Uw bedrijfsnaam) Hidden CorelDRAW Graphics Suite X4 - Lang PL (Version: 14.2 - Corel Corporation) Hidden CorelDRAW Graphics Suite X4 - Lang SU (Version: 14.2 - Yrityksen nimi) Hidden CorelDRAW Graphics Suite X4 - Lang SV (Version: 14.2 - Ditt företagsnamn) Hidden CorelDRAW Graphics Suite X4 - PP (Version: 14.2 - Corel Corporation) Hidden CorelDRAW Graphics Suite X4 - VBA (Version: 14.2 - Corel Corporation) Hidden CorelDRAW Graphics Suite X4 (Version: 14.2 - Corel Corporation) Hidden CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension (HKLM\...\_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}) (Version: - Corel Corporation) CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension (Version: 1.1 - Corel Corporation) Hidden CorelDRAW(R) Graphics Suite X4 (HKLM\...\_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}) (Version: - Corel Corporation) CyberLink PowerDirector 11 (HKLM\...\InstallShield_{551F492A-01B0-4DC4-866F-875EC4EDC0A8}) (Version: 11.0.0.2707 - CyberLink Corp.) CyberLink WaveEditor 2 (HKLM\...\InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}) (Version: 2.0.3206 - CyberLink Corp.) D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden DATA BECKER CD-DVD Druckerei 8 (HKLM\...\CD-DVD Druckerei 8_is1) (Version: 8.10.0.0 - DATA BECKER GmbH & Co. KG) DATA BECKER MPEG2 Video Encoder (HKLM\...\MPEG2 Video Encoder_is1) (Version: - ) DATA BECKER Stream Catcher 2 FREE (HKLM\...\Stream Catcher 2 FREE_is1) (Version: - ) DivX-Setup (HKLM\...\DivX Setup) (Version: 2.6.3.52 - DivX, LLC) Dropbox (HKU\S-1-5-21-3719280737-1325245270-1685948379-1001\...\Dropbox) (Version: 2.10.3 - Dropbox, Inc.) Duplicate Email Remover (HKLM\...\{7AA36634-4324-4EF4-8C0C-D8EF1FC2BEA4}) (Version: 2.16.0 - MAPILab Ltd.) DVD Shrink 3.2 deutsch (HKLM\...\DVD Shrink DE_is1) (Version: - DVD Shrink) Easy-WebPrint (HKLM\...\Easy-WebPrint) (Version: - ) Elevated Installer (Version: 4.0.15.0 - Garmin Ltd or its subsidiaries) Hidden ElsterFormular (HKLM\...\ElsterFormular) (Version: 16.1.20150309 - Landesfinanzdirektion Thüringen) EPSON Scan (HKLM\...\EPSON Scanner) (Version: - ) EPSON Smart Panel (HKLM\...\{6C11D561-620B-47DA-A693-4C597F3CDF40}) (Version: - ) erLT (Version: 1.20.138.34 - Logitech, Inc.) Hidden Exif Pilot 4.7 (HKLM\...\Exif Pilot_is1) (Version: 4.7 - Two Pilots) Exifer (HKLM\...\Exifer_is1) (Version: - Friedemann Schmidt) exPressIT (HKLM\...\exPressIT) (Version: - ) File Viewer Utility 1.3.1 (Version: 1.3.1 - Canon) Hidden Firebird SQL Server - MAGIX Edition (HKLM\...\{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}) (Version: 2.1.27.0 - MAGIX AG) FixFoto 3.50 (HKLM\...\FixFoto_is1) (Version: - Joachim Koopmann Software) FormatFactory 3.3.5.0 (HKLM\...\FormatFactory) (Version: 3.3.5.0 - Format Factory) Fotogalerie (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Free Audio CD to MP3 Converter version 1.3.12.1228 (HKLM\...\Free Audio CD to MP3 Converter_is1) (Version: 1.3.12.1228 - DVDVideoSoft Ltd.) Free Audio Converter version 5.0.46.820 (HKLM\...\Free Audio Converter_is1) (Version: 5.0.46.820 - DVDVideoSoft Ltd.) Free CD to MP3 Converter (HKLM\...\Free CD to MP3 Converter) (Version: - Eusing Software) Free DVD MP3 Ripper 1.12 (HKLM\...\Free DVD MP3 Ripper_is1) (Version: - Jodix Technologies Ltd.) Free DVD Video Converter version 2.0.25.415 (HKLM\...\Free DVD Video Converter_is1) (Version: 2.0.25.415 - DVDVideoSoft Ltd.) Free MP4 Video Converter version 5.0.44.623 (HKLM\...\Free MP4 Video Converter_is1) (Version: 5.0.44.623 - DVDVideoSoft Ltd.) Free Screen Video Recorder version 2.5.36.806 (HKLM\...\Free Screen Video Recorder_is1) (Version: 2.5.36.806 - DVDVideoSoft Ltd.) Free Video to JPG Converter version 5.0.32.1230 (HKLM\...\Free Video to JPG Converter_is1) (Version: 5.0.32.1230 - DVDVideoSoft Ltd.) Free YouTube Download version 3.2.56.324 (HKLM\...\Free YouTube Download_is1) (Version: 3.2.56.324 - DVDVideoSoft Ltd.) FreeDoko 0.7.12 (HKLM\...\FreeDoko) (Version: 0.7.12 - Borg Enders und Diether Knof) Freemake Video Converter Version 4.1.6 (HKLM\...\Freemake Video Converter_is1) (Version: 4.1.6 - Ellora Assets Corporation) FreeOCR v4.2 (HKLM\...\freeocr_is1) (Version: - ) FreePDF (Remove only) (HKLM\...\FreePDF_XP) (Version: - ) Garmin City Navigator Europe NTU 2015.30 (HKLM\...\{63F1BF21-7435-4055-AA71-7ED2B7948C8C}) (Version: 2.0.0.0 - Garmin Ltd or its subsidiaries) Garmin Express (HKLM\...\{50755d67-ae60-4e47-b3d6-ce44d01b5a95}) (Version: 4.0.15.0 - Garmin Ltd or its subsidiaries) Garmin Express (Version: 4.0.15.0 - Garmin Ltd or its subsidiaries) Hidden Garmin Express Tray (Version: 4.0.15.0 - Garmin Ltd or its subsidiaries) Hidden Garmin USB Drivers (HKLM\...\{ABA5E381-EC46-425C-86C5-5CD15BBFB4BF}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries) GLUCOFACTS(TM) Deluxe (HKLM\...\{4B1E59A2-A053-4911-896D-1EB84A3E48D1}) (Version: 3.07.03 - Bayer HealthCare) GLUCOFACTS(TM) Deluxe Smart Launch (HKLM\...\{D21D372C-BAE1-4F6A-98F5-E66DDBF327FB}) (Version: 1.24.01 - Bayer HealthCare) Google Chrome (HKLM\...\Google Chrome) (Version: 42.0.2311.135 - Google Inc.) Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden GPL Ghostscript 8.71 (HKLM\...\GPL Ghostscript 8.71) (Version: - ) GUI for dvdauthor 1.07 (HKLM\...\GUI for dvdauthor) (Version: 1.07 - Boraxsoft) Haali Media Splitter (HKLM\...\HaaliMkx) (Version: - ) Helix YUV Codecs (remove only) (HKLM\...\HelixYUVCodecs) (Version: - ) honestech VHS to DVD 2.0 SE (HKLM\...\{2856F5EA-E98A-40E4-BAD6-8C644A4A3F3C}) (Version: 2.0 - honestech) HydraVision (Version: 4.2.184.0 - ATI Technologies Inc.) Hidden ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.5.0 - LIGHTNING UK!) IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.38 - Irfan Skiljan) Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation) Kalenderchen 5 (HKLM\...\{11464943-4682-4F6B-A96D-D4E8C26DD111}_is1) (Version: - Daniel Manger) Kaspersky Internet Security 2013 (HKLM\...\InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}) (Version: 13.0.1.4190 - Kaspersky Lab) Kaspersky Internet Security 2013 (Version: 13.0.1.4190 - Kaspersky Lab) Hidden K-Lite Codec Pack 10.5.0 Full (HKLM\...\KLiteCodecPack_is1) (Version: 10.5.0 - ) LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version: - ) Logitech SetPoint 6.51 (HKLM\...\sp6) (Version: 6.51.8 - Logitech) Logitech Vid HD (HKLM\...\Logitech Vid) (Version: 7.2 (7259) - Logitech Inc..) Logitech Webcam-Software (HKLM\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.31 - Logitech Inc.) Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) Max Uninstaller version 2.0 (HKLM\...\{C7022C9B-4DE0-4A57-B395-ED3BFDB78D73}_is1) (Version: 2.0 - hxxp://www.maxuninstaller.com/) MD Exif 1.3 (HKLM\...\MD Exif_is1) (Version: - Stefan Göppert Softwareentwicklung) MediaMonkey 4.1 (HKLM\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.) MEDION GoPal Assistant (HKLM\...\{B9D45A76-61DF-4387-B0FE-CA165D582B57}) (Version: 6.3.6.13143 - MEDION) Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft GIF Animator (HKLM\...\GIF Animator) (Version: - ) Microsoft Office Converter Pack (HKLM\...\Microsoft Office Converter Pack) (Version: - ) Microsoft Office Word Viewer 2003 (HKLM\...\{90850407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{e6e75766-da0f-4ba2-9788-6ea593ce702d}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.) Movie Maker (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Mozilla Firefox 36.0.4 (x86 de) (HKLM\...\Mozilla Firefox 36.0.4 (x86 de)) (Version: 36.0.4 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 36.0.4 - Mozilla) Mozilla Thunderbird 17.0.8 (x86 de) (HKLM\...\Mozilla Thunderbird 17.0.8 (x86 de)) (Version: 17.0.8 - Mozilla) Mp3tag v2.69 (HKLM\...\Mp3tag) (Version: v2.69 - Florian Heidenreich) MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) Napster 5.0 Beta (HKLM\...\com.Rhapsody.Napster5) (Version: 1.0.29 - Rhapsody International Inc) Napster 5.0 Beta (Version: 1.0.29 - Rhapsody International Inc) Hidden Napster Rienf Repair (HKLM\...\{7FF8A00B-5FA7-4BD4-A6B9-131CE0D1FC11}) (Version: 1.1.9 - NA) Napster v2.0 BETA 10.4 (HKLM\...\Napster v2.0 BETA 10.4) (Version: - ) Newblue Art Effects for PowerDirector (HKLM\...\NewBlue Art Effects for PowerDirector) (Version: 2.0 - NewBlue) OEXtract 1.0 (Testversion) (HKLM\...\OEXtract - Dateireader für Outlook Express (Testversion)_is1) (Version: - Priotecs Software) OEXtract 1.0 (Vollversion) (HKLM\...\OEXtract - Dateireader für Outlook Express (Vollversion)_is1) (Version: - Priotecs Software) Office Password Recovery PRO v1.0 (remove only) (HKLM\...\Password Solutions - Office Password Recovery PRO) (Version: 1.0 - Password Solutions) OpenOffice 4.1.0 (HKLM\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation) Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}) (Version: 3.60.0 - dotPDN LLC) PassportPhoto (remove) (HKU\S-1-5-21-3719280737-1325245270-1685948379-1001\...\PassportPhoto) (Version: - ) Patrizier II Gold (HKLM\...\Patrizier II Gold_is1) (Version: - ) PDF Blender (HKLM\...\PDF Blender) (Version: - ) PDF Editor 4 (HKLM\...\PDF Editor 4) (Version: - ) PDF To JPG 2.0 (HKLM\...\PDF To JPG_is1) (Version: - PDF To JPG) PDF24 Creator 6.9.2 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org) PDF2Word 1.0 (HKLM\...\PDF2Word 1.0) (Version: - ) PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.6.2 - pdfforge) PhotoScape (HKLM\...\PhotoScape) (Version: - ) PhotoStitch (Version: 3.1.10 - Canon) Hidden PrintProfi CD-Label (HKLM\...\{F336E5BC-6281-4ECD-8CA8-38D158D0AEAE}) (Version: - ) Protect Disc License Helper 1.0.125 (IE) (HKU\.DEFAULT\...\Protect Disc License Helper) (Version: 1.0.125 - Protect Disc) Quick Player 2010 2.3 (HKLM\...\Quick Player 2010 2.3) (Version: - ) QuickSteuer 2015 (HKLM\...\{49E0E0CA-C817-49C8-861B-B766599BCB96}) (Version: 20.33.156 - Haufe-Lexware GmbH & Co.KG) QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.) RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: - ) Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group) Royal Doppelkopf (HKLM\...\{75EA97E2-BAD7-45DF-8196-82A828BF47DC}) (Version: 1.0.9 - <no manufacturer>) Screen Recorder 1 (HKLM\...\Screen Recorder 1) (Version: - ) SDP Downloader (HKLM\...\{B547CB8D-549A-436E-97B5-E79F911B11E2}) (Version: 2.3.0 - SDP Multimedia) Skat 2095 Special Edition V2.0 (HKLM\...\Skat 2095 Special Edition V2.0_is1) (Version: - ) Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.) SmartSound Quicktracks 5 (HKLM\...\InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.8 - SmartSound Software Inc.) SmartSound Quicktracks 5 (Version: 5.1.8 - SmartSound Software Inc.) Hidden SMI USB Grabber (HKLM\...\{B03B98E3-2795-48F6-BA33-793BBF5DF685}) (Version: 1.0.0.02 - Somagic Inc) SoftMaker Office Standard 2012 (HKLM\...\{8EBB8452-274B-465D-8324-00B0832FBB02}) (Version: 12.0.3493 - SoftMaker Software GmbH) Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.3.39 - Safer-Networking Ltd.) Startfenster (HKLM\...\Startfenster) (Version: - Startfenster) Switch Audiodatei-Konverter (HKLM\...\Switch) (Version: 4.77 - NCH Software) Technotrend Viewer (HKLM\...\TT-Viewer_is1) (Version: - CM&V) The Lord of the Rings FREE Trial (Version: 1.00.0000 - ATI Technologies Inc.) Hidden Tipard TS Converter 7.1.52 (HKLM\...\{2D85A23D-06EF-4df2-BF09-B39AEDAE9140}_is1) (Version: 7.1.52 - Tipard Studio) TKexe designer (HKU\S-1-5-21-3719280737-1325245270-1685948379-1001\...\c4db908bc0b92124) (Version: 2.0.1.25 - TKexe Printservice) Total Commander (Remove or Repair) (HKLM\...\Totalcmd) (Version: 7.50a - Ghisler Software GmbH) Trojan Killer (HKLM\...\GridinSoft Trojan Killer) (Version: 2.2.7.1 - GridinSoft LLC) TSDoctor (HKLM\...\{B737ED31-760E-444A-A696-3D8DB8988412}) (Version: 1.2.116 - Cypheros) Tunatic (HKLM\...\Tunatic) (Version: - ) TuneUp Utilities 2012 (HKLM\...\TuneUp Utilities 2012) (Version: 12.0.3600.171 - TuneUp Software) TuneUp Utilities 2012 (Version: 12.0.3600.171 - TuneUp Software) Hidden TuneUp Utilities Language Pack (de-DE) (Version: 12.0.3600.171 - TuneUp Software) Hidden UltraMixer 2.4.6 (HKLM\...\{32E2F180-247C-4077-B06A-20F9868568E0}_is1) (Version: 2.4.6 - UltraMixer Digital Audio Solutions) USB2.0 Grabber (HKLM\...\{45518B6D-9DDF-4144-83E4-A56762524F35}) (Version: 7.12.000.003 - Youyan) VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden VIDEO DVR (HKLM\...\{EBD0EE76-2CFC-4EE5-AFE6-7EEAA3B14332}) (Version: 2012.04.17 - -) Videoload (HKU\S-1-5-21-3719280737-1325245270-1685948379-1001\...\1260033950.wcps.t-online.de) (Version: - wcps.t-online.de) Videoload Manager 2.0.2200 (HKLM\...\Videoload Manager) (Version: 2.0.2200 - T-Online) VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN) VOB2MPG v3 (HKLM\...\{908B5359-244E-4E09-AA9F-DBF240679B46}) (Version: 3.2.2000 - BadgerIT) WEB.DE MailCheck für Mozilla Firefox (HKLM\...\1&1 Mail & Media GmbH Toolbar FF) (Version: 3.0.2.1739 - 1&1 Mail & Media GmbH) Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin) Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation) Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp) Windows Media Player Packages (HKU\S-1-5-21-3719280737-1325245270-1685948379-1001\...\Windows Media Player Packages) (Version: - ) <==== ATTENTION Windows Mobile Device Center Driver Update (HKLM\...\{E7044E25-3038-4A76-9064-344AC038043E}) (Version: 6.1.6965.0 - Microsoft Corporation) Windows Mobile-Gerätecenter (HKLM\...\{904CCF62-818D-4675-BC76-D37EB399F917}) (Version: 6.1.6965.0 - Microsoft Corporation) Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.) Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software) WinRAR (HKLM\...\WinRAR archiver) (Version: - ) Wondershare PDF Converter Pro (Build 4.0.5) (HKLM\...\{67CC8351-9D8B-4EDF-AAEE-B8CB17E5F3AC}_is1) (Version: 4.0.5 - Wondershare Software) Wondershare Video Converter Ultimate(Build 7.1.0.2) (HKLM\...\Wondershare Video Converter Ultimate_is1) (Version: 7.1.0.2 - Wondershare Software) XLS to DBF Converter 1.50 (HKLM\...\XLS to DBF Converter_is1) (Version: - WhiteTown Software) XMedia Recode Version 3.2.2.7 (HKLM\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.2.2.7 - XMedia Recode) Xvid Video Codec (HKLM\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{0295691A-D674-4904-805C-BDFE165B4CA0}\localserver32 -> C:\Program Files\SoftMaker Office Standard 2012\PlanMaker.exe (SoftMaker Software GmbH) CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{0295691A-D674-4904-805C-BDFE165B771B}\localserver32 -> C:\Program Files\SoftMaker Office Standard 2012\TextMaker.exe (SoftMaker Software GmbH) CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{0713E8A2-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{0713E8D2-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{0AF398C8-E8E1-700c-2e0c-9348f8fd20df}\InprocServer32 -> C:\Windows\system32\OLE32.DLL (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{0BA686AA-F7D3-101A-993E-0000C0EF6F5E}\InprocServer32 -> C:\Windows\system32\THREED32.OCX (Sheridan Software Systems, Inc.) CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{0BA686AE-F7D3-101A-993E-0000C0EF6F5E}\InprocServer32 -> C:\Windows\system32\THREED32.OCX (Sheridan Software Systems, Inc.) CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{0BA686AF-F7D3-101A-993E-0000C0EF6F5E}\InprocServer32 -> C:\Windows\system32\THREED32.OCX (Sheridan Software Systems, Inc.) CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{0BA686B3-F7D3-101A-993E-0000C0EF6F5E}\InprocServer32 -> C:\Windows\system32\THREED32.OCX (Sheridan Software Systems, Inc.) CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{0BA686B4-F7D3-101A-993E-0000C0EF6F5E}\InprocServer32 -> C:\Windows\system32\THREED32.OCX (Sheridan Software Systems, Inc.) CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{0BA686B8-F7D3-101A-993E-0000C0EF6F5E}\InprocServer32 -> C:\Windows\system32\THREED32.OCX (Sheridan Software Systems, Inc.) CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{0BA686B9-F7D3-101A-993E-0000C0EF6F5E}\InprocServer32 -> C:\Windows\system32\THREED32.OCX (Sheridan Software Systems, Inc.) CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{0BA686BD-F7D3-101A-993E-0000C0EF6F5E}\InprocServer32 -> C:\Windows\system32\THREED32.OCX (Sheridan Software Systems, Inc.) CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{0BA686BE-F7D3-101A-993E-0000C0EF6F5E}\InprocServer32 -> C:\Windows\system32\THREED32.OCX (Sheridan Software Systems, Inc.) CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{0BA686C2-F7D3-101A-993E-0000C0EF6F5E}\InprocServer32 -> C:\Windows\system32\THREED32.OCX (Sheridan Software Systems, Inc.) CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{0BA686C3-F7D3-101A-993E-0000C0EF6F5E}\InprocServer32 -> C:\Windows\system32\THREED32.OCX (Sheridan Software Systems, Inc.) CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{0BA686C7-F7D3-101A-993E-0000C0EF6F5E}\InprocServer32 -> C:\Windows\system32\THREED32.OCX (Sheridan Software Systems, Inc.) CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{0CD1A340-7FAB-04a4-3e71-d3d3f8fd20df}\InprocServer32 -> C:\Windows\system32\OLE32.DLL (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{0E7589F8-3F4A-21cc-08a8-cd01f8fd20df}\InprocServer32 -> C:\Windows\system32\OLE32.DLL (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{109D12C4-4EB6-1144-b843-753df8fd20df}\InprocServer32 -> C:\Windows\system32\OLE32.DLL (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{17A833B2-F647-f2f6-1b53-2d7cf8fd20df}\InprocServer32 -> C:\Windows\system32\OLE32.DLL (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\InprocServer32 -> C:\Windows\system32\MSWINSCK.OCX (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{27395F85-0C0C-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\PICCLP32.OCX (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{2EE319C4-8593-7fe0-edac-4b50f8fd20df}\InprocServer32 -> C:\Windows\system32\OLE32.DLL (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{2F155EE4-C332-11CD-B23C-0000C0058192}\InprocServer32 -> C:\Windows\system32\THREED32.OCX (Sheridan Software Systems, Inc.) CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{30291A01-707C-11d0-B457-4446490043BF}\localserver32 -> C:\Program Files\SoftMaker Office Standard 2012\TextMaker.exe (SoftMaker Software GmbH) CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{373FF7F0-EB8B-11CD-8820-08002B2F4F5A}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{3801CA43-C9A5-2cbd-2116-c251f8fd20df}\InprocServer32 -> C:\Windows\system32\OLE32.DLL (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{399254F2-670F-11D1-8092-0080ADB44B5C}\localserver32 -> C:\Program Files\SoftMaker Office Standard 2012\PlanMaker.exe (SoftMaker Software GmbH) CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{399254F3-670F-11D1-8092-0080ADB44B5C}\localserver32 -> C:\Program Files\SoftMaker Office Standard 2012\PlanMaker.exe (SoftMaker Software GmbH) CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{3A952499-3A8C-dc34-95da-f73bf8fd20df}\InprocServer32 -> C:\Windows\system32\OLE32.DLL (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{4735E322-568B-f1ec-6510-90e8f8fd20df}\InprocServer32 -> C:\Windows\system32\OLE32.DLL (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\InprocServer32 -> C:\Windows\system32\MSINET.OCX (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{4C735EC7-E94E-ac2f-8cd2-f37ff8fd20df}\InprocServer32 -> C:\Windows\system32\OLE32.DLL (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{4C756328-2F47-ca38-bda4-f1b2f8fd20df}\InprocServer32 -> C:\Windows\system32\OLE32.DLL (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{4CC24160-A50F-7270-3a75-75a4f8fd20df}\InprocServer32 -> C:\Windows\system32\OLE32.DLL (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{58DA8D8A-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{58DA8D8F-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{612A8624-0FB3-11CE-8747-524153480004}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{65027E39-AEAF-fac4-df5d-e6c2f8fd20df}\InprocServer32 -> C:\Windows\system32\OLE32.DLL (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{6B7E638F-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{6E38DC65-4180-ca68-7cc4-f56bf8fd20df}\InprocServer32 -> C:\Windows\system32\OLE32.DLL (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{71B4EE53-E932-dbdd-61e5-3afbf8fd20df}\InprocServer32 -> C:\Windows\system32\OLE32.DLL (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{8a087491-5264-11d4-95F6-00A0CC3CCA14}\localserver32 -> C:\Program Files\SoftMaker Office Standard 2012\PlanMaker.exe (SoftMaker Software GmbH) CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{8A291A46-46B3-7292-63d5-9199f8fd20df}\InprocServer32 -> C:\Windows\system32\OLE32.DLL (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{8E932745-E80C-45f5-8423-df98f8fd20df}\InprocServer32 -> C:\Windows\system32\OLE32.DLL (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{9ED94440-E5E8-101B-B9B5-444553540000}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{A8C3B720-0B5A-101B-B22E-00AA0037B2FC}\InprocServer32 -> C:\Windows\system32\GRID32.OCX (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{AACA9EA2-6F92-008f-6ece-683ff8fd20df}\InprocServer32 -> C:\Windows\system32\OLE32.DLL (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{bf608490-5373-11d0-8efb-4446490043bf}\localserver32 -> C:\Program Files\SoftMaker Office Standard 2012\TextMaker.exe (SoftMaker Software GmbH) CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{D5DE8D20-5BB8-11D1-A1E3-00A0C90F2731}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{F4392542-0CFE-101B-B22E-00AA0037B2FC}\InprocServer32 -> C:\Windows\system32\GRID32.OCX (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{F6D87F96-D010-461a-0045-706ef8fd20df}\InprocServer32 -> C:\Windows\system32\OLE32.DLL (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{F78FB21B-A447-b845-9bb8-fc29f8fd20df}\InprocServer32 -> C:\Windows\system32\OLE32.DLL (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\COMDLG32.OCX (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{FDECAF97-6F7B-451a-57f9-fbd8f8fd20df}\InprocServer32 -> C:\Windows\system32\OLE32.DLL (Microsoft Corporation) ==================== Restore Points ========================= ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:04 - 2014-07-02 00:21 - 00450709 ____R C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com 127.0.0.1 10sek.com 127.0.0.1 www.10sek.com 127.0.0.1 www.1-2005-search.com 127.0.0.1 1-2005-search.com 127.0.0.1 123fporn.info 127.0.0.1 www.123fporn.info 127.0.0.1 123haustiereundmehr.com 127.0.0.1 www.123haustiereundmehr.com 127.0.0.1 123moviedownload.com There are 1000 more lines. ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {013C0F72-E552-4AC4-A261-4CE541A9D031} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe [2014-04-25] (Safer-Networking Ltd.) Task: {0772D220-C3AD-4369-BF74-16CDD08E68A2} - System32\Tasks\{02FD5746-A1F9-4486-B88D-85A3CF31B979} => pcalua.exe -a D:\Utilities\DirectX\dxsetup.exe -d D:\Utilities\DirectX Task: {096C0D24-882C-4B08-8A24-05881A99FEF8} - System32\Tasks\{96135FEB-DB57-4E6D-89A0-647352254E78} => pcalua.exe -a C:\Users\Home\Downloads\irfanview_plugins_438_setup(1).exe -d C:\Users\Home\Downloads Task: {0A362B58-ABBE-4DC7-8530-CF37EF39F5FE} - System32\Tasks\{B1C3AF6C-F07A-466E-A421-94FE223F0C06} => pcalua.exe -a C:\Users\Home\Downloads\APRO23_Win_ESD1_WWEFG.exe -d C:\Users\Home\Downloads Task: {11765517-C21F-490D-8559-9ED4EB3EE79B} - System32\Tasks\{1DA0E4E6-85B3-4F07-94C1-E1C789D9039E} => pcalua.exe -a C:\downloads\Software\M_Pass_Finder(1).exe -d C:\downloads\Software Task: {124F544D-9EE7-45CB-99DA-89C8DB1AAD60} - System32\Tasks\Trojan Killer => C:\Program Files\GridinSoft Trojan Killer\trojankiller.exe [2015-04-23] (GridinSoft LLC) Task: {14405332-47DB-4652-A4D8-A9295175B6F0} - System32\Tasks\Divx-Online-Aktualisierungsprogramm => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2014-01-10] () Task: {165EA01E-9226-448F-8BB9-164965894571} - System32\Tasks\{F19FB522-684E-4D87-9CC7-1FF2AED5EE10} => pcalua.exe -a D:\Drivers\Setup.exe -d D:\Drivers Task: {1A08B7A0-E798-46A1-9DC6-E16F33560879} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe [2014-04-25] (Safer-Networking Ltd.) Task: {1E837AFF-C50D-453A-9EB4-C263E28FA3A5} - System32\Tasks\{EEDB1D99-8E90-4017-A256-FB9267BF88AD} => pcalua.exe -a H:\Computer\CStartup\CStartUp.EXE -d H:\Computer\CStartup Task: {210056DE-CCF2-495E-838F-83AC058DFF5F} - System32\Tasks\Lexware-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe Task: {2698C28E-78A4-4985-A55F-6D39C7BDF198} - System32\Tasks\{258712A6-52C4-4CA3-9D65-4426E197812A} => pcalua.exe -a H:\Computer\Downloads-neu\dp2000_3-5.exe -d H:\Computer\Downloads-neu Task: {2793310B-63B4-48C1-9F5D-CCADFFB9687B} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3719280737-1325245270-1685948379-1001 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe Task: {2A5D720E-212E-495D-A0E0-6B7E5EF39DA8} - System32\Tasks\{19000F55-88D1-436B-A67C-734768091901} => C:\Program Files\Skype\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.) Task: {3AE8DAF0-2D1C-494D-9967-15004C2D604A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.) Task: {4303196B-CE7A-4476-A274-7495241EEAC8} - System32\Tasks\{1B29FBC3-0BC8-465D-B65D-D94C4534B9D3} => pcalua.exe -a D:\Utilities\SonyMPEG\install.exe -d D:\Utilities\SonyMPEG Task: {44ED2D9B-1558-44E3-9CBF-7678577AC928} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3719280737-1325245270-1685948379-1001 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe Task: {484BA704-22AE-42F2-AE98-9D79FCA3DCA0} - System32\Tasks\{FAC3CBCF-CA94-4C0A-B4D9-CA10B847768E} => pcalua.exe -a D:\Setup\Setup.exe -d D:\Setup Task: {4CCE5242-F799-400D-B90C-409B34D8A902} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3719280737-1325245270-1685948379-1001 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe Task: {4EC4FC41-A35F-4D55-BB38-D63FBE3F7D17} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation) Task: {502A2562-69BD-47E3-9976-53522A532C1C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {5D0EBAC6-B9A5-4753-9AC0-3D7E1601AB7B} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation) Task: {5E8E6AEE-724B-4517-BFCC-2757A3CC18F8} - System32\Tasks\{C75D6492-A1E3-4017-BF59-AC81F249092B} => pcalua.exe -a "C:\Program Files\Lavalys\EVEREST Home Edition\everest.exe" -d C:\Users\Home\Desktop Task: {60D16A13-6AB1-4308-A615-064027883850} - System32\Tasks\{9E29FF12-276E-4F58-826A-6C7DDD6A07C9} => pcalua.exe -a K:\Computer\CStartup\CStartUp.EXE -d K:\Computer\CStartup Task: {62CA084E-455A-4DF5-8405-029FA6741C73} - System32\Tasks\{5B9F00C7-19A6-4104-944D-3B067D17D2C8} => pcalua.exe -a C:\Users\Home\Desktop\Integrated_BrotherSoft_TB.exe -d C:\Users\Home\Desktop Task: {6356851D-5F35-4EFB-B03C-8355282D9388} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {6B357A0F-9069-415B-9377-E4BFF2D5391E} - System32\Tasks\{F2C97F45-3879-47ED-A783-1C76CE1A41C0} => pcalua.exe -a W:\Werkzeuge\Q-sonic\Drivers\Setup.exe -d W:\Werkzeuge\Q-sonic\Drivers Task: {77693F8B-84FA-4B65-8FAB-F7ACC2D49F8E} - System32\Tasks\{3677C788-B53D-4E82-99B3-A5797F018680} => pcalua.exe -a C:\Users\Home\Downloads\irfanview_plugins_436_setup.exe -d C:\Users\Home\Downloads Task: {77A04416-3991-4B96-8E3B-A8D35BF222D2} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3719280737-1325245270-1685948379-1001 => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe Task: {7F5070D9-2D3F-4495-859B-B9B0DEB8B2CF} - System32\Tasks\Real Player-Online-Aktualisierungsprogramm => C:\Program Files\Real\RealPlayer\update\realsched.exe Task: {81563AA5-0CD8-4E32-8C22-1D35D86A8D7A} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation) Task: {8899C3B4-241D-438D-A9EC-0A2615D397F8} - System32\Tasks\{515A30A9-1E46-49B2-AAA7-21BDB43C4F18} => pcalua.exe -a "C:\Program Files\TechniSat DVB\bin\Setup4PC.exe" -d "C:\Program Files\TechniSat DVB\bin" Task: {8D28C47C-37F5-4857-A914-C7AEB8D7241B} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3719280737-1325245270-1685948379-1001 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe Task: {9E684E3C-7993-4CCE-AA8A-C8CBDCF441E3} - System32\Tasks\{2A75B433-1734-4C90-A867-9E3FEDDD7CDD} => pcalua.exe -a N:\Computer\CStartup\CStartUp.EXE -d n:\Computer\CStartup Task: {AA407090-3662-4AF2-B924-16E9CC3BEEF4} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2014-12-17] (Oracle Corporation) Task: {AEBAB572-2025-4EA7-B3FA-49ACD6F32951} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3719280737-1325245270-1685948379-1001 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe Task: {AFD40DB1-CE00-4000-B0DA-1CB57C9B7D0C} - System32\Tasks\{EFDF58DF-BFBA-46A4-858E-C3CD60EC11AD} => pcalua.exe -a "C:\Users\Home\Downloads\PC Drivers HeadQuarters\Driver Detective\mcekit_setup.exe" -d "C:\Users\Home\Downloads\PC Drivers HeadQuarters\Driver Detective" Task: {B21F7E5C-3600-4394-8979-07BD6EE1FF36} - System32\Tasks\{335DFFD1-0167-424E-8235-C73364469415} => pcalua.exe -a "D:\Utilities\Flash Player\flashplayer7_winax.exe" -d "D:\Utilities\Flash Player" Task: {B542E1AA-1A38-446F-975F-E899C138F39A} - System32\Tasks\{C28788E7-581B-4B90-97C2-0099D4888DD8} => pcalua.exe -a C:\Users\Home\Downloads\irfanview_plugins_433_setup(1).exe -d C:\Users\Home\Downloads Task: {B6A431E7-F5C7-46A3-B033-5C33159D3C01} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe [2014-04-25] (Safer-Networking Ltd.) Task: {BCAE2D8F-D45C-41B2-9F03-7EFE5348E72D} - System32\Tasks\{2D9278F9-DE03-488F-8AD7-415C7F96541D} => pcalua.exe -a C:\Users\Home\AppData\Local\Temp\Winload.exe -d C:\Downloads -c /s -silent -DefaultSearch=FALSE -StartPage=FALSE -showPersonalCompDialog=FALSE Task: {C5F7DDA3-15DD-4239-A281-6CDAB48BAC22} - System32\Tasks\Sansa Dispatch => C:\Users\Home\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe Task: {CD04E532-D555-4513-90F5-5FEABCD07715} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3719280737-1325245270-1685948379-1001 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe Task: {CE1B1105-A62A-4B59-AF86-18414B79A840} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation) Task: {D7152DFE-3195-4C15-86EA-87BE7446F816} - System32\Tasks\Abelssoft\CheckDriveBackgroundGuard => C:\Program Files\CheckDrive\CheckDriveBackgroundGuard.exe Task: {DB9A1A89-34B8-4631-9B93-2CE371D92AA0} - System32\Tasks\{F72BC835-1BEF-4643-A681-770E8114E46D} => pcalua.exe -a N:\Computer\eMAILS\OE-Kombi-Pack\Backup-Tool\setup.exe -d N:\Computer\eMAILS\OE-Kombi-Pack\Backup-Tool Task: {DC2AC514-74CD-4ACF-A8E2-B3D9052057E9} - System32\Tasks\GarminUpdaterTask => C:\Program Files\Garmin\Express Self Updater\ExpressSelfUpdater.exe Task: {F355B065-DAB2-4A89-A31C-A3A1A4D47E81} - System32\Tasks\{46792AD2-76CE-4141-9EF6-3FD5C8CC6672} => pcalua.exe -a "C:\Program Files\Babylon\Babylon-Pro\Utils\uninstbb.exe" Task: {FDB5C640-1D6F-40B6-9853-D5915981F2BA} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {FE892AFB-0ADD-430D-A146-2D074E279272} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated) Task: {FFF5226B-CC13-4F46-81DA-0CEFE1F0B19A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============== 2012-01-24 16:03 - 2010-06-17 22:56 - 00116224 _____ () C:\Windows\System32\redmonnt.dll 2008-10-24 16:35 - 2008-10-24 16:35 - 00128296 _____ () C:\Program Files\Lexware\AAVUpdateManager\aavus.exe 2012-12-14 13:45 - 2012-12-14 13:45 - 01310136 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\kpcengine.2.2.dll 2015-03-17 13:43 - 2012-12-21 11:41 - 00254552 ____N () C:\Program Files\CyberLink\Shared files\RichVideo.exe 2014-07-01 22:00 - 2014-04-25 14:11 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl 2014-07-01 22:00 - 2014-04-25 14:11 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl 2014-07-01 22:00 - 2014-04-25 14:11 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl 2014-07-01 22:00 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll 2014-07-01 22:00 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll 2010-10-21 19:32 - 2010-03-15 12:28 - 00141824 _____ () C:\Program Files\WinRAR\rarext.dll 2003-09-16 17:50 - 2003-09-16 17:50 - 00229376 _____ () C:\Windows\System32\CmWatch.exe 2012-08-17 21:38 - 2012-08-17 21:38 - 00479160 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll 2014-07-05 10:09 - 2014-10-31 16:37 - 01498112 _____ () C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll 2014-07-05 10:09 - 2014-05-19 17:19 - 00137728 _____ () C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll 2012-11-16 16:09 - 2012-11-16 16:09 - 00369152 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:60466E88 AlternateDataStreams: C:\ProgramData\TEMP:A5B56640 ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, the associated entry will be removed from the registry.) IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com There are 7865 more restricted sites. ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3719280737-1325245270-1685948379-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Home\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.178.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (whitelisted) =============== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [{E414FD12-D373-480C-81AD-B076819F3451}] => (Allow) D:\fsetup.exe FirewallRules: [{D7DB5B33-FC81-4A9E-9576-8DB56EF932B5}] => (Allow) D:\fsetup.exe FirewallRules: [{1BF225B8-8090-4230-AF69-F391C3DC8D8C}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe FirewallRules: [{B9AC60E0-F62C-4A6F-8079-79BDE7FF41AF}] => (Allow) C:\Program Files\Password Solutions\Office Password Recovery PRO\OfficePasswordRecoveryPRO.exe FirewallRules: [{5AFE0747-1DB6-4658-AB05-55E081DF3665}] => (Allow) C:\Program Files\Password Solutions\Office Password Recovery PRO\OfficePasswordRecoveryPRO.exe FirewallRules: [{81C39690-24BE-473C-B740-035686A3BD38}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe FirewallRules: [WCF-NetTcpActivator-In-TCP-32bit] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe FirewallRules: [{0DE6869C-0C62-4F46-BE43-56C00935003D}] => (Allow) C:\Program Files\Logitech\Vid HD\Vid.exe FirewallRules: [{C6D56887-8C74-40B1-B9A9-50E3F08465D5}] => (Allow) C:\Program Files\Logitech\Vid HD\Vid.exe FirewallRules: [{04F359E7-CA9F-49DD-8A55-DCF04DCF9A51}] => (Allow) C:\Users\Home\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{FB621D64-8FE8-443D-BDC3-50969DCB2CA0}] => (Allow) C:\Users\Home\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [TCP Query User{C686DC63-097F-4288-BA31-34AD511A8566}C:\users\home\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\home\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [UDP Query User{786BACB4-225F-4176-B26E-B7F6C86F2A11}C:\users\home\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\home\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [TCP Query User{55FB332D-8DA7-4D41-845A-585D5C355A68}C:\windows\explorer.exe] => (Allow) C:\windows\explorer.exe FirewallRules: [UDP Query User{44360BBC-DEFF-4D4D-BFD6-EF11FE03C66C}C:\windows\explorer.exe] => (Allow) C:\windows\explorer.exe FirewallRules: [TCP Query User{E95CFACC-58A1-4E99-BB82-4B8BA4D99C76}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe FirewallRules: [UDP Query User{97C55EB5-D28D-4DBB-8BEF-6FD596939AB6}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe FirewallRules: [{6081BCF4-659A-4BF4-9E02-45EBE26B3744}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe FirewallRules: [{913D79B4-5AC3-414C-8A8A-8A57D8980CBB}] => (Allow) LPort=2869 FirewallRules: [{E52B857E-9976-4EDA-97D8-2A08A8B3D12C}] => (Allow) LPort=1900 FirewallRules: [TCP Query User{7A008C18-F838-4C03-91B8-B3F712D15032}C:\program files\mediamonkey\mediamonkey (non-skinned).exe] => (Allow) C:\program files\mediamonkey\mediamonkey (non-skinned).exe FirewallRules: [UDP Query User{40EE451A-A031-4C55-8C44-C54710101A6C}C:\program files\mediamonkey\mediamonkey (non-skinned).exe] => (Allow) C:\program files\mediamonkey\mediamonkey (non-skinned).exe FirewallRules: [TCP Query User{BF937590-79B9-41B8-B6EA-B3C24AFDE0D3}C:\windows\system32\javaw.exe] => (Allow) C:\windows\system32\javaw.exe FirewallRules: [UDP Query User{00231B14-50E5-4074-B18F-4A20EDD47E8A}C:\windows\system32\javaw.exe] => (Allow) C:\windows\system32\javaw.exe FirewallRules: [TCP Query User{AECEC791-D4FC-4315-8BF5-4B01F4125BEE}C:\program files\mediamonkey\mediamonkey (non-skinned).exe] => (Allow) C:\program files\mediamonkey\mediamonkey (non-skinned).exe FirewallRules: [UDP Query User{460CD571-FC36-41A1-A654-246B0A14BB6A}C:\program files\mediamonkey\mediamonkey (non-skinned).exe] => (Allow) C:\program files\mediamonkey\mediamonkey (non-skinned).exe FirewallRules: [{D740BC39-CEFA-4C13-9618-03AFC5130F19}] => (Allow) C:\Program Files\Apowersoft\Apowersoft Screen Recorder Pro\Apowersoft Screen Recorder Pro.exe FirewallRules: [{740BCFC3-FD35-4606-B112-2406DBC57497}] => (Allow) C:\Program Files\Apowersoft\Apowersoft Screen Recorder Pro\Apowersoft Screen Recorder Pro.exe FirewallRules: [{F96A1494-BC1F-4CE5-8FE7-6172057128EF}] => (Allow) C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe FirewallRules: [{DD53377F-9B6C-49B9-AFFF-F2E48BB29B61}] => (Allow) C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe FirewallRules: [TCP Query User{85CF76EF-914C-4434-BAE8-55A3FF009293}C:\program files\wondershare\video converter ultimate\videoconverterultimate.exe] => (Allow) C:\program files\wondershare\video converter ultimate\videoconverterultimate.exe FirewallRules: [UDP Query User{97BC8FF6-1DE8-4639-A28B-9150691E2BDA}C:\program files\wondershare\video converter ultimate\videoconverterultimate.exe] => (Allow) C:\program files\wondershare\video converter ultimate\videoconverterultimate.exe FirewallRules: [{1120D557-4940-4B91-A465-C3B5286EB819}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe FirewallRules: [{A7200B32-860D-424F-9F7C-25130C7BC6CC}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{17C22E0F-960B-4D13-8B7F-E807ADB79703}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe StandardProfile\AuthorizedApplications: [C:\Program Files\fotobuch.de\Designer 2.0\Designer.exe] => Designer.exe StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (05/02/2015 10:33:52 AM) (Source: VSS) (EventID: 12292) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden. ] ist ein Fehler aufgetreten. Vorgang: Für diesen Anbieter eine aufrufbare Schnittstelle abrufen Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen Schattenkopien abfragen Kontext: Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5} Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} Snapshotkontext: 13 Snapshotkontext: 13 Ausführungskontext: Coordinator Error: (05/02/2015 10:33:52 AM) (Source: VSS) (EventID: 13) (User: ) Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} und dem Namen "SW_PROV" kann nicht gestartet werden. [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden. ] Vorgang: Für diesen Anbieter eine aufrufbare Schnittstelle abrufen Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen Schattenkopien abfragen Kontext: Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5} Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} Snapshotkontext: 13 Snapshotkontext: 13 Ausführungskontext: Coordinator Error: (05/02/2015 10:16:18 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: DATA BECKER Update Service.exe, Version: 0.0.4.1, Zeitstempel: 0x4d89246b Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18798, Zeitstempel: 0x5507b3c6 Ausnahmecode: 0xc0000374 Fehleroffset: 0x000c3b93 ID des fehlerhaften Prozesses: 0xabc Startzeit der fehlerhaften Anwendung: 0xDATA BECKER Update Service.exe0 Pfad der fehlerhaften Anwendung: DATA BECKER Update Service.exe1 Pfad des fehlerhaften Moduls: DATA BECKER Update Service.exe2 Berichtskennung: DATA BECKER Update Service.exe3 Error: (05/02/2015 09:35:08 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm FreemakeVC.exe, Version 4.1.6.1 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1478 Startzeit: 01d0849e641f1633 Endzeit: 23 Anwendungspfad: C:\Program Files\Freemake\Freemake Video Converter\FreemakeVC.exe Berichts-ID: Error: (05/02/2015 08:08:13 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm FreemakeVC.exe, Version 4.1.6.1 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 460 Startzeit: 01d0849dd9422dae Endzeit: 31 Anwendungspfad: C:\Program Files\Freemake\Freemake Video Converter\FreemakeVC.exe Berichts-ID: Error: (05/02/2015 07:27:47 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (05/02/2015 07:22:30 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (05/02/2015 07:19:38 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (05/02/2015 07:18:02 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: rundll32.exe_aepdu.dll, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc637 Name des fehlerhaften Moduls: generaltel.dll, Version: 10.0.10037.0, Zeitstempel: 0x550d5182 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002c98e ID des fehlerhaften Prozesses: 0xcec Startzeit der fehlerhaften Anwendung: 0xrundll32.exe_aepdu.dll0 Pfad der fehlerhaften Anwendung: rundll32.exe_aepdu.dll1 Pfad des fehlerhaften Moduls: rundll32.exe_aepdu.dll2 Berichtskennung: rundll32.exe_aepdu.dll3 Error: (05/02/2015 07:08:08 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: DATA BECKER Update Service.exe, Version: 0.0.4.1, Zeitstempel: 0x4d89246b Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18798, Zeitstempel: 0x5507b3c6 Ausnahmecode: 0xc0000374 Fehleroffset: 0x000c3b93 ID des fehlerhaften Prozesses: 0x864 Startzeit der fehlerhaften Anwendung: 0xDATA BECKER Update Service.exe0 Pfad der fehlerhaften Anwendung: DATA BECKER Update Service.exe1 Pfad des fehlerhaften Moduls: DATA BECKER Update Service.exe2 Berichtskennung: DATA BECKER Update Service.exe3 System errors: ============= Error: (05/02/2015 10:21:26 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: ) Description: WMPNetworkSvc0x80070422 Error: (05/02/2015 10:21:21 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058 Error: (05/02/2015 10:11:28 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: amdkmafd Error: (05/02/2015 10:11:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Pinnacle WDM PCTV Video Capture" wurde aufgrund folgenden Fehlers nicht gestartet: %%1058 Error: (05/02/2015 10:11:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Pinnacle WDM PCTV Audio Capture" wurde aufgrund folgenden Fehlers nicht gestartet: %%1058 Error: (05/02/2015 10:09:58 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Spybot-S&D 2 Security Center Service" ist vom Dienst "Sicherheitscenter" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (05/02/2015 10:09:58 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Sicherheitscenter" ist vom Dienst "Windows-Verwaltungsinstrumentation" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1115 Error: (05/02/2015 10:09:57 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Druckwarteschlange" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error: (05/02/2015 10:09:57 AM) (Source: Service Control Manager) (EventID: 7038) (User: ) Description: Der Dienst "Spooler" konnte sich nicht als "NT AUTHORITY\SYSTEM" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%50 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error: (05/02/2015 10:09:00 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0" wurde aufgrund folgenden Fehlers nicht gestartet: %%5 Microsoft Office Sessions: ========================= Error: (05/02/2015 10:33:52 AM) (Source: VSS) (EventID: 12292) (User: ) Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden. Vorgang: Für diesen Anbieter eine aufrufbare Schnittstelle abrufen Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen Schattenkopien abfragen Kontext: Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5} Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} Snapshotkontext: 13 Snapshotkontext: 13 Ausführungskontext: Coordinator Error: (05/02/2015 10:33:52 AM) (Source: VSS) (EventID: 13) (User: ) Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}SW_PROV0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden. Vorgang: Für diesen Anbieter eine aufrufbare Schnittstelle abrufen Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen Schattenkopien abfragen Kontext: Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5} Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} Snapshotkontext: 13 Snapshotkontext: 13 Ausführungskontext: Coordinator Error: (05/02/2015 10:16:18 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: DATA BECKER Update Service.exe0.0.4.14d89246bntdll.dll6.1.7601.187985507b3c6c0000374000c3b93abc01d084b0412afe26C:\Program Files\Common Files\DATA BECKER Shared\DATA BECKER Update Service.exeC:\Windows\SYSTEM32\ntdll.dll81ab2b5a-f0a3-11e4-9b18-0009dd64401c Error: (05/02/2015 09:35:08 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: FreemakeVC.exe4.1.6.1147801d0849e641f163323C:\Program Files\Freemake\Freemake Video Converter\FreemakeVC.exe Error: (05/02/2015 08:08:13 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: FreemakeVC.exe4.1.6.146001d0849dd9422dae31C:\Program Files\Freemake\Freemake Video Converter\FreemakeVC.exe Error: (05/02/2015 07:27:47 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\common files\logishrd\sp6_uninstall\tools\64\AddBrowsers.exe Error: (05/02/2015 07:22:30 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\cyberlink\powerdirector11\muitransfer\MUIStartMenuX64.exe Error: (05/02/2015 07:19:38 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\SLSTaskbar64.exe Error: (05/02/2015 07:18:02 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: rundll32.exe_aepdu.dll6.1.7600.163854a5bc637generaltel.dll10.0.10037.0550d5182c00000050002c98ecec01d08495edc729e8C:\Windows\system32\rundll32.exeC:\Windows\system32\generaltel.dll9a5d5084-f08a-11e4-9377-0009dd64401c Error: (05/02/2015 07:08:08 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: DATA BECKER Update Service.exe0.0.4.14d89246bntdll.dll6.1.7601.187985507b3c6c0000374000c3b9386401d08495ee5139b7C:\Program Files\Common Files\DATA BECKER Shared\DATA BECKER Update Service.exeC:\Windows\SYSTEM32\ntdll.dll38a7d6cd-f089-11e4-9377-0009dd64401c CodeIntegrity Errors: =================================== Date: 2014-09-11 21:11:00.917 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-09-11 21:11:00.917 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-09-11 21:11:00.901 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-09-11 21:11:00.901 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-09-11 21:04:09.918 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-09-11 21:04:09.903 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-08-14 13:00:40.405 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-08-14 13:00:40.403 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-08-14 13:00:40.367 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-08-14 13:00:40.364 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Processor: Pentium(R) Dual-Core CPU E5200 @ 2.50GHz Percentage of memory in use: 62% Total physical RAM: 2046.42 MB Available physical RAM: 768.2 MB Total Pagefile: 4092.84 MB Available Pagefile: 2403.32 MB Total Virtual: 2047.88 MB Available Virtual: 1901.19 MB ==================== Drives ================================ Drive c: (System) (Fixed) (Total:149.05 GB) (Free:27.08 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (RAINBOW) (CDROM) (Total:7.21 GB) (Free:0 GB) UDF Drive f: (Umwandlung - Musik) (Fixed) (Total:1397.26 GB) (Free:1271.02 GB) NTFS Drive g: (MEDIA-HDD) (Fixed) (Total:1397.26 GB) (Free:1287.95 GB) NTFS Drive h: (Trek-Stor-Zwischenmaterial) (Fixed) (Total:76.69 GB) (Free:13.01 GB) NTFS Drive i: (Intenso-Reserve) (Fixed) (Total:48.83 GB) (Free:48.7 GB) NTFS Drive n: (Intenso-Computer) (Fixed) (Total:146.48 GB) (Free:75.3 GB) NTFS Drive o: (Intenso-Familie) (Fixed) (Total:97.66 GB) (Free:69.86 GB) NTFS Drive p: (Intenso-Foto-Archiv) (Fixed) (Total:146.48 GB) (Free:53.02 GB) NTFS Drive q: (Intenso-Haus) (Fixed) (Total:24.41 GB) (Free:13.84 GB) NTFS Drive r: (Intenso-Schreiberei) (Fixed) (Total:68.36 GB) (Free:60.13 GB) NTFS Drive s: (Intenso-Burschenschaft) (Fixed) (Total:24.41 GB) (Free:22.11 GB) NTFS Drive t: (Intenso-Musik) (Fixed) (Total:146.48 GB) (Free:84.59 GB) NTFS Drive u: (Intenso-Polizei) (Fixed) (Total:24.41 GB) (Free:9.62 GB) NTFS Drive v: (Intenso-Bekannte & Verwandte) (Fixed) (Total:87.89 GB) (Free:35.83 GB) NTFS Drive w: (Intenso-Video&TV) (Fixed) (Total:91.66 GB) (Free:57.14 GB) NTFS Drive x: (Intenso-JOKES) (Fixed) (Total:24.41 GB) (Free:23.21 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: E49C41A0) Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 76.7 GB) (Disk ID: 49EFB767) Partition 1: (Not Active) - (Size=76.7 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: DD09E70A) Partition 1: (Not Active) - (Size=1397.3 GB) - (Type=07 NTFS) ======================================================== Disk: 4 (Size: 931.5 GB) (Disk ID: 14EE0B66) Partition 1: (Not Active) - (Size=48.8 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=146.5 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=97.7 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=638.5 GB) - (Type=OF Extended) ==================== End Of Log ============================ |
02.05.2015, 13:30 | #5 |
/// TB-Ausbilder /// Anleitungs-Guru | sm.de - wie werde ich das wieder los? Hi, Schritt 1 Bitte deinstalliere folgende Programme: Java 8 Update 31 Versuche es bei Windows 7 zunächst über Systemsteuerung/Programme deinstallieren. Sollte das nicht gehen, lade Dir bitte Revo Uninstallerhier herunter. Entpacke die zip-Datei auf den Desktop. Anleitung
Wenn Du ein Programm nicht deinstallieren kannst, mach mit dem nächsten weiter. Auch wenn am Ende noch Programme übrig geblieben sind, führe den nächsten Schritt aus: Schritt 2
Schritt 3
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
02.05.2015, 17:39 | #6 |
| sm.de - wie werde ich das wieder los? Nach 2. (AdwCleaner.txt) Code:
ATTFilter # AdwCleaner v4.203 - Bericht erstellt 02/05/2015 um 18:21:43 # Aktualisiert 30/04/2015 von Xplode # Datenbank : 2015-05-02.1 [Server] # Betriebssystem : Windows 7 Professional Service Pack 1 (x86) # Benutzername : Home - HOME-OFFICE # Gestarted von : C:\Users\Home\Desktop\adwcleaner_4.203.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** ***** [ Geplante Tasks ] ***** ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** ***** [ Internetbrowser ] ***** -\\ Internet Explorer v11.0.9600.17728 -\\ Mozilla Firefox v36.0.4 (x86 de) [hl47song.default-1391114288471\prefs.js] - Zeile Gelöscht : user_pref("browser.newtab.url", "chrome://unitedtb/content/newtab/newtab-page.xhtml"); -\\ Google Chrome v42.0.2311.135 ************************* AdwCleaner[R0].txt - [33635 Bytes] - [01/09/2013 01:37:00] AdwCleaner[R10].txt - [1986 Bytes] - [02/05/2015 10:07:53] AdwCleaner[R11].txt - [2105 Bytes] - [02/05/2015 18:20:00] AdwCleaner[R1].txt - [16686 Bytes] - [02/10/2013 07:56:49] AdwCleaner[R2].txt - [10352 Bytes] - [02/10/2013 23:02:11] AdwCleaner[R3].txt - [30063 Bytes] - [22/10/2013 21:40:07] AdwCleaner[R4].txt - [14760 Bytes] - [22/10/2013 22:38:44] AdwCleaner[R5].txt - [7013 Bytes] - [23/10/2013 21:02:31] AdwCleaner[R6].txt - [7098 Bytes] - [24/10/2013 12:28:51] AdwCleaner[R7].txt - [1823 Bytes] - [01/05/2015 23:37:19] AdwCleaner[R8].txt - [1869 Bytes] - [02/05/2015 09:40:17] AdwCleaner[R9].txt - [1926 Bytes] - [02/05/2015 10:04:01] AdwCleaner[S0].txt - [30681 Bytes] - [01/09/2013 01:39:01] AdwCleaner[S1].txt - [16795 Bytes] - [02/10/2013 08:00:30] AdwCleaner[S2].txt - [8586 Bytes] - [02/10/2013 23:05:11] AdwCleaner[S3].txt - [30171 Bytes] - [22/10/2013 21:42:10] AdwCleaner[S4].txt - [14073 Bytes] - [22/10/2013 22:39:30] AdwCleaner[S5].txt - [6945 Bytes] - [23/10/2013 21:03:46] AdwCleaner[S6].txt - [3885 Bytes] - [24/10/2013 12:32:20] AdwCleaner[S7].txt - [2054 Bytes] - [02/05/2015 10:08:57] AdwCleaner[S8].txt - [2034 Bytes] - [02/05/2015 18:21:43] ########## EOF - C:\AdwCleaner\AdwCleaner[S8].txt - [2093 Bytes] ########## Ich bin zuversichtlich ;-) |
02.05.2015, 18:31 | #7 |
/// TB-Ausbilder /// Anleitungs-Guru | sm.de - wie werde ich das wieder los? OK...
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
02.05.2015, 19:08 | #8 |
| sm.de - wie werde ich das wieder los? Habe ich etwas falsch gemacht? Alles funzte wie geplant. Etwas anders lief es vermutlich mit MBAM. Malwarebytes scannte und scannte. Dabei fand es vielleicht 18 bis 18 Bedrohungen oder Roots oder was auch immer. Ich habe mir die Treffer angesehen und sie sahen gefährlich aus. Als es fertig war hat es angeboten, eine Anwendung zu starten. Die Möglichkeit, die Treffer in Quarantäne zu schieben, gab es nicht. Die Treffer wurden gelöscht. Eine Log-Datei wurde angeblich gespeichert, ich weiß aber nicht wo. Ansehen und kopieren konnte ich diese Datei nicht. Also bin ich davon ausgegangen, dass es das zu sm.de gewesen ist. Rechner runter fahren wieder starten und Firefox aufrufen. In Google nach "Ofen" suchen lassen... Die Ergebnisse wurden über sm.de präsentiert ;-( Nun lasse ich Malwarebytes nochmals suchen und dann melde ich mich erneut. |
02.05.2015, 19:11 | #9 |
/// TB-Ausbilder /// Anleitungs-Guru | sm.de - wie werde ich das wieder los?
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
02.05.2015, 19:14 | #10 |
| sm.de - wie werde ich das wieder los? Hier ist der log Code:
ATTFilter <?xml version="1.0" encoding="UTF-16" ?> <mbam-log> <header> <date>2015/05/02 18:48:33 +0200</date> <logfile>mbam-log-2015-05-02 (18-48-32).xml</logfile> <isadmin>yes</isadmin> </header> <engine> <version>2.00.4.1028</version> <malware-database>v2015.05.02.03</malware-database> <rootkit-database>v2015.04.21.01</rootkit-database> <license>free</license> <file-protection>disabled</file-protection> <web-protection>disabled</web-protection> <self-protection>disabled</self-protection> </engine> <system> <osversion>Windows 7 Service Pack 1</osversion> <arch>x86</arch> <username>Home</username> <filesys>NTFS</filesys> </system> <summary> <type>threat</type> <result>completed</result> <objects>469623</objects> <time>2718</time> <processes>0</processes> <modules>0</modules> <keys>5</keys> <values>4</values> <datas>0</datas> <folders>3</folders> <files>8</files> <sectors>0</sectors> </summary> <options> <memory>enabled</memory> <startup>enabled</startup> <filesystem>enabled</filesystem> <archives>disabled</archives> <rootkits>enabled</rootkits> <deeprootkit>enabled</deeprootkit> <heuristics>disabled</heuristics> <pup>warn</pup> <pum>enabled</pum> </options> <items> <key><path>HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}</path><vendor>PUP.Optional.SofTonic.A</vendor><action>none</action><hash>8baf6708d0baef47f1408efa4ab90cf4</hash></key> <key><path>HKU\S-1-5-21-3719280737-1325245270-1685948379-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}</path><vendor>PUP.Optional.SofTonic.A</vendor><action>none</action><hash>8baf6708d0baef47f1408efa4ab90cf4</hash></key> <key><path>HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}</path><vendor>PUP.Optional.SofTonic.A</vendor><action>none</action><hash>8baf6708d0baef47f1408efa4ab90cf4</hash></key> <key><path>HKU\S-1-5-21-3719280737-1325245270-1685948379-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}</path><vendor>PUP.Optional.SofTonic.A</vendor><action>none</action><hash>8baf6708d0baef47f1408efa4ab90cf4</hash></key> <key><path>HKU\S-1-5-21-3719280737-1325245270-1685948379-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\softonic-de3</path><vendor>PUP.Optional.Softonic.A</vendor><action>none</action><hash>5edce48b3951c96dbadec811bc470ef2</hash></key> <value><path>HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER</path><valuename>{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}</valuename><vendor>PUP.Optional.SofTonic.A</vendor><action>none</action><valuedata>ã£ÌÃdòJ¿Á¯ f¶e</valuedata><hash>8baf6708d0baef47f1408efa4ab90cf4</hash></value> <value><path>HKU\S-1-5-21-3719280737-1325245270-1685948379-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER</path><valuename>{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}</valuename><vendor>PUP.Optional.SofTonic.A</vendor><action>none</action><valuedata>ã£ÌÃdòJ¿Á¯ f¶e</valuedata><hash>8baf6708d0baef47f1408efa4ab90cf4</hash></value> <value><path>HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}</path><valuename></valuename><vendor>PUP.Optional.SofTonic.A</vendor><action>none</action><valuedata></valuedata><hash>3109640b8802c96dbf72a3e5699a5ea2</hash></value> <value><path>HKU\S-1-5-21-3719280737-1325245270-1685948379-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}</path><valuename></valuename><vendor>PUP.Optional.SofTonic.A</vendor><action>none</action><valuedata></valuedata><hash>bd7df07f3c4e0333e948a5e39f64ff01</hash></value> <folder><path>C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\hl47song.default-1391114288471\MyScrapNook_12</path><vendor>PUP.Optional.MyScrapNook.A</vendor><action>none</action><hash>c37766094743fb3b2a164b52db28b64a</hash></folder> <folder><path>C:\Windows\System32\config\systemprofile\AppData\Local\ICSharpCode.net\PennyBeeW.exe_Url_agkh2q2wptz44nr1mbd43tyforr5s4zl</path><vendor>PUP.Optional.PennyBee.A</vendor><action>none</action><hash>43f76c03f9919d9931c6ebc938cbd927</hash></folder> <folder><path>C:\Windows\System32\config\systemprofile\AppData\Local\ICSharpCode.net\PennyBeeW.exe_Url_agkh2q2wptz44nr1mbd43tyforr5s4zl\1.0.2.0</path><vendor>PUP.Optional.PennyBee.A</vendor><action>none</action><hash>43f76c03f9919d9931c6ebc938cbd927</hash></folder> <file><path>C:\$Recycle.Bin\S-1-5-21-3719280737-1325245270-1685948379-1001\$RGLYD09\uninstaller.exe</path><vendor>PUP.Optional.InstallCore</vendor><action>none</action><hash>fe3ca7c81e6c54e2bb3c530a9171df21</hash></file> <file><path>C:\Users\Home\AppData\Local\Temp\28693466.Uninstall\uninstaller.exe</path><vendor>PUP.Optional.InstallCore</vendor><action>none</action><hash>55e50c632a608fa78a6d2c316e9402fe</hash></file> <file><path>C:\Users\Home\Downloads\Tunatic-lnstall.exe</path><vendor>PUP.Optional.Giga</vendor><action>none</action><hash>88b20b64632750e653bb2bc5cf36eb15</hash></file> <file><path>C:\Windows\System32\config\systemprofile\AppData\Local\ICSharpCode.net\PennyBeeW.exe_Url_agkh2q2wptz44nr1mbd43tyforr5s4zl\1.0.2.0\t17nqbx8.newcfg</path><vendor>PUP.Optional.PennyBee.A</vendor><action>none</action><hash>43f76c03f9919d9931c6ebc938cbd927</hash></file> <file><path>C:\Windows\System32\config\systemprofile\AppData\Local\ICSharpCode.net\PennyBeeW.exe_Url_agkh2q2wptz44nr1mbd43tyforr5s4zl\1.0.2.0\t17nqbx8.tmp</path><vendor>PUP.Optional.PennyBee.A</vendor><action>none</action><hash>43f76c03f9919d9931c6ebc938cbd927</hash></file> <file><path>C:\Windows\System32\config\systemprofile\AppData\Local\ICSharpCode.net\PennyBeeW.exe_Url_agkh2q2wptz44nr1mbd43tyforr5s4zl\1.0.2.0\user.config</path><vendor>PUP.Optional.PennyBee.A</vendor><action>none</action><hash>43f76c03f9919d9931c6ebc938cbd927</hash></file> <file><path>C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\hl47song.default-1391114288471\prefs.js</path><vendor>PUP.Optional.Spigot.A</vendor><action>none</action><baddata>user_pref("keyword.URL", "https://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=926458&p=");</baddata><gooddata></gooddata><hash>6ad0402fe5a5b6804203b796db2b06fa</hash></file> <file><path>C:\Windows\System32\drivers\Msft_Kernel_webinstr_01009.Wdf</path><vendor>PUP.Optional.WebInstr.A</vendor><action>delete-on-reboot</action><hash></hash></file> </items> </mbam-log> |
02.05.2015, 19:15 | #11 |
/// TB-Ausbilder /// Anleitungs-Guru | sm.de - wie werde ich das wieder los? Schau Dir bitte die verlinkte Anleitung an. Ich hätte das Log gerne als .txt...
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
02.05.2015, 19:17 | #12 |
| sm.de - wie werde ich das wieder los? Und hier noch die protection.log Code:
ATTFilter <?xml version="1.0" encoding="UTF-8" ?> <logs> <record severity="debug" LoggingEventType="1" datetime="2015-05-02T18:42:00.625645+02:00" source="Manual" type="Update" username="SYSTEM" systemname="HOME-OFFICE" fromVersion="2015.5.1.5" last_modified_tag="fffa600f-3370-4690-b847-534c8e16f58a" name="Malware Database" toVersion="2015.5.2.3"></record> <record severity="debug" LoggingEventType="6" datetime="2015-05-02T19:34:18.118099+02:00" source="Manual" type="Scan" username="SYSTEM" systemname="HOME-OFFICE" duration="2718" last_modified_tag="6f742056-c3e3-45b6-9673-4b8739f82df7" malwaredetections="1" nonmalwaredetections="19" scanresult="completed" scantype="threat" starttime="2015-05-02T18:48:33+02:00"></record> </logs> |
02.05.2015, 19:22 | #13 |
/// TB-Ausbilder /// Anleitungs-Guru | sm.de - wie werde ich das wieder los? Nö, schau Dir die Anleitung bitte nochmal an.
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
02.05.2015, 21:01 | #14 |
| sm.de - wie werde ich das wieder los? Ich habe meinen Fehler erkannt. Man muss zu jedem Treffer die Aktion "Quarantäne" einstellen und dann könnte es klappen. sm.de ist aber nach dem Neustart immer noch da. Hier ist der neue Log: Code:
ATTFilter <?xml version="1.0" encoding="UTF-16" ?> <mbam-log> <header> <date>2015/05/02 20:18:01 +0200</date> <logfile>mbam-log-2015-05-02 (20-18-00).xml</logfile> <isadmin>yes</isadmin> </header> <engine> <version>2.00.4.1028</version> <malware-database>v2015.05.02.03</malware-database> <rootkit-database>v2015.04.21.01</rootkit-database> <license>free</license> <file-protection>disabled</file-protection> <web-protection>disabled</web-protection> <self-protection>disabled</self-protection> </engine> <system> <osversion>Windows 7 Service Pack 1</osversion> <arch>x86</arch> <username>Home</username> <filesys>NTFS</filesys> </system> <summary> <type>threat</type> <result>completed</result> <objects>469504</objects> <time>2724</time> <processes>0</processes> <modules>0</modules> <keys>5</keys> <values>4</values> <datas>0</datas> <folders>3</folders> <files>7</files> <sectors>0</sectors> </summary> <options> <memory>enabled</memory> <startup>enabled</startup> <filesystem>enabled</filesystem> <archives>disabled</archives> <rootkits>enabled</rootkits> <deeprootkit>enabled</deeprootkit> <heuristics>disabled</heuristics> <pup>warn</pup> <pum>enabled</pum> </options> <items> <key><path>HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}</path><vendor>PUP.Optional.SofTonic.A</vendor><action>success</action><hash>8eac7ef1b5d589adc1708ff9d132fe02</hash></key> <key><path>HKU\S-1-5-21-3719280737-1325245270-1685948379-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}</path><vendor>PUP.Optional.SofTonic.A</vendor><action>success</action><hash>8eac7ef1b5d589adc1708ff9d132fe02</hash></key> <key><path>HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}</path><vendor>PUP.Optional.SofTonic.A</vendor><action>success</action><hash>8eac7ef1b5d589adc1708ff9d132fe02</hash></key> <key><path>HKU\S-1-5-21-3719280737-1325245270-1685948379-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}</path><vendor>PUP.Optional.SofTonic.A</vendor><action>success</action><hash>8eac7ef1b5d589adc1708ff9d132fe02</hash></key> <key><path>HKU\S-1-5-21-3719280737-1325245270-1685948379-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\softonic-de3</path><vendor>PUP.Optional.Softonic.A</vendor><action>success</action><hash>dd5da6c9b7d3d85e6d2bfadf0cf7c43c</hash></key> <value><path>HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER</path><valuename>{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}</valuename><vendor>PUP.Optional.SofTonic.A</vendor><action>success</action><valuedata>ã£ÌÃdòJ¿Á¯ f¶e</valuedata><hash>8eac7ef1b5d589adc1708ff9d132fe02</hash></value> <value><path>HKU\S-1-5-21-3719280737-1325245270-1685948379-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER</path><valuename>{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}</valuename><vendor>PUP.Optional.SofTonic.A</vendor><action>success</action><valuedata>ã£ÌÃdòJ¿Á¯ f¶e</valuedata><hash>8eac7ef1b5d589adc1708ff9d132fe02</hash></value> <value><path>HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}</path><valuename></valuename><vendor>PUP.Optional.SofTonic.A</vendor><action>success</action><valuedata></valuedata><hash>f84274fba6e4ad89d55c0385679c5ca4</hash></value> <value><path>HKU\S-1-5-21-3719280737-1325245270-1685948379-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}</path><valuename></valuename><vendor>PUP.Optional.SofTonic.A</vendor><action>success</action><valuedata></valuedata><hash>12289cd34347f83e1a17c7c122e18e72</hash></value> <folder><path>C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\hl47song.default-1391114288471\MyScrapNook_12</path><vendor>PUP.Optional.MyScrapNook.A</vendor><action>success</action><hash>99a1323d038738fec47c5c4119eadf21</hash></folder> <folder><path>C:\Windows\System32\config\systemprofile\AppData\Local\ICSharpCode.net\PennyBeeW.exe_Url_agkh2q2wptz44nr1mbd43tyforr5s4zl</path><vendor>PUP.Optional.PennyBee.A</vendor><action>success</action><hash>1e1c2a459af0f6402ec91e9639caa65a</hash></folder> <folder><path>C:\Windows\System32\config\systemprofile\AppData\Local\ICSharpCode.net\PennyBeeW.exe_Url_agkh2q2wptz44nr1mbd43tyforr5s4zl\1.0.2.0</path><vendor>PUP.Optional.PennyBee.A</vendor><action>success</action><hash>1e1c2a459af0f6402ec91e9639caa65a</hash></folder> <file><path>C:\$Recycle.Bin\S-1-5-21-3719280737-1325245270-1685948379-1001\$RGLYD09\uninstaller.exe</path><vendor>PUP.Optional.InstallCore</vendor><action>success</action><hash>b28870ff24660d29a45390cdc73bfe02</hash></file> <file><path>C:\Users\Home\AppData\Local\Temp\28693466.Uninstall\uninstaller.exe</path><vendor>PUP.Optional.InstallCore</vendor><action>success</action><hash>75c5fd720981e25421d60657857d57a9</hash></file> <file><path>C:\Users\Home\Downloads\Tunatic-lnstall.exe</path><vendor>PUP.Optional.Giga</vendor><action>success</action><hash>2e0cc9a6cebc1125020c767a2ed710f0</hash></file> <file><path>C:\Windows\System32\config\systemprofile\AppData\Local\ICSharpCode.net\PennyBeeW.exe_Url_agkh2q2wptz44nr1mbd43tyforr5s4zl\1.0.2.0\t17nqbx8.newcfg</path><vendor>PUP.Optional.PennyBee.A</vendor><action>success</action><hash>1e1c2a459af0f6402ec91e9639caa65a</hash></file> <file><path>C:\Windows\System32\config\systemprofile\AppData\Local\ICSharpCode.net\PennyBeeW.exe_Url_agkh2q2wptz44nr1mbd43tyforr5s4zl\1.0.2.0\t17nqbx8.tmp</path><vendor>PUP.Optional.PennyBee.A</vendor><action>success</action><hash>1e1c2a459af0f6402ec91e9639caa65a</hash></file> <file><path>C:\Windows\System32\config\systemprofile\AppData\Local\ICSharpCode.net\PennyBeeW.exe_Url_agkh2q2wptz44nr1mbd43tyforr5s4zl\1.0.2.0\user.config</path><vendor>PUP.Optional.PennyBee.A</vendor><action>success</action><hash>1e1c2a459af0f6402ec91e9639caa65a</hash></file> <file><path>C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\hl47song.default-1391114288471\prefs.js</path><vendor>PUP.Optional.Spigot.A</vendor><action>replaced</action><baddata>user_pref("keyword.URL", "https://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=926458&p=");</baddata><gooddata></gooddata><hash>7ac03837fc8e092d86bfd17c8d79af51</hash></file> </items> </mbam-log> Code:
ATTFilter <?xml version="1.0" encoding="UTF-8" ?> <logs> <record severity="debug" LoggingEventType="1" datetime="2015-05-02T18:42:00.625645+02:00" source="Manual" type="Update" username="SYSTEM" systemname="HOME-OFFICE" fromVersion="2015.5.1.5" last_modified_tag="fffa600f-3370-4690-b847-534c8e16f58a" name="Malware Database" toVersion="2015.5.2.3"></record> <record severity="debug" LoggingEventType="6" datetime="2015-05-02T19:34:18.118099+02:00" source="Manual" type="Scan" username="SYSTEM" systemname="HOME-OFFICE" duration="2718" last_modified_tag="6f742056-c3e3-45b6-9673-4b8739f82df7" malwaredetections="1" nonmalwaredetections="19" scanresult="completed" scantype="threat" starttime="2015-05-02T18:48:33+02:00"></record> <record severity="debug" LoggingEventType="6" datetime="2015-05-02T21:47:12.932410+02:00" source="Manual" type="Scan" username="SYSTEM" systemname="HOME-OFFICE" duration="2724" last_modified_tag="5fc6b92f-3479-4b93-9152-bcfa523170be" malwaredetections="0" nonmalwaredetections="19" scanresult="completed" scantype="threat" starttime="2015-05-02T20:18:01+02:00"></record> </logs> |
02.05.2015, 23:20 | #15 | |
/// TB-Ausbilder /// Anleitungs-Guru | sm.de - wie werde ich das wieder los? Hi, das ist immernoch nicht das richtige Log. Da ist es doch beschrieben: Exportieren als Textdatei. Malwarebytes Anti-Malware Logfile finden - Anleitungen Es geht so weiter: (Kaspersky Echtzeitschutz deaktivieren) Schritt 1 Download von ZOEK (by Smeenk)
Schritt 2 Bitte starte FRST erneut, markiere auch die checkbox und drücke auf Scan. Bitte poste mir den Inhalt der beiden Logs die erstellt werden.
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
Themen zu sm.de - wie werde ich das wieder los? |
deinstallation, deinstalliere, deinstallieren, eingebe, entferne, entfernen, fehlercode 0xc0000005, fehlercode 0xc0000374, fehlercode windows, firefox, google, hängen, installation, malware, neuinstallation, programme, russisch, spyhunter, spyhunter entfernen, verlangen, virenprogramm, windows media player packages entfernen, zusammen, zwischen |